A User Data Control and Freedom Manifesto

In a post entitled Security in a Post-PRISM World in eWeek today
by Sean Michael Kerner there’s an interesting Manifesto by Frank Karlitschek:

User Data Manifesto

Going a step further, Karlitschek has proposed what he is calling the “User Data Manifesto,” which outlines the characteristics that should apply to user data. “If I take a photo, it should be my photo,” Karlitschek said. The full User Data Manifesto includes eight key points:
1. Own the data
The data that someone directly or indirectly creates belongs to the person who created it.
2.Know where the data is stored
Everybody should be able to know where their personal data is physically stored, for how long, on which server, in what country and what laws apply.
3. Choose the storage location
Everybody should always be able to migrate their personal data to a different provider, server or their own machine at any time without being locked in to a specific vendor.
4. Control access
Everybody should be able to know, choose and control who has access to their own data to see or modify it.
5. Choose the conditions
If someone chooses to share their own data, then the owner of the data selects the sharing license and conditions.
6. Invulnerability of data
Everybody should be able to protect their own data against surveillance and to federate their own data for backups to prevent data loss or for any other reason.
7. Use it optimally
Everybody should be able to access and use their own data at all times with any device they choose and in the most convenient and easiest way for them.
8. Server software transparency
Server software should be free and open-source software so that the source code of the software can be inspected to confirm that it works as specified.

The Comment I Tried to Post on eWeek

Good stuff! I heartily support the Manifesto.

The NSA’s recent crackdown on itself makes it clear that it has no intention of scaling back its operations. It also clearly will continue to ignore and even flout its overseers and regulators. Thus, the FISA court is irrelevant and just a distraction.

President Obama has offered to make us “feel more comfortable” about the NSA’s total surveillance state. Another NOOP.

For those of use who would like to regain things like Democracy, Capitalism, and Justice (as in the system that allows for a defense)… and we must realize that these things can no longer exist thanks to the NSA… the only thing that will bring change is what most Americans loathe: taking action.

The Government is big, and it may appear resistance is futile, but there are those who have resisted, and they live. We outnumber those trying to saddle us with this total surveillance state. Take heart. Have no fear. Resist. Take action.

– Rex (w/ tip o’ the hat to “We Are Hugh”)

Lamestream NSA Coverup?

Sometimes the Lamestream Media seem overly complicit with political leadership. It’s not their job, so they should really stop it! The power, money, fame, just aren’t worth it. Hey, are you still reading?

Lately there have been lame analyses of the situation with the NSA in the wake of the Snowden disclosures. Fussing about the FISA court, to be particular.

If there’s one thing we’ve learned in the past few months, it’s that the NSA, by their own admission blatantly ignores the direction of the FISA court. The NSA is rampantly out-of-control, operating in a no-man’s land of their own creation that is lawless and without bounds (other than funding, of course, which doesn’t seem to be much of a limitation at present).

So it is that you don’t have to stay too far on top of this story for it to be obvious that the Lamestream is either totally incompetent or complicit. Which is it? What are we to believe under the circumstances.

In today’s New York Times blog Public Editor’s Journal, in a piece entitled “Guardian Story on Israel and N.S.A. Is Not ‘Surprising’ Enough to Cover“, Margaret Sullivan mentions that it was “good to see The Times getting more fully involved” [in the stories related to the Snowden NSA disclosures]. See also Decision to Publish Against Government Request Was ‘Not a Particularly Anguished One’.

In today’s piece, Sullivan relates how she exchanged email with Managing Editor, Dean Baquet asking why the times wasn’t covering the story about NSA’s connection with Israel. Baquet responded, she says, “I didn’t think it was a significant or surprising story”, and “I think the more energy we put into chasing the small ones, the less time we have to break our own. Not to mention cover the turmoil in Syria.”

Ms. Sullivan then asked her editor “… was this essentially a question of reporting resources?” to which Baquet responded “I’d say resources and news judgment”.

That news judgment practically puts Baquet in bed with the NSA, particularly considering the interest of Times readership in matters involving Israel.

But I digress by citing an example. The point here is that the NSA has, by its’ own admission, and as documented by itself in the Snowden disclosures, made clear that they seem themselves as above the law. They have no intention of abiding by the dictates of the FISA court, the Congress, Senate, or White House. In addition, the NSA clearly has gone to some length to spread disinformation about what they’re doing, as well as the scope of what they do.

With so much disinformation and false information swirling around, it would seem prudent to stick to what’s in the NSA’s own documentation, disclosed by Snowden. We can safely assume that, as with any large organization, those documents have been watered down and sanitized, and the truth is probably far worse than even the leaked documents suggest.

NSA: Invasiveness of Domestic Spying is Total; Absolute


http://daypage.net/ar/DayPage~2013-09-06~How_Deeply_NSA_Gets_Up_Your_Stuff.mp3

This is the DayPage I broadcast this morning on Radio InfoWeb

Just How Far the NSA Gets Into Your Stuff

DayPage 09/06/2013

DayPage – I’m Rex Latchford… more leakage from the NSA’s exiled contractor Edward Snowden. Published in the NY Times and the Guardian. The extent to which the Government has broken encryption methods used routinely on the Internet, and devised how to do so in real time has been known for some time by many, but as with previous revelations, the NSA’s own documents are more convincing to skeptics and provide some previously only suspected detail.

The entire list of how the details of NSA’s cryptanalysis for snooping Internet and other electronic data has been published by The Guardian’s website, theguardian.com, as images of documents marked “Top Secret”.

The Guardian writes:

The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments. The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.

Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves. Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.

Suggesting how to deal with this new information, and the new world of Total Global Surveillance in which we find ourselves, the Guardian writes:

The primary way the NSA eavesdrops on internet communications is in the network. That’s where their capabilities best scale. They have invested in enormous programs to automatically collect and analyze network traffic. Anything that requires them to attack individual endpoint computers is significantly more costly and risky for them, and they will do those things carefully and sparingly.
Leveraging its secret agreements with telecommunications companies – all the US and UK ones, and many other “partners” around the world – the NSA gets access to the communications trunks that move internet traffic. In cases where it doesn’t have that sort of friendly access, it does its best to surreptitiously monitor communications channels: tapping undersea cables, intercepting satellite communications, and so on.

That’s an enormous amount of data, and the NSA has equivalently enormous capabilities to quickly sift through it all, looking for interesting traffic. “Interesting” can be defined in many ways: by the source, the destination, the content, the individuals involved, and so on. This data is funneled into the vast NSA system for future analysis. The NSA collects much more metadata about internet traffic: who is talking to whom, when, how much, and by what mode of communication. Metadata is a lot easier to store and analyze than content. It can be extremely personal to the individual, and is enormously valuable intelligence.

The NSA also devotes considerable resources to attacking endpoint computers. This kind of thing is done by its TAO – Tailored Access Operations – group. TAO has a menu of exploits it can serve up against your computer – whether you’re running Windows, Mac OS, Linux, iOS, or something else – and a variety of tricks to get them on to your computer. Your anti-virus software won’t detect them, and you’d have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.

That’s it for today’s DayPage, and there will be more in future DayPages. All monitored, of course, by the NSA. Daypage is produced by Peter Patriot. The Producer is Minka Bito. It’s a production of radio infoweb. [REDACTED] …even though nothing is safe. We’ll see you on the next DayPage…

How NSA Has Harmed the US Economy

Reports from various sources on the Internet indicate that Snowden documents show the U.S. was spying on China using a server located in China, and possibly via “back doors” in U.S. manufactured telcom equipment purchased by the Chinese for their own use.

China’s response is to rid itself of U.S. telcom providers and U.S. manufactured telecom equipment as quickly as possible, replacing it with either Chinese-built equipment, or, if that’s not possible, equipment built in Europe. The big loser? U.S. telcom equipment providers and the U.S. economy.

Estimates are circulating that the cost of NSA snooping to U.S.-based cloud computing companies could be $21.5 to $35 billion in worldwide contracts over the next three years. Non-U.S. companies are executing a cut-and-run strategy, scared away by the knowledge that the NSA has in place total surveillance of U.S. based servers and telecom infrastructure.

An ITIF (Information Technology & Innovation Foundation) report says 36 percent of U.S. residents surveyed said the NSA leaks have made it more difficult for them to “do business outside the United States”. The report found that Europeans are trying to edge out their American competitors, and are enlisting their governments in this effort. Even before the recent spying revelations, governments in France and Germany were advocating national cloud efforts to counteract concerns that the U.S. Patriot Act could compromise the security of data stored by U.S. companies. France’s second largest carrier, NFR, rounded up $300 million to invest in a French competitor to Amazon. A German minister’s call for a boycott of U.S. cloud companies has been reported.

The only hope for U.S. based companies may be the information coming out about other countries spying habits. If total surveillance is seen as a problem afflicting most governments, competition might be less affected.

Here are some related reports from across the web:

At Last, Illegal Government Surveillance Story Gets Legs

[Text of VO for audio below] “It’s out”, as the BBC has put it. That’s an odd thing for me as I’ve been reporting on this for several years now. So,it feels just a little bit CREEPY that suddenly this story is “out” at this late, late date. It smells of disinformation or psyops. Not to mention politics. So, I’ll step away and let the BBC tell us what they say know at this time… (Monday morning, June 10th).


Play Audio
Play http://daypage.net/ar/DayPage~2013-06-10~Snowden_Outs_Self_-Long-.mp3

[BBC story treatment…]
An interesting angle on this story was reported by Amy Goodman on Democracy Now! this past Friday… details of a project named “Prism”, here’s a clip from her news program; edited for brevity… despite that, it does go on for about 12 minutes…

[Amy Goodman clip with Glenn Greenwald]

Well, as I’ve said, I’ve been reporting for some time about how the NSA is collecting EVERYTHING: EVERYTHING, as an outgrowth and expansion of it’s Office of Total Information Awareness. The information is being stored at a growing number of sites. Like the nations’ garbage dumps, the NSA’s collection of “everything” is growing as fast as they can build giant sites — like the one that just opened in Utah — to hold it.

[Credits]

Clips from the BBC and Democracy Now! were edited for time, and for today, that’s DayPage, a morning segment from Radio InfoWeb’s main stream. Listen to the awesomeness of Radio InfoWeb at http://radio.infoweb.net. Email us [listen to audio for email address], call us and tell us in your own voice how you feel about this. Text us. That number is: [listen to audio for phone number]. Facebook us: facebook.com/radioinfoweb – tumblr us at radioinfoweb.tumblr.com – we tweet @radioinfoweb – once again that number is [listen to audio for phone number – it’s not on the web so put that in your contact book. I’ll be back tomorrow with ANOTHER DayPage.

NSA Snoops Verizon? That’s All? Not.

Huh? The “news” that the NSA is collecting domestic call data from Verizon is disturbing? How retarded has the press become?


Play Audio
Play http://daypage.net/ar/DayPage~2013-06-07~24hrs_into_Snowden_Revelations.mp3

So, what kind of psyop is this? This feigned outrage about this one small incident among the literally tens and hundreds of thousands of other incidents of the government overreaching in its illegal surveillance of innocent citizens. It would appear that it’s an effort to downplay the extent of illegal surveillance to the remaining few ( less than 5% according to recent polls) who have blind faith in government.

Will the whole thing implode? It just might. There does seem to be a bi-partisan stirring over overall discontent with the ever growing degree of illicit domestic surveillance. But that’s not surprising. What’s surprising is just how far this whole thing has gotten.

Don’t forget, dear reader, these are YOUR dollars that are being spent to spy on you. As long as you’re OK with spending that money on having the government spy on you, they’ll continue to spend it.

Perhaps I’m missing something. Are you so taken with your reflection in the mirror, the primping and posturing and posting on Facebook, that you are flattered by being spied on? If so… how sad.

 

Cell Phone Google Maps + Drone = You’re Owned

Welcome to Remedial Math 101

I’m looking at Google Maps. There’s a red pin on it. It shows where a Radio InfoWeb Listener is located. It shows a white pickup truck where a man is relaxing and listening on his Blackberry. This kind of tracking is now simple, automatic, and happens, perhaps, millions of times per second. It requires no more than an Internet connection and a web browser. The question is, is this acceptable?

Satellite View of Man In Truck Identified By Internet Protocols and Common Web Tools

A man listening to an Internet Radio Station with a Blackberry is identified and located instantly via commonly available tools.

How was this done? Instantly and automatically. When the man’s phone contacted the audio server, it’s IP address became known, because it’s necessary to direct the audio stream to the stream player. When the IP Address is provided to Google, the telcom provider can be determined because IP addresses are issued in blocks (“NETBLKS”) to specific provider. The provider is then queried, and it instantly provides coordinates for the IP from its moble network. The cell tower providing the connection to the user’s phone has a multi-antenna array that allows it to geo-locate the source of the signal by comparing the phase relationships of the signal as it is received at each of the antennas.

The fact that it’s a Blackberry phone is known because the phone identifies itself when establishes the audio stream. The man may not be aware of many of these factors:

  • That his telcom providers rats out his coordinates; perhaps even if he has expressly requested it not to
  • That his phone rats itself out to the stream provider
  • That cell towers triangulate his exact location
  • That cookies are not involved
  • That once you’re identified by an IP address, you’re associated with tons of tracking data that has been accumulated over time

The bottom line is, when you carry a cellular device that’s turned on, you may as well have a big target painted on your back, and another on the top of your head. You’ve been made. In real time. And as the title implies, you could be targeted by a drone, whether operated by the government, business, or criminal. In this surveillance society, it is becoming increasingly difficult to differentiate from the three when it comes to your personal security and safety.

 

Six Strikes – The Details

This blog entry is being actively updated. Check back if this is of interest to you!

This week and last week, “Six Strikes” (the “Copyright Alert System”) went into effect with the “big five ISP’s”: AT&T, Verizon, Time Warner, Cablevision and Comcast. It’s the latest plan-of-action for the folks in Hollywood and elsewhere who have been trying to curb piracy without much success. Until recently, the Big Club was used: Lawyers and lawsuits. Now, instead of the “big stick”, a “small twig” is being used. But it’s very insidious. The plan follows the playbook of the U.S. Government: Pay the telecom companies to turn over their customer usage information, and have them act as cops on your behalf (also for a fee).

Here is the promotional video describing the program. If you like having your intelligence insulted, you’ll LOVE this! The video glosses over many of the disturbing aspects of the program.

The Warning Letters

So far, few details have emerged about how Six Strikes will be implemented. However, ARS Technica has obtained copies of the 1st, 2nd, 4th, and 5th letters Comcast says they will send out. Read more in their excellent article on the subject. The Comcast letter are extremely vague, and do not provide any identifying information about what the recipient is accused of sharing.

For users of peer-to-peer networks, the impact seems to be as follows. Seeders will be targeted and leechers, for now, apparently, will be left alone. This strategy seems to be oriented toward demoralizing (pun intended) the bit torrent folks without getting punitive toward leechers (which would cause an uproar).

In fact, the whole Six Strikes effort seems focused entirely at bit torrent users, and seeders as a subset. The detection mechanism appears to be infiltration of bit-torrents, enabling the “police” to join torrents and then extract IPs of seeders. The “police” would then notify the ISP, and leave it up to the ISP.

First Regular “Day Page” – Real ID in the Surveillance Society

If you’ve noticed I’ve been “away”… you’re right. I’ve returned to a regular radio schedule on KXP1-FM and Radio InfoWeb. There are a number of interesting stories in the hopper that should appear soon, however, this new audio podcast/segment should help fill the gap, and you can listen in right here!

Referenced in this podcast:

511campaign.org

BTW – Day Page is CC Licensed – you’re free to broadcast or distribute this podcast as long as you let me know. Send an email telling me how you’re using it at “radio at infoweb daht net” where “daht” is a “dot” of course.

 

New Facebook App Monitors Your Phone Calls

The newest Facebook app (for Android), out today, will monitor phone call state and caller identity information. It will, of course, report the same back to Facebook. That’s if you accept installation of the app.

Presumably, the Apple iPhone and iPad counterparts will do the same; the difference being that users won’t be notified… the added surveillance privileges afforded to the app by the operating system will be granted silently.

Other privacy invading features the newest Facebook app has that you may not like? It can record audio and video, and take pictures, without your knowledge.

On Android devices, it’s easy to see what capabilities an app has. The problem is, you, as the user, don’t have granular control over these capabilities. It’s all or nothing. If you don’t like the privacy implications of the app, you must either accept them, or remove the app from your device. There’s no middle-ground.

Apple iOS devices also lack granularity, with the exception of location services. Worse, it’s difficult to impossible to determine what security permissions are granted to a particular app.

It’s important to note that, even if you trust the app AND the app provider, there is always the possibility that a third party will find a way to hi-jack the app for their own nefarious uses. This famously occurred last year with Skype where it was widely reported that governments, businesses, and criminals were using spy software developed by a firm in Italy that allowed surreptitious use of the microphone and camera on devices used by surveillance targets.