Announcing Shari Steele as our new executive director

> There is going to be a transition period, where I try to teach her everything she needs to know about Tor

Excellent!

> And in any case, I'm not going anywhere

Excellent! That was my next question.

As you know, Tor needs strong encryption to work. Cryptowars II has gone very "hot" again and needs urgent attention and I think that in her new role Shari should promptly respond to statements like this:

http://www.theregister.co.uk/2015/12/10/us_government_pushing_encryptio…
US government pushing again on encryption bypass
FBI chief and deputy CTO bring issue back to the table
Kieren McCarthy
10 Dec 2015

> "It's not a technical issue," Comey told the Senate Judiciary Committee this week. "There are plenty of companies today that provide secure services to their customers and still comply with court orders. There are plenty of folks who make good phones and are able to unlock them in response to a court order. In fact, the makers of phones that today can't be unlocked, a year ago they could be unlocked."

In particular, I think Shari would be ideal spokesperson to request thehill.com to write an editorial countering this one from an "intelligence professional" (Wither's credentials not otherwise explained):

http://thehill.com/blogs/congress-blog/homeland-security/261237-stand-w…
Stand with our watchers
Tom Wither
25 Nov 2015

Shari already knows enough about the cryptowars, I think, to write a strong response, and I think there's a fair chance The Hill might offer her an editorial slot.

FBI is said to spending a huge amount on PR firms in order to dress up its intense anti-encryption fear-mongering media campaign. It would be interesting to try to find the 2015 figure for FBI from the research described here:

http://thehill.com/business-a-lobbying/business-a-lobbying/262387-feds-…
Feds shelling out billions to public relations firms
Megan R. Wilson
8 Dec 2015

> The federal government has spent almost $4 billion on public relations services since 2007, according to a watchdog group, with more than half of the money going to the world’s largest firms.

One feature of the current media blitz from FBI's PR machine is that the agency is talking up senior FBI officials who happen to be women, as if that somehow makes their illegal malware attacks, surveillance of dissidents, etc. more palatable. Here is a rather simpering profile of Amy Hess which just appeared in WaPo:

https://www.washingtonpost.com
Meet the woman in charge of the FBI’s most controversial high-tech tools
Ellen Nakashima
8 Dec 2015

After excising the gushing over a powerful woman spook, the most salient sentences in the story may be these:

> despite the wizardry of its technologists, who also excel at traditional physical and electronic surveillance, the bureau is at a loss to solve what FBI Director James B. Comey has called one of the most worrisome problems facing law enforcement today: the advent of strong commercial encryption on cellphones where only the user can unlock the data.
> ...
> The advent of strong encryption, however, is presenting Hess with a huge, perhaps insurmountable, challenge. In the past few years, tech firms and app developers have increasingly built platforms that employ a form of encryption that only the user, not the company, can unlock.
>
> The bureau’s encryption dilemma is exacerbated by a chill that settled over the relationship between the FBI and Silicon Valley in the wake of leaks in 2013 about government surveillance by former National Security Agency contractor Edward Snowden.
> ...
> In recent months, the FBI’s conversations with companies have become more productive, she said, “but it’s not to the level we were pre-Snowden.”
> ...
> some agents have created their own tools or bought them commercially.

[e.g. for wardriving or infecting someone with spyware]

> ...
> Privacy advocates also worry that to carry out its hacks, the FBI is using “zero-day” exploits that take advantage of software flaws that have not been disclosed to the software maker. That practice makes consumers who use the software vulnerable, they argue.
>
> Hess acknowledged that the bureau uses zero-days — the first time an official has done so. She said the trade-off is one the bureau wrestles with. “What is the greater good — to be able to identify a person who is threatening public safety?” Or to alert software makers to bugs that, if unpatched, could leave consumers vulnerable?

(Pardon me while I wipe the tears from my eyes.)

The tactic of trying to present FBI as full of motherly love (or something) is rather absurd, considering what happened when NSA tried the same thing a decade ago, playing up the fact that Teresa H. Shea, who was then chief of the SIGINT division and directly in line to become the next DIRNSA, was demoted in disgrace after The Intercept and Buzzfeed reporters followed the money and discovered irrefutable evidence of cozy nepotism, sufficiently odious that Republican senators who are normally lovey-lovey with NSA demanded and got her demotion:

https://theintercept.com/2014/09/19/powerful-nsa-official-involved-pote…
Powerful NSA Official Potentially Self-Dealing With Defense Contractor
Murtaza Hussain
19 Sep 2014

http://www.buzzfeed.com/aramroston/exclusive-nsa-official-is-a-multi-mi…
Exclusive: Top NSA Surveillance Official Is A Multi-Millionaire
Aram Roston and Jacob Fischler

> NSA bureaucrat Teresa Shea and her intelligence-contractor husband are worth at least $3 million, records show. She ran controversial surveillance programs for years, and recused herself last year from decisions about her husband’s employer.

http://www.buzzfeed.com/aramroston/exclusive-family-business-at-the-nat…
Wife: NSA Official. Husband: Exec At Firm Seeming To Do Or Seek Business With NSA
NSA: It’s secret.
Aram Roston

> A large government contracting firm that appears to be doing or seeking business with the National Security Agency employs the spouse of one of the most powerful officials at the agency, according to corporate records, press releases, and company websites. But the NSA has declined to address whether there is a potential conflict of interest or to disclose any information about contracts or the official’s financial holdings.
>
> The spouse, for years, has also had an intelligence technology company incorporated at the couple’s suburban residence in Maryland.
>
> The NSA official, Teresa H. Shea, is director of the Signals Intelligence Directorate, which means she oversees electronic eavesdropping for intelligence purposes. She’s held that crucial position since 2010. SIGINT, as it is called, is the bread and butter of NSA espionage operations, and it includes intercepting and decoding phone calls, whether cellular or landline; radio communications; and internet traffic. Shea’s directorate was involved in the controversial domestic surveillance program, much of which was revealed by Edward Snowden.
>
> As for Shea’s husband, James, he is currently a vice president at DRS Signal Solutions, part of DRS Technologies, a major American defense contracting company owned by the Italian defense giant Finmeccanica. On his LinkedIn page, he boasts of his “core focus” in “SIGINT systems,” and cites his employer, DRS, for its work in “signals intelligence, cyber, and commercial test and measurement applications.”
>
> According to Maryland state records, James Shea is also the current resident agent of a company called Telic Networks, which he founded in 2007. The firm is registered at the couple’s home in Ellicott City, Maryland. On his LinkedIn page, Shea states that he was president of Telic until 2010. Telic’s rudimentary website describes its expertise in SIGINT, maintaining that the firm’s personnel have a history of developing innovative hardware and software solutions for difficult SIGINT and ELINT [electronic intelligence] problems.” Telic’s incorporation records say it is a “government and commercial contracting and consulting” company.

You might remember from our discussion last September of the Intercept story on the Sheas that DRS is one of several closely related companies, including DRT, the company which is best known for producing NSA's drone-borne "IMSI catcher", the so-called "DRTBOX" which has allegedly been used extensively to attack every WiFi device in entire countries. James Shea was also listed as an officer of that firm. As far as I know, none of these companies have gone out of business, no changes have been made to their no-bid contracts with NSA, James Shea is still involved with DRS, and Teresa Shea is not losing her pension.

https://www.truthdig.com/report/item/top_10_signs_the_us_is_the_most_co…
Top 10 Signs the U.S. Is the Most Corrupt Country in the World (Video)
Juan Cole
13 Dec 2015

> Speaking of immediate upcoming events, there are six (holy cow, six) Tor or Tor-community events at 32C3. We'll post a more detailed list soon I hope.

Is Shari going? Would be an excellent opportunity to quietly discuss in person with key colleagues the thorny issue of contingency plans in case (against current optimistic expectations) US, FR, or another important country outlaws Tor or Tails or non-backdoored-encryption outright. Also a great opportunity to make personal connections and build community, which is one of the most important things Tor and friends must do right now.

If Julia Angwin is going, she would be a terrific reporter to talk to, especially about the suggestion that HS could be ideal for protecting sensitive medical information. Also about HIEs (Health Information Exchanges), aka "watering hole sites", CVE (Countering Violent Extremism) and secret "citizenship scores", aka state-sponsored discrimination. Americans need to know that as their nation transitions to a one-party government (as GOP seems likely to self-destruct), Clinton is really no better than Trump, just more cryptic about things like targeting American children aged 3-7 for CVE and prospective citizenship scores.

If Shari has never read Julia's book Dragnet Nation I hope she can put it in on her holiday reading list!