Day of Action: Stop the Changes to Rule 41

by ailanthus | June 21, 2016

Today and tomorrow, the Electronic Frontier Foundation is partnering with the Tor Project and a broad coalition of groups for a Worldwide Day of Action protesting changes to Rule 41 of the US Federal Rules of Criminal Procedure. These changes will allow federal magistrate judges to grant search warrants to the Department of Justice (including the FBI) to legally hack into computing devices that use Tor or a VPN—-wherever the devices are--starting on December 1, 2016. EFF has organized a coalition of organizations and companies—from Fight for the Future to PayPal—to oppose these rules—but this is an uphill climb, and we need your help.

The broad search warrants allowable under these new rules will apply to people using Tor in any country—even if they are journalists, members of a legislature, or human rights activists. They will allow the FBI to hack into a person’s computer or phone remotely and search through and remove their data.

There are already examples of the FBI using one warrant to gain access to thousands of computers, and US Senator Ron Wyden has said that "Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once."

This pattern of abuse will only be exacerbated by more judges issuing these hacking warrants. The warrants must still be part of a criminal investigation and issued by a judge, but we're deeply concerned about the dramatic rise in government hacking this rule change is likely to cause.

The purpose of tomorrow’s Worldwide Day of Action is to educate people and mobilize them to act--either by signing a petition or emailing US Congress (depending on where they live). Then, members of US Congress will use this public pressure to try to pass the “Stop Mass Hacking Act” (#SMHAct), draft legislation that would block these rule changes.

Senator Wyden (D-OR) and a bipartisan group of members of Congress
are sponsoring this bill. They are deeply troubled that such sweeping infringement on personal privacy is happening through a seemingly trivial rule change.

Already, many Tor users can view the campaign banner on the Tor website and click through to sign the petition or contact US Congress. A special campaign website (NoGlobalWarrants.org) will launch starting at about 9:30 am UTC Tuesday. If the banner isn’t working for you, go directly to NoGlobalWarrants.org after that time.

Please sign the petition or contact Congress, and then tweet and retweet about this situation--all day if you can. Email your lists. Tell your friends. Tweet photos of yourself (or your cat) with a handwritten sign.

Do whatever you think will help get people to act.

Comments

Please note that the comment area below has been archived.

I think trends are ebbing the tides of legal change. The strongest solution would be to focus on the integrity of Tor browser. Capitol hill does not use Tor or even understand encryption. They have no skin on the side of web anonymity. Drive your funds to the research and developement cause. This should be the underlying screaming focus.

> Capitol hill [US Congress] does not use Tor or even understand encryption. They have no skin on the side of web anonymity.

This is not quite right. Some Senators (e.g Ron Wyden) certainly do "get it". And many staffers are very aware that USIC, FBI, and US military operatives are spying on them (not to mention foreign intelligence services). I'd love it if more of them were more aware of the astonishing scope and variety of the spyware employed to target high profile employees such as US Congressional staffers, but it's certainly not the case that all of them are entirely ignorant of what is going on.

Further, leaks and other evidence strongly support the view that our enemies actually worry quite a lot about possible future successes in the political/legal arena by advocacy groups such as ACLU and EFF.

Just think about this: early in the history of FBI, ACLU cofounder Roger Baldwin came very very close to eliminating the agency (then called Bureau of Investigation) entirely. Unfortunately he decided that then Acting Director J. Edgar Hoover seemed like an earnest young man determined to clean up corruption scandals, who had nothing to do with the Palmer raids. In fact, Hoover had personally engineered the Palmer raids. He did clean up the corruption, but he also did everything possible to keep FBI focused on harassing "radicals" and other domestic dissidents. Hoover headed FBI for almost another five decades, and while FBI has had many other Directors since, it continues to fit the mold which Hoover created.

The good news is that ACLU has long since gotten wise to FBI's deceits. And while it is true that most in the US Congress continue to tell Comey "Lie to us!", a growing number of members are becoming more and more concerned about FBI's many, many, many abuses. Some are even starting to think that perhaps applying some "metrics" to FBI itself might not be a bad idea, in an election year. Nothing could terrify FBI more than being subject to some actual fiscal oversight.

Tor Project needs to do a bit of everything. Code. Code audits. R&D. Political engagement. Media engagement. Most of all, Tor Project needs to change the funding model;

You might only be joking, but if not, if you speak French, one town where techies can relocate is Grande-Synthe, in the North of France:

http://www.truth-out.org/news/item/36499-combining-welcome-for-migrants…
How One French Town Combines Welcome for Migrants, Ecology and Social Emancipation
Olivier Favier and Translated by Leslie Thatcher, Basta
22 Jun 2016

Advantages of moving to Grande-Synthe:

o popular socialist government
o ecologically conscientious
o universal basic income
o locals poor but friendly
o popular local university organized as grassroots community effort

>It's time to leave $(any_jurisdiction) ...
Because this will be in any jurisdiction. It is damn unprofessional not to pass such legislation in any other jurisdiction.

What else it's time to leave?

>It's time to leave the cruel world.
you say? Feel free to leave, if you want, but please don't cry and scream anymore.

June 21, 2016

Permalink

How can they hack if i am using a secure computer and follows computer security practices ?

> "How can they hack if i am using a secure computer and follows computer security practices?"

Permit me to rephrase your question in a more pointed manner:

"How can the FBI hack my laptop/PC if I am using Tor Browser on Debian 7, update my software regularly, and am not doing anything wrong?"

A full answer would be far too complex (and well beyond my technical knowledge), but in general terms, the short answer is:

o Tor Browser is based on Debian iceweasel, which derives from Mozilla Firefox, the most widely used (and one of the most attacked) browsers in the world, so the bad guys have a head start,

o web browsers are among the most complex items of software to be found in most personal devices, and therefore, among the most vulnerable,

o regular updates help, using an OS with a fairly good reputation for security helps, but given the enormous attack profile of the web browser, these things are not enough to keep you safe,

o it is well beyond the abilities of a conscientious individual citizen to prevent a well-funded determined mass-hack attacker from looking for and very possibly finding undisclosed vulnerabilities affecting many users,

o in at least two recent instances, it is known that USG paid more than a million dollars to buy an zero-day vulnerability for the purpose of attacking a single iPhone and the Tor network respectively,

o the Snowden leaks include dozens of documents which prove that NSA and its nasty little sidekick GCHQ have an intense interest in compromising the Tor network; these agencies virtually define the notion of a "intelligence agency with a global reach, lethal assassination capabilities, an unlimited budget, and subject to no moral/legal restraint whatever",

o USG is increasingly adopting the attitude which has been pushed by FBI for decades, the view that people should be subjected to "interventions" and even punishment (even the death penalty), not because USG suspects them of having done anything wrong in the past, or even planning to do something wrong tomorrow, but because some Bayesian predictive analysis algorithm running as a neural net on some government computer has flagged them as harboring the potential to do something wrong years or decades in the future,

o FBI psychologists are tragically familiar with an extensive body of academic research which supposedly provides "scientific proof" [sic] that (i) genetic "flaws" (ii) exposure to "adverse experience" in childhood predispose a person to commit violent acts in future; for example, a child who witnesses his father beating his mother is supposedly much more likely [sic] to beat his own wife or even to commit a terroristic act in the future, a girl who is abused sexually at age six is much more likely [sic] to grow up to become a teacher who sexually abuses her own students, etc,; this literature encourages FBI to demand the authority to punish people, not because they are suspected of having done anything wrong, but because as victims in childhood, they are allegedly predisposed to become victimizers as adults, which amounts to re-victimizing people throughout their entire lives in retaliation, not for anything they did as a child, but because of something which was done to them as a child--- and how, Director Comey, could that possibly be consistent with any reasonable notion of justice or a desire to protect children from lasting harm?

o no citizen could possibly be more innocent than preschoolers aged 2-7*, yet this is the very group which FBI is targeting with its most horrid precrime programs--- don't believe it because I say so, believe it because their own internal policy memoranda say so (more and more of these documents will be published in the near future, I think),

o nothing could better illustrate the extent to which the USG has transformed from the servant of the People to the chief Enemy of the People than the idea that USG is encouraging FBI to break into and steal or alter data in millions of computers owned by other people anywhere in the world, people for whom nothing approaching probable cause is demonstrable, and indeed, people whom FBI does not even really suspect have done anything wrong, but only suspects that they may have the technical means (Tor) to do something wrong in the future,

o "something wrong" is defined not by public court proceedings, but by an unappealable uncorrectable secret finding that someone might in future do something contrary to the interests of the financial/political elite which has essentially bought the USG, or even: contrary to the interests of one of USG's "security partners", such as Israel, Saudi Arabia, UAE, Egypt, or in future, perhaps Russia, China, Vietnam....

And by the way, one little factoid revealed by a Snowden leaked document: anyone who visits a torproject.org website (such as this blog), even if they are not using Tor, is viewed as a potential threat to the national security of the USA. So you may not think you were doing anything wrong by surfing to this blog, but NSA takes a very different view, and they are just about the most evil bad guys ever, the guys who might just decide to target you with a bit of American Hellfire. Or even (as per Trump and Cruz) a nuclear weapon.

*2-7: it was 3-7, but the target age was just decreased after claims that fMRI scans of toddlers can identity [sic] future rapists, maybe even terrorists

Zero day vulnerabilities. Ethical people and organizations give these to the sofyware-makers for the vulnerabilities to be fixed. Unethical organizations, those craving power and other negative forces in the human race sell and buy these vulnerabilities and then use them to attack people and make everybody less secure along the way.

Private exploits for billions of dollars + hacking hackers with them and getting a lot more private exploits and exploits developers for free not putting them into prison.

June 21, 2016

Permalink

It would be more interesting if computers could not be hacked that easily...designing more secure OSs,software,and educating people on digital security.The simple fact that a judge can ask a government hacker: "get into and extract what's interesting of that computer" is disgusting.

> get into and extract what's interesting

Oh, it's much worse than that. If the state sponsored cyber-intruders find nothing sufficiently interesting to "justify" their loving attentions to someone else's computer, perhaps located halfway around the globe from Quantico, there is nothing to stop FBI from *planting* "something interesting". Such things happen quite often in the case of physical searches, especially when some "law enforcement officer" realizes he/she has broken a law and feels the need to cover their own arse.

Now think about cyber "effects". There is nothing to stop CIA from asking FBI to plant evidence on the computer of some blogger in Switzerland (perhaps someone opposed to the latest US sponsored trade agreement, say), and then denouncing the victim to local police agencies who raid, seize, arrest, try, sentence, jail. How convenient for those in the USG who are bent upon "shaping" the world to suit the agenda of their masters, the US financial/political elite.

June 21, 2016

Permalink

It's sad there's so much bluster and bullshit in media that they can't bother to report things like this.

Some reporters do report on these issues. Try following theintercept.com, techdirt.com, arstechnica.com, propublica.org, buzzfeed.com, motherboard.vice.com, thehill.com, for example. Try looking for stories by Glenn Greenwald, Julia Angwin, David Kravets, Mike Masnick, Marcy Wheeler, for example.

Not a complete list by any means.

But couldn't agree more about "mainstream media". ABC, CBS, NBC are full of lazy jackasses.

June 21, 2016

Permalink

That should go all the way to the presidential race, what the future candidates
think about it. Will they get my vote if they stand by it ?

one of them is for us citizens inside _ protecting them _trump_the second is for relation outside_hilary_.
your vote is important for the both _ trump will spy only the non-American and hilary the american_involved in her business.

June 21, 2016

Permalink

(resubmission)

The need for browser hardening is evident from leaks from the notorious intrusion-for-hire company Hacking Team, and from the disclosure of huge USG payments for hacks into onion service websites.

On the political side, support is coming from such surprising sources as former White House cybersecurity chief Ari Schwartz, who argues in a new paper that FBI should be forbidden from paying for hacks, specifically citing a huge payment for hack into an encrypted iPhone used by the San Bernardino killers:

http://www.theregister.co.uk/2016/06/17/fbis_iphone_hack_should_be_barr…
FBI's iPhone paid-for hack should be barred, say ex-govt officials
Cybersecurity bods argue for formalizing zero-day disclosure rules
Kieren McCarthy
17 Jun 2016

> Although the question over whether to disclose a security hole is complex, it is not so complex as to avoid a clear set of rules, say Knake and Schwartz. They don't agree with Bruce Schneier's argument that all zero-day holes should be disclosed immediately regardless of their potential value, and instead highlight a possible case where disclosure would result in the loss of valuable intelligence in an ongoing investigation.
>
> That does not include the FBI's $1.2m purchase of a hack, however. One of the paper's recommendations is that government agencies be "prohibited from entering into non-disclosure agreements with vulnerability researchers and resellers" – which is what the FBI did in buying access to the San Bernardino shooter's phone from an unnamed third party and then claiming it cannot disclose how it did so.

About a month ago some US legislators who expressed doubts about the effectiveness of FBI's rapidly expanding precrime programs, including its CVE programs targeting American schoolchildren, called for a careful scientific evaluation of FBI's precrime risk scores. Unfortunately, this brief window of opportunity for moment of sanity in the halls of USG power was closed by the mass shooting in Orlando. Also torpedoed: the email privacy bill, which had been expected, until the Orlando massacre, to pass unanimously.

FBI's dragnet surveillance programs almost always escape oversight. One of the very few exceptions is the enormously costly decades old disaster known as NEXTGEN, the FBI's much vaunted biometric identification program. After steady legal work by ACLU gradually revealed more and more clearly the failings of this program, GAO finally asked whether FBI's dragnet biometric programs are cost effective, and their report, just published, is extremely damaging to FBI's carefully guarded reputation:

http://thehill.com/policy/technology/283651-watchdog-fbi-doing-limited-…
Watchdog slams FBI's facial recognition database testing
David McCabe
15 Jun 2016

> The FBI has not appropriately tested its facial recognition database, according to a government watchdog report released on Wednesday. The agency maintains a database — called the Next Generation Identification-Interstate Photo System (NGI-IPS) — of photos and other biometric data that can be used in pursuing cases. The Government Accountability Office (GAO) said the agency had only done "limited" testing of its accuracy in situations in which officers were summoning a list of more than 50 potential matches, and did no testing when summoning a list of fewer than 50 potential matches. It also hasn’t tested the accuracy of the state and federal systems the FBI can access during investigations. “By taking such steps, the FBI could better ensure the data received from external partners is sufficiently accurate and do not unnecessarily include photos of innocent people as investigative leads,” said the watchdog.

For those familiar with ROC curves, a decade ago FBI tried to set some standards for the facial identification (in dragnet CCTV video) component of NEXTGEN. Specifically, they declared that the probability of false negatives to be below 5% and the probability of false positives to be below 2%, which is somewhat more stringent than some credit card fraud detection scores, and comparable to some medical testing scores. Five years after that when their own studies showed NEXTGEN was failing miserably to meet those standards, FBI simply dropped all accuracy requirements. Pretty amazing even for an agency with a century old track record at complete failure at every "national security" mission it has ever taken on, especially when FBI and its parent DOJ are pushing so hard for "evidence-based" precrime assessments of all American citizens.

And an excellent example of data journalism from Propublica has shown that the most widely used precrime scoring system in the US "justice" system [sic], from a little known Canadian company called Northpointe Inc, fails to meet even the low bar set for scoring systems which cannot result in persons being deprived of their freedom, much less the stronger standards common in clinical situations such as cancer testing (but not in psychiatric testing, where once again, unevaluated and dubious precrime scoring algorithms are sprouting like weeds, and being marketed to companies anxious about their employees and municipal governments anxious about local residents):

https://www.propublica.org/article/senates-popular-sentencing-reform-bi…

If you think COMPAS is bad, FBI's precrime scores are much worse, and far more dangerous, especially to privacy-minded citizens who use Tor (which USG tends to view as a "red flag" for all manner of suspected potential misconduct).

The GAO report also revealed the existence of a second vast FBI dragnet surveillance facial ID program, called FACE, which is also being developed without any oversight or requirement for meaningful evaluation.

Meanwhile, FBI is demanding that NEXTGEN and FACE be exempted from the Privacy Act, on of the very very few (outdated and weak) laws protecting some of the privacy of US persons, and they demand that the videos recorded by the hidden cameras be exempted from FOIA requests.

Among the controversial sources for NEXTGEN/FACE imagery are surveillance cameras which secretly placed on municipal utility poles, where they are hidden by "concealments" (in FBI parlance) to prevent alert passersby from noting the surveillance.

In recent court filings FBI has argued that revealing the location of the hidden cameras would violate the privacy of precrime suspects who have not yet been charged (naturally, because they haven't done anything wrong), or cause their unsuspected neighbors to become paranoid about USG intentions toward their own households. Because, you see, the pole cams record the comings and goings of everyone who passes by the hidden cameras, not just the current "person of interest". Even more striking, FBI argued that their own agents are afraid of having their identities leaked (perhaps the watching agents are also imaged sitting in their surveillance vehicles/trailers?). Reading into this zany argument I see evidence that the USIC leadership is very anxious about being charged in absentia and maybe even extradited to face trial for war crimes:

http://thehill.com/policy/national-security/282689-former-cia-officer-f…
Former CIA officer faces extradition to Italy for Bush-era efforts
Julian Hattem
8 Jun 2016

> A former CIA officer appears set to be extradited to Italy over allegations about her role in the kidnapping and “extraordinary rendition” of an Egyptian man during the George W. Bush administration. Sabrina de Sousa told news outlets on Wednesday that the extradition process has already begun after the constitutional court in Portugal rejected her final appeal. If the process is finalized, she would become the first person to ever be charged, extradited and jailed over the CIA’s “extraordinary rendition” program, which was carried out under the Bush administration to seize suspected terrorists and bring them to another country for interrogation.
>
>In 2014, de Sousa was convicted in absentia by an Italian court for participating in the 2003 abduction of Egyptian cleric Hassan Mustafa Osama Nasr off a street in Milan and ferrying him to be questioned in Egypt. According to his wife and Italian prosecutors, the cleric, also known as Abu Omar, was subjected to beatings and electric shocks to his genitals.

Such is the political background which underlines the urgent necessity for projects like the Tor Browser hardening program.

I hope Tor users will consider making a donation to support browser hardening, reproducible builds, and other TP initiatives intended to counter unconstitutional state-sponsored-hacking and dragnet surveillance.

> For those familiar with ROC curves, a decade ago FBI tried to set some standards for the facial identification (in dragnet CCTV video) component of NEXTGEN. Specifically, they declared that the probability of false negatives to be below 5% and the probability of false positives to be below 2%

I should clarify: the GAO report mentions quite different and much less stringent figures:

Pr(E|H) <= 0.85 < 0.95

Pr(E|~H) <= 0.20 > 0.02

Indeed, in the early days, FBI stipulated 0.95 and 0.02 respectively, but as it became clear that NEXTGEN was never going to approach that standard (which is comparable to some medical tests used in a clinical setting), FBI drastically lowered the standards to 0.85 and 0.20 respectively. Years later, as it became clear that NEXTGEN would never hurdle that low bar, FBI removed any requirement for a Pr(E|~H) standard at all. As the GAO authors point out, this renders the other element of the ROC curve, Pr(E|H) meaningless. And once it became clear that even this meaningless miserably low standard could never be met by NEXTGEN, FBI removed all "evidence-based" standards entirely.

This process is documented in painful detail in internal FBI documents obtained under FOIA and published by ACLU.

Such humiliation by FOIA is of course the reason why FBI is trying so hard to exempt itself from *all* FOIA requirements, just as it is trying to win exemption from all Privacy Act requirements.

Its the federal version of the mantra all too familiar to anyone who has ever come in for a bit of racially motivated stop-n-frisk: "Who are you gonna call, the cops? We *are* the cops!"

And then they wonder why The People view them as their enemy. American cops. Strange, strange people.

There is a technical point here. Try plugging figures suitable for terror suspects, such as Pr(H) = 10^-6, into Bayes's formula

Pr(H|E) = Pr(E|H)/Pr(E)*Pr(H) = Pr(E|H)/(Pr(E|H)*Pr(H) + Pr(E|~H)*(1-Pr(H))* Pr(H)

Compute the probability of a false accusation by algorithm, Pr(~H|E) = 1-Pr(H|E). Conclude that even a "highly accurate" national facial ID system would be hopeless. Congratulations! You've just done a computation which could and should have saved the USG a rather staggering sum of taxpayer funded wastage which is stated in the GAO report, but which I find to depressing to hunt for right now.

NEXTGEN? Like the very existence of the FBI itself, it's worse than wrong, its just plain stupid.

According to the docrines of Milton Friedman, no business entity as inadequate as FBI should be permitted to exist in a free market society. Yet FBI staggers on from disaster to disaster, securely hidden from the shame it so soundly deserves by the impenetrable wall of secrecy which FBI has always used to cover up its enormous shortcomings. Even so, after a century of failure after failure after failure, perhaps the US Congress will finally put this national embarrasment out of its misery. Never was a dose of euthanasia more richly warranted.

June 21, 2016

Permalink

@ Tor Project: thank you for posting this!

Plus one for making the campaign more visible.

@ Tor users: even if you don't live in the US, this affects you! If you do, please call your Congress persons.

These are various dangerous times for anyone who believes in human rights, the Rule of Law, who is politically active, does serious journalism, or stands out from the crowd in some way.

June 21, 2016

Permalink

(resubmission)

@ all Tor people: you are the greatest! More like this please!

https://motherboard.vice.com/read/tor-is-teaming-up-with-researchers-to…
Tor Is Teaming Up With Researchers To Protect Users From FBI Hacking
Joshua Kopstein
19 Jun 2016

> The FBI has had a fair amount of success de-anonymizing Tor users over the past few years.

Not quite right; FBI has taken down certain onion services, but that is not the same thing as successfuly deanonmyzing users of Tor Browser Bundle or Tor Messenger. It is not even clear that FBI's takedowns have reduced the number of onion services (hidden sites), or the extent to which FBI targets suspected BLM activists and human rights researchers vs suspected pron/drug purveyors.

As always, those whose duty is to oversee FBI insist on looking the other way, even insist that FBI and other USIC agencies get creative and lie to them.

> Despite the encryption software's well-earned reputation as one of the best tools for online privacy, recent court cases have shown that government malware has compromised Tor users by exploiting bugs in the underlying Firefox browser—one of which was controversially provided to the FBI in 2015 by academic researchers at Carnegie Mellon University.
>
> But according to a new paper, security researchers are now working closely with the Tor Project to create a “hardened” version of the Tor Browser, implementing new anti-hacking techniques which could dramatically improve the anonymity of users and further frustrate the efforts of law enforcement.

See also

https://www.ics.uci.edu/~perl/pets16_selfrando.pdf

> controversially provided to the FBI in 2015 by academic researchers at Carnegie Mellon University.

Academic researchers at that university have done even worse things.

Kathleen Carley has apparently provided the software which NSA/CIA use to decide which persons/villages/funerals to strike with drone-borne missiles in various war-torn desperately impoverished regions of the world.

See Harry Goldstein, "Modeling Terrorists", IEEE Spectrum, Sep 2006.

Now contemplate what things, ten years later, USG is planning to do to Tor users.

Left to themselves, governments never become better behaved,they only become even more criminal. But when everything is done in darkest secrecy, governments are impervious to outside scrutiny. So voices of moderation cannot even try to rescue The People from the consequences of the government's criminal acts.

Two US Attorneys General have very pointedly refused to rule out drone strikes on US citizens carried out inside the USA.

Yes, just like those hapless villagers halfway around the globe, Americans also are becoming targets in the War on US.

> How would they "hack" computers running Tor?

My understanding is that Tor itself is thought to be quite secure. The problem is that Tor Browser is, like any web browser, an enormously complex piece of software.

If you have read David Kahn's classic book, The Codebreakers, you might recall how the father of American cryptography, William F. Friedman, broke the "book code" used by a Hindu nationalist (at a time when the Raj still ruled in India). That code used page, line, and letter "coordinates" in a reference book to painfully spell out plans "to make a revolution in Hindustan". In much the same way, the bad guys can potentially use a complex piece of software to in effect "load" and execute a functioning malware simply by jumping from place to place inside some complex piece of software which has been loaded into memory by the legitimate user of your computer.

The next generation of hardened Tor browsers will exploit a sophisticated form of randomly reorganizing how running code is stored in the memory of your computer, while you are surfing the web using Tor Browser, which should make it much harder for the bad guys to trick your computer into helping them spy on you.

Mozilla provides a steady stream of security vulnerabilities. Mozilla quite literally needs years to fix some of them. You can be 100% certain that a large number of 5-eyes agencies have access to all reported security issues and can create 0-day exploits if they want to.

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-es…

An article on what the NSA does:
https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

> You can be 100% certain that a large number of 5-eyes agencies have access to all reported security issues and can create 0-day exploits if they want to.

Yes, but we all need to remember that just because the bad guys have hundreds of coders on salary and a list of tens of thousands of serious vulnerabilities in tens of thousands of softwares does not mean that our position is hopeless. It takes time and effort to develop malwares and each may only be effective for a very small number of users, and the next update may close a vulnerability *accidentally*. Further, our enemy is drowning in information and facing increasing opposition from the very industry on which the bad guys depend in order to prosecute the War on Us.

It's an arms race, and we are not losing this race. We may not yet be winning by a mile, but we are keeping pace, and as more people join our cause, we will pull ahead.

June 21, 2016

Permalink

Another ruling unfavorable to Tor users concerning Rule 41b (this time from a case being heard in Norfolk, VA):

techdirt.com
Judge In Playpen Case: FBI's Warrant Is Valid, Even If Its Claims About No Privacy In IP Addresses Are Not
Tim Cushing
20 Jun 2016

> ...
> The FBI must have felt its NIT deployment would be considered a search. That's why it obtained a warrant in the first place. But it's been frantically peddling "not a search" theories as court after court has declared its warrant invalid because the searches were performed outside of the issuing magistrate's jurisdiction.
>
> In this case, the issue of whether or not the NIT deployment was a search has not been disputed by either party. The court addresses it anyway because it affects the reasoning that follows.
>
> Before reaching the merits of Defendant's motions, it will be useful to address a preliminary question unaddressed by the parties: Was the deployment of the NIT a "search" of Defendant's computer within the meaning of the Fourth Amendment? If the use of the NIT was not a search, the Fourth Amendment was not implicated, no warrant was required, and any violation of Rule 41(b) irrelevant.
>
> Rule 41(b), which may be drastically altered by the end of this year, restricts searches to the jurisdiction where the warrants were issued. The FBI is well aware of the deficiencies of its NIT warrant, which is why it presented this legal theory to court in response to an earlier motion.
>
> The government in its response to Defendant's First Motion to Suppress never argues that no warrant was required because deployment of the NIT was not a Fourth Amendment search. See Gov't's Resp. to First Mot. at 15-38. In failing to raise this argument when it would have been appropriate, the government has likely waived it. The government does, in justifying the scope of the warrant, argue that Defendant had no reasonable expectation of privacy in his IP address, even though he was using the Tor network.
>
> The court blows past the "no expectation of privacy in IP addresses" for the moment, instead focusing on the execution of the FBI's NIT.

So far, Rule 41b motions to suppress (all have been denied using various legal casuistry) have occurred in the context of cases which arose from FBI takedowns of websites published anonymously via onion services which enabled criminal actions (e.g. objectionable pron or narcotics). It is very important that when US citizens call their congressional representatives, that they stress the danger that precedents set in such cases could easily be extended to target controversial bloggers, investigative journalists, and human rights activists anywhere in the world, regardless of which candidate wins the forthcoming US Presidential elections.

USG has formal or informal "information sharing" agreements with repressive governments such as Saudi Arabia, Israel, and is forging similar agreements with Russia, China, Vietnam and other governments which routinely target bloggers, journalists, political activists, and human rights researchers.

Further, USG is under continual pressure (internal, from FBI/CIA etc, and external, from editorialists who publish in journals such as Foreign Policy, papers such as WaPo, or websites such as Politico) to move down ever more authoritarian paths. This pressure is by no means coming only from one political party, but from all sides.

The reaction to the Orlando massacre has been particularly disturbing. To mention just one example, an editorial by Michael Hirsh in Politico calls for perpetual investigation of all "troubled" US citizens on the grounds that they *might* in future commit some horrid act:

http://www.politico.com/magazine/story/2016/06/orlando-terrorism-fbi-om…
Why Didn’t the FBI Stop Omar Mateen?
The face of terrorism is changing. And critics say the bureau has been too slow to catch on.
Michael Hirsh
17 Jun 2016

> ...
> Based on the accounts of his aquaintances and family, Mateen also appears to have been a deeply conflicted and possibly self-loathing homophobe who drank heavily, took drugs, dated men, frequented the same club he later attacked, Pulse, and used a gay dating app—not the sort of behavior one would expect of a faithful soldier of Islam... Mateen appears, in fact, to have been less a soldier than yet another deeply disturbed American (born in Trump’s own home borough of Queens), who was full of hatred and uncontrollable anger—an example of what law enforcement officials describe as an aspiring violent criminal searching for a larger justification for the acts he’s desperate to commit.
>
> Could Mateen have been caught? It’s unfair to expect that U.S. law enforcement can track and stop every would-be terrorist. But perhaps the toughest thing to explain about the worst mass shooting in U.S. history is how a man who was interviewed three times by the FBI ended up buying, unnoticed, an entire arsenal and then gunning down, unsurveilled, more than 100 people.
> ...
> It’s unreasonable—and perhaps undesirable—to expect that the FBI and counterterrorism officials should be tracking intent rather than action, in effect predicting possible future crimes like the psychics in the movie Minority Report. But... [ISIS has] got an army at home in Syria and Iraq, and around the world it features an evanescent, twilit army of quasi-recruits who behave somewhat like quantum terrorists; they are neither one thing nor another but both somehow, Americans with unblemished records one day, remorseless murderers the next. Or as Comey somewhat awkwardly described it, the FBI must not only find “needles in a nationwide haystack” but also figure out “which pieces of hay might someday become needles.”
> ...
> [Former FBI agent Michael] German, a fellow at the Brennan Center for Justice at NYU Law School, agrees that Mateen and Roof are of the same ilk. “Like Dylann Roof, this was someone who had anger building up and wanted to find some hook that would justify it, or find a community that would accept this as righteous,” says German. “That was his ‘radicalization.’”
>
> Some experts say there is in fact a solution and model for doing a better job of tracking this new threat—the one used by the U.S. Secret Service to keep the president safe. “It’s going to take adopting an approach used by Secret Service for years, a combination of law enforcement, risk assessment and then intervention, even if there’s no arrest,” says [academic "terrorism expert" John] Cohen. For decades, the Secret Service has gone further than simply investigating and prosecuting threats to the president. Even if agents don’t arrest a suspect who, say, posts something threatening online, the Secret Service will take additional steps to assess if that person poses risks of committing a crime in the future based on psychological and behavioral characteristics—for example like the threatening and Islamist-sympathizing statements Mateen was said to have made to co-workers in recent years. They’ll also try to connect the individual with mental-health, educational and religious authorities from the community.
>
> As Politico Magazine reported in March, the FBI has sought to develop these community intervention models—using a relatively new concept called Shared Responsibility Committees—but they are still largely in their infancy, and they are somewhat controversial because of their intrusiveness and stigma of ethnic profiling, especially within American Muslim communities.

Michael Hirsh neglects to mention another reason why FBI's CVE programs are so controversial: they focus on "interventions" in the lives of troubled schoolchildren. FBI is already demanding that high school teachers report troubled students. But far more troubling is the fact that, according to their own literature, FBI's ultimate target group consists of preschool children aged 3-7.

FBI's Shared Responsibiity Committees will include psychologists as well as educators, social workers, and counter-terrorism officials. Why?

Because there is a whole host of academic journals which publish articles claiming that "adverse events" develop into adults who have higher blood pressure

Gooding, H., Milliren, C., McLaughlin, K.A., Richmond, T., Katz-Wise, S., Rich-Edwards, J., & Bryn-Austin, S. (2014). Child maltreatment and blood pressure in young adulthood. Child Abuse and Neglect, 2852, 1-8.

are more obese

Gooding, H.C., Miliren, C., Austin, S.B., Sheridan, M.A., & McLaughlin, K. A. (2015). Exposure to violence in childhood is associated with higher body mass index in adolescence. Child Abuse & Neglect.

are more likely to suffer from heart disease

Hatzenbuehler, M.L., Slopen, N., & McLaughlin, K.A. (2014). Stressful life events, sexual orientation, and cardiometabolic risk among young adults in the United States. Health Psychology, 33, 1185-1194.

are more likely to suffer from major mental illnesses such as depression

Roberts, A.L., Chen, Y., Slopen, N., McLaughlin, K.A., Koenen, K.C., & Austin, S.B. (2015). Maternal experience of abuse in childhood and depressive symptoms in adolescent and adult offspring: A 21-year longitundinal study. Depression and Anxiety, 32, 709-719.

PSTD

McLaughlin, K.A., Busso, D.S., Duys, A., Green, J.G., Alves, S., Way, M., & Sheridan, M.A. (2014). Amygdala response to negative stimuli predicts PTSD symptom onset following a terrorist attack. Depression and Anxiety, 00, 1-9.

mania

Gilman, S. E., Ni, M. Y., Dunn, E. C., Breslau, J., McLaughlin, K. A., Smoller, J. W., & Perlis, R. H. (2015). Contributions of the social environment to first-onset and recurrent mania. Molecular Psychiatry, 20, 329-336.

ADHD

Gilman, S. E., Ni, M. Y., Dunn, E. C., Breslau, J., McLaughlin, K. A., Smoller, J. W., & Perlis, R. H. (2015). Contributions of the social environment to first-onset and recurrent mania. Molecular Psychiatry, 20, 329-336.

"conduct disorder" (speaking back to the teacher, lobbing spitballs, pulling pigtails)

Wiesner, M., Elliott, M.N., McLaughlin, K.A., Banspach, S.W., Tortolero, S. & Schuster, M.A. (2015). Common versus specific correlates of fifth-grade conduct disorder and oppositional defiant disorder symptoms: comparison of three racial/ethnic groups. Journal of Abnormal Child Psychology, 43(5), 985-998.

bullying

McLaughlin, K. A., Aldao, A., Wisco, B., & Hilt, L. (2014). Rumination as a transdiagnostic factor underlying transitions between internalizing symptoms and aggressive behavior in early adolescents. Journal of Abnormal Psychology, 123, 13-23.

alchoholism

Keyes, K., Shmulewitz D., Greenstein, E., McLaughlin, K.A., Wall, M., Efrat, A., Weizman, A., Frisch, A., Spivak, B., Grant, B., & Hasin, D. (2014). Exposure to the Lebanon War of 2006 and effects on alcohol use disorders: the moderating role of child maltreatment. Drug and Alcohol Dependence, 134, 296-303.

anger issues

Iverson, K.M., McLaughlin, K.A., Adair, K.C., Monson, K.M. (2014). Anger-related dysregulation as a factor linking childhood physical abuse and interparental violence to intimate partner violence experiences. Violence and Victims, 29, 564-578.

suicide

Nock, M.K., Green, J.G., Hwang, I., McLaughlin, K.A., Sampson, N.A., Zaslavsky, A.M., & Kessler, R.C. (2013). Prevalence, Correlates, and Treatment of Lifetime Suicidal Behavior Among Adolescents: Results From the National Comorbidity Survey Replication Adolescent Sample. Journal of the American Medical Association of Psychiatry, 70(3):300-310.

and just about any other "adverse life outcome" you might imagine.

And--- this is why FBI and NCTC are so interested in spying on "troubled" citizens--- in the criminology journal literature there is an entire industry devoted to "scientific proof" that exposure to violence in childhood (even *reading* about violence) makes you more likely to be violent, or even a dangerous predator or potential mass shooter or terrorist, than persons who experienced an idyllically happy childhood.

So from a civil liberties perspective, the danger is that FBI/NCTC are moving towards regarding every "troubled" citizen as a perpetual terror suspect who must be subjected to continual "interventions" throughout their childhoods and indeed throughout their entire adult lives.

And this amounts to implementing an oppressive regime of state-sponsored discrimination in which persons who were unlucky enough to be victims of abuse in childhood will be continually re-victimized *by the government* throughout their entire lives. A regime in which citizens are subjected to mistreatment, not because they are suspected of having done anything wrong in the past, but because the government considers that they are more likely than other citizens to do something wrong in the future.

And once again we see how entire disciplines (engineering, mathematics, psychology) are being "captured" by the ugliest and most oppressive portions of the USG.

> But Cohen says U.S. officials have no choice after Orlando [but to ramp up precrime programs targeting "troubled" persons].

Particularly singled out: "troubled" persons who, you guessed it, spend "too much" time on the Internet:

> both the inspiration for these acts of violence and the acts themselves often are blended together in a strange and toxic stew on the Internet. If he was initially inspired by what he saw on the Internet, as Comey suggested, Mateen also began posting on Facebook while he was shooting people during his four-hour siege of the nightclub, and checking to see if he’d made the news yet. Dylann Roof, a loner who closeted himself in his room and absorbed the “Internet evil,” as his family called it, hurriedly created a “manifesto” not long before the Charleston murders...

Please note that CIA Director John Brennan, FBI Director Comey, and other officials have even tried to link using encryption with "proto-terrorism". Needless to say, using Tor is equivalent to instant nomination to counter-terrorism cyber-watchlists.
.
> According to GW’s Vidino, there are currently about 1,000 terrorist investigations open nationwide, and many more have been closed. He says U.S. authorities would probably do well to keep many of those cases open if they involve troubled or violent individuals, and to reopen others—at least to seek to intervene in time. But to do that the FBI, which is not comfortable “operating in this pre-criminal space,” says Vidino, will have to push itself out of its comfort zone.
>
> That of course could mean entering a potential danger zone at the same time, at least for society. Law enforcement has erred in the past by slip-sliding into the practice of trying to identify offenders before they do anything—or profiling and targeting certain communities according to theories of the “broken-windows” type. “As I would hope the American people would want,” Comey himself said this week, in justifying the earlier closing of Mateen’s case, “we don’t keep people under investigation indefinitely.”
>
> But that is how the Omar Mateens of the future may well be detected.

One of the very small number of writers who have consistently spoken out against USG precrime programs (which appear increasingly unlikely to repeat the error of the mass detentions of US citizens of Japanese descent during World War II by incarcerating designated proto-terrorists in preventative detention camps) is Glenn Greenwald:

https://theintercept.com/2016/06/21/democrats-war-on-due-process-and-te…
Democrats’ War on Due Process and Terrorist Fear-Mongering Long Pre-Dates Orlando
Glenn Greenwald
21 Jun 2016

> Before the bodies were removed from the Pulse nightclub in Orlando last week, Democrats began eagerly exploiting that atrocity to demand a new, secret “terrorist watch list”: something that was once the domestic centerpiece of the Bush/Cheney War on Terror mentality. Led by their propaganda outlet, Center for American Progress (CAP), Democrats now want to empower the Justice Department – without any judicial adjudication – to unilaterally bar citizens who have not been charged with (let alone convicted of) any crime from purchasing guns.
>
> Worse than the measure itself is the rancid rhetoric they are using. To justify this new list, Democrats, in unison, are actually arguing that the U.S. Government must constrain people whom they are now calling “potential terrorists.” Just spend a moment pondering how creepy and Orwellian that phrase is in the context of government designations.
>
> What is a “potential terrorist”? Isn’t everyone that? And who wants the U.S. government empowered to unilaterally restrict what citizens can do based on predictions or guesses about what they might become or do in the future? Does anyone have any doubt that this will fall disproportionately on certain groups and types of people?

Many of us (including this commentator) actually support stronger gun control laws. But the measures currently being advocated by members of both "corporate parties" in the US Congress would set very, very dangerous precedents. So would allowing the changes to Rule 41b to go forward. In both cases, the problem is that USG is progressively revoking the very notion of due process, which lies at the heart of the Rule of Law.

And if all persons are not equal under the law, what chance has a non-super-rich person to defend himself or his children against the predatory demands of the elite?

The phrase "which appear increasingly unlikely" should read "increasingly likely".

Sad but true.

Both former Democratic Party US Presidential candidate Gen. Wesley Clark and current Republican Party US Presidential candidate Mr. Donald J. Trump have endorsed calls for "preventative detention camps" for American Muslims and other "troubled" citizens.

How many get to publish 2700 words as a "comment" here?

Only if you support the Tor political censor's views?

Several times longer than even longish comments.

The writer worked diligently to ignore the worldwide link between large scale unprovoked attacks on unarmed civilians going about their normal business,
and the religious self-identification of the perpetrators.

(Grabbing a list of exceptions will not change that they are exception).

Anyone can, most things (that aren't actual spam) get approved in my experience, though I don't check the queue as often as I used to, so my sample size isn't that big.

Comment approval is manual, time consuming, and annoying because the software is old and heavily spammed. There's been plans for a replacement blog system on and off, but I don't know where that's at.

nb: For the most part, the only thing I do when I check the queue is purge the spam.

All political activists need training in using Tor, Tails, and other pro-democracy tools to protect their anonymity when planning political protests and communicating with other dissidents.

Currently this need is particularly urgent in Cleveland, OH:

https://theintercept.com/2016/06/23/fbi-and-police-are-knocking-on-acti…
FBI and Police are Knocking on Activists’ Doors Ahead of Republican National Convention
Alice Speri
23 Jun 2016

> Law enforcement agencies, including the FBI, have been knocking on the doors of activists and community organizers in Cleveland, Ohio, asking about their plans for the Republican National Convention in July. ... “The purpose of these door knocks is simple: to intimidate the target and others in efforts to discourage people from engaging in lawful First Amendment activities,” Jocelyn Rosnick, a coordinator with the Ohio chapter of the National Lawyers Guild, wrote in a statement denouncing the home visits.

Another reason to remain anonymous: if FBI finds out who you are, and puts you on a watchlist, your descendants will also be condemned to eternal suspicion, surveillance, interrogation, maybe even "preventative detention" (another unmistakably fascist measure which many midwest activists expect to see during the forthcoming convention).

http://www.slate.com/articles/news_and_politics/politics/2016/06/donald…
Donald Trump’s Next-Generation Bigotry
Not content with attacking immigrants, Trump is now smearing their American-born children. And the children of those children.
William Saletan
23 Jun 2016

> Donald Trump says he’ll protect America from its enemies. He’ll build a wall on the Mexican border, block Muslim refugees, and slap tariffs on China. But Trump’s latest threats against Muslim Americans, like his attacks on the “Mexican” judge in the Trump University fraud case, show that these assaults won’t stop at the border. Trump is now targeting natural-born citizens of the United States, treating them as aliens based on religion or ethnicity. He’s not building walls around America. He’s building walls within it.
>
> When Trump went after Judge Gonzalo Curiel three weeks ago, calling him biased and underhanded because of his “heritage,” many Americans cried foul. It’s one thing to campaign against illegal immigration or even legal immigration, they noted. It’s quite another to challenge someone born in this country based on his ancestry.
>
> The massacre in Orlando on June 12, awful as it was, gave Trump an opportunity to change the subject and mend his ways. Instead, he continued—and broadened—his line of attack. He insinuated that Muslim Americans, like Mexican Americans, were disloyal. “Since 9/11, hundreds of migrants and their children have been implicated in terrorism in the United States,” Trump declared in a statement hours after the massacre. “Hillary Clinton wants to dramatically increase admissions from the Middle East, bringing in many hundreds of thousands during a first term—and we will have no way to screen them, pay for them, or prevent the second generation from radicalizing.”
>
> “Their children.” “The second generation.” Trump wasn’t just arguing, as he had in the past, that the refugees couldn’t be vetted. He was claiming that even if they were vetted, they still had to be kept out of the country, because their offspring might someday become terrorists. This scenario would take place in the future, possibly involving children who were not yet born and influences from abroad that might reach these children without their parents’ knowledge. Therefore, no migrant, regardless of vetting, was safe to admit.
>
> The next day, in a prepared speech, Trump expanded on his argument:
>
> Under the Clinton plan, you’d be admitting hundreds of thousands of refugees from the Middle East with no system to vet them or to prevent the radicalization of the children—and their children. Not only their children, by the way. They’re trying to take over our children and convince them how wonderful ISIS is and how wonderful Islam is.
>
> Now Trump was talking about a third generation. If the children of migrants didn’t become terrorists, their grandchildren might. And even if none of them did, Muslims were still too dangerous to allow into the country, because they or their descendants might try to tell non-Muslim kids “how wonderful Islam is.”

None of this is Trump's idea: he's getting this straight from FBI.

Lest any US voters think this is good reason to vote for Clinton: FBI is currently investigating her email server. There is no question she broke laws. The kind for which at least one former Attorney General wanted to kill someone. FBI is currently deciding whether or not to indict her. If they do, her campaign will be aborted, and Trump will be elected. If they do not, that will mean they struck a backroom deal with her.

Either way, FBI is determined to complete the transformation of the USA into a technofascist society.

"All political activists need training in using Tor, Tails, and other pro-democracy tools"

You mean Tor should only be for the kinds of political activists who agree with your spam.

" to protect their anonymity when planning political protests and communicating with other dissidents."
Currently this need is particularly urgent in Cleveland, OH:"

You do not mean democracy tools, you mean to practice violent attacks against human beings that will congregate in Cleveland, OH... as already done twice successfully by you or your allies against those you hate in the current political competition.

> The writer worked diligently to ignore the worldwide link between large scale unprovoked attacks on unarmed civilians going about their normal business,
and the religious self-identification of the perpetrators.

The USIC/FBI hackers who attack computer users worldwide share a particular "religious self-identification"? Gosh, didn't know that. What religion? Do you have a citation?

(Fun fact from the Snowden leaks: some years ago, the fastest growing religious identification inside NSA was... LDS. The document which revealed that factoid failed to explore any possible location with the location of the Utah Data Center.)

>> The writer [OP of 2700 words! a Tor comment record?] worked diligently to ignore the worldwide link between large scale unprovoked attacks on unarmed civilians going about their normal business, and the religious self-identification of the perpetrators.

Pretended interpretation above: "hackers who attack computer users "

No. Referring to violent attackers on unarmed civilians going about their normal business, happening worldwide.

The religious self-identification of the perpetrators is fairly consistent.
Latest in Turkey's Ataturk airport. Before that in Belgian airport, before in French concert venue. Etc.

June 21, 2016

Permalink

They have been doing this already since 1900's? What is the point of voting? Just keep your computer safe from attacks or intrusions and that is all. Hackers have existed since computers were utilized!

> They have been doing this already since 1900's? What is the point of voting?

Given the unpredented unpopularity of the two "mainstream" candidates for the forthcoming US Presidential election, I must agree that there may be little point in voting in that particular contest, unless you decide to register a "protest vote" for the Green Party candidate, Dr. Jill Stein, the only candidate who appears not to be cryptofascist. But there may be a point to voting in some of the Congressional races or in local elections in which a progressive candidate is on the ballot.

And let's not lose sight of the fact that just because the American political system (and the system in too many other "democratic nations") has utterly broken down, in that these systems are entirely ignoring the desires of the persons governed, does not mean that political involvement itself is useless. Quite the contrary, the more people who are involved in political discussions outside the system, the better than chances that the coming revolutions will be less disastrous than the recent revolutions in nations such as Egypt and Syria.

> Just keep your computer safe from attacks or intrusions and that is all.

If you think this is easy, you must have missed the point of the hardened Browser program, or the reasons why EFF and Tor Project (and other organizations) are calling on people everywhere to oppose the forthcoming changes to Rule 41b of the US Code of Criminal Procedure, which will encourage FBI to break into any computer anywhere in the world and delete information, or even worse, to plant "evidence", all without any oversight, and potentially in the form of mass attacks on millions of computers authorized by a single technically ignorant authortarian-minded magistrate judge in some obscure and backwards US jurisdiction.

June 21, 2016

Permalink

Do Yo really think they care about what the powerless sheep a.k.a the people think about their plans? Or You can stop it? They illegally broke into systems before, they will continue to do it no matter what. That said, I also signed the petition.

> Do [you] really think they care about what the powerless sheep a.k.a the people think about their plans? Or You can stop it?

Is the USG worried about what Julian Assange might reveal next? What Jake Appelbaum might reveal next? What ACLU might discover in FOIA'd documents?

You bet they are. As confirmed by innumerable leaks, they are spending considerable sums targeting civil libertarians and privacy advocates, precisely because they are very frightened by how much we already know, and by what we might learn next. Frightened that some brave reporter may be willing to publish some of what we know and can prove is true.

Is the USG worried about grass roots movements like Occupy?

You bet they are. As confirmed by various leaks, etc, etc.

June 21, 2016

Permalink

What the hell is America thinking? You are not the global world. You are one of the countries and you are not INTERPOL.
Why the USA have access to ALL computer systems outside the USA? This is disgusting!

What the hell is America thinking?

You probably wrote in haste, but just be make sure, let me offer an important correction:

The bad guys are the worst element of the American government (FBI, CIA, NSA, NCTC, the military planners eying "mega-cities" such as Rio for future invasion), not the American people, who are almost entirely ignorant about what their government is thinking, because the bad guys control the "mainstream" media and make darn sure the word is not getting out.

Among the few exceptions are a small number of journalists such as Glenn Greenwald, Julia Angwin, Kim Zetter, and David Kravets, who have consistently continued to write about things the USG doesn't want anyone to know about, such as NSA/GCHQ social media "effects" operations, state-sponsored hacking, the questionable ethics of "signature" drone strikes, the fact that several US Attorneys General have pointedly refused to rule out USG drone strikes on US citizens inside the USA, the fact that FBI's precrime programs will ultimately explicitly target preschoolers aged 2-7 years old... and I could, unfortunately, go on and on and on. But at least some journalists are still courageous enough to try to tell their readers what the USG is thinking, what they are planning, in darkest secrecy, to do to the rest of us.

In my view, the American people are bewildered and frustrated by the way the USG consistently ignores their needs and desires, too overwhelmed and depressed to find the energy to use tools like Tor to do some on-line reading of articles by journalists like those named above. Too aware that every time some mass shooting occurs, "mainstream" journalists at ABC, CBS, NBC, NYT, WaPo start screaming that the killer was a "loner" who "spent too much time on-line"... Yes, in 21st century America, simply reading the news (on-line of course) makes you a terror suspect. Simply being a "troubled" citizen makes you suspect. A candidate for watch-listing, and perpetual re-examination (automated of course) by agencies such as NCTC, FBI, CIA, NSA... agencies which are falling over each other in their eagerness to wreak devastation upon the lives of people all over the globe, beginning (of course) with the most defenseless persons: the very poor, the homeless, the mentally ill, and (most outrageous of all) very young children unfortunate enough to be born into poor or "troubled" households.

If you are talking about legal ownership of computing devices and copies of software, that is surely not true.

If you mean that NSA has pwned all the world's computing devices, that is almost certainly also not true. But not for lack of trying.

Tor can perhaps help keep them out of our personal lives.

Remember: they have a huge budget and lots of supercomputers and technical expertise, but they have problems of their own. A small nimble organization like TP can actually be fairly effective, under some conditions, in frustrating some of their evil plans to "collect it all".

Because they can. If you can, why not? The sole two things why you won't hack into Pentagon or NSA is that you cannot and if you could, they would find and capture you anywhere, except the territory of USA enemies, but this only means you would be captured by the USA enemies, as Snowden is captured by Russia and have to hide even from Russians (because there can be USA spies among Russians).

June 22, 2016

Permalink

Apparently "national sovereignty" and "human rights" are an alien concept to *some* people in Congress/the USG now (unless, of course, it only applies to US, and NOBUS)...
Why, because people in other countries are "lesser beings" now? Or have you forgotten that US != the world?

Petition signed, spreading the word.
Keep up the good fight @Tor Project/EFF/everyone else signing this petition and doing whatever they can to stop this evil!

i doubt that an eu world (latin or arab) be better than a german one ...
i doubt that an asian world be involved in the ambition to become an us state.
i doubt that an hispanic world be worst than a uk one.
i doubt that an african world be happy with a us flag.
i doubt that the usa world (black or white) be intelligent.
i doubt that US ! =the world.
i doubt that the devil be the money that us spent for their standing.
The u.s.a. intends on using its own resources without your agreement for its own interest _ they do not like sharing _ this egoism, egotism,cupidity is the heritage of their short & lost history ; it is not an argument for judge them as "the devil" ; they are not !
i am certain that they think they are right doing bad thing in a bad manner for bad reasons as deviant do every where with or without weapon, laws, authority ...
i doubt they realize that the others countries are not their friends and more than the half of the us citizens are hating America.

June 22, 2016

Permalink

Useful links for the Rule 41 campaign can be found at this EFF page:

https://www.eff.org/deeplinks/2016/06/we-made-message-loud-and-clear-st…
We Made the Message Loud and Clear: Stop the Rule 41 Updates
It's Not Too Late to Write to Congress About the Disastrous Rule Change
Elliot Harmon
21 Jun 2016

> What happens when you try to push a dangerous policy through without the Internet noticing? The Internet fights back.

In the Guardian, Trevor Timm reminds us that FBI has been pushing hard for multiple abusive powers:

o the changes to Rule 41b (likely to become law on 1 Dec 2016),

o encryption backdoors (repeatedly shot down, but FBI keeps trying),

o expansion of NSL powers (secret subpoenas for anything, no judge needed),

o Shared Responsibility Committees targeting vulnerable populations (Muslim-Americans, "trouble" schoolchildren, the poor, the mentally ill, the homeless, victims of sexual/physical abuse),

o Privacy Act exemptions to NEXTGEN and FACE facial id programs,

o further extending secret counter-terror watchlists, making them even harder to challenge,

o making the "Lone Wolf" provision in the Patriot Act permanent,

o whatever I've forgotten.

And that is just in the arena of formaly policy initiatives. In the realm of informal secret actions, FBI has been busily

o helping militarize local US police forces with such paraphernalia as military grade Stingray type devices, night vision equipment, armored vehicles, grenades, assault rifles (to be sure, local crooks have those last items too because they are so easy to purchase with really no questions asked),

o coaching local police agencies on how to fool judges, juries, and even prosecutors with "parallel construction" and other tricks,

o bugging American courthouses all over the US, in order to listen in on lawyer-client privileges,

o listening in on lawyer-client conversations involving prisoners (right there that is more than one in a hundred Americans, every day),

o flying spyplanes and spy copters every day over a hundred US cities (these aircraft cost three to nine hundred dollars per hour to operate, are generally crewed by at least two full time FBI agents plus, sometimes, officials from other agencies, and are equipped with optical and thermal cameras, and sometimes with a particularly dangerous airborne version of the Stingray),

o secretly emplacing hidden cameras on utility poles in cities around the US, in order to spy on BLM activists, anti-nuclear activists, anyone who knew Pete Seeger, anyone who thinks James Comey should be fired along with the entire workforce of his horrid three letter agency, etc.,

o whatever I've forgotten.

See:

https://www.theguardian.com/commentisfree/2016/jun/22/government-privac…
As quietly as possible, the government is renewing its assault on your privacy
Trevor Timm
22 Jun 2016

> With their dangerous crusade for an anti-encryption bill in Congress all but dead (for now), the FBI and US justice department are now engaged in a multi-pronged attack on all sorts of other privacy rights – this time, with much less public scrutiny.

Some of the details can be found at these links:

https://www.aclu.org/blog/washington-markup/congress-seeks-expand-warra…
Congress Seeks to Expand Warrantless Surveillance Under the Patriot Act
Karin Johanson, National Political Director
& Adam Brandon, President and Chief Executive Officer, Freedom Works
22 Jun 2016

> How would you feel if the Federal Bureau of Investigation could get information about websites you visited or emails you sent – without ever getting permission from a judge? Would you begin to self-censor the websites you visited — maybe avoiding revealing sites? Or, avoid emailing your pastor, therapist, or lawyer? These scenarios may soon no longer be hypothetical.
>
> Some senators are looking for a way to expand Patriot Act provisions that allow warrantless surveillance of Americans. This morning, the Senate will vote on a proposal to expand the ability of the FBI to gather sensitive information about Americans’ online communications — potentially including browsing history, location information from IP addresses, and the to/from lines of an email — without a court order.
>
> While the FBI has labeled this merely a “typo” fix, it is anything but. To fully understand the disingenuousness of this characterization, a bit of history is helpful.

https://www.eff.org/deeplinks/2016/06/eff-urges-senate-not-expand-fbis-…
EFF Urges Senate Not to Expand FBI’s Controversial National Security Letter Authority

> The controversial National Security Letter (NSL) statute could be significantly expanded under two separate bills currently being debated by the Senate. Every year, the FBI issues thousands of NSLs to telephone and Internet companies, demanding records about their customers and gagging the companies from informing the public about these requests. NSLs are inherently dangerous to civil liberties because their use is rarely subject to judicial review. But NSLs are not magic, and they don’t require recipients to do whatever the FBI says. Above all, the type of information available to the FBI with an NSL is quite limited, reflecting the need to tightly control the extrajudicial nature of this controversial power.
>
> The Senate’s proposed changes would allow the FBI to get a much larger range of Internet records, such as email to/from headers, Internet browsing history, and more, all of which it could not previously get with an NSL. Particularly given the FBI’s well-documented history of abusing NSLs, EFF opposes expanding the scope of this unconstitutional surveillance power to include even more revealing records. Yesterday we joined with a broad coalition of organizations and companies to urge the Senate not to pass these proposals.
Does Congress Need an NSL Autocorrect?

https://www.truthdig.com/report/item/fbi_wants_to_exempt_its_biometric_…
FBI Wants to Exempt Its Biometric Data From Privacy Rules
Thor Benson
21 Jun 2016

> The FBI maintains a large database of biometric information called the Next Generation Identification (NGI) system, which includes fingerprints, iris patterns, photos for facial recognition and other data about millions of Americans. The agency recently sought to have this database exempted from rules laid out by the Privacy Act of 1974, rules intended to protect citizens from privacy violations and give them tools for finding out whether their records are included in the NGI system. This exclusionary bid by the intelligence agency has many civil rights groups concerned.
>
> In May, the American Civil Liberties Union, the Electronic Frontier Foundation, the Center for Democracy and Technology and other organizations wrote a letter to the FBI explaining potential problems this rule change could present. The letter explains that, while many of the records in the NGI system are from criminal cases, it also includes millions of records from people who were subject to background checks for matters such as naturalization documents or job applications. With such a large array of data in this system, advocacy organizations worry that personal information could be used for investigations for which it was never intended.
>
> “The biggest issue here is that the database will contain an enormous amount of biometric data about individuals who are not even suspected of wrongdoing, which will be searched hundreds or thousands of times a day by law enforcement looking for leads,” Gabe Rottman, deputy director of the Freedom, Security and Technology Project at the Center for Democracy and Technology, told Truthdig. “Even a small number of false positives would be an extreme threat to civil liberties.”

https://www.truthdig.com/report/item/obama_should_demand_fbi_director_j…
Obama Should Demand FBI Director James Comey’s Resignation Today
John Kiriakou
13 Jun 2016

> [The Orlando massacre] will, of course, lead to the predictable arguments about gun control, Islam, mental health and immigration. Congress will offer “thoughts and prayers,” and nothing will change. But something ought to change, and quickly: that is the consistent failure of the FBI to do its job, to infiltrate domestic and foreign terrorist groups, and to prevent attacks on U.S. soil. This is not something new. The FBI has been incompetent for a very long time.

Very true. FBI's century of repugnant secret history is a long and sordid tale of evil minded repression of political dissent, but FBI is and always has been only only evil, but stupid, because that long and sordid history of oppression (the Palmer raids, mailing an anonymous letter to Martin Luther King urging him to commit suicide, decades of utterly unwarranted secret surveillance of folksinger and environmentalist Pete Seeger prompted by Pfc Seeger's letter to his congressperson protesting the unconstitutional internment of Japanese Americans during World War II, etc, etc) is also a century long history of abysmal failure to accomplish every "national security" mission it ever took on.

The fact is, the US Federal government would be wise to simply abolish FBI, which is and always has been an agency which is simultaneously dangerous and enormously wasteful. The same author (Tim Weiner) makes a strong case for a similar conclusion about CIA in his book about that other rogue agency. Former signals intercept operators James Bamford and Matthew Aid have made a strong case, in four books, for abolishing NSA too. And TSA? Abolish it! USSS? Abolish it! USMS? Abolish it!

Alas, these civilian paramilitary agencies are not the only rogue actors rampaging through the global internet. An old story worth reviving:

https://www.theguardian.com/technology/2011/mar/17/us-spy-operation-soc…
Revealed: US spy operation that manipulates social media
Military's 'sock puppet' software creates fake online identities to spread pro-American propaganda
Nick Fielding and Ian Cobain
17 Mar 2011

> The US military is developing software that will let it secretly manipulate social media sites by using fake online personas to influence internet conversations and spread pro-American propaganda. A Californian corporation has been awarded a contract with United States Central Command (Centcom), which oversees US armed operations in the Middle East and Central Asia, to develop what is described as an "online persona management service" that will allow one US serviceman or woman to control up to 10 separate identities based all over the world. The project has been likened by web experts to China's attempts to control and restrict free speech on the internet. Critics are likely to complain that it will allow the US military to create a false consensus in online conversations, crowd out unwelcome opinions and smother commentaries or reports that do not correspond with its own objectives.

It follows that Tor Project needs to get the heck away from anything reeking of DARPA style criminality.

June 22, 2016

Permalink

but ... have most of u.s enterprises yet implemented a backdoor allowing the control of the computers before the vote because they are working for us since a long time ?
but ... will we less exposed if the nationality was 'blank' , 'chosen', 'left' ,'abandoned', or who will be "a human being stamped civilized by the usa" after the presidential election ?
voting yes for Rule 41 is a step allowing us to be more on the side of hilary blingston than donald trump ... a world in the hands of a female as president will bring us the power to control everyone outside our country.

June 22, 2016

Permalink

I believe that the concern is not with "Tor itself" (the core onion routing software) but with Tor Browser, a complicated piece of software with an unfortunately large attack surface. All the evidence from Snowden leaked documents (now about five years out of date) is that our enemies don't attack Tor itself or encryption itself--- that, they say, would be hopless--- but rather look for vulnerabilties in the other bits of code which make up the Tor Browser.

From time to time, over at tor-talk, someone whom I sometimes suspect is a USG operative gets the goat of Paul Syverson, coinventor of Tor (the onion router), and he dashes off a summary of how Tor was born in the bowels of a US Navy institution which performs basic research. From time to time, if the moderators in this blog will allow, it bears repeating that the USG, even the US military, is an enoormous institution, and not everyone who works there is completely evil all of the time.

John Brennan and James Comey are bad men doing evil things, who should be arrested and extradicted to The Hague to stand trial for war crimes, and to be subjected to extensive psychological testing by ICCT in order to determine how such awful persons come to commit such abhorrent criminal acts.

But Paul Syverson seems to be a pretty decent guy, and as an antidote to some of the "Tor was always backdoored" FUD, I quote his most recent account of the Birth of Tor:

>From: Paul Syverson
>21 Jun 2016
>
>> What tor designers knew from day zero is that a 'global passive
>> adversary' - that is their boss the US gov't - can simply ignore
>> the routing inside the network and look at the network's edges.

> I know I'm feeding the troll, but this is just crap. I invented onion
routing (with David and Michael) and designed Tor (with Roger and
Nick). We did not design it so that an adversary can just watch the
edges. We designed it to separate identification from routing. Nobody
told or requested us to make anything weak or less secure. The three
of us came up with the motivations and idea for onion routing ourselves
and argued for the usefulness of pursuing it further. And we designed
it to be as secure as we could and still functional. And, as many have
argued, usability and performance are security properties for traffic
and routing security systems. Indeed perceived usability and
performance are important, as are network and operator
incentives. David, Michael and I designed the thing to be secure. We
also explained that it needed to carry traffic for others, let others
run part of the infrastructure, and be open source for it to provide
security to any distinct enterprise or general class wanting to use it
to protect their communications. This is part of the security design
regardless of who builds, deploys, or uses it. There were onion
routing networks, e.g., the Freedom network from Zero Knowledge
Systems Inc., that, to the best of my knowledge, had nobody from the
U.S. govt. involved in its deployment or design (other than that it
was an instance of onion routing). It was designed and built by other
people who are wicked smart (smarter than me) and free to create and
build whatever they wanted. Somehow, this is what they chose to make.
>
> Some people early on when we were first publicizing and announcing
onion routing (e.g. I remember getting such a question at FC'97) asked
us why we weren't building pipenet. Such a network is theoretically
way more secure for some properties in idealized environments, but
even a single user can shut down the network by simply not sending.
That's not secure. In fact the first onion routing design in 95-96
was not subject to ready observation at the edges. (although somebody
watching all the links from every onion router to every other could
still learn much). The default configuration assumed onion routers
running on enclave firewalls with no separate clients. We explored
various padding and similar schemes to complicate observation of
traffic patterns, but I have yet to this day to see one that is adequately
practical to deploy and effective. These were things to try to add to
make the basic design more secure, but we could not find anything to
appreciably help here so did not incorporate it into the Tor design.
>
> If you ever find such a design, describe it. No credible researcher in
any scientific venue has ever claimed to have a system to be more
secure that essentially covers the general use case and userbase of
Tor. Mix systems, DC nets, buses, PIR, etc. are all very cool. And
subject to some strong environment and other assumptions can be more
secure than Tor against some classes of adversaries. I have worked on
and designed some of these cool systems myself. But compared to Tor,
each one of these has limitations that, as explored and designed so
far, would restrict to a small (hence more easily targeted) anonymity
set, or has untenable usability or performance problems, or generally
all of the above. It's funny that there's supposed to be this
intentional built in design weakness, and yet no scientist, engineer,
or mathematician in any country seems to have published a stronger
fundamental design. Hmm, perhaps you mean to imply that we who created
onion routing not only intentionally designed our systems to be weaker
than we could have but that we also have controlled all of the
scientific research and publication on secure system design by every
researcher in every country everywhere on the planet for the last
twenty years.
>
> Onion routing design has evolved. Tor has forward secrecy, which the
two main onion routing designs we introduced before it did not. (Nor
did the Freedom network.) But we did not come up with including
forward secrecy, that was first introduced in Zack Brown's
Cebolla. And we adopted it when we designed Tor. Tor added a directory
system after its first design, then evolved and improved design,
robustness, and trust diffusion of the directory system over time. Tor
added deterministic builds to further reduce the trust in Tor-built
binaries, and work to improve continues through this day.
>
> We have been completely forthcoming about our designs and any
limitations found by ourselves or others, including everything we can
empirically discern about end-to-end correlation risks from ASes,
IXPs, MLATs, etc. And we have always designed to be as secure as we
practically could. I'm not going to engage further. I do invite those
who might so engage to find any valid technical, empirically justified
stronger design that does not make significant compromises to
performance, cut off large chunks of the existing userbase, etc. I'm
dubious you will find any. But if you do, I'd be happy to pursue its
development.
>
>aloha,
>Paul

Hmm... lest anyone try to suggest that I must be dissing the heroic efforts of Mike Perry and the rest of the Tor Browser team to make it safer, let me say that I think that no-one has worked harder or more valiantly to protect Tor users from the world's most awful governments.

OK, my fellow Geeks, there is your daily dose of tech talk, courtesy of Paul Syverson.

Now let's get back to the question of how to make the likes of Comey and Brennan pay for their crimes, within the parameters set by the international legal system set up precisely for such miserable cases.

".....can simply ignore the routing inside the network and look at the network's edges...."

Not entirely sure what it means, but here in Europe it's swamped with CDN networks, and the fact it's possible to trigger a Tor browser changing at least the middle and exit relay SEVERAL times between many countries/IP numbers within 2-3 seconds, hence I believe by the "look at the network's edges" they may very well be able to TRIANGULATE your location.

Don't believe it? Check out here...
https://www.browserleaks.com/whois
...and keep an eye on your Tor Button (click the TB to open it) and see how the circuits are changing very quickly while the web page is loading.
As far as I have noticed it has something to do with the DNS look-up that causes the triggering of the tor circuit changes, the Tor project team really have to look in to this ASAP!

I for one would always be happy to hear a clear summary of the technical details (with citations to the technical literature), if you care to provide one.

July 06, 2016

Permalink

More reasons to urge the US Congress to block the changes to Rule 41, which come into effect in 1 Dec 2016 if Congress does nothing:

https://www.eff.org/deeplinks/2016/06/making-sense-troubling-decision-n…
Making Sense of a Troubling Decision: New Court Ruling Underscores the Need to Stop the Changes to Rule 41
Mark Rumold
30 Jun 2016

> We wrote about a case last week that was deeply disturbing: a federal court in the Eastern District of Virginia held that individuals have no reasonable expectation of privacy in a personal computer located inside their home. In this court’s view, the FBI is free to hack into networked devices (aka, pretty much everything) without a warrant.
>
> Fortunately, this is only the opinion of a single district court judge, so it’s not controlling precedent throughout the country. But the decision makes one thing clear: we need to stop the changes to Rule 41, amendments that will make it easier for the government to get a warrant to remotely search computers.
>
> First, the changes to Rule 41 are going to result in a lot more government hacking. And, as the decision in the Eastern District of Virginia illustrates, that dramatic increase in government hacking is going to occur in a legal environment where judges are struggling to understand the technology and the implications their decisions will have for people’s security and privacy. If law enforcement is going to be allowed to stockpile and exploit vulnerabilities to investigate domestic crimes, there need to be stringent safeguards on the circumstances when they can do this. And it’s up to Congress, not the courts, to create those rules. If Congress allows the changes to Rule 41 to go through, they’re effectively saying: “Courts, you figure it out.” As the recent court decision shows, that is a perilous path.

August 03, 2016

Permalink

The FBI has no such authority as described here, even with the permission of congress. The U.S. constitution purposely did not create a general purpose federal police jurisdiction. The founders were well aware that this kind of power would be abused, and repeatedly said so on many occasions. But when it actually happened, nobody tried to stop it. There are countless examples like COINTELPRO and the warrantless wiretaps of civil rights activists where federal police were used as a tool of political repression.

Like every federal agency the FBI is subject to mission creep: the CIA illegally operates within the country and the FBI likewise expanded to foreign countries, instigating every terror plot which it claims to have foiled to justify its budget. According to various whistleblowers, this cooperation was again secured by illegal methods. Even if states could argue that the FBI has no Article I jurisdiction beyond the District of Columbia, supreme court justices could be bribed or blackmailed to rule in the federal government's favor... and this appears to have already occurred. When alcohol was prohibited, a constitutional amendment was required. But now they just do whatever they please through some regulation:

The commerce clause was intended to prevent states from engaging in domestic trade wars by taxing imports from other states. It also provided a neutral forum in the federal courts for the resolution of interstate trade disputes. But the gangsters in Washington seized upon this as a way to gain control over absolutely everything through a non-democratic process. They declared that everything in existence can be vaguely related to interstate commerce and thus subjected to federal regulation or prohibition without the ratification implied by the tenth amendment. The supreme court inexplicably accepted this nonsense, and now we live under the tyranny which the founders warned us about.

Our political system is like a flawed computer program which does not anticipate all of the ways the system could be hacked. There are no meaningful checks and balances against a corrupt congress and a supreme court which has been covertly compromised. Outside a literal or figurative secession, there is no long term fix unless you amend the constitution to provide more explicit and robust protections for liberty and due process. It might be a productive exercise to create a forum where patches can be proposed, so candidates for public office who truly want to represent the people will have a specific platform which they can endorse.