Tag: United States

Categories
Writing

Could Email Undermine the 2012 American Election?

In the aftermath of Hurricane Sandy, some of the polling stations that would have been used by Americans to cast ballots are gone. Moreover, some citizens in New Jersey are unlikely to either find their new polling station or take the time to find a station and vote. Quite simply, they’re rebuilding their lives: presidential politics aren’t necessarily centre of mind at the moment.

In the wake of the disaster, New Jersey will let some voters cast their ballots by fax and email. One American expert has identified a range of possible attack vectors that could be used to compromise people’s votes. He’s quoted as saying,

Those are just some of the more obvious and potentially catastrophic ways a direct security failure could affect this election … The email voting scheme has so many ways it can fail or that doubt can be cast on the integrity of the results, that if a race somewhere in New Jersey is decided by email ballots, it seems almost guaranteed that we’re going to have a bunch of mini-2000-in-Floridas all over the state.

In addition to basic security concerns around voting, it’s critical to understand that voting by email (effectively) removes secrecy provisions. Messages will not have to be encrypted, meaning that if employees cast their ballots at work then their employer(s) could ascertain how their employees are voting. This is an incredibly serious issue.

In the best of worlds, the New Jersey elections won’t rely or depend on the emailed votes to determine a winner. This said, even if the votes don’t change the local results – if individuals win seats by sufficient margins that the emailed ‘ballots’ wouldn’t affect who won – the national vote could the endangered if the New Jersey voting system is connected to the national system. The risk, here, is that if an attacker could compromise the New Jersey voting infrastructure (perhaps by sending an infected attachment to an email message) then the rest of the infrastructure could also be compromised. Such an attack, were it to occur, could compromise not just the New Jersey results but, potentially, races across the United States.

While it’s evident why the government decided to let people vote by email – to ensure that Americans could cast their ballot despite the horrific natural disaster – these good intentions could result in very, very bad results. Worse, it could encourage trust and confidence in online voting systems more generally, systems that simply cannot be adequately secured (for more as to why, see this and this). While paper ballets are infuriating for many they remain an ideal means of confidently expressing voting intentions. While alternate approaches certainly need to be considered to let people vote, especially in times of crisis, voting by email is not an idea that should have been contemplated, let alone adopted, as a solution to the Sandy-related voting problems.

Categories
Links Writing

App Developers Face Fines for Lacking Privacy Policies

To be clear and up front: privacy policies suck. I’m currently analyzing the policies of major social networks and if the policies were merely horrific then they’d be massively better than they actually are today.

That said, a privacy policy at least indicates that an organization took the time to copy someone else’s policy. For the briefest of moments there was some (however marginal) contemplation about how the organization’s actions related to privacy. While most companies will just hire a lawyer to slap legalese on their websites, a few will actually think about their data collection and its implications for individuals’ privacy. That’s really all you can hope for privacy policies to generally accomplish unless the company out-and-out lies in their policy. If they do lie then you can get the FTC involved.

The potential for ‘enjoying’ a $2,500 fine per download if a company lacks a privacy policy is a massive stick and, hopefully, will get developers to at least consider how their collection of data implicates users’ privacy. The California approach is not the solution to the problem of people’s data being collected without their genuine consent but at least it’s a start.

Categories
Links Writing

Question to SCOTUS: Can we even bring legal action over warrantless spying?

The EFF continues it’s long slog to challenge the US government’s warrantless wiretapping. At this point a series of cases have been dismissed, though the Supreme Court is now hearing a case to ascertain whether those who have been affected by the dragnet surveillance – lawyers, journalists, human rights lawyers – can challenge the statute given that it “prevents them from doing their job without taking substantial measures when communicating to overseas witnesses, sources and clients.”

This is an incredibly serious case. The outcome will not decide the legality of the statute itself but just whether it can be challenged. By anyone. A dismissal of the case – that is, a decision declaring that no one clearly has standing to challenge the statute – would prevent the existing intelligence operations from ever being challenged so long as the government avoids bringing warrantlessly-accessed data into a trial as evidence.

Watch this case; if it goes sideways then the American government will have (effectively) been given license by the highest court in the land to surveil Americans, without warrant, and without an effective means to prevent the surveillance.

Categories
Aside Humour

Leahy & Time Warner Comic

Categories
Links Writing

The Nature of UK Rendition Processes

The Guardian has an excellent bit of coverage on UK-led rendition practices. These practices entailed collaborating with Libya and China to turn over members of the Libyan Islamic Fighting Group, an anti-Gaddafi organization. Ian Cobain, the journalist, precisely notes the kinds of experiences that UK and American agents subjected members of the organization to during their capture and transit to Libya.

It’s a harrowing read, but important, as it details the significance and associated dangers of the state’s secret extension of powers. It also recognizes that states will ‘turn’ on individuals and groups that they had once supported on the basis of building economic relations with a new ‘friend’. Perhaps most ominously, the article outlines how the secret court processes – where neither the accused nor their counsel are permitted to view or argue about evidence against the accused – have had their rulings ignored. Even the judges in these secret cases cannot impose their power on the state, indicating that arms of the government are entirely divorced from the accountability required for democratic institutions to (normatively) survive.

The only way to stop these kinds of practices is for the public to stop quietly ignoring the erosion of their democracies, civil liberties, and basic freedoms. It remains unclear how this can be done, but given the expansion of the state’s perception of its executive powers, it is imperative that citizens vigorously and actively begin protecting their democracies before the last shreds of democracy are truly lost.

Categories
Aside

When lobbying government, it helps if your high-level staff were well-placed government staffers and officials

Categories
Aside

Grope & Pillage

Visualizing TSA costs and ‘benefits’ since 9/11

Categories
Links

US Government’s Harassment Made Visible

When your government behaves in such a way that innocent citizens are forced to act as a spies to keep safe, then it’s evident that something has gone terribly awry. Laura Poitras, an American citizen and journalist, now lives like a spy: under the constant pressure of potential government harassment and surveillance of herself, her sources, and anyone that is particularly close to her.

Her crime? Being an award winning filmmaker who has produced films addressing the negative impacts of American imperialism abroad.

Glenn Greenwald has a terrific piece that unpacks what it means to be a prominent journalist, activist, or simple government contrarian who is willing to take entirely legal actions against the American state. Actions like speaking up or otherwise exercising basic civil rights. I won’t lie: it’s a long piece, probably not something you can skim in 2-3 minutes. But if you only read one thing that holds your attention for 10-15 minutes today, go read Glenn’s piece. It’s eye opening.

As a teaser:

In many instances, DHS agents also detain and interrogate her in the foreign airport before her return, on one trip telling her that she would be barred from boarding her flight back home, only to let her board at the last minute. When she arrived at JFK Airport on Thanksgiving weekend of 2010, she was told by one DHS agent — after she asserted her privileges as a journalist to refuse to answer questions about the individuals with whom she met on her trip — that he “finds it very suspicious that you’re not willing to help your country by answering our questions.” They sometimes keep her detained for three to four hours (all while telling her that she will be released more quickly if she answers all their questions and consents to full searches).

Poitras is now forced to take extreme steps — ones that hamper her ability to do her work — to ensure that she can engage in her journalism and produce her films without the U.S. Government intruding into everything she is doing. She now avoids traveling with any electronic devices. She uses alternative methods to deliver the most sensitive parts of her work — raw film and interview notes — to secure locations. She spends substantial time and resources protecting her computers with encryption and password defenses. Especially when she is in the U.S., she avoids talking on the phone about her work, particularly to sources. And she simply will not edit her films at her home out of fear — obviously well-grounded — that government agents will attempt to search and seize the raw footage.

(Read More)

 

Categories
Links

US Looking to Expand CALEA?

From the New York Time we find that American officials are campaigning for updates to CALEA, a surveillance bill that was passed in 1994. The officials claim updates are needed because

some telecommunications companies in recent years have begun new services and made system upgrades that caused technical problems for surveillance.

Albert Gidari Jr., a lawyer who represents telecommunications firms, said corporations were likely to object to increased government intervention in the design or launch of services. Such a change, he said, could have major repercussions for industry innovation, costs and competitiveness.

“The government’s answer is ‘don’t deploy the new services — wait until the government catches up,’ ” Mr. Gidari said. “But that’s not how it works. Too many services develop too quickly, and there are just too many players in this now.”

In essence, it appears that the US government is advocating for updates to their laws that are similar to provisions in Canada’s lawful access legislation. The tabled Canadian legislation includes provisions that preclude interception capabilities from degrading over time (Section 8), mandate that interception capabilities continue to meet government requirements as telecommunications services providers upgrade their services (Section 9), and require new software and product offerings to be compliant with interception demands (Section 11). It would seem that, without these provisos, CALEA is showing its age: ISPs are deploying services that ‘break’ existing wiretap capabilities and that it takes some time to restore those capabilities. ISPs innovate, and then surveillance catches up.

Of course, it’s useful to remember that none of the details surrounding the FBI’s problems in maintaining wiretaps is really made clear in the article. The sources that the reporter draws upon are primarily from law enforcement agencies and, as we have seen in Canada and in prior US legislative gambits, such agencies are prone to overstating problems and understating their complicity in generating/maintaining them. It’s also unclear just how ‘impaired’ investigations actually were. In essence, a full accounting of the alleged problems is needed, and the accounting ought to be public. If the American public is going to shell out more money for surveillance, and potentially endanger next-generation telecommunications services’ innovative potentials, then the government has to come totally clean about their allegations so that a rational and empirically-grounded debate can occur.

Categories
Links Writing

Surprise: American Equipment Spies on Iranians

Steve Stecklow, for Reuters, has an special report discussing how Chinese vendor ZTE was able to resell American network infrastructure and surveillance products to the Iranian government. The equipment sold is significant;

Mahmoud Tadjallimehr, a former telecommunications project manager in Iran who has worked for major European and Chinese equipment makers, said the ZTE system supplied to TCI was “country-wide” and was “far more capable of monitoring citizens than I have ever seen in other equipment” sold by other companies to Iran. He said its capabilities included being able “to locate users, intercept their voice, text messaging … emails, chat conversations or web access.”

The ZTE-TCI documents also disclose a backdoor way Iran apparently obtains U.S. technology despite a longtime American ban on non-humanitarian sales to Iran – by purchasing them through a Chinese company.

ZTE’s 907-page “Packing List,” dated July 24, 2011, includes hardware and software products from some of America’s best-known tech companies, including Microsoft Corp, Hewlett-Packard Co, Oracle Corp, Cisco Systems Inc, Dell Inc, Juniper Networks Inc and Symantec Corp.

ZTE has partnerships with some of the U.S. firms. In interviews, all of the companies said they had no knowledge of the TCI deal. Several – including HP, Dell, Cisco and Juniper – said in statements they were launching internal investigations after learning about the contract from Reuters.

The sale of Western networking and surveillance equipment/software to the Iranian government isn’t new. In the past, corporate agents for major networking firms explained to me the means by which Iran is successfully importing the equipment; while firms cannot positively know that this is going on, it’s typically because of an intentional willingness to ignore what they strongly suspect is happening. Regardless, the actual sale of this specific equipment – while significant – isn’t the story that Western citizens can do a lot to change at this point.

Really, we should be asking: do we, as citizens of Western nations, believe that manufacturing of these kinds of equipment is permissible? While some degree of surveillance capacity is arguably needed for lawful purposes within a democracy it is theoretically possible to design devices such that they have limited intercept and analysis capability out of the box. In essence, we could demand that certain degrees of friction are baked into the surveillance equipment that is developed, and actively work to prevent companies from producing highly scaleable and multifunctional surveillance equipment and software. Going forward, this could prevent the next sale of significant surveillance equipment to Iran on grounds that the West simply doesn’t have any for (legal) sale.

In the case of government surveillance inefficiency and lack of scaleability are advantageous insofar as they hinder governmental surveillance capabilities. Limited equipment would add time and resources to surveillance-driven operations, and thus demand a greater general intent to conduct surveillance than when authorities have access to easy-to-use, advanced and scalable, surveillance systems.

Legal frameworks are insufficient to protect citizens’ rights and privacy, as has been demonstrated time and time again by governmental extensions or exploitations of legal frameworks. We need a normatively informed limitation of surveillance equipment that is included in the equipment at the vendor-level. Anything less will only legitimize, rather than truly work towards stopping, the spread of surveillance equipment that is used to monitor citizens across the globe.