Wired State: November 2013

« October 2013 | Main | December 2013 »

November 2013

11/13/2013

#MyNSAQuestion

So I've asked if the facade on the Snowden ruse is cracking.

I personally believe it to be a ruse or a hoax -- a snow job perpetrated by not only a band of anarchists but the Russian intelligence using them as cats' paws. I've outlined a lot of the connections here and type in "Snowden" in the search box and read everything I've come up with.

But it doesn't matter what I say, I'm just a blogger.

Until some of the adversarial journalists crack, this won't be done. It's never going to be Glenn Greenwald or Laura Poitras or Jacob Appelbaum themselves.

But maybe Bart Gellman. Or maybe some other national security journalist who has shown a bit of skepticism.

Or maybe a CNN anchor -- we've seen one pummel Holger Stark already.

So today, I was pointed to this:

Very interesting, because this prominent journalist for Foreign Policy who has covered war zones and Snowden issues had this provocative question to ask of the Guardian.

If Snowden actually scammed his colleagues out of their passwords, how does that change your publishing choices? #mynsaquestion
— Noah Shachtman (@NoahShachtman) November 12, 2013

BTW, I was too busy to get involved in that session, but I noticed it was extremely lame. The same Guardian journalists themselves filling it up, and fangirlz.

What would be my NSA question?

Well, I might ask about this.

Or that.

Well, any of the contradictions here or here.

Maybe Greenwald wants to huff and puff indignantly that he never set up Snowden to hack or connived in his hack, but that's not the question, as Greenwald a) doesn't know how to hack b) didn't know what to hack until Electronic Frontier Foundation told him what was important (metadata).

So I'd ask if Appelbaum or Poitras or any others made a wish list for Snowden to hack, and did he hack with it, in complicity with them.

The angle that Noah is taking is more technical about the rules of the journalistic ethics and craft.

It's one thing if someone shared with you materials they had legitimate access to (like Daniel Ellsberg did with the Pentagon Papers) -- materials they authored or were given as part of their own clearance. The leaking of that is the heart of the case of the Pentagon Papers as being permissible under the First Amendment.

But if you steal, if you didn't have authorized access, if it wasn't what you saw through the normal course of your work day and become outraged at -- if you in fact got your agenda from a hacker's anarchist collective or Russian intelligence, for that matter -- then it's no longer whistle-blowing, and journalists providing you with an outlet may be helping you engage in espionage.

That's the implication.

Although Shachtman doesn't come out and say it. But then he doesn't get an answer, either.

I really think that when the Guardian does a public Q&A, they really should bar their own journalists from filling up the queue like Bolsheviks packing a peace meeting. There are more of them giving answers -- lengthy answers -- and asking questions -- than there are real people. They need to let the real public come in, and they need to shut up. They did this with the Snowden Q&A too, and it was fraudulent as a result.

Noah's question was never answered -- instead, they only answered his milder question with a lame generality:

OK, Guardian team, I'll play. How do you decide which Snowden doc to reveal next? #MyNSAQuestion
— Noah Shachtman (@NoahShachtman) November 12, 2013

@NoahShachtman We use the documents to craft stories, which we then report out. Some come together quicker than others. #MyNSAQuestion
— Spencer Ackerman (@attackerman) November 12, 2013

Posted at 05:06 AM in Adversarial Journalists, Hackers | Permalink | Comments (2)

In the Cloud, in the Cloud, Where the Sun Never Shines

So here's my Storify on a recent argument with the geeks on the issue of cloud encryption.

@Dymaxion (Eleanor Saitta) is bitching because the tweets are "taken out of context" (i.e. she couldn't win the argument in 140 character tweets) and are "out of order".

I'll certainly plead guilty to "out of order" because it's a bitch trying to get the tweets out of search and into Storify to reflect a Twit-fight. No service has perfected the art of making publication of twit-fights easier. Even Twitter's new Custom thingie just doesn't cut it because the moving widget is clunky, you can't just drag and drop but have to grab the little move icon and drag and drop (like on Scoop.it where it is also slow and clunky). You can also only do one tweet and a time and you can't see more than a stack at a time easily on Tweetdeck, which it forces you to use, because you are stuck with that UI. Oh, well. Here's my Wired State curation of geek talk, such as it is, I am not likely to keep using it as Scoop.it at least sweeps up more stuff to use.

But hey, you guys are all about "math" and you are all "math whizzes," so go and put the order correctly, like one of those school exams, using the time stamps. I will do this myself when I have like three hours to waste on it. Meanwhile, the gist is there.

And here's the gist:

Zeynap Tufekci, no technologist she, but merely a sociologist of technology from the "progressive" and even radical/anarchist side, whined that AWS, the Amazon servers, do not encrypt in the cloud.

Ever since we saw that funny little yellow sticky type sketch of the supposed NSA stripping of SSL layers to get at clear text in the cloud, I've had to wonder. What, Google has clear text in the cloud? How? Why? Really?

So I've been Googling around and reading this and this that explain from the business and government perspectives (they're both fine with me) that in fact you can encrypt in the cloud, but it will require things like you guarding your own keys or entrusting a key manager (presumably separate from the cloud vendor) or realizing that if your data is to be manipuated for various purposes you might need, like sorting or computations or whatever, that means there may be limits. Or you may have to concede that the vendor has to have a copy that you trust him with because he has to manipulate your data -- and that means he gets to scrape it to serve ads or improve his product.

All that sounds reasonable, because a lot of government data isn't sensitive, but mundane and even opened up now (hospital infection rates), and many businesses don't worry about the NSA (vacuum cleaner sales people who put their inventory in the cloud).

See, the crypto kids won't concede that there are a range of use cases and a sliding scale of what can and should be encrypted reasonably or not.

They start with the absolute stark paranoid anarchist crazy use case of themselves, and their need to escape accountability for their radical views and anarchist shenanigans. I've never seen a person demanding ultimate encryption who didn't also advocate overthrowing capitalism and Wall Street, redistribution, socialist programs like "net neutrality," copyleftism, etc. (or the antithesis, absolute escape from government as radical libertarians without any responsibility to society.) As I've just explained about Lavabits, I'm unimpressed; to me, the ability of law-enforcement to access a cloud service isn't a bug, but should be a feature. We need to fight crime -- hey, including THEIR criminality when they hack. They don't concede that.

Hence this debate.

Except even the ACLU's guru Chris Soghoian, who has me blocked on Twitter and always dodges my questions about Snowden's files, suddenly appears and one-ups @Dymaxion by saying essentially that she's wrong, that what I'm referring to is the ability to encrypt inside the cloud (double encryption) in these articles and that you can manipulate some data even when double-encrypted in this fashion.

See, even when "math" is involved, you can always find one geek to argue with another even about code which is supposed to be written in stone. I long ago learned that, which is why I am never, ever afraid to challenge a geek on their "math".

She had made it sound like a) no vendor can be trusted as they will "tell you anything,"i.e. lie because they have a profit motive -- she's the consummate technocommunist here -- and b) you can't move data that is encrypted without a key and "that's that, and it's math".

Her little nerdy friends chime in and cry "it's math" too -- and I'm told to take advanced math classes before I can have this debate.

Bullshit. Normal people who aren't math geniuses (I'm sure not -- I suffer from the discalcula that often goes with synesthesia, which I have) -- can demand of the geniuses that they explain themselves in laymen's terms and have some accountability.

After all, lawyers, doctors, teachers, are not allowed to encrypt themselves fully from the public and carry on their affairs in secret without oversight from professional boards and have to answer to society with ethics and good behaviour. They have to explain themselves and not scream "brain surgery" or "torts" or "TERC" every time you demand accountability.

Why would computer programmers be an exception?! Always and everywhere, they say "because math" or "because Internet" and demand an escape clause for themselves. Again, I cry: bullshit. You don't get that.

@Dymaxion is an exemplar of the adage that the unencrypted life is not worth living, to mangle a proverb. Everything she is and does is about secrecy -- she claims even to live permanently in airport lounges like Edward Snowden.

And I can only repeat what I always say: unimpressed, not interested in creating absolute encryption for scofflaws and criminals.

Meanwhile, some of her nastier little friends keep pestering me about "math" and I'm told I am "paranoid" because I have concerns about these people. Funny. They're the paranoid ones who want to encrypt themselves to death.

It's not about "not needing" encryption even at the level of a password for your bank account or email or health or school records, duh. It's about a demand that not even law enforcement can penetrate your citadel.

Posted at 04:45 AM in Anonymous, Cybersecurity, Hackers, Internet Governance, Occupy Wall Street | Permalink | Comments (0)

"Without Reaching the Human Eye": US Attorneys' Excellent Brief Against Lavabits

Ladar Levison. Photo by Gage Skidmore. September 2013.

This brief by the US Attorney's Office in the Eastern District of Virginia is a thing of beauty and a joy forever, just like the brief by the US attorneys in New Jersey against Weev.

Honestly, the way to fight back against the radical anarchists trying to take over the Internet or civil society with darknets is to use normal, organic law and the courts against them. This is our only hope.

Of course, these geeks loathe organic law and the very notion of the rule of law because they prefer binary code which ultimately is a weapon of force. Code is force without any logic but its own internal literal binary logic -- that's why they love it, it's a great accessory to their grab for power. The force of the state may back up organic law, but it's law that rests on consent of the governed, democratic principles, due process. Code-as-law has none of that. The people of Portlandia may have elected Ron Wydell, but none of us elected Snowden, remember?

Lavabits owner Ladar Levison has danced around like a common 4chan griefer with evasions and dodges and literalisms and Haskelling -- that bit where he printed out the key in tiny fonts in hard copy -- to make the feds have to type it in manually, risking error, to be able to access his stuff -- that was sheer Anonymous malice. Boy, have we see that one before.

Fortunately -- although you would never, ever know this from the tech press because they won't admit it, it's too shameful, ultimately the feds prevailed and Lavabits had to hand over Snowden's emails. They never say it's Snowden, but we all know that it is. He never admits that he handed it over, but the brief explains that he did in the end -- notice how the lurid press coverage of his $2000 a day fine died out because, well, he didn't keep defying a court order and paying the $2000 fine. If anyone knows any proof to the contrary, let's have it.

It's delightful to see how this brief tears apart the anarchist and nihilist logic of Ladar, which is common to the crypto movement that doesn't see anything legitimate in the state whatsoever and parks all morality and ethics in themselves (and we see what their ethics are like when we see Snowden connive to get 25 coworkers' passwords -- in a setting like the NSA where they'd be aware of such a violation normally).

Just as a business cannot prevent the execution of a search warrant by locking its front gate, an electronic communication service provider cannot thwart court-ordered electronic surveillance by refusing to provide necessary information about its systems. That other user information not subject to the warrant was encrypted using the same set of keys is irrelevant the only user data the court permitted the government to obtain was the data described in the pen/trap order and the search warrant. All other data would be filtered electronically, without reaching any human eye. Finally, Lavabit's belief that the orders here compelled a disclosuore that was inconsistent with Lavabit's "business model" makes no difference. Marketing a business as "secure" does not give one license to ignore a District Court of the United States.

At the end, the brief demolishes the iea that there is any violation of the Fourth Amendment because the government "would have the ability (though not the authority) to review other Lavabit users' data."

"This argument is wrong," says the brief plainly, and spells out why:

o the warrant was particular in identifying only the information about one user (Snowden).

o when Lavabit finally complied, "it had no difficulty identification the exact data called for by the warrant"; thus the warrant wa not "defective" or overbroad

o the warrant didn't authorize "rummaging" through all user data or propose "to gain unfettered access to all -- all -- of the data". It asked for one. "Lavabit conflates information that would actually be seen by a human investigator with data that would momentarily pass through the pen/trap device's memory before a computer forever discarded it." The other data would be filtered out "without reaching any human eye'.

o "Lavabit's use of a single lock to secure all its users communications does not mean the government's procurement of Lavabit's key for the purpose of inspecting one usesr's communications is overbroad." The analogy Lavabit used in its brief -- that it was like the government getting a master key to all hotel rooms. Precedent cases are cited here where it was held that "any and all...keys...showing access to, or control of" a residence was not constitutional overbroad."

o "Lavabit's parade of hypotheticals regarding other possible unlawful actions the government might take with the fruits of a lawfully executed search warrant should not invalidate a warrant issued by a neutral magistrated absed on probable cause." That's because, you know, statutes such as the Wiretap Act STRICTLY REGULATE what the government can do. As "rummaging" would then "be a crime," the claim of a hypothetical is not grounds to invalidate a warrant.

This is a really important concept that binary-thinking never, ever get and deliberately don't get, on the NSA or any other case. That is that the government is under the rule of law. It is regulated. There is due process. And the court of law where the case will end up will examine this and throw out what is gained unlawfully. So the investigator has a powerful deterrent not to commit the crime that Lavabit, part of the criminally-minded underground itself, imagines it will commit.

Taken to its logical extension, Lavabit's argument could be used to invalidate any investigative action taken by the government. Rogue agents might abuse any pen/trap device, for example, to illegally and surreptitiously collet data related to phone numbers or email accounts not listed in the authorizing order." They might exceed the location indicated or seize a weapon and use it in a crime. "The possibilities are only limited by the imagination" But, courts 'do not and should not invalidate warrants based on speculation; rater, wheter a particular government act violates the Fourth amendment requires actual facts not just the possibility for harm."

Amen!

In this discussion you can see as in miniature the entire falsity of the entire Snowden Affair -- the claim that hypotheticals or capacities for harm are in fact used for harm when there is no case.

There's another critique from the other, even more radical end of the Crypto Party -- Moxie Marlingspike of Spring Break of Code in Hawaii fame.

There's even a reddit AMA now on this.

The critique from Moxie is mainly on seemingly false advertising that end-to-end encryption would protect users' data. Now, claims Moxie, that is revealed as a lie, since the feds could come calling with a search warrant and compel Lavabits to turn over one user's data.

Sounds an AWFUL LOT like the critique Jacob Appelbaum mounted against the Chinese dissidents' Ultrasurf which he viewed as a competitor to Tor for government funding.

And that's just it. Moxie is a competitor, although not directly with email as far as I know.

But...who uses email? Young kids today don't use email. Moxie is working on software that encrypts mobile messages and communications, and that's what matters increasingly to people. So he's a competitor in that sense, he is also trying to sell an encryption solution.

These people aren't driven by desire for money -- although whatever Moxie got for selling his Whisper thing to Twitter can't have been something he rejected, as it would give him freedom to go on being a geek wandering around the world undermining institutions and governments on a whim.

Rather, they want mind-share and power and influence. Especially in social media. Hence all this chatter and ask-me-anything.

Oh, notice that logo of the Campaign for Liberty? That's a Ron Paul front group.

The radical left and radical right converge around the crypto party stuff as we know. This is not good for genuine liberty.

Posted at 03:52 AM | Permalink | Comments (0)

I'm Sorry, I Can't Cry About AT&T Selling Terrorism-Related Phone Data to the CIA

AT&T Lobby. Photo by eTombotron.

Everybody complaining about this today like Chris Soghoian and company from the ACLU are leaving out the terrorism part.

The information is NOT the content of your phone call -- the companies don't tape your speech from telephone wires or retain the data from your voice over the Internet.

Heres what it's actually about:

The program adds a new dimension to the debate over government spying and the privacy of communications records, which has been focused on National Security Agency programs in recent months. The disclosure sheds further light on the ties between intelligence officials and communications service providers. And it shows how agencies beyond the N.S.A. use metadata — logs of the date, duration and phone numbers involved in a call, but not the content — to analyze links between people through programs regulated by an inconsistent patchwork of legal standards, procedures and oversight.

Every day, I wake up in the morning and look through the news and think to myself, "Today's the day that maybe I'll be finally convinced that something Snowden has divulged is worrisome, and maybe he's right." As I click on a story every day, whether it is "the one" -- Merkel's phone? Undermining encryption? And every day, I come away saying, "No sale."

At this point, I'm pretty sure, after six months or so of the Snowden thing, that nothing will convince me that he is right and I am wrong -- in fact, more and more information is coming forward that shows him in an increasingly unfavourable light -- like that deception of his co-workers.

Some people think that represents a training from a hostile foreign intelligence like Russia or China. I think it's just like 4chan.

How many zillions of customers have I had in Second Life that wept about their account compromised. Why? They gave their password to a trusted friend or lover or business partner "just for a second" and they stole everything or wrecked everything. Why? Because the scammer told them they would "help" with somehing. Perhaps something broken on their simulator, or something they couldn't figure out to build, or something they couldn't access to remove without permissions or whatever -- some annoyance. And that trusted party would say, "Let me help -- give me your PW for a minute and I'll take a look -- you can change right after I'm done." Famous last words.

I think it's more likely Jacob Appelbaum suggested this to him than Ivan Ivanov from the FSB.

But wait, am I actually saying maybe some day Snowden's revelations *might* convince me?

Yes, truly, I do ask this question, even though I'm one of the greatest antagonists to the entire Snowden Snow Job and all its promoters.

And that's because I think you have to always be your own devil's advocate if you can. Why not? After all, I don't have a stake in the government being right on this. I view the NSA's dragnetting as legitimate, but if it turns out to be, it will only be a secondary issue to the initial dragnetting that is Google, Facebook, etc.

That's why I'm not for forming little guerilla clusters on Twitter and constanting badgering and heckling the opposition but trying to use reasonable arguments with them. To be sure, they'll view ANY critical response as "bullying" and "harassment" because they are paranoid loons. So what? Some are reasonable and it's worth comporting oneself so they can't make a case that, for example, you used their private health tragedies as some form of attack against them.

So I've said no one has come up with a case, so come up with one. Let's say Snowden finally came up with a file on, oh, Code Pink's Medea Benjamin. I definitely have very different views than she does, but I share her concerns about drones and the fact that they are not under military control but CIA control. As much as her whole shtick isn't for me, I wouldn't want her to be persecuted by the government, hounded or harassed, unlawfully put under surveillance. She has a right to dissent and we all depend on her ability to maintain it. Even so, she goes beyond mere freedom of association and expression to "direct action" -- which all the kids and even 1960s types like herself have moved a slider on very duplicitously in our day. They use this oxymoron (Jacob Appelbaum is particularly notorious for this) -- "peaceful direct action."

Direct action is not peaceful. It is not non-violent. It is coercive. It often triggers and provokes vilence (think: Gaza Flotilla). It is not going limp and submitting to arrest; it is blocking traffic on the Brooklyn Bridge. It's refusing to disperse when the permit for the march expires. Sorry, it's unlawful and there has to be consequences to such behaviour. Nowadays Occupy and WikiLeaks and Anonymous all howl in rage if they engage in unlawful behaviour -- hacking and blocking real-life streets -- and then whine that they are persecuted and they were only doing "non-violent" activity. Baloney. It is violent because it is coercive. It's not shooting a gun or breaking a window, even, but it provokes the use of force, and that leads to things like the infamous pepper spray cop. Few people realize that the demonstrators not only didn't disperse, they whistled to their friends and put another ring around their sit-in that then blocked the police themselves and traffic. So sorry, that's when the pepper spray comes out.

But... let's say Medea discovers she is a target of surveillance and begins to howl. Should I join her? Well, for one, I don't think that direct-action anti-war activists get to demand absolute privacy and absolute encryption for their anti-state anarchist and radical activity. So I think it's more than fine for the FBI to watch her using open sources, just as I think it's fine for the FBI to watch anti-war.com -- I'm not sharing the pearl-clutching that Spencer Ackerman is showing over some of this. If there was clandestine surveillance of their private life, say, following them at their homes, following them as they associated with friends or family or even had private work meetings, I would say that looks unlawful. But sending a field agent to a public lecture? Of course not. Reading their blogs and reporting on their doings regularly? Of course not. The Southern Poverty Law Center loves to follow extremist movements of the right; it won't do it for the left. So the FBI has to.

As for the CIA, I think following someone who hooks up with Imre Khan in Pakistan and then takes part in an anti-American march that is absolutely uncritical of the Taliban also deserves a look-see. It's a public event, after all. Is there grounds for a wire-tap? No, not that we can see. This is radical activity, but not illegal activity. The "direct action" consists of bursting into hearings and other public meetings and running around with protest signs or big "watching us" glasses. This deserves a disorderly conduct charge or simply an eviction, but doesn't warrant a wire-tap -- and no judge has issued one.

So let's say we found that the NSA hoovered up Medea's metadata -- everyone she called while in Europe or Pakistan. Why? Because she contacted Pakistani Taliban apologists who were being watched by the CIA because they were part of the Taliban milieu. I can't see that I'd object to this legitimate and lawful activity on their part.

But what if the NSA or CIA intercepted the content of all her phone calls and her friends' phone calls without a warrant? That would be unlawful most likelyl. Worse, what if they used that content to stage various annoyances for her -- spread rumours, leaked personal information that might be detrimental to the conservative press, that sort of thing. That's COINTELPRO, that's unlawful.

The people supporting Snowden and absolute encryption don't recognize the right of society and law-enforcement to surveil radicals like Justin Raimondo or Medea Benjamin at all, in any form. But I do. Because they are a threat to all of our freedoms and human rights if they come to power, which they are bent on doing. These are not mere commentators or reformers; they are people who want to bring down the government. They have radical, authoritarian ideologies in the end -- Benjamin doesn't blink about the Taliban and myopically focuses on America; Raimondo is a conspiracy loon. They are entitled to untrammeled freedom of expression and -- by the way -- get it. But they aren't entitled to undemocratically take over by force. People who run through a hearing on drones or surveillance to "make a point" today maybe just "make a point". But tomorrow, they may get their friends and run through a hearing to shut down the functioning of Congress. I'm not for letting them do that.

Meawhile, everything I see in the CIA and AT&T story sounds fine to me:

o the government request is lawful as it is related to terrorism cases, not "everything"

o when it has overreached, it has been slapped down by the DOJ, and that shows the system works

o there are real cases in which real terrorists are stopped, or the claim is made that they are stopped (Muhtorov). No need to allow another Tsarnaev Brothers story to reoccur.

o selling the data doesn't bother me -- it's work, it's effort, let them pay

o AT&T is often the telecom the geeks love to hate because it's a telecom, antithetical to Google and the Internet companies they prefer. Too bad. It's a good thing there is a separate bastion of telecoms in our society that can stand up to Google.

Call me when you have a case.

Posted at 03:29 AM in Anonymous, Human Rights, Occupy Wall Street, Telecoms, U.S. Policy, WikiLeaks | Permalink | Comments (0)

11/11/2013

Framed: Sen. McCain's Interview with Holger Stark of Der Spiegel

I was sorry to see Sen. John McCain step into this one, just like he stepped into the Pravda incident -- and of course, not without help from John Hudson, who thought it was a great prank to pull on a disliked political figure.

Does McCain have people on his staff who get it about Russia and its water-bearers like Holger Stark at Der Spiegel, champion of Edward Snowden? Surely he must.

So here the senator is giving an interview to Holger Stark, this WikiLeaks supporter, Chaos Computer Club regular, and wily underminer of American power who has made a career of anti-American hatred and venomous opposition. Didn't he know?

The purpose of this interview isn't really "to interview a news-maker" or "to get the views of an important figure even if we don't agree with him."

No, the purpose was to put Sen. McCain in a frame where he would be prompted to say something that validated Stark's machinations around the Snowden story, and then box it and wrap it to help maintain his own narrative through exploitation of a credible figure.

So, sure enough, by speaking of th Merkel debacle as if it was a known fact that she really was bugged by the NSA, Stark got McCain to fall into line.

Hence:

SPIEGEL: Senator McCain, do you still use your cell phone?

McCain: Yes, because I don't say anything that I am concerned about being publicized.

SPIEGEL: Can you understand why German Chancellor Angela Merkel was so upset by the revelation that her cell phone had been monitored?

McCain: Yes, absolutely. A certain amount of eavesdropping goes on amongst friends. We all know that. But it happens to be my personal opinion that the German chancellor's personal cell phone is not something that should be eavesdropped.

SPIEGEL: What did the National Security Agency hope to learn through their eavesdropping on Merkel's cell phone? There are experts that say the US would naturally be interested in information regarding national security, for example where Chancellor Merkel stands on troop withdrawal in Afghanistan or stricter economic sanctions against Iran.

McCain: I think we could find that out in many other ways, especially amongst friends. You don't have to invade someone's privacy in that fashion in order to obtain that information.

SPIEGEL: Why did the NSA do it then?

McCain: The reason I think they did it is because they could do it. In other words, there were people with enhanced capabilities that have been developed over the last decade or so, and they were sitting around and said we can do this, and so they did it.

Um, but wait just a minute.

The answer to have given there was this:

Are you certain that in fact the NSA did bug her phone, and do you have proof, Holger Stark? Because a CNN interview of you established that you don't know for a fact and don't have proof. And so I'd emphasize that as we look at this story. Maybe Merkel was only in a list -- a potential, not an actual, in case things really went back in Germany (as they in fact have been doing as German political parties have turned against the US and openly agitated against the US, even to the point of accepting a defector from the NSA who fled to Russia on their soil.)

That's an important frame to establish -- that Holger Stark and his hacker friends who already campaigned against the NSA long before Snowden -- do not have the goods on this, and the entire thing may be misleading or fabricated.

Only after establishing this, should you then move to stating policies around it, i.e. that it's not a good idea to bug allies, and that it actually isn't good tradecraft, as we should have many other channels of trusted face-to-face communication with our allies.

Now, McCain has his views, being around the libertarian right, about this matter which I certainly don't share:

SPIEGEL: Who must be held accountable?

McCain: The head of the NSA, the president of the United States, the Congressional Intelligence Committees, all of these contractors we pay that were responsible for performing the background checks. There should be a wholesale housecleaning.

SPIEGEL: Should Keith Alexander, head of the NSA, resign?

McCain: Of course, they should resign or be fired. We no longer hold anybody accountable in Washington. The Commandant of the Marine Corps fired a couple of generals because of failure of security at a base in Afghanistan. Tell me who has been fired for anything that's gone bad in this town.

This is kind of low, since Alexander is scheduled to step down anyway, and was before the Snowden affair.

Here's what I wish McCain had said.

First and foremost, we must seek accountability from Edward Snowden himself, as he has knowingly broken the law, violated his oath, and harmed his country severely for no good reason. He's a clear-cut case, and that's what the President of the United States has to articulate very clearly (and hasn't done so): that he is a wanted felon, that the US will continue to insist that he be returned, that he was not forced to flee to Russia but had other options including returning home to face justice if he thought he was such a whistleblower. His grand-standing, setting of deadlines to the Washington Post, release of loads of information that has nothing to do with privacy rights at home or even abroad, but everything to do with harming relations with allies, his release of IP addresses to the Chinese, his cooperation with the Russians -- all of this means that he is an enemy of America, not a hero.

Second, we have to concede that none of the materials provided actually show cases that should alarm us, but instead show only capacities and processes that in fact have a lot of oversight -- and McCain could have mentioned that, as well.

And then there's this: Reform that is coerced isn't reform, but a coup.

Now that Congress is forced to assess the NSA at the behest of the Snowden/Guardian/Washpo junta, the guidelines should not be whatever sensation with half-truths that Greenwald is releasing, reacting to whatever perceived scandal there is, but should instead start with the basics of what security our country needs, given the enemies we have, and take it from there.

This interview isn't without its good moments -- here's the "when pigs fly" quote which we'll all have to keep repeating:

SPIEGEL: What would be the consequences for Snowden if he were to return to the United States?

McCain: He'd go on trial, but he's not coming back.

SPIEGEL: Even next year when his asylum in Russia expires?

McCain: Never. President Vladimir Putin will grant him asylum indefinitely. The Russians know if they send him back that that's a lesson to other people who might defect. I'm sure that Mr. Snowden has told them everything that he possibly knows.

SPIEGEL: He denies that and says that he did not take the NSA documents to Russia.

McCain: If you believe that Mr. Snowden didn't give the Russians information that he has, then you believe that pigs can fly.

SPIEGEL: Granting Snowden asylum has helped Putin portray himself as an important player on the world stage. This comes after his clever intervention in the Syria conflict.

McCain: It's one of the most shameful chapters of American history. First, the president of the United States says he is going to attack a country which is in violation of a red line that he himself had drawn. Then the president decides to go to Congress. Finally, his secretary of state gives an offhand remark that chemical weapons have to be eliminated and Russian Foreign Minister Sergey Lavrov, the wily old fox, recognizes the opportunity and takes over. Now we are treated to the most incredibly bizarre scene where Russians are helping to categorize and eliminate chemical weapons, while at the same time flying in plane loads of conventional weapons, which are used to kill Syrians.

All in all, however, Der Spiegel is not a frame the senator should have entered. If he couldn't insist on first challenging Stark's reporting and his world view solidly, he shouldn't have entered into this frame.

Posted at 11:00 PM in Hackers, U.S. Policy, WikiLeaks | Permalink | Comments (0)

NO NO NO NO NO!!! NOT THE SOCIALIST ELIZABETH WARREN FOR PRESIDENT!

Noam Scheiber has a piece up promoting the idea of Elizabeth Warren for president. I personally am for Hillary in 2016 at this juncture, unless I see a better idea, even though I realize she may tack left. But I wonder if in fact that will be the strategy, as people will be good and sick of Obama's failed stealth socialism by 2016.

Basically, this Warren thing is the Silicon Valley technocommunism perspective -- those that have already made their riches (the owner of The New Republic is Chris Hughes, who made his fortune from Facebok) are happy to prescribe socialism for the rest of us. They figure they not be required to crack loose any of their own stash, or cease their practice of shipping jobs and manufacturing abroad, if they keep funding the campaigns of people like Cory Booker, Bill DeBlasio, and now Elizabeth Warren.

My response:

At least Noam is admitting that young people openly opt for the "s" word.

So make a Socialist Party, or revive the Democratic Socialists of America, and go into that, rather than wrecking the Democratic Party.

Ever since I saw Warren's clip about "you didn't build that," I've watched her closely to see whether that was a one-off or in fact emblematic of her socialist "progressive" views. And the answer is: the way you know she is a stealth socialist even worse than Obama is her harping on the "middle class". Whenever you hear somebody blathering about "the middle class," you know their real agenda is socialism. They think that is a supercool way to cloak their hidden agenda, like any "single issue" fake politics concealing hard-core cadre organizing for socialist programs. They think that "ordinary people in the middle class" will then follow them. Baloney.

I'm not in the middle class; I'm in the lower class as a single mom of two in the non profit sector. But I'm not fooled by all his talk of middle class. The way to lift all boats is to encourage business to thrive, which creates jobs and commerce. Warren is afraid of commerce; she's a scold and takes a punitive approach to commerce.

She adopted the Bolshevik Occupy rhetoric of wanting to hang the rich from the lamp-posts, asking when these regulators stopped beating their wives. The objective is to regulate, not send to prison. Good Lord. If there is no crime committed worthy of sending someone to prison like Madoff, then fines are the appropriate way to go, and certainly Chase is being shaken down. Punitive practices regarding non-cronies is like Russia; it has no place in America. Keep it away.

First come people's hard work, and for some, entrepreneurialism. Then comes the paying of their taxes. Then comes using that taxes to build roads to sustain them, as government for and by the people. It's not about putting first the socialists in the redistribution committee in power and having them extract and redistribute. Warren doesn't get that. It's not about her and her power to redistribute; it's about people's work and their entrepreneurial achievements.

If the Democratic Party doesn't realize that they cannot have Warren or leftist clones worse than Obama, and can't produce Hillary in 2016 or some reasonable moderate candidate who doesn't hate business, then we will be forced to put in protest votes with the Republican Party. And not for the first time.

And further, to those who object and keep ranting about "banksters":

Oh, not at all. I challenged Warren specifically on the quote made by Noam in his article, in which he took great glee, where she confronts the Wall street regulators. She implies in her quote that the purpose of regulation is to produce criminal sentences. That implies that regardless of the truth, regardless of the facts, such boards should nail people to the wall to satisfy populism regardless of the truth. That *is* what Bolshevism *is*.

She herself cites no cases; she doesn't supply any facts; she doesn't say, "I've been researching Jamie Diman and here's why I think that the hefty fine is not enough, he needs to go behind bars because of X, Y, Z facts and argumentations I'm bringing." Instead, she implies in a highly politicized manner that ONLY if people are put in jail -- like Russia -- without due process, without facts, can she "win". Win for her Bolshevik cause, of course, because it's not a win for any just justice system.

Corporate lawyers with PhDs themselves aren't businessmen and aren't even practicing lawyers if they go into politics, and begin to spew ideological statements in a partisan manner. It's great she has a legal background, but she never seems to have run a business and she has a great animus to commerce and capitalism.

Fox News is watched by only 2 million people. The Tea Party is waning. What you're really up against are liberals and centrists in the Democratic Party itself, as well as independents, who will not stand for this kind of socialist demogoguery.

If she really has found corporate fraud, let her bring the facts, let her have hearings, call witnesses, commission reports. I don't any of that. She has no case. She is substituting rhetoric and grand-standing for having a case. That's extremely dangerous and unjust.

Posted at 10:36 PM in Current Affairs, U.S. Policy | Permalink | Comments (1)

Could There Be An Alternative to Google?

A storm trooper and a little robot guarding Google servers. Are the script kiddies going to have that on the darknets? Here's the tour.

So here's the latest boy wonder making "a Google alternative".

He's now building an operating system that anyone can use to replace all of the services that Google provides — or any other cloud company, for that matter. Email, chat, file sharing, web hosting: With Cook’s arkOS, you’ll be able to run all of those essential services on a secure, private server in your own home that’s about the size of a credit card.

“Google, while it is a great service that has done wonderful things for the Web, is showing some troubling signs,” Cook told me. “Their shutdown of Google Reader earlier this year means that none of the services [we] rely upon are sacrosanct if they are not profitable enough for them.”

I couldn't complain, at one level, because we all need Google alternatives.

It's creepy the way you now go to google.com and it has this giant big log-in interface with ONE in big letters that lets you know that you are now logging into ALL Google services AT ONCE.

There's something unsettling about all their services now in that funny block that looks like an I Ching up on the right-hand corner. You go to your email, or your Google Docs, or G+ or some other G thing, and you feel that all around you is the heavy breath of Google scanning you for ads to pitch and things you've said that it will crib for those ads.

I guess my theory about Google lately, now that we have not only Team Snowden but also the beginnings of the Wired State shaping up (and those last two go together, but are in tension and even at odds, i.e. Jacob Appelbaum stops any association with the Guardian) that eventually, Google might turn into a normal company. You know, as normal as IBM or Xerox, which isn't saying a HUGE amount, as they will still be venal Big IT, but Google might become more accountable to customers and the general public as IBM and Xerox have over the years. And that's all a good thing. I guess my end game for Google is that it breaks up like Ma Bell, and is forced to calf off those hardware things like driverless cars and that it is forced to do more for privacy like get out of our email. But that's a long ways off...

I could see signs of normalcy straining to break through the geek weirdness when Google made a Halloween Doodle that was actually nice, instead of one of those things that look like it came from the Soviet Academy of Science's pick of the week, like the 108th anniversary of some obscure scientist. And it started doing that when it realized it needed to sell tablets, phones, normal things that people will buy who don't want all the geek culture crap to come with the product, they want normalcy.

To be sure, we've got alternatives. Bing is one, of course; Yahoo, if it is scanning my email, is sure doing a lousy job of it because all it pitches to me is car insurance (I don't own a car) and stuff about moms going back to school on Obama loans (sorry, I wish I had the time but I don't). That's a good thing, if it "doesn't know". Meanwhile, I write an article for naturalgaseurope.com, and go to that page quite a bit, and then every other page I visit thinks I'm a corporation and tries to sell me natural gas stuff. Facebook is still trying to give me attractive men in my region, Ugh boots, Ellen de Generes' TV show, Joe Biden, and furniture stores. None of them are relevant, but I leave them all alone or it could get worse...

But...despite needing alternatives, there are only new sets of challenges and problems that come with making a scrappy one.

Here's what I had to say about this:

Hmmm. Ordinary people won't be able to use it because it's Linux and open source nerdy stuff.

And instead of losing things we like such as Google Reader because of Google's business reasons (not enough people in fact did like it for them to bother and it competed with their drive to socialize people's reading on G+ to pitch ads through that system) -- now, we'll be dependent on the open source cult. Will they come to work, or will they be busy at a WoW raid? or they don't feel like it or ran out of Red Bull? Or they committed suicide? (Diaspora). Or they have to go get a real job because Kickstart didn't raise enough?

It's no better, truly.

Of course, I really don't have anything technically relevant to say here, so listen to a guy who seems to know what he's talking about, elforesto:

And let's be honest: if the feds want your data, they will get your data. It does not matter if the data is hosted with Google, with Bob's Web Hosting, or on your Comcast/Verizon/AT&T/Time Warner/etc home connection. The only way to safeguard said data is to encrypt it in transit (which pretty much everyone already does) or at rest (which almost nobody does). Cook is freely admitting that he doesn't know much about crypto and it kind of shows. So what if you control the SSL certs if the receiving mail server has an NSA tap and you didn't use GPG to encrypt it? This doesn't actually improve the security of your data at all.

Look, good for you for thinking about these things, but a lot of us with a LOT more experience doing this are going to give you the best advice you're going to get: go back to the drawing board. You're trying to fix a human problem with software and that simply will not and does not work. Want people to take owning their data seriously? Do workshops to help people setup their own hosting account. Want to help people secure their communications? Guide them through setting up GPG and give them a thumb drive with Tails. Asking them to install a Linux distribution on hobbyist hardware may be an effective use of buzzword marketing, but it will not solve the problem in any kind of meaningful way.

Cook then answers him by basically demanding more user education. That's what the geeks always do, and that's always a fail in my book.

Naturally, the idea of having some little jet pack that holds "your very own server" that enables you to have a kind of walkie-talkie with all the other kids in the neighbourhood outside the bad "Internet" that is now all "militarized" seems awfully cool. I bet this will really sell, at least, as he says, to "hobbyists" lol. In fact, local intranets and Open Garden and all that kind of stuff is very attractive to people who want to go out of the commercial Internet into the darknets, which are likely to be random patches loosely knitted together, or they'd merely replicate the original problem. I can't help thinking this is all like reverse-engineering of Second Life and the making of Open Sim and Kitely. Anything that is made outside of Google will perforce have to rely on Google products, capacity, hardware items, etc. etc. Imagine, having to Google to find the free nodes, and so on.

As for Google Reader, well, I don't miss it, to be honest. And to be even more honest, I had ceased to go to it every day after making it and filling it up with customized stuff. I rapidly developed blog bankruptcy with hundreds of people's blogs sitting there unread. I got the Google alerts on news topics in my mail box and stopped "going there" to look for stuff -- and those still work.

No, I don't "go there" to G+ as a replacement for Google Reader (their idea) because:

o too busy -- too many pictures, too many gifs, too much

o too many strangers, too many Google engineers without social graces

o too harsh rules, i.e. you get ban warnings over nothing, worse than Facebook

o too high risk of losing your content over a speech offense, i.e. some thin-skin geek decides to punish you for your legitimate criticism, and now you can't access your Google docs or email -- they're all related.

So as I've always said, spread your privacy erosion over diverse platforms.

In fact, the hilarious thing is that Yahoo now has a clone of Google Reader on its new Yahoo email interface. It does all the same thing, the weather, horoscope, the news you can pick, etc. And it's purple.

Also Windows 8 has a thingie where you can make a reader based on Bing which is perfectly fine and just as customizeable as Google Reader was.

But as I keep saying, Twitter is my magazine and newspaper now, I read that. I unsubscribed from the Times around the time that Risen ran the interview with Snowden so uncritically but I also just got tired of it billing every month when my own reading of it waxed and waned. I am waiting for the Internet people to come up with wallets to pay for individual articles much more easily and cheaply, and also tip bloggers easily.

Posted at 06:41 AM in Big Data, Cybersecurity, Hackers | Permalink | Comments (5)

11/10/2013

Mikko: "I'd much rather have a domestic Big Brother than a foreign Big Brother"

When the Guardian claimed, based on the stolen Snowden files, that the NSA was tampering with the very standards of encryption, they won over many more conservative geeks who weren't wild-eyed and rabid like Jacob Appelbaum and those in the hacker set. They tapped into a sense of both superiority and paranoia that all geeks have about themselves and code -- it was a brilliant social hack (I continue to maintain that most of what Snowden has produced is a giant social hack, from the con of 25 of his fellow employees to give him their passwords (!) to providing single slides or partial documents or plumbing sketches or outlines in lieu of hard, solid content deliberately, so as to incite hysteria that is hard to then shut up while the facts are parsed.

They claimed that through secret partnerships with commercial firms like Google or Facebook or Microsoft or Intel, the NSA was exploiting vulnerabilities or getting themselves private keys to decode texts:

But security experts accused them of attacking the internet itself and the privacy of all users. "Cryptography forms the basis for trust online," said Bruce Schneier, an encryption specialist and fellow at Harvard's Berkman Center for Internet and Society. "By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet." Classified briefings between the agencies celebrate their success at "defeating network security and privacy".

Once again, it's only Bruce Schneier -- the cybersecurity expert who always leaned toward defense of hacker culture and objectives and who has now fully embraced them by joining the board of Electronic Frontier Foundation.

The long Guardian article never supplies anything like proof -- and hasn't learned -- like the Washinton Post's Bart Gellman and his geek sidekick Ashkan Soltari -- to make impressive, complicated geeky diagrams. They do claim there was something in...2006:

Independent security experts have long suspected that the NSA has been introducing weaknesses into security standards, a fact confirmed for the first time by another secret document. It shows the agency worked covertly to get its own version of a draft security standard issued by the US National Institute of Standards and Technology approved for worldwide use in 2006.

"Eventually, NSA became the sole editor," the document states

That was when the New York Times published their famous article after waiting on it for some time.

Yet we're not told what it was, exactly. What kind of weakness? Where?

Something like that TLS handshake issue with the mobile app data heading first before the handshake? (No doubt that was devised to reduce latency -- after all, it's only communicating information about the phone and the app, and most users aren't going to find that a big deal -- so the handshake to validate the ID and the server comes later, so what? Only a geek could care if the lag meant the NSA could jump in the middle, because most people don't think they'll be bothered by the NSA.)

Despite the absence of any real proof, or any explicit walk-through of any actual case of weakening, this is now taken as an article of faith.

In a talk for the Silicon Valley cult agitprop factory TED, the famous Mikko Hyponnen, the Finnish cybersecuity dude, claims that the NSA has deliberately sabotaged encryption algorithms, in order to weaken them.

He postures on stage that he is angry, or rather, tells people they should be angry, and that the NSA is "wrong" and "rude" (like...a schoolboy who has been caught at a prank?). @TedChris is thrilled to pieces and tries to amplify the "anger" motif.

But Mikko cites no proof of this claim that NSA tampered with the algorithms. (He also fails to mention the hacking of his own country by Russia -- his reply to me about this -- that the news story I cited from November 8 came after the taping of his TED talk -- is singularly lame, given that a guru like him should have known of such a huge hack of his country ages before the news came out.)

Again: I haven't seen a single second source (outside the Snowden Brotherhoold) validate this claim of tampering. I totally get that it is possible, and a concern. What I don't see is replication of the claim. A couple of slides and a few Googlers do not constitute validation -- that's partial and speculative, like Greenwald's initial story.

The reason I don't buy it is simple: I see that Matthew Green is still not conceding it. All the Snowden geeks can do then is call him names; Greenwald implies he's a pussy because he then won't take the same set of Snowden materials they are all looking at and comment on them. But you know, that's because he isn't a journalist, and couldn't hide behind journalism, doing that...

Mikko spouts the theory that the USG deliberately spread malware to undermine Microsoft -- a country hacking itself, he says. Oh, come now. You're not worried about the Chinese and Russians?!

Mikko makes the outrageous claim that Skype was secure before it was sold to Microsoft, that it had end-to-end encryption and was safe. But that's ridiculous. One of the top cybersecurity gurus in NYC whom I happened to discover used to be horrified years ago, long before the sale to Microsoft, that I let Skype on my system because he found it full of flaws and vulnerabilities -- everyone knew about its backdoors. The Belarusian secret police had Skype conversations before the Microsoft sale. Please. Let's not be children here.

It's really annoying when people like him who are technical experts then spout political nonsense wrapped around it and think that their scientific knowledge is enough to validate their political views and manipulations. For example, his silly notions of the "existential" problem of the war on terrorism as being fake. He needs to check in with Madrid, or London or Moscow just on his continent if he doesn't want to contemplate our 9/11.

Then he says this -- which is very appealing to the countries of Europe: "I'd much rather have a domestic Big Brother than a foreign Big Brother" -- i.e. the US, running the cloud industry or search, via Google.

It's actualy especially appealing to countries with big powerful neighbours like, oh, even Russia, but not only Russia -- under the pretext of saying they need to hide from the Great Satan America, they can actually do the hiding from the places they really need to hide from -- Russia and China. Say, if that's how they have to sell it to domestic audiences, let them.

Despite Eric Schmidt's touching faux belief in old-fashioned borders remaining after he gets done Internetizing things, and even land valuation, the reality is that there aren't borders as there once were, that lots of artificial distinctions get made, and in fact, there's a very real question of whether absolute encryption by each individual government will become a demand that countries of the world will get met, on their own, if international bodies won't accept this.

That is, international standards may remain, but there will be encryption with locally-devised algorithms that keep out others like barbed-wire fences and mined fields. Will this be possible?

I'm not sure it's the worst idea at all --- and at this point, if we're talking Big Brothers, I'd rather have EU countries that are individual Big Brothers than a global Big Brother that Russia and China invade, and I'd rather have individual EU Big Brothers than groups like Anonymous or WikiLeaks or Occupy become the absolute-encrypted Big Brothers (they call themselves Little Brothers; they'll be big in a heart-beat with that unaccountable power -- and in fact already are.)

Obviously, if the global contenders for Big Brother role are China or Russia or America, I'd pick America because I think it will have far more freedom and accountability (as it already has running the Internet; one could argue, if you accept Snowden (and I don't), that the free American system produced a Snowden which then remedied the unfree aspects of the system -- no Snowden would appear in China or Russia. So there.)

Really, it's a war about encryption. Would you rather have script kiddies encrypting, or the EU? I'll pick door no. 2.

Mikko makes a nod to the rights of law-enforcement to pursue crime. But he think this is wildly exaggerated, and he thinks that a) NSA is dredging ALL communications of everybody everywhere and therefore b) this harms privacy and doesn't.

There's no concept of the combing of selected streams as being "not intrusive."

"You show me your search history, and I will find something incriminating in five minutes," he says, and yet doesn't take his laser-stare off the NSA for all that, and put it on Google, which is of course, at fault for retaining these searches -- something that the EU privacy tsars are always fighting Google about in lawsuits and deals.

So, what to do about this awful thing with this big Orwellian over-reaching monster called the NSA which has done these terrible things? Why, Snowden isn't to blame for harming the US cloud industry (which we don't know is ruined yet, actually) any more than Al Gore is to blame for global warming. (He like those cheering in the audience obviously think not only is there nothing to debate about global warming, even if everyone agrees, that there's nothing to debate about what the response should be.)

"The solution is open source," he says. Ahh, there we go. The cult of open source. And let me remind you of the distinctly authoritarian culture that comes with that cult, even if you are forced to use open source on this very Internet, just like you can't get away from American-manufactured cloud stuff -- although Mikko urges everyone to try.

Except...the standards of encryption of NIST are open and any eyes can see and complain about them. So have they looked and found then those evil back doors and weakenings they think exist? Well?

NIST noted that it has worked closely with the NSA to help develop encryption standards, due to the NSA's expertise in this area. NIST is also required to consult with the NSA by U.S. legal statute. But the agency noted that its process for vetting encryption algorithms is an open one, in which anyone can review and comment on the work being done.

"If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible," the statement read.

And the geeks are still debating about what this really all involves and really, there isn't proof from Snowden and Greenwald. All there is, is a lot of advocacy group hysteria, not facts.

Even in making their hysterical pleas, Global Voices is forced to say they don't know:

These revelations imply that the NSA has pursued an aggressive program of obtaining private encryption keys for commercial products—allowing the agency to decrypt vast amounts of Internet traffic sent by users of these products. They also suggest that the agency has attempted to put backdoors (well-hidden ways to access data) into cryptographic standards designed to secure users’ communications. Additionally, the leaked documents make clear that companies that manufacture these products have been complicit in allowing this unprecedented spying to take place, though the identities of cooperating companies remain unknown.

Many important details about this program, codenamed Bullrun, are still unclear. What communications are targeted? What service providers or software developers are cooperating with the NSA? What percentage of private encryption keys of targeted commercial products are successfully obtained? Does this store of private encryption keys (presumably procured through theft or company cooperation) contain those of popular web-based communication providers like Facebook and Google?

I really do highly recommend reading the geek Twitter interchanges with Matthew Green et. al. closely to see the dynamics involved. Note: Appelbaum is no longer working with the Guardian (small wonder there, as he accused them of sitting on Snowden stories). We don't know if that means if he is still working with Greenwald (seems not) or if Snowden has ditched him (I'll bet he has.)

Some are using the argument now -- trying to appeal to what they think are "a state's best interests," that you can't allow the NSA to introduce back doors, and industry should resist this, because otherwise terrorists and criminals exploit them.

Well, sure, every day, spammers and virus-spreaders exploit software and make everyone's life miserable, even outside the dynamics of Snowden/NSA and the US cloud industry versus people like Mikkol and his consulting clients in the EU.

I'm not buying this argument now because:

o you haven't proved that the NSA did this tampering

o you haven't proved that non-state actors have this capacity

o you haven't indicated any other way for law enforcement to do its legitimate duty.

It's that last part that troubles me more than anything -- Mikko like so many is far too casual about how exactly the police can track hackers like Snowden if the Lavabits of the world deny even federal agents with warrants, and even judge's orders. What is the plan now?

We're supposed to let the Lavabits of the world decide who they think are criminals and who aren't? Really, guys? Again, door no. 2.

Posted at 07:35 AM in Cybersecurity, Hackers, International Bodies, Internet Governance, U.S. Policy | Permalink | Comments (0)

Eric Schmidt's Virtual World

Land in Second Life. You can rent this waterfront for L$1600/wk. i.e. about US $6.00.

This was a very interesting piece in the National Interest, although they got it wrong about any real "anger" from Google over the NSA. (They're probably mainly angry that the NSA got hacked in the first place, really, and brought all this on them.)

But are Schmidt and his customers really surprised that the NSA looked for such a hole in Google's infrastructure and asked its foreign allies to exploit it? While Schmidt and many Silicon Valley entrepreneurs likely share the civil liberties concerns of many of their fellow citizens, the last several months of Snowden disclosures may be more troubling to leading internet firms for another less obvious reason: what they say about the role of technology on the world stage.

Indeed.

It's a tale that Schmidt and his coauthor Jared Cohen—a former advisor to Secretary of State Hillary Clinton and now head of Google's internal think tank—retell at length in the book they released earlier this year, The New Digital Age: Reshaping the Future of People, Nations and Business. Schmidt and Cohen are careful, as they gaze into their crystal ball, not to see a utopia. New technology, they acknowledge, can be used by authoritarians and terrorists just as easily as democrats and human-rights campaigners. Still, they are clear that the arrival of the internet age signals no less than a new epoch of history—in which a virtual world must simultaneously exist as a new testament alongside the old one. As they write, their vision is "a tale of two civilizations: One is physical and has developed over thousands of years, and the other is virtual and is still very much in formation."

I've been reading The New Digital Age by Schmidt and Cohen very fitfully -- I hate it, and periodically have to throw it across the room, which makes it hard to find then the next time I tackle it.

But speaking of virtual worlds, one of the appalling things about their ideology is the ardent belief that a mammoth virtual world -- the Internetization of things and everything -- is being built on top of this one, that we will all "have" to live in. And that real life will be "mapped" to this monstrous entity that will of course be run by coders (and PS not the NSA) and that such mapping/integration will make things "better" instead of being a God Awful Mess.

I begin to see why Schmidt is so fascinated with shall we say "distressed" states like North Korea or Somalia or Iraq. It's like the way doctors used to learn about the brain if there was, say, a train conductor who lost part of his brain and then lived in the eternal present.

By studying these dislocated war-torn or authoritarian societies that aren't the norm, he gets a better idea of how to destroy real countries and then put them back together on the Internet.

Hence, his discussion about post-war Iraq:

A parallel authority was set up to resolve disputes. These were important steps in the reconstruction of Iraq, serving as a moderating factor to the exploitation of post-conflict intsability and instances of claiming property by force. But despite their good intentions (more than 160,000 claims were received by 2011), these commissions were hampered by certain bureaucratic restrictions that trapped many claims in complicated litigation. In the future, states will learn from this Iraqi model that a more transparent and secure form of prtoection for property rights can forestall such hassles in the event of conflict. By creating online cadastral systems (i.e., online records systems of land values and boundaries) with mobile-enabled mapping software, governments will make it possible for citizens to visualize all public and private land and even submit minor disputes, likea fence boundary, to a sanctioned online arbiter.

I feel like Schmidt should have spent even a week in Second Life, let alone Iraq, or some place like Belarus, to get the sheer folly of all this.

For one, I think he has no idea that when all land is virtualized, and all value starts to shift to its virtualization, it will start to lose value. There will be the Anshe Chung problem as the wealthy can just open up Google maps and bid on any parcel on the map all over the world that is shown in yellow "for sale" as on the map of Second Life. There will be the flipping problem. The abandoning problem. The griefing problem. The 16 m ad lot problem. The Impeach Bush sign problem. Ok, I'm going to run screaming from the room soon at this thought... I think probably only about two readers will understand what I'm talking about.

For two, I think Schmidt knows perfectly well that the Internetization of Everything will erode national boundaries and put him and his company in charge -- but he pretends that's not so.

BTW, Google had a short-lived virtual world experiment called Lively which died.

Schmidt never mentions that or Second Life or any existing experience of virtuality on line, but in a way, his entire book is about how the Internet will penetrate and virtualize everything.

Schmidt loves the idea of exile communities -- the Tibetans -- rebuilding virtual countries online that are poised to come back some day. Except they don't. The Chinese move in Han settlers, wipe out monasteries, control education, jail monks and nuns and dissenters, force more refugees, and Tibet as an actuality grows more dim. He doesn't put that bit in.

In Belaus, Lukashenka just turns off the electricity. No electricity, no computers. Or turns off the cell towers. No mobile phone, no demonstrations organized. You could have exquisite exile governments -- and they have them -- but then they founder on the rocks of the reality of dictatorships that Schmidt seems to leave beyond the frame of his thinking. He just barrels ahead planning how all these good exiles (secessionist SiliconValley, anyone?) will build wonderful virtual governments online and impose them on reality -- uh, easily. No one will object, surely.

Well, and then there's the virtualization of everything, really.

I really must try to write my book about how Second Life predicts the awfulness of the Internet of Things, including your home and even your government.

Try to think of your home as a server in Second Life, and all the delights that will come with it:

o bans and ejects

o autoreturn

o group membership -- open and closed groups

o stripping of IP addresses to out alts

o griefing with particles

o mapping and stalking.

And that's just the beginning. Wait until they take away the vote completely!

Land records were among the first things the Lindens jettisoned when they moved from making the world the product to, well, just making the product the product, in about 2008-2009 after the big boom in interest and membership.

There used to be records of every land auction (simulator, or server or part of a server), with those who participated, what they bid, and who won. Then this was blacked out -- in fact, when, of all things, they moved to using ebay auction software instead of their own custom solution (Pierre Omidyar was an early investor in SL).

They did this because land began to devalue, the more there was mapping, information, and records of it globally -- and of course, there constant printing of new land.

Then they finally got rid of the auctions pretty much completely -- now only used odd lots on the mainland are auctioned.

I will have to explain all this another day...

Posted at 05:39 AM in Big Data, Big IT, Internet Governance, Internet of Things, The Wired State | Permalink | Comments (1)

The Wired State: Nerd Nodes, Here They Come

Tim Berners-Lee, inventor of the WWW, at the BBC. Photo by Documentally.

This is a topic that needs A LOT more commentary, but before it gets lost in my growing, enormous queue of important articles and books to comment on (I need staff! I need fellow bloggers to do this with me!), let me note this.

People worry about the NSA and Snowden's revelations. As you know, I don't think much of them; I don't think they are established, they don't have a case, they are about an anarchist agenda used as a cat's paw by the Kremlin, and ultimately I don't think there's a there there.

The problem with the Panopticon begins with Google and other platforms and that secessionist Silicon Valley, not the NSA, which plays catch-up trying to do the job it was hired to do. We have oversight, checks and balances, remedies, means of reform for the NSA.

We don't have ANY of those things for Google. That's why the NSA is never my primary concern.

I also have a long-term worry about the gnomes of the Internet who are steadily taking over pieces of it, and have really been galvanized now that the Snowden Affair has given them an excuse to kick the US government out of standards bodies and to oppose it in international fora and so on.

So this sort of thing -- nodes around the world run by collectivist nerds with budgets -- becomes of great concern, it's like the problems of ICANN and IETF which I have long written about (undemocratic, unaccountable).

Food Web.

They're eating

Cold poached salmon with dill & hollandaise dressing
Butternut squash, red onion & spinach tart

...while you're fretting about Snowden, who is also likely eating well either on the Russian dime or from money John Perry Barlow is raising from the glitterati for him.

Of course readers of this blog and my Second Thoughts blog about Second Life will recognize Beth Noveck.

I really should spend more time on dissecting her faux-democracy theories that are really about bureaucratic "democratic centralism" and collectivism.

Some day I will win the lottery and create my Institute for the Study of Internet Ideologies as an alternative and antidote to things like this.

Then I might be able to keep up with the nerd-nodes, but alone, I can't.

Still waiting for at least one other person to join me in the New England Society for the Pluralarity, which combats the Singularity.

So what could possibly go wrong if a bunch of high-class nerds who like to pay for expensive conferences get together and plan stuff? Why worry?

Well, look at the Open Data Institute's new global network, reported enthusiastcally by the Guardian (of course).

I bet few people gave this a second thought:

Just one year after its foundation in London, an organisation created by Sir Tim Berners-Lee and Sir Nigel Shadbolt to stimulate economic, environmental and social innovation through a system of open data sharing and analysis, has announced rapid global expansion of its ambitions.
The Open Data Institute has announced the launch of 13 international centres, known as "nodes", each of which will bring together companies, universities, and NGOs that support open data projects and communities. The nodes will be based in the US, Canada, France, Dubai, Italy, Russia, Sweden and Argentina, with two extra US nodes Chicago and North Carolina. Three further UK nodes are to open in Manchester, Leeds and Brighton.

The new ODI nodes will variously operate at local and national levels. Each one has agreed to adopt the ODI Charter, which is a open source codification of the ODI itself, and embodies principles of open data business, publishing, communication, and collaboration.

But they should, because of its budgets:

The ODI is a non-for-profit organisation that has so far helped set up more than a dozen open data-based startup companies in the UK, generating income, research and training. It has also created a certificate for open data allowing all users to access information on many areas such as healthcare, transport, peer-to-peer lending, and energy efficiency. The UK ODI secured £10m funding over five years from the UK innovation agency, the Technology Strategy Board, $750,000 from global philanthropic investor Omidyar Network created by eBay founder Pierre Omidyar. It aims for long-term sustainability through match funding and direct revenue through memberships and supporters.

Note the role of Pierre Omidyar, Glenn Greenwald's new angel for this new media thing that GG has left the Guardian for.

The other people in the speakers' list will tell you of more budgets, i.e. the CTO for New York City, which has a healthy budget for open this and open that -- which has never given us an app telling us where the toilets of New York City are. (I'm going to have to code one myself, which tells me how long you may be shifting from one foot to the other.)

"Open Data" covers a multitude of sins -- I will come back another day to dissect it. These are the bureaucratic "democratic centralists" of the Wired State. They are the ones who will control your health, education, welfare -- life -- data. Not the NSA.