All posts by lisa

Wish Chelsea Manning a Happy 28th Birthday!

Send Chelsea Manning a birthday card!

Wikileaks whistleblower Chelsea Manning is spending her 28th birthday in a military prison. She’s been incarcerated since she was 22 for helping expose some of the U.S. government’s worst abuses.

chelsea-logo

It’s so important that we show heroic whistleblowers like Chelsea that they will not be forgotten, so we want to make sure she gets lots of birthday love! Just fill out this page, and we’ll mail your customized birthday card to Chelsea to remind her that she’s not alone—Happy Birthday, Chelsea Manning!

Learn more from Fight For The Future!

Read Chelsea’s statement from this year’s Aaron Swartz Day.

Kevin Poulsen at Aaron Swartz Day 2014 – Details On Poulsen v. DHS

Kevin - 2

Download a Hi-res (.mov) file of Kevin’s Talk
CC0

Kevin Poulsen filed a lawsuit over access to the Federal law enforcement documents about Aaron Swartz.  MIT intervened in the case as an interested third party – and was awarded the privilege of further redacting the documents before they were made public.

Bottom Line: MIT’s intervention has caused these documents to be released at a much slower rate, so they could redact information about their involvement with the government against Aaron.

The files are all here now at swartzfiles.com.

Here is a complete transcription of last year’s presentation by Kevin Poulsen on this topic. (Let’s band together to put pressure on the U.S. Government to release these files now. :-)

(In case you are just learning about this, I am also including a complete list of references on this topic at the bottom of this post.)

Complete transcription:

My name’s Kevin Poulsen. I’m a contributing editor at Wired magazine, and I’m the one that recruited Aaron to do the project that is now “SecureDrop.” While my presentation is getting set up I’ll say that what the Freedom of the Press Foundation and everybody who’s contributed to that project at the hackathons has made of that greatly exceeds I think, any expectations that Aaron had for that when he was working on it. It’s an astonishing, astonishing achievement, and one that’s become far more important than it was even when we started.

I’ve been asked to talk about my Freedom of Information Act lawsuit against the Department of Homeland Security, and where we stand with the files.

For those just tuning in: After Aaron passed, I, as well as a lot of other journalists and bloggers and independent investigators, very quickly filed Freedom of Information Act requests with the Secret Service, and we all received the same letter (page 3), where the agency summarily denied the request on the grounds that it pertained to an ongoing law enforcement investigation, which was ludicrous under the circumstances.

I filed an appeal. (page 1) The department ignored the appeal, and then, I, with the help of David Sobel, and attorney with EFF and one of the greatest FOIA litigators in the country, we sued DHS and, very quickly, got a court order obliging them to start producing document. (Applause.)

At that point, MIT and JSTOR moved to intervene in the case. They were concerned that, despite the government’s great skill at redacting documents, that some information might slip through that would identify MIT or JSTOR personnel who contributed to the investigation, and they might face some sort of retaliation. Probably from Anonymous.

We reached an agreement with them, where they’re allowed to preview each collection of documents before it’s released to me and suggest redactions of their own. There was some concern at the time that they would abuse that to redact more than just identifying information. So far, it looks like the redactions have just been a word here or there, and email addresses and that sort of thing.

What we’ve gotten so far is 2,889 pages, 177 photos and 11 videos, including the video of Aaron being booked at the Cambridge Police Department.

In the last batch. This will be of interest to maybe two or three of you, that really closely follow this. In the last batch, we actually got the Python script that Aaron wrote to extract the documents from JSTOR. This is actually the thing that I’m asked about the most is “when is keepgrabbing.py going to be released?”

Aaron Swartz' Keepgrabbing.py script
Aaron Swartz’ Keepgrabbing.py script

Script Transcribed on GitHub

In the last two batches, we’ve seen for the first time some large blocks of material being redacted, and they’re being redacted under FOIA Exemption B5, “Pre-decision Deliberative Processes.” So, if the government is working on something, and they haven’t made a decision, and they’re exchanging memos and back and forth discussing what to do, that’s when that would apply. Or a draft of a treaty. That sort of thing.

And for the first time we’re seeing a notation indicating that an outside agency, not the Secret Service, and not DHS, has made those redactions, and it’s the Executive Office of the U.S. Attorney. And all of these redactions appear to be emails either from or two Stephen Heymann, the prosecutor on the case. So, it’s hard to tell what’s being redacted by definition. It’s not there. But, as it turns out, MIT and JSTOR also released documents, in the wake of the controversy over all of this, and some of them were messages that were redacted from the government’s release. So, we actually can see what’s underneath them. And it’s nothing that you would call a smoking gun. It’s more like, very puzzling why they would want to redact this. So this, message to MIT, from Steve Heymann, or (correction) to JSTOR, from the prosecutor, is asking about the naming of the PDF files that were downloaded. It baffles me as to why they would consider this sensitive.

This one, huge block of redacted text, here, is the reply from JSTOR. You’d imagine this is going to be the Pentagon Papers or something. And no, it’s a detailed examination of the numbering system that JSTOR uses for numbering their documents. Keep in mind this was released by JSTOR voluntarily and redacted by the U.S. Government for reasons of their own. And then this one, again, an entire block. It turns out to be the stuff that the prosecutor is asking MIT to bring to an interview. So this, I think, bears some further scrutiny. I just discovered the unredacted versions of these in the JSTOR documents yesterday, so I haven’t had a chance to talk to David Sobel about it yet. But to me, it looks a little questionable.

If you want to see the documents for yourself. This week, I’ve compiled them all into a single place: swartzfiles.com. You’ll also find the FBI and US Marshall’s files on Aaron there, and a compilation of all the files that have been released by MIT and JSTOR to date, as well as all the videos and the photographs that I just described.

More Articles and Resources about Kevin’s FOIA case and MIT’s intervening:

1. Swartzfiles.com    http://swartzfiles.com/

2. WIRED’s Kevin Poulsen on managing investigations, Aaron Swartz and why leaks are the new FOIA – Muckrock.com, by George LeVines – August 2, 2013
https://www.muckrock.com/news/archives/2013/aug/02/wired-kevin-poulsen-foia-aaron-swartz-leaks/

3. First 100 Pages of Aaron Swartz’s Secret Service File Released
Kevin Poulsen    Security Date of Publication: 08.12.13.
08.12.13 http://www.wired.com/2013/08/swartz-foia-release/

4.  Secret Service Report Noted Aaron Swartz’s ‘Depression Problems’, Kevin Poulsen, Wired, 11.07.13 http://www.wired.com/2013/11/swartz-foia-november/

5.  MIT blocking release of Aaron Swartz’s Secret Service files BoingBoing, Cory Doctorow, Jul 18, 2013 http://boingboing.net/2013/07/18/mit-blocking-release-of-aaron.html

6. Judge orders Secret Service to release Aaron Swartz’s files
Boing Boing, Cory Doctorow  Jul 9, 2013  http://boingboing.net/2013/07/09/judge-orders-secret-service-to.html

7. MIT asks to intervene in Swartz FOIA suit
July 19, 2013 by Ed Felten https://freedom-to-tinker.com/blog/felten/mit-asks-to-intervene-in-swartz-foia-suit/

8. Aaron Swartz FOIA video playlist

9.  MIT intervenes in FOIA release of Aaron Swartz documents, seeks ‘pre-release review’  By Nathan Ingraham, The Verge, July 18, 2013 http://www.theverge.com/2013/7/18/4536566/mit-intervenes-in-foia-release-of-aaron-swartz-documents

10.  The MIT surveillance video used against Aaron Swartz is now public By Dell Cameron, Dec 4, 2013 http://www.dailydot.com/news/aaron-swartz-mit-surveilance-video-released/

 

Kevin - 3

Jacob Appelbaum at Aaron Swartz Day 2015

Download mp4       Hi-res files of entire event
CC0

Update December 2017 – In the course of Lisa’s research for “From DeadDrop to SecureDrop,” (since this post originally went up), she could not find any evidence whatsoever that Aaron ever assisted Wikileaks.

So it would appear that, although the transcript reads that “Wikileaks disclosed three facts” – we don’t in fact know that these are facts.

Here is the original December 5, 2015 post:

Jacob Appelbaum read a powerful statement at this year’s Aaron Swartz Day Celebration.

Here are some highlights. A complete transcription follows.

Quotes From Jacob’s Talk:

Shortly after Aaron was found, WikiLeaks disclosed three facts:

  • Aaron assisted WikiLeaks.
  • Aaron communicated with Julian and others during 2010 and 2011.
  • And Aaron may have even been a source.

I do not believe that these issues are unrelated to Aaron’s persecution, and it is clear that the heavy-handed U.S. prosecution pushed Aaron to take his own life. How sad that he was abandoned by so many in his time of need. Is it really the case that there was no link? Is it really the case that the U.S. prosecutors went after Aaron so harshly because of a couple of Python scripts and some PDFs? No, clearly not…

When we learned more details about the U.S. prosecutors, we learned that they considered Aaron a dangerous radical for unspecified reasons. One of the primary reasons is probably the Guerilla Open Access Manifesto. This is a good document, and, as many others, I respect it and I admire it. The Guerilla Open Access Manifesto is not as radical as the U.S. prosecutors might consider it. But their fear is telling, so let us say it out loud: We should honor it and we should extend it.

Let’s not only liberate the documents of the world, let us act in solidarity to liberate all of humanity. Let us create infrastructure that resists mass surveillance. Let us enable people to leak documents. And let us also work to infiltrate those organizations that betrayed us. There is a division of labor, and we all bring different skills to the table. Let us all use them in service of a better world, in service of justice.

We must have total transparency about the investigation into Aaron. Why was the Department of Justice grinding their axe with Aaron? Was it really because of JSTOR and the past anger about PACER? That is absurd and unbelievable. It is disproportionate and it is unjust.

One concrete thing that needs to happen is for the FOIA case to be properly resolved. We must find a way to speed up the processing about FOIAs regarding Aaron. Rather than hundreds of documents at a time, we should have all 85,000 at once, and not mediated by MIT, who is partially responsible for the outcome we have today.

And we must not drop the pressure. If you are invited to MIT, I encourage you to decline and to explain that you do so because of MIT’s treatment of Aaron Swartz. But not just Aaron, but those like Star Simpson and Bunnie, who MIT would’ve left to be like Aaron, if the cards had played a little differently…

And there is a legal lesson that we actually must learn in a very hard way, as many communities have learned it already, and it is one where the lawyers in the audience who represent me are already cringing from what I’ve said, but they’ll cringe harder next. We must resist grand juries. We must not bow down. We must band together. And together we can refuse to be isolated. We must resist it every step of the way, never giving them anything, ever, at all, when they wish to persecute us for our political beliefs. And if you feel there is no other choice, drag it out and make it public…

Part of what Aaron carried was an understanding that it wasn’t just that something needed to be done. He carried with him the idea that very specific things needed to happen, and for very good reasons, to benefit all of those alive and all of those yet to live. He cared deeply about free software, and he cared deeply about the free culture movement. He worked to advance many other issues. Let us carry on that work, whatever the cost, wherever they may take us.

***Complete Transcription Below***

Lisa: Ladies and Gentlemen, Jacob Appelbaum.

Jacob: First of all, thank you so very much for having me tonight. It’s actually really difficult that I can’t be there in person, and I wish that I could be. And, when Lisa asked me to speak tonight, I actually didn’t feel that I had something to say until I sat down and wrote a text. So, I’m just going to read you a text, and as a result I’m going to cover my camera because there’s nothing worse than watching someone read. So, as you can see there, it’s just a bright white light, and now I’m going to read you this text, and I hope that you can still hear me.

[Crowd chanting “We want Jake!”]

Jacob: (Laughing)

Lisa Rein: Jacob, come back on camera, please. Don’t do it, Jake.

Jacob: I’m sorry. It has to be this way. That’s how it has to be, I’m sorry, but here we go.

Lisa: It’s okay. No, no, no!

Jacob: You can’t fucking be serious. [laughing] Terrible.

Lisa: Jacob, please. Thank you. (Jesus Christ.)

Jacob: Look, I want to see all of you, too, but we don’t get what we want so I’m going to read you this text now.

The first time that I heard Aaron Swartz speak in person was at the Creative Commons release party in San Francisco.

Lisa: Jacob, we’re going to turn it [the podium laptop] around.

Jacob: I was working the door as a security guard, if you can believe that. I think it was in December of 2002. Meeting people in that seemingly weird world mutated life in a good way. Over the years, we crossed paths many times, be it discussions relating to CodeCon, to age limits, or free software, or the Creative Commons, or about crypto, or any other topic. Aaron was an insightful, hilarious, and awesome person.

Aaron and I worked on a few different overlapping projects and I very much respected him. Some of the topics that came up were light, but some were very heavy and very serious. The topic of WikiLeaks was important to both of us. In November of 2009, long before I was public about my work with WikiLeaks, I introduced Aaron to someone at WikiLeaks who shall remain unnamed. If we had a secure and easy way to communicate, if some sort of communication system had existed that had reduced or eliminated metadata, I probably could’ve done so without a trace. But we didn’t. You’re not the first to know, the FBI and the NSA already know.

Less than a year later, Aaron sent me an email that made it clear how he felt. That email in its entirety was straightforward and its lack of encryption was intentional. On July 10, 2010, he wrote, “Just FYI, let me know if there’s anything, ever, I can do to help WikiLeaks.” Did that email cast Aaron as an enemy of the state? Did Aaron worry?

2010 was an extremely rough year. The US government against everyone. The investigation of everyone associated with WikiLeaks stepped up. So many people in Boston were targeted that it was effectively impossible to find a lawyer without a conflict. Everyone was scared. A cold wave passed over everything, and it was followed by hardened hearts from many.

In February of 2011, a few of us were at a party in Boston hosted by danah boyd. Aaron and I walked a third person home. A third person who still wishes to remain unknown. The sense of paranoia was overwhelming, but prudent. The overbearing feeling of coming oppression was crushing for all three of us. All of us said that our days were numbered in some sense. Grand juries, looming indictments, threats, political blacklisting. None of us felt free to speak to one another about anything. One of those people, as I said, still wishes to remain unnamed. We walked through the city without crossing certain areas, because Aaron was worried about being near the properties that MIT owned.

When Aaron took his life, I remember being told by someone in San Francisco, and I didn’t understand. I literally did not understand who they meant or who it could be. It seemed impossible for me to connect the words that were coming out of their mouth with my memories.

Shortly after Aaron was found, WikiLeaks disclosed three facts:

  • Aaron assisted WikiLeaks.
  • Aaron communicated with Julian and others during 2010 and 2011.
  • And Aaron may have even been a source.

I do not believe that these issues are unrelated to Aaron’s persecution, and it is clear that the heavy-handed U.S. prosecution pushed Aaron to take his own life. How sad that he was abandoned by so many in his time of need. Is it really the case that there was no link? Is it really the case that the U.S. prosecutors went after Aaron so harshly because of a couple of Python scripts and some PDFs? No, clearly not.

I wish that Aaron had lived, as we all do. This was the year that brought us the summer of Snowden, and yet it felt like ten years of grief in a single one. It was the last time I spent any time in the U.S., and even now it feels like a distant memory, mostly bad memories. Especially the memory of learning about Aaron.

Only a few months later, in 2013, there was a New Year’s Eve toast with many of us who were being investigated, harassed, and targeted for our work, our associations with WikiLeaks, and for our political beliefs. It was me that stupidly, stupidly said, “We made it.” But I know it was Roger, and I remember it well, when he said, “Not all of us.” And he wasn’t speaking only about Aaron, but him too. And it was heartbreaking to remember, and it was telling of how to cope. How some try to forget, and we do forget, and that it is important to remember. Especially right then and especially right there. Just as it is here, and just as it is right now.

When we learned more details about the U.S. prosecutors, we learned that they considered Aaron a dangerous radical for unspecified reasons. One of the primary reasons is probably the Guerilla Open Access Manifesto. This is a good document, and, as many others, I respect it and I admire it. The Guerilla Open Access Manifesto is not as radical as the U.S. prosecutors might consider it. But their fear is telling, so let us say it out loud: We should honor it and we should extend it.

Let’s not only liberate the documents of the world, let us act in solidarity to liberate all of humanity. Let us create infrastructure that resists mass surveillance. Let us enable people to leak documents. And let us also work to infiltrate those organizations that betrayed us. There is a division of labor, and we all bring different skills to the table. Let us all use them in service of a better world, in service of justice.

We must have total transparency about the investigation into Aaron. Why was the Department of Justice grinding their axe with Aaron? Was it really because of JSTOR and the past anger about PACER? That is absurd and unbelievable. It is disproportionate and it is unjust.

One concrete thing that needs to happen is for the FOIA case to be properly resolved. We must find a way to speed up the processing about FOIAs regarding Aaron. Rather than hundreds of documents at a time, we should have all 85,000 at once, and not mediated by MIT, who is partially responsible for the outcome we have today.

And we must not drop the pressure. If you are invited to MIT, I encourage you to decline and to explain that you do so because of MIT’s treatment of Aaron Swartz. But not just Aaron, but those like Star Simpson and Bunnie, who MIT would’ve left to be like Aaron, if the cards had played a little differently.

Here are some things you can do to support the legacy and spirit of Aaron. We can support the development of some of Aaron’s projects like SecureDrop. Kevin, Garrett, Micah, and others are carrying that torch. We can work with them. They’re still with us today. You can come and work with many people at the Tor Project on Tor Browser and Tor Messenger, and other software to be of use to disseminate and to push out information, important information to people that might have otherwise not happened without that software. And you can come and help us make free software for freedom, just as Aaron did.

And there are other projects that need assistance. OnionShare, Let’s Encrypt, GlobalLeaks, Pawn[?], Subgraph, Signal, the Transparency Toolkit, and many more.

But it isn’t just software. There are so many things that can be done. You can write to prisoners of conscience of Aaron’s generation, of my generation, of your generation. Do Jeremy Hammond, Barret Brown, and Chelsea Manning have to die before we work to correct the injustices that they face daily? We can and we should free them.

Here are some things to support each other during the hard times, those with us now and those sure to come in the future. We should support WikiLeaks, an organization under attack for publishing information in the public interest. We should support the EFF. They support people who are at the edge. We should support the ACLU. When others called Edward Snowden a traitor, the ACLU gave him legal support. We should support the Courage Foundation. They are the ones that helped Edward Snowden to seek and to receive asylum and do the same with others that are directly under threat today and those under threat tomorrow. And we should support the Library Freedom Project. They work to educate, to deploy, and to resist, by deploying alternatives in public spaces for everyone today. And together, we are already building, deploying, supporting, and using infrastructure which is not merely a matter of protest, but is an act of resistance in itself, by being a practical alternative.

And there is a legal lesson that we actually must learn in a very hard way, as many communities have learned it already, and it is one where the lawyers in the audience who represent me are already cringing from what I’ve said, but they’ll cringe harder next. We must resist grand juries. We must not bow down. We must band together. And together we can refuse to be isolated. We must resist it every step of the way, never giving them anything, ever, at all, when they wish to persecute us for our political beliefs. And if you feel there is no other choice, drag it out and make it public.

Consider that the core of Aaron’s legacy is not simply about information or about writing software. It is about justice, about fairness, through transparency, through accountability, through consideration. So then let us consider our empire and most of all we must consider our complicity. It is up to us to act and to change things, to fight for the user, but also to consider the world in which he lives. To think as technologists, but to think far beyond only the technology and into our common humanity.

How is this lesson applied to gender and racial inequality? Aaron wasn’t a bigot; he was thoughtful. He was not a homophobic person; he was accepting. He wasn’t a racist; he was unprejudiced. Aaron was kind and compassionate. He fought for free speech. He worked and he supported your anonymity directly with actions, and he worked to free our culture’s knowledge. We must be forward-thinking, not just about winning one or two battles. Not just about one or two legal cases. Rather in a broader sense, towards a movement of movements. The Internet is a terrain of struggle and it will help shape all of the other terrains of struggles to come, and Aaron, Aaron helped to shape that terrain for us, so that we could shape it for others.

Part of what Aaron carried was an understanding that it wasn’t just that something needed to be done. He carried with him the idea that very specific things needed to happen, and for very good reasons, to benefit all of those alive and all of those yet to live. He cared deeply about free software, and he cared deeply about the free culture movement. He worked to advance many other issues. Let us carry on that work, whatever the cost, wherever they may take us.

Aaron was headstrong and hilarious. He was young. Today, he would’ve been 29. Use your time wisely. May you have more time than him, and may you use it as wisely as he did.

Good night.

Snowden Explains “Opsec” – Operational Security for Everybody

Micah Lee and Edward Snowden, in Moscow, Russia. Photo: Sue GardnerMicah Lee and Edward Snowden, in Moscow, Russia. Photo: Sue Gardner

A few weeks ago, Micah Lee, Technologist for The Intercept and   Co-Founder and Board Member of the Freedom of the Press Foundation, went to Moscow to meet Edward Snowden (who is on the Freedom of the Press Foundation’s Board).

They had been in close contact online, since January of 2013, albeit anonymously, on Ed’s end, for the first six months.

Snowden took the opportunity to explain some technical details about what he has come to refer to as “Opsec,” or “Operational Security,” a collection of a few simple best practices for security that folks can use to protect the privacy of their day to day communications.

Engaging in Opsec helps protect one’s privacy, not only against the threat of what is, to some, the merely abstract notion of “government surveillance,” but also against much scarier threats that are not so abstract. For instance, abusive relationship victims, stalking victims, or children who are at risk of being monitored by pedophiles. There are many scary scenarios, all made possible by the current lack of basic encryption on most people’s emails and text messages. In these cases, being a victim of online surveillance often translates into physical harassment or abuse in the “real world.”

Using Opsec to “reclaim your privacy” may seem confusing at first, especially to those who have not realized that their privacy is already compromised daily. But as Micah explains, “This doesn’t need to be an extraordinary lifestyle change. It doesn’t have to be something that is disruptive. It should be invisible, it should be atmospheric, it should be something that happens painlessly, effortlessly.”

In the article, Snowden outlines some Opsec basics, including:

  • Using “Signal” (“Text Secure” on Android), by Open Whisper Systems, to encrypt your text messages and phone calls. It’s very easy to install and use, instantly, on your Android or iPhone device.
  • Encrypting your laptop hard drive, so if your computer is stolen, the thief won’t also have access to all of your private data. (Micah has already written a guide for this.)
  • Using a password manager (here’s Bruce Schneier’s favorite) that helps you generate unique passwords for all of your different services and stores them for you, so you don’t have to remember them.
  • Using two-factor authentication to provide an additional level of security on your accounts.
  • Using browser plugins like HTTPS Everywhere by the EFF, to try to enforce secure encrypted communications so your data is not being passed while “electronically naked,” in transit.
  • Using adblocking software, such as Privacy Badger, by the EFF.
  • Using Tor and TorBrowser to anonymize your browsing.

A few relevant quotes from the article:

On Tor:

Lee: What do you think about Tor? Do you think that everyone should be familiar with it, or do you think that it’s only a use-it-if-you-need-it thing?

Snowden: I think Tor is the most important privacy-enhancing technology project being used today. I use Tor personally all the time. We know it works from at least one anecdotal case that’s fairly familiar to most people at this point. That’s not to say that Tor is bulletproof. What Tor does is it provides a measure of security and allows you to disassociate your physical location…

But the basic idea, the concept of Tor that is so valuable, is that it’s run by volunteers. Anyone can create a new node on the network, whether it’s an entry node, a middle router, or an exit point, on the basis of their willingness to accept some risk. The voluntary nature of this network means that it is survivable, it’s resistant, it’s flexible.

Micah: [Tor Browser is a great way to selectively use Tor to look something up and not leave a trace that you did it. It can also help bypass censorship when you’re on a network where certain sites are blocked. If you want to get more involved, you can volunteer to run your own Tor node, as I do, and support the diversity of the Tor network.]…

On Whistleblowing:

Snowden: What we do need to protect are the facts of our activities, our beliefs, and our lives that could be used against us in manners that are contrary to our interests. So when we think about this for whistleblowers, for example, if you witnessed some kind of wrongdoing and you need to reveal this information, and you believe there are people that want to interfere with that, you need to think about how to compartmentalize that.

Tell no one who doesn’t need to know.

Micah: [Lindsay Mills, Snowden’s girlfriend of several years, didn’t know that he had been collecting documents to leak to journalists until she heard about it on the news, like everyone else.]

Snowden: When we talk about whistleblowers and what to do, you want to think about tools for protecting your identity, protecting the existence of the relationship from any type of conventional communication system. You want to use something like SecureDrop, over the Tor network, so there is no connection between the computer that you are using at the time — preferably with a non-persistent operating system like Tails, so you’ve left no forensic trace on the machine you’re using, which hopefully is a disposable machine that you can get rid of afterward, that can’t be found in a raid, that can’t be analyzed or anything like that — so that the only outcome of your operational activities are the stories reported by the journalists.

Micah: [SecureDrop is a whistleblower submission system. Here is a guide to using The Intercept’s SecureDrop server as safely as possible.]…

On Simple and Practical Threat Modeling:

Snowden: …You can drive yourself crazy thinking about bugs in the walls and cameras in the ceiling. Or you can think about what are the most realistic threats in your current situation? And on that basis take some activity to mitigate the most realistic threats.

In that case, for most people, that’s going to be very simple things. That’s going to be using a safe browser. That’s going to be disabling scripts and active content…And making sure that your regular day-to-day communications are being selectively shared through encrypted means…

On How Cell Phones Track Us By Default:

Micah: People use smartphones a lot. What do you think about using a smartphone for secure communications?

Snowden: Something that people forget about cellphones in general, of any type, is that you’re leaving a permanent record of all of your physical locations as you move around. … The problem with cellphones is they’re basically always talking about you, even when you’re not using them. That’s not to say that everyone should burn their cellphones … but you have to think about the context for your usage. Are you carrying a device that, by virtue of simply having it on your person, places you in a historic record in a place that you don’t want to be associated with, even if it’s something as simple as your place of worship?

 

 

Cindy Cohn at Aaron Swartz Day 2015

See Cindy Cohn at this year’s Evening Event: TICKETS HERE

(Discount code: “hackathoner” for 1/2 price :-)


Download mp4       Hi-res files of entire event
CC0

Note: I’m including a full transcription at the bottom of this post. (Thanks to OpenTranscripts.org for their transcriptions of these talks.)

Quotes from Cindy’s Talk:

The Internet is going to be the means by which we do all the rest of the change that we need to do so badly in this world. And that I think there’s enough people now that we really have a movement, and we need to start thinking of ourselves as a movement, and we have to figure out what our next steps are…

Sitting here and listening to all the presentations tonight, seeing the amazing activity out there, seeing the tentacles of what Aaron was a part of in the early days, and in some ways the heart of, in the early days, become a movement. You guys, you’re a movement and thank you so much for doing this. So let’s figure out what our next fights are together and our work is together…

I think if people who want to honor Aaron Swartz do one thing with regard to Congress and then go back to coding, the one thing you should do is say “That law goes no further. It doesn’t get any worse and it doesn’t take any lives.”…

There is some good news in the state of California. We just passed, and we got Governor Brown to sign, a law called CalECPA, which requires the cops, the California state cops, to get a warrant before they go after your information stored with service providers…

It’s time for the legislature and the FBI to get over it. Crypto is here to stay, and all of the tools that we’ve talked about here tonight depend on the ability for people to have strong unbreakable crypto, and we need to stand up for it again. Watch the EFF web site. We’re going to keep talking about this, and you’ll see some causes…

I think we need to send a strong message to the White House that President Obama needs to come out and take a strong stand on crypto, not just say “we’re not going to come after crypto right now, but we may do something later” but to say, “No. Hell no. Americans deserve to have locks on their doors that don’t have backdoor entries for law enforcement.”…

And while the folks in Washington DC like to just wave their hands and say, “You geeks sort it out. Find a way to have a backdoor that only good guys can go in and bad guys can’t,” those of us who know about technology, and more importantly those of us who know about math, know that this is impossible…

I’m so happy to see so many projects being celebrated here that were created or inspired or legally defended by EFF. We’re going to continue to be the support for this community. One of the things that John Perry Barlow taught me years ago is that your rights aren’t given to you, your rights have to be taken. And we’re here today to continue to take our rights.

*** Complete Transcription Below***

Thanks so much for inviting me. When I took over as Executive Director of the EFF in April [2015], many people asked me, “Well, what do you want to do? How do you want to be different than your predecessor, the amazing Shari Steele” who has her own little statue. She’s the only non-Archive person who has a statue in the Archive, and Brewster did that to honor her and the work that we’ve done together.

What I said was, you know I think that there are enough people who care about the Internet, who understand, as my friend Cory Doctorow said, that whatever other issue draws you, if the Internet isn’t free this is the place. The Internet is going to be the means by which we do all the rest of the change that we need to do so badly in this world. And that I think there’s enough people now that we really have a movement, and we need to start thinking of ourselves as a movement, and we have to figure out what our next steps are.

And I have to say, sitting here and listening to all the presentations tonight, seeing the amazing activity out there, seeing the tentacles of what Aaron was a part of in the early days, and in some ways the heart of, in the early days, become a movement. You guys, you’re a movement and thank you so much for doing this. So let’s figure out what our next fights are together and our work is together. But, this has just been very exciting to see, and to see the growth. And, ya know, we lost our dear friend as a result of some really horrible laws and some really horrible policies, but seeing the green shoots that’ve grown as a result of this just does my heart good.

Lisa wanted me to talk a little about CISA, the cybersecurity act. I think that at this point the best thing that this community can do about CISA is first of all continue to talk about how rotten it is, because it’s a really rotten idea. We have a terrible cybersecurity problem. This is the a cybersecurity act that was recently passed out of the Senate.

We have a terrible problem with security on the Internet, as Brewster pointed out, and Congress just passed a bill that doesn’t make anything better and makes several things significantly worse, in the fine tradition of our Congress.

I don’t know that there’s too much we can do in terms of public activism on the bill right now, realistically, because it’s in a conference committee time, which isn’t the time when there are very many members of Congress who are going to pay attention to it. There’s one thing, though, that we have to keep watching on and that you’ll hear EFF and others rally the troops on, and that is the effort to try to put some horrible changes to the Computer Fraud and Abuse Act into this bill. We expect it’s going to come up again, and when it does you’ll hear the rallying cry. And I think if people who want to honor Aaron Swartz do one thing with regard to Congress and then go back to coding, the one thing you should do is say “That law goes no further. It doesn’t get any worse and it doesn’t take any lives.”

We have a couple other policy opportunities that I thought I’d mention to you guys. We just got a really amazing ruling out of the European Court of Justice in the last couple weeks that really points out what a global problem the NSA’s overreach and the surveillance overreach is. It’s got some complicated stuff having to do with the safe harbors and how American companies get to process information related to people all around the world. But the important part for us is to keep a close eye on what happens next, because the old rules have been crossed out and the American companies and the European regulators and the American government are in an intense negotiation about what happens next.

So we’ve got an inflection point opportunity here and we ought to be talking about this European Court of Justice opinion and what it means, because what the European Court of Justice said is the NSA surveillance is not appropriate. For the legal geeks, this is surveillance under Section 702 of the FISA Act and Executive Order 12333. What that means is the American government’s view that it can spy on the rest of the world with impunity, that it can do mass spying of people around the world who are not suspected of any crimes, who aren’t targets, who aren’t foreign spies, is unacceptable under European law. It’s a really excellent decision. You guys should all thank Max Schrems, who brought that case.

And there’s a moment now, for the next few months, and I think to the extent that you guys are blogging, writing, tweeting, you should be paying attention to this because we’ve the American companies are really scared. They want to be able to continue to serve Europe, and we need to give them a backbone to say “enough with the surveillance. It’s hurting our business.” And if we could have that argument plus “it’s actually just plain wrong.” We might be able to get somewhere. So please, if you’re watching the policy debates, that’s something to watch.

There is some good news in the state of California. We just passed, and we got Governor Brown to sign, a law called CalECPA, which requires the cops, the California state cops, to get a warrant before they go after your information stored with service providers. This is completely consistent with the values— it’s California taking the lead in a place where frankly the U.S. Congress is unwilling to go, and we’re hoping to spread this across the country. So, for people who are not Californians this is a law to look at if you want to do something locally and try to match or even do one better than California did with that. So we’ve got some good news as well.

And of course one of the other things that we’re going to have to keep an eye on in the policy things is the cryptowars are back. Now, I had the honor of being deeply involved in getting crypto free from government regulation when we did it the first time in the 90s and frankly I’d like to do something else now. So it’s time for the legislature and the FBI to get over it. Crypto is here to stay, and all of the tools that we’ve talked about here tonight depend on the ability for people to have strong unbreakable crypto, and we need to stand up for it again. Watch the EFF web site. We’re going to keep talking about this, and you’ll see some causes.

We just got 100,000 people to sign our savecrypto.org petition, which is going to go to the President now, and the President has to respond to it. It’s not too late, though. If people want to still sign it, I think it’s still available to sign. I think we need to send a strong message to the White House that President Obama needs to come out and take a strong stand on crypto, not just say “we’re not going to come after crypto right now, but we may do something later” but to say, “No. Hell no. Americans deserve to have locks on their doors that don’t have backdoor entries for law enforcement.”

And while the folks in Washington DC like to just wave their hands and say, “You geeks sort it out. Find a way to have a backdoor that only good guys can go in and bad guys can’t,” those of us who know about technology, and more importantly those of us who know about math, know that this is impossible. So we need to make sure that that message starts here from the West Coast and makes it all the way to the East Coast. I hear they know about math out there, too, so it shouldn’t be that hard to explain it. But I think we’re going to have to continue to do some explaining.

So that’s just a quick update of what we’re doing at EFF. I’m so happy to see so many projects being celebrated here that were created or inspired or legally defended by EFF. We’re going to continue to be the support for this community. One of the things that John Perry Barlow taught me years ago is that your rights aren’t given to you, your rights have to be taken. And we’re here today to continue to take our rights.

Thanks.

The Securus Hack and SecureDrop Upload Explained: Interview with Alex Friedmann of Prison Legal News

The recent article by The Intercept, and Wired‘s coverage of The Intercept‘s announcement, told us that Securus, a prison phone company here in the U.S., had been hacked, and that the hacker then uploaded the data obtained to The Intercept via SecureDrop.

It really provided a perfect example of a whistleblower releasing information in order to help the common man. In this case, assisting inmates and their families by drawing attention to:

1) Their sensitive data not being stored properly.

2) Recordings of attorney-inmate “privileged” calls that should never have been recorded.

3) “Kickbacks” the government agencies awarding the phone contracts were getting that these families were funding with their overcharged calls.

This article provided me with a real world example for my movie, “From DeadDrop to SecureDrop,” which was pretty exciting, because I had originally given up hope on having a real world example, mainly because there are lots of different reasons why it often might not be in the whistleblower’s best interest to make any of the details surrounding any one particular leak public. (Mainly out of fear of releasing information that could potentially identify the whistleblower, especially if they were an insider.)

In this case though, although Securus is claiming that it was a leak from an insider, rather than a hack (see the bottom of The Intercept article), the folks at The Intercept make it pretty clear in their article that they believe it to be a hack, saying “an anonymous hacker who believes Securus is violating the constitutional rights of inmates” uploaded the data.

It appears that, of the 70 million records, at least 14,000 of these calls were made by detainees to their attorneys, and therefore should NOT have been recorded. However, although most legal experts agree that Securus has violated those inmates’ rights by recording those calls, it’s hard prove and calculate damages, should an inmate choose to challenge it. The burden is on the inmate to prove that such improperly recorded calls were also accessed by a prosecutor and then resulted directly in some kind of damage to the inmate (for instance, a longer sentence).

But as The Intercept article explains, prosecutors are not always forthcoming about accessing such calls. For example, in a lawsuit brought by the Austin Lawyers Guild, “four named attorneys, and a prisoner advocacy group … alleges that”:

“…despite official assurances to the contrary, privileged communications between lawyers and clients housed in the county jails have been taped, stored, “procured,” and listened to by prosecutors. The plaintiffs say that while some prosecutors have disclosed copies of recordings to defense attorneys as part of the regular evidential discovery process, other prosecutors have not, choosing instead to use their knowledge of what is in individual recordings to their “tactical advantage” in the courtroom “without admitting they obtained or listened to the recordings.”

Over the last few weeks we’ve all learned how Securus, GTL, CenturyLink, Telmate, NCIC and other companies overcharge prison inmates for calling their families. But to learn, via a Prison Legal News article from 2011, referenced in The Intercept article, that the overcharging was specifically to pay “kickbacks” to the prison executives that awarded the contracts, and that this had already been written about extensively for many years, kinda blew my mind.

So what’s Securus’ side of the story? A Securus Press Release from October 2014 seems like it was published in order for Securus to make it clear to its government agency clients that it tried to keep the commission system alive. Although it’s hard to believe the release made it out of the company’s PR department, with statements like:

“We have been a vocal advocate of maintaining commissions and have spent approximately $5 million in legal fees and other costs on behalf of our facility customers over the last decade to maintain commissions, but the FCC maintains that it is not good public policy to have the poorest in society help to fund government operations, even though the programs funded are worthwhile.”

The press release also has Securus’ CEO giving an explanation regarding where the money from the overcharges is going:

“Part of the heritage of our business is that we calculate, bill, and collect commissions and pay those to jails, prisons, and local, county, and state governments,” said Richard A. (“Rick”) Smith, Chief Executive Officer of Securus Technologies, Inc.  “Clearly these commission payments that have been used to fund critical inmate welfare programs and support facility operations and infrastructure have improved the lives of inmates, victims, witnesses and individuals working in the correctional environment, and helped to fund government operations.  And it appears, sadly, that regime may come to an end in the not too distant future,” said Smith.

This quote suggests that money from the overcharges benefits the prisoners, in the long run. But this raised even more questions in my mind. Why are prisoners’ families paying for their own “facility operations and infrastructure” costs? As addressed in the interview with Alex Friedmann, it turns out that the budgets these overcharges go into have little or no government oversight, be they at the Local (Municipal), State, or Federal level.

I contacted Alex Friedmann, Managing Editor of Prison Legal News, to get some answers. Prison Legal News has reported on criminal justice-related issues since 1990 and is a project of the Human Rights Defense Center.

Lisa: Let’s talk about the SecureDrop upload that was announced on November 12th. What were your first impressions, when you read about the upload?

Alex: It wasn’t terribly surprising. Nor was it surprising that they were apparently recording attorney-inmate calls. There are already some lawsuits in Texas and other places over these issues.  Although the volume of recorded calls was somewhat surprising.

Really, the most surprising thing was that somebody actually cared enough to release the records. That was rare, that someone decided this was an issue, and decided to do it, and did it.

Lisa: What do you feel is the takeaway on this?

Alex: The important thing about the SecureDrop dump was that it showed what data was being collected, and that it’s not being stored securely.

Storing such sensitive data insecurely is a privacy violation. Much in the same way that Target was responsible when all the private data of its customers was released, due to not being properly protected. For this reason, it doesn’t matter whether the leak came from inside or outside; the sensitive data was not being properly protected. Securus claiming it was an insider, and not a hack, doesn’t explain away this issue; their data was still insecure.

Lisa: Let’s talk about the attorney-client privilege issue. It looks like at least 14,000 of the phone calls recorded “shouldn’t have been.” So, walk me through this. A call is “improperly recorded,” lets say as a result of recording a call to a number on “the list” of attorney numbers (that should therefore not be recorded). Could you explain why you think that it would be hard for an inmate to show they were harmed by these calls being merely recorded?

Alex: Okay. So the onus is on the prisoner to prove that 1) the call was accessed by a prosecutor and 2) that the prosecutor acted on the information that was heard in those phone calls, and then used that information in some way harmful to the prisoner. To show damages, you’d have to show that the prosecutor listened to the call, and then took action based on that call, and that doing so resulted in a longer sentence, or something else adverse directly happening to the prisoner as a result.

Lisa: So, at that point, it would have interfered with the prisoner’s 6th Amendment “Right to Counsel?”

Alex: Yes. But they would have to show injury. Though there can be injury in the form of chilling their right of access to counsel, if they know that calls to their attorneys are being recorded.

Lisa: So, moving forward, post-upload. Now that the fact that these calls were being improperly recorded, there could be a chilling effect, but for calls that took place before the upload, the argument would be “how could their speech be chilled if they didn’t know they were being recorded?”

Alex: Correct. In effect, it’s like giving officials one free bite at the constitutional apple. They’re not supposed to record attorney-client phone calls, but if they do, it’s hard to hold them accountable.

Lisa: Let’s talk about the “kickbacks. These “kickbacks” have been reported on for years, without anyone doing anything about them?

Alex: Well, yes. Because it may be that no laws are actually being violated, due to general lack of accountability of these programs. There tends to be a lot of “wiggle room” in prison and jail budgets and very little oversight. The practice of prison phone service providers giving kickbacks to corrections agencies – up to 94% of gross revenue in some cases – is perfectly legal. And that’s the problem, that it’s legal.

Lisa: Is this happening primarily at the local (Municipal), State, or Federal level?

Alex: When we talk about prison and jail phone “commissions,” in general, we are talking about a multi-level, local (municipal), state, federal commission kickback model that exists at all three levels.

Lisa: Why is it so hard to follow the money?

Alex: Oh you can follow the money, it’s just that there is little actual oversight of the budgets themselves, and few regulations defining allowable expenditures in most cases.

Lisa: So no one’s checking that it’s spent properly, and no one defining what “properly” is?

Alex: Yes. Due to the way the money is mixed up in the funds. It’s all mixed up and hard to track. Once it gets to something like a county’s general fund or a state’s general fund, its impossible to track completely. Once the money finds its way to the general budget of an agency. For instance, the Sheriff’s office. They can often do whatever they want with it.

Lisa: Please explain how, once the money goes into something called the IWF (Inmate Welfare Fund), you can put in a “public records request,” and get a breakdown of what went in and out.

Alex: For a number of years we have submitted public records requests to corrections agencies nationwide, and obtained copies of prison phone contracts, rate data and commission data, which are posted on our data site, www.prisonphonejustice.org. In some cases we have also requested records related to how IWF funds are spent; for example, at one county jail we found that IWF funds were used to pay for prisoners’ meals, as well as a variety of other things, such as server upgrades, that either do not benefit prisoners or should be paid from the jail’s general fund, not the IWF.

Lisa: So, it’s the position of the Human Rights Defense Center that there should be no commissions, no matter what the money is used for?

Alex: Right. Let’s say that most of the money from the excessive phone charges does go back into prisoner programs. So what? The state is supposed to be paying for prisoner programs, not the families of prisoners. Hence, our stance is that there should be no commissions. It’s not a question of what they should be spent on.

Overcharging the families of prisoners in this way would be like charging taxes for schools only on households with children. These services should be funded by everyone, because they benefit everyone. Just like schools, roads, and other public services. Similarly, programs and services for prisoners need to be funded through the general tax base. Otherwise, it’s a tax solely on prisoners’ families, which is unfair.

Lisa: In the Intercept article, an example is given of a couple deciding between phone time and food. It struck me that no one should have to make those kinds of choices.

Alex: Right, prison phone rates shouldn’t be much higher than anyone else’s phone rates. And if it costs more to make such calls “secure,” that should hardly be an expense that the families are expected to cover, any more than prisoners’ families should have to pay for razor wire, security cameras or guards’ salaries at prisons and jails. Again, incarceration is a public service and those costs should be paid by all members of the public, not just prisoners’ families.

Take the county jail I mentioned, where one can actually access the actual expenditures for the IWF funds, which were used to pay for food and server upgrades, among other things. Why are prisoners’ families paying higher phone rates to cover such expenses?

Lisa: Arguably, how do “server upgrades” help the prisoners directly anyway?

Alex: They don’t, unless you really stretch the language for how IWF funds should be used. But even for expenditures that do directly benefit prisoners, so what? Why are the prisoners’ families paying for things that should be covered by the corrections agency? These are the most basic of necessities that should be paid for by the prison system itself, not by the families of those being incarcerated.

The simple fact remains that prisoners’ families are being exploited and have been for some time, and that the various agencies (Bureau of Prisons, state Departments of Corrections) allow it to happen. This amounts to an estimated $460 million in phone commission kickbacks each year, as it involves not just state or federal prisons, but also immigration facilities, county jails and other detention centers. Nor does this address the many other ways that prisoners and their families are price gouged.

Lisa: A report from the FCC explains (on page 12, paragraph 23) that, although these unfair price hikes only represent somewhere between 0.3% and 0.4% of the budgets the money collected from them go into, “What appears to be of limited relative importance to the combined budgets of correctional facilities has potentially life-altering impacts on prisoners and their families.”

Alex: It depends on the agency and its budget, but in general, prison and jail phone commissions are just a drop in the government’s bucket of taxpayer funds. Yet prisoners’ families face real hardships when they have to pay inflated phone rates to stay in touch – money spent on calls could otherwise be spent on rent, food, healthcare needs, and so on. But what mother doesn’t want to speak with her incarcerated son? Or what wife wouldn’t take a call from her imprisoned husband? Keep in mind that prison and jail phone contracts are monopoly contracts; families have no choice and can’t choose a less expensive option for accepting phone calls from their incarcerated loved ones.

One of the main problems with all of these scenarios in which prisoners and their families are exploited is they have no voice in our legal or political systems. It’s easy for those in charge to take advantage of these families who have no one looking out for them or protecting their interests. Both prisoners and their family members are easy targets for greedy prison telecommunications companies and their government partners. There are currently around 2.2 million people locked up in prisons and jails in the United States, which means 2.2 million families are affected by these exploitive prison and jail phone rates.

The FCC has recently taken action on this issue, after more than a decade of efforts by advocacy organizations, including Prison Legal News/Human Rights Defense Center, but more needs to be done. The two largest ICS providers, GTL and Securus, are owned by private equity firms, and as such are only interested in financial returns, not fair and equitable phone rates for families.

Lisa: Would you say this whole scenario of having private companies, whose bottom line is profit, rather than servicing the needs of their customers, is just another example of why privatizing the prison industry is a bad idea – especially with little or no government oversight, which seems to always be the case?

Alex: Removing for-profit incentives from our criminal justice system would certainly help shift the focus away from providing various correctional services – including operating prisons and jails – for the purpose of making money. We tend to monetize almost everything in the United States, but I submit our criminal justice shouldn’t be included. That being said, our public corrections agencies aren’t that great either; the entire system is in need of reform, from the top down.

Lisa: But you think prison and jail phone rates will be going down, for sure, next year?

Alex: The FCC order has already been issued. Once it’s published in the Federal Register, it will go into effect after 90 days. So that’s a done deal, though ICS providers will likely challenge it in court. Thus, there is no guarantee the rates will go down on a date certain, but eventually they will go down.

Lisa: So the big question is “what can prisoners and their families do to protect their privacy, now that they know calls are being recorded, and perhaps stored for months or years into the future? And insecurely?

Alex: They, through their elected lawmakers, need to demand accountability from the prison and jail officials who enter into contracts for phone services, to ensure their privacy interests are respected to the same extent as all other citizens.

There isn’t much families can do right now to make things better, particularly with respect to privacy. There is a combined class-action suit pending against GTL, but it doesn’t focus on privacy issues. They could complain to their state Public Utility Commission (or similar agency that regulates in-state phone services). In many states, the telecom industry has been deregulated, however. But really, how does anyone protect their privacy given that our own government spies on its citizens through the NSA?

References:

1. Not So Securus – Massive Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege
November 11, 2015. By Jordon Smith and Micah Lee for The Intercept. https://theintercept.com/2015/11/11/securus-hack-prison-phone-company-exposes-thousands-of-calls-lawyers-and-clients

2. SecureDrop Leak Tool Produces a Massive Trove of Prison Docs November 11, 2015. By Andy Greenberg for Wired. http://www.wired.com/2015/11/securedrop-leak-tool-produces-a-massive-trove-of-prison-docs/

3. Nationwide PLN Survey Examines Prison Phone Contracts, Kickbacks. April 15, 2011. by John Dannenberg for Prison Legal News. https://www.prisonlegalnews.org/news/2011/apr/15/nationwide-pln-survey-examines-prison-phone-contracts-kickbacks/

4. Prison Legal News, Complete Issue, December 2013. https://www.prisonlegalnews.org/media/issues/12pln13.pdf

5. Securus Press Release, October 2014.
http://www.prnewswire.com/news-releases/securus-provides-over-13-billion-in-prison-jail-and-government-funding-over-the-last-10-years-281105252.html

6. Securus Press Release, March 2015.
http://www.prnewswire.com/news-releases/securus-provides-over-13-billion-in-prison-jail-and-government-funding-over-the-last-10-years-300043861.html

7. GTL on reducing rates (From October 2015):
http://www.gtl.net/global-tel-link-gtl-grave-concern-with-proposed-fcc-decision-on-inmate-calling-services/

8. Jail’s Inmate Welfare Fund Gets Rich .
http://www.independent.com/news/2014/sep/29/jails-inmate-welfare-fund-gets-rich/

9. From HRDC executive director Paul Wright, October 23, 2015, FCC Caps the Cost of Prison Phone Calls .
https://www.prisonlegalnews.org/news/2015/oct/23/hrdc-executive-director-paul-wright-october-23-2015-fcc-caps-cost-prison-phone-calls/

12. FCC Second Further Notice of Proposed Rulemaking, October 22, 2014. https://apps.fcc.gov/edocs_public/attachmatch/FCC-14-158A1.pdf

11. Authorities Listen in on Attorney-Client Calls at Jails in FL, CA and TX, by David Reutter for Prison Legal News. Aug. 15, 2008 https://www.prisonlegalnews.org/news/2008/aug/15/authorities-listen-in-on-attorney-client-calls-at-jails-in-fl-ca-and-tx/

12. Suit Filed Over Minnesota Jail’s Secret Recording of Privileged Phone Calls, by Matthew Clarke for Prison Legal News. April 15, 2009 https://www.prisonlegalnews.org/news/2009/apr/15/suit-filed-over-minnesota-jails-secret-8232recording-of-privileged-phone-calls/

13. Recording of Nashville, Tennessee Jail Prisoners’ Attorney Calls Criticized, published in Prison Legal News, Dec. 15, 2011. https://www.prisonlegalnews.org/news/2011/dec/15/recording-of-nashville-tennessee-jail-prisoners-attorney-calls-criticized/

 

Micah Lee at Aaron Swartz Day 2015

Download mp4      Hi-res files of entire event
CC0

Note: I’m including a full transcription at the bottom of this post, for safekeeping. Thanks to OpenTranscripts.org for their transcriptions of these talks.

Micha Lee gave a charming first person account of how Ed Snowden first contacted him anonymously, looking for Laura Poitras’ PGP key, and then asked him to please get Glenn Greenwald get set up on PGP.

Next, he explains how SecureDrop enables sources to connect with journalists without having to learn PGP, and how Aaron’s core design is still in use today.

Micah has also written about this entertaining story in much more  splendid detail at The Intercept.

Quotes from Micah’s Talk:

“…two years before Edward Snowden decided to start becoming a whistleblower, Aaron had already done a lot of development work on DeadDrop and was well on his way to making it so that rather than having someone like Ed have to try and send a bunch of plaintext emails to journalists he wants to talk to to convince them to learn how to use PGP and stuff, he made it so that whistleblowers could talk to journalists in less than six months. I think that was pretty amazing…

The one thing is that SecureDrop has come a very long way and it’s really easy to use for sources now. So now if you’re a whistleblower and you want to leak documents, it’s really easy. All you need to do is go and download Tor Browser, go to a web site, click “I’m a new source,” and upload a document. Then you’re done…

…he (Aaron) made it so that whistleblowers could talk to journalists in less than six months. I think that was pretty amazing. And like what Garrett was saying earlier, the core design of DeadDrop is still exactly the same in SecureDrop, and that’s pretty amazing I think that he had such good foresight to figure out what all these technical problems were and try and solve them.– Micah Lee, Co-Founder, Freedom of the Press Foundation, Technologist at The Intercept.

 

***Complete Transcript Below****

Hello. I don’t have a whole lot to say.

When I was thinking about what I would talk about last night, I was reading more about Aaron. Unfortunately, I never got to meet him before he died, but I realized that he passed away on January 11, 2013, and that was actually the same day that I first heard from Edward Snowden.

At the time I didn’t know that it was Edward Snowden. He was anonymous. He sent me an email and it was encrypted. And he was trying to get Laura Poitras’ PGP key and he was saying that—you know, he couldn’t tell me what it was for but I should help Glenn Greenwald learn how to use PGP and it was important.

So I helped out as I could, and it took several months. I kept talking to Glenn and Glenn was into it, but he was also really impatient with learning anything new on the computer and he didn’t really know why it was so important. I didn’t really know why it was so important. There were a couple of false attempts at teaching Glenn PGP, and finally I had a Skype call with him where I helped him set up Pidgin and off-the-record encryption. That was like, five and a half, six months later after I first got that encrypted anonymous email from Snowden. And that was the first time that Snowden was able to have a secure conversation with Glenn Greenwald.

And I was thinking about it. Aaron had already kind of done a lot of work to solve this problem. The year, two years before Edward Snowden decided to start becoming a whistleblower, Aaron had already done a lot of development work on DeadDrop and was well on his way to making it so that rather than having someone like Ed have to try and send a bunch of plaintext emails to journalists he wants to talk to to convince them to learn how to use PGP and stuff, he made it so that whistleblowers could talk to journalists in less than six months. I think that was pretty amazing. And like what Garrett was saying earlier, the core design of DeadDrop is still exactly the same in SecureDrop, and that’s pretty amazing I think that he had such good foresight to figure out what all these technical problems were and try and solve them.

I guess the one thing is that SecureDrop has come a very long way and it’s really easy to use for sources now. So now if you’re a whistleblower and you want to leak documents, it’s really easy. All you need to do is go and download Tor Browser, go to a web site, click “I’m a new source,” and upload a document. Then you’re done, and you don’t have to go through all of this having to be a technical expert and having to train the journalists and all this stuff. But the hard part is that it’s still not nearly as easy for journalists to use. So, in fact, Glenn Greenwald doesn’t use SecureDrop himself. Instead, other people who have more time and patience with technical stuff use it and talk to him about it if there’s stuff for him.

So there’s still a lot more work to be done in this area, and I just really wish that Aaron were still around to help with this, because I think that he would contribute greatly on his project.

And that’s all that I have to say.

Ed Snowden On How Privacy Rights Work: You Don’t Have To Justify Why You Need Them

Neil deGrasse Tyson and Ed Snowden's Telerobot
Neil deGrasse Tyson and Ed Snowden’s Telerobot

“You don’t have to justify why you need your rights. That’s not how they work. Any intrusion into your rights has to be justified by the government, rather than by you. You don’t have to say why I need this right. They have to say why is absolutely vital to society to take that right away.” – Edward Snowden.

This is from Season 6, Episode 36 of Neil deGrasse Tyson’s awesome Star Talk program. (At 39:57)

NT: Welcome back to StarTalk radio. This is a special edition of StarTalk. We chose to break from our usual format, in favor of a little one on one time.

Edward Snowden, former CIA and NSA officer, now a whistleblower, international fugitive in exile, wheeled into my office via remote controlled robot.

Through this virtual medium, Ed and I were able to speak at length about his scientific pursuits, the technology of encryption and encoding, and why he believes The Constitution trumps all other law.

Because it’s possible to think of him as just somebody who has no clue about due process, legal matters, The Constitution, The Bill of Rights, and it’s easy, at first glance, to just think of him as just some kind of ignorant renegade who has no sensitivity or understanding to American laws, but I learned that that clearly was not the case.

In this final segment, we’re going to listen to part of my exclusive interview with Ed Snowden, and get his take on 4th Amendment protection, and why he feels that having nothing to hide is never a justification for rights violations.

ES: When you’re talking about invading everybody’s private communications. Their associations. The network of who they call on the phone. You’re getting their political affiliation. You’re getting the people who matter the most to them, based on the frequency of the communications. You get indications of their travel. You get the books that they read. You get the things that they buy. You get the people that they love. And you can even  get indications not only of who they are today, but who they want to be. For example, maybe they are looking at applying to a certain college program or method of study or a fellowship. Or they’re looking to get a job at a certain kind of company. These are all intensely private things that have always traditionally been up to the individual to disclose and share with people they trust.

But if the government knows all of that, about all of us, regardless of whether we’ve done anything wrong, it invests them with an extraordinary and unprecedented measure of power. Not only to know about us, but to act upon this information and particularly when these programs are regulated by secret policy rather than public law. What that means is they can disempower the public. The citizens, ya know, in their country, around the world, at the flip of a switch, and that’s something that we’ve never trusted government with before, and there’s no prevailing reason why we should today.

NT: So, you raised a very good point. Now I’ll feel more comfortable about going through airport security because, even though they’ve got my ticket, and they know, and I’ve checked in, and they saw my passport and everything. When you’re going through the detectors, they’re not asking you your name. Your name isn’t attached with that moment. They just want to see if you’re carrying anything. Plus I can choose to drive. I can leave the airport and choose to drive. So that’s a different fact. At least traveling domestically. Right?

ES: There’s a distinction between the voluntary disclosure of information, where you have a choice, whether to engage in it or not, and the involuntary subversion of your intent. Particularly, unlike airports, where everybody knows this is the law. We can vote for officials who would repeal it and whatnot, and secret programs where they impose this sort of surveillance on us without our awareness, without our intent, without our approval, or even without the approval of many members of Congress.

In May, the Second Circuit Court of Appeals, in New York, found that the National Security Agency’s mass surveillance programs, one of which I revealed in June of 2013, was illegal. It had not been authorized by any law, and for the entire period of its operation, ya know, this was not only contrary to law but it was in violation of it. And as a result, this program needs to be changed or ended. Now this happened without the majority of congress knowing that it was occurring at all.

For example, when we talk about the oversight of intelligence agencies, such as the National Security Agency or the Central Intelligence Agency, we have 535 members of congress, all of whom represent a proportional amount of Americans, who are supposed to represent us at the table of government. But rather than having them all understand and be able to influence the direction of these programs. For what are called “covert action programs,” only 8 members of congress, out of 535, are told the truth of what’s going on. This is called the “Gang of 8.” And I think what the court held in May was that you cannot substitute the judgement of 8 individuals, particularly given that these 8 individuals receive more donations from intelligence contracting companies and defense contractors, sort of the military-industrial complex, than any other senators or representatives in the congress, for the judgement of the congress as a whole and the public.

NT: So suppose. This is a very supposey thing. Suppose the public says, “I really care about my security, and I want the government to spy on everybody, so that I can be safe,” and they then turn that law into something legal. You’d have no problem with that, because there was disclosure on it, I presume. Is that correct? In a democracy we would vote for it, possibly.

ES: On the point of disclosure I would argue “yes, that’s much better than what we have today.” But on the point of rightfulness and morality, I could still contest it. And I think the argument there, that anybody who works in sort of the civil liberties space who believes in robust rights. Who believes in The Constitution, would argue that congress actually cannot pass such a law that allows the monitoring of people that allows the sort of the unreasonable search and seizure of individuals in advance of criminal activity because The Constitution forbids it in the 4th Amendment. If they want to do that they would have to amend The Constitution.

But even if they chose to, there’s fundamentally a deeper, I think, moral point here, which is the majority cannot vote away the rights of the minority. You cannot simply say well, “because I feel this way and because I have, ya know, 6 out of my 10 friends who agree with me, I’m going to reduce the circumstances of everybody else in those 4 out of 10. When we talk about the basis of actual human rights. You know, you can change standards. You can change regulations. But when we think about fundamental rights, and these are rights that the U.S. Government itself has actively and aggressively advocated in the past.

For example, the right to privacy is guaranteed not only in the 4th Amendment of our Constitution, or in the associational rights of sort of The First Amendment, but through the Universal Declaration of Human Rights to which the United States and most other countries in the world have agreed to, or the International Covenant on Civil and Political Rights, which again, the U.S. itself, promoted. So, we have treaty obligations which, in the American system, are counted as the supreme law of the land, similar to The Constitution, and then we have mere statutes that are passed in congress. Can a statute  passed in a time of sort of political passions overrule basic fundamental rights that are guaranteed not only in our founding documents, but in our treaties and our obligations that we’ve said are timeless, and even if they were would that be a good thing. I think that’s very much an argument to be had.

And sort of the corollary argument that we hear against this to try to get us to accept invasive surveillance or violations of our rights. Is that “well if you’ve got nothing to hide you’ve got nothing to fear. What are you worried about?”

But that argument is premised on a fundamental misunderstanding of rights. For one, you don’t have to justify why you need your rights. That’s not how they work. Any intrusion into your rights has to be justified by the government, rather than by you. You don’t have to say why I need this right. They have to say why is absolutely vital to society to take that right away. But beyond that, when we think about what people are really saying when they say “oh, I don’t really care about that. I really don’t care about privacy. I’ve got nothing to hide.” Is they’re saying they don’t care about that right.

Saying that “I don’t care about privacy because I’ve got nothing to hide,” is no different than “I don’t care about freedom of speech because I have nothing to say.” You’re asking for a less liberal, more constrained society, simply because that right is not valuable to you in that moment when you’re thinking about it today. But rights don’t have to be used by you individually to be valuable to a society. You can’t have a free press, without freedom of speech, and you can’t have a free society without the right to privacy.

 

Friends of Aaron Video From Aaron Swartz Day 2015 – Video and Full Transcription

Complete Transcription of the Friends of Aaron movie, including: Cory Doctorow, Brewster Kahle, Cindy Cohn and Virgil Griffith.

From the November 7, 2015 evening event at the Internet Archive, in San Francisco, before the speakers.

“Hi, I’m Cory Doctorow. Welcome to the third annual Aaron Swartz Day and International Hackathon.”

Now a Few Words from a Few Friends of Aaron’s

Cory Doctorow
Blogger, BoingBoing, Science Fiction Author,                                              Little Brother/Homeland
Special Advisor, Electronic Frontier Foundation

You know. I knew Aaron for a really long time. And when we first met, people who cared about the Internet were a bit weird. It was as though we were really interested in something trivial and futuristic and speculative, while all around us raged really important battles about more significant issues. Issues about climate change. Issues about financial fairness. Issues about privacy. Issues about race and gender.

And what we’ve found in the years since then is that those other issues have gotten even more urgent, but more and more people have come to realize that the Internet is the fight that will determine how all those other fights go on. Because the Internet is the battlefield on which all those fights will be fought.

And so it’s really crucial that we win the Internet. Not because the Internet is more important than everything else, but because it’s the most foundational thing.

I hope you have a great day at the International Hackathon.

Brewster Kahle
Founder and Digital Librarian
Internet Archive

Aaron Swartz lives in many many ways. Aaron Swartz’ ideas have been carried forward by many others, and in fact, tragically, by his persecution, prosecution, and death, has come to be widely known to others.

The idea of public access to the public domain. That we can live open source lives freely, and that it’s desirable, and you meet new and interesting people.

And the lesson of Aaron Swartz has not been forgotten by the institutions that participated in having him crushed, and has led to reforms, top and bottom, of those organizations, to not have that ever happen again. So, public access, public domain, living open source lives, should be encouraged for the next generation, and made safe by the institutions that are too slowly learning their lessons.

Cindy Cohn
Executive Director
Electronic Frontier Foundation

Aaron has left us all such a legacy of caring about the politics around technology and not just caring, but getting involved. And whether you’re getting involved as a technologist or an activist you can have no better loadstar than Aaron. I have watched as he’s inspired people all over the world.

We haven’t had success in building things in DC, to help fix things. Aaron’s law has gotten stalled. However, we’ve been able to stop the bad. There have been several attempts, and there’s one right now, in the Cybersecurity to continue on the horrible pathway of making the Computer Fraud and Abuse Act worse and worse and worse. And, we stopped it cold, shortly after Aaron died. We’ve gotten it dramatically changed this time, and I think we’re gonna stop it cold again. So, while we haven’t yet been able to make good out of what happened to Aaron, we’ve been able to stop some bad. I’m not done yet. It’s still early days. But, I still run into people all the time who tell me that learning about Aaron was the moment. Their “wake up” moment. When they decided, “I care about technology too, and I want to get involved.” And that’s awesome!

Virgil Griffith
Technologist d’Avant-Garde
Tor2Web, WikiScanner

So after Aaron Swartz’ death, there was a rash of suicides at Cal Tech, where I was at school. (Unrelated!) And they had a little suicide thing. And I gave a little talk there, and I’ve been thinking about it recently. And I remember what I told them. I said “even when you feel like crap. You’re like ‘I can’t do anything.’ ‘I’m no good.’ ‘I spend like four days out of the week sleeping.’ ‘I’m only productive one day a week, tops.’ I would say, “even that one day a week, is more valuable than you would ever realize.”

I used Aaron as an explicit example. Even though Aaron was not even near (pauses). He was definitely not thriving. He was in surviving, not thriving mode. But still, even him in surviving mode was like amazing. You know. But I think he just couldn’t see it.

And I feel like Aaron was making this mistake as well. Okay so, Aaron would kind of flip between being egotistical and being very self deprecating. So, internally, he though of himself very highly, but outwardly he’d be very self deprecating. I felt like just in general, he did not appreciate, like, his own importance and the things he could do. Even if Aaron was active one day a week. Well that’s awesome. A one day a week Aaron, I’ll take it. I’ll totally take it. Ya know. And I think he would have really had difficulty, seeing that, as useful to the world. He’d be like “oh I’m so unproductive. I’m so ungood. Blah blah blah blah. No no no. One day a week’s great.

Brewster Kahle (ending comments):

Aaron Swartz has inspired hackathons, yearly gatherings of people remembering and moving forward some of the ideas of SecureDrop, of going and building public access to journal literature, to basically building a public sphere that may not be tied to institutions, certainly not tied to business plans, but tied to an inspiring vision, of information access and living open source lives. Aaron Swartz lives on in many many ways.

NSA To Shut Down Bulk Phone Surveillance Program By Sunday

NSA to shut down bulk phone surveillance program by Sunday

By Dustin Volz for Reuters

From the article:
The U.S. National Security Agency will end its daily vacuuming of millions of Americans’ phone records by Sunday and replace the practice with more tightly targeted surveillance methods, the Obama administration said on Friday.

As required by law, the NSA will end its wide-ranging surveillance program by 11:59 p.m. EST Saturday (4:59 a.m. GMT Sunday) and expects to have the new, scaled-back system in place by then, the White House said.

The transition is a long-awaited victory for privacy advocates and tech companies wary of broad government surveillance at a time when national security concerns are heightened in the wake of the Paris attacks earlier this month.

It comes two and a half years after the controversial program was exposed by former NSA contractor Edward Snowden. The move, mandated by a law passed six months ago, represents the greatest reduction of U.S. spying capabilities since they expanded dramatically after the Sept. 11, 2001 attacks.

Under the Freedom Act, the NSA and law enforcement agencies can no longer collect telephone calling records in bulk in an effort to sniff out suspicious activity. Such records, known as “metadata,” reveal which numbers Americans are calling and what time they place those calls, but not the content of the conversations.

Instead analysts must now get a court order to ask telecommunications companies like Verizon Communications to enable monitoring of call records of specific people or groups for up to six months.