INTERNET giant Facebook is accessing smartphone users’ personal text messages, an investigation revealed today.
Facebook admitted reading text messages belonging to smartphone users who downloaded the social-networking app and said that it was accessing the data as part of a trial to launch its own messaging service, The (London) Sunday Times reported.
Other well-known companies accessing smartphone users’ personal data – such as text messages – include photo-sharing site Flickr, dating site Badoo and Yahoo Messenger, the paper said.
It claimed that some apps even allow companies to intercept phone calls – while others, such as YouTube, are capable of remotely accessing and operating users’ smartphone cameras to take photographs or videos at any time.
Security app My Remote Lock and the app Tennis Juggling Game were among smaller companies’ apps that may intercept users’ calls, the paper said.
Emma Draper, of the Privacy International campaign group, said, “Your personal information is a precious commodity, and companies will go to great lengths to get their hands on as much of it as possible.”
More than 400,000 apps can be downloaded to Android phones, and more than 500,000 are available for iPhones – with all apps downloaded from Apple’s App Store covered by the same terms and conditions policy.
According to a YouGov poll for the newspaper, 70 per cent of smartphone users rarely or never read the terms and conditions policy when they download an app.
Update: I’ve clarified two aspects of this story below. First, Micro Systemation’s XRY tool often requires more than two minutes to crack the iPhone’s password. The two minutes I originally cited were a reference to the time shown in the video (now removed by Micro Systemation) below. Given that, as I originally wrote, the phone in the video used the simplest possible password (0000), the process often takes far longer.
Second, Micro Systemation had told me that XRY can gain access to phones that run the latest version of iOS. But in fact, it can only gain access to older iPhones and iPads running the latest version of the operating system, and can’t access the iPhone 4S or the iPad 2 or later. Apologies for this oversight.
Set your iPhone to require a four-digit passcode, and it may keep your private information safe from the prying eyes of the taxi driver whose cab you forget it in. But if law enforcement is determined to see the data you’ve stored on your smartphone, those four digits will slow down the process of accessing it as little as two minutes.
Here’s a video posted last week by Micro Systemation, a Stockholm, Sweden-based firm that sells law enforcement and military customers the tools to access the devices of criminal suspects or military detainees and siphon off their personal information.
Update: After this post brought widespread attention to Micro Systemation’s video, the company has removed it from YouTube.
As the video shows showed, a Micro Systemation application the firm calls XRY can quickly crack an iOS or Android phone’s passcode, dump its data to a PC, decrypt it, and display information like the user’s GPS location, files, call logs, contacts, messages, even a log of its keystrokes.
Mike Dickinson, the firm’s marketing director and the voice in its videos, says that the company sells products capable of accessing passcode-protected iOS and Android devices in over 60 countries. It supplies 98% of the U.K.’s police departments, for instance, as well as many American police departments and the FBI. Its largest single customer is the U.S. military. ”When people aren’t wearing uniforms, looking at mobile phones to identify people is quite helpful,” Dickinson says by way of explanation.
With smartphone adoption rocketing around the world, Dickinson says Micro Systemation’s “business is booming.” The small company has grown close to 25% in revenue year-over-year, earned $18 million in revenue in 2010 up from $12 million the year before, and doubled its employees since 2009.
“It’s a massive boom industry, the growth in evidence from mobile phones,” says Dickinson. “After twenty years or so, people understand they shouldn’t do naughty things on their personal computers, but they still don’t understand that about phones. From an evidential point of view, it’s of tremendous value.”
“If they’ve done something wrong,” he adds.
XRY works much like the jailbreak hacks that allow users to remove the installation restrictions on their devices, Dickinson says, though he wouldn’t say much about the exact security vulnerability that XRY exploits to gain access to the iPhone. He claims that the company doesn’t use backdoor vulnerabilities in the devices created by the manufacturer, but rather seeks out security flaws in the phone’s software just as jailbreakers do, one reason why half the company’s 75 employees are devoted to research and development. “Every week a new phone comes out with a different operating sytems and we have to reverse engineer them,” he says. “We’re constantly chasing the market.”
Update: Mike Dickinson has clarified that Micro Systemation’s XRY tool doesn’t support the iPhone 4S, iPad 2 or iPad 3. It does, however, support the latest version of Apple’s iOS operating system, so he says that older devices that have the latest software installed are still vulnerable.
After bypassing the iPhone’s security restrictions to run its code on the phone, the tool “brute forces” the phone’s password, guessing every possible combination of numbers to find the correct code, as Dickinson describes it. In the video above, the process takes seconds. (Although admittedly, the phone’s example passcode is “0000″, about the most easily-guessed password possible.)
Dicksinson acknowledges that users who set longer passcodes for devices can in fact make the devices far tougher to crack. “The more complex the password, the longer and harder it’s going to be to access the phone,” he says. “In some cases, it takes so long to brute force that it’s not worth doing it.” That may have been the situation, for instance, in one recent case involving the phone of Dante Dears, a paroled convict accused of running a prostitution ring known as “Pimping Hoes Daily” from his Android phone; The FBI, apparently unable or unwilling to crack the phone, asked Google to help in accessing it.
BEIJING — As the Chinese government forges ahead on a multibillion-dollar effort to blanket the country with surveillance cameras, one American company stands to profit: Bain Capital, the private equity firm founded by Mitt Romney.
Chinese cities are installing surveillance systems with hundreds of thousands of cameras like these at a Beijing building site.
In December, a Bain-run fund in which a Romney family blind trust has holdings purchased the video surveillance division of a Chinese company that claims to be the largest supplier to the government’s Safe Cities program, a highly advanced monitoring system that allows the authorities to watch over university campuses, hospitals, mosques and movie theaters from centralized command posts.
The Bain-owned company, Uniview Technologies, produces what it calls “infrared antiriot” cameras and software that enable police officials in different jurisdictions to share images in real time through the Internet. Previous projects have included an emergency command center in Tibet that “provides a solid foundation for the maintenance of social stability and the protection of people’s peaceful life,” according to Uniview’s Web site.
Such surveillance systems are often used to combat crime and the manufacturer has no control over whether they are used for other purposes. But human rights advocates say in China they are also used to intimidate and monitor political and religious dissidents. “There are video cameras all over our monastery, and their only purpose is to make us feel fear,” said Loksag, a Tibetan Buddhist monk in Gansu Province. He said the cameras helped the authorities identify and detain nearly 200 monks who participated in a protest at his monastery in 2008.
Mr. Romney has had no role in Bain’s operations since 1999 and had no say over the investment in China. But the fortunes of Bain and Mr. Romney are still closely tied.
The financial disclosure forms Mr. Romney filed last August show that a blind trust in the name of his wife, Ann Romney, held a relatively small stake of between $100,000 and $250,000 in the Bain Capital Asia fund that purchased Uniview.
In a statement, R. Bradford Malt, who manages the Romneys’ trusts, noted that he had put trust assets into the fund before it bought Uniview. He said that the Romneys had no role in guiding their investments. He also said he had no control over the Asian fund’s choice of investments.
Mr. Romney reported on his August disclosure forms that he and his wife earned a minimum of $5.6 million from Bain assets held in their blind trusts and retirement accounts. Bain employees and executives are also among the largest donors to his campaign, and their contributions accounted for 10 percent of the money received over the past year by Restore Our Future, the pro-Romney “super PAC.” Bain employees have also made substantial contributions to Democratic candidates, including President Obama.
Bain’s decision to enter China’s fast-growing surveillance industry raises questions about the direct role that American corporations play in outfitting authoritarian governments with technology that can be used to repress their own citizens.
It also comes at a delicate time for Mr. Romney, who has frequently called for a hard line against the Chinese government’s suppression of religious freedom and political dissent.
As with previous deals involving other American companies, critics argue that Bain’s acquisition of Uniview violates the spirit — if not necessarily the letter — of American sanctions imposed on Beijing after the deadly crackdown on protests in Tiananmen Square. Those rules, written two decades ago, bar American corporations from exporting to China “crime-control” products like those that process fingerprints, make photo identification cards or use night vision technology.
Most video surveillance equipment is not covered by the sanctions, even though a Canadian human rights group found in 2001 that Chinese security forces used Western-made video cameras to help identify and apprehend Tiananmen Square protesters.
Representative Frank R. Wolf, Republican of Virginia, who frequently assails companies that do business with Chinese security agencies, said calls by some members of Congress to pass stricter regulations on American businesses have gone nowhere. “These companies are busy making a profit and don’t want to face realities, but what they’re doing is wrong,” said Mr. Wolf, who is co-chairman of the Tom Lantos Human Rights Commission.
In public comments and in a statement posted on his campaign Web site, Mr. Romney has accused the Obama administration of placing economic concerns above human rights in managing relations with China. He has called on the White House to offer more vigorous support of those who criticize the Chinese Communist Party“Any serious U.S. policy toward China must confront the fact that China’s regime continues to deny its people basic political freedoms and human rights,” according to the statement on his Web site. “The United States has an important role to play in encouraging the evolution of China toward a more politically open and democratic order.”
In recent years, a number of Western companies, including Honeywell, General Electric, I.B.M. and United Technologies, have been criticized for selling sophisticated surveillance-related technology to the Chinese government.
Other companies have been accused of directly helping China quash perceived opponents. In 2007, Yahoo settled a lawsuit asserting that it had provided the authorities with e-mails of a journalist who was later sentenced to 10 years in prison for sending an e-mail that prosecutors charged contained state secrets.
Cisco Systems is fighting a lawsuit in the United States filed by a human rights group over Internet networking equipment it sold to the Chinese government. The lawsuit asserts that the system, tailored to government demands, allowed the authorities to track down and torture members of the religious group Falun Gong.
Bain defended its purchase of Uniview, stressing that the Chinese company’s products were advertised as instruments for crime control, not political repression. “China’s increasingly urban population will face growing needs around personal safety and property protection,” the company said in a statement. “Video surveillance is part of the solution to that, as it is anywhere in the world.” The company also said that only one-third of Uniview’s sales were to public security bureaus.
William A. Reinsch, president of the National Foreign Trade Council in Washington, said it was up to the American government, not individual companies, to set the guidelines for such business ventures. “A lot of the stuff we’re talking about is truly dual use,” said Mr. Reinsch, a former Commerce Department official in the Clinton administration. “You can sell it to a local police force that will use it to track down speeders, but you can also sell it to a ministry of state security that will use it to monitor dissidents.”
But Adam Segal, a senior fellow at the Council on Foreign Relations and an expert on the intersection of technology and domestic security in China, said American companies could not shirk responsibility for the way their technology is used, especially in the wake of recent controversies over the sales of Western Internet filtering systems to autocratic rulers in the Arab world. “Technology companies have to begin to think about the ethics and political implications of selling these technologies,” he said.
Uniview is proud of its close association with China’s security establishment and boasts about the scores of surveillance systems it has created for local security agencies in the six years since the Safe Cities program was started.
“Social management and society building pose new demands for surveillance and control systems,” Uniview says in its promotional materials, which include an interview with Zhang Pengguo, the company’s chief executive. “A harmonious society is the essential nature of socialism with Chinese characteristics,” Mr. Zhang says.
Until now, Bain’s takeover of Uniview has drawn little attention outside China. The company was formerly the surveillance division of H3C, a joint venture between 3Com and Huawei, the Chinese telecommunications giant whose expansion plans in the United States have faced resistance from Congress over questions about its ties to the Chinese military.
In 2010, 3Com, along with H3C, became a subsidiary of Hewlett-Packard in a $2.7 billion buyout deal.
H3C also sells technology unrelated to video surveillance, including Internet firewall products, but it was the video surveillance division alone that drew Bain Capital’s interest.
In December, H3C announced that Bain had bought out the surveillance division and formed Uniview, although under terms of the buyout, H3C provides Uniview with products, technical support and, for a period of time, the use of its brand name. Bain controls Uniview but says it has no role in its day-to-day operations.
Bain is, however, well positioned to profit. According to the British firm IMS Research, the Chinese market for security camera networks was $2.5 billion last year, a figure that is expected to double by 2015, with more than two-thirds of that demand coming from the government. Uniview currently has just 1 percent of the market, the firm said.
Chinese cities are rushing to construct their own surveillance systems. Chongqing, in southwest China, is spending $4.2 billion on a network of 500,000 cameras, according to the state news media. Guangdong Province, the manufacturing powerhouse adjacent to Hong Kong, is mounting one million cameras. In Beijing, the municipal government is seeking to place cameras in all entertainment venues, adding to the skein of 300,000 cameras that were installed here for the 2008 Olympics.
By marrying Internet, cellphone and video surveillance, the government is seeking to create an omniscient monitoring system, said Nicholas Bequelin, a senior researcher at Human Rights Watch in Hong Kong. “When it comes to surveillance, China is pretty upfront about its totalitarian ambitions,” he said.
For the legion of Chinese intellectuals, democracy advocates and religious figures who have tangled with the government, surveillance cameras have become inescapable.
Yang Weidong, a politically active filmmaker, said a phalanx of 13 cameras were installed in and around his apartment building last year after he submitted an interview request to President Hu Jintao, drawing the ire of domestic security agents. In January, Ai Weiwei, the artist and public critic, was questioned by the police after he threw stones at cameras trained on his front gate.
Li Tiantian, 45, a human rights lawyer in Shanghai, said the police used footage recorded outside a hotel in an effort to manipulate her during the three months she was illegally detained last year. The video, she said, showed her entering the hotel in the company of men other than her boyfriend.
During interrogations, Ms. Li said, the police taunted her about her sex life and threatened to show the video to her boyfriend. The boyfriend, however, refused to watch, she said.
“The scale of intrusion into people’s private lives is unprecedented,” she said in a phone interview. “Now when I walk on the street, I feel so vulnerable, like the police are watching me all the time.”
Well, it has been the $64,000 question for a couple of decades: Can NSA break something like PGP?
While there might be other black world technologies that could be up to the task (there’s no way to know), what we do know is that a practical quantum computing capability would be, for all intents and purposes, the master key.
I’m pretty confident that NSA has this capability and here’s why: IBM Breakthrough May Make Practical Quantum Computer 15 Years Away Instead of 50. There is no hard constant that one can point to when considering how much more advanced black world technologies are than what we think of as state of the art, but if IBM is 15 years away from building a useful quantum computer, it’s not a stretch to assume NSA has that capability already, or is close to having it.
Bamford lays out a narrative below about the “enormous breakthrough,” but, at the end of the day, it’s conventional computers. There’s no mention quantum computers, or even the far less “out there” photonic systems.
Is Bamford’s piece a limited hangout?
Maybe, but it makes for interesting reading in any event.
Note: For some reason, Bamford refers to Mark Klein as, “A whistle-blower,” without naming him. Because of Mark Klein, we know, for sure, that the mass intercepts are happening, how NSA is doing it, the equipment involved, etc. So, thanks, Mark Klein. Heroes have names on Cryptogon.
—
Update: Former Senior U.S. Intelligence Official and Current Booz Allen Hamilton Senior Vice President Joan A. Dempsey: ‘We’re a Few Years Away from Realizing Real Quantum Processing and Quantum Computing’
One of the first measures of tradecraft, as any good spy will tell you, is being able to tell when something just doesn’t add up. So when Joan Dempsey said she had some 49 years of experience in various roles in the military and intelligence communities, one has to wonder. She hardly looks it, but after spending some 25 years in the U.S. Navy, seven more at the CIA, and another 17 at the Pentagon in a variety of intelligence leadership positions, Dempsey swears it’s true, which means she is one of the few women in the intelligence community with nearly half a century of government experience, which has included, over the years, a number of “firsts.”
…
“I think that’s a huge growth area in intelligence, the big data analysis kinds of things, quantum computing which, I mean, we’re a few years away from realizing real quantum processing and quantum computing. And I mean these are areas that are going to have profound effect on every aspect of our lives, but certainly on the intelligence.
Under construction by contractors with top-secret clearances, the blandly named Utah Data Center is being built for the National Security Agency. A project of immense secrecy, it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyze, and store vast swaths of the world’s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. The heavily fortified $2 billion center should be up and running in September 2013. Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails—parking receipts, travel itineraries, bookstore purchases, and other digital “pocket litter.” It is, in some measure, the realization of the “total information awareness” program created during the first term of the Bush administration—an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans’ privacy.
But “this is more than just a data center,” says one senior intelligence official who until recently was involved with the program. The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes. And code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications—will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”
…
In the process—and for the first time since Watergate and the other scandals of the Nixon administration—the NSA has turned its surveillance apparatus on the US and its citizens. It has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. It has created a supercomputer of almost unimaginable speed to look for patterns and unscramble codes. Finally, the agency has begun building a place to store all the trillions of words and thoughts and whispers captured in its electronic net. And, of course, it’s all being done in secret. To those on the inside, the old adage that NSA stands for Never Say Anything applies more than ever.
…
The data stored in Bluffdale will naturally go far beyond the world’s billions of public web pages. The NSA is more interested in the so-called invisible web, also known as the deep web or deepnet—data beyond the reach of the public. This includes password-protected data, US and foreign government communications, and noncommercial file-sharing between trusted peers. “The deep web contains government reports, databases, and other sources of information of high value to DOD and the intelligence community,” according to a 2010 Defense Science Board report. “Alternative tools are needed to find and index data in the deep web … Stealing the classified secrets of a potential adversary is where the [intelligence] community is most comfortable.” With its new Utah Data Center, the NSA will at last have the technical capability to store, and rummage through, all those stolen secrets. The question, of course, is how the agency defines who is, and who is not, “a potential adversary.”
…
According to Binney—who has maintained close contact with agency employees until a few years ago—the taps in the secret rooms dotting the country are actually powered by highly sophisticated software programs that conduct “deep packet inspection,” examining Internet traffic as it passes through the 10-gigabit-per-second cables at the speed of light.
The software, created by a company called Narus that’s now part of Boeing, is controlled remotely from NSA headquarters at Fort Meade in Maryland and searches US sources for target addresses, locations, countries, and phone numbers, as well as watch-listed names, keywords, and phrases in email. Any communication that arouses suspicion, especially those to or from the million or so people on agency watch lists, are automatically copied or recorded and then transmitted to the NSA.
The scope of surveillance expands from there, Binney says. Once a name is entered into the Narus database, all phone calls and other communications to and from that person are automatically routed to the NSA’s recorders. “Anybody you want, route to a recorder,” Binney says. “If your number’s in there? Routed and gets recorded.” He adds, “The Narus device allows you to take it all.” And when Bluffdale is completed, whatever is collected will be routed there for storage and analysis.
According to Binney, one of the deepest secrets of the Stellar Wind program—again, never confirmed until now—was that the NSA gained warrantless access to AT&T’s vast trove of domestic and international billing records, detailed information about who called whom in the US and around the world. As of 2007, AT&T had more than 2.8 trillion records housed in a database at its Florham Park, New Jersey, complex.
Verizon was also part of the program, Binney says, and that greatly expanded the volume of calls subject to the agency’s domestic eavesdropping. “That multiplies the call rate by at least a factor of five,” he says. “So you’re over a billion and a half calls a day.” (Spokespeople for Verizon and AT&T said their companies would not comment on matters of national security.)
After he left the NSA, Binney suggested a system for monitoring people’s communications according to how closely they are connected to an initial target. The further away from the target—say you’re just an acquaintance of a friend of the target—the less the surveillance. But the agency rejected the idea, and, given the massive new storage facility in Utah, Binney suspects that it now simply collects everything. “The whole idea was, how do you manage 20 terabytes of intercept a minute?” he says. “The way we proposed was to distinguish between things you want and things you don’t want.” Instead, he adds, “they’re storing everything they gather.” And the agency is gathering as much as it can.
Once the communications are intercepted and stored, the data-mining begins. “You can watch everybody all the time with data- mining,” Binney says. Everything a person does becomes charted on a graph, “financial transactions or travel or anything,” he says. Thus, as data like bookstore receipts, bank statements, and commuter toll records flow in, the NSA is able to paint a more and more detailed picture of someone’s life.
The NSA also has the ability to eavesdrop on phone calls directly and in real time. According to Adrienne J. Kinne, who worked both before and after 9/11 as a voice interceptor at the NSA facility in Georgia, in the wake of the World Trade Center attacks “basically all rules were thrown out the window, and they would use any excuse to justify a waiver to spy on Americans.” Even journalists calling home from overseas were included. “A lot of time you could tell they were calling their families,” she says, “incredibly intimate, personal conversations.” Kinne found the act of eavesdropping on innocent fellow citizens personally distressing. “It’s almost like going through and finding somebody’s diary,” she says.
…
Sitting in a restaurant not far from NSA headquarters, the place where he spent nearly 40 years of his life, Binney held his thumb and forefinger close together. “We are, like, that far from a turnkey totalitarian state,” he says.
…
Meanwhile, over in Building 5300, the NSA succeeded in building an even faster supercomputer. “They made a big breakthrough,” says another former senior intelligence official, who helped oversee the program. The NSA’s machine was likely similar to the unclassified Jaguar, but it was much faster out of the gate, modified specifically for cryptanalysis and targeted against one or more specific algorithms, like the AES. In other words, they were moving from the research and development phase to actually attacking extremely difficult encryption systems. The code-breaking effort was up and running.
The breakthrough was enormous, says the former official, and soon afterward the agency pulled the shade down tight on the project, even within the intelligence community and Congress. “Only the chairman and vice chairman and the two staff directors of each intelligence committee were told about it,” he says. The reason? “They were thinking that this computing breakthrough was going to give them the ability to crack current public encryption.”
The Cyber Intelligence Sharing and Protection Act (CISPA) is quickly becoming the Internet’s new most-hated piece of legislation. But is it really “the new SOPA,” as critics are calling it? Here, a comprehensive rundown of what CISPA is, what it does, and why people think it’s dangerous.
The Internet has a new enemy. The Cyber Intelligence Sharing and Protection Act of 2011 (CISPA), also known as H.R. 3523, is a “cybersecurity” bill in the House of Representatives. CISPA is quickly gaining traction as “the new SOPA,” the infamous anti-piracy bill that was forced to crawl back into its hole after thousands of websites and millions of Web users protested with a massive, high-profile “blackout.” While CISPA does not focus primarily on intellectual property (though that’s in there, too), critics say the problems with the bill run just as deep. But what is CISPA, really, and will its presence on Congress’ agenda cause the same type of online revolt that SOPA and PIPA did?
What is CISPA?
Unveiled to the House by Rep. Mike Rogers (R-MI) and Rep. C.A. “Dutch” Ruppersberger (D-MD) late last year, CISPA is described as a “cybersecurity” bill. It proposes to amend the National Security Act of 1947 to allow for greater sharing of “cyber threat intelligence” between the U.S. government and the private sector, or between private companies. The bill defines “cyber threat intelligence” as any information pertaining to vulnerabilities of, or threats to, networks or systems owned and operated by the U.S. government, or U.S. companies; or efforts to “degrade, disrupt, or destroy” such systems or networks; or the theft or “misappropriation” of any private or government information, including intellectual property.
CISPA also removes any liability from private companies who collect and share qualified information with the federal government, or with each other. Finally, it directs the Privacy and Civil Liberties Oversight Board to conduct annual reviews of the sharing and use of the collected information by the U.S. government.
Read the full text of CISPA here, or the full official summary at the bottom of this page.
Who supports CISPA?
The bill currently has a whopping 106 co-sponsors in the House — more than twice the number SOPA ever had. Also unlike SOPA, CISPA has explicit support from some of the technology industry’s biggest players, including Internet service providers like AT&T and Verizon, Web companies like Facebook, and hardware companies like IBM and Intel.
See the full list of CISPA co-sponsors here. See a complete list of companies and groups that support CISPA here.
What CISPA supporters say it will do
According to Rep. Rogers, CISPA will help U.S. companies defend themselves “from advanced cyber threats, without imposing any new federal regulations or unfunded private sector mandate.” It will also create “new private sector jobs for cybersecurity professionals,” and protect “the thousands of jobs created by the American intellectual property that Chinese hackers are trying to steal every day.”
In a statement, Rep. Ruppersberger pushed his reasons for proposing the legislation, saying, “Without important, immediate changes to American cybersecurity policy, I believe our country will continue to be at risk for a catastrophic attack to our nation’s vital networks — networks that power our homes, provide our clean water or maintain the other critical services we use every day. This small but important piece of legislation is a decisive first step to tackle the cyber threats we face.”
Private companies like the bill because it removes some of the regulations that prevent them from sharing cyber threat information, or make it harder to do so. In short, they believe the bill will do exactly what its supporters in the House say it will do — help better protect them from cyber attacks.
What CISPA opponents are worried about
As with SOPA and PIPA, the first main concern about CISPA is its “broad language,” which critics fear allows the legislation to be interpreted in ways that could infringe on our civil liberties. The Center for Democracy and Technology sums up the problems with CISPA this way:
• The bill has a very broad, almost unlimited definition of the information that can be shared with government agencies notwithstanding privacy and other laws;
• The bill is likely to lead to expansion of the government’s role in the monitoring of private communications as a result of this sharing;
• It is likely to shift control of government cybersecurity efforts from civilian agencies to the military;
• Once the information is shared with the government, it wouldn’t have to be used for cybesecurity, but could instead be used for any purpose that is not specifically prohibited.
The Electronic Frontier Foundation (EFF) adds that CISPA’s definition of “cybersecurity” is so broad that “it leaves the door open to censor any speech that a company believes would ‘degrade the network.’” Moreover, the inclusion of “intellectual property” means that companies and the government would have “new powers to monitor and censor communications for copyright infringement.”
Furthermore, critics warn that CISPA gives private companies the ability to collect and share information about their customers or users with immunity — meaning we cannot sue them for doing so, and they cannot be charged with any crimes.
According to the EFF, CISPA “effectively creates a ‘cybersecurity’ exemption to all existing laws.”
“There are almost no restrictions on what can be collected and how it can be used, provided a company can claim it was motivated by ‘cybersecurity purposes,’” the EFF continues. “That means a company like Google, Facebook, Twitter, or AT&T could intercept your emails and text messages, send copies to one another and to the government, and modify those communications or prevent them from reaching their destination if it fits into their plan to stop cybersecurity threats.”
Is the Internet freaking out like it did over SOPA/PIPA?
Not yet — but it’s starting to. After TechDirt’s Mike Masnick — a widely followed and trusted source on matters of laws regarding technology, intellectual property, and how they might affect our civil rights — posted an article telling readers to “forget SOPA, you should be worried about this cybersecurity bill” earlier this week, concerned Web users have started to take notice. On Reddit, a community that is largely responsible for the push-back against SOPA/PIPA, an increasing number of posts (some accurate, some not) have popped up regarding the potential dangers of CISPA. Anonymous has also started to get in on the action, having released a “dox” on Rep. Rogers, and a video condemning the bill, earlier this week.
Will CISPA pass?
Nobody can say for sure, but at the moment, its passage looks likely. CISPA breezed through the House Intelligence Committee on December 1, 2011, with a bipartisan vote of 17-1. Also, as mentioned, the bill has broad support in the House, with 106 co-sponsors, 10 of whom are committee chairmen.
As with any piece of legislation, however, nothing is certain until the president signs the bill. And if the Internet community rises up in the same way it did against SOPA and PIPA, then you will certainly see support for CISPA crumble in Congress (it is an election year, after all). That said, whether or not the Internet will react with such force remains a big “if.”
Conclusion
Regardless of the value of CISPA, cyber threats are a real and serious problem, one that the U.S. government will address through legislative means. Civil liberty watchdogs are always going to be wary of any bill that could possibly threaten our privacy, or put us at the mercy of corporations and the federal government. However, CISPA does have all the problems critics claim it has, and Web users should be paying critical attention to the bill.
Remember: opposing this particular bill, or others with similar problems, is not the same as a disregard for our cybersecurity, or national security — which is precisely how CISPA supporters in Congress will attempt to frame the opposition, if or when it gathers steam.
The Cyber Intelligence Sharing and Protection Act (CISPA) is quickly becoming the Internet’s new most-hated piece of legislation. But is it really “the new SOPA,” as critics are calling it? Here, a comprehensive rundown of what CISPA is, what it does, and why people think it’s dangerous.
The Internet has a new enemy. The Cyber Intelligence Sharing and Protection Act of 2011 (CISPA), also known as H.R. 3523, is a “cybersecurity” bill in the House of Representatives. CISPA is quickly gaining traction as “the new SOPA,” the infamous anti-piracy bill that was forced to crawl back into its hole after thousands of websites and millions of Web users protested with a massive, high-profile “blackout.” While CISPA does not focus primarily on intellectual property (though that’s in there, too), critics say the problems with the bill run just as deep. But what is CISPA, really, and will its presence on Congress’ agenda cause the same type of online revolt that SOPA and PIPA did?
What is CISPA?
Unveiled to the House by Rep. Mike Rogers (R-MI) and Rep. C.A. “Dutch” Ruppersberger (D-MD) late last year, CISPA is described as a “cybersecurity” bill. It proposes to amend the National Security Act of 1947 to allow for greater sharing of “cyber threat intelligence” between the U.S. government and the private sector, or between private companies. The bill defines “cyber threat intelligence” as any information pertaining to vulnerabilities of, or threats to, networks or systems owned and operated by the U.S. government, or U.S. companies; or efforts to “degrade, disrupt, or destroy” such systems or networks; or the theft or “misappropriation” of any private or government information, including intellectual property.
CISPA also removes any liability from private companies who collect and share qualified information with the federal government, or with each other. Finally, it directs the Privacy and Civil Liberties Oversight Board to conduct annual reviews of the sharing and use of the collected information by the U.S. government.
Read the full text of CISPA here, or the full official summary at the bottom of this page.
Who supports CISPA?
The bill currently has a whopping 106 co-sponsors in the House — more than twice the number SOPA ever had. Also unlike SOPA, CISPA has explicit support from some of the technology industry’s biggest players, including Internet service providers like AT&T and Verizon, Web companies like Facebook, and hardware companies like IBM and Intel.
See the full list of CISPA co-sponsors here. See a complete list of companies and groups that support CISPA here.
What CISPA supporters say it will do
According to Rep. Rogers, CISPA will help U.S. companies defend themselves “from advanced cyber threats, without imposing any new federal regulations or unfunded private sector mandate.” It will also create “new private sector jobs for cybersecurity professionals,” and protect “the thousands of jobs created by the American intellectual property that Chinese hackers are trying to steal every day.”
In a statement, Rep. Ruppersberger pushed his reasons for proposing the legislation, saying, “Without important, immediate changes to American cybersecurity policy, I believe our country will continue to be at risk for a catastrophic attack to our nation’s vital networks — networks that power our homes, provide our clean water or maintain the other critical services we use every day. This small but important piece of legislation is a decisive first step to tackle the cyber threats we face.”
Private companies like the bill because it removes some of the regulations that prevent them from sharing cyber threat information, or make it harder to do so. In short, they believe the bill will do exactly what its supporters in the House say it will do — help better protect them from cyber attacks.
What CISPA opponents are worried about
As with SOPA and PIPA, the first main concern about CISPA is its “broad language,” which critics fear allows the legislation to be interpreted in ways that could infringe on our civil liberties. The Center for Democracy and Technology sums up the problems with CISPA this way:
• The bill has a very broad, almost unlimited definition of the information that can be shared with government agencies notwithstanding privacy and other laws;
• The bill is likely to lead to expansion of the government’s role in the monitoring of private communications as a result of this sharing;
• It is likely to shift control of government cybersecurity efforts from civilian agencies to the military;
• Once the information is shared with the government, it wouldn’t have to be used for cybesecurity, but could instead be used for any purpose that is not specifically prohibited.
The Electronic Frontier Foundation (EFF) adds that CISPA’s definition of “cybersecurity” is so broad that “it leaves the door open to censor any speech that a company believes would ‘degrade the network.’” Moreover, the inclusion of “intellectual property” means that companies and the government would have “new powers to monitor and censor communications for copyright infringement.”
Furthermore, critics warn that CISPA gives private companies the ability to collect and share information about their customers or users with immunity — meaning we cannot sue them for doing so, and they cannot be charged with any crimes.
According to the EFF, CISPA “effectively creates a ‘cybersecurity’ exemption to all existing laws.”
“There are almost no restrictions on what can be collected and how it can be used, provided a company can claim it was motivated by ‘cybersecurity purposes,’” the EFF continues. “That means a company like Google, Facebook, Twitter, or AT&T could intercept your emails and text messages, send copies to one another and to the government, and modify those communications or prevent them from reaching their destination if it fits into their plan to stop cybersecurity threats.”
Is the Internet freaking out like it did over SOPA/PIPA?
Not yet — but it’s starting to. After TechDirt’s Mike Masnick — a widely followed and trusted source on matters of laws regarding technology, intellectual property, and how they might affect our civil rights — posted an article telling readers to “forget SOPA, you should be worried about this cybersecurity bill” earlier this week, concerned Web users have started to take notice. On Reddit, a community that is largely responsible for the push-back against SOPA/PIPA, an increasing number of posts (some accurate, some not) have popped up regarding the potential dangers of CISPA. Anonymous has also started to get in on the action, having released a “dox” on Rep. Rogers, and a video condemning the bill, earlier this week.
Will CISPA pass?
Nobody can say for sure, but at the moment, its passage looks likely. CISPA breezed through the House Intelligence Committee on December 1, 2011, with a bipartisan vote of 17-1. Also, as mentioned, the bill has broad support in the House, with 106 co-sponsors, 10 of whom are committee chairmen.
As with any piece of legislation, however, nothing is certain until the president signs the bill. And if the Internet community rises up in the same way it did against SOPA and PIPA, then you will certainly see support for CISPA crumble in Congress (it is an election year, after all). That said, whether or not the Internet will react with such force remains a big “if.”
Conclusion
Regardless of the value of CISPA, cyber threats are a real and serious problem, one that the U.S. government will address through legislative means. Civil liberty watchdogs are always going to be wary of any bill that could possibly threaten our privacy, or put us at the mercy of corporations and the federal government. However, CISPA does have all the problems critics claim it has, and Web users should be paying critical attention to the bill.
Remember: opposing this particular bill, or others with similar problems, is not the same as a disregard for our cybersecurity, or national security — which is precisely how CISPA supporters in Congress will attempt to frame the opposition, if or when it gathers steam.
One way to neutralize a potential activist is to get them to be in a group that does all the wrong things. Why?
1) The message doesn’t get out. 2) A lot of time is wasted 3) The activist is frustrated and discouraged 4) Nothing good is accomplished.
FBI and Police Informers and Infiltrators will infest any group and they have phoney activist organizations established.
Their purpose is to prevent any real movement for justice or eco-peace from developing in this country.
Agents come in small, medium or large. They can be of any ethnic background. They can be male or female.
The actual size of the group or movement being infiltrated is irrelevant. It is the potential the movement has for becoming large which brings on the spies and saboteurs.
This booklet lists tactics agents use to slow things down, foul things up, destroy the movement and keep tabs on activists.
It is the agent’s job to keep the activist from quitting such a group, thus keeping him/her under control.
In some situations, to get control, the agent will tell the activist:
“You’re dividing the movement.”
[Here, I have added the psychological reasons as to WHY this maneuver works to control people]
This invites guilty feelings. Many people can be controlled by guilt. The agents begin relationships with activists behind a well-developed mask of “dedication to the cause.” Because of their often declared dedication, (and actions designed to prove this), when they criticize the activist, he or she – being truly dedicated to the movement – becomes convinced that somehow, any issues are THEIR fault. This is because a truly dedicated person tends to believe that everyone has a conscience and that nobody would dissimulate and lie like that “on purpose.” It’s amazing how far agents can go in manipulating an activist because the activist will constantly make excuses for the agent who regularly declares their dedication to the cause. Even if they do, occasionally, suspect the agent, they will pull the wool over their own eyes by rationalizing: “they did that unconsciously… they didn’t really mean it… I can help them by being forgiving and accepting ” and so on and so forth.
The agent will tell the activist:
“You’re a leader!”
This is designed to enhance the activist’s self-esteem. His or her narcissistic admiration of his/her own activist/altruistic intentions increase as he or she identifies with and consciously admires the altruistic declarations of the agent which are deliberately set up to mirror those of the activist.
This is “malignant pseudoidentification.” It is the process by which the agent consciously imitates or simulates a certain behavior to foster the activist’s identification with him/her, thus increasing the activist’s vulnerability to exploitation. The agent will simulate the more subtle self-concepts of the activist.
Activists and those who have altruistic self-concepts are most vulnerable to malignant pseudoidentification especially during work with the agent when the interaction includes matter relating to their competency, autonomy, or knowledge.
The goal of the agent is to increase the activist’s general empathy for the agent through pseudo-identification with the activist’s self-concepts.
The most common example of this is the agent who will compliment the activist for his competency or knowledge or value to the movement. On a more subtle level, the agent will simulate affects and mannerisms of the activist which promotes identification via mirroring and feelings of “twinship”. It is not unheard of for activists, enamored by the perceived helpfulness and competence of a good agent, to find themselves considering ethical violations and perhaps, even illegal behavior, in the service of their agent/handler.
The activist’s “felt quality of perfection” [self-concept] is enhanced, and a strong empathic bond is developed with the agent through his/her imitation and simulation of the victim’s own narcissistic investments. [self-concepts] That is, if the activist knows, deep inside, their own dedication to the cause, they will project that onto the agent who is “mirroring” them.
The activist will be deluded into thinking that the agent shares this feeling of identification and bonding. In an activist/social movement setting, the adversarial roles that activists naturally play vis a vis the establishment/government, fosters ongoing processes of intrapsychic splitting so that “twinship alliances” between activist and agent may render whole sectors or reality testing unavailable to the activist. They literally “lose touch with reality.”
Activists who deny their own narcissistic investments [do not have a good idea of their own self-concepts and that they ARE concepts] and consciously perceive themselves (accurately, as it were) to be “helpers” endowed with a special amount of altruism are exceedingly vulnerable to the affective (emotional) simulation of the accomplished agent.
Empathy is fostered in the activist through the expression of quite visible affects. The presentation of tearfulness, sadness, longing, fear, remorse, and guilt, may induce in the helper-oriented activist a strong sense of compassion, while unconsciously enhancing the activist’s narcissistic investment in self as the embodiment of goodness.
The agent’s expresssion of such simulated affects may be quite compelling to the observer and difficult to distinguish from deep emotion.
It can usually be identified by two events, however:
First, the activist who has analyzed his/her own narcissistic roots and is aware of his/her own potential for being “emotionally hooked,” will be able to remain cool and unaffected by such emotional outpourings by the agent.
As a result of this unaffected, cool, attitude, the Second event will occur: The agent will recompensate much too quickly following such an affective expression leaving the activist with the impression that “the play has ended, the curtain has fallen,” and the imposture, for the moment, has finished. The agent will then move quickly to another activist/victim.
The fact is, the movement doesn’t need leaders, it needs MOVERS. “Follow the leader” is a waste of time.
A good agent will want to meet as often as possible. He or she will talk a lot and say little. One can expect an onslaught of long, unresolved discussions.
Some agents take on a pushy, arrogant, or defensive manner:
1) To disrupt the agenda
2) To side-track the discussion
3) To interrupt repeatedly
4) To feign ignorance
5) To make an unfounded accusation against a person.
Calling someone a racist, for example. This tactic is used to discredit a person in the eyes of all other group members.
Saboteurs
Some saboteurs pretend to be activists. She or he will ….
1) Write encyclopedic flyers (in the present day, websites)
2) Print flyers in English only.
3) Have demonstrations in places where no one cares.
4) Solicit funding from rich people instead of grass roots support
5) Display banners with too many words that are confusing.
6) Confuse issues.
7) Make the wrong demands.
Cool Compromise the goal.
9) Have endless discussions that waste everyone’s time. The agent may accompany the endless discussions with drinking, pot smoking or other amusement to slow down the activist’s work.
Provocateurs
1) Want to establish “leaders” to set them up for a fall in order to stop the movement.
2) Suggest doing foolish, illegal things to get the activists in trouble.
3) Encourage militancy.
4) Want to taunt the authorities.
5) Attempt to make the activist compromise their values.
6) Attempt to instigate violence. Activisim ought to always be non-violent.
7) Attempt to provoke revolt among people who are ill-prepared to deal with the reaction of the authorities to such violence.
Informants
1) Want everyone to sign up and sing in and sign everything.
2) Ask a lot of questions (gathering data).
3) Want to know what events the activist is planning to attend.
4) Attempt to make the activist defend him or herself to identify his or her beliefs, goals, and level of committment.
Recruiting
Legitimate activists do not subject people to hours of persuasive dialog. Their actions, beliefs, and goals speak for themselves.
Groups that DO recruit are missionaries, military, and fake political parties or movements set up by agents.
Surveillance
ALWAYS assume that you are under surveillance.
At this point, if you are NOT under surveillance, you are not a very good activist!
Scare Tactics
They use them.
Such tactics include slander, defamation, threats, getting close to disaffected or minimally committed fellow activists to persuade them (via psychological tactics described above) to turn against the movement and give false testimony against their former compatriots. They will plant illegal substances on the activist and set up an arrest; they will plant false information and set up “exposure,” they will send incriminating letters [emails] in the name of the activist; and more; they will do whatever society will allow.
This booklet in no way covers all the ways agents use to sabotage the lives of sincere an dedicated activists.
If an agent is “exposed,” he or she will be transferred or replaced.
COINTELPRO is still in operation today under a different code name. It is no longer placed on paper where it can be discovered through the freedom of information act.
The FBI counterintelligence program’s stated purpose: To expose, disrupt, misdirect, discredit, and otherwise neutralize individuals who the FBI categorize as opposed to the National Interests. “National Security” means the FBI’s security from the people ever finding out the vicious things it does in violation of people’s civil liberties.
The purpose of Project PM’s wiki is to provide a centralized, actionable data set regarding the intelligence contracting industry, the PR industry’s interface with totalitarian regimes, the mushrooming infosec/”cybersecurity” industry, and other issues constituting threats to human rights, civic transparency, individual privacy, and the health of democratic institutions.
This is a crowdsourced investigation focused on research and analysis. If you care that the surveillance state is expanding in capabilities and intent without being effectively opposed by the population of the West, you can assist in making this an actionable resource for journalists, activists, and other interested parties. Consider doing a bit of research on the companies and government agencies listed on this wiki, or even adding new topic for investigation by our participants. The best place to start is the Community Portal. We also need help adding much more to Media Reports.
Do not editorialize when contributing; simply add pertinent facts and link to source material. Employ the same writing style one finds at Wikipedia. If you’d like to contribute information to our data set without editing the wiki yourself, you may do so by sending the info to us at [email protected] (more secure means of communication can be arranged if you care to send an anonymous e-mail to that account). If you have personal knowledge about this topic for any reason, please consider letting us know via that e-mail address. Better yet, you can download an IRC client and join us at ircs://project-pm.org:6697 (If you’re not familiar with IRC, you can use this Mibbit, weblink to connect to our IRC chat server) Those interested in starting groups similar to Project PM should see our Guide to Pursuants.
Editing the Wiki
Public editing has returned to the wiki, feel free to contribute research to this project. Only registered accounts may edit, and you may need to recreate your account if you had one previously.
To browse through the complete list of pages on this site, click here. Some important pages are listed below. For a list of terms used in these articles, you can check the Glossary and Acronyms
A new bill in Connecticut has advanced the idea of embedded RFID chips in license plates. (PDF)
The admitted revenue-generating scheme, which would enable real-time tracking from points throughout the state, was first proposed to lawmakers by former astronaut, Paul Scully-Power.
Perhaps even more disturbing than Scully-Power’s connection to the companies that would profit from the implementation of the technology, is when he openly states that, “An RFID program would be phased in gradually and then expanded to accomplish other policing tasks without having to change equipment … the second phase would be to implement speeding violations.” (Source)
As we steamroll headlong toward being tracked, traced and databased both on real highways, as well as the information highway of the Internet, this license plate tracking scheme is merely an echo of the much larger framework of surveillance and control already under development, which ultimately includes a cashless society and microchipped population. The following 2-hour video offers a synopsis of where we currently stand, and where we are heading:
For most of us, our experience on Facebook is a benign – even banal – one. A status update about a colleague’s commute. A “friend” request from someone we haven’t seen for years (and hoped to avoid for several more). A picture of another friend’s baby, barely distinguishable from the dozen posted the day before.
Some four billion pieces of content are shared every day by 845 million users. And while most are harmless, it has recently come to light that the site is brimming with paedophilia, pornography, racism and violence – all moderated by outsourced, poorly vetted workers in third world countries paid just $1 an hour.
In addition to the questionable morality of a company that is about to create 1,000 millionaires when it floats paying such paltry sums, there are significant privacy concerns for the rest of us. Although this invisible army of moderators receive basic training, they work from home, do not appear to undergo criminal checks, and have worrying access to users’ personal details. In a week in which there has been an outcry over Google’s privacy policies, can we expect a wider backlash over the extent to which we trust companies with our intimate information?
Last month, 21-year-old Amine Derkaoui gave an interview to Gawker, an American media outlet. Derkaoui had spent three weeks working in Morocco for oDesk, one of the outsourcing companies used by Facebook. His job, for which he claimed he was paid around $1 an hour, involved moderating photos and posts flagged as unsuitable by other users.
“It must be the worst salary paid by Facebook,” he told The Daily Telegraph this week. “And the job itself was very upsetting – no one likes to see a human cut into pieces every day.”
Derkaoui is not exaggerating. An articulate man, he described images of animal abuse, butchered bodies and videos of fights. Other moderators, mainly young, well-educated people working in Asia, Africa and Central America, have similar stories. “Paedophilia, necrophilia, beheadings, suicides, etc,” said one. “I left [because] I value my sanity.” Another compared it to working in a sewer. “All the —- of the world flows towards you and you have to clean it up,” he said.
Who, one wonders, apart from the desperate, the unstable and the unsavoury, would be attracted to doing such an awful job in the first place?
Of course, not all of the unsuitable material on the site is so graphic. Facebook operates a fascinatingly strict set of guidelines determining what should be deleted. Pictures of naked private parts, drugs (apart from marijuana) and sexual activity (apart from foreplay) are all banned. Male nipples are OK, but naked breastfeeding is not. Photographs of bodily fluids (except semen) are allowed, but not if a human being is also shown. Photoshopped images are fine, but not if they show someone in a negative light.
Once something is reported by a user, the moderator sitting at his computer in Morocco or Mexico has three options: delete it; ignore it; or escalate it, which refers it back to a Facebook employee in California (who will, if necessary, report it to the authorities). Moderators are told always to escalate specific threats – “I’m going to stab Lisa H at the frat party” is given as the charming example – but not generic, unlikely ones, such as “I’m going to blow up the planet on New Year’s Eve.”
It is, of course, to Facebook’s credit that they are attempting to balance their mission “to make the world more open and connected” with a willingness to remove traces of the darker side of human nature. The company founded by Mark Zuckerberg in his Harvard bedroom is richer and more populated than many countries. These moderators are their police.
Neither is Facebook alone in outsourcing unpleasant work. Adam Levin, the US-based chief executive of Criterion Capital Partners and the owner of British social network Bebo, says that the process is “rampant” across Silicon Valley.
“We do it at Bebo,” he says. “Facebook has so much content flowing into its system every day that it needs hundreds of people moderating all the images and posts which are flagged. That type of workforce is best outsourced for speed, scale and cost.”
A spokesman for Twitter said that they have an internal moderation team, but refused to answer a question about outsourcing. Similarly, a Google spokesperson would not say how Google+, the search giant’s new social network, will be moderated. Neither Facebook nor oDesk were willing to comment on anything to do with outsourcing or moderation.
Levin, however, estimates that Facebook indirectly employs between 800 to 1,000 moderators via oDesk and others – nearly a third of its more handsomely remunerated full-time staff. Graham Cluley, of the internet security firm Sophos, calls Silicon Valley’s outsourcing culture its “poorly kept dirty secret”.
The biggest worry for the rest of us, however, is that the moderation process isn’t nearly secretive enough. According to Derkaoui, there are no security measures on a moderator’s computer to stop them uploading obscene material themselves. Despite coming into daily contact with such material, he was never subjected to a criminal record check. Where, then, is the oversight body for these underpaid global police? Quis custodiet ipsos custodes?
Facebook itself is guarding them, according to a previous statement to which the Telegraph was referred. “These contractors are subject to rigorous quality controls and we have implemented several layers of safeguards to protect the data of those using our service,” it read. “No user information beyond the content in question and the source of the report is shared. All decisions made by contractors are subject to extensive audits.”
And yet in the images due for moderation seen by the Telegraph, the name of anyone “tagged” in an offending post – as well as the user who uploaded it – could be clearly discerned. A Facebook spokesman said that these names are shared with the moderators to put the content in context – a context sufficient for Derkaoui to claim that he had as much information as “looking at a friend’s Facebook page”. He admits to having subsequently looked up more information online about the people he had been moderating. Cluley is worried that Facebook users could be blackmailed by disgruntled moderators – or even see pictures originally intended for a small circle of friends pasted all over the web.
Shamoon Siddiqui, chief executive of Develop.io, an American app-building firm that employs people in the developing world for a more generous $7 to $10 an hour, agrees that better security measures are needed. “It isn’t wrong for Facebook to have an Indian office,” he says. “But it is wrong for it to use an arbitrary marketplace with random people it doesn’t know in that country. This will have to change.”
In Britain, for example, all web moderators have to undergo an enhanced CRB check. eModeration, whose clients range from HSBC to The X-Factor, pays £10 an hour and never lets its staff spend too long on the gritty stuff. They wouldn’t go near the Facebook account. The job, says Tamara Littleton, its chief executive, is too big, the moderating too reactive, and they couldn’t compete on cost with the likes of oDesk.
So, if no one can undercut the likes of oDesk, could they not be undermined instead? If Mr Zuckerberg will not dig deeper into his $17.5 billion pockets to pay the street-sweepers of Facebook properly, maybe he could be persuaded by a little moral outrage?
Levin disagrees. “Perhaps a minute percentage of users will stop using Facebook when they hear about this,” he says. “But the more digital our society becomes, the less people value their privacy.”
Perhaps. But maybe disgruntled commuters, old schoolfriends and new mothers will think twice before sharing intimate information with their “friends” – only to find that two minutes later it’s being viewed by an under-vetted, unfulfilled person on a dollar an hour in an internet café in Marrakech.
NAIROBI, Kenya (The Blaze/AP) — An American reconnaissance plane crashed 6 miles (10 kilometers) from the only U.S. base in Africa, killing four service members on board, after returning from a mission in support of the war in Afghanistan, the military said Monday.The statement said that the crash occurred at about 8 p.m. Saturday in Djibouti. U.S. personnel from Camp Lemonnier in the tiny Horn of Africa nation responded to the scene. Reports don’t specify what exactly took the plane down, but Specialist Ryan Whitney of the 1st Special Operations Wing said that initial indications are that the plane did not crash because of hostile fire.
The plane was conducting an intelligence, surveillance and reconnaissance mission, he said. A statement from U.S. Africa Command called it a “routine” flight.
Amy Oliver, public affairs director of the Air Force 1st Special Operations Wing, said the single-engine, fixed-wing U-28A was returning from a mission in support of the Afghanistan war, specifically Operation Enduring Freedom.
The cause of the crash is still under investigation. Camp Lemonnier lies only miles from the border with Somalia. Wired, which called the aircraft a “spy” plane, reports that military activity in this area has increased recently:
The four killed in the crash included: Capt. Ryan P. Hall, 30, of Colorado Springs, Colorado, with the 319th Special Operations Squadron; Capt. Nicholas S. Whitlock, 29, of Newnan, Georgia, with the 34th Special Operations Squadron; 1st Lt. Justin J. Wilkens, 26, of Bend, Oregon, with the 34th Special Operations Squadron; and Senior Airman Julian S. Scholten, 26, of Upper Marlboro, Maryland, with the 25th Intelligence Squadron.
Hall was a U-28 pilot with more than 1,300 combat flight hours. He was assigned to the 319th Special Operations Squadron at Hurlburt Field, Fla.
EFF activist Eva Galperin interviews EFF criminal defense attorney, Hanni Fakhoury, on the newest edition of Line Noise, the EFF podcast. Whether law enforcement wants to search your home computer, tries to browse through your smart phone at a traffic stop, or seeks to thumb through your camera at customs, you should know your rights.
Learn more about your privacy rights by reading our Know Your Rights guide, or test your skills with our quiz.
This edition of Line Noise was recorded on-site from the San Francisco studio of Bamm.tv
Hacked emails from security contractor HBGary Federal reveal a disturbing public-private partnership to spy on web users
In February 2011, the hackers’ collective Anonymous released 70,000 emails from security contractor HBGary Federal, which revealed that CEO Aaron Barr had offered the firm’s services to mount cyber-attacks against WikiLeaks and others on behalf of corporate clients. Photograph: Getty Images
“In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist.”
Sixty years later, the military-industrial complex has been joined by another unprecedented centre of what has increasingly proven to be “misplaced power”: the dozens of secretive firms known collectively as the intelligence contracting industry.
Last February, three of these firms – HBGary Federal, Palantir and Berico, known collectively as Team Themis – were discovered to have conspired to hire out their information war capabilities to corporations which hoped to strike back at perceived enemies, including US activist groups, WikiLeaks and journalist Glenn Greenwald. That such a dangerous new dynamic was now in play was only revealed due to a raid by hackers associated with the Anonymous collective, resulting in the dissemination of more than 70,000 emails to and from executives at HBGary Federal and affiliated company HBGary.
After having spent several months studying those emails and otherwise investigating the industry depicted therein, I have revealed my summary of a classified US intelligence programme known as Romas/COIN, as well as its upcoming replacement, known as Odyssey. The programme appears to allow for the large-scale monitoring of social networks by way of such things as natural language processing, semantic analysis, latent semantic indexing and IT intrusion. At the same time, it also entails the dissemination of some unknown degree of information to a given population through a variety of means – without any hint that the actual source is US intelligence. Scattered discussions of Arab translation services may indicate that the programme targets the Middle East.
Despite the details I have provided in the document – which is also now in the possession of several major news outlets and which may be published in whole or in part by any party that cares to do so – there remains a great deal that is unclear about Romas/COIN and the capabilities it comprises. The information with which I’ve worked consists almost entirely of email correspondence between executives of several firms that together sought to win the contract to provide the programme’s technical requirements, and because many of the discussions occurred in meetings and phone conversations, the information remaining deals largely with prospective partners, the utility of one capability over another, and other clues spread out over hundreds of email exchanges between a large number of participants.
The significance of this programme to the public is not limited to its potential for abuse by facets of the US intelligence community, which has long been proverbial for misusing other of its capabilities. Perhaps the most astonishing aspect is the fact that the partnership of contracting firms and other corporate entities that worked to obtain the contract was put into motion in large part by Aaron Barr, the disgraced former CEO of HBGary Federal who was at the centre of Team Themis’s conspiracy to put high-end intelligence capabilities at the disposal of private institutions. As I explain further in the linked report, this fact alone should prompt increased investigation into the manner in which this industry operates and the threats it represents to democratic institutions.
Altogether, the existence and nature of Romas/COIN should confirm what many had already come to realise over the past few years, in particular: the US and other states have no intention of allowing populations to conduct their affairs without scrutiny. Such states ought not complain when they find themselves subjected to similar scrutiny – as will increasingly become the case over the next several years.
• Editor’s note: The headline and photo caption in this article originally alluded to HBGary. HBGary Federal is the company in question, which is a distinct entity from HBGary Inc. The article has been amended to make that clarification at 9am (BST) on 23 June 2011
Courtesy of Cryptome’s link distribution, we get a glimpse into the mind of 1952 (an era when crypto on land lines was very limited, indeed). We get to see how the US tapped and how it worked with the phone company to tap others – in the course of determining that standard US techniques for taps were not present (2-wire pair line tampering, inductive tapping of the 2-wire pair on local telephone pole, tapping of the “multiplying line” extensions).
Let’s not forget jus “how physical” was telephony, in 1952.
We also get to see the reaction to (activated) resonant cavity class of listening device – distinct from tapping lines.
One sees the resource requirements, and the basic attack plan for the new threat (and the desire not to alert the tapper, presumably so the tap could be turned to dis-information).
One notes that searchers were familiar with microphony attacks in general, though not the cavity resonant devices initially.
Earlier disclosures show that the high level FBI agent had two classes of phone – those served by the phone company and those installed by DoD (obvious from the context of the redacted material). This shows that, in the 1950s, FBI was very much sub-servient to DoD in technical countermeasures.
At the same time, we note how the FBI was viewed as a go-to agency, by others (not that there is any suggestion that there is a law enforcement rationale to such requests).
The USPS (as a giant spying agency on paper) was probably one source, and one notes how the agencies were colluding to track EACH cabinet officer (of the government) for oral cues (as to the souce of leaks about USPS policies). This all seems consistent with the general state of red-scare paranoia of the period, as folks sought to address technical information leakage on the bomb, etc. Note that its all very much a pretext (to get the FBI into the “business”), since its all about the club of executives (not line sources).
One sees also other civilian issues, including Bensons’ solid understanding of the price sensitivity (which seems a bit more coherent, and more tuned to issues of today):
Its fun to see the “most likely” sources of placement:
One sees some of the normal “art” of the searcher, used to American equipment:-
One notes a couple of references to the “countermeasure” device (which could be DoD/FBI trojan horse, of course):
An outline of its purposes follows (basically, it isolates the mic in the handset, or suppresses it own diaphragm)
One sees a side threat, too, repurposing lines:
An interesting tit bit about the secret service wanting to do their own scan, and the FBI a sole source of the equipment (which was hand made, which is telling about FBI’s “Lab Division” technical capabilities in presumably valve electronics of the day).
At the same time, evidently there is a standard design (such that it can now be ”procured”).
One see several features of a general foil, since folks rationalize that its more important to protect the channel that to prevent leaks. They really WANT to use it for reverse signaling, consistent with 1945 counter-intelligence doctrine. There is also the assumption that the Presidents Office and Cabinet Office are really not secure areas (since the cabinet officers are necessarily surveilled proto-suspects, themselves).
One has to assume that non-FBI folks would also be testing FBI capabilities (since Hoover was such a known-deceiver). One sees how FBI is entirely compartmentalized from nuclear-level infosec/comsec (which must have irked Hoover no end).
One sees another reference to the infamous “British” equipment (which somewhat undermines the story about FBI being the sole-source of cavity mic detecting). Who operates the latter equipment is not disclosed.
we see a policy of information containment, concerning technical methods (including “acceptance” that white house could be a source of insecurity – national imperatives notwithstanding)
We see clearly how the FBI and the phone companies happily conspire to mis-inform and mid-direct the White house officials (in the hope that direct White House request be made of FBI, for an appropriate investigation, supported by technical means). It is more important to the FBI to protect this than protect the secrets being leaked!
One sees how Bell Labs is involved in subverting the signalling system, to aid tracing (suggesting that such tracing was not present, pre 1952). Having a secretary listen in to the call (and write it all up, soviet style, was deemed much more appropriate, as in White House conventions):
we also seem by 55, the emergence of ISIS, led by Treasury:
By 1955, one sees less scare about the cavity mic, and more action about compartmentalizing the Community buildings’s lines.
Folks are still obviously worried that the very proximity to the wire pairs afforded soviet tapping, of calls to friendly governments. One sees nothing about radio tapping though (where folks had the most skill.)
We also see some of the phone company responses emerging:
And, in other quotes we see the general attitude towards GSA, with phone companies wanting not to participate with GSA ‘infosec’ policies (preferring cosy relations with FBI, instead, with whom they have a working relation regarding authorized wire taps, anyways).
We see how transistors have made their mark (on size), by 1956:
One sees s little of the architectural impact on the FBIs own buildings (with reference to tie lines, etc) and “mainframe” switching:
one sees countermeasure, in 1957, to (presumably) analogue signalling for video (though we recall, they had PCM in 1942. By 1957, did they have early codecs for video?)
we see a general fishing attempt against the c ontractors of state (where FBI has no jurisdiction) – seeking to perform an intelligence review:
We see the “former agent” network subverting agency policies, with “discreet checks”, being “caused”. Cooperating with such subversion seems not to be a worry for the FBI. even absent any rationale for an “investigation”. Its just normal to engage in this type of behaviour.
One sees an interesting fact about 1945:
One sees means used to isolate those who would be independent of the FBI’s technical expertise (in wire circuits, and sound recording):
one sees the mindset of the FBI, concerning microphony (and countermeasures):
All the drivel about inspecting handsets for “tampering” is a diversion, to the microphones outside the windows measuring the window’s reactance itself! There is a fair amount of policy-based deception going on.
When you look at the endless letters, one sees folks in “power” looking for assurance that someone makes them believe that a) their equipment is not being tampered with, and (b) they indeed have something worth keeping a secret (given how important, they now are).
one sees in a 1962 memo emergence of secure phone codecs (keyed by card), with attendant overhead of security officers responsible for the keying.
Interesting facts on capabilities, costs, leased line specificity and delay:
Someone helped the FBI out, on using window material to project sound:
Updating to 1981,
Updating to 1988, we see quite a marked change in the tone. There is a lot more professionalism on display, particularly once FBI formally ceded from DIA in handling the industrial security program. Upto 1995,
Intellistreets is a wireless digital infrastructure that is designed to provide information, entertainment and safety notifications to passerby, all while controlling vehicular and pedestrian traffic, providing on-demand street lighting, and monitoring its surrounding environment. But is your privacy being threatened in the meantime?
“In each lighting fixture or each lighting pole, there is processor very much like an iPhone. And it takes inputs and outputs and talks back and forth. And the poles actually talk to each other,” Intellistreets’ inventor, Ron Harwood, told WXYZ in Farmington Hills, Mich., where the technology is made.
Governments turn to hacking techniques for surveillance of citizens
Surveillance firms that recently attended a US conference are accused of offering their services to repressive regimes
Italy’s Hacking Team offers ‘an offensive solution for cyber investigations’
In a luxury Washington, DC, hotel last month, governments from around the world gathered to discuss surveillance technology they would rather you did not know about. The annual Intelligence Support Systems (ISS) World Americas conference is a mecca for representatives from intelligence agencies and law enforcement. But to the media or members of the public, it is strictly off limits.
Gone are the days when mere telephone wiretaps satisfied authorities’ intelligence needs. Behind the cloak of secrecy at the ISS World conference, tips are shared about the latest advanced “lawful interception” methods used to spy on citizens – computer hacking, covert bugging and GPS tracking. Smartphones, email, instant message services and free chat services such as Skype have revolutionised communication. This has been matched by the development of increasingly sophisticated surveillance technology. (more…)
The act of keeping your identity hidden online by using connection methods and encryption methods, to make yourself untraceable to a person, website, company, school or whatever else you are doing/connecting to.
Smart Meters Are Surveillance Devices That Monitor The Behavior In Your Home Every Single Minute Of Every Single Day
Have you heard about the new “smart meters” that are being installed in homes all across America? Under the guise of “reducing greenhouse gas emissions” and “reducing energy bills”, utility companies all over the United States are forcing tens of millions of American families to accept sophisticated surveillance devices in their homes. Currently, approximately 9 percent of all electric meters in the U.S. have been converted over to smart meters. It is being projected that by 2012, the number of smart meters in use will rise to 52 million, and the federal government is spending a lot of money to help get these installed everywhere. Eventually the goal is to have these smart meters in all of our homes and if that ever happened there would essentially be no more privacy. Once installed, a smart meter monitors your home every single minute of every single day and it transmits very sophisticated data about your personal behavior back to the utility company.
In the case of both Google and Facebook, three talented students in their 20’s came out of obscurity to establish multi-billion dollar enterprises. Do you suppose they had some help?
BY SANDEEP PARWAGA
(FOR HENRYMAKOW.COM)
There used to be a saying: ”No one makes a name for himself without giving something up”
As a youngster, I was awed by people who ”made it to the top” by creating and innovating corporations, technologies, or simply establishing themselves through sports, music, entertainment, etc. thus becoming millionaires.
Now as I have grown older, I realize how illusory this paradigm really is. I came to the conclusion that if you want to reach the ”top’,’ you have to give up your soul.
Take Mark Zuckerberg for example. He is one of the most ”successful entrepreneurs” in the last decade. Having made a fortune through his Facebook empire, he reaches more than 500 million people worldwide. It seems like a fairytale. A student creates a new interface to connect the people throughout the world. Well, it sounds great doesn’t it? It would, if we were true.
Companies ‘all too willing’ to comply with FBI requests for personal information, EFF says
As the US prepares once again to extend the Patriot Act, a new report from a privacy watchdog indicates that the FBI’s use of the law and other surveillance powers may have led to as many as 40,000 violations of the law by the bureau in the years since 9/11.
According to documents obtained by the Electronic Frontier Foundation, from 2001 to 2008 the FBI reported nearly 800 violations of surveillance law and the Constitution to the Intelligence Oversight Board, a civilian monitoring group that reports to the president.
The EFF also determined that the FBI investigated some 7,000 potential violations of the law that occurred during surveillance operations. The group estimated that, based on the rate of reporting of violations, the FBI may have violated the law as many as 40,000 times during investigations since 9/11.
“The documents suggest the FBI’s intelligence investigations have compromised the civil liberties of American citizens far more frequently, and to a greater extent, than was previously assumed,” the EFF stated in its report.
