Tim Berners-Lee gives a speech on April 18, 2012 at the World Wide Web international conference (AFP)
The British inventor of
the World Wide Web warned on Saturday that the freedom of the internet
is under threat by governments and corporations interested in
controlling the web.
Tim Berners-Lee, a computer scientist who invented the web 25 years
ago, called for a bill of rights that would guarantee the independence
of the internet and ensure users’ privacy.
“If a company can control your access to the internet, if they can
control which websites they go to, then they have tremendous control
over your life,” Berners-Lee said at the London “Web We Want” festival
on the future of the internet.
“If a Government can block you going to, for example, the
opposition’s political pages, then they can give you a blinkered view of
reality to keep themselves in power.”
“Suddenly the power to abuse the open internet has become so tempting both for government and big companies.”
Berners-Lee, 59, is director of the World Wide Web Consortium, a body
which develops guidelines for the development of the internet.
He called for an internet version of the “Magna Carta”, the 13th
century English charter credited with guaranteeing basic rights and
freedoms.
Concerns over privacy and freedom on the internet have increased in
the wake of the revelation of mass government monitoring of online
activity following leaks by former US intelligence contractor Edward
Snowden.
A ruling by the European Union to allow individuals to ask search
engines such as Google to remove links to information about them, called
the “right to be forgotten”, has also raised concerns over the
potential for censorship.
“There have been lots of times that it has been abused, so now the
Magna Carta is about saying…I want a web where I’m not spied on, where
there’s no censorship,” Berners-Lee said.
The scientist added that in order to be a “neutral medium”, the
internet had to reflect all of humanity, including “some ghastly stuff”.
“Now some things are of course just illegal, child pornography,
fraud, telling someone how to rob a bank, that’s illegal before the web
and it’s illegal after the web,” Berners-Lee added.
After more than three months in captivity,
Turkish intelligence agents brought dozens of hostages abducted by ISIS
militants in northern Iraq back to Turkey, in what President Tayyip
Erdogan described as a covert rescue operation.
Security sources told Reuters
the hostages were released overnight in the town of Tel Abyad on the
Syrian side of the border with Turkey after being transferred from the
ISIS stronghold in Raqqa.
Turkey did not release details about the rescue operation or
clarify in what ways the hostages were released or rescued, but noted
that through a source, the intelligence agency was able to track the hostages as they were moved from city to city, eventually putting them near the Turkish border which made the rescue possible.
"I thank the prime minister and his colleagues for the pre-planned,
carefully calculated and secretly-conducted operation throughout the
night," Erdogan said in a statement.
"MIT (the Turkish intelligence agency) has followed the situation
very sensitively and patiently since the beginning and, as a result,
conducted a successful rescue operation" he said.
The 46 Turkish hostages, including diplomats, soldiers and children,
were seized from Turkey's consulate in Mosul on June 11, along with
three Iraqis, who were also released.
According to Turkey's NTV channel, government sources say that no ransom was paid to ISIS and no country mediated the release.
Assembling a collection of newspaper headlines,
out of context quotes, and rumors of unsourced tweets, analysts and
correspondents for Alex Jones’ Info Wars have cast doubt upon the
evolving consensus that Russian separatists in the Ukraine shot down
flight MH17, explaining that the downing of the flight is a ‘false
flag,’ designed to foment an international war in the region.
Introducing the segment, Lee Ann McAdoo said, “Here we are, teetering
on the edge of World War III, and the globalists really seem to be
accelerating their plan. It used to be a lot easier to convince the
masses of whatever their global agenda was with the propaganda arm of
the media.”
McAdoo went on to explain that the globalists, “…used to set small
fires here and there, fires that we could easily stamp out here at Info
Wars. But now, they’re just going to go ahead and set the whole world on
fire all at once.”
Pointing out that within 24-hours of the downing of flight
MH17, the “neo-con wing of the establishment has already decided that
Russia is to blame,” McAdoo shared clips of Senator John McCain and
Former Secretary of State Hillary Clinton suggesting that Russia or
Russian separatists might be involved, with neither asserting it as a
fact.
McAdoo suggested the jetliner could have been shot down by Ukrainian forces or might have been an accident.
Comparing the missile attack on the Malaysian airliner to the sinking
of the Maine in Havana Harbor in 1898, precipitating the
Spanish–American War, Info Wars David Knight explained that the
international media is indulging in ‘yellow journalism,’ in the manner
of Joseph Pulitzer and William Randolph Hearst.
Knight shared a cartoon from the era showing American citizens being
searched for secret messages to Spain and compared it to TSA pat-downs
at the airport. Knight additionally claimed that President Obama was
using the crash as a distraction from other world events, including
hostilities in the Gaza Strip.
Asking why MH17 was flying over war-torn Ukraine, even though it was
not prohibited, Knight added that the flight was asked by the air
controller to fly at 32, 000 feet, making it easier to shoot down and
lower that American flights which traditionally fly at 35,000 feet.
Knight did note that 32,000 feet is consistent with European flights.
Referring to an unspecified video having something to do with the
crash, an Info Wars correspondent pointed out conflicting time stamps
without pointing out what it meant, before adding the authenticity of
videos information was “unconfirmed.”
Info Wars’ Paul Joseph Watson helped connect the dots suggesting
that Ukraine was responsible for shooting the plane down instead of
Russia, by reporting on “panicked tweets” from a Spanish air-controller
who was in the tower at Kiev Boryspil airport who claimed —
“unconfirmed”– that “three minutes before the radar tower lost contact
with the Malaysian airlines plane, it had Ukrainian fighter jets
surrounding it. He said Kiev shot it down.”
The Spanish air-controller also tweeted that Kiev authorities threatened tower employees telling them to “shut up.”
Watson noted that, unfortunately the Twitter account has now been deleted.
As further evidence many mentions were made of the Ukraine shooting down a Siberia Airlines Flight 1812 in 2001, stating that the country had a history of shooting down airliners.
No correspondent mentioned the downing of KAL 007 in 1983 by Russia.
On the 70th anniversary of the D-Day landings, Brian Williams led off NBC Nightly News this way:
“On our broadcast tonight, the salute to the warriors who stormed the
beaches here in Normandy...”
It’s such a commonplace of our American
world, that word “warriors” for those in the U.S. military or, as is
said time and again, our “wounded warriors” for those hurt in one of our
many wars. This time, however, because it was applied to the vets of
World War II, my father’s war, it stopped me in my tracks.
For just a
moment, I couldn’t help imagining what my father would have said, had
anyone called him -- or any of the air commandos in Burma for whom he
was “operations officer” -- a warrior. Though he’s been dead now for
three decades, I don’t have a moment’s doubt that he would have thought
it ridiculous.
In World War I, America’s soldiers had been known as
“doughboys.” In World War II, they were regularly (and proudly) called
“dogfaces” or G.I. (for “government issue”) Joes, and their
citizen-soldier likenesses were reflected in the tough but bedraggled
figures of Willy and Joe, Bill Mauldin’s much beloved wartime cartoon foot soldiers on the long slog to Berlin.
And that was fitting for a civilian military, a draft military. It
was down to earth. It was how you described people who had left
civilian life with every intention of returning to it as soon as humanly
possible, who thought the military a grim necessity of a terrible
moment in history and that war, a terrible but necessary way to go. In
those days, warriors would have been an alien term, the sort you
associated with, say, Prussians.
My father volunteered just after the attack on Pearl Harbor and
wasn’t demobilized until the war ended, but -- I remember it well in the
years after -- while he took pride in his service, he maintained a
typical and healthy American dislike (to put it politely) for what he
called “the regular army” and George Washington would have called a
“standing army.”
He would have been amazed by the present American way
of war and the propaganda universe we now live in when it comes to
praising and elevating the U.S. military above the rest of society. He
would have found it inconceivable that a president’s wife would go on a
popular TV show -- I’m talking about Michelle Obama on "Nashville" -- and mix it up with fictional characters to laud for the umpteenth time America’s warriors and their service to the nation.
In Vietnam, of course, the term still wasn’t warrior, it was
“grunt.” The elevation of the American soldier to the heavens of praise
and bombast came significantly after the end of the citizen army,
particularly with what retired Air Force Lieutenant Colonel and TomDispatch regular
William Astore calls the new Fortress America mindset of the post-9/11
years and the ever more militarized world of constant war that went
with it.
If only I could have picked up the phone, called my father, and heard
the choice words he would have had for his newly elevated status as an
American “warrior,” seven decades after Normandy. But not being able
to, on that D-Day anniversary I did the next best thing and called a
90-year-old friend, who was on a ship off one of those blood-soaked
beaches as the invasion began.
Thinking back those 70 years with a
certain pride, he remembered that the thing the foot soldiers of World
War II resented most was saluting or saying “sir” to officers. No
warriors they -- and no love for an eternal wartime either.
Put another
way, the farther we’ve come from our last great military victory,
symbolized by the events of June 6, 1944, the more elevated the language
for describing, or perhaps whitewashing, a new American way of war
that, for pure failure, may have few matches. Tom
I spent four college years in the Reserve Officers’ Training Corps
(ROTC) and then served 20 years in the U.S. Air Force. In the military,
especially in basic training, you have no privacy. The government
owns you. You’re “government issue,” just another G.I., a number on a
dogtag that has your blood type and religion in case you need a
transfusion or last rites. You get used to it. That sacrifice of
individual privacy and personal autonomy is the price you pay for
joining the military. Heck, I got a good career and a pension out of
it, so don’t cry for me, America.
But this country has changed a lot since I joined ROTC in 1981, was
fingerprinted, typed for blood, and otherwise poked and prodded. (I
needed a medical waiver for myopia.)
Nowadays, in Fortress America,
every one of us is, in some sense, government issue in a surveillance state gone mad.
Unlike the recruiting poster
of old, Uncle Sam doesn’t want you anymore -- he already has you.
You’ve been drafted into the American national security state. That
much is evident from Edward Snowden’s revelations. Your email? It can be read. Your phone calls? Metadata about them is being gathered. Your smartphone? It’s a perfect tracking device if the government needs to find you. Your computer? Hackable and trackable. Your server? It’s at their service, not yours.
Many of the college students I’ve taught recently take such a loss of privacy
for granted. They have no idea what’s gone missing from their lives
and so don’t value what they’ve lost or, if they fret about it at all,
console themselves with magical thinking -- incantations like “I’ve done
nothing wrong, so I’ve got nothing to hide.” They have little sense of how capricious governments can be about the definition of “wrong.”
Consider us all recruits, more or less, in the new version of
Fortress America, of an ever more militarized, securitized country.
Renting a movie? Why not opt for the first Captain America
and watch him vanquish the Nazis yet again, a reminder of the last war
we truly won? Did you head for a baseball park on Memorial Day? What
could be more American or more innocent? So I hope you paid no
attention to all those camouflaged caps and uniforms your favorite players were wearing in just another of an endless stream of tributes to our troops and veterans.
Let’s hear no whining about militarized uniforms on America’s playing fields. After all, don’t you know that America’s real pastime these last years has been war and lots of it?
Be a Good Trooper
Think of the irony. The Vietnam War generated an unruly citizen’s
army that reflected an unruly and increasingly rebellious citizenry.
That proved more than the U.S. military and our ruling elites could
take. So President Nixon ended the draft in 1973
and made America’s citizen-soldier ideal, an ideal that had persisted
for two centuries, a thing of the past. The “all-volunteer military,”
the professionals, were recruited or otherwise enticed to do the job for
us. No muss, no fuss, and it’s been that way ever since. Plenty of war, but no need to be a “warrior,” unless you sign on the dotted line. It’s the new American way. But
it turned out that there was a fair amount of fine print in the
agreement that freed Americans from those involuntary military
obligations. Part of the bargain was to “support the pros” (or rather
“our troops”) unstintingly and the rest involved being pacified, keeping
your peace, being a happy warrior in the new national security state
that, particularly in the wake of 9/11, grew to enormous proportions on
the taxpayer dollar. Whether you like it or not, you’ve been drafted
into that role, so join the line of recruits and take your proper place
in the garrison state.
If you’re bold, gaze out across the increasingly fortified and monitored
borders we share with Canada and Mexico. (Remember when you could
cross those borders with no hassle, not even a passport or ID card? I
do.)
Watch for those drones,
home from the wars and already hovering in or soon to arrive in your
local skies -- ostensibly to fight crime. Pay due respect to your
increasingly up-armored police forces with their automatic weapons, their special SWAT teams, and their converted MRAPs
(mine-resistant ambush protected vehicles). These vintage Iraqi
Freedom vehicles are now military surplus given away or sold on the
cheap to local police departments. Be careful to observe their
draconian orders for prison-like “lockdowns” of your neighborhood or city, essentially temporary declarations of martial law, all for your safety and security.
Be a good trooper and do what you’re told. Stay out of public areas
when you’re ordered to do so. Learn to salute smartly. (It’s one of
the first lessons I was taught as a military recruit.) No, not that
middle-finger salute, you aging hippie. Render a proper one to those in
authority. You had best learn how.
Or perhaps you don’t even have to, since so much that we now do
automatically is structured to render that salute for us. Repeated
singings of “God Bless America” at sporting events. Repeated viewings
of movies that glorify the military. (Special Operations forces are a
hot topic in American multiplexes these days from Act of Valor to Lone Survivor.) Why not answer the call of duty by playing militarized video games like Call of Duty? Indeed, when you do think of war, be sure to treat it as a sport, a movie, a game.
Surging in America
I’ve been out of the military for nearly a decade, and yet I feel
more militarized today than when I wore a uniform. That feeling first
came over me in 2007, during what was called the “Iraqi surge” -- the
sending of another 30,000 U.S. troops into the quagmire that was our
occupation of that country. It prompted my first article for TomDispatch. I was appalled by the way our civilian commander-in-chief, George W. Bush, hid behind the beribboned chest
of his appointed surge commander, General David Petraeus, to justify
his administration’s devolving war of choice in Iraq. It seemed like
the eerie visual equivalent of turning traditional American
military-civilian relationships upside down, of a president who had gone
over to the military. And it worked. A cowed Congress meekly
submitted to “King David” Petraeus and rushed to cheer his testimony in support of further American escalation in Iraq.
Since then, it’s become a sartorial necessity for our presidents to don military flight jackets whenever they address our “warfighters”
as a sign both of their “support” and of the militarization of the
imperial presidency. (For comparison, try to imagine Matthew Brady
taking a photo of “honest Abe” in the Civil War equivalent of a flight jacket!) It is now de rigueur for presidents to praise American troops as “the finest military in world history” or, as President Obama typically said to NBC’s Brian Williams in an interview
from Normandy last week, “the greatest military in the world.”
Even
more hyperbolically, these same troops are celebrated across the country
in the most vocal way possible as hardened “warriors” and benevolent
freedom-bringers, simultaneously the goodest and the baddest of anyone
on the planet -- and all without including any of the ugly, as in the
ugliness of war and killing. Perhaps that explains why I’ve seen
military recruitment vans (sporting video game consoles) at the Little
League World Series in Williamsport, Pennsylvania. Given that military
service is so beneficent, why not get the country’s 12-year-old
prospects hopped up on the prospect of joining the ranks?
Too few Americans see any problems in any of this, which shouldn’t
surprise us. After all, they’re already recruits themselves. And if
the prospect of all this does appall you, you can’t even burn your draft
card in protest, so better to salute smartly and obey. A good conduct
medal will undoubtedly be coming your way soon.
It wasn’t always so. I remember walking the streets of Worcester,
Massachusetts, in my freshly pressed ROTC uniform in 1981. It was just
six years after the Vietnam War ended in defeat and antiwar movies like Coming Home, The Deer Hunter, and Apocalypse Now were still fresh in people’s minds. (First Blood and the Rambo “stab-in-the-back”
myth wouldn’t come along for another year.) I was aware of people
looking at me not with hostility, but with a certain indifference mixed
occasionally with barely disguised disdain. It bothered me slightly,
but even then I knew that a healthy distrust of large standing
militaries was in the American grain.
No longer. Today, service members, when appearing in uniform, are universally applauded and repetitiously lauded as heroes.
I’m not saying we should treat our troops with disdain, but as our
history has shown us, genuflecting before them is not a healthy sign of
respect. Consider it a sign as well that we really are all government
issue now.
Shedding a Militarized Mindset
If you think that’s an exaggeration, consider an old military
officer’s manual I still have in my possession. It’s vintage 1950,
approved by that great American, General George C. Marshall,
Jr., the man most responsible for our country’s victory in World War
II. It began with this reminder to the newly commissioned officer:
“[O]n becoming an officer a man does not renounce any part of his
fundamental character as an American citizen. He has simply signed on
for the post-graduate course where one learns how to exercise authority
in accordance with the spirit of liberty.” That may not be an easy
thing to do, but the manual’s aim was to highlight the salutary tension
between military authority and personal liberty that was the essence of
the old citizen’s army.
It also reminded new officers that they were trustees of America’s
liberty, quoting an unnamed admiral’s words on the subject: “The
American philosophy places the individual above the state. It distrusts
personal power and coercion. It denies the existence of indispensable
men. It asserts the supremacy of principle.”
Those words were a sound antidote to government-issue
authoritarianism and militarism -- and they still are. Together we all
need to do our bit, not as G.I. Joes and Janes, but as Citizen Joes and
Janes, to put personal liberty and constitutional principles first. In
the spirit of Ronald Reagan, who told
Soviet leader Mikhail Gorbachev to “tear down this [Berlin] wall,”
isn’t it time to begin to tear down the walls of Fortress America and
shed our militarized mindsets? Future generations of citizens will
thank us, if we have the courage to do so.
Imagine that you could wander unseen through a city, sneaking into
houses and offices of your choosing at any time, day or night. Imagine
that, once inside, you could observe everything happening, unnoticed by
others—from the combinations used to secure bank safes to the
clandestine rendezvous of lovers. Imagine also that you have the ability
to silently record everybody's actions, whether they are at work or
play without leaving a trace. Such omniscience could, of course, make
you rich, but perhaps more important, it could make you very powerful.
That
scenario out of some futuristic sci-fi novel is, in fact, almost
reality right now. After all, globalization and the Internet have
connected all our lives in a single, seamless virtual city where
everything is accessible at the tap of a finger. We store our money in
online vaults; we conduct most of our conversations and often get from
place to place with the help of our mobile devices. Almost everything
that we do in the digital realm is recorded and lives on forever in a
computer memory that, with the right software and the correct passwords,
can be accessed by others, whether you want them to or not.
Now—one more moment of
imagining—what if every one of your transactions in that world was
infiltrated? What if the government had paid developers to put trapdoors
and secret passages into the structures that are being built in this
new digital world to connect all of us all the time? What if they had
locksmiths on call to help create master keys for all the rooms? And
what if they could pay bounty hunters to stalk us and build profiles of
our lives and secrets to use against us?
Well, check your imagination at the door, because this is indeed the
brave new dystopian world that the US government is building, according
to the latest revelations from the treasure trove of documents released
by National Security Agency whistleblower Edward Snowden.
Over the last eight months, journalists have dug deep into these
documents to reveal that the world of NSA mass surveillance involves
close partnerships with a series of companies most of us have never
heard of that design or probe the software we all take for granted to
help keep our digital lives humming along.
There are three broad ways that these software companies collaborate with the state: a National Security Agency program called "Bullrun"
through which that agency is alleged to pay off developers like RSA, a
software security firm, to build "backdoors" into our computers; the use
of "bounty hunters"
like Endgame and Vupen that find exploitable flaws in existing software
like Microsoft Office and our smartphones; and finally the use of data
brokers like Millennial Media
to harvest personal data on everybody on the Internet, especially when
they go shopping or play games like Angry Birds, Farmville, or Call of
Duty.
Of course, that's just a start when it comes to enumerating the ways
the government is trying to watch us all, as I explained in a previous
TomDispatch piece, "Big Bro is Watching You." For example, the FBI uses hackers
to break into individual computers and turn on computer cameras and
microphones, while the NSA collects bulk cell phone records and tries to
harvest all the data traveling over fiber-optic cables.
In December 2013, computer researcher and hacker Jacob Appelbaum
revealed that the NSA has also built hardware with names like Bulldozer,
Cottonmouth, Firewalk, Howlermonkey, and Godsurge that can be inserted
into computers to transmit data to US spooks even when they are not
connected to the Internet.
"Today, [the NSA is] conducting instant, total invasion of privacy
with limited effort," Paul Kocher, the chief scientist of Cryptography
Research, Inc. which designs security systems, told the New York Times. "This is the golden age of spying."
Building Backdoors
Back in the 1990's, the Clinton administration promoted a special
piece of NSA-designed hardware that it wanted installed in computers and
telecommunication devices. Called the Clipper Chip,
it was intended to help scramble data to protect it from unauthorized
access—but with a twist. It also transmitted a "Law Enforcement Access
Field" signal with a key that the government could use if it wanted to
access the same data.
Activists and even software companies fought against the Clipper Chip
in a series of political skirmishes that are often referred to as the Crypto Wars. One of the most active companies was RSA from California. It even printed posters with a call to "Sink Clipper."
By 1995, the proposal was dead in the water, defeated with the help of
such unlikely allies as broadcaster Rush Limbaugh and Senators John
Ashcroft and John Kerry.
But the NSA proved more tenacious
than its opponents imagined. It never gave up on the idea of embedding
secret decryption keys inside computer hardware—a point Snowden has
emphasized (with the documents to prove it).
A decade after the Crypto Wars, RSA, now a subsidiary of EMC, a
Massachusetts company, had changed sides. According to an investigative
report by Joseph Menn of Reuters, it allegedly took $10 million from the National Security Agency in exchange for embedding an NSA-designed mathematical formula called the Dual Elliptic Curve Deterministic Random Bit Generator inside its Bsafe software products as the default encryption method.
The Dual Elliptic Curve has a "flaw" that allows it to be hacked, as
even RSA now admits.
Unfortunately for the rest of us, Bsafe is built
into a number of popular personal computer products and most people
would have no way of figuring out how to turn it off.
According to the Snowden documents, the RSA deal was just one of
several struck under the NSA's Bullrun program that has cost taxpayers
over $800 million to date and opened every computer and mobile user around the world to the prying eyes of the surveillance state.
"The deeply pernicious nature
of this campaign—undermining national standards and sabotaging hardware
and software—as well as the amount of overt private sector cooperation
are both shocking," wrote Dan Auerbach and Kurt Opsahl of the Electronic
Frontier Foundation, a San Francisco-based activist group that has led
the fight against government surveillance. "Back doors fundamentally
undermine everybody's security, not just that of bad guys."
Bounty Hunters
For the bargain basement price of $5,000, hackers offered for sale a software flaw
in Adobe Acrobat that allows you to take over the computer of any
unsuspecting victim who downloads a document from you. At the opposite
end of the price range, Endgame Systems of Atlanta, Georgia, offered for
sale a package named Maui
for $2.5 million that can attack targets all over the world based on
flaws discovered in the computer software that they use. For example,
some years ago, Endgame offered for sale targets in Russia including an
oil refinery in Achinsk, the National Reserve Bank, and the Novovoronezh
nuclear power plant. (The list was revealed by Anonymous, the online
network of activist hackers.) While such "products," known in hacker circles as "zero day exploits,"
may sound like sales pitches from the sorts of crooks any government
would want to put behind bars, the hackers and companies who make it
their job to discover flaws in popular software are, in fact, courted
assiduously by spy agencies like the NSA who want to use them in
cyberwarfare against potential enemies.
Take Vupen, a French company that offers a regularly updated
catalogue of global computer vulnerabilities for an annual subscription
of $100,000. If you see something that you like, you pay extra to get
the details that would allow you to hack into it. A Vupen brochure
released by Wikileaks in 2011 assured potential clients that the
company aims "to deliver exclusive exploit codes for undisclosed
vulnerabilities" for "covertly attacking and gaining access to remote
computer systems."
At a Google sponsored event in Vancouver in 2012, Vupen hackers demonstrated
that they could hijack a computer via Google's Chrome web browser. But
they refused to hand over details to the company, mocking Google
publicly. "We wouldn't share this with Google for even $1 million,"
Chaouki Bekrar of Vupen boasted to Forbes magazine. "We don't
want to give them any knowledge that can help them in fixing this
exploit or other similar exploits. We want to keep this for our
customers."
In addition to Endgame and Vupen, other players in this field include
Exodus Intelligence in Texas, Netragard in Massachussetts, and ReVuln
in Malta.
Their best customer? The NSA, which spent at least $25 million in
2013 buying up dozens of such "exploits." In December, Appelbaum and his
colleagues reported in Der Spiegel that agency staff crowed about their ability to penetrate
any computer running Windows at the moment that machine sends messages
to Microsoft. So, for example, when your computer crashes and helpfully
offers to report the problem to the company, clicking yes could open you
up for attack.
The federal government is already alleged to have used such exploits (including one in Microsoft Windows)—most famously when the Stuxnet virus was deployed to destroy Iran's nuclear centrifuges.
"This is the militarization of the Internet,"
Appelbaum told the Chaos Computer Congress in Hamburg. "This strategy
is undermining the Internet in a direct attempt to keep it insecure. We
are under a kind of martial law."
Harvesting your Data
Among the Snowden documents was a 20-page 2012 report from the
Government Communications Headquarters—the British equivalent of the
NSA—that listed a Baltimore-based ad company, Millennial Media.
According to the spy agency, it can provide "intrusive" profiles of
users of smartphone applications and games. The New York Times has noted that the company offers data
like whether individuals are single, married, divorced, engaged, or
"swinger," as well as their sexual orientation ("straight, gay,
bisexuall, and 'not sure'").
How does Millennial Media get this data? Simple. It happens to gather
data from some of the most popular video game manufacturers in the
world. That includes Activision in California which makes Call of Duty, a
military war game that has sold over 100 million copies; Rovio of
Finland, which has given away 1.7 billion copies of a game called Angry
Birds that allows users to fire birds from a catapult at laughing pigs;
and Zynga—also from California—which makes Farmville, a farming game
with 240 million active monthly users.
In other words, we're talking about what is undoubtedly a significant
percentage of the connected world unknowingly handing over personal
data, including their location and search interests, when they download
"free" apps after clicking on a licensing agreement that legally allows
the manufacturer to capture and resell their personal information. Few
bother to read the fine print or think twice about the actual purpose of
the agreement.
The apps pay for themselves via a new business model called "real-time bidding"
in which advertisers like Target and Walmart send you coupons and
special offers for whatever branch of their store is closest to you.
They do this by analyzing the personal data sent to them by the "free"
apps to discover both where you are and what you might be in the market
for.
When, for instance, you walk into a mall, your phone broadcasts your location and within a millisecond a data broker sets up a virtual auction
to sell your data to the highest bidder. This rich and detailed data
stream allows advertisers to tailor their ads to each individual
customer. As a result, based on their personal histories, two people
walking hand in hand down a street might get very different
advertisements, even if they live in the same house.
This also has immense value to any organization that can match up the
data from a device with an actual name and identity—such as the federal
government. Indeed, the Guardian has highlighted an NSA document from 2010 in which the agency boasts that it can "collect almost every key detail of a user's life:
including home country, current location (through geolocation), age,
gender, zip code, marital status…income, ethnicity, sexual orientation,
education level, and number of children."
In Denial
It's increasingly clear that the online world is, for both government
surveillance types and corporate sellers, a new Wild West where
anything goes. This is especially true when it comes to spying on you
and gathering every imaginable version of your "data."
Software companies, for their part, have denied helping the NSA and reacted with anger to the Snowden disclosures."Our
fans' trust is the most important thing for us and we take privacy
extremely seriously," commented Mikael Hed, CEO of Rovio Entertainment,
in a public statement.
"We do not collaborate, collude, or share data with spy agencies anywhere in the world."
RSA has tried to deny
that there are any flaws in its products. "We have never entered into
any contract or engaged in any project with the intention of weakening
RSA's products, or introducing potential 'backdoors' into our products
for anyone's use," the company said in a statement on its website. "We
categorically deny this allegation." (Nonetheless RSA has recently
started advising clients to stop using the Dual Elliptical Curve.)
Other vendors like Endgame and Millennial Media have maintained a stoic silence. Vupen is one of the few that boasts about its ability to uncover software vulnerabilities.
And the NSA has issued a Pravda-like statement
that neither confirms nor denies the revelations.
"The communications
of people who are not valid foreign intelligence targets are not of
interest to the National Security Agency," an NSA spokeswoman told the Guardian.
"Any implication that NSA's foreign intelligence collection is focused
on the smartphone or social media communications of everyday Americans
is not true."
The NSA has not, however, denied the existence of its Office of Tailored Access Operations (TAO), which Der Spiegel describes as "a squad of [high-tech] plumbers that can be called in when normal access to a target is blocked."
The Snowden documents indicate that TAO has a sophisticated set of tools at its disposal—that the NSA calls "Quantum Theory"—made
up of backdoors and bugs that allow its software engineers to plant spy
software on a target computer. One powerful and hard to detect example
of this is TAO's ability to be notified when a target's computer visits
certain websites like LinkedIn and to redirect it to an NSA server named
"Foxacid" where the agency can upload spy software in a fraction of a second.
Which Way Out of the Walled Garden?
The simple truth of the matter is that most individuals are easy
targets for both the government and corporations. They either pay for
software products like Pages and Office from well known manufacturers
like Apple and Microsoft or download them for free from game companies
like Activision, Rovio, and Zynga for use inside "reputable" mobile
devices like Blackberries and iPhones.
These manufacturers jealously guard access to the software that they
make available, saying that they need to have quality control. Some go
even further with what is known as the "walled garden"
approach, only allowing pre-approved programs on their devices. Apple's
iTunes, Amazon's Kindle, and Nintendo's Wii are examples of this.
But as the Snowden revelations have helped make clear, such devices
and software are vulnerable both to manufacturer's mistakes, which open
exploitable backdoors into their products, and to secret deals with the
NSA.
So in a world where, increasingly, nothing is private, nothing is
simply yours, what is an Internet user to do? As a start, there is an
alternative to most major software programs for word processing,
spreadsheets, and layout and design—the use of free and open source software like Linux and Open Office,
where the underlying code is freely available to be examined for hacks
and flaws. (Think of it this way: if the NSA cut a deal with Apple to
copy everything on your iPhone, you would never know. If you bought an
open-source phone—not an easy thing to do—that sort of thing would be
quickly spotted.) You can also use encrypted browsers like Tor and search engines like Duck Duck Go that don't store your data.
Next, if you own and use a mobile device on a regular basis, you owe it yourself to turn off as many of the location settings and data-sharing options
as you can. And last but hardly least, don't play Farmville, go out and
do the real thing. As for Angry Birds and Call of Duty, honestly,
instead of shooting pigs and people, it might be time to think about
finding better ways to entertain yourself.
Pick up a paintbrush,
perhaps? Or join an activist group like the Electronic Frontier Foundation and fight back against Big Brother.
In the movie plot of a spy thriller, our hero gets captured by
agents of a repressive government, and they take him into a dark
interrogation room, where the sadistic spymaster hisses at him: "We have
ways of making you talk."
Meanwhile, in real life, the director of our National Security
Agency hisses at journalists: "We have ways of keeping you from
talking." Well, not quite in those words, but Gen. Keith Alexander,
chief spook at NSA and head of US Cyber Command, did reveal a chilling
disrespect for our Constitutional right to both free speech and a free
press. In an October interview, he called for outlawing any reporting on
his agency's secret program of spying on every American: "I think it's
wrong that newspaper reporters have all these documents… giving them out
as if these – you know it just doesn't make any sense." Then came his
spooky punch line: "We ought to come up with a way of stopping it… It's
wrong to allow this to go on."
Holy Thomas Paine! Spy on us, okay; report on it, not. What
country does this autocrat represent? Alexander's secret,
indiscriminate, supercomputer scooping-up of data on every phone call,
email, and other private business of every American is what "doesn't
make any sense." It's an Orwellian, mass invasion of everyone's privacy,
creating the kind of routine, 24/7 surveillance state our government
loudly deplores in China and Russia – and it amounts to stomping on our
Fourth Amendment guarantee that we're to be free of "unreasonable
searches and seizures."
That's the real outrage we should be "stopping." But no, our
constitutionally-clueless spymaster doubles down on his dangerous
ignorance by also stomping on the First Amendment. If this were a movie,
people would laugh at it as being too silly, too far-fetched to
believe. But there it is, horribly real.
"Keith Alexander Says The US Gov't Needs To Figure Out A Way To Keep Journalists From Reporting On Snowden Leaks," www.techdirt.com, October 25, 2013.
A
long time Gadgeteer reader contacted me today through Google Hangouts
to tell me that he had a story that he thought I’d be interested in
reading. He then forwarded me a long email with a story from a very good
friend of his. It was such a surprising story that I asked if I could
have permission to post it here on The Gadgeteer. I ended up
communicating with the author of the story and have posted it here for
everyone to read…
I
have been using Google Glass for about 2 months now, and about 2 weeks
ago I got prescription lenses for the glasses. So in the past two weeks I
was wearing Google Glass all the time. There were no stories to write
about, until yesterday (1/18/2014).
I went to AMC (Easton Mall,
Columbus, OH) to watch a movie with my wife (non- Google Glass user). It
is the theater we go to every week, so it has probably been the third
time I’ve been there wearing Google Glass, and the AMC employees (guy
tearing tickets at the entrance, girl at the concession stand) have
asked me about Glass in the past and I have told them how awesome Glass
is with every occasion.
Because I don’t want Glass to distract me
during the movie, I turn them off (but since my prescription lenses are
on the frame, I still wear them). About an hour into the movie (Jack
Ryan: Shadow Recruit), a guy comes near my seat, shoves a badge that had
some sort of a shield on it, yanks the Google Glass off my face and
says “follow me outside immediately”.
It was quite embarrassing and
outside of the theater there were about 5-10 cops and mall cops. Since I
didn’t catch his name in the dark of the theater, I asked to see his
badge again and I asked what was the problem and I asked for my Glass
back. The response was “you see all these cops you know we are legit, we
are with the ‘federal service’ and you have been caught illegally
taping the movie”.
I was surprised by this and as I was obviously
just having a nice Saturday evening night out with my wife and not
taping anything whether legally or illegally, I tried to explain that
this is a misunderstanding. I tried to explain that he’s holding rather
expensive hardware that cost me $1,500 for Google Glass and over
$600 for the prescription glasses.
The response was that I was searched
and more stuff was taken away from me (specifically my personal phone,
my work phone – both of which were turned off, and my wallet).
After an
embarrassing 20-30 minutes outside the movie theater, me and my wife
were conducted into two separate rooms in the “management” office of
Easton Mall, where the guy with the badge introduced himself again and
showed me a different ID. His partner introduced herself too and showed
me a similar looking badge. I was by that time, too flustered to
remember their names (as a matter of fact, now, over 30 hours later I am
still shaking when recounting the facts).
What followed was over
an hour of the “feds” telling me I am not under arrest, and that this
is a “voluntary interview”, but if I choose not to cooperate bad things
may happen to me (is it legal for authorities to threaten people like
that?)
I kept telling them that Glass has a USB port and not only did I
allow them, I actually insist they connect to it and see that there was
nothing but personal photos with my wife and my dog on it. I also
insisted they look at my phone too and clear things out, but they wanted
to talk first. They wanted to know who I am, where I live, where I
work, how much I’m making, how many computers I have at home, why am I
recording the movie, who am I going to give the recording to, why don’t I
just give up the guy up the chain, ’cause they are not interested in
me. Over and over and over again.
I kept telling them that I
wasn’t recording anything – my Glass was off, they insisted they saw it
on. I told them there would be a light coming out the little screen if
Glass was on, and I could show them that, but they insisted that I
cannot touch my Glass for the fear “I will erase the evidence against me
that was on Glass”.
I didn’t have the intuition to tell them that Glass
gets really warm if it records for more than a few minutes and my
glasses were not warm. They wanted to know where I got Glass and how did
I came by having it. I told them I applied about 1,000 times to get in
the explorer program, and eventually I was selected, and I got the Glass
from Google.
I offered to show them receipt and Google Glass website if
they would allow me to access any computer with Internet. Of course,
that was not an option. Then they wanted to know what does Google ask of
me in exchange for Glass, how much is Google paying me, who is my boss
and why am I recording the movie.
Eventually, after a long time
somebody came with a laptop and an USB cable at which point he told me
it was my last chance to come clean. I repeated for the hundredth time
there is nothing to come clean about and this is a big misunderstanding
so the FBI guy finally connected my Glass to the computer, downloaded
all my personal photos and started going though them one by one
(although they are dated and it was obvious there was nothing on my
Glass that was from the time period they accused me of recording).
Then
they went through my phone, and 5 minutes later they concluded I had
done nothing wrong.
I asked why didn’t they just take those five
minutes at the beginning of the interrogation and they just left the
room. A guy who claimed his name is Bob Hope (he gave me his business
card) came in the room, and said he was with the Movie Association and
they have problems with piracy at that specific theater and that
specific movie.
He gave me two free movie passes “so I can see the movie
again”. I asked if they thought my Google Glass was such a big piracy
machine, why didn’t they ask me not to wear them in the theater? I would
have probably sat five or six rows closer to the screen (as I didn’t
have any other pair of prescription glasses with me) and none of this
would have happened. All he said was AMC called him, and he called the
FBI and “here are two more passes for my troubles”. I would have been
fine with “I’m sorry this happened, please accept our apologies”. Four
free passes just infuriated me.
Considering it was 11:27 P.M when
this happened, and the movie started at 7.45, I guess 3 and a half hours
of my time and the scare my wife went through (who didn’t know what was
going on as nobody bothered to tell her) is worth about 30 bucks in the
eyes of the Movie Association and the federal militia (sorry, I cannot
think of other derogatory words).
I think I should sue them for this,
but I don’t have the time or the energy to deal with “who is my boss –
they don’t want me, they want the big guy” again, so I just spilled the
beans on this forum, for other to learn from my experience.
I
guess until people get more familiar with Google Glass and understand
what they are, one should not wear them to the movies. I wish they would
have said something before I went to the movies, but it may be my
mistake for assuming that if I went and watched movies two times wearing
Glass with no incident the third time there won’t be any incident
either. As for the federal agents and their level of comprehension… I
guess if they deal with petty criminals every day, everybody starts
looking like a petty criminal.
Again, I wish they would have listened
when I told them how to verify I did nothing illegal, or at least
apologize afterwards, but hey… this is the free country everybody
praises. Somewhere else might be even worse.
Crazy
huh? His story read like something out of the Jack Ryan movie that he
and his wife had gone to see. Are there any other Google Glass users out
there that have been treated badly just for your wearable tech? If not,
are you reconsidering wearing a pair to the next movie you attend?
Update (01/21/14):
Wow,
this article has completely blown up our web server due to the traffic.
I just wanted to follow up with a few comments and info. First of all,
I’m not a journalist, I’m a tech geek writer. Posting this article has
given me a good learning lesson though, which I’ll use if I ever post a
similar article in the future.
I have been criticized for not
citing my sources and following up with the theater to verify that the
story was true. I didn’t feel the need at the time because the person
who gave me the story is a long time Gadgeteer reader and works in law
enforcement. I felt 100% confident the story was not a hoax.
I did
however call the theater in question and tried to get in touch with
someone there for a comment. My calls went unanswered.
After the
article was posted. Rob Jackson of Phandroid posted his take on the
article and asked me for the author’s contact info. With the author’s
permission, I forwarded that info and Rob followed up with some
questions and answers that he posted on his site. Take a look for more
info on this story: http://phandroid.com/2014/01/20/fbi-google-glass-movie/
Update #2:
I just received info from the author with regards to the agents that questioned him:
For the sake of having all the facts right. I have been trying to find out who the agents that “interviewed” me at AMC were, so I asked help from a guy I know at FBI. I worked with this guy in the past when I was employed at a webhosting company. He did some digging, and he tells me the “federal agents” talking to me were DHS.
Update #3:
The
title of the article has been changed to reflect the recent update from
the author that it was actually the DHS (Department of Homeland
Security) who detained him and not the FBI as he originally thought.
Update #4:
The story has been confirmed. I just received this email from the author:
Julie, Rob.
I spoke with a reporter from Columbus Dispatch, who obtained a statement from DHS and forwarded it to me. Here it is:
From: Walls, Khaalid H [mailto:Khaalid.H.Walls@ice.dhs.gov] Sent: Tuesday, January 21, 2014 1:16 PM To: Allison Manning Subject: ICE
H Ally,
Please attribute the below statement to me:
On Jan. 18, special agents with ICE’s Homeland Security Investigations and local authorities briefly interviewed a man suspected of using an electronic recording device to record a film at an AMC theater in Columbus. The man, who voluntarily answered questions, confirmed to authorities that the suspected recording device was also a pair of prescription eye glasses in which the recording function had been inactive. No further action was taken.
Khaalid Walls, ICE spokesman
Khaalid Walls Public Affairs Officer U.S. Immigration and Customs Enforcement (ICE) 313-226-0726 313-215-7657(m)
By
now, it’s well known that the National Security Agency is collecting
troves of data about law-abiding Americans. But the NSA is not alone: A
series of new reports show that state and local police have been busy collecting data
on our daily activities as well — under questionable or nonexistent
legal pretenses. These revelations about the extent of police snooping
in the U.S. — and the lack of oversight over it — paint a disturbing
picture for anyone who cares about civil liberties and privacy
protection.
The tactics used by law enforcement are aggressive,
surreptitious and surprising to even longtime surveillance experts. One
report released last month made front page news: an investigation by more than 50 journalists
that found that local law enforcement agencies are collecting cellphone
data about thousands of innocent Americans each year by tapping into
cellphone towers and even creating fake ones that act as data traps.
A new report
by the Brennan Center for Justice at NYU School of Law details how
police departments around the country have created data “fusion centers”
to collect and share reports about residents. But the information in
these reports seldom bears any relation to crime or terrorism. In
California, for example, officers are encouraged to document and
immediately report on “suspicious” activities such as “individuals who
stay at bus or train stops for extended periods while buses and trains
come and go,” “individuals who carry on long conversations on pay or
cellular phones,” and “joggers who stand and stretch for an inordinate
amount of time.” In Houston, the criteria are so broad they include
anything deemed “suspicious or worthy of reporting.” Many police
departments and fusion centers have reported on constitutionally
protected activities such as photography and political speech. They have also demonstrated a troubling tendency to focus on people who appear to be of Middle Eastern origin.
Like
the NSA – their heavy-handed Big Brother – these fusion centers cast a
wide net and risk civil liberties for paltry returns. And all of it is
happening without sufficient oversight or accountability. In other
words, no one is watching Little Brother.
How did it come to
this? In the aftermath of the Sept. 11, 2001, attacks, all levels of
government – federal, state and local – embarked on a massive effort to
improve information sharing. Federal taxpayer dollars fueled the
transition into a new role for state and local police as the eyes and
ears of the intelligence community.
The ad hoc system that has
developed — of individual police departments feeding information to
federal authorities — has been plagued by vague and inconsistent rules.
For one thing, there’s a lack of agreement about what counts as
“suspicious activity” and when that information should be shared.
The
goal, in theory, is to reveal potential terrorist plots by “connecting
the dots” of disparate or even innocuous pieces of information. But in
practice, such programs often infringe on civil liberties and threaten
safety, producing a din of data with little or no counter-terrorism
value. In Boston, for example, the regional fusion center fixated
on monitoring peace activists and Occupy Boston protesters but may have
been unaware that the FBI conducted an assessment of bombing suspect
Tamerlan Tsarnaev based on a tip from Russia, or that local authorities
had implicated him in a gruesome triple homicide on the anniversary of
9/11.
In fact, a 2012 report
by the Senate Homeland Security Committee found that much of the
information produced by fusion centers was not only useless, but also
possibly illegal. Indeed, more than 95 percent of so-called suspicious activity reports are never investigated by the FBI.
We
can do better. First and foremost, there must be a consistent,
transparent standard for state and local intelligence activities based
on reasonable suspicion of criminal activity – the traditional bar for
opening an investigation. The federal government should make this
standard a prerequisite for sharing suspicious activity reports on its
networks. State and local police should adopt it as well.
Second,
stronger oversight and accountability is necessary across the board. At
the federal level, Congress should tie continued funding for fusion
centers to regular, independent and publicly available audits to assess
compliance with privacy rules. State and local elected officials should
also consider creating an independent police monitor, such as an
inspector general, to safeguard privacy and civil rights.
To be
sure, cooperation between levels of government is essential, and state
and local law enforcement have an important role to play in keeping
Americans safe. But the current system is ineffective, wasteful and
harmful to constitutional values.
It is time to recalibrate the system and make the state and local role in national security efficient, rational and fair.
Michael Price is counsel in the Liberty and National
Security Program at the Brennan Center for Justice at NYU School of Law.
This video was recorded on September 27 and uploaded to YouTube a few
days later. It has recently made the rounds on social media and caught
the attention of major news outlets. In it, two Philadelphia police
officers stop, detain briefly and question two young black men who are
walking down the street. The reason given for the stop is that one of
the young men said “Hi” to a drug dealer.
You should watch the video in
its entirety:
There are a number of choice quotes to be pulled from this video, my
favorite among them the retort from the young man being stopped and who
managed to film the incident, “You not protecting me by stopping me when
I’m trying to go to work,” but it’s this exchange that has come to
define the encounter:
Officer: “We don’t want you here [in Philadelphia], anyway. All you do is weaken the fucking country.” Young man: “How do I weaken the country? By working?” Officer: “No, freeloading,” Young man: “Freeloading on what? I work.” Officer: “Do you? Where?” Young man: “[redacted] Country Club.” Officer: “Doing what?” Young man: “I’m a server” Officer: “A server? Serving weed?”
The officer responsible for this racist line of questioning, Philip Nace, was recently placed in the Differential Police Response Unit, a disciplinary unit, for what a police spokesman called “idiotic behavior” after another video
surfaced of him knocking down a basketball hoop and, while driving away
in a police van, telling the group that was playing “have a good day.”
He is being investigated by Internal Affairs.
“But this is one individual,” Lt. John Stanford told the Philadelphia Daily News,
“Don’t let this individual put it in your mind that this is how
officers act. The vast majority of officers give the residents of this
city 110 percent.”
The problem is, as badly as Philadelphia police may want to isolate
Nace and his poor behavior, this isn’t the result of mistakenly hiring
one racist cop. This is a racist policy supported by a racist society
doing exactly what it was designed to do.
Had Nace used softer language, had he asked politely and said
“please” and “thank you,” he still would have stopped, searched and
collected information on an innocent person for having done nothing more
than speaking to someone he passed on the street. Because that’s the
policy.
Philadelphia’s use of stop-and-frisk doubled in 2009,
two years after the election of Mayor Michael Nutter (in case anyone
were led to believe it’s only white mayors and police commissioners
responsible for implementing this tactic, both Nutter and Commissioner
Charles Ramsey are black), and in a similar fashion to what has recently
happened in New York City, it was challenged in court and the city
agreed to make adjustments to the policy.
However, it still exists, and still disproportionately targets black
and Hispanic men. And one can’t divorce this from the fact that school
budgets, affecting mostly black students, have been slashed, while hundreds of millions are being poured into a new prison facility, or the youth curfew
that was implemented a few years ago.
Through colorblind language,
there exists a concerted effort to criminalize the presence of black and
brown youth in public and shuttle them off to bigger, shinier prisons.
They can discipline Nace, even remove him from the force (and they
should), but his actions are only a symptom of the larger disease. The
more we focus our energy on the Naces of the world, the further we get
from a cure.
Mychal Denzel Smith has previously argued that institutional racism persists in the criminal justice system with or without stop-and-frisk programs.
JOSEPH BONICIOLI mostly uses the same internet you
and I do. He pays a service provider a monthly fee to get him online.
But to talk to his friends and neighbors in Athens, Greece, he's also
got something much weirder and more interesting: a private, parallel
internet.
He and his fellow Athenians built it. They did so by linking up a set
of rooftop wifi antennas to create a "mesh," a sort of bucket brigade
that can pass along data and signals. It's actually faster than the Net
we pay for: Data travels through the mesh at no less than 14 megabits a
second, and up to 150 Mbs a second, about 30 times faster than the
commercial pipeline I get at home. Bonicioli and the others can send
messages, video chat, and trade huge files without ever appearing on the
regular internet. And it's a pretty big group of people: Their Athens
Wireless Metropolitan Network has more than 1,000 members, from Athens
proper to nearby islands. Anyone can join for free by installing some
equipment. "It's like a whole other web," Bonicioli told me recently.
"It's our network, but it's also a playground."
Indeed, the mesh has become a major social hub. There are blogs,
discussion forums, a Craigslist knockoff; they've held movie nights
where one member streams a flick and hundreds tune in to watch. There's
so much local culture that they even programmed their own mini-Google to
help meshers find stuff. "It changes attitudes," Bonicioli says.
"People start sharing a lot. They start getting to know someone next
door—they find the same interests; they find someone to go out and talk
with." People have fallen in love after meeting on the mesh.
The Athenians aren't alone. Scores of communities worldwide have been
building these roll-your-own networks—often because a mesh can also be
used as a cheap way to access the regular internet. But along the way
people are discovering an intriguing upside: Their new digital spaces
are autonomous and relatively safe from outside meddling. In an era when
governments and corporations are increasingly tracking our online
movements, the user-controlled networks are emerging as an almost
subversive concept. "When you run your own network," Bonicioli explains,
"nobody can shut it down."
THE INTERNET may seem amorphous, but it's at heart
pretty physical. Its backbone is a huge array of fiber-optic, telephone,
and TV cables that carry data from country to country. To gain access,
you need someone to connect your house to that backbone. This is what's
known as the "last mile" problem, and it's usually solved by large
internet service providers such as AT&T and Comcast. They buy access
to the backbone and charge you for delivering the signal via telephone
wires or cable lines. Most developed nations have plenty of ISP's, but in
poor countries and rural areas, the last-mile problem still looms
large. If providers don't think there's enough profit in household
service, they either don't offer any or do it only at exorbitant rates.
Meshes evolved to tackle this problem. Consider the Spanish network
Guifi, which took root in the early aughts as people got sick of waiting
for their sclerotic telcos to wire the countryside. "In some places you
can wait for 50 years and die and you're still waiting," jokes Guifi
member Ramon Roca.
The bandwidth-starved Spaniards attached long-range
antennas to their wifi cards and pointed them at public hot spots like
libraries. Some contributed new backbone connections by shelling out,
individually or in groups, for expensive DSL links, while others dipped
into the network for free.
(Guifi is a complex stew of charity,
free-riding, and cost-sharing.) To join the bucket brigade, all you had
to do was add some hardware that allowed your computer's wifi hub to
pass along the signal to anyone in your vicinity. Gradually, one hub at a
time, Guifi grew into the world's largest mesh, with more than 21,000
members.
In some ways, a community mesh resembles a food co-op. Its members
crunch the numbers and realize that they can solve the last-mile problem
themselves at a fraction of the price. In Kansas City, Isaac Wilder,
cofounder of the Free Network Foundation, is using this model to wire up
neighborhoods where the average household income is barely $10,000 a
year. His group partners with community organizations that pay for
backbone access. Wilder then sets up a mesh that anyone can join for a
modest sum. "The margins on most internet providers are so ridiculously
inflated," he says. "When people see the price they get from the mesh,
they're like, 'Ten bucks a month? Oh, shit, I'll pay that!'"
In other cases, meshes are run like tiny local businesses. Stephen
Song, the founder of Village Telco, markets "mesh potatoes," inexpensive
wifi devices that automatically mesh with each other, allowing them to
transmit data and make local calls. In towns across Africa, where
internet access is overpriced or nonexistent, mom-and-pop shops buy
backbone access and then sell mesh potatoes to customers, offering them
cheap monthly phone and internet rates. Song hopes this entrepreneurial
model will lead to stable networks that don't have to rely on donations
or tech-savvy community volunteers. He set up a mesh himself in Cape
Town, South Africa. "The primary users of that tech were grandmothers,"
Song says. "Grandmothers are really dependent on their families, and
visiting is hard—it's a really hilly area. So if you have an appealing
low-cost alternative, they go for it."
WHILE MESH networks were created to solve an
economic problem, it turns out they also have a starkly political
element: They give people—particularly political activists—a safer and
more reliable way to communicate.
As activism has become increasingly reliant on social networking,
repressive regimes have responded by cutting off internet access. When
Hosni Mubarak, for instance, discovered that protesters were using
Facebook to help foment dissent, he ordered the state-controlled ISP's to
shut down Egypt's internet for days. In China, the Communist Party uses
its "Great Firewall" to prevent citizens from reading pro-democracy
sites. In the United States, authorities have shut down mobile service
to prevent activists from communicating, as happened a couple of years
ago during a protest at San Francisco subway stations. And such
reactions aren't only prompted by dissent. Some of the big phone and
cable companies have begun to block digital activities they disapprove
of, like sharing huge files on BitTorrent. In 2009, the recording
industry even persuaded France to pass a law—since declared
unconstitutional—that canceled the internet service of any household
caught downloading copyrighted files more than three times.
The last-mile problem, it turns out, isn't just technical or
economic: It's political and even cultural. To repurpose the famous A.J.
Liebling statement, internet freedom is guaranteed only to those who
own a connection. "And right now, you and me don't own the internet—we
just rent the capacity to access it from the companies that do own it,"
Wilder says.
So now digital-freedom activists and nonprofits are making mesh tools
specifically to carve out spaces free from government snooping. During
the Occupy Wall Street actions in New York City, Wilder set up a local
mesh for the protesters. In Washington, DC, the New America Foundation's
Open Technology Institute is developing Commotion—"internet in a
suitcase" software that lets anyone quickly deploy a mesh. "We're making
infrastructure for anyone who wants to control their own network," says
Sascha Meinrath, who runs OTI. In a country with a repressive
government, dissidents could use Commotion to set up a private,
encrypted mesh. If a despot decided to shut off internet access, the
activists could pay for a satellite connection and then share it across
the mesh, getting a large group of people back online quickly.
Meinrath and his group have tested Commotion in American communities,
including Detroit and Brooklyn's Red Hook neighborhood, where locals
used it to get back online after Hurricane Sandy. Now OTI is working on a
mesh that will provide secure local communications for communities in
Tunisia.
Even voice calls can be meshed. Commotion includes Serval, software
that lets you network Android phones and communicate directly via wifi
without going through a wireless carrier—sort of like a high-tech
walkie-talkie network. Created by Paul Gardner-Stephen, a research
fellow at Australia's Flinders University, Serval also encrypts phone
calls and texts, making it extremely hard for outsiders to eavesdrop.
When OTI employees tested it this spring using external "range
extenders," they were able to text one another from nearly a mile away
on the National Mall. Hopping onto the DC Metro, they found they could
trade messages while riding six cars apart. "We now know how to make a
completely distributed phone system," Gardner-Stephen says. Despite the
modest ranges now possible, there are plenty of potential uses. After an
earthquake, he notes, Serval could help citizens and aid agencies make
local calls instantly. In an Occupy-style scenario, police may try to
shut down texting via Verizon and AT&T only to discover that
activists have their own private Serval channel.
In an Occupy-style scenario, police may try
to shut down texting via Verizon and AT&T only to discover that
activists have their own private Serval channel.
Granted, Meinrath points out even encrypted systems like Commotion
aren't a privacy panacea. Encryption can be broken, and if the mesh
hooks up to the regular internet—via satellite, for instance—then you're
sending signals back out to where the NSA and others have plenty of
taps.
Even so, alternative networks are a pretty subversive idea, one that
has attracted some strange bedfellows. The State Department recently
ponied up almost $3 million to support Commotion, because officials
think it could help freedom of speech abroad. But given the revelations
about NSA spying (Commotion's developer, OTI, is considering joining a
lawsuit to challenge the agency's surveillance program), the software is
likely to gain traction among activists here at home. "It makes all the
sense in the world," Meinrath says.
THE RISE OF community meshes suggests a possibility
that is considerably more radical. What if you wanted a mesh that
spanned the globe? A way to communicate with anyone, anywhere, without
going over a single inch of corporate or government cable? Like what
Joseph Bonicioli has in Athens writ large—a parallel, global internet
run by the people, for the people. Could such a beast be built?
Down in Argentina, meshers have shot signals
up to 10 miles to bring together remote villages; in Greece, Bonicioli
says they've connected towns as far as 60 miles apart.
On a purely technical level, mesh advocates say it's super hard, but
not impossible. First, you'd build as many local mesh networks as you
can, and then you'd connect them together. Long-distance "hops" are
tricky, but community meshes already use special wifi antennas—sometimes
"cantennas" made out of Pringles-type containers—to join far-flung
neighborhoods. Down in Argentina, meshers have shot signals up to 10
miles to bring together remote villages; in Greece, Bonicioli says
they've connected towns as far as 60 miles apart. For bigger leaps,
there are even more colorful ideas: Float a balloon 60,000 feet in the
air, attach a wifi repeater, and you could bounce a signal between two
cities separated by hundreds of miles. It sounds nuts, but Google
actually pulled it off this past summer, when its Project Loon sent a
flotilla of balloons over New Zealand to blanket the rural countryside
with wireless connections. There are even DIY satellites: Home-brewed
"cubesats" have already been put into orbit by university researchers
for less than $100,000 each. That's hardly chump change, but it's well
within, say, Kickstarter range.
For stable communications, though, the best bet would be to snag some
better spectrum. The airwaves are a public resource, but they are
regulated by national agencies like the Federal Communications
Commission that dole out the strongest frequencies—the ones that can
travel huge distances and pass easily through physical objects—to the
military and major broadcasters. (Wifi uses one of the rare
public-access frequencies.) If the FCC could be convinced to hand over
some of those powerful frequencies to the public, meshes could span huge
distances. "We need free networks, and we need free bandwidth," says
Eben Moglen, a law professor at Columbia University and head of the
Software Freedom Law Center. But given the power of the telco and
defense lobbies, don't hold your breath.
The notion of a truly independent global internet may still be a
gleam in the eye of the meshers, but their visionary zeal is contagious.
It harkens back to the early days of the digital universe, when the
network consisted mostly of university scientists and researchers
communicating among themselves without corporations sitting in the
middle or government (that we know of) monitoring their chats. The goal
then, as now, was both connection and control: an internet of one's own.
Secret demands mark escalation in Internet surveillance by the federal
government through gaining access to user passwords, which are typically
stored in encrypted form.
The U.S. government has demanded that major Internet companies divulge
users' stored passwords, according to two industry sources familiar with
these orders, which represent an escalation in surveillance techniques
that has not previously been disclosed.
If the government is able to determine a person's password, which is
typically stored in encrypted form, the credential could be used to log
in to an account to peruse confidential correspondence or even
impersonate the user. Obtaining it also would aid in deciphering
encrypted devices in situations where passwords are reused.
"I've certainly seen them ask for passwords," said one Internet industry
source who spoke on condition of anonymity. "We push back."
A second person who has worked at a large Silicon Valley company
confirmed that it received legal requests from the federal government
for stored passwords. Companies "really heavily scrutinize" these
requests, the person said. "There's a lot of 'over my dead body.'"
Some of the government orders demand not only a user's password but also
the encryption algorithm and the so-called salt, according to a person
familiar with the requests. A salt is a random string of letters or
numbers used to make it more difficult to reverse the encryption process
and determine the original password. Other orders demand the secret
question codes often associated with user accounts.
"This is one of those unanswered legal questions: Is there any circumstance under which they could get password information?" --Jennifer Granick, Stanford University
A Microsoft spokesperson would not say whether the company has received
such requests from the government. But when asked whether Microsoft
would divulge passwords, salts, or algorithms, the spokesperson replied:
"No, we don't, and we can't see a circumstance in which we would
provide it."
Google also declined to disclose whether it had received requests for
those types of data. But a spokesperson said the company has "never"
turned over a user's encrypted password, and that it has a legal team
that frequently pushes back against requests that are fishing
expeditions or are otherwise problematic. "We take the privacy and
security of our users very seriously," the spokesperson said.
A Yahoo spokeswoman would not say whether the company had received such
requests. The spokeswoman said: "If we receive a request from law
enforcement for a user's password, we deny such requests on the grounds
that they would allow overly broad access to our users' private
information. If we are required to provide information, we do so only in
the strictest interpretation of what is required by law."
Apple, Facebook, AOL, Verizon, AT&T, Time Warner Cable, and Comcast
did not respond to queries about whether they have received requests for
users' passwords and how they would respond to them.
Richard Lovejoy, a director of the Opera Software subsidiary that operates FastMail,
said he doesn't recall receiving any such requests but that the company
still has a relatively small number of users compared with its larger
rivals. Because of that, he said, "we don't get a high volume" of U.S.
government demands.
The FBI declined to comment.
Some details remain unclear, including when the requests began and
whether the government demands are always targeted at individuals or
seek entire password database dumps. The Patriot Act has been used to demand entire database dumps
of phone call logs, and critics have suggested its use is broader. "The
authority of the government is essentially limitless" under that law,
Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence
committee, said at a Washington event this week.
Large Internet companies have resisted the government's requests by
arguing that "you don't have the right to operate the account as a
person," according to a person familiar with the issue. "I don't know
what happens when the government goes to smaller providers and demands
user passwords," the person said.
An attorney who represents Internet companies said he has not fielded
government password requests, but "we've certainly had reset requests --
if you have the device in your possession, than a password reset is the
easier way."
Source code to a C implementation of bcrypt, a popular algorithm used for password hashing.
(Credit:
Photo by Declan McCullagh)
Cracking the codes
Even if the National Security Agency or
the FBI successfully obtains an encrypted password, salt, and details
about the algorithm used, unearthing a user's original password is
hardly guaranteed. The odds of success depend in large part on two
factors: the type of algorithm and the complexity of the password.
Algorithms, known as hash functions, that are viewed as suitable for
scrambling stored passwords are designed to be difficult to reverse. One
popular hash function called MD5, for instance, transforms the phrase
"National Security Agency" into this string of seemingly random
characters: 84bd1c27b26f7be85b2742817bb8d43b. Computer scientists
believe that, if a hash function is well-designed, the original phrase
cannot be derived from the output.
But modern computers, especially ones equipped with high-performance
video cards, can test passwords scrambled with MD5 and other well-known
hash algorithms at the rate of billions a second. One system using 25 Radeon-powered GPUs that was demonstrated
at a conference last December tested 348 billion hashes per second,
meaning it would crack a 14-character Windows XP password in six
minutes.
The best practice among Silicon Valley companies is to adopt far slower
hash algorithms -- designed to take a large fraction of a second to
scramble a password -- that have been intentionally crafted to make it
more difficult and expensive for the NSA and other attackers to test
every possible combination.
One popular algorithm, used by Twitter and LinkedIn, is called bcrypt. A 2009 paper (PDF) by computer scientist Colin Percival
estimated that it would cost a mere $4 to crack, in an average of one
year, an 8-character bcrypt password composed only of letters. To do it
in an average of one day, the hardware cost would jump to approximately
$1,500.
But if a password of the same length included numbers, asterisks,
punctuation marks, and other special characters, the cost-per-year leaps
to $130,000. Increasing the length to any 10 characters, Percival
estimated in 2009, brings the estimated cracking cost to a staggering
$1.2 billion.
As computers have become more powerful, the cost of cracking bcrypt
passwords has decreased. "I'd say as a rough ballpark, the current cost
would be around 1/20th of the numbers I have in my paper," said
Percival, who founded a company called Tarsnap Backup,
which offers "online backups for the truly paranoid." Percival added
that a government agency would likely use ASICs -- application-specific
integrated circuits -- for password cracking because it's "the most
cost-efficient -- at large scale -- approach."
While developing Tarsnap, Percival devised an algorithm called scrypt,
which he estimates can make the "cost of a hardware brute-force attack"
against a hashed password as much as 4,000 times greater than bcrypt.
Bcrypt was introduced (PDF) at a 1999 Usenix conference by Niels Provos, currently a distinguished engineer in Google's infrastructure group, and David Mazières, an associate professor of computer science at Stanford University.
With the computers available today, "bcrypt won't pipeline very well in
hardware," Mazières said, so it would "still be very expensive to do
widespread cracking."
Even if "the NSA is asking for access to hashed bcrypt passwords,"
Mazières said, "that doesn't necessarily mean they are cracking them."
Easier approaches, he said, include an order to extract them from the
server or network when the user logs in -- which has been done before -- or installing a keylogger at the client.
Sen. Ron Wyden, who warned this week that "the
authority of the government is essentially limitless" under the Patriot
Act's business records provision.
(Credit:
Getty Images)
Questions of law
Whether the National Security Agency or FBI
has the legal authority to demand that an Internet company divulge a
hashed password, salt, and algorithm remains murky.
"This is one of those unanswered legal questions: Is there any
circumstance under which they could get password information?" said Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society. "I don't know."
Granick said she's not aware of any precedent for an Internet company
"to provide passwords, encrypted or otherwise, or password algorithms to
the government -- for the government to crack passwords and use them
unsupervised." If the password will be used to log in to the account,
she said, that's "prospective surveillance," which would require a
wiretap order or Foreign Intelligence Surveillance Act order.
If the government can subsequently determine the password, "there's a
concern that the provider is enabling unauthorized access to the user's
account if they do that," Granick said. That could, she said, raise
legal issues under the Stored Communications Act and the Computer Fraud
and Abuse Act.
The Justice Department has argued in court proceedings before that it
has broad legal authority to obtain passwords. In 2011, for instance,
federal prosecutors sent a grand jury subpoena demanding the password
that would unlock files encrypted with the TrueCrypt utility.
The Florida man who received the subpoena claimed the Fifth Amendment,
which protects his right to avoid self-incrimination, allowed him to
refuse the prosecutors' demand. In February 2012, the U.S. Court of
Appeals for the Eleventh Circuit agreed, saying that because prosecutors
could bring a criminal prosecution against him based on the contents of
the decrypted files, the man "could not be compelled to decrypt the
drives."
In January 2012, a federal district judge in Colorado reached the
opposite conclusion, ruling that a criminal defendant could be compelled
under the All Writs Act to type in the password that would unlock a
Toshiba Satellite laptop.
Both of those cases, however, deal with criminal proceedings when the
password holder is the target of an investigation -- and don't address
when a hashed password is stored on the servers of a company that's an
innocent third party.
"If you can figure out someone's password, you have the ability to reuse
the account," which raises significant privacy concerns, said Seth Schoen, a senior staff technologist at the Electronic Frontier Foundation.
Last updated at 8:00 p.m. PT with comment from Yahoo, which responded after this article was published.
Disclosure: McCullagh is married to a Google employee not involved with this issue.