Day of Action: Stop the Changes to Rule 41

Today and tomorrow, the Electronic Frontier Foundation is partnering with the Tor Project and a broad coalition of groups for a Worldwide Day of Action protesting changes to Rule 41 of the US Federal Rules of Criminal Procedure. These changes will allow federal magistrate judges to grant search warrants to the Department of Justice (including the FBI) to legally hack into computing devices that use Tor or a VPN—-wherever the devices are--starting on December 1, 2016. EFF has organized a coalition of organizations and companies—from Fight for the Future to PayPal—to oppose these rules—but this is an uphill climb, and we need your help.

The broad search warrants allowable under these new rules will apply to people using Tor in any country—even if they are journalists, members of a legislature, or human rights activists. They will allow the FBI to hack into a person’s computer or phone remotely and search through and remove their data.

There are already examples of the FBI using one warrant to gain access to thousands of computers, and US Senator Ron Wyden has said that "Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once."

This pattern of abuse will only be exacerbated by more judges issuing these hacking warrants. The warrants must still be part of a criminal investigation and issued by a judge, but we're deeply concerned about the dramatic rise in government hacking this rule change is likely to cause.

The purpose of tomorrow’s Worldwide Day of Action is to educate people and mobilize them to act--either by signing a petition or emailing US Congress (depending on where they live). Then, members of US Congress will use this public pressure to try to pass the “Stop Mass Hacking Act” (#SMHAct), draft legislation that would block these rule changes.

Senator Wyden (D-OR) and a bipartisan group of members of Congress
are sponsoring this bill. They are deeply troubled that such sweeping infringement on personal privacy is happening through a seemingly trivial rule change.

Already, many Tor users can view the campaign banner on the Tor website and click through to sign the petition or contact US Congress. A special campaign website (NoGlobalWarrants.org) will launch starting at about 9:30 am UTC Tuesday. If the banner isn’t working for you, go directly to NoGlobalWarrants.org after that time.

Please sign the petition or contact Congress, and then tweet and retweet about this situation--all day if you can. Email your lists. Tell your friends. Tweet photos of yourself (or your cat) with a handwritten sign.

Do whatever you think will help get people to act.

i

June 20, 2016

Permalink

You should implement that campaign banner to the homepage (about:tor) of Tor Browser!

I think trends are ebbing the tides of legal change. The strongest solution would be to focus on the integrity of Tor browser. Capitol hill does not use Tor or even understand encryption. They have no skin on the side of web anonymity. Drive your funds to the research and developement cause. This should be the underlying screaming focus.

> Capitol hill [US Congress] does not use Tor or even understand encryption. They have no skin on the side of web anonymity.

This is not quite right. Some Senators (e.g Ron Wyden) certainly do "get it". And many staffers are very aware that USIC, FBI, and US military operatives are spying on them (not to mention foreign intelligence services). I'd love it if more of them were more aware of the astonishing scope and variety of the spyware employed to target high profile employees such as US Congressional staffers, but it's certainly not the case that all of them are entirely ignorant of what is going on.

Further, leaks and other evidence strongly support the view that our enemies actually worry quite a lot about possible future successes in the political/legal arena by advocacy groups such as ACLU and EFF.

Just think about this: early in the history of FBI, ACLU cofounder Roger Baldwin came very very close to eliminating the agency (then called Bureau of Investigation) entirely. Unfortunately he decided that then Acting Director J. Edgar Hoover seemed like an earnest young man determined to clean up corruption scandals, who had nothing to do with the Palmer raids. In fact, Hoover had personally engineered the Palmer raids. He did clean up the corruption, but he also did everything possible to keep FBI focused on harassing "radicals" and other domestic dissidents. Hoover headed FBI for almost another five decades, and while FBI has had many other Directors since, it continues to fit the mold which Hoover created.

The good news is that ACLU has long since gotten wise to FBI's deceits. And while it is true that most in the US Congress continue to tell Comey "Lie to us!", a growing number of members are becoming more and more concerned about FBI's many, many, many abuses. Some are even starting to think that perhaps applying some "metrics" to FBI itself might not be a bad idea, in an election year. Nothing could terrify FBI more than being subject to some actual fiscal oversight.

Tor Project needs to do a bit of everything. Code. Code audits. R&D. Political engagement. Media engagement. Most of all, Tor Project needs to change the funding model;

i

June 20, 2016

Permalink

You should implement that campaign banner to the homepage (about:tor) of Tor Browser!

You might only be joking, but if not, if you speak French, one town where techies can relocate is Grande-Synthe, in the North of France:

http://www.truth-out.org/news/item/36499-combining-welcome-for-migrants…
How One French Town Combines Welcome for Migrants, Ecology and Social Emancipation
Olivier Favier and Translated by Leslie Thatcher, Basta
22 Jun 2016

Advantages of moving to Grande-Synthe:

o popular socialist government
o ecologically conscientious
o universal basic income
o locals poor but friendly
o popular local university organized as grassroots community effort

>It's time to leave $(any_jurisdiction) ...
Because this will be in any jurisdiction. It is damn unprofessional not to pass such legislation in any other jurisdiction.

What else it's time to leave?

>It's time to leave the cruel world.
you say? Feel free to leave, if you want, but please don't cry and scream anymore.

i

June 21, 2016

Permalink

How can they hack if i am using a secure computer and follows computer security practices ?

> "How can they hack if i am using a secure computer and follows computer security practices?"

Permit me to rephrase your question in a more pointed manner:

"How can the FBI hack my laptop/PC if I am using Tor Browser on Debian 7, update my software regularly, and am not doing anything wrong?"

A full answer would be far too complex (and well beyond my technical knowledge), but in general terms, the short answer is:

o Tor Browser is based on Debian iceweasel, which derives from Mozilla Firefox, the most widely used (and one of the most attacked) browsers in the world, so the bad guys have a head start,

o web browsers are among the most complex items of software to be found in most personal devices, and therefore, among the most vulnerable,

o regular updates help, using an OS with a fairly good reputation for security helps, but given the enormous attack profile of the web browser, these things are not enough to keep you safe,

o it is well beyond the abilities of a conscientious individual citizen to prevent a well-funded determined mass-hack attacker from looking for and very possibly finding undisclosed vulnerabilities affecting many users,

o in at least two recent instances, it is known that USG paid more than a million dollars to buy an zero-day vulnerability for the purpose of attacking a single iPhone and the Tor network respectively,

o the Snowden leaks include dozens of documents which prove that NSA and its nasty little sidekick GCHQ have an intense interest in compromising the Tor network; these agencies virtually define the notion of a "intelligence agency with a global reach, lethal assassination capabilities, an unlimited budget, and subject to no moral/legal restraint whatever",

o USG is increasingly adopting the attitude which has been pushed by FBI for decades, the view that people should be subjected to "interventions" and even punishment (even the death penalty), not because USG suspects them of having done anything wrong in the past, or even planning to do something wrong tomorrow, but because some Bayesian predictive analysis algorithm running as a neural net on some government computer has flagged them as harboring the potential to do something wrong years or decades in the future,

o FBI psychologists are tragically familiar with an extensive body of academic research which supposedly provides "scientific proof" [sic] that (i) genetic "flaws" (ii) exposure to "adverse experience" in childhood predispose a person to commit violent acts in future; for example, a child who witnesses his father beating his mother is supposedly much more likely [sic] to beat his own wife or even to commit a terroristic act in the future, a girl who is abused sexually at age six is much more likely [sic] to grow up to become a teacher who sexually abuses her own students, etc,; this literature encourages FBI to demand the authority to punish people, not because they are suspected of having done anything wrong, but because as victims in childhood, they are allegedly predisposed to become victimizers as adults, which amounts to re-victimizing people throughout their entire lives in retaliation, not for anything they did as a child, but because of something which was done to them as a child--- and how, Director Comey, could that possibly be consistent with any reasonable notion of justice or a desire to protect children from lasting harm?

o no citizen could possibly be more innocent than preschoolers aged 2-7*, yet this is the very group which FBI is targeting with its most horrid precrime programs--- don't believe it because I say so, believe it because their own internal policy memoranda say so (more and more of these documents will be published in the near future, I think),

o nothing could better illustrate the extent to which the USG has transformed from the servant of the People to the chief Enemy of the People than the idea that USG is encouraging FBI to break into and steal or alter data in millions of computers owned by other people anywhere in the world, people for whom nothing approaching probable cause is demonstrable, and indeed, people whom FBI does not even really suspect have done anything wrong, but only suspects that they may have the technical means (Tor) to do something wrong in the future,

o "something wrong" is defined not by public court proceedings, but by an unappealable uncorrectable secret finding that someone might in future do something contrary to the interests of the financial/political elite which has essentially bought the USG, or even: contrary to the interests of one of USG's "security partners", such as Israel, Saudi Arabia, UAE, Egypt, or in future, perhaps Russia, China, Vietnam....

And by the way, one little factoid revealed by a Snowden leaked document: anyone who visits a torproject.org website (such as this blog), even if they are not using Tor, is viewed as a potential threat to the national security of the USA. So you may not think you were doing anything wrong by surfing to this blog, but NSA takes a very different view, and they are just about the most evil bad guys ever, the guys who might just decide to target you with a bit of American Hellfire. Or even (as per Trump and Cruz) a nuclear weapon.

*2-7: it was 3-7, but the target age was just decreased after claims that fMRI scans of toddlers can identity [sic] future rapists, maybe even terrorists

Zero day vulnerabilities. Ethical people and organizations give these to the sofyware-makers for the vulnerabilities to be fixed. Unethical organizations, those craving power and other negative forces in the human race sell and buy these vulnerabilities and then use them to attack people and make everybody less secure along the way.

Private exploits for billions of dollars + hacking hackers with them and getting a lot more private exploits and exploits developers for free not putting them into prison.

i

June 21, 2016

Permalink

It would be more interesting if computers could not be hacked that easily...designing more secure OSs,software,and educating people on digital security.The simple fact that a judge can ask a government hacker: "get into and extract what's interesting of that computer" is disgusting.

> get into and extract what's interesting

Oh, it's much worse than that. If the state sponsored cyber-intruders find nothing sufficiently interesting to "justify" their loving attentions to someone else's computer, perhaps located halfway around the globe from Quantico, there is nothing to stop FBI from *planting* "something interesting". Such things happen quite often in the case of physical searches, especially when some "law enforcement officer" realizes he/she has broken a law and feels the need to cover their own arse.

Now think about cyber "effects". There is nothing to stop CIA from asking FBI to plant evidence on the computer of some blogger in Switzerland (perhaps someone opposed to the latest US sponsored trade agreement, say), and then denouncing the victim to local police agencies who raid, seize, arrest, try, sentence, jail. How convenient for those in the USG who are bent upon "shaping" the world to suit the agenda of their masters, the US financial/political elite.

i

June 21, 2016

Permalink

It's sad there's so much bluster and bullshit in media that they can't bother to report things like this.

Some reporters do report on these issues. Try following theintercept.com, techdirt.com, arstechnica.com, propublica.org, buzzfeed.com, motherboard.vice.com, thehill.com, for example. Try looking for stories by Glenn Greenwald, Julia Angwin, David Kravets, Mike Masnick, Marcy Wheeler, for example.

Not a complete list by any means.

But couldn't agree more about "mainstream media". ABC, CBS, NBC are full of lazy jackasses.

i

June 21, 2016

Permalink

That should go all the way to the presidential race, what the future candidates
think about it. Will they get my vote if they stand by it ?

one of them is for us citizens inside _ protecting them _trump_the second is for relation outside_hilary_.
your vote is important for the both _ trump will spy only the non-American and hilary the american_involved in her business.

i

June 21, 2016

Permalink

(resubmission)

The need for browser hardening is evident from leaks from the notorious intrusion-for-hire company Hacking Team, and from the disclosure of huge USG payments for hacks into onion service websites.

On the political side, support is coming from such surprising sources as former White House cybersecurity chief Ari Schwartz, who argues in a new paper that FBI should be forbidden from paying for hacks, specifically citing a huge payment for hack into an encrypted iPhone used by the San Bernardino killers:

http://www.theregister.co.uk/2016/06/17/fbis_iphone_hack_should_be_barr…
FBI's iPhone paid-for hack should be barred, say ex-govt officials
Cybersecurity bods argue for formalizing zero-day disclosure rules
Kieren McCarthy
17 Jun 2016

> Although the question over whether to disclose a security hole is complex, it is not so complex as to avoid a clear set of rules, say Knake and Schwartz. They don't agree with Bruce Schneier's argument that all zero-day holes should be disclosed immediately regardless of their potential value, and instead highlight a possible case where disclosure would result in the loss of valuable intelligence in an ongoing investigation.
>
> That does not include the FBI's $1.2m purchase of a hack, however. One of the paper's recommendations is that government agencies be "prohibited from entering into non-disclosure agreements with vulnerability researchers and resellers" – which is what the FBI did in buying access to the San Bernardino shooter's phone from an unnamed third party and then claiming it cannot disclose how it did so.

About a month ago some US legislators who expressed doubts about the effectiveness of FBI's rapidly expanding precrime programs, including its CVE programs targeting American schoolchildren, called for a careful scientific evaluation of FBI's precrime risk scores. Unfortunately, this brief window of opportunity for moment of sanity in the halls of USG power was closed by the mass shooting in Orlando. Also torpedoed: the email privacy bill, which had been expected, until the Orlando massacre, to pass unanimously.

FBI's dragnet surveillance programs almost always escape oversight. One of the very few exceptions is the enormously costly decades old disaster known as NEXTGEN, the FBI's much vaunted biometric identification program. After steady legal work by ACLU gradually revealed more and more clearly the failings of this program, GAO finally asked whether FBI's dragnet biometric programs are cost effective, and their report, just published, is extremely damaging to FBI's carefully guarded reputation:

http://thehill.com/policy/technology/283651-watchdog-fbi-doing-limited-…
Watchdog slams FBI's facial recognition database testing
David McCabe
15 Jun 2016

> The FBI has not appropriately tested its facial recognition database, according to a government watchdog report released on Wednesday. The agency maintains a database — called the Next Generation Identification-Interstate Photo System (NGI-IPS) — of photos and other biometric data that can be used in pursuing cases. The Government Accountability Office (GAO) said the agency had only done "limited" testing of its accuracy in situations in which officers were summoning a list of more than 50 potential matches, and did no testing when summoning a list of fewer than 50 potential matches. It also hasn’t tested the accuracy of the state and federal systems the FBI can access during investigations. “By taking such steps, the FBI could better ensure the data received from external partners is sufficiently accurate and do not unnecessarily include photos of innocent people as investigative leads,” said the watchdog.

For those familiar with ROC curves, a decade ago FBI tried to set some standards for the facial identification (in dragnet CCTV video) component of NEXTGEN. Specifically, they declared that the probability of false negatives to be below 5% and the probability of false positives to be below 2%, which is somewhat more stringent than some credit card fraud detection scores, and comparable to some medical testing scores. Five years after that when their own studies showed NEXTGEN was failing miserably to meet those standards, FBI simply dropped all accuracy requirements. Pretty amazing even for an agency with a century old track record at complete failure at every "national security" mission it has ever taken on, especially when FBI and its parent DOJ are pushing so hard for "evidence-based" precrime assessments of all American citizens.

And an excellent example of data journalism from Propublica has shown that the most widely used precrime scoring system in the US "justice" system [sic], from a little known Canadian company called Northpointe Inc, fails to meet even the low bar set for scoring systems which cannot result in persons being deprived of their freedom, much less the stronger standards common in clinical situations such as cancer testing (but not in psychiatric testing, where once again, unevaluated and dubious precrime scoring algorithms are sprouting like weeds, and being marketed to companies anxious about their employees and municipal governments anxious about local residents):

https://www.propublica.org/article/senates-popular-sentencing-reform-bi…

If you think COMPAS is bad, FBI's precrime scores are much worse, and far more dangerous, especially to privacy-minded citizens who use Tor (which USG tends to view as a "red flag" for all manner of suspected potential misconduct).

The GAO report also revealed the existence of a second vast FBI dragnet surveillance facial ID program, called FACE, which is also being developed without any oversight or requirement for meaningful evaluation.

Meanwhile, FBI is demanding that NEXTGEN and FACE be exempted from the Privacy Act, on of the very very few (outdated and weak) laws protecting some of the privacy of US persons, and they demand that the videos recorded by the hidden cameras be exempted from FOIA requests.

Among the controversial sources for NEXTGEN/FACE imagery are surveillance cameras which secretly placed on municipal utility poles, where they are hidden by "concealments" (in FBI parlance) to prevent alert passersby from noting the surveillance.

In recent court filings FBI has argued that revealing the location of the hidden cameras would violate the privacy of precrime suspects who have not yet been charged (naturally, because they haven't done anything wrong), or cause their unsuspected neighbors to become paranoid about USG intentions toward their own households. Because, you see, the pole cams record the comings and goings of everyone who passes by the hidden cameras, not just the current "person of interest". Even more striking, FBI argued that their own agents are afraid of having their identities leaked (perhaps the watching agents are also imaged sitting in their surveillance vehicles/trailers?). Reading into this zany argument I see evidence that the USIC leadership is very anxious about being charged in absentia and maybe even extradited to face trial for war crimes:

http://thehill.com/policy/national-security/282689-former-cia-officer-f…
Former CIA officer faces extradition to Italy for Bush-era efforts
Julian Hattem
8 Jun 2016

> A former CIA officer appears set to be extradited to Italy over allegations about her role in the kidnapping and “extraordinary rendition” of an Egyptian man during the George W. Bush administration. Sabrina de Sousa told news outlets on Wednesday that the extradition process has already begun after the constitutional court in Portugal rejected her final appeal. If the process is finalized, she would become the first person to ever be charged, extradited and jailed over the CIA’s “extraordinary rendition” program, which was carried out under the Bush administration to seize suspected terrorists and bring them to another country for interrogation.
>
>In 2014, de Sousa was convicted in absentia by an Italian court for participating in the 2003 abduction of Egyptian cleric Hassan Mustafa Osama Nasr off a street in Milan and ferrying him to be questioned in Egypt. According to his wife and Italian prosecutors, the cleric, also known as Abu Omar, was subjected to beatings and electric shocks to his genitals.

Such is the political background which underlines the urgent necessity for projects like the Tor Browser hardening program.

I hope Tor users will consider making a donation to support browser hardening, reproducible builds, and other TP initiatives intended to counter unconstitutional state-sponsored-hacking and dragnet surveillance.

> For those familiar with ROC curves, a decade ago FBI tried to set some standards for the facial identification (in dragnet CCTV video) component of NEXTGEN. Specifically, they declared that the probability of false negatives to be below 5% and the probability of false positives to be below 2%

I should clarify: the GAO report mentions quite different and much less stringent figures:

Pr(E|H) <= 0.85 < 0.95

Pr(E|~H) <= 0.20 > 0.02

Indeed, in the early days, FBI stipulated 0.95 and 0.02 respectively, but as it became clear that NEXTGEN was never going to approach that standard (which is comparable to some medical tests used in a clinical setting), FBI drastically lowered the standards to 0.85 and 0.20 respectively. Years later, as it became clear that NEXTGEN would never hurdle that low bar, FBI removed any requirement for a Pr(E|~H) standard at all. As the GAO authors point out, this renders the other element of the ROC curve, Pr(E|H) meaningless. And once it became clear that even this meaningless miserably low standard could never be met by NEXTGEN, FBI removed all "evidence-based" standards entirely.

This process is documented in painful detail in internal FBI documents obtained under FOIA and published by ACLU.

Such humiliation by FOIA is of course the reason why FBI is trying so hard to exempt itself from *all* FOIA requirements, just as it is trying to win exemption from all Privacy Act requirements.

Its the federal version of the mantra all too familiar to anyone who has ever come in for a bit of racially motivated stop-n-frisk: "Who are you gonna call, the cops? We *are* the cops!"

And then they wonder why The People view them as their enemy. American cops. Strange, strange people.

There is a technical point here. Try plugging figures suitable for terror suspects, such as Pr(H) = 10^-6, into Bayes's formula

Pr(H|E) = Pr(E|H)/Pr(E)*Pr(H) = Pr(E|H)/(Pr(E|H)*Pr(H) + Pr(E|~H)*(1-Pr(H))* Pr(H)

Compute the probability of a false accusation by algorithm, Pr(~H|E) = 1-Pr(H|E). Conclude that even a "highly accurate" national facial ID system would be hopeless. Congratulations! You've just done a computation which could and should have saved the USG a rather staggering sum of taxpayer funded wastage which is stated in the GAO report, but which I find to depressing to hunt for right now.

NEXTGEN? Like the very existence of the FBI itself, it's worse than wrong, its just plain stupid.

According to the docrines of Milton Friedman, no business entity as inadequate as FBI should be permitted to exist in a free market society. Yet FBI staggers on from disaster to disaster, securely hidden from the shame it so soundly deserves by the impenetrable wall of secrecy which FBI has always used to cover up its enormous shortcomings. Even so, after a century of failure after failure after failure, perhaps the US Congress will finally put this national embarrasment out of its misery. Never was a dose of euthanasia more richly warranted.

i

June 21, 2016

Permalink

@ Tor Project: thank you for posting this!

Plus one for making the campaign more visible.

@ Tor users: even if you don't live in the US, this affects you! If you do, please call your Congress persons.

These are various dangerous times for anyone who believes in human rights, the Rule of Law, who is politically active, does serious journalism, or stands out from the crowd in some way.

i

June 21, 2016

Permalink

(resubmission)

@ all Tor people: you are the greatest! More like this please!

https://motherboard.vice.com/read/tor-is-teaming-up-with-researchers-to…
Tor Is Teaming Up With Researchers To Protect Users From FBI Hacking
Joshua Kopstein
19 Jun 2016

> The FBI has had a fair amount of success de-anonymizing Tor users over the past few years.

Not quite right; FBI has taken down certain onion services, but that is not the same thing as successfuly deanonmyzing users of Tor Browser Bundle or Tor Messenger. It is not even clear that FBI's takedowns have reduced the number of onion services (hidden sites), or the extent to which FBI targets suspected BLM activists and human rights researchers vs suspected pron/drug purveyors.

As always, those whose duty is to oversee FBI insist on looking the other way, even insist that FBI and other USIC agencies get creative and lie to them.

> Despite the encryption software's well-earned reputation as one of the best tools for online privacy, recent court cases have shown that government malware has compromised Tor users by exploiting bugs in the underlying Firefox browser—one of which was controversially provided to the FBI in 2015 by academic researchers at Carnegie Mellon University.
>
> But according to a new paper, security researchers are now working closely with the Tor Project to create a “hardened” version of the Tor Browser, implementing new anti-hacking techniques which could dramatically improve the anonymity of users and further frustrate the efforts of law enforcement.

See also

https://www.ics.uci.edu/~perl/pets16_selfrando.pdf

> controversially provided to the FBI in 2015 by academic researchers at Carnegie Mellon University.

Academic researchers at that university have done even worse things.

Kathleen Carley has apparently provided the software which NSA/CIA use to decide which persons/villages/funerals to strike with drone-borne missiles in various war-torn desperately impoverished regions of the world.

See Harry Goldstein, "Modeling Terrorists", IEEE Spectrum, Sep 2006.

Now contemplate what things, ten years later, USG is planning to do to Tor users.

Left to themselves, governments never become better behaved,they only become even more criminal. But when everything is done in darkest secrecy, governments are impervious to outside scrutiny. So voices of moderation cannot even try to rescue The People from the consequences of the government's criminal acts.

Two US Attorneys General have very pointedly refused to rule out drone strikes on US citizens carried out inside the USA.

Yes, just like those hapless villagers halfway around the globe, Americans also are becoming targets in the War on US.

> How would they "hack" computers running Tor?

My understanding is that Tor itself is thought to be quite secure. The problem is that Tor Browser is, like any web browser, an enormously complex piece of software.

If you have read David Kahn's classic book, The Codebreakers, you might recall how the father of American cryptography, William F. Friedman, broke the "book code" used by a Hindu nationalist (at a time when the Raj still ruled in India). That code used page, line, and letter "coordinates" in a reference book to painfully spell out plans "to make a revolution in Hindustan". In much the same way, the bad guys can potentially use a complex piece of software to in effect "load" and execute a functioning malware simply by jumping from place to place inside some complex piece of software which has been loaded into memory by the legitimate user of your computer.

The next generation of hardened Tor browsers will exploit a sophisticated form of randomly reorganizing how running code is stored in the memory of your computer, while you are surfing the web using Tor Browser, which should make it much harder for the bad guys to trick your computer into helping them spy on you.

Mozilla provides a steady stream of security vulnerabilities. Mozilla quite literally needs years to fix some of them. You can be 100% certain that a large number of 5-eyes agencies have access to all reported security issues and can create 0-day exploits if they want to.

https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-es…

An article on what the NSA does:
https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

> You can be 100% certain that a large number of 5-eyes agencies have access to all reported security issues and can create 0-day exploits if they want to.

Yes, but we all need to remember that just because the bad guys have hundreds of coders on salary and a list of tens of thousands of serious vulnerabilities in tens of thousands of softwares does not mean that our position is hopeless. It takes time and effort to develop malwares and each may only be effective for a very small number of users, and the next update may close a vulnerability *accidentally*. Further, our enemy is drowning in information and facing increasing opposition from the very industry on which the bad guys depend in order to prosecute the War on Us.

It's an arms race, and we are not losing this race. We may not yet be winning by a mile, but we are keeping pace, and as more people join our cause, we will pull ahead.

i

June 21, 2016

Permalink

Another ruling unfavorable to Tor users concerning Rule 41b (this time from a case being heard in Norfolk, VA):

techdirt.com
Judge In Playpen Case: FBI's Warrant Is Valid, Even If Its Claims About No Privacy In IP Addresses Are Not
Tim Cushing
20 Jun 2016

> ...
> The FBI must have felt its NIT deployment would be considered a search. That's why it obtained a warrant in the first place. But it's been frantically peddling "not a search" theories as court after court has declared its warrant invalid because the searches were performed outside of the issuing magistrate's jurisdiction.
>
> In this case, the issue of whether or not the NIT deployment was a search has not been disputed by either party. The court addresses it anyway because it affects the reasoning that follows.
>
> Before reaching the merits of Defendant's motions, it will be useful to address a preliminary question unaddressed by the parties: Was the deployment of the NIT a "search" of Defendant's computer within the meaning of the Fourth Amendment? If the use of the NIT was not a search, the Fourth Amendment was not implicated, no warrant was required, and any violation of Rule 41(b) irrelevant.
>
> Rule 41(b), which may be drastically altered by the end of this year, restricts searches to the jurisdiction where the warrants were issued. The FBI is well aware of the deficiencies of its NIT warrant, which is why it presented this legal theory to court in response to an earlier motion.
>
> The government in its response to Defendant's First Motion to Suppress never argues that no warrant was required because deployment of the NIT was not a Fourth Amendment search. See Gov't's Resp. to First Mot. at 15-38. In failing to raise this argument when it would have been appropriate, the government has likely waived it. The government does, in justifying the scope of the warrant, argue that Defendant had no reasonable expectation of privacy in his IP address, even though he was using the Tor network.
>
> The court blows past the "no expectation of privacy in IP addresses" for the moment, instead focusing on the execution of the FBI's NIT.

So far, Rule 41b motions to suppress (all have been denied using various legal casuistry) have occurred in the context of cases which arose from FBI takedowns of websites published anonymously via onion services which enabled criminal actions (e.g. objectionable pron or narcotics). It is very important that when US citizens call their congressional representatives, that they stress the danger that precedents set in such cases could easily be extended to target controversial bloggers, investigative journalists, and human rights activists anywhere in the world, regardless of which candidate wins the forthcoming US Presidential elections.

USG has formal or informal "information sharing" agreements with repressive governments such as Saudi Arabia, Israel, and is forging similar agreements with Russia, China, Vietnam and other governments which routinely target bloggers, journalists, political activists, and human rights researchers.

Further, USG is under continual pressure (internal, from FBI/CIA etc, and external, from editorialists who publish in journals such as Foreign Policy, papers such as WaPo, or websites such as Politico) to move down ever more authoritarian paths. This pressure is by no means coming only from one political party, but from all sides.

The reaction to the Orlando massacre has been particularly disturbing. To mention just one example, an editorial by Michael Hirsh in Politico calls for perpetual investigation of all "troubled" US citizens on the grounds that they *might* in future commit some horrid act:

http://www.politico.com/magazine/story/2016/06/orlando-terrorism-fbi-om…
Why Didn’t the FBI Stop Omar Mateen?
The face of terrorism is changing. And critics say the bureau has been too slow to catch on.
Michael Hirsh
17 Jun 2016

> ...
> Based on the accounts of his aquaintances and family, Mateen also appears to have been a deeply conflicted and possibly self-loathing homophobe who drank heavily, took drugs, dated men, frequented the same club he later attacked, Pulse, and used a gay dating app—not the sort of behavior one would expect of a faithful soldier of Islam... Mateen appears, in fact, to have been less a soldier than yet another deeply disturbed American (born in Trump’s own home borough of Queens), who was full of hatred and uncontrollable anger—an example of what law enforcement officials describe as an aspiring violent criminal searching for a larger justification for the acts he’s desperate to commit.
>
> Could Mateen have been caught? It’s unfair to expect that U.S. law enforcement can track and stop every would-be terrorist. But perhaps the toughest thing to explain about the worst mass shooting in U.S. history is how a man who was interviewed three times by the FBI ended up buying, unnoticed, an entire arsenal and then gunning down, unsurveilled, more than 100 people.
> ...
> It’s unreasonable—and perhaps undesirable—to expect that the FBI and counterterrorism officials should be tracking intent rather than action, in effect predicting possible future crimes like the psychics in the movie Minority Report. But... [ISIS has] got an army at home in Syria and Iraq, and around the world it features an evanescent, twilit army of quasi-recruits who behave somewhat like quantum terrorists; they are neither one thing nor another but both somehow, Americans with unblemished records one day, remorseless murderers the next. Or as Comey somewhat awkwardly described it, the FBI must not only find “needles in a nationwide haystack” but also figure out “which pieces of hay might someday become needles.”
> ...
> [Former FBI agent Michael] German, a fellow at the Brennan Center for Justice at NYU Law School, agrees that Mateen and Roof are of the same ilk. “Like Dylann Roof, this was someone who had anger building up and wanted to find some hook that would justify it, or find a community that would accept this as righteous,” says German. “That was his ‘radicalization.’”
>
> Some experts say there is in fact a solution and model for doing a better job of tracking this new threat—the one used by the U.S. Secret Service to keep the president safe. “It’s going to take adopting an approach used by Secret Service for years, a combination of law enforcement, risk assessment and then intervention, even if there’s no arrest,” says [academic "terrorism expert" John] Cohen. For decades, the Secret Service has gone further than simply investigating and prosecuting threats to the president. Even if agents don’t arrest a suspect who, say, posts something threatening online, the Secret Service will take additional steps to assess if that person poses risks of committing a crime in the future based on psychological and behavioral characteristics—for example like the threatening and Islamist-sympathizing statements Mateen was said to have made to co-workers in recent years. They’ll also try to connect the individual with mental-health, educational and religious authorities from the community.
>
> As Politico Magazine reported in March, the FBI has sought to develop these community intervention models—using a relatively new concept called Shared Responsibility Committees—but they are still largely in their infancy, and they are somewhat controversial because of their intrusiveness and stigma of ethnic profiling, especially within American Muslim communities.

Michael Hirsh neglects to mention another reason why FBI's CVE programs are so controversial: they focus on "interventions" in the lives of troubled schoolchildren. FBI is already demanding that high school teachers report troubled students. But far more troubling is the fact that, according to their own literature, FBI's ultimate target group consists of preschool children aged 3-7.

FBI's Shared Responsibiity Committees will include psychologists as well as educators, social workers, and counter-terrorism officials. Why?

Because there is a whole host of academic journals which publish articles claiming that "adverse events" develop into adults who have higher blood pressure

Gooding, H., Milliren, C., McLaughlin, K.A., Richmond, T., Katz-Wise, S., Rich-Edwards, J., & Bryn-Austin, S. (2014). Child maltreatment and blood pressure in young adulthood. Child Abuse and Neglect, 2852, 1-8.

are more obese

Gooding, H.C., Miliren, C., Austin, S.B., Sheridan, M.A., & McLaughlin, K. A. (2015). Exposure to violence in childhood is associated with higher body mass index in adolescence. Child Abuse & Neglect.

are more likely to suffer from heart disease

Hatzenbuehler, M.L., Slopen, N., & McLaughlin, K.A. (2014). Stressful life events, sexual orientation, and cardiometabolic risk among young adults in the United States. Health Psychology, 33, 1185-1194.

are more likely to suffer from major mental illnesses such as depression

Roberts, A.L., Chen, Y., Slopen, N., McLaughlin, K.A., Koenen, K.C., & Austin, S.B. (2015). Maternal experience of abuse in childhood and depressive symptoms in adolescent and adult offspring: A 21-year longitundinal study. Depression and Anxiety, 32, 709-719.

PSTD

McLaughlin, K.A., Busso, D.S., Duys, A., Green, J.G., Alves, S., Way, M., & Sheridan, M.A. (2014). Amygdala response to negative stimuli predicts PTSD symptom onset following a terrorist attack. Depression and Anxiety, 00, 1-9.

mania

Gilman, S. E., Ni, M. Y., Dunn, E. C., Breslau, J., McLaughlin, K. A., Smoller, J. W., & Perlis, R. H. (2015). Contributions of the social environment to first-onset and recurrent mania. Molecular Psychiatry, 20, 329-336.

ADHD

Gilman, S. E., Ni, M. Y., Dunn, E. C., Breslau, J., McLaughlin, K. A., Smoller, J. W., & Perlis, R. H. (2015). Contributions of the social environment to first-onset and recurrent mania. Molecular Psychiatry, 20, 329-336.

"conduct disorder" (speaking back to the teacher, lobbing spitballs, pulling pigtails)

Wiesner, M., Elliott, M.N., McLaughlin, K.A., Banspach, S.W., Tortolero, S. & Schuster, M.A. (2015). Common versus specific correlates of fifth-grade conduct disorder and oppositional defiant disorder symptoms: comparison of three racial/ethnic groups. Journal of Abnormal Child Psychology, 43(5), 985-998.

bullying

McLaughlin, K. A., Aldao, A., Wisco, B., & Hilt, L. (2014). Rumination as a transdiagnostic factor underlying transitions between internalizing symptoms and aggressive behavior in early adolescents. Journal of Abnormal Psychology, 123, 13-23.

alchoholism

Keyes, K., Shmulewitz D., Greenstein, E., McLaughlin, K.A., Wall, M., Efrat, A., Weizman, A., Frisch, A., Spivak, B., Grant, B., & Hasin, D. (2014). Exposure to the Lebanon War of 2006 and effects on alcohol use disorders: the moderating role of child maltreatment. Drug and Alcohol Dependence, 134, 296-303.

anger issues

Iverson, K.M., McLaughlin, K.A., Adair, K.C., Monson, K.M. (2014). Anger-related dysregulation as a factor linking childhood physical abuse and interparental violence to intimate partner violence experiences. Violence and Victims, 29, 564-578.

suicide

Nock, M.K., Green, J.G., Hwang, I., McLaughlin, K.A., Sampson, N.A., Zaslavsky, A.M., & Kessler, R.C. (2013). Prevalence, Correlates, and Treatment of Lifetime Suicidal Behavior Among Adolescents: Results From the National Comorbidity Survey Replication Adolescent Sample. Journal of the American Medical Association of Psychiatry, 70(3):300-310.

and just about any other "adverse life outcome" you might imagine.

And--- this is why FBI and NCTC are so interested in spying on "troubled" citizens--- in the criminology journal literature there is an entire industry devoted to "scientific proof" that exposure to violence in childhood (even *reading* about violence) makes you more likely to be violent, or even a dangerous predator or potential mass shooter or terrorist, than persons who experienced an idyllically happy childhood.

So from a civil liberties perspective, the danger is that FBI/NCTC are moving towards regarding every "troubled" citizen as a perpetual terror suspect who must be subjected to continual "interventions" throughout their childhoods and indeed throughout their entire adult lives.

And this amounts to implementing an oppressive regime of state-sponsored discrimination in which persons who were unlucky enough to be victims of abuse in childhood will be continually re-victimized *by the government* throughout their entire lives. A regime in which citizens are subjected to mistreatment, not because they are suspected of having done anything wrong in the past, but because the government considers that they are more likely than other citizens to do something wrong in the future.

And once again we see how entire disciplines (engineering, mathematics, psychology) are being "captured" by the ugliest and most oppressive portions of the USG.

> But Cohen says U.S. officials have no choice after Orlando [but to ramp up precrime programs targeting "troubled" persons].

Particularly singled out: "troubled" persons who, you guessed it, spend "too much" time on the Internet:

> both the inspiration for these acts of violence and the acts themselves often are blended together in a strange and toxic stew on the Internet. If he was initially inspired by what he saw on the Internet, as Comey suggested, Mateen also began posting on Facebook while he was shooting people during his four-hour siege of the nightclub, and checking to see if he’d made the news yet. Dylann Roof, a loner who closeted himself in his room and absorbed the “Internet evil,” as his family called it, hurriedly created a “manifesto” not long before the Charleston murders...

Please note that CIA Director John Brennan, FBI Director Comey, and other officials have even tried to link using encryption with "proto-terrorism". Needless to say, using Tor is equivalent to instant nomination to counter-terrorism cyber-watchlists.
.
> According to GW’s Vidino, there are currently about 1,000 terrorist investigations open nationwide, and many more have been closed. He says U.S. authorities would probably do well to keep many of those cases open if they involve troubled or violent individuals, and to reopen others—at least to seek to intervene in time. But to do that the FBI, which is not comfortable “operating in this pre-criminal space,” says Vidino, will have to push itself out of its comfort zone.
>
> That of course could mean entering a potential danger zone at the same time, at least for society. Law enforcement has erred in the past by slip-sliding into the practice of trying to identify offenders before they do anything—or profiling and targeting certain communities according to theories of the “broken-windows” type. “As I would hope the American people would want,” Comey himself said this week, in justifying the earlier closing of Mateen’s case, “we don’t keep people under investigation indefinitely.”
>
> But that is how the Omar Mateens of the future may well be detected.

One of the very small number of writers who have consistently spoken out against USG precrime programs (which appear increasingly unlikely to repeat the error of the mass detentions of US citizens of Japanese descent during World War II by incarcerating designated proto-terrorists in preventative detention camps) is Glenn Greenwald:

https://theintercept.com/2016/06/21/democrats-war-on-due-process-and-te…
Democrats’ War on Due Process and Terrorist Fear-Mongering Long Pre-Dates Orlando
Glenn Greenwald
21 Jun 2016

> Before the bodies were removed from the Pulse nightclub in Orlando last week, Democrats began eagerly exploiting that atrocity to demand a new, secret “terrorist watch list”: something that was once the domestic centerpiece of the Bush/Cheney War on Terror mentality. Led by their propaganda outlet, Center for American Progress (CAP), Democrats now want to empower the Justice Department – without any judicial adjudication – to unilaterally bar citizens who have not been charged with (let alone convicted of) any crime from purchasing guns.
>
> Worse than the measure itself is the rancid rhetoric they are using. To justify this new list, Democrats, in unison, are actually arguing that the U.S. Government must constrain people whom they are now calling “potential terrorists.” Just spend a moment pondering how creepy and Orwellian that phrase is in the context of government designations.
>
> What is a “potential terrorist”? Isn’t everyone that? And who wants the U.S. government empowered to unilaterally restrict what citizens can do based on predictions or guesses about what they might become or do in the future? Does anyone have any doubt that this will fall disproportionately on certain groups and types of people?

Many of us (including this commentator) actually support stronger gun control laws. But the measures currently being advocated by members of both "corporate parties" in the US Congress would set very, very dangerous precedents. So would allowing the changes to Rule 41b to go forward. In both cases, the problem is that USG is progressively revoking the very notion of due process, which lies at the heart of the Rule of Law.

And if all persons are not equal under the law, what chance has a non-super-rich person to defend himself or his children against the predatory demands of the elite?

The phrase "which appear increasingly unlikely" should read "increasingly likely".

Sad but true.

Both former Democratic Party US Presidential candidate Gen. Wesley Clark and current Republican Party US Presidential candidate Mr. Donald J. Trump have endorsed calls for "preventative detention camps" for American Muslims and other "troubled" citizens.

How many get to publish 2700 words as a "comment" here?

Only if you support the Tor political censor's views?

Several times longer than even longish comments.

The writer worked diligently to ignore the worldwide link between large scale unprovoked attacks on unarmed civilians going about their normal business,
and the religious self-identification of the perpetrators.

(Grabbing a list of exceptions will not change that they are exception).

Anyone can, most things (that aren't actual spam) get approved in my experience, though I don't check the queue as often as I used to, so my sample size isn't that big.

Comment approval is manual, time consuming, and annoying because the software is old and heavily spammed. There's been plans for a replacement blog system on and off, but I don't know where that's at.

nb: For the most part, the only thing I do when I check the queue is purge the spam.

All political activists need training in using Tor, Tails, and other pro-democracy tools to protect their anonymity when planning political protests and communicating with other dissidents.

Currently this need is particularly urgent in Cleveland, OH:

https://theintercept.com/2016/06/23/fbi-and-police-are-knocking-on-acti…
FBI and Police are Knocking on Activists’ Doors Ahead of Republican National Convention
Alice Speri
23 Jun 2016

> Law enforcement agencies, including the FBI, have been knocking on the doors of activists and community organizers in Cleveland, Ohio, asking about their plans for the Republican National Convention in July. ... “The purpose of these door knocks is simple: to intimidate the target and others in efforts to discourage people from engaging in lawful First Amendment activities,” Jocelyn Rosnick, a coordinator with the Ohio chapter of the National Lawyers Guild, wrote in a statement denouncing the home visits.

Another reason to remain anonymous: if FBI finds out who you are, and puts you on a watchlist, your descendants will also be condemned to eternal suspicion, surveillance, interrogation, maybe even "preventative detention" (another unmistakably fascist measure which many midwest activists expect to see during the forthcoming convention).

http://www.slate.com/articles/news_and_politics/politics/2016/06/donald…
Donald Trump’s Next-Generation Bigotry
Not content with attacking immigrants, Trump is now smearing their American-born children. And the children of those children.
William Saletan
23 Jun 2016

> Donald Trump says he’ll protect America from its enemies. He’ll build a wall on the Mexican border, block Muslim refugees, and slap tariffs on China. But Trump’s latest threats against Muslim Americans, like his attacks on the “Mexican” judge in the Trump University fraud case, show that these assaults won’t stop at the border. Trump is now targeting natural-born citizens of the United States, treating them as aliens based on religion or ethnicity. He’s not building walls around America. He’s building walls within it.
>
> When Trump went after Judge Gonzalo Curiel three weeks ago, calling him biased and underhanded because of his “heritage,” many Americans cried foul. It’s one thing to campaign against illegal immigration or even legal immigration, they noted. It’s quite another to challenge someone born in this country based on his ancestry.
>
> The massacre in Orlando on June 12, awful as it was, gave Trump an opportunity to change the subject and mend his ways. Instead, he continued—and broadened—his line of attack. He insinuated that Muslim Americans, like Mexican Americans, were disloyal. “Since 9/11, hundreds of migrants and their children have been implicated in terrorism in the United States,” Trump declared in a statement hours after the massacre. “Hillary Clinton wants to dramatically increase admissions from the Middle East, bringing in many hundreds of thousands during a first term—and we will have no way to screen them, pay for them, or prevent the second generation from radicalizing.”
>
> “Their children.” “The second generation.” Trump wasn’t just arguing, as he had in the past, that the refugees couldn’t be vetted. He was claiming that even if they were vetted, they still had to be kept out of the country, because their offspring might someday become terrorists. This scenario would take place in the future, possibly involving children who were not yet born and influences from abroad that might reach these children without their parents’ knowledge. Therefore, no migrant, regardless of vetting, was safe to admit.
>
> The next day, in a prepared speech, Trump expanded on his argument:
>
> Under the Clinton plan, you’d be admitting hundreds of thousands of refugees from the Middle East with no system to vet them or to prevent the radicalization of the children—and their children. Not only their children, by the way. They’re trying to take over our children and convince them how wonderful ISIS is and how wonderful Islam is.
>
> Now Trump was talking about a third generation. If the children of migrants didn’t become terrorists, their grandchildren might. And even if none of them did, Muslims were still too dangerous to allow into the country, because they or their descendants might try to tell non-Muslim kids “how wonderful Islam is.”

None of this is Trump's idea: he's getting this straight from FBI.

Lest any US voters think this is good reason to vote for Clinton: FBI is currently investigating her email server. There is no question she broke laws. The kind for which at least one former Attorney General wanted to kill someone. FBI is currently deciding whether or not to indict her. If they do, her campaign will be aborted, and Trump will be elected. If they do not, that will mean they struck a backroom deal with her.

Either way, FBI is determined to complete the transformation of the USA into a technofascist society.

"All political activists need training in using Tor, Tails, and other pro-democracy tools"

You mean Tor should only be for the kinds of political activists who agree with your spam.

" to protect their anonymity when planning political protests and communicating with other dissidents."
Currently this need is particularly urgent in Cleveland, OH:"

You do not mean democracy tools, you mean to practice violent attacks against human beings that will congregate in Cleveland, OH... as already done twice successfully by you or your allies against those you hate in the current political competition.

> The writer worked diligently to ignore the worldwide link between large scale unprovoked attacks on unarmed civilians going about their normal business,
and the religious self-identification of the perpetrators.

The USIC/FBI hackers who attack computer users worldwide share a particular "religious self-identification"? Gosh, didn't know that. What religion? Do you have a citation?

(Fun fact from the Snowden leaks: some years ago, the fastest growing religious identification inside NSA was... LDS. The document which revealed that factoid failed to explore any possible location with the location of the Utah Data Center.)

>> The writer [OP of 2700 words! a Tor comment record?] worked diligently to ignore the worldwide link between large scale unprovoked attacks on unarmed civilians going about their normal business, and the religious self-identification of the perpetrators.

Pretended interpretation above: "hackers who attack computer users "

No. Referring to violent attackers on unarmed civilians going about their normal business, happening worldwide.

The religious self-identification of the perpetrators is fairly consistent.
Latest in Turkey's Ataturk airport. Before that in Belgian airport, before in French concert venue. Etc.

i

June 21, 2016

Permalink

They have been doing this already since 1900's? What is the point of voting? Just keep your computer safe from attacks or intrusions and that is all. Hackers have existed since computers were utilized!

> They have been doing this already since 1900's? What is the point of voting?

Given the unpredented unpopularity of the two "mainstream" candidates for the forthcoming US Presidential election, I must agree that there may be little point in voting in that particular contest, unless you decide to register a "protest vote" for the Green Party candidate, Dr. Jill Stein, the only candidate who appears not to be cryptofascist. But there may be a point to voting in some of the Congressional races or in local elections in which a progressive candidate is on the ballot.

And let's not lose sight of the fact that just because the American political system (and the system in too many other "democratic nations") has utterly broken down, in that these systems are entirely ignoring the desires of the persons governed, does not mean that political involvement itself is useless. Quite the contrary, the more people who are involved in political discussions outside the system, the better than chances that the coming revolutions will be less disastrous than the recent revolutions in nations such as Egypt and Syria.

> Just keep your computer safe from attacks or intrusions and that is all.

If you think this is easy, you must have missed the point of the hardened Browser program, or the reasons why EFF and Tor Project (and other organizations) are calling on people everywhere to oppose the forthcoming changes to Rule 41b of the US Code of Criminal Procedure, which will encourage FBI to break into any computer anywhere in the world and delete information, or even worse, to plant "evidence", all without any oversight, and potentially in the form of mass attacks on millions of computers authorized by a single technically ignorant authortarian-minded magistrate judge in some obscure and backwards US jurisdiction.

i

June 21, 2016

Permalink

Do Yo really think they care about what the powerless sheep a.k.a the people think about their plans? Or You can stop it? They illegally broke into systems before, they will continue to do it no matter what. That said, I also signed the petition.

> Do [you] really think they care about what the powerless sheep a.k.a the people think about their plans? Or You can stop it?

Is the USG worried about what Julian Assange might reveal next? What Jake Appelbaum might reveal next? What ACLU might discover in FOIA'd documents?

You bet they are. As confirmed by innumerable leaks, they are spending considerable sums targeting civil libertarians and privacy advocates, precisely because they are very frightened by how much we already know, and by what we might learn next. Frightened that some brave reporter may be willing to publish some of what we know and can prove is true.

Is the USG worried about grass roots movements like Occupy?

You bet they are. As confirmed by various leaks, etc, etc.

i

June 21, 2016

Permalink

What the hell is America thinking? You are not the global world. You are one of the countries and you are not INTERPOL.
Why the USA have access to ALL computer systems outside the USA? This is disgusting!