It’s always nice to see the US racing to catch up to where the rest of the world’s been at for many, many years. And all it’s taken have been a serious of catastrophic data breaches!
Tag: United States
From The Unsealed ‘Jewel v. NSA’ Transcript: The DOJ Has Nothing But Contempt For American Citizens:
Hey, I’m sorry the leaks have made it harder for these agencies to do whatever the hell they want, but they are all part of a government that’s supposed to be accountable to the citizens picking up the check. But when faced with unhappy citizens and their diminished rights, all the DOJ’s lawyers can say is that the public doesn’t know shit and has no right to question the government’s activities.
The government has somehow managed to come to a conclusion others reached weeks ago – there’s more than one leaker out there. GOOD. Burn it down. In the DOJ’s hands, the government isn’t by or for the people. It’sdespite the people. The DOJ can’t be trusted to protect the balance between privacy and security. As it sees it, what the public doesn’t know will likely hurt it, and it’s damned if it’s going to allow citizens to seek redress for their grievances.
While I don’t agree with the whole ‘burn-the-DOJ-down’ mentality, that this is an increasingly mainstream opinion regarding key US government institutions is deeply problematic. Such attitudes are indicative of a population no longer seeing itself reflected in its government which is, in turn, a recipe for social conflicts.
Categories
2014.7.15
… our own attempts to obtain policies governing assertion of state secrets privilege met with failure, inasmuch as there appear to be no policy guidelines on the use of the privilege in any major department or agency of the executive branch. Freedom of Information Act requests to some three dozen agencies and their various subcomponents yielded nothing in the way of documentation of guidance for use of the privilege. And limitations on assertion of the privilege appear to be self-imposed by the individual agencies, and use of the privilege seems to be carried out ad hoc at the discretion of department heads and their assistants. Perhaps the general feeling of administrators concerning the privilege was summed up in a Department of the Navy memorandum: it concluded that “there is nothing but good news about the state secrets privilege” as a tool to prevent disclosure of information.
William G. Weaver and Robert M. Pallitto, “State Secrets and Executive Power,” Political Science Quarterly 120 (1).
Categories
The NSA’s Utah data centre
The NSA’s Utah data centre, as taken by the EFF.
Low-level federal judges balking at law enforcement requests for electronic evidence:
Among the most aggressive opinions have come from D.C. Magistrate Judge John M. Facciola, a bow-tied court veteran who in recent months has blocked wide-ranging access to the Facebook page of Navy Yard shooter Aaron Alexis and the iPhone of the Georgetown University student accused of making ricin in his dorm room. In another case, he deemed a law enforcement request for the entire contents of an e-mail account “repugnant” to the U.S. Constitution.
For these and other cases, Facciola has demanded more focused searches and insisted that authorities delete collected data that prove unrelated to a current investigation rather than keep them on file for unspecified future use. He also has taken the unusual step, for a magistrate judge, of issuing a series of formal, written opinions that detail his concerns, even about previously secret government investigations.
“For the sixth time,” Facciola wrote testily, using italics in a ruling this month, “this Court must be clear: if the government seizes data it knows is outside the scope of the warrant, it must either destroy the data or return it. It cannot simply keep it.”
Broad based access to telecommunications information can be extremely revealing: law enforcement know this, civil advocates (and defence attorneys) know this, and (increasingly) justices know this. And as justices in particular become more cognizant of just what law enforcement agencies are accessing, and of authorities’ decisions to not target their searches but instead collect (and retain) the entirety of people’s personal information, we’ll see more and more pushback against authorities’ overreaches.
Politics and justice tend to move slowly, often to the point where they ‘lag’ a decade or more behind technology and social norms. However, even these conservative systems tend to eventually correct themselves. As federal American judges ‘balk’ at over collection we’ll see these issues of evidence collection rise through the courts until, hopefully, a good ruling is issued by the Supreme Court of the United States. And then we’ll move onto the next overreach that authorities identify and begin exploiting…
Categories
2014.3.20
It is disconcerting to realize that the reassessment of classification policy described by Mr. Litt was not prompted by the diligent exercise of congressional oversight or by judicial review or by ordinary advocacy. Rather it was explicitly inspired by the Snowden leaks, which Mr. Litt described as “criminal.” The upshot is that leaks emerge as a uniquely powerful tool for shaping intelligence classification policy, while conventional checks and balances appear all but irrelevant by comparison.
Moreover, the purpose of the newfound push for greater transparency seems to be instrumental, not principled. In other words, it is driven by tactical considerations, not by statutory requirements or any other objective norm.
“I strongly believe that the best way to prevent the damage that leakers can cause is by increased transparency on our part,” Mr. Litt said. “Transparency can both lessen the incentive for disaffected employees to disclose our activities improperly, and provide the public appropriate context to evaluate leaks when they occur.”
That implies that what is needed is only as much transparency as it takes to achieve these imprecise and transient goals. It is a unilateral move that can be unilaterally reversed.
Steve Aftergood, “ODNI Rethinks Secrecy and Openness in Intelligence”
The security design of the system as implemented in tests so far will require a national certificate infrastructure much like that used for preventing domain spoofing and securing the Web. It will require a database of certificates—like the X.509 certificates used in public key infrastructure (PKI)—to verify that devices are legitimate and make it possible to rescind permissions to ensure that no one can send out spoofed messages. If a certificate were to become compromised or if a manufacturer misconfigured a batch of V2V systems, the certificate authority would be able to revoke the associated certificate. This prevents spoofing much in the way that DNS SEC prevents the “poisoning” of Internet domain address tables by a rogue Domain Name Service server.
The problem is that no one has ever developed a PKI system large enough to handle every vehicle in the United States—every car, truck, bus, and motorcycle. The revocation table for expired or compromised certificates would have to be distributed constantly to cars to make sure they weren’t victimized by recorded data attacks or other systems that used hacked hardware to spoof traffic.
So far, there hasn’t been any agreement yet on how this PKI would distribute its certificates. Proposals have included having roadside systems issue certificates as vehicles drive by and having certificates sent to vehicles out-of-band over cellular connections. The latter would mean that every car in the country would have to have its own integrated cellular phone or that drivers would have to connect their phones regularly to the systems to ensure they didn’t get shut out of the network.
Oh yes, please: let’s build a mass communications network dependent on a (largely) creaky Certificate system, deploy the devices to the attackers (i.e. car owners), and just trust that no one’s gonna hack a mass, nation-wide, Vehicle-to-Vehicle communications network.
Also: taking bets on it being an escrowed certificate system. For public safety and all that good stuff.
Categories
2013.11.11
Generally it takes an incident to focus attention on the issue of informational privacy – and such incidents tend to focus on one type of record system at a time. This human interest element helps to define the policy problem, galvanize media and public attention, and give members of Congress concrete examples of privacy invasion to justify their votes. There is always vocal and well-financed opposition to privacy protections, generally from business and government bureaucrats who do not want to restrict access to information. Their opposition is usually quite successful in weakening the proposed privacy protections and in further narrowing the scope of such protections. And after passage opponents are likely the challenge legislation in the courts, often on the basis of First Amendment grounds that any information, including that about individuals, should flow freely and without government restrictions.
Priscilla M. Regan (2008), “The United States,” in Global Privacy Protection: The First Generation, James B. Rule and Graham Greenlead (eds.).
Zombie Kerry and his horde of zombies are displeased that you don’t support bombing Syria.
Categories
2013.8.20
In the UK, the public, press, and politicians vigorously debated the Communications Data Bill, a law that would require ISPs and telecommunications providers to keep metadata records for 12 months (as of this writing, the bill has been withdrawn). The US had no discussion of such a bill; something more draconian simply happened through a secret interpretation of the law.
Susan Landau, “Making Sense from Snowden”
Excited Pixels 