Transición hacia una Internet censurada. Y mientras, en el cortijo...

[NosTrasladamus]

Leer más: http://www.techmez.com/2012/06/06/en-estados-unidos-se-emiten-30-000-ordenes-secretas-de-vigilancia-por-ano/

http://arstechnica.com/tech-policy/2012/06/30000-secret-surveillance-orders-approved-each-year-judge-estimates/

En Estados Unidos se emiten 30.000 órdenes secretas de vigilancia por año



Un juez federal estima que los jueces federales emiten un total de 30.000 órdenes secretas de vigilancia electrónica cada año y el número esta, probablemente, en crecimiento. A pesar de tales órdenes tienen control judicial, pocos salen de cualquier tipo de procedimiento, y aquellas personas inocentes de todo crimen es poco probable que se enteren que han sido espiados de forma electrónica.

En un nuevo artículo, denominado “Sellado, amordazado, y entregado” (PDF), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2071399 el juez federal Stephen Smith explica que por ejemplo, cuando la policía ejecuta una orden de búsqueda tradicional, por lo general traen consigo una copia de esa orden y la muestran al el dueño de casa. Ese no es siempre el caso, por supuesto, a veces las órdenes permanecen secretas mientras el caso está en curso a fin de no alertar a los sospechosos.

Sin embargo, cuando la vigilancia entra en el ámbito digital, el secreto se convierte en la norma. Las solicitudes de acceso a tu correo electrónico almacenado en una cuenta en línea, la intervención de tu linea telefónica, tu conexión a Internet o un seguimiento de tu teléfono celular, se realiza en expedientes secretos que ni siquiera aparecen en el sistema oficial de PACER del gobierno federal.

La mayor parte de esta vigilancia se rige por la Electronic Communications Privacy Act (ECPA) de 1986, una ley tan necesitada de una reforma que los defensores de los derechos digitales y las empresas por igual la han convertido en una prioridad legislativa clave. ECPA ofrece una serie de herramientas para mantener búsquedas secretas de forma que se evita de manera efectiva el examen de apelación, por lo que es difícil saber si están siendo debidamente expedidas.

Las órdenes de vigilancia ECPA se desvanecen en un vacío legal, es como si estuvieran escritas en tinta invisible para las compañías telefónicas y proveedores de servicios de Internet que las ejecutan, sin embargo, imperceptible para los objetivos inocentes, el público en general, e incluso otras ramas del gobierno, sobre todo el Congreso y los tribunales de apelación.

El juez Smith se dispuso a averiguar la cantidad de ordenes ECPA de vigilancia que existen en los EE.UU.. Las cifras exactas son imposibles de conseguir, incluso para uno de los jueces que intervienen en la emisión de dichas órdenes, pero Smith combina una encuesta del gobierno anterior con los datos de agenda de su propia corte para producir lo que suena como una estimación razonable.

Su estimación concluye que 50.000 órdenes selladas fueron generadas por los jueces federales en 2006, año en que el juez analiza. El 60 por ciento de ellas están relacionadas con órdenes de vigilancia, el juez Smith concluye que los jueces magistrados han emitido más de 30.000 órdenes secretas de vigilancia electrónica ese año. Para poner esto en contexto, este volumen de casos de espionaje es mayor que el total combinado anual de todos los casos de discriminación laboral, medio ambiente, derechos de autor, patentes, marcas registradas, y casos de valores presentado en una corte federal.

Smith no está pidiendo la abolición de la vigilancia, ya que la perfecta transparencia en las investigaciones penales no es ni práctico ni deseable, pero el sistema actual ECPA de amordazado y sellado es sin duda una exageración. Si el diagnóstico es correcto, entonces la cura es relativamente sencilla: abrir las arterias de la información. Una mayor transparencia permitiría una supervisión significativa no sólo por los tribunales de apelación, sino también por el Congreso y el público en general.

Una manera simple de hacer esto sería abrir órdenes selladas de forma automática después de cierto período de tiempo. Por el momento, la mayoría de las órdenes de registro se sellan de forma indefinida, sólo se desprecintadan si un fiscal o un investigador se molesta en volver a la justicia y plantear la cuestión.

Los jueces magistrados emitieron 3,886 órdenes selladas de vigilancia electrónica, entre 1995 y 2007. En 2008, el 99,8 por ciento de ellas aún estaban selladas.

Eso es una mala noticia para aquellos que nunca han sido acusados de un delito, ya que probablemente nunca se enteraran de que eran un objetivo de la vigilancia del gobierno. Y esa cifra no es trivial, dado que las estimaciones de Smith, basadas en datos publicados por el Departamento de Justicia, permiten inferir que muchos más ciudadanos respetuosos de la ley que delincuentes han sido espiados.

La situación, dice Smith, es mala para la democracia y para un sistema judicial transparente. La fijación corresponderá al Congreso, que tiene que decidir dónde trazar la línea entre la intimidad personal y las necesidades de aplicación de la ley.

[NosTrasladamus]

Y mientras, en el cortijo, tenemos algo aproximado pero en versión cañí...

http://www.nacionred.com/derechos-y-libertades/sigo-el-sistema-informatico-de-la-guardia-civil-que-almacena-demasiado

SIGO, el sistema informático de la Guardia Civil que levanta sospechas

Dice en una entrevista el General de Brigada y jefe del Estado Mayor de la Guardia Civil, Antonio Barragán, una cosa muy rara: “Somos guardias civiles porque utilizamos SIGO y, puesto que utilizamos SIGO, somos guardias civiles”. SIGO es una herramienta informática desarrollada por la empresa privada Accenture (antigua Arthur Andersen) para la Guardia Civil.

Nada más y nada menos que el Sistema Integrado de Gestión Operativa, Análisis y Seguridad Ciudadana que “permite a las unidades operativas de la Guardia Civil extraer toda la información disponible a través de las diversas relaciones existentes sobre un asunto de interés policial”. “Lo que no está en SIGO no existe”, dice el General Barragán en la revista (pdf) de los creadores de SIGO.
http://www.accenture.com/SiteCollectionDocuments/PDF/Accenture-Outlook-Sigo-Guardia-Civil.pdf

El caso es que el portavoz de Izquierda Unida en la Comisión de Interior del Congreso, Ricardo Sixto, está convencido de que la Guardia Civil está almacenando en SIGO datos sensibles de ciudadanos obtenidos en identificaciones policiales indiscriminadas.

http://www.europapress.es/nacional/noticia-iu-sospecha-guardia-civil-almacena-datos-sensibles-ciudadanos-acusa-oscurantismo-interior-20120827181305.html

La Asociación Unificada de Guardias Civiles (AUGC) de Alicante denunció la semana pasada que mandos de la provincia están ordenando a las patrullas de Seguridad Ciudadana la realización de “identificaciones indiscriminadas” de personas, lo que va en contra de las recomendaciones del Defensor del Pueblo y de las sentencias del Tribunal Supremo.

La AUGC asegura que los datos de las personas identificadas se incorporan a un fichero informatizado de la Guardia Civil denominado SIGO, que se nutre de identificaciones de personas con antecedentes y de datos de personas que no los tienen y carecen de interés policial, “lo que está alarmando a los componentes de la Guardia Civil en la provincia”.

[NosTrasladamus]

http://yro.slashdot.org/story/12/08/29/0329219/dont-build-a-database-of-ruin

Paul Ohm writes in Harvard Business Review that businesses today are building perfect digital dossiers of their customers, massive data stores containing thousands of facts about every member of our society. He says these databases will grow to connect every individual to at least one closely guarded secret. 'This might be a secret about a medical condition, family history, or personal preference. It is a secret that, if revealed, would cause more than embarrassment or shame; it would lead to serious, concrete, devastating harm,' writes Ohm. 'And these companies are combining their data stores, which will give rise to a single, massive database. I call this the Database of Ruin. Once we have created this database, it is unlikely we will ever be able to tear it apart.' Consider the most famous recent example of big data's utility in invading personal privacy: Target's analytics team can determine which shoppers are pregnant, and even predict their delivery dates, by detecting subtle shifts in purchasing habits. 'In the absence of intervention, soon companies will know things about us that we do not even know about ourselves. This is the exciting possibility of Big Data, but for privacy, it is a recipe for disaster.' According to Ohm, if we stick to our current path, the Database of Ruin will become an inevitable fixture of our future landscape, one that will be littered with lives ruined by the exploitation of data assembled for profit. The only way we avoid this is if companies learn to say, 'no' to some of the privacy-invading innovations they're pursuing. 'The lesson is plain: compete vigorously and beat your competitors in every legitimate way, except when it comes to privacy invasion. Too many companies have learned this lesson the hard way, launching invasive new services that have triggered class action lawsuits, Congressional inquiries, and media firestorms.'"

http://blogs.hbr.org/cs/2012/08/dont_build_a_database_of_ruin.html

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1450006

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565&rec=1&srcabs=1450006

[Taliván Hortográfico]

De momento es sólo una patente de muchas, lo que significa que puede no llegar a tener aplicación práctica nunca o puede utilizarse para el bien. Pero la idea en sí resulta bastante... hmmm..., ¿orwelliana?

La patente de Apple describe un mecanismo para cambiar de forma remota uno o más aspectos en el funcionamiento de uno o varios dispositivos inalámbricos —como teléfonos móviles— bajo ciertas circunstancias, en determinadas zona o áreas geográficas.

Esto permitiría, en teoría,

    Forzar que el teléfono se ponga en silencio en un cine o a que esté desconectado dentro de la escuela. O que ciertos componentes se pongan en reposo cuando se entra en zonas restringidas.

Una posibilidad de esto último sería desactivar la cámara del móvil según la ubicación —donde no se permita hacer fotos— o según las circunstancias del momento. Por ejemplo, anulando las cámaras de los teléfonos móviles «en lugares donde se estén produciendo altercados o protestas».

http://www.microsiervos.com/archivo/tecnologia/mala-idea-restringir-funcionalidades-movil-forma-remota-ubicacion-geografica.html

[wanderer]

De momento es sólo una patente de muchas, lo que significa que puede no llegar a tener aplicación práctica nunca o puede utilizarse para el bien. Pero la idea en sí resulta bastante... hmmm..., ¿orwelliana?

La patente de Apple describe un mecanismo para cambiar de forma remota uno o más aspectos en el funcionamiento de uno o varios dispositivos inalámbricos —como teléfonos móviles— bajo ciertas circunstancias, en determinadas zona o áreas geográficas.

Esto permitiría, en teoría,

    Forzar que el teléfono se ponga en silencio en un cine o a que esté desconectado dentro de la escuela. O que ciertos componentes se pongan en reposo cuando se entra en zonas restringidas.

Una posibilidad de esto último sería desactivar la cámara del móvil según la ubicación —donde no se permita hacer fotos— o según las circunstancias del momento. Por ejemplo, anulando las cámaras de los teléfonos móviles «en lugares donde se estén produciendo altercados o protestas».

http://www.microsiervos.com/archivo/tecnologia/mala-idea-restringir-funcionalidades-movil-forma-remota-ubicacion-geografica.html

Habría una contramedida simple para eso:

http://es.wikipedia.org/wiki/Jaula_de_Faraday

[NosTrasladamus]

Hay una opción aún más sencilla a la jaula de faraday:

http://nplusonemag.com/leave-your-cellphone-at-home

Edito: Y por si alguien aún no estaba convencido de ello: Los ciudadanos de a pie somos el enemigo, no solo aqui ( http://www.elmundo.es/elmundo/2012/02/20/valencia/1329761802.html ), también en "el país de las libertades" y "la democracia" y blablabla...

Leave Your Cellphone at Home
Interview with Jacob Appelbaum

Earlier this year in Wired, writer and intelligence expert James Bamford described the National Security Agency’s plans for the Utah Data Center. A nondescript name, but it has another: the First Intelligence Community Comprehensive National Cyber-security Initiative Data Center. The $2 billion facility, scheduled to open in September 2013, will be used to intercept, decipher, analyze, and store the agency’s intercepted communications—everything from emails, cell phone calls, Google searches, and Tweets, to retail transactions. How will all this data be stored? Imagine, if you can, 100,000 square-feet filled with row upon row of servers, stacked neatly on racks. Bamford projects that its processing-capacity may aspire to yottabytes, or 10^24 bytes, and for which no neologism of higher magnitude has yet been coined. 

To store the data, the NSA must first collect it, and here Bamford relies on a man named William Binney, a former NSA crypto-mathematician, as his main source. For the first time, since leaving the NSA in 2001, Binney went on the record to discuss Stellar Wind, which we all know by now as the warrantless wiretapping program, first approved by George Bush after the 2001 attacks on the twin towers. The program allowed the NSA to bypass the Foreign Intelligence Surveillance Court, in charge of authorizing eavesdropping on domestic targets, permitting the wholesale monitoring of millions of American phone calls and emails. In his thirty years at the NSA, Binney helped to engineer its automated system of networked data collection which, until 2001, was exclusively directed at foreign targets. Binney left when the organization started to use this same technology to spy on American citizens. He tells of secret electronic monitoring rooms in major US telecom facilities, controlled by the NSA, and powered by complex software programs examining Internet traffic as it passes through fiber-optic cables. (At a local event last week, Binney circulated a list of possible interception points, including 811 10th Avenue, between 53rd & 54th St., which houses the largest New York exchange of AT&T Long Lines.) He tells of software, created by a company called Narus, that parses US data sources: any communication arousing suspicion is automatically copied and sent to the NSA. Once a name enters the Narus database, all phone calls, emails and other communications are automatically routed to the NSA’s recorders.

The NSA wasn’t the only intelligence-gathering agency to have its domestic surveillance powers expanded in the wake of September 11th. The USA PATRIOT Act, for instance, allows the FBI to spy on US citizens without demonstrating probable cause that its targets are engaged in criminal activities. Under Section 215 of the Act, the now infamous National Security Letters—which formerly required that the information being sought pertain to a foreign power or agent of a foreign power—can compel the disclosure of sensitive information held by banks, credit companies, telephone carrier, and Internet Service Providers, among many others, about US citizens. The recipient of an NSL is typically gagged from disclosing the fact or nature of the request.

It’s no secret that, whereas the Fourth Amendment prevents against unreasonable search and seizure, concerns over “national security” occasioned its disregard and the violation of privacy rights of even the most ordinary citizens. Activists have all the more reason to worry, repeatedly turning up as the subject of terrorist investigations. For instance, in 2006 the ACLU revealed that the Pentagon was secretly conducting surveillance of protest activities, antiwar organizations, and groups opposed to military recruitment policies, including Quakers and student organizations. Relying on sources from the Department of Homeland Security, local police departments, and FBI Joint Terrorism Task Forces, the Pentagon collected, stored, and shared this data through the Threat and Local Observation Database, or TALON, designed to track terrorist threats. Or take Scott Crow, a self-described anarchist and veteran organizer in the global justice movement, who, as the New York Times reported last year, is one of dozens of political activists across the country to have come under scrutiny from the FBI’s increased counterterrorism operation. The FBI set up a video camera outside his house, monitored guests as they came and went, tracked his emails and phone conversations, and picked through his trash to identify his bank and mortgage companies, presumably to send them subpoenas. Others to have been investigated included animal rights activists in Virginia and liberal Roman Catholics in Nebraska. When in 2008, President Obama took the reigns from George W. Bush, there was an expectation that much, or at least some, of this activity would be curbed. Yet, as Bamford’s article attests, the goverment’s monitoring and collection of our digital data remains steadfast.

When the Occupy protests started in mid-September of last year, I relied on data-generating technologies increasingly, more so than I had ever before. Within a few weeks I had joined multiple OWS-related listservs; I’d started following Twitter with unprecedented commitment; I spent more hours on Facebook than I care to acknowledge. I doubt I am the only one. At the same time, there was a widespread sense of precaution—just because we were engaging in legal activities, covered by our First Amendment rights, no one, it seemed, should presume herself exempt from the possibility of surveillance. Sensitive conversations took place in loud bars, never over email. Text messages were presumed unsafe. In meetings, cell phone batteries were removed on occasion. Nevertheless, it was easy to feel unimportant (why would anyone watch me?) and equally easy to let standards relax—especially when it meant reclaiming conveniences that, once enjoyed, we’re difficult to give up. Leaving a trail of potentially incriminating digital data seemed inevitable. But how bad could it really be? And was there no way to use these same tools while safeguarding our privacy?

In late April, I sat down with the independent security researcher, hacker, and privacy advocate Jacob Appelbaum, who knows a thing or two about the surveillance state. Appelbaum is one of the key members of the Tor project, which relies on a worldwide volunteer network of servers to reroute Internet traffic across a set of encrypted relays. Doing so conceals a user’s location, and protects her from a common form of networking surveillance known as traffic analysis, used to infer who is talking to whom over a public network. Tor is both free (as in freedom) and free of charge. Appelbaum is also the only known American member of the international not-for-profit WikiLeaks.

Resnick: The recent article in Wired describes where and how the NSA plans to store its share of collected data. But as the article explains, the Utah facility will have another important function: cryptanalysis, or code-breaking, as much of the data cycling through will be heavily encrypted. It also suggests that the Advanced Encryption Standard (AES), expected to remain durable for at least another decade, may be cracked by the NSA in a much shorter time if they’ve built a secret computer that is considerably faster than any of the machines we know about. But more to the point—is encryption safe?

Appelbaum: Some of it is as safe as we think it can be, and some of it is not safe at all. The number one rule of “signals intelligence” is to look for plain text, or signaling information—who is talking to whom. For instance, you and I have been emailing, and that information, that metadata, isn’t encrypted, even if the contents of our messages are. This “social graph” information is worth more than the content. So, if you use SSL-encryption to talk to the OWS server for example, great, they don’t know what you’re saying. Maybe. Let’s assume the crypto is perfect. They see that you’re in a discussion on the site, they see that Bob is in a discussion, and they see that Emma is in a discussion. So what happens? They see an archive of the website, maybe they see that there were messages posted, and they see that the timing of the messages correlates to the time you were all browsing there. They don’t need to know to break a crypto to know what was said and who said it.

Resnick: And this type of surveillance is called …?

Appelbaum: Traffic analysis. It’s as if they are sitting outside your house, watching you come and go, as well as the house of every activist you deal with. Except they’re doing it electronically. They watch you, they take notes, they infer information by the metadata of your life, which implies what it is that you’re doing. They can use it to figure out a cell of people, or a group of people, or whatever they call it in their parlance where activists become terrorists. And it’s through identification that they move into specific targeting, which is why it’s so important to keep this information safe first.

For example, they see that we’re meeting. They know that I have really good operational security. I have no phone. I have no computer. It would be very hard to track me here unless they had me physically followed. But they can still get to me by way of you. They just have to own your phone, or steal your recorder on the way out. The key thing is that good operational security has to be integrated into all of our lives so that observation of what we’re doing is much harder. Of course it’s not perfect. They can still target us, for instance, by sending us an exploit in our email, or a link in a web browser that compromises each of our computers. But if they have to exploit us directly, that changes things a lot. For one, the NYPD is not going to be writing exploits. They might buy software to break into your computer, but if they make a mistake, we can catch them. But it’s impossible to catch them if they’re in a building somewhere reading our text messages as they flow by, as they go through the switching center, as they write them down. We want to raise the bar so much that they have to attack us directly, and then in theory the law protects us to some extent.

Resnick: So if I were arrested, and the evidence presented came from a targeted attack on my computer, and I knew about the attack, I would have some kind of legal recourse?

Appelbaum: Well, that’s an interesting question. What is the legal standard for breaking into someone’s computer because they were at a protest? Congratulations, take that to the Supreme Court, you might be able to make some really good law. I think the answer is that it’s a national newsworthy incident—nobody knows the cops break into people’s computers. The cops break into someone’s house, the Fourth Amendment is super clear about that—it can’t be done without a warrant.

Resnick: In January of last year, it was reported that the records for your Twitter account— along with those of Julian Assange, Private Bradley Manning, Dutch hacker Rop Gonggrjp, and Icelandic lawmaker Brigatta Jonsdottir—were subpoenaed by the US government. What is perhaps most notable in this case is not that the accounts were subpoenaed, but that the orders, usually gagged and carried out in secret, became public knowledge. Twitter contested the secrecy order and won the right to notify you. Several months later, the Wall Street Journal revealed that Google and the Internet service provider Sonic.net, had received similar orders to turn over your data.

Appelbaum: Twitter notified me. But as for Google and Sonic.net, I read about it in the Wall Street Journal like everybody else. So now I can talk about it because it was in a public newspaper. Those are “2703(d) administrative subpoenas,” and they asked for IP addresses, and the email addresses of the people I communicated with, among other things. The government asserts that it has the right to get that metadata, that “signaling” or relationship information, without a warrant. They get to gag the company, and the company can’t fight it, because it’s not their data, it’s my data, or it’s data about me, so they have no Constitutional standing. And the government asserts that I have no expectation of privacy because I willingly disclosed it to a third party. And in fact my Twitter data was given to the government—no one has really written about that yet. We are still appealing but we lost the stay, which means Twitter had to disclose the data to the government, and whether or not they can use it is pending appeal. Once they get the data, it’s not like it’s private or secret—and even if they can’t use it as evidence, they can still use it in their investigations.

Resnick: In January of this year, the Twitter account of writer and OWS protester Malcolm Harris was subpoenaed by the Manhattan District Attorney’s Office. I think it’s safe to assume these incidents are not anomalies. In which case, is there a way to use social media sites like Twitter without putting our private data at risk? Because these sites can be very useful tools of course.

Appelbaum: In the case of something like Twitter, you can use Tor on the Android phone—we have a version of Tor for Android called Orbot—and Twitter together and that’s essentially the best you’re going to do. And even that isn’t particularly great. Twitter keeps a list of IP addresses where you’ve logged in, but if you use Tor, it won’t know you are logging in from your phone. It’s powerful, but the main problem is that it’s kind of complicated to use. On your computer, you can use the Tor browser, and when you log into Twitter, you’re fine, no problem all—your IP address will trace back to Tor again. So now when the government asserts that you have no expectation of privacy, you can say all right, well I believe I have an expectation of privacy, which is why I use Tor. I signal that. And the private messaging capability of Twitter—don’t use it for sensitive stuff. Twitter keeps a copy of all its messages.

Resnick: During the perceived wave of Internet activism throughout the 2009 Iranian election protests, a new proprietary software called Haystack received a lot of media attention. Haystack promised Iranian activists tightly encrypted messages, access to censored websites, and the ability to obfuscate Internet traffic. You later tested the software and demonstrated its claims to be false. For those of us who don’t have your technical skill set, how can we assess whether a particular tool is safe to use, especially if it’s new?

Appelbaum: First, is the source code available? Second, if the claims are just too good to be true, they probably are. There’s a thing called snake oil crypto or snake oil software, where the product promises the moon and the sun. When a developer promises that a proprietary software is super secure and only used by important people, it’s sketchy. Third, are the people working on this part of the community that has a reputation for accomplishing these things? That’s a hard one, but ask someone you know and trust. How would you go on a date with someone? How would you do an action with someone? Transitive trust is just as important in these situations.

Another thing to look at is whether it’s centralized or decentralized. For example Haystack was centralized, whereas Tor is decentralized. Also, how is it sustained? Will it inject ads into your web browser, like AnchorFree, the producer of the Hotspot Shield VPN? Or is it like Riseup.net, whose VPN service monetizes not through your traffic, but through donations and solidarity and mutual aid? And if they can inject ads, that means they can inject a back door. That’s super sketchy—if they do that, that’s bad news. So you want to be careful about that.

Finally, remember: The truth is like a bullet that pierces through the armor of charlatans.

Resnick: What should we know about cell phones? It’s hard to imagine going to a protest without one. But like all networked technologies, surely they are double-edged?

Appelbaum: Cell phones are tracking devices that make phone calls. It’s sad, but it’s true. Which means software solutions don’t always matter. You can have a secure set of tools on your phone, but it doesn’t change the fact that your phone tracks everywhere you go. And the police can potentially push updates onto your phone that backdoor it and allow it to be turned into a microphone remotely, and do other stuff like that. The police can identify everybody at a protest by bringing in a device called an IMSI catcher. It’s a fake cell phone tower that can be built for 1500 bucks. And once nearby, everybody’s cell phones will automatically jump onto the tower, and if the phone’s unique identifier is exposed, all the police have to do is go to the phone company and ask for their information.

Resnick: So phones are tracking devices. They can also be used for surreptitious recording. Would taking the battery out disable this capability?

Appelbaum: Maybe. But iPhones, for instance, don’t have a removable battery; they power off via the power button. So if I wrote a backdoor for the iPhone, it would play an animation that looked just like a black screen. And then when you pressed the button to turn it back on it would pretend to boot. Just play two videos.

Resnick: And how easy is it to create something like to that?

Appelbaum: There are weaponized toolkits sold by companies like FinFisher that enable breaking into BlackBerries, Android phones, iPhones, Symbian devices and other platforms. And with a single click, say, the police can own a person, and take over her phone.

Resnick: Right—in November of last year, the Wall Street Journal first reported on this new global market for off-the-shelf surveillance technology, and created “Surveillance Catalog” on their website, which includes documents obtained from attendees of a secretive surveillance conference held near Washington, D.C. WikiLeaks has also released documents on these companies. The industry has grown from almost nothing to a retail market worth $5 billion per year. And whereas companies making and selling this gear say it is available only to governments and law enforcement and is intended to catch criminals, critics say the market represents a new sort of arms trade supplying Western governments and repressive nations alike.

Appelbaum: It’s scary because [accessing these products is so] easy. But when a company builds a backdoor, and sells it, and says trust us, only good guys will use it… well, first of all, we don’t know how to secure computers, and anybody that says otherwise is full of shit. If Google can get owned, and Boeing can get owned, and Lockheed Martin can get owned, and engineering and communication documents from Marine One can show up on a filesharing network, is it realistic to assume that perfect security is possible? Knowing this is the case, the right thing is to not build any backdoors. Or assume these backdoors are all abused and bypass them so that the data acquired is very uninteresting. Like encrypted phone calls between two people—it’s true they can wiretap the data, but they’ll just get noise.

When Hillary Clinton and the State Department say they want to help people abroad fight repressive governments, they paint Internet freedom as something they can enable with $25 million. Whereas in reality the FBI makes sure that our communications tech isn’t secure. This makes it impossible for people like me to help people abroad overthrow their governments because our government has ensured that all their technology is backdoor ready. And in theory, they try to legitimize state surveillance here, and there they try to make it illegitimate. They say, “In over-there-a-stan, surveillance is oppressive. But over here, it’s okay, we have a lawful process.” (Which is not necessarily a judicial process. For example, Eric Holder and the drones . . . sounds like a band, right?)

Resnick: Okay, so one thing I’ve heard more than once at meetings when security culture comes up is that . . . well, there’s a sense that too much precaution grows into (or comes out of) paranoia, and paranoia breeds mistrust—and all of it can be paralyzing and lead to a kind of inertia. How would you respond to something like that?

Appelbaum: The people who that say that—if they’re not cops, they’re feeling unempowered. The first response people have is, whatever, I’m not important. And the second is, they’re not watching me, and even if they were, there’s nothing they could find because I’m not doing anything illegal. But the thing is, taking precautions with your communications is like safe sex in that you have a responsibility to other people to be safe—your transgressions can fuck other people over. The reality is that when you find out it will be too late. It’s not about doing a perfect job, it’s about recognizing you have a responsibility to do that job at all, and doing the best job you can manage, without it breaking down your ability to communicate, without it ruining your day, and understanding that sometimes it’s not safe to undertake an action, even if other times you would. That’s the education component.

So security culture stuff sounds crazy, but the technological capabilities of the police, especially with these toolkits for sale, is vast. And to thwart that by taking all the phones at a party and putting them in a bag and putting them in the freezer and turning on music in the other room—true, someone in the meeting might be a snitch, but at least there’s no audio recording of you.

Part of informed consent is understanding the risks you are taking as you decide whether to participate in something. That’s what makes us free—the freedom to question what we’re willing to do. And of course it’s fine to do that. But it’s not fine to say, I don’t believe there’s a risk, you’re being paranoid, I’m not a target. When people say that they don’t want to take precautions, we need to show them how easy it is to do it. And to insist that not doing it is irresponsible, and most of all, that these measures are effective to a degree, and worth doing for that reason. And it’s not about perfection, because perfection is the enemy of “good enough.”

I would encourage people to think about the activity they want to engage in, and then say, Hey, this is what I want to do. Work together collaboratively to figure out how to do that safely and securely, but also easily without needing to give someone a technical education. Because that’s a path of madness. And if people aren’t willing to change their behaviors a little bit, you just can’t work with them. I mean that’s really what it comes down to. If people pretend that they’re not being oppressed by the state when they are literally being physically beaten, and forced to give up retinal scans, that’s fucking ridiculous. We have to take drastic measures for some of these things.

The FBI has this big fear that they’re going to “go dark,” which means that all the ways they currently obtain information will disappear. Well, America started with law enforcement in the dark; once, we were perceived to be innocent until proven guilty. And just because the surveillance is expanding, and continues to expand, doesn’t mean we shouldn’t push back. If you haven’t committed a crime they should have no reason to get that information about you, especially without a warrant.

Resnick: Are there any other tools or advice you would suggest to an activist, or anyone for that matter?

Appelbaum: Well, it’s important to consider the whole picture of all the electronic devices that we have. First, you should use Tor and the Tor browser for web browsing. Know that your home internet connection is probably not safe, particularly if it’s tied to your name. If you use a Mac or Windows operating system, be especially careful. For instance, there’s a program called Evilgrade that makes it easy for attackers to install a backdoor on a computer by exploiting weaknesses in the auto-update feature of many software programs. So if you have Adobe’s PDF reader, and you’re downloading and installing the update from Adobe, well, maybe you’ll get a little extra thing, and you’re owned. And the cops have a different but better version of that software. Which is part of why I encourage people to use Ubontu or Debian or Linux instead of proprietary systems like a Mac or whatever. Because there are exploits for everything. If you’re in a particularly sensitive situation, use a live bootable CD called TAILS—it gives you a Linux desktop where everything routes over Tor with no configuration. Or, if you’re feeling multilingual, host stuff in another country. Open an email account in Sweden, and use TAILS to access it. Most important is to know your options. A notepad next to a fireplace is a lot more secure than a computer in some ways, especially a computer with no encryption. You can always throw the notepad in the fireplace and that’s that.

For email, using Riseup.net is good news. The solutions they offer are integrated with Tor as much as possible. They’re badass. Because of the way they run the system, I’m pretty sure that the only data they have is encrypted. And I’d like to think that what little unencrypted data they do have, they will fight tooth and nail to protect. Whereas, yes, you can use Tor and Gmail together, but it’s not as integrated—when you sign in, Gmail doesn’t ask if you want to route this over Tor. But also, Google inspects your traffic as a method of monetization. I’d rather give Riseup fifty dollars a month for the equivalent service of Gmail, knowing their commitment to privacy. And also knowing that they would tell the cops to go fuck themselves. There’s a lot of value in that.

For chatting, use software with off-the-record messaging (OTR)—not Google’s “go off the record,” but the actual encryption software—which allows you to have an end-to-end encrypted conversation. And configure it to work with Tor. You can bootstrap a secure communication channel on top of an insecure one. On a Mac, use Adium—it comes with OTR, but you still have to turn it on. When you chat with people, click verify and read the fingerprint to each other over the telephone. You want to do this because there could be a “man in the middle” relaying the messages, which means that you are both talking to a third party, and that third party is recording it all.

As for your cell phone, consider it a tracking device and a monitoring device and treat it appropriately. Be very careful about using cell phones, but consider especially the patterns you make. If you pull the battery, you’ve generated an anomaly in your behavior, and perhaps that’s when they trigger people to go physically surveil you. Instead, maybe don’t turn it off, just leave it at home. Because, as I said earlier, in a world with lots of data retention, our data trails tell a story about us, and even if the story is made of truthful facts, it’s not necessarily the truth. On a cell phone, you can install stuff like OStel, which allows you to make encrypted voice-over-the-Internet calls, or PrivateGSM—it’s not free, but it’s available for BlackBerries, Android phones, iPhones and so on. Which means that if they want to intercept your communication, they have to break into your phone. It’s not perfect. Gibberbot for the Android allows you to use Tor and Jabber—which is like Google Chat—with OTR automatically configured. You type in your Jabber ID, it routes over Tor, and when you chat with other people, it encrypts the messages end-to-end so even the Jabber server can’t see what’s being said. And there are a lot of tools like that to choose from.

Another thing to consider is the mode in which we meet. If we want to edit something collaboratively, there’s a program called Etherpad. And there’s a social networking application called Crabgrass, and hosted at we.riseup.net. It’s like a private Facebook. Riseup still has a lot of the data, but it’s private by default. So it’s secure, short of being hacked, which is possible, or short of some legal process. And if you use it in a Tor browser, and never reveal information about yourself, you’re in really good shape. Unlike Facebook, which is like the Stasi, but crowdsourced. And I mean that in the nicest way possible. I once had a Facebook account—it’s fun and a great way to meet people. But it is not safe for political organizing, especially when you’re part of the minority, or when you’re not part of the minority, but you are part of the disempowered majority.

As a final thought, I’d say just to remember that a big part of this is social behavior and not technology per se. And a big part of it is accepting that while we may live in a dystopian society right now, we don’t always have to. That’s the tradeoff, right? Because what is OWS working toward? The answer is, something different. And if we want an end to social inequality, the surveillance state is part of what we have to change. If we make it worthless to surveil people, we will have done this. So, it needs to be the case that what we do doesn’t hang us for what we wish to create.

[Currobena]

Honeytrap reveals mass monitoring of downloaders   12:26  4 September 2012   
 Paul Marks, chief technology correspondent

(Image: Yasuhide Fumoto/Getty Images)
Anyone who has downloaded pirated music, video or ebooks using a BitTorrent client has probably had their IP address logged by copyright-enforcement authorities within 3 hours of doing so. So say computer scientists who placed a fake pirate server online - and very quickly found monitoring systems checking out who was taking what from the servers.
The news comes from this week's SecureComm conference in Padua, Italy, where computer security researcher Tom Chothia and his colleagues at the University of Birmingham, UK, revealed they have discovered "massive monitoring" of BitTorrent download sites, such as the PirateBay, has been taking place for at least three years.
BitTorrent is a data distribution protocol that splits an uploaded digital media file into many parts and shares it around a swarm of co-operating servers. Birmingham's fake server acted like a part of a file-sharing swarm and the connections made to it quickly revealed the presence of file-sharing monitors run by "copyright enforcement organisations, security companies and even government research labs".
(Image: Yasuhide Fumoto/Getty Images)

  "We only detected monitors in Top 100 torrents; this implies that copyright enforcement agencies are monitoring only the most popular content music and movie on public trackers," the team says in its presentation paper. "Almost everyone that shares popular films and music illegally will be connected to by a monitor and will have their IP address logged," says Chothia.
Given the vast numbers of people whose IP addresses will have now been logged, the finding raises the question over what enforcement outfits now plan to do with their harvested data. Have they gathered a war chest of targets for future copyright infringement lawsuits? Or are they simply assessing the scale of the problem to make governments act?
If it is for lawsuits, the standard of evidence may not be enough, says Chothia. "All the monitors connected to file sharers believed to be sharing illegal content. However, they did not actually collect any of the files being shared. So it is questionable whether the observed evidence of file-sharing would stand up in court.

http://www.newscientist.com/blogs/onepercent/2012/09/honeytrap-catches-copyright-co.html

[NosTrasladamus]

http://blogs.protegerse.com/laboratorio/2012/09/05/finfisher-y-finspy-vigilan-tu-movil-y-ordenador-para-bien-o-para-mal/

FinFisher y FinSpy vigilan tu móvil y ordenador. ¿Para bien o para mal?

El siguiente texto es una adaptación del artículo escrito por nuestro compañero Cameron Camp, investigador de ESET Norteamérica, al cual hemos añadido nuestras propias opiniones sobre este tema.

Durante los últimos días hemos leído noticias donde se decía que “el Spyware FinFisher, programado por la compañía basada en el Reino Unido Gamma Group, puede tomar el control de varios dispositivos móviles incluyendo el iPhone de Apple y las BlackBerry de RIM…”. Tras leer el artículo que publicó Bloomberg la semana pasada, muchos de nuestros usuarios contactaron con nosotros para preguntarnos cómo de peligroso era FinSpy y si deberían preocuparse.

Podríamos pensar que la respuesta de Gamma Group, la empresa responsable de FinFisher y de una gran variedad de software de vigilancia para ordenadores de sobremesa y portátiles, así como también para dispositivos móviles, es que sus productos no tienen nada de peligrosos siempre que seamos un ciudadano que respeta la ley, así que no deberíamos preocuparnos. Ahora mismo, en la web de la empresa se anuncia lo siguiente: “El programa FinFisher solo se ofrece a las fuerzas y cuerpos de seguridad del Estado, así como también a las agencias de inteligencia”.

¿Se puede contener un software como FinFisher?

Si alguna vez ha gestionado un laboratorio de malware, sabrá que confinar una muestra de software a un determinado grupo de personas es muy difícil. Así pues, algo llamado “software de intrusión en móviles” suscita varias preguntas en los círculos de los investigadores de malware: ¿puede y/o debería el software malicioso ser usado para detectar y atrapar a delincuentes? ¿Qué pasaría si este software cayese en malas manos?

La respuesta depende probablemente del grupo de gente al que se le pregunte. Aquellos que han invertido mucho tiempo y esfuerzo luchando contra el malware, como los gerentes de TI y los desarrolladores de software, puede que no vean el lado bueno de las aplicaciones instaladas de forma secreta que permiten acceder a datos confidenciales sin autorización. Por ejemplo, nuestro compañero Stephen Cobb opinó hace unos meses sobre los malware desarrollados por naciones como Stuxnet y Flame: “No hay malware bueno”.

Mientras que la empresa desarrolladora de FinFisher afirma que solo está ayudando a las fuerzas de la ley a hacer su trabajo, la posibilidad de que los delincuentes lo usen con malas intenciones está presente. Pongamos como ejemplo lo que sucedió con DarkComet RAT hace unos meses. Como FinFisher, DarkComet RAT tiene amplias capacidades de espionaje y el autor afirma que no tienen intenciones maliciosas. No obstante, el régimen genocida de Assad en Siria no dudó en usar DarkComet RAT contra aquellos sirios que buscaban liberarse de la opresión.

Sí, su teléfono puede espiarle

Así pues, ¿que funciones realiza el software de Gamma Group para permitir el espionaje? Seguramente no nos lo lleguen a decir, pero los investigadores (tras analizar las muestras) afirman que, como mínimo, permite grabar las conversaciones realizadas en teléfonos móviles, localizarlos, leer sus emails, escuchar las llamadas grabadas y capturar SMS. Y sí, también permite activar cámaras en el dispositivo. ¿Qué dispositivos se ven afectados? En este punto, Gamma no es muy específico, muy probablemente para no dar pistas a aquellos que realizan ingeniería inversa de esta tecnología. Los investigadores han encontrado muestras de este malware en plataformas iPhone y Blackberry, pero podría estar disponible para otros sistemas operativos móviles.

Desde una perspectiva técnica, las acciones descritas anteriormente no son muy difíciles de realizar, basándose en el nivel de acceso que se tenga al dispositivo físico. De acuerdo con Stephen Cobb, el servicio secreto de los Estados Unidos ya estaba confiscando “teléfonos espía” a mediados de los 90, teléfonos que aparentaban ser normales, pero que habían sido rediseñados para ser controlados de forma remota y escuchar conversaciones de forma ilegal. Todo lo que el delincuente tenía que hacer era dejar el teléfono en manos del objetivo (probablemente como un regalo, aprovechándose del alto coste de los móviles de entonces).

Las diferencias con la situación actual son: a) la gran cantidad de información personal y confidencial que pasa a través de un smartphone, y b) la habilidad de engañar a los usuarios de smartphones para que instalen spyware desde sitios web.

Pero, ¿qué sucede cuando esta tecnología va por mal camino? Bueno, actualmente se está realizando un gran esfuerzo intentando comprender cómo las muestras llegaron a Bahrain, una zona en la que esta empresa afirma que no vendió ninguna copia de su software. Investigadores de Citizen Lab, un laboratorio interdisciplinar con sede en la escuela Munk de Asuntos Globales de la Universidad de Toronto, Canadá, han estado vigilando el caso Bahrain durante algún tiempo.

Basándonos en lo que hemos visto en el pasado, de la misma forma que cualquier código malicioso que se propaga con fines maliciosos, como Stuxnet, está destinado a convertirse en algo de conocimiento y propiedad pública, permitiendo que criminales, naciones, organizaciones o hacktivistas puedan hacer uso de él. Lo mismo se aplica a otro tipo de malware gubernamental, tal y como informaron en marzo nuestros investigadores Robert Lipovsky, escribiendo sobre el troyano alemán, y Alexis Dorais-Joncas, cuando habló de los posibles códigos maliciosos chinos.

Y luego tenemos el matiz de que las fuerzas del orden de varios países donde se vende este tipo de software no están por la labor de informar acerca de en qué contexto se están usando estas funciones de espionaje. Hablando de eso, varios países tienen una legislación que prohíbe las escuchas ilegales, incluyendo los Estados Unidos, y se requiere una orden judicial para poder realizar estas escuchas. En este punto, Gamma afirma que cumple con todas las regulaciones de exportación, así que, supuestamente, solo intentan vender su software en zonas donde sea legal hacerlo.

Si no se dispone de un dispositivo móvil, también disponen de un software que puede ser usado en un PC, lo que nos vuelve a remitir a las políticas de detección de las empresas fabricantes de antivirus. El siguiente punto en el debate sobre “malware bueno” es si la tecnología antimalware debería poder detectarlo y cómo hacerlo. Es decir, este tipo de software actúa como lo haría un malware tradicional, interfiriendo con el micrófono de la cámara, registrando las pulsaciones, etc. Estaba previsto que algo así sucediese a corto plazo pero esta sucediendo ahora en nuestros bolsillos.

Por supuesto, la diferencia está en que el flujo de información que se obtiene de nuestro dispositivo móvil es más privada e interesante si la comparamos con la que se puede obtener de un ordenador en una habitación compartida que solamente se usa para jugar. Al fin y al cabo, nuestro dispositivo móvil se encuentra casi siempre encendido,  conectado e informando.

[wanderer]

Hay una opción aún más sencilla a la jaula de faraday:

http://nplusonemag.com/leave-your-cellphone-at-home

Edito: Y por si alguien aún no estaba convencido de ello: Los ciudadanos de a pie somos el enemigo, no solo aqui ( http://www.elmundo.es/elmundo/2012/02/20/valencia/1329761802.html ), también en "el país de las libertades" y "la democracia" y blablabla...

Yo tengo un móvil más bien antiguo, con batería extraíble, y que suelo dejar en casa... Será que soy un inadaptado social y un criminal potencial, al parecer...

[Starkiller]

Hay una opción aún más sencilla a la jaula de faraday:

http://nplusonemag.com/leave-your-cellphone-at-home

Edito: Y por si alguien aún no estaba convencido de ello: Los ciudadanos de a pie somos el enemigo, no solo aqui ( http://www.elmundo.es/elmundo/2012/02/20/valencia/1329761802.html ), también en "el país de las libertades" y "la democracia" y blablabla...

Yo tengo un móvil más bien antiguo, con batería extraíble, y que suelo dejar en casa... Será que soy un inadaptado social y un criminal potencial, al parecer...

Hay una cosa para esto... se llama, MHEMHP (Mi Hardware es mio, hijo de puta).

Yo compro un conjunto de circuitos. Es mio. Para hacer con ello lo que me salga de los cojones.

Afortunadamente, siempre hay formas. Según me hago con un nuevo móvil, se rootea, y se desactiva lo que no me interesa. Y hay hasta ROMs para proteger la privacidad; y por raro que parezca, es accesible hasta para el más inepto en informática.

Favorecer sistemas que te permiten hacer esas cosas también es positivo; de ahi que huya de apple y favorezca android con creces.

[la barquera]

Hay una opción aún más sencilla a la jaula de faraday:

http://nplusonemag.com/leave-your-cellphone-at-home

Edito: Y por si alguien aún no estaba convencido de ello: Los ciudadanos de a pie somos el enemigo, no solo aqui ( http://www.elmundo.es/elmundo/2012/02/20/valencia/1329761802.html ), también en "el país de las libertades" y "la democracia" y blablabla...

Yo tengo un móvil más bien antiguo, con batería extraíble, y que suelo dejar en casa... Será que soy un inadaptado social y un criminal potencial, al parecer...

Y yo soy una ciudadana del montón, sin problemas de ninguna clase y con más de veinticinco años de arraigo en mi pueblo . . . Un buen día empecé a sufrir acoso por parte de un policía nacional y otros dos vecinos . . .

El letrado al que se me derivó, Luis Escamilla Garrido (Málaga) me demostró que había sido y estaba siendo escuchada.

Llevo años padeciendo acoso moral (palizas en mi domicilio y demás barbarides incontables aparte) desde distintas personas e instituciones (abogados, políticos, funcionarios y policía local incluídos).

Cuidado con el uso de los juguetitos a los que pueden acceder algunos poderosos e inescrupulosos . . . ¿"incontrolados"? (término que le copio a Iruin en un artículo de Javier Ortiz y que tiene bastantes conexiones lógicas con el "campo de acción" del que provienen dos de mis vecinos más beligerantes).

En burbuja.info se han borrado gran cantidad de comentarios en los que daba datos concretos sobre las "presuntas" conexiones posibles entre varios personajes y personajillos locales e instancias de mayor calado.

Hay gentuza que destroza la vida de cualquiera, sin miramientos.


el barco de papel


Edito:

Por supuesto, se me ha demostrado que fui escuchada durante un largo período ("letrado" Luis Escamilla Garrido, de Málaga).
Los sicarios de la casta se divierten con las presas a abatir, CONTROLAN TODAS SUS COMUNICACIONES Y RELACIONES.

¿Los DERECHOS HUMANOS ELEMENTALES? . . . . . . . . . .  bien, gracias . . .
 

[zombietoads]

CiU-PP comienzan la ofensiva digital contra los medios de contrainformación.Censuran explicitamente un video de 15Mbcn.tv. El caso de Sergi esta actualmente a la espera de juicio y recientemente ha sido citado por los medios de informacion tradicionales como "el País". Youtube describió la censura como "Solicitud de eliminación Gubernamental" Video eliminado: www.youtube.com/watch?v=** Video resubido: www.youtube.com/watch?v=**

No pongo los enlaces aquí para evitar posibles amenazas/denuncias; amenazan con que reproducirlo y difundirlo es delito, pero se encuentra fácil en cierto agregador naranja o en otros sitios xD.

Un buen momento para descubrir el uso de los proxys, gracias a los cuales puedes ver lo que está bloqueado en tú país por orden del gobierno.

[NosTrasladamus]

http://www.osnews.com/comments/26400

'EU has Large-scale plans for surveillance of all communications'
Linked by Thom Holwerda   on Mon 24th Sep 2012 17:19 UTC

"A leaked document from the CleanIT project shows just how far internal discussions in that initiative have drifted away from its publicly stated aims, as well as the most fundamental legal rules that underpin European democracy and the rule of law. The European Commission-funded CleanIT project claims that it wants to fight terrorism through voluntary self-regulatory measures that defends the rule of law. The initial meetings of the initiative, with their directionless and ill-informed discussions about doing 'something' to solve unidentified online 'terrorist' problems were mainly attended by filtering companies, who saw an interesting business opportunity. Their work has paid off, with numerous proposals for filtering by companies and governments, proposals for liability in case sufficiently intrusive filtering is not used, and calls for increased funding by governments of new filtering technologies." I'll just leave a link here to one of the most popular OSNews articles of all time.

http://www.osnews.com/story/25469

http://www.edri.org/cleanIT

Clean IT – Leak shows plans for large-scale, undemocratic surveillance of all communications
21 September, 2012
»
Compulsory Identification | Internet Blocking | Notice & take-down | Privacy | Access to information | Freedom to publish | Freedom of speech | Wiretapping

This article is also available in:
Deutsch: CleanIT – Pläne zur Überwachung des Internets im großen Stil

A leaked document from the CleanIT project shows just how far internal discussions in that initiative have drifted away from its publicly stated aims, as well as the most fundamental legal rules that underpin European democracy and the rule of law.

The European Commission-funded CleanIT project claims that it wants to fight terrorism through voluntary self-regulatory measures that defends the rule of law.

The initial meetings of the initiative, with their directionless and ill-informed discussions about doing “something” to solve unidentified online “terrorist” problems were mainly attended by filtering companies, who saw an interesting business opportunity. Their work has paid off, with numerous proposals for filtering by companies and governments, proposals for liability in case sufficiently intrusive filtering is not used, and calls for increased funding by governments of new filtering technologies.

The leaked document contradicts a letter sent from CleanIT Coordinator But Klaasen to Dutch NGO Bits of Freedom in April of this year, which explained that the project would first identify problems before making policy proposals. The promise to defend the rule of law has been abandoned. There appears never to have been a plan to identify a specific problem to be solved – instead the initiative has become little more than a protection racket (use filtering or be held liable for terrorist offences) for the online security industry.

The proposals urge Internet companies to ban unwelcome activity through their terms of service, but advise that these “should not be very detailed”. This already widespread approach results, for example, in Microsoft (as a wholly typical example of current industry practice) having terms of service that would ban pictures of the always trouserless Donald Duck as potential pornography (“depicts nudity of any sort ... in non-human forms such as cartoons”). The leaked paper also contradicts the assertion in the letter that the project “does not aim to restrict behaviour that is not forbidden by law” - the whole point of prohibiting content in terms of service that is theoretically prohibited by law, is to permit extra-judicial vigilantism by private companies, otherwise the democratically justified law would be enough. Worse, the only way for a company to be sure of banning everything that is banned by law, is to use terms that are more broad, less well defined and less predictable than real law.

Moving still further into the realm of the absurd, the leaked document proposes the use of terms of service to remove content “which is fully legal”... although this is up to the “ethical or business” priorities of the company in question what they remove. In other words, if Donald Duck is displeasing to the police, they would welcome, but don't explicitly demand, ISPs banning his behaviour in their terms of service. Cooperative ISPs would then be rewarded by being prioritised in state-funded calls for tender.

CleanIT (terrorism), financed by DG Home Affairs of the European Commission is duplicating much of the work of the CEO Coalition (child protection), which is financed by DG Communications Networks of the European Commission. Both are, independently and without coordination, developing policies on issues such as reporting buttons and flagging of possibly illegal material. Both CleanIT and the CEO Coalition are duplicating each other's work on creating “voluntary” rules for notification and removal of possibly illegal content and are jointly duplicating the evidence-based policy work being done by DG Internal Market of the European Commission, which recently completed a consultation on this subject. Both have also been discussing upload filtering, to monitor all content being put online by European citizens.

CleanIT wants binding engagements from internet companies to carry out surveillance, to block and to filter (albeit only at “end user” - meaning local network - level). It wants a network of trusted online informants and, contrary to everything that they have ever said, they also want new, stricter legislation from Member States.

Unsurprisingly, in EDRi's discussions with both law enforcement agencies and industry about CleanIT, the word that appears with most frequency is “incompetence”.

The document linked below is distributed to participants on a “need to know” basis – we are sharing the document because citizens need to know what is being proposed.

Key measures being proposed:

    Removal of any legislation preventing filtering/surveillance of employees' Internet connections
    Law enforcement authorities should be able to have content removed “without following the more labour-intensive and formal procedures for 'notice and action'”
    “Knowingly” providing links to “terrorist content” (the draft does not refer to content which has been ruled to be illegal by a court, but undefined “terrorist content” in general) will be an offence “just like” the terrorist
    Legal underpinning of “real name” rules to prevent anonymous use of online services
    ISPs to be held liable for not making “reasonable” efforts to use technological surveillance to identify (undefined) “terrorist” use of the Internet
    Companies providing end-user filtering systems and their customers should be liable for failing to report “illegal” activity identified by the filter
    Customers should also be held liable for “knowingly” sending a report of content which is not illegal
    Governments should use the helpfulness of ISPs as a criterion for awarding public contracts
    The proposal on blocking lists contradict each other, on the one hand providing comprehensive details for each piece of illegal content and judicial references, but then saying that the owner can appeal (although if there was already a judicial ruling, the legal process would already have been at an end) and that filtering such be based on the “output” of the proposed content regulation body, the “European Advisory Foundation”
    Blocking or “warning” systems should be implemented by social media platforms – somehow it will be both illegal to provide (undefined) “Internet services” to “terrorist persons” and legal to knowingly provide access to illegal content, while “warning” the end-user that they are accessing illegal content
    The anonymity of individuals reporting (possibly) illegal content must be preserved... yet their IP address must be logged to permit them to be prosecuted if it is suspected that they are reporting legal content deliberately and to permit reliable informants' reports to be processed more quickly
    Companies should implement upload filters to monitor uploaded content to make sure that content that is removed – or content that is similar to what is removed – is not re-uploaded
    It proposes that content should not be removed in all cases but “blocked” (i.e. make inaccessible by the hosting provider – not “blocked” in the access provider sense) and, in other cases, left available online but with the domain name removed.

Leaked document: http://www.edri.org/files/cleanIT_sept2012.pdf

CleanIT Project website: http://www.cleanitproject.eu/

Microsoft “code of conduct”: http://windows.microsoft.com/is-IS/windows-live/code-of-conduct

CleanIT's letter to Bits of Freedom about “factual inaccuracies” and their unfulfilled promise to produce a problem definition: http://95.211.138.23/wp-content/uploads/2012/07/20120106-Reaction-blog...

EDRigram article 29 August: http://edri.org/edrigram/number10.16/cleanit-safer-internet-for-terror...

EDRigram article 20 June: http://edri.org/edrigram/number10.12/the-rise-of-the-european-upload-f...

[Lego]

http://www.eldiario.es/politica/investiga-Facebook-personales-corrientes-relacionados_0_54244633.html

El juez investiga conexiones de Internet, perfiles de Facebook y correos personales relacionados con el 25-S
La Audiencia Nacional había requerido a dos bancos información sobre las donaciones económicas al 25-S, pero el juez ha anulado esta mañana la petición

Google y Facebook facilitaron datos para la investigación del 25-S: recopilaron y entregaron direcciones de correo, un número de teléfono asociado a gmail.com y hasta 50 IPs, es decir, el número que identifica y posiciona cada conexión a Internet. Para entregar más datos personales, Google y Facebook remitieron a la Audiencia Nacional al departamento de Justicia de Estados Unidos, donde estas compañías están establecidas.

La Audiencia Nacional quiso saber quién han donado dinero para que el 25-S pudiera organizarse. Según un sumario del juez Pedraz al que ha tenido acceso la periodista de la Cadena SER Pilar Velasco, el magistrado solicitó información sobre los titulares de dos cuentas corrientes relacionadas con la convocatoria y sobre todas aquellas personas que realizaran un ingreso en las mismas. Esta mañana ha anulado la petición al considerar que "es nula para la investigación".
Según la versión policial, las cuentas abiertas en Triodos Bank y La Caixa se utilizaron por ejemplo para fletar autobuses desde diferentes provincias españolas o para preparar la logísitca de la manifestación. Según la SER, la justicia comenzó a investigar el 25-S a partir del 14 de agosto.

Por otra parte, hoy heleído en ABC que los jueces relajan la presión sobre el ministerio ahora que les ha devuelto nosequé días libres que Gallardón pretendía quitarles.

 Y yo, iluso, que pensaba que el poder judicial estaba empezando a transicionar de abajo a arriba. Ja! Me merezco una colleja bien grande.

[Marlow]

Bueno, he descubierto hace poco este hilo (más vale tarde que nunca) y le he dado un buen repaso. Muchos de los artículos enlazados son muy interesantes.
No puedo aportar gran cosa, pero sí que me gustaría recomendaros un libro sobre el uso de Internet que he leído hace poco: "The Shallows" de Nicholas Carr (en castellano, "Superficiales").
 
En teoría se trata de un libro divulgativo, muy documentado, sobre los efectos cognitivos del uso generalizado de Internet (sobre el aprendizaje, concentración, memoria, empatía). Pero también es un resumen o visión general de la historia de las tecnologías, centrado especialmente en el paso de la oralidad a la palabra escrita (con la invención del alfabeto), la aparición del libro y la posterior generalización de la lectura con la invención de la imprenta.
Se centra en eso porque la tesis de Carr es que, así como la aparición de los medios eléctricos/electrónicos en el SXX (televisión, radio, cine) tenían cierta capacidad para desplazar al libro pero no sustituirlo (porque no transmiten texto), Internet sí tiene esa capacidad (y vaticina que a largo plazo es lo que sucederá, y que el libro y su "ética intelectual" quedará como tecnología marginal después de 500 años de hegemonía). A partir de esa premisa, razona sobre los cambios que esa sustitución generaría en la forma y profundidad del pensamiento.
Al principio del libro cita a McLuhan y su "el medio es el mensaje", para advertir que los efectos (inevitables) de las tecnologías no tienen lugar a nivel de opiniones o conceptos, sino en los patrones de percepción (efectos que pasan inadvertidos para quien las usa).

El libro también incluye un capítulo dedicado a Google que no tiene desperdicio. Además, es uno de esos libros que tocan tantas disciplinas que inevitablemente te lleva a otros libros (a mí me ha llevado hasta "Structure of Scientific Revolutions" de Kuhn, por ejemplo).