Category Archives: Surveillance

IETF’s Habermasian Resolve to Work Against Pervasive Monitoring

The IETF has issued RFC 7258, aka Best Current Practice 188, “Pervasive Monitoring Is an Attack”. This is an important document. Here’s a snippet of the intro:

Pervasive Monitoring (PM) is widespread (and often covert) surveillance through intrusive gathering of protocol artefacts, including application content, or protocol metadata such as headers. Active or passive wiretaps and traffic analysis, (e.g., correlation, timing or measuring packet sizes), or subverting the cryptographic keys used to secure protocols can also be used as part of pervasive monitoring. PM is distinguished by being indiscriminate and very large scale, rather than by introducing new types of technical compromise.

The IETF community’s technical assessment is that PM is an attack on the privacy of Internet users and organisations. The IETF community has expressed strong agreement that PM is an attack that needs to be mitigated where possible, via the design of protocols that make PM significantly more expensive or infeasible. Pervasive monitoring was discussed at the technical plenary of the November 2013 IETF meeting [IETF88Plenary] and then through extensive exchanges on IETF mailing lists. This document records the IETF community’s consensus and establishes the technical nature of PM.

The term “attack” is used here in a technical sense that differs somewhat from common English usage. In common English usage, an attack is an aggressive action perpetrated by an opponent, intended to enforce the opponent’s will on the attacked party. The term is used here to refer to behavior that subverts the intent of communicating parties without the agreement of those parties.

The conclusion is simple, but powerful: “The IETF will strive to produce specifications that mitigate pervasive monitoring attacks.”

I can’t help but see this as a shining example of the IETF living up to its legitimate-rule-making potential, as I described in my 2003 Harvard Law Review article Habermas@discourse.net: Toward a Critical Theory of Cyberspace.

Below, I reprint my abstract: Continue reading

Posted in Internet, Surveillance, Writings | Leave a comment

Inevitable

Anti-surveillance mask lets you pass as someone else

Posted in Surveillance | Leave a comment

CIA Spied on Senate Committee?

This story seems like a Smoking Gun-sized Big Deal. The NYT version, C.I.A. Employees Face New Inquiry Amid Clashes on Detention Program and the less namby-pamby McClatchy version, Probe sought of CIA conduct in Senate study of secret detention program paint a pretty damming picture of an agency totally out of control, and of a potentially massive separation of powers conflict arising out of the Senate’s report on CIA torture.

Compare McClatchy’s leed:

The CIA Inspector General’s Office has asked the Justice Department to investigate allegations of malfeasance at the spy agency in connection with a yet-to-be released Senate Intelligence Committee report into the CIA’s secret detention and interrogation program, McClatchy has learned.

The criminal referral may be related to what several knowledgeable people said was CIA monitoring of computers used by Senate aides to prepare the study. The monitoring may have violated an agreement between the committee and the agency.

to the NYT leed:

The Central Intelligence Agency’s attempt to keep secret the details of a defunct detention and interrogation program has escalated a battle between the agency and members of Congress and led to an investigation by the C.I.A.’s internal watchdog into the conduct of agency employees.

The agency’s inspector general began the inquiry partly as a response to complaints from members of Congress that C.I.A. employees were improperly monitoring the work of staff members of the Senate Intelligence Committee, according to government officials with knowledge of the investigation.

McClatchy also says this:

The committee determined earlier this year that the CIA monitored computers – in possible violation of an agreement against doing so – that the agency had provided to intelligence committee staff in a secure room at CIA headquarters that the agency insisted they use to review millions of pages of top-secret reports, cables and other documents, according to people with knowledge.

Sen. Ron Wyden, D-Oregon, a panel member, apparently was referring to the monitoring when he asked CIA Director John Brennan at a Jan. 9 hearing if provisions of the Federal Computer Fraud and Abuse Act “apply to the CIA? Seems to me that’s a yes or no answer.”

Brennan replied that he’d have to get back to Wyden after looking into “what the act actually calls for and it’s applicability to CIA’s authorities.”

None of that is in the NYT version, although the NYT (like McClatchy) does have these details:

Then, in December, Mr. Udall revealed that the Intelligence Committee had become aware of an internal C.I.A. study that he said was “consistent with the Intelligence Committee’s report” and “conflicts with the official C.I.A. response to the committee’s report.”

It appears that Mr. Udall’s revelation is what set off the current fight, with C.I.A. officials accusing the Intelligence Committee of learning about the internal review by gaining unauthorized access to agency databases.

In a letter to President Obama on Tuesday, Mr. Udall made a vague reference to the dispute over the C.I.A.’s internal report.

“As you are aware, the C.I.A. has recently taken unprecedented action against the committee in relation to the internal C.I.A. review, and I find these actions to be incredibly troubling for the committee’s oversight responsibilities and for our democracy,” he wrote.

Developing.

Posted in Law: Constitutional Law, National Security, Surveillance, Torture | Leave a comment

Dan’s First First Media

My brother has his inaugural article up at First Media’s “The Intercept”: The Terrible Toll of Secrecy.

Posted in Dan Froomkin, Surveillance | Leave a comment

Nobody Home at Rubio’s Office?

The Day We Fight BackAs part of the “Today We Fight Back” initiative I clicked the “call your legislator” button on the pop-up I’ve installed here for the day. The way it works is you give your phone number, then their bot calls your phone, asks for your zip code, and connects you to your representatives.

I was duly connected to Sen. Nelson’s office, where they answered on the second ring, and a polite gentleman noted my concerns and promised “to pass it along to the Senator” (uh-huh).

Then the app connected me to Senator Rubio’s office. The phone rang eight times and no one answered. Is no one home? Do they have caller ID and not bother answering calls that come in via the EFF’s app?

Then it was on to Rep. Ros-Lehtinen’s office, where it barely rang twice, and another nice gentleman, this time with an Australian accent, took down my info.

Back when I did politics, I used to only half-jokingly say that one indication of a struggling political outfit was if the phone ever rang more than three times. By that standard Rubio is tanking.

Not answering the phone is no way to treat constituents, even if you know they don’t agree with you. Lame. Very lame.

Posted in Florida, Politics: FL-18, Surveillance | Leave a comment

Happy Data Privacy Day

Today is Data Privacy Day. Start your celebration with Unqualified Offerings:

Snowden’s revelations must be especially hard on the psychiatric profession. If one patient dismisses the idea that the government is spying on him, and the other is convinced that the government is working with major electronics manufacturers to put listening devices in his personal belongings, which one do you diagnose as being unable to distinguish reality from fantasy?

At a University committee meeting recently, I suggested the University should provide us all with encryption so we can protect our data on our computers, and in transit, as it was at risk of interception. The ranking University official at the meeting smiled dismissively and said something along the lines of ‘Well, if you are worrying about that…”. I said, “but it’s national policy – the President announced it.” He stopped smiling.

Posted in Cryptography, Software, Surveillance | Leave a comment

What I Learned Today (Hacking Edition)

Clapper-call-mom1. The NSA hacks BIOSes. Indeed it does everything that it wants you to worry that the Chinese might do and more. The NSA even monitors certain online orders of computers so it can intercept the computers and modify them with BIOS-level or system-level spyware.

2. It’s possible to hack a MicroSD card — or indeed any flash storage device. I’m waiting to learn when the NSA does that too.

Posted in Surveillance | Leave a comment