tools, spies, massive data mining, ...
I intend to cover some of the things that interest me about the issue of online privacy. Eventually considering tools that can be used to maintain privacy such as the TOR browser, the Tails linux based OS that can be used along with that for even more privacy/anonymity. I also intend to consider the hazards to privacy and this isn't just the NSA. This sort of ties into my interest in machine learning and data mining. Massive data mining is important to both Google and the NSA. More to be added as time goes on.
NEW The 2016 Presidential Elections
#NotOurPresident
Privacy really doesn't seem to be that much of a concern to people. At least it isn't one that holds the attention for a long period of time. Consider the Snowden leaks of NSA documents. The biggest leak in history. The shocking revelations of the NSA's massive data mining of phone and email records being conducted both domestically and abroad.
Now Congress knows about this, as do we know about it, and Congress knows we know about it, but still they just defeated a bill to do anything about it.
I just finished watching the video "United States of secrets" from Frontline(PBS). One segment Google and the Robot Defense talks about former California state Senator Liz Figueroa meeting with Google founders Sergey Brin and Larry Page. At question was the Google practice of reading the contents of it's brand new email service, GMail, in order to select advertisements to show as you are reading the mail. There was said to be a fair amount of uproar concerning this.
Brin compared this to having a robot come into your house, read your email, your diary, or anything else as privacy invasive as you might want to make it. Then the robot implodes when it leaves your house. His two arguments seeming to be that this did not constitute invasion of privacy since there was no person involved and the information wasn't kept in any sense "outside" where anyone could get at it. Senator Figueroa laughs at this as of course still indeed being invasion of privacy.
With that uproar come and gone some time ago let's consider the situation now. Within the last week I received an email from Google+. I am not signed up for Google+, I am generally not big on the social networks. However, it was noteworthy that in suggesting things that might interest me they included...
Given this I would have to say that at this point in time there is certainly no imploding robot. Not only is Google storing and reading my information, they are also aggregating it. Possibly across both Google searches and GMail, maybe even from other sources. But definitely from different points in time. This means, they must be keeping a running file on me. When something different comes along they can locate my file and add the new information to it.
Possibly they could still argue that although the data is obviously retained, no implode, there is still no person involved and in some sense maybe the data is not available "outside". Since, this is all being done on a massive, impersonal, basis, strictly for commercial reasons. However, we now know that whatever Google has stored can sometimes be requested by law enforcement and Google must provide it. People would be involved then.
There is nothing in the email I was sent that was overly alarming to me from a privacy standpoint. But consider that previously Google felt compelled to defend itself against the idea that it was keeping any private information at all. Now, they broadcast it back to me. If the privacy uproar doesn't result in a change, the next iteration around it is taken for granted. I mean I still consider Google my friend and all. But, I am trying out DuckDuckGo for a lot of my searches lately (on Tor).
I have seen occasions where privacy being a worry was the case. I will probably get into things like that as this page is updated.
This image came from the Snowden leak.
If this chart had come out of the movie "Enemy of the State", it would of been done by either the Jack Black or the Seth Green characters. Probably, the Jack Black character. This was done
by some techie, since in the government, some hacker if they were outside the government. The included smiley face seems to show the same lack of concern, as the movie characters had,
for any considerations of right or wrong in what is being done.
Where are you in the chart? You are one of the client "users" on the left hand side. No sorry, you can't be the smiley face, remember that is the NSA. On the right is the Google servers. In a sense that is still you since it is your GMail and Google Docs on the servers. Although I think I saw that this chart actually only referred to Google oversea servers. What is being done? It looks like SSL is being somehow circumvented.
Now, when you went to do your Cyber Monday shopping I'm sure you were aware that you should always make sure any page you enter personal or account information should be a https page, or these days it will probably show a lock icon. This means that the page is SSL. SSL or it's more modern version TLS provides the security that enables online transactions to be safe and secure. Roughly what it does is establish a secure connection that encrypted messages can be sent across both ways. It is probably the security protocol most relied on over the internet.
Again, this appears to be what the NSA "beat". It looks like possibly this was some sort of man-in-the-middle attack. Where they intercepted the traffic from the client "user" and somehow stripped the SSL encryption so that on the server it was "Traffic in clear text here", meaning they could read it with no encryption.
So that's what seems to be going on in the chart. Not really reassuring to anyone who counts on SSL providing their online security on the internet. You or Google.
Bringing it back home to data mining in volumes that reach astronomical numbers. How much of this is being done? Under NSA Director General Keith B. Alexander the policy is said to be
"Collect it all". From Americans, only from Americans, this was said to be 1.7 billion "emails, phone calls, and other types of communcations". It was indicated that 20 trillion transactions
between US citizens has been "assembled". The NSA might actually be subdued in it's domestic collection. GCHQ the British NSA type organization claims to be processing 50 billion "events" daily.
It's difficult to imagine that if you include foreign traffic that the US would be outdone by the English. Collect it all indeed. These are numbers that would of made
Carl Sagan's eyes go a little wider.
Most of this comes from "No Place To Hide" the
is below.
The NSA is not alone in believing you should not be able to lock them out of your data. The FBI seems to want a backdoor into everythingMore Crypto Wars II. This may have a point, The argument usually seems to come down the fact that we should be willing to sacrifice some of our freedoms for less risk of terrorism or unsolved crime. The problem I thinks comes in when it assumed to be all right to do this without any sort of process involved as to determine why your freedoms should be restricted. No search warrants issued by judge deeming a right to the information. No probably cause, or reasonable and articulable suspicion to use a phrase from the Standford Surveillance Law course I am just finishing on Coursera.
So again, views might be different on this. Some people might feel the protections provided are worth giving up some amount of privacy or freedom. For some it might not matter as long as they pretty much aren't aware of it. For my own views. Although I don't think I have a whole lot to hide, or believe that I have many really confidential converstations I would still like to think I could if I so chose have privacy and my freedoms intact. I could have a private conversation, I could have something somewhere that I can keep everybody out of, I can go about my normal activities without being tracked. For now anyhow this is my position on this and the side of the related issues I tend to support.
Maybe if I continue to follow these issues for the purpose of updating this page my views might shift. But for right now I am for protecting online privacy with crypto or any other privacy software available.
The lectures for the Coursera Surveillance Law from Jonathan Mayer of Stanford have been made available on youtube...
Surveillance Law
The biggest controversy of late was decided when Deflategate played out. Other decisions, possibly of more importance and significance were also arrived at. One of these being that the NSA mass surveillance of Americans under section 215 of the Patriot Act is in fact illegal. It's been a while since I updated this page it might be time to catch up a little bit. You may remember that this surveillance was supposed to be all right because it was only phone record metadata that was being tracked. It was, however, not considered all right by the US Court of Appeals for the Second Circuit.[1]. This decision, to my understanding, found that the Patriot Act didn't provide the justification for this program that was claimed. There are other appeals courts considering if the Patriot Act is illegal under constitutional grounds, all of which may end up in the Supreme Court.[2].
This has led to a confrontation in Congress with parts of the Patriot Act under a deadline to be renewed or reformed by May 31st. [3]. Basically Mitch McConnell the Republican wanting to push through the Patriot Act as is while Harry Reid is saying that given this is now illegal we should instead now put through the USA Freedom Act[4] reform bill.
There has been news elsewhere on this before it came up in the US. In England the GCHQ cooperation with the NSA was also found to be illegal. Although it doesn't necessarily seem to mean there will be any change in surveillance policies there.[5]. [6]. There has also been talk of illegal programs in Switzerland, Denmark and Norway.[7].
One thing I still have a little trouble understanding is how the media even denies Snowden status as a whistle-blower. With the on-going and escalating blowback from his revelations still on-going. Moreover, with many coming to agree that much of this really was illegal and simply unnecessary. I would think you would have to consider him a much more significant whistle-blower than Ellsberg with the Pentagon Papers, Manning with Wikileaks, or anyone else.
For more of the legal nitty-gritty on the appeals court decision there is [8], with an actual link to the decision, or for that cut to the chase with [9]. If you are interested in reading that I would again recommend the Stanford Surveillance law class mentioned just above. Something to keep in mind anyhow. It's what? ILLEGAL.
Just in. This is still ILLEGAL. In consideration of this the house passed the USA Freedom Act by a large margin. McConnell, seeming to give some ground on the Patriot Act, has said he will allow a vote on this in the Senate. You can't do what's illegal, right?
I was sort of waiting for the dust to settle on this in the Senate before saying anymore. But after more politicking that seems to be all done there as well. A number of amendments were threatened, 10 by Rand Paul alone, which my understanding is would of thrown this back into the House. This was seen as something that could not be allowed to happen. So, again my understanding, is the USA Freedom Act was passed just as it was in the House. It was then signed into law by President Obama so is now the new law of the land. I'm still a little curious if the providers are technically able to assume responsibility for keeping all this meta-data. There are concerns with the new law but for now that might mostly be it for the time being.
Now maybe we can move onto other things like email, or the many other areas where privacy can be invaded both by the government as well as corporations.
One of the unprecedented features of the 2016 presidential election was ongoing, realtime, events that potentially influenced it's outcome. These events all involved emails in some way or another.
The first was Wikileaks ongoing exposure of Clinton and Democratic National Committee (DNC) emails. The source of these was determined to be Russian hackers seeking to influence the American presidential election. This influence was directed solely against Clinton.
The second event was a one time event, the FBI revelation of emails discovered on a computer used by Clinton aide Huma Abedin. These were indicated to possibly have bearing on an investigation into classified email handling on private servers used by Clinton while she was Secretary of State. In July the FBI had recommended no indictments against Clinton concerning this.
A letter was sent to congressional leaders on Oct. 28 informing them of the Abedin emails. Why FBI Director James Comey sent this letter isn't entirely clear. The Sunday before the Tuesday election the FBI announced that after looking into the emails the situation from July was unchanged. The new emails had meant nothing - legally, but politically possibly everything.
This color indicates a Wikileaks event
This color indicates an FBI event
Clinton was beaten in a negative campaign. Trump could not beat her on experience, ability or knowledge. So he had to out-image her, being a celebrity then was a strength. Nothing substantial, just make people less comfortable with her than they were with him. This was not easy because most people didn't have a very positive outlook on him either. So, his campaign proceeded with innuendo, baseless accusations, and inflammatory rhetoric. In this he had help. First, from the Russian government through Wikileaks, and then, from the FBI stepping in to show the Russians how it's done. Each time the FBI or Wikileaks was involved it generated news cycles, online discussions, and general gossip where Clinton negatives were the repeated topic of discussion. There was also, of course, positive feedback into the Trump campaign. He could include the Wikileaks and FBI events in his own list of negatives to throw at Clinton.
So the winners are the FBI, the Russians/Wikileaks, and Trump - in that order. It was not a campaign to be proud of.
If I missed any Wikileaks, FBI or other highly valid event please let me know, the same if there are any factual errors. My email address is in many places, I will possibly get this on a more proper blog page when complete or add the address later if I notice it isn't anywhere else convenient.
"As I've said many times, we don't give a rip about politics." - James Comey[20][21]
FBI Director James Comey has said this more than once. The [20] reference is from Senate hearings where Comey was assuring a Senate committee that there was no influence from the Obama administration on the Clinton email server investigation. The second [21] indicates that politics played no role in moving the investigation along or not.
So what are we to make of the Comey letter? That there might be evidence of something criminal concerning the Clinton email servers - just before the election. Basically, innuendo. Then it is announced upon the imminent verge of the election that there is nothing really new. On the face of it this seems like a timed smear against the Clinton campaign. It is a problem solely for the Clinton campaign, which is almost the definition of 'partisan'. It seems highly 'political' and potentially influencing the very outcome of the presidential election itself. Comey had checked with the Department of Justice who advised against it.[22]. But this time, unlike the Clinton Foundation investigation, the DOJ couldn't stop it.
So did the FBI take unfounded action in what seems a like an extremely political, partisan way? Or, was Comey just not giving a rip about politics? Apparently, being totally oblivious to it, what with a presidential election looming on the horizon. Was he just doing what he thought his duty compelled him to - apprising congress of a development in the Clinton email case?[23]. Why couldn't he have waited until he knew if there was anything new of substance? Comey sent the letter to congress the day after he was briefed on the matter. This is indicated in the Comey letter itself[16].
One possibility thats been mentioned is that Comey sent the letter because he was concerned that the information would otherwise be leaked. To put it in Watergate terms, he felt that a "modified limited hang out"[24] was preferable to a leak. This doesn't seem that likely to me.
Maybe it was something else yet, maybe Comey wanted it on the record, before the election, that there could be something criminal regarding Clinton before she became president and then it came out. That would be sort of a political calculation though.
The Wikipedia entry for Director Comey, although brief, is a pretty good one and current through the election.[25] He started out, in high profile New York, as a high profile US attorney. Eventually, he became the Deputy Attorney general under John Ashcroft. He left the Department of Justice for various private sector positions. Finally, in 2013 he was appointed Director of the FBI by President Obama, beginning a 10 year term in that position. I have seen where Comey himself considers the length of this term to be another reason that he is free of political influence. I might think it would also mean that he is somewhat free of checks and balances from other branches of the government.
The thing that most struck me when I looked at the Wikipedia entry was the incident where Comey briefly became acting Attorney General while John Ashcroft was hospitalized in serious condition. He refused to do the periodic sign off on the legality of warrantless wiretapping. Effectively, making it illegal. Andrew Card, Bush White House, Chief of Staff and Alberto Gonzales, White House counsel, (later Attorney General), decided to bypass Comey and go to the hospital to get Ashcroft himself to sign. Comey heard about this and got to the hospital first to support Ashcroft in not signing. Card and Gonzales left with it unsigned.
The Wikipedia entry ends with Comey withdrawing a threat to resign when President Bush himself gives his support to making changes to the surveillance program. I remember that I had first heard of this hospital incident in "The Shadow Factory"-James Bamford[26], but had forgotten that it was Comey who was involved. In that - Book Four: Discovery, the Emergency chapter is a more detailed retelling of the event. Since, this is the online privacy page I include the conclusion from that as well.
Despite the changes, the NSA's warrantless program continued to be operated outside the law. While a few of the most egregious aspects had been eliminated or modified, it was still in violation of FISA, which required all national security eavesdropping to be approved by the FISA court - under penalty of imprisonment and with no exceptions. But because of the Bush administration's trademark go-it-alone policy, the program would continue in violation of FISA. And Hayden's wall of secrecy surrounding it would remain intact. But not for long.
Additionally, you can come across references to Comey keeping a copy on his desk of the document where AG Robert Kennedy approved Herbert Hoover's request to wiretap Martin Luther King. This, apparently, as a reminder of abuses of authority to be avoided. [27]
Unfortunately, all of this is contrary to the narrative I was going for here. That Comey for some reason took a partisan, political, action. That he was willing, in fact, to misuse the power of his position to influence a presidential election. Instead, he was willing to oppose the current political regime for what he thought was right, or at least legal. He also seems aware and even concerned about the possible misuse of power. So, at this point his motivation in actually sending the Comey letter remains, at least to me, something of a mystery. Next I will look in a little more detail at his time directing the FBI. Possibly, some better understanding of his action can be found there?
There is no update on Comey as FBI director this week. There were however new events that will require an update. These include that a CIA assessment has determined that the Russian's were involved in the Wikileaks emails and in a way that favored Trump over Clinton. They had also hacked the RNC but released no Republican emails. Obama has ordered intelligence officials to conduct a full review of election related cyber-attacks, including Wikileaks. The Trump transition team and Trump himself are questioning the credibility of the CIA, who will soon be their own intelligence agency. The FBI has disagreed with the CIA assessment. There also has been considerable discussion of a bipartisan congressional probe into the hacking. Although, I'm not sure that is a sure thing yet. Republicans like John McCain and Lindsey Graham are also calling for this. I will add events related to this into the time line - with reference links later.
This is certainly appearing to be another major instance of state involved cyber-warfare.
You say you want a revolution
Well, you know
We all want to change the world
You tell me that it's evolution
Well, you know
We all want to change the world
But when you talk about destruction
Don't you know that you can count me out
STILL A WORK IN PROGRESS - MORE TO FOLLOW
Election time line
[1] Wikileaks - Hillary Clinton Email ArchiveFBI
[20] Rip about politics - Senate hearingSo far, however, the only direct evidence of Comey's intent - the crucial issue in Hatch Act cases - has been his explanation that he was keeping his promise to inform Congress of any new developments. That is a difficult assertion to refute, even if he had other, unstated motives.[24] Limited hangout