Category: Security


Chairman of key House committee agrees to proceed with NSA reform bill

• Judiciary committee chair gives new life to USA Freedom Act
• Bill to overhaul spy agency had been stalled by months of delay

NSA logo
House judiciary committee Bob Goodlatte has agreed to support the surveillance overhaul bill. Photograph: Alex Milan Tracy/Corbis

The chairman of a key committee in the House of Representatives agreed to move on a major surveillance overhaul on Monday, after months of delay.

The decision, by the Republican chairman of the House judiciary committee, Bob Goodlatte of Virginia, breathes new life back into the USA Freedom Act, a legislative fix favoured by privacy advocates to prevent the US government from collecting domestic data in bulk.

The judiciary committee is expected to take action on an amendment encapsulating the provisions of the USA Freedom Act on Wednesday at 1pm. Congressional aides expected it to pass the committee with bipartisan support, setting up a fight on the House floor.

Goodlatte, who had been hesitant to endorse the bill, written by former committee chairman James Sensenbrenner, will now vote for it personally.

Goodlatte’s decision comes despite pressure by the House Republican leadership, which preferred an alternative bill, written by the House intelligence committee leadership, that would permit the government to acquire Americans’ data without a specific prior judicial order for it. Additional pressure came from a desire on all sides to avoid surveillance-related amendments to unrelated, critical bills slated for floor consideration later this month.

An attempt by the intelligence committee and the House leadership to circumvent Goodlatte’s committee and pass the rival bill is said by observers to have galvanised Goodlatte’s decision to move forward on the USA Freedom Act. Internal committee negotiations on modifying the USA Freedom Act for passage intensified after the House intelligence committee unveiled its bill in March.

The Obama administration has yet to take a public position on the House judiciary bill or the House intelligence bill, although President Barack Obama endorsed getting the National Security Agency out of the business of bulk domestic phone records collection in March.

“This will start to look like a reasonable path forward for surveillance reform,” said a congressional aide.

Barely an hour after the judiciary committee announced its move on the USA Freedom Act, the House intelligence committee announced that it will mark up its alternative bill, the Fisa Transparency and Modernization Act, on Thursday.

“This bill directly addresses the privacy concerns many Americans have expressed over bulk collection. The bill ends bulk collection of telephone metadata and increases transparency while maintaining the tools our government needs to keep Americans and our allies safe. We believe this bill responds to the concerns many members of Congress have expressed and can be the compromise vehicle to reform Fisa while preserving important counterterrorism capabilities,” said the intelligence committee leaders, Republican Mike Rogers of Michigan and Democrat Dutch Ruppersberger of Maryland, in a joint statement on Monday.

 

Read More here

…..

A House committee has voted unanimously to rein in the NSA

Rep. Bob Goodlatte (R-Va.). (Bill O'Leary / The Washington Post)

A key House committee has approved a package of NSA reforms that would end the spy agency’s bulk collection of Americans’ phone records, nearly a year after former NSA contractor Edward Snowden disclosed the program’s existence.

The House Judiciary Committee voted 32-0 Wednesday to rein in the NSA with the USA FREEDOM Act, a measure that places new requirements on the government when it comes to gathering, targeting and searching telephone metadata for intelligence purposes.

In addition to prohibiting the NSA from engaging in what the bill’s sponsors have called “dragnet surveillance,” the bill would also require authorities to get permission from the secret Foreign Intelligence Surveillance Court on a case-by-case basis. It would establish a panel of privacy experts and other officials to serve as a public advocate at the court. And it would also give businesses more latitude to tell the public about requests it receives from the government for user data.

 

…..

Enhanced by Zemanta
About these ads

Defiant Apple, Facebook, other firms to inform public of govt surveillance requests

Published time: May 02, 2014 01:07
Edited time: May 02, 2014 06:42
Reuters / Eric Thayer

Reuters / Eric Thayer

The same technology companies that the US intelligence community has relied upon to disclose email records are now refusing to keep surveillance requests secret and informing customers when they are the subject of such requests.

In the nearly ten months since former US National Security Agency contractor Edward Snowden revealed extensive surveillance efforts on everyday Americans’ online activity, the companies that were forced to facilitate that surveillance have come under harsh public scrutiny.

The embarrassment ignited a series of comments from executives at Google and Facebook, among others, calling on the NSA and other agencies to either stop forcing them to provide the communications that customers trust them with, or allow them to be more transparent.

Now, according to a Thursday report in the Washington Post, Apple, Microsoft, Facebook, and Google have updated their policies to routinely notify customers when law enforcement has requested information about them.

Yahoo enacted such a change in July, with the Post reporting Thursday that companies “have found that investigators often drop data demands to avoid having suspects learn of inquiries.”

 

Read More Here

 

…..

Apple, Facebook, others defy authorities, notify users of secret data demands

Major U.S. technology companies have largely ended the practice of quietly complying with investigators’ demands for e-mail records and other online data, saying that users have a right to know in advance when their information is targeted for government seizure.This increasingly defiant industry stand is giving some of the tens of thousands of Americans whose Internet data gets swept into criminal investigations each year the opportunity to fight in court to prevent disclosures. Prosecutors, however, warn that tech companies may undermine cases by tipping off criminals, giving them time to destroy vital electronic evidence before it can be gathered.

Graphic

How the NSA is infiltrating private networks

Click Here to View Full Graphic Story

How the NSA is infiltrating private networks

Fueling the shift is the industry’s eagerness to distance itself from the government after last year’s disclosures about National Security Agency surveillance of online services. Apple, Microsoft, Facebook and Google all are updating their policies to expand routine notification of users about government data seizures, unless specifically gagged by a judge or other legal authority, officials at all four companies said. Yahoo announced similar changes in July.As this position becomes uniform across the industry, U.S. tech companies will ignore the instructions stamped on the fronts of subpoenas urging them not to alert subjects about data requests, industry lawyers say. Companies that already routinely notify users have found that investigators often drop data demands to avoid having suspects learn of inquiries.

“It serves to chill the unbridled, cost-free collection of data,” said Albert Gidari Jr., a partner at Perkins Coie who represents several technology companies. “And I think that’s a good thing.”

The Justice Department disagrees, saying in a statement that new industry policies threaten investigations and put potential crime victims in greater peril.

“These risks of endangering life, risking destruction of evidence, or allowing suspects to flee or intimidate witnesses are not merely hypothetical, but unfortunately routine,” department spokesman Peter Carr said, citing a case in which early disclosure put at risk a cooperative witness in a case. He declined to offer details because the case was under seal.

The changing tech company policies do not affect data requests approved by the Foreign Intelligence Surveillance Court, which are automatically kept secret by law. National security letters, which are administrative subpoenas issued by the FBI for national security investigations, also carry binding gag orders.

The government traditionally has notified people directly affected by searches and seizures — though often not immediately — when investigators entered a home or tapped a phone line. But that practice has not survived the transition into the digital world. Cellular carriers such as AT&T and Verizon typically do not tell customers when investigators collect their call data.

Many tech companies once followed a similar model of quietly cooperating with law enforcement. Courts, meanwhile, ruled that it was sufficient for the government to notify the providers of Internet services of data requests, rather than the affected customers.

Twitter, founded in 2006, became perhaps the first major tech company to routinely notify users when investigators collected data, yet few others followed at first. When the Electronic Frontier Foundation began issuing its influential “Who Has Your Back?” report in 2011 — rating companies on their privacy and transparency policies — Twitter was the only company to get a star under the category “Tell users about data demands.” Google, the next mostly highly rated, got half a star from the civil liberties group.

 

Read More Here

 

…..

Enhanced by Zemanta

NYPD Twitter campaign backfires, thousands of negative tweets

NEW YORK Wed Apr 23, 2014 3:18pm EDT

 

A pedestrian walks past a line of New York Police Department (NYPD) cars parked at Times Square in New York, October 18, 2011. REUTERS/Gary Hershorn

A pedestrian walks past a line of New York Police Department (NYPD) cars parked at Times Square in New York, October 18, 2011.

Credit: Reuters/Gary Hershorn

 

(Reuters) – A New York Police Department campaign to burnish its image via social media instead produced a flood of pictures of apparent police brutality and tweets critical of the force being shared at a rate of thousands an hour.

Police Commissioner Bill Bratton said on Wednesday he would continue and expand the NYPD Twitter campaign a day after it backfired, triggering an outpouring of negative images including police violence at New York’s Occupy Wall Street demonstrations, an NYPD officer pointing a gun at a dog, and an officer asleep in a subway car.

“The reality of policing is that oftentimes our actions are lawful, but they look awful,” Bratton told a news briefing at New York City Hall.

“Most of those photos that I looked at are old news,” said Bratton, appointed by Mayor Bill de Blasio to take over from Ray Kelly, who served for 12 years under de Blasio’s predecessor, Michael Bloomberg.

 

Read More Here

 

…..

NYPD commissioner welcomes attention from disastrous #myNYPD hashtag

FILE - In this May 1, 2012, file photo, a police lieutenant swings his baton at Occupy Wall Street activists in New York. This photo is among the many put on Twitter in response to a New York Police Department request for Twitter users to share pictures of themselves posing with police officers. The NYPD sent a tweet on Tuesday, April 22, 2014, saying it might feature the photographs on its Facebook page. The responses soon turned ugly when Occupy Wall Street tweeted a photograph of cops battling protesters with the caption

This file photo, from May 2012, shows a police lieutenant swinging his baton at Occupy Wall Street activists in New York. It was recirculated Tuesday in response to a police hashtag that went awry. (Mary Altaffer/AP)

The New York Police Department’s attempt at using social media to connect with constituents on Tuesday went…well, let’s say awry.

An initial tweet asked people to post photos of themselves with police officers along with the hashtag #myNYPD. Obviously this went poorly, because obviously it was going to go poorly, because these things can really only go poorly (we’ll get back to that in a moment). In response, people sent in lots and lots and lots and lots and lots and lots and lots and lots and lots and lots and lots of photos of New York police officers doing violent things to people. (Like the photo at the top of this post. It’s almost two years old, but thanks to the #myNYPD hashtag, it has been everywhere over the last 24 hours.)

William J. Bratton, the police commissioner, said he isn’t too bothered by the reaction:

“I kind of welcome the attention,” Bratton said Wednesday as the negative tweets kept coming nearly 24 hours after cops invited the cyber-submissions….

“Most of the pictures I looked at, they’re old news,” Bratton said, tossing previous NYPD administrations under the patrol car. “They’ve been out there for a long time.”

Read More Here

 

…..

 

Enhanced by Zemanta

 Bloomberg

NSA Said to Exploit Heartbleed Bug for Intelligence for Years

The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The agency’s reported decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts. The NSA, after declining to comment on the report, subsequently denied that it was aware of Heartbleed until the vulnerability was made public by a private security report earlier this month.

“Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong,” according to an e-mailed statement from the Office of the Director of National Intelligence.
Heartbleed appears to be one of the biggest flaws in the Internet’s history, affecting the basic security of as many as two-thirds of the world’s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. (CSCO) to Juniper Networks Inc. to provide patches for their systems.

Photographer: Paul J. Richards/AFP/Getty Images

A computer workstation bears the National Security Agency (NSA) logo inside the Threat… Read More

Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.

Controversial Practice

“It flies in the face of the agency’s comments that defense comes first,” said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer. “They are going to be completely shredded by the computer security community for this.”

Experts say the search for flaws is central to NSA’s mission, though the practice is controversial. A presidential board reviewing the NSA’s activities after Edward Snowden’s leaks recommended the agency halt the stockpiling of software vulnerabilities.

 

 Read More Here

 

Related:

…..

Forbes

Larry Magid Contributor

NSA Denies Report It Knew About And Exploited Heartbleed For Years

Updated with NSA denial

Bloomberg is reporting that the National Security Agency knew about the Heartbleed flaw for at least two years and “regularly used it to gather critical intelligence,” according to two sources.

NSA denial

The NSA has denied the Bloomberg report. “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong. The Federal government was not aware of the recently identified vulnerability in OpenSSL until it was made public in a private sector cybersecurity report,” according to a blog post from the Office of the Director of National Intelligence.

NSA also tweets a denial

If the Bloomberg story is true, it would be a major bombshell that is certain to add fuel to the already contentious debate about the NSA’s role in surveillance. Last year it was reported that the NSA paid security firm RSA $10 million to intentionally weaken an encryption algorithm and had circumvented or cracked other encryption schemes. Reuters recently reported that “NSA infiltrated RSA security more deeply than thought.”

Bloomberg said that the NSA was able to use the Heartbleed flaw to obtain passwords and other user data.

Is NSA making us less secure?

 

Read More Here

…..

 

Edward J. Snowden, the N.S.A. leaker, speaking to European officials via videoconference last week. Credit Frederick Florin/Agence France-Presse — Getty Images

WASHINGTON — Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday.

But Mr. Obama carved a broad exception for “a clear national security or law enforcement need,” the officials said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons.

The White House has never publicly detailed Mr. Obama’s decision, which he made in January as he began a three-month review of recommendations by a presidential advisory committee on what to do in response to recent disclosures about the National Security Agency.

But elements of the decision became evident on Friday, when the White House denied that it had any prior knowledge of the Heartbleed bug, a newly known hole in Internet security that sent Americans scrambling last week to change their online passwords. The White House statement said that when such flaws are discovered, there is now a “bias” in the government to share that knowledge with computer and software manufacturers so a remedy can be created and distributed to industry and consumers.

Caitlin Hayden, the spokeswoman for the National Security Council, said the review of the recommendations was now complete, and it had resulted in a “reinvigorated” process to weigh the value of disclosure when a security flaw is discovered, against the value of keeping the discovery secret for later use by the intelligence community.

“This process is biased toward responsibly disclosing such vulnerabilities,” she said.

Until now, the White House has declined to say what action Mr. Obama had taken on this recommendation of the president’s advisory committee, whose report is better known for its determination that the government get out of the business of collecting bulk telephone data about the calls made by every American. Mr. Obama announced last month that he would end the bulk collection, and leave the data in the hands of telecommunications companies, with a procedure for the government to obtain it with court orders when needed.

But while the surveillance recommendations were noteworthy, inside the intelligence agencies other recommendations, concerning encryption and cyber operations, set off a roaring debate with echoes of the Cold War battles that dominated Washington a half-century ago.

One recommendation urged the N.S.A. to get out of the business of weakening commercial encryption systems or trying to build in “back doors” that would make it far easier for the agency to crack the communications of America’s adversaries. Tempting as it was to create easy ways to break codes — the reason the N.S.A. was established by Harry S. Truman 62 years ago — the committee concluded that the practice would undercut trust in American software and hardware products. In recent months, Silicon Valley companies have urged the United States to abandon such practices, while Germany and Brazil, among other nations, have said they were considering shunning American-made equipment and software. Their motives were hardly pure: Foreign companies see the N.S.A. disclosures as a way to bar American competitors.

 

Read More Here

…..

 

Enhanced by Zemanta

Who’s to blame for ‘catastrophic’ Heartbleed Bug?

By , Network World
April 10, 2014 12:22 PM ET

Network World – The Heartbleed Bug, basically a flaw in OpenSSL that would let savvy attackers eavesdrop on Web, e-mail and some VPN communications that use OpenSSL, has sent companies scurrying to patch servers and change digital encryption certificates and users to change their passwords. But who’s to blame for this flaw in the open-source protocol that some say also could impact routers and even mobile devices as well?

A German software engineer named Robin Seggelmann of Munster, Germany has reportedly accepted responsibility for inserting what experts are calling a mistake of catastrophic proportions into the open-source protocol OpenSSL used by millions of websites and servers, leaving them open to stealing data and passwords that many think has already been exploited by cyber-criminals and government intelligence agencies.

“Half a million websites are vulnerable, including my own,” wrote security expert Bruce Schneier in his blog, pointing to a tool to test for the Heartbleed Bug vulnerability. He described Heartbleed as a “catastrophic bug” in OpenSSL because it “allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.” It compromises secret keys used to identify service providers and encrypt traffic, he pointed out. “This means anything in memory—SSL private keys, user keys, anything—is vulnerable.”

+More on Network World: The Heartbleed Bug: How to keep your info safe | The worst data breaches of 2014…so far (Q1)+

The Heartbleed Bug was discovered by security analysts from Google and Codenomicon and disclosed by the OpenSSL open-source group on April 7 as an OpenSSL Advisory and a fix prepared by OpenSSL open-source contributors Adam Langley and Bodo Miller. Across the world, companies and vendors have been scrambling to either patch their systems or assure users that their services weren’t using OpenSSL.

Microsoft for example, issued an advisory that “Microsoft Azure Web Sites, Microsoft Azure Pack Web Sites and Microsoft Azure Web Roles do not use OpenSSL to terminate SSL connections. Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.”

But Microsoft added, “However, if you are using Microsoft Azure’s IaaS to host linux images, then you should make sure that your OpenSSL implementation is not vulnerable.”

Twitter also said its services weren’t impacted by Heartbleed. However, websites including Yahoo Mail, Yahoo Messenger and others were impacted. As news stories about the Heartbleed Bug filled the news, there was widespread concern and bewilderment in the general public, and it wasn’t uncommon to hear the problem described by people as a computer virus, rather than a software flaw.

 

Read More Here

Enhanced by Zemanta

 

Internet users told to change ALL passwords in security alert over ‘catastrophic’ Heartbleed bug

  • Online security breach is described as ‘catastrophic’
  • Alert is result of internet bug Heartbleed being uncovered
  • Heartbleed is able to bypass websites’ security measures to access passwords and personal information

By Rebecca Evans and Tania Steere

Internet users have been warned to change all their computer and phone passwords following what could be a ‘catastrophic’ security breach.

Major technology firms have urged the public to immediately update their online security.

The alert is the result of the discovery of an internet bug called ‘Heartbleed’, which is able to bypass computer security settings.

LastPass Heartbleed Checker warns if a website may be at risk. It also reveals websites that aren't affected

LastPass Heartbleed Checker warns if a website may be at risk. It also reveals websites that aren’t affected

 

HOW TO BEAT THE BUG

If a password is in any dictionary in any language then it will take just three minutes to crack, warned computer expert Tony McDowell.

The worst passwords are the likes of ‘password’, ‘123456’, ‘qwerty’, or your child’s name. Using the same password for every site can leave you even more vulnerable to hackers, he added.

His advice is to use a phrase rather than a word. For example, use ‘nameisabella’ rather than just ‘Isabella’ – and use a mixture of letters and numbers.

A password of ‘name!saBe1la’ would take a year to crack, said Mr McDowell, managing director of Encription Ltd.

‘Most hackers give up after 24 hours unless it is something they really want to gain access to,’ he added.

WHICH MAJOR SITES ARE AT RISK?

Potentially vulnerable sites:

Facebook, Twitter, Tumblr, Instagram, Google, Gmail, Lloyds TSB, Nationwide, Santander

Safe sites:

Bing, Yahoo, Flickr, LastPass, DuckDuck Go, Natwest, GitHub

The tool is a guide to affected services; it is not a definitive list.

Sites listed as vulnerable may use unreported servers, meaning their status can’t be officially verified.

As a result, personal information such as passwords and credit card details has been accessible.

 

Read More Here

 

…..

Heartbleed test

 

……

Enhanced by Zemanta

Government Claims EFF’s Lawsuits Don’t Cover Ongoing Surveillance – Raising Fears Key Documents May Have Been Destroyed

UPDATE: Judge White today continued his temporary restraining order in these two cases until a more permanent order could be put in place. The question of whether the government improperly destroyed evidence so far will be briefed over the next several weeks.

San Francisco – The Electronic Frontier Foundation (EFF) will fight disturbing new government claims in an emergency court hearing Wednesday – claims that may imply records documenting ongoing government surveillance have been destroyed despite a judge’s order.

Over the last several weeks, EFF has been battling to ensure that evidence of the NSA surveillance program will be preserved as part of its two cases challenging the illegal government spying: Jewel v. NSA and First Unitarian Church of Los Angeles v. NSA. But in a court filing late Monday, the government made shocking new assertions, arguing that its obligation to preserve evidence was limited to aspects of the original Bush-era spying program, which the government contends ended eight years ago with a transition to FISA court orders.

“This argument simply does not make sense. EFF has been demanding an injunction to stop this illegal spying program, regardless of the government’s shifting justifications,” said EFF Legal Director Cindy Cohn, who will argue in front of U.S. District Court Judge Jeffrey S. White at the hearing Wednesday. “But these government claims aren’t just nonsensical – they are extremely worrisome and dangerous. The government is suggesting it may have destroyed years’ worth of evidence about its illegal spying, justified by its own secret interpretation of our case. This is about more than just phone records; it’s about evidence concerning all of the government’s spying. EFF is asking the court for a full accounting of just what is going on here, and it’s time for the government to come clean.”

Read More Here

 

Enhanced by Zemanta

 photo facebook-nsaspying_zpsd164f9c0.png

Desert Rose Creations  (C)  2014

…..

Snowden Docs Expose How the NSA “Infects” Millions of Computers, Impersonates Facebook Server

democracynow democracynow

Guests

Ryan Gallagher, reporter for The Intercept.

New disclosures from Edward Snowden show the NSA is massively expanding its computer hacking worldwide. Software that automatically hacks into computers — known as malware “implants” — had previously been kept to just a few hundred targets. But the news website The Intercept reports that the NSA is spreading the software to millions of computers under an automated system codenamed “Turbine.” The Intercept has also revealed the NSA has masqueraded as a fake Facebook server to infect a target’s computer and exfiltrate files from a hard drive. We are joined by The Intercept reporter Ryan Gallagher.

Transcript

This is a rush transcript. Copy may not be in its final form.

AMY GOODMAN: We turn now to our last segment, the latest on leaks from Edward Snowden. TheIntercept.org reported last week the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The Intercept also revealed the NSA has masqueraded as a fake Facebook server to infect a target’s computer and exfiltrate files from a hard drive.

Joining us now is Ryan Gallagher from The Intercept, co-wrote the piece, “[How] the NSA Plans to Infect ‘Millions’ of Computers with Malware.” Explain, Ryan.

RYAN GALLAGHER: Hi, Amy. Yeah, and the story we wrote last week, really, the key thing about it is the extent to which these techniques have really rapidly escalated in the last decade. And what we can see and what we reported was that, since about 2004, the National Security Agency has expanded the use of what it calls these “implants,” which are sort of malicious software implants within computers and computer networks, and even phone networks, to basically steal data from those systems. About 10 years ago, they had, they say, about a hundred and a hundred and—between a hundred and 150 of these implants, but within the last decade that expanded to an estimated 100,000, in some reports, and they’re building a system to be capable of deploying “millions,” in their own words, of these implants.

AMY GOODMAN: The revelation around the issue of Facebook has led Facebook founder Mark Zuckerberg to call President Obama on Wednesday and demand an explanation. He later wrote in a blog post, quote, “I’ve been so confused and frustrated by the repeated reports of the behavior of the US government. When our engineers work tirelessly to improve security, we imagine we’re protecting you against criminals, not our own government.”

RYAN GALLAGHER: Yeah, and Mark Zuckerberg was definitely very agitated, we think, about the report and seems to have got on the phone to Obama. And interestingly, the NSA later issued a—actually claimed that they hadn’t impersonated U.S. websites. However, their own documents actually say that they pretended to be the Facebook server for this particular surveillance technique, so their denial sort of doesn’t really hold up to scrutiny when compared with their own documents. And there’s a bit of sort of a—you know, there’s questions to be asked about that.

Read More Here

Enhanced by Zemanta

FULL: Edward Snowden and ACLU at SXSW

T Bert·

 

 

Published on Mar 10, 2014

Edward Snowden speaks about privacy and technology with the ACLU’s Ben Wizner and Christopher Soghoian at SXSW Interactive. -Links are below-

http://washingtonexaminer.com/edward-…

https://www.aclu.org/

https://www.aclu.org/time-rein-survei… – Main “Time to Rein in the Surveillance State
https://www.aclu.org/time-rein-survei… – Patriot Act Info
https://www.aclu.org/time-rein-survei… – FISA Amendments
https://www.aclu.org/time-rein-survei… – FISA Court Info

Edward Snowden warns of personal data vulnerability

The former NSA contractor takes part in a video conference at the South by Southwest tech event in Texas and answers questions via Twitter to an enthusiastic audience.

Edward Snowden

Former National Security Agency contractor Edward Snowden speaks remotely to the South by Southwest Interactive conference in Austin, Texas, superimposed over an image of the Constitution. (Spencer Bakalar / Los Angeles Times / March 10, 2014)

AUSTIN, Texas — Edward Snowden brought no bombshells when he arrived to an excited round of applause Monday, his stubbled face relaxed as it was beamed in from across the continents for a “virtual conversation” about the vulnerability of personal data. His presence was event enough.

Public appearances by the former National Security Agency contractor and U.S. exile are rare, and this one was beamed in from an undisclosed location in Russia via several online proxies for his own security, a bit of technological cloak-and-dagger that could only add to his mystique for the three roomfuls of international tech specialists struggling to hear his words in video that was choppy and often inaudible.

His message still got through: Personal information is vulnerable not only to government prying but to growing numbers of outside infiltrators because companies have failed to adequately protect the data of their customers. His own exile after leaking to reporters secret information he had gathered while an NSA consultant has made him a central figure in that conversation, and he says he has no regrets.

“Would I do it again? Absolutely,” Snowden said into the camera, in response to one of several questions submitted to him via Twitter (#AskSnowden) and screened backstage at the South by Southwest Interactive conference. “I took an oath to support and defend the Constitution. And I saw the Constitution was being violated on a massive scale.”

He warned, “If we allow the NSA to continue unrestrained, every other government will accept that as a green light to do the same.”

The chosen Twitter questions were notably nonconfrontational for a figure often the subject of heated debate even among supporters. One asked whether the mass surveillance was driven by privatization. Another wondered about the potential for society to “reap benefits” from the “big data.” None asked about his life in Russia, or what further revelations might be coming.

The first question came from Timothy John Berners-Lee, a British scientist known as the inventor of the World Wide Web, who asked Snowden how he would create an accountability system for governance.

Read More Here

 

…..

Edward Snowden discusses NSA leaks at SXSW: ‘I would do it again’

• Whistleblower patches in to Texas conference from Russia
• Snowden insists leaks have strengthened national security

Edward Snowden, the NSA whistleblower whose unprecedented leak of top-secret documents led to a worldwide debate about the nature of surveillance, insisted on Monday that his actions had improved the national security of the United States rather than undermined it, and declared that he would do it all again despite the personal sacrifices he had endured.

In remarks to the SXSW culture and technology conference in Texas, delivered by video link from his exile in Russia, Snowden took issue with claims by senior officials that he had placed the US in danger. He also rejected as demonstrably false the suggestions by some members of Congress that his files had found their way into the hands of the intelligence agencies of China or Russia.

Snowden spoke against the backdrop of an image of the US constitution, which he said he had taken an oath to protect but had seen “violated on a mass scale” while working for the US government. He accepted praise from Sir Tim Berners-Lee, the inventor of the world wide web, accorded the first question via Twitter, who described him as “acting profoundly in the public interest”.

The session provided a rare and extensive glimpse into the thoughts of Snowden, granted temporary asylum by Russia after the US revoked his passport. He struck back strongly against claims made again last week by the NSA director, General Keith Alexander, that his release of secret documents to the Guardian and other outlets last year had weakened American cyber-defences.

“These things are improving national security, these are improving the communications not just of Americans, but everyone in the world,” Snowden said. “Because we rely on the same standard, we rely on the ability to trust our communications, and without that, we don’t have anything.”

He added later that thanks to the more secure communication activity that had been encouraged by his disclosures, “the public has benefited, the government has benefited, and every society in the world has benefited”.

 

Read More Here

 

…..

Enhanced by Zemanta

 

 

PC World

mt gox bitcoin protestTim Hornyak

 

 

 

Hackers attacked the personal blog of Mt. Gox CEO Mark Karpeles on Sunday and posted what they claim is a ledger showing a balance of some 950,000 bitcoins based on records they obtained from the defunct exchange for the virtual currency.

They said the sum contradicts Mt. Gox’s claim in a Japanese bankruptcy protection filing Feb. 28 that it had lost about 850,000 bitcoins.

Neither Karpeles nor Mt. Gox officials could immediately be reached to verify the claims.

Karpeles has maintained a low profile since the filing in Tokyo District Court. Mt. Gox, which pulled the plug on its website three days before the court filing, had announced that about 750,000 customer bitcoins it held are missing along with 100,000 of its own bitcoins and $27.3 million in customer deposits.

Karpeles’ blog was titled “Magical Tux in Japan—Geekness brought me to Japan!” Karpeles, who is French, often used the nickname “MagicalTux” when posting on public message or chat forums. His blog went offline on Sunday shortly after it was attacked.

mt. gox ceo blog
A screenshot of Karpeles’ hacked blog. (Click to enlarge; strong language.)

Karpeles did not immediately answer a query sent to his personal email address.

The attackers claim to have obtained database records containing transaction details from Mt. Gox. They wrote they purposely withheld users’ personal data. Mt. Gox had as many as 1 million customers as of December.

The data included a screenshot of what appears to be an internal SQL database administration tool, Karpeles’ CV and a Windows executable called “TibanneBackOffice,” among many others. Mt. Gox is a subsidiary of Tibanne, a company owned by Karpeles.

The release of the data adds to the mysterious circumstances around Mt. Gox, which at one time was the largest exchange for buying and selling bitcoin.

Mt. Gox’s demise has enraged its out-of-pocket customers as efforts continue to derive clues from bitcoin’s public ledger, called the blockchain, that might indicate the fate of its virtual currency holdings.

 

Read More Here

 

Enhanced by Zemanta
Follow

Get every new post delivered to your Inbox.

Join 1,572 other followers