All posts by lisa

NSA To Shut Down Bulk Phone Surveillance Program By Sunday

NSA to shut down bulk phone surveillance program by Sunday

By Dustin Volz for Reuters

From the article:
The U.S. National Security Agency will end its daily vacuuming of millions of Americans’ phone records by Sunday and replace the practice with more tightly targeted surveillance methods, the Obama administration said on Friday.

As required by law, the NSA will end its wide-ranging surveillance program by 11:59 p.m. EST Saturday (4:59 a.m. GMT Sunday) and expects to have the new, scaled-back system in place by then, the White House said.

The transition is a long-awaited victory for privacy advocates and tech companies wary of broad government surveillance at a time when national security concerns are heightened in the wake of the Paris attacks earlier this month.

It comes two and a half years after the controversial program was exposed by former NSA contractor Edward Snowden. The move, mandated by a law passed six months ago, represents the greatest reduction of U.S. spying capabilities since they expanded dramatically after the Sept. 11, 2001 attacks.

Under the Freedom Act, the NSA and law enforcement agencies can no longer collect telephone calling records in bulk in an effort to sniff out suspicious activity. Such records, known as “metadata,” reveal which numbers Americans are calling and what time they place those calls, but not the content of the conversations.

Instead analysts must now get a court order to ask telecommunications companies like Verizon Communications to enable monitoring of call records of specific people or groups for up to six months.

Newsweek Covers the Aaron Swartz Day Hackathon

Newsweek’s Seung Lee came by the hackathon on Saturday. He’s written a nice piece that I’d missed last week :-)

Inside the Aaron Swartz Day Hackathon
By Seung Lee for Newsweek

1114swartz
Side view of Saturday’s hackathon on November 7, 2015.

From the article:

Programmers, journalists and whistleblowers flocked to San Francisco to speak during the conference. Representatives from the Tor Project, which advocates for online anonymity, and Glenn Greenwald’s project The Intercept were in attendance. In addition, Chelsea Manning, the Army lieutenant who leaked sensitive documents to Wikileaks in 2010, wrote a letter of support to the conference from her prison cell in Fort Leavenworth, Kansas.

The day was more than just a parade of experts talking and guests listening. “Aaron would not have wanted people to mope around about him,” says Rein. “He would have wanted us to build new things.”

More than 30 computer programmers huddled together around foldable tables in the foyer and typed away at assigned projects. One of these projects was Privacy Badger, a third-party tracker-blocking application built by the Electronic Frontier Foundation (EFF), a digital rights advocacy group. While Privacy Badger helped stop hidden trackers from following one’s digital footrpints, the application sometimes disabled images and videos from being displayed, and thus needed some outside help…

“Aaron led an open source life and took the open source movement to another level,” says Kahle. “Programming for the social good is still very much alive. But we, the general public, all screwed up by taking the life of a promising young man.”

In the evening, the Internet Archives hosted a dinner banquet during which several speakers, including Kahle and those from the afternoon conference, took turns saying a few words about Swartz. At the close, Manning’s letter was read aloud by Rein.

Manning spoke about the “paradox” of technology leaving society more connected and open and yet more paranoid and insecure. She asked the guests to use their technologies for a better, freer and more private Internet, as Swartz would have wanted.

“I now believe that today’s coders and engineers have an extra ‘hat’ that we have to wear on top of the colorful spectrum of hats we already have—namely, the technology ethicist and moralist hat,” reads Manning’s letter. “Technology is only a toolbox. It’s what we create our software for, what we intend to use it for, and who we allow to use it, and how much, that really count.”

Interview with Alison Macrina, Founder of the Library Freedom Project

lison Macrina, Founder, Library Freedom Project
Alison Macrina, Founder, Library Freedom Project

About the Library Freedom Project, the ACLU, and Tor

The Library Freedom Project (LFP), along with its partners the ACLU and the Tor Project, provides trainings for library communities, teaching people their rights under the law, and how to find and use free and open source, privacy protective technologies.

Alison spoke at this year’s Aaron Swartz Day event (video, transcript).

LFP had a bit of excitement last summer, when it and the Tor Project worked with the Kilton Library in Lebanon, New Hampshire, to set up a Tor relay. Those who run Tor relays are providing a public service, as Tor is a free, open network that helps people defend against mass surveillance by providing them anonymity online. Tor depends on thousands of volunteers who run “relays” (computer servers that support the Tor network).

Libraries are ideal locations to host Tor relays, because they are staunch supporters of intellectual freedom and privacy, and because they provide access to other essential internet services. This was the spirit behind the Kilton Library seeking to become one of the many nodes in Tor’s worldwide internet freedom system.

Tor is used by human rights activists, diplomats, journalists, government officials, and anyone else who values privacy. For instance, Journalists in repressive countries use it to publish their work without fear of government surveillance, censorship or prosecution. Domestic violence survivors use it, so that they cannot be tracked by former partners. People in African countries like Zimbabwe and South Africa use it to report poaching of endangered animals without fear of retribution.

Human Rights Watch recommends Tor for human rights advocates in their report about censorship in China. Reporters without borders suggests that journalists and bloggers all over the world should use Tor to keep themselves and their sources safe.

Tor was originally developed by the US Navy, and still gets funding from the State Department, as it is used by many high officials in the US Government.

When LFP announced the Tor relay project at the Kilton Library, that project received popular media attention and overwhelming community support. Then, in mid-August (2015), the Boston office of the Department of Homeland Security contacted the Portsmouth and Lebanon Police Departments, to warn them, falsely, that Tor’s primary use is to aid and abet criminal activity. In the face of this Federal Law Enforcement pressure, the Kilton Library shut down the project.

The kind of pre-emptory thought crime was disturbing to say the least. LFP compared the move to shutting down public parks for fear that crimes might be committed there in the future. This Kilton Letter, published by LFP, on September 2, provides a more thorough explanation of what took place and why. The letter was signed by members of the ACLU, The Tor Project, Electronic Frontier Foundation, and the Freedom of the Press Foundation.

Luckily, the Lebanon Board of Trustees had a change of heart, as explained in the Valley News article, Despite Law Enforcement Concerns, Lebanon Board Will Reactivate Privacy Network Tor at Kilton Library:

The Lebanon Library Board of Trustees let stand its unanimous June decision to devote some of the library’s excess bandwidth to a node, or “relay,” for Tor, after a full room of about 50 residents and other interested members of the public expressed their support for Lebanon’s participation in the system at a meeting Tuesday night.

“With any freedom there is risk,” library board Chairman Francis Oscadal said. “It came to me that I could vote in favor of the good … or I could vote against the bad. “I’d rather vote for the good because there is value to this.”

Interview with Alison Macrina

Lisa:  So the good guys won in Kilton! Is the Tor relay still up and going strong?

Alison: Quick note: we won in Lebanon, New Hampshire. The name of the library is Kilton Library, of the Lebanon Libraries. And yes, the board and community decided unanimously to keep the relay online. Chuck McAndrew, the IT librarian, recently turned it from a non-exit into an exit, so we’re going to write a blog post soon detailing the success of the pilot and encouraging other libraries to get on board.

Lisa: Can other libraries contact you about setting up their own Tor relay?

Alison: Yes, they can contact us at exits@libraryfreedomproject.org for all the information and supporting materials they might need. We have a questionnaire for them to fill out regarding their network details. And then we can schedule a time for us to do a site visit.

Lisa: What is your advice to Librarians who are thinking about setting up a Tor relay, that might be getting pressured by their local law enforcement to not do so?

Alison: We can’t guarantee that law enforcement won’t try to halt other libraries from participating in this project, but we can use Kilton Library’s example in case such a thing happens again. If law enforcement pressures another library, we will do what we did in Lebanon — rally a network of global support to stand behind the library and urge them to continue their participation in the project. We think that our overwhelming victory at Kilton shows us that we’ll be victorious at other libraries, should it come to that.

Lisa: So there’s nothing inherently criminal about using Tor any more than there is something inherently criminal about using the Internet?

Alison: Not at all! Privacy-enhancing technologies like Tor are
perfectly legal. Tools like Tor are also the best ways to protect
ourselves against government and corporate surveillance. By using and promoting Tor Browser and running Tor relays, libraries can help
ordinary people protect their privacy and other basic civil rights.

Alison Macrina, Founder of the Library Freedom Project, spoke at this year’s Celebration of Hackers and Whistleblowers, on November 7th, and also gave a two-hour tutorial on Sunday morning, at the Privacy-enabling Mini-Conference, on November 8th.

 

Great Round Up of Journalist Encryption Tools From Aaron Swartz Day

Jenny Manrique has written a wonderful round up of five tools you can start using today to keep your sources’ data (or clients’ data,  no matter what field you are in) safe and secure:

Five tools for journalists’ online safety, privacy

by Jenny Manrique for the International Journalists’ Network.

From the article:

These are some tools featured over the weekend:

Onion Share

Developed by Lee, Onion Share lets anybody securely share any size file…”It is like Dropbox, but encrypted and reliable. As soon as the person downloads the file, it can be erased from the server and it’s no longer accessible to anyone,” explains Micah Lee… (Freelancers can find this tool useful for communicating with whistleblowers.)…

Tor Messenger

If you are familiar with the TOR Project, currently the best way to navigate online without leaving trace, you will be glad to learn that it recently launched TOR Messenger. The cross-platform tool facilitates encrypted chats on a variety of networks like Facebook and Gchat…

Keybase

Keybase is an open directory of public keys that you can verify through social media accounts… the Keybase directory can tell you who’s that key, according to his or her profiles on Twitter, Reddit, Github, Bitcoin and domain names…

Signal (TextSecure on Android)

Don’t confuse it with the Facebook or Linkedin Signal apps. This tool, developed by Open Whisper Systems, allows you to make encrypted voice calls, as well as send encrypted text messages, with your existing number and the contacts that also download the app.

OpenArchive

OpenArchive is a mobile application that seeks to preserve audiovisual civic media in a secure way…The app, currently in beta for Android, uses mobile TOR technology to allow people on the ground to send sensitive images without fear of being tracked…

Video and Transcripts From Aaron Swartz Day 2015

Please donate to my Kickstarter for “From DeadDrop to SecureDrop” – Thanks!!

Index of Speakers and Direct Links to Video and Transcriptions

Giovanni Damiola (Open Library Project)
YouTubeVideo – Transcript

Garrett Robinson (Lead Programmer, SecureDrop)
YouTubeVideoTranscript

Alison Macrina (Founder and Director, Library Freedom Project)
YouTubeVideoTranscript

Brewster Kahle (Digital Librarian, Internet Archive)
YouTubeVideoTranscript

Cindy Cohn (Executive Director, Electronic Frontier Foundation)
YouTubeVideoTranscript

Jacob Appelbaum (Security Expert seen in Citizen Four, Wikileaks volunteer) (Appearing remotely via Jitsi)
YouTubeVideoTranscript Internet Archive Video & Download

Roger Dingledine (Interim Executive Director, Tor Project)
YouTubeVideoTranscript

Micah Lee (Co-founder, Freedom of the Press Foundation and Technologist at “The Intercept”)
YouTubeVideo – Transcript Internet Archive Video & Download

A Special Statement from Chelsea Manning: “The Human Element”
(Read by Lisa Rein)
YouTubeVideoTranscript – Link to Chelsea’s Statement

 

Wired: SecureDrop Leak Tool Produces a Massive Trove of Prison Docs

SecureDrop Leak Tool Produces a Massive Trove of Prison Docs

by Andy Greenberg for Wired, November 11, 2015

This is really exciting, and what great timing!

The whole purpose of last weekend’s event was to get the word out about SecureDrop‘s usefulness to the common man, and yet I couldn’t point directly to an example of it in action.

Then, low and behold, when I woke up yesterday afternoon (heh, been a long week), I could not believe my eyes! A real world, shining example of SecureDrop in action. A hacker obtained over 70 million phone records that exposed some first class corruption: exploiting  those who are already underprivileged and underserved in the community. In this case, prisoners and their families, which often barely have enough money for the essentials.

I’ll be posting a summary of The Intercept article that fully explains what the hack, and subsequent anonymous upload, exposed, shortly. It’s a little complicated, and therefore took me a minute to be able to summarize it – but it will be up soon… :-)

From the article:

“It’s been more than two years since the debut of SecureDrop, a piece of software designed to help whistleblowers easily and anonymously leak secrets to media outlets over the Tor anonymity network. Now, that system is finally bearing fruit, in the form of a massive dump of files from one of the country’s largest prison phone companies…”

“Just as significant as those revelations, perhaps, is how the Intercept obtained the documents that enabled them: The news site has confirmed that it first made contact with the anonymous source who provided the Securus files through the Intercept’s SecureDrop platform, starting with an initial sample of the Securus database uploaded around the beginning of 2015.

That Tor-enabled leak marks a landmark for a still-evolving form of journalism that takes a page out of the playbook invented by WikiLeaks: Like Julian Assange’s secret-spilling organization, SecureDrop allows anyone to run a cryptographically anonymous submission system for leaks and tips. Because that upload site runs as a Tor “hidden service,” anyone who visits has to run Tor too, making it very difficult for anyone to trace his or her location or identity—even the news outlet on the receiving end.

The Intercept’s lead security technologist—and a co-author of the Securus story—Micah Lee says SecureDrop’s benefit isn’t just anonymity, it’s ease of use. Instead of carefully using Tor to create an anonymous email address and figuring out how to encrypt email so that service can’t read their leaked secrets, sources can upload their leak or message using SecureDrop in seconds.

Lee says that this is far from the first time the Intercept has received useful leaks through the SecureDrop system. But the Securus revelations represent the first story of national significance where a news outlet has publicly revealed that the story’s source used SecureDrop anonymous submissions.

“We use SecureDrop on a regular basis, but this story is a little exceptional because we decided it was safe for us to mention that it came from SecureDrop,” Lee says. “This is exactly why we decided to run SecureDrop: to get juicy stories like this and do it in a way where we protect our sources.”

Chelsea Manning’s Statement for Aaron Swartz Day 2015

Donate to Chelsea’s legal defense fund to help with her appeal.

Download Chelsea Manning’s Statements as a PDF file.

Chelsea E. Manning 89289                                                                                   1300 North Warehouse Road                                                                             Fort Leavenworth, Kansas 66027-2304

2015.11.07

Statement for Aaron Swartz Day and International Hackathon-2015

The Human Element – International Aaron Swartz Day Hackathon

Hello Everyone,

First, I’d like to apologize for the awkwardness of this written medium. I would love to speak in person – as well as attend and contribute to – events like these, but certain circumstances are complicating my ability to travel and communicate in any fashion recognizable to most of us in the 21st century.

In fact – seeing that this is a technology event – l’d like to talk about the incredible ubiquity and access that society now has to highly connected information technology devices. It seems to me, at least, that as we enter the era of ubiquitous computing, the so called “Internet of Things” – with cell phones hugging against our hips, laptops and tablets in everyone’s bag, and toasters that have the uncanny ability to sort our music libraries in the wrong way and have uncomfortable conversations with our grumpy selves in the morning – we have begun to blur the lines within our Human society in unexpected and even exciting ways.

Looking at the rapid advances in our social and political sphere in the information era – such as the cultural progress queer and trans movements have started to make – the relationships between such things as gender and sexuality, between art and work, between gender and work, and between sexuality and art, have blurred in incredible ways. Now there are elements and ideas which seem to implement the concepts of “transhumanism,” and its becoming normal for more and more people who anticipate – as well as fear – the economic, information, and technological “singularity” at the supposed end of our exponential graphs in our own lifetimes.

But, consider the paradox that technology has provided for us. We seem more diverse and open as a society, but isn’t it also the case that we are more homogenous and insecure than we ever have been in the last century or so? You might try and tell me something like – “Well, today’s tools provide us with the ability to be more independent from the control of our governments and corporations than ever before.” But, I ask, do they really? I don’t think very many people in here are convinced that technology is a purely liberating tool, as we are now seeing that it can also be used to censor, to control, to monitor, to anticipate, to imprison, and sometimes even kill.

I am arguing that we can be independent and liberated as a society even without advanced technology. It seems that some people today even find their independence by embracing the Luddite philosophy – ditching their cell phones for the weekends, or avoiding the Internet at certain times of the day or week. But, I hope you don’t think that you have to run to the hills of Montana and live in a cabin for years on end – that seems a little disproportionate, haha.

Today, as is obvious in some of the headlines that we see online – we are in a constant technological arms race, and I think that it’s important to realize that we are always only a single breakthrough away from making the methods of network obfuscation and encryption pointless or unusable. While I agree that it’s unlikely, it certainly is well within the realm of possibility that we might wake up tomorrow morning – or, if we’re really honest, tomorrow afternoon for some of us – and find out that some truly brilliant or devious mathematician or mathematicians have solved the Riemann Hypothesis, throwing entire regions of our encryption arsenal into turmoil. Or, we might wake up and find out that a six, eight, or even ten qubit quantum computer with near perfect error correction has been built, effectively accomplishing the same thing.

The point I’m trying to make here is that – and it is sometimes hard for those of us in the tech community to accept – that our technology can only take us so far on its own. Rather, it is the Human element that is so important, and unfortunately very easy to forget.

As most of us are acutely aware, our software can be written to accomplish a task that, in the right hands, solves incredible problems, creates miracles, eliminates boundaries, and saves lives. Think about, for instance, the entertainment provided by streaming videos and video games, the real-time artificial intelligence applications that are used in automated cars, manufacturing plants, and medical equipment, or the so called “big data” platforms being applied for Internet search, marketing, political campaigning, and healthcare.

Yet, that very same software with a few minor tweaks can, in the wrong hands, cause immense problems, create nightmares, raise insurmountable boundaries, and destroy and even end lives. Think about how the same technology used in streaming video, video games, real-time command and controls, and artificial intelligence, can also be used in unmanned aircraft armed with missiles to wreak havoc on barely discernible people hundreds or thousands of miles away. Think about the statistical “nudges” in big data algorithms that create gender, racial, ethnic, gender identity, sexual orientation, religious, political and other biases across large swaths of the online population. Also, think about the intensifying polarization and heavy focus on precision targeting on “swing voters” in the political realm. Real people in real places in real time are affected – sometimes on an immense scale.

Software is only a tool. Technology is only a toolbox. It’s what we create our software for, what we intend to use it for, and who we allow to use it, and how much, that really count.

I now believe that today’s coders and engineers have an extra “hat” that we have to wear on top of the colorful spectrum of hats we already have – namely, the technology ethicist and moralist hat. Whether we’re amateurs or professionals, and despite whether we want to or not, it has now become another duty that we have. I only hope that the majority of us can figure out and fully understand what that is going to entail as we approach the edge of our graphs. In fact, Human lives and the future of Humanity may depend on it.

Thank you for your time everyone, and good luck in your endeavors. I would especially like to thank Lisa Rein for her lovely letter last month inviting me to speak before you all. It was an incredibly warm and heartfelt letter that made my day a little brighter.

Good night, everyone.

CHELSEA E. MANNING

 

Chelsea’s statement is available under a Creative Commons Attribution-ShareAlike 2.0 Generic License (CC BY-SA 2.0)

Chelsea Manning Prepares Special Statement For Aaron Swartz Day Celebration

Donate to Chelsea’s legal defense fund to help with her appeal.

In support of this year’s Aaron Swartz Day and International Hackathon, Chelsea Manning has prepared a special statement that will be read at Saturday night’s Celebration of Hackers and Whistleblowers at the Internet Archive.

HERE IS THE LINK FOR A LIVE WEBCAST OF TONIGHT’S SPEAKERS, at 8:00 pm PST. (Movies only seen by attendees.)

Meanwhile, Chelsea has written an Op-Ed for the Guardian on why the FISA courts should be abolished. (She’s also published a 129-page surveillance reform bill.)

Sign this petition from Fight For The Future to tell your politicians to read Chelsea’s bill.

Fisa courts stifle the due process they were supposed to protect. End them

Intelligence agencies will always seek to collect more data. But the courts that oversee them must be as concerned about due process as they are with secrets

From the article:

 Those courts were established nearly 40 years ago, in response to allegations that the intelligence community was abusing their power in order to spy on US citizens: the US Senate’s Church Committee conducted a massive investigation into the intelligence community and expressed concerns that the privacy rights of US citizens had been violated by activities conducted under pretenses of foreign intelligence collection.

The result then was new procedures and the creation of a new court system – the Foreign Intelligence Court – to process surveillance requests by the government in secret. Unfortunately, it also created a new host of oversight problems: only a similar secret court process can review the actions taken by the courts, leaving many in Congress and all of the American public in the dark.

Some of these systemic problems have finally been examined by non-Fisa courts in the last two years – most notably by the US court of appeals for the second circuit early in 2015. However, because of the continuing secrecy of the Fisa courts, any ruling by a court of appeals was only a symbolic gesture. The USA Freedom Act, for all that it’s trumpeted as the solution to some of the excessed, does little to institute real oversight over the Fisa courts.

The solution: we should abolish the entire Fisa Court system and bring all surveillance requests into the oldest and most tested court system in America: the US district courts and courts of appeal.

EFF: Aaron Swartz Hackathon This Weekend Is Your Chance To Hack for a Better World

Aaron Swartz Hackathon This Weekend Is Your Chance To Hack for a Better World

 From the post:

This weekend marks the third annual Aaron Swartz Day hackathon, and a chance for you to meet up with other people working to use technology to make the world a better place. Once again, cities around the world will host two days of meetups.

The Internet Archive in San Francisco is the main event hub, with film screenings, talks from developers working on projects started or inspired by Aaron, a mini-conference of privacy-enhancing technologies, and a two-day hackathon.

The hackathon will focus on SecureDrop, an anonymous whistleblower document submission system originally developed by Aaron, and now maintained by the Freedom of the Press Foundation. SecureDrop has grown significantly in the years since Aaron began the project—it is now installed in newsrooms around the world—and it benefits from a robust community of developers and supporters who help build and document the project. Lead developer Garrett Robinson will lead the hackathon and explain where people with different skillsets can pitch in.

SecureDrop will not be the only thing to work on. The founder of the OpenArchive project will also be there to lead prospective hackers on developing that app. Developers from our own Privacy Badger browser tool will be there hacking, and EFF staff technologist Cooper Quintin will present during the privacy mini-conference.

Also at the privacy mini-conference on Saturday: presentations on Keybase; former EFF staffer Micah Lee, now with The Intercept, presenting on encryption for journalists; and Brad Warren on exciting developments with the Let’s Encrypt certificate authority.

Starting at 6pm after the first day of hacking, the Internet Archive will host a reception where people can meet. At 7:30, there will be a rare opportunity to see excerpts of the upcoming “From DeadDrop to SecureDrop,” a documentary about that software and Aaron’s role in developing it.

Finally, on Saturday night from 8 to 10pm an impressive line-up of speakers, including EFF Executive Director Cindy Cohn and co-founder John Perry Barlow, will present on their work and Aaron’s legacy. Tickets for the evening event—including the reception, screening, and talks—are available on a sliding scale.

The hackathon and mini-conference continue on Sunday, with more talks from Library Freedom Project’s Alison Macrina and Restore The 4th’s Zaki Manian.

For friends of EFF, and people who want to advance the causes Aaron dedicated his life to, this weekend’s event is a can’t-miss. If you can make it, please RSVP so the organizers can plan accordingly. We hope to see you there.