When you call your enterprise “Hacking Team” you’d like to think you’re pretty on top of that whole, well, hacking thing. Yet here we are, telling you about how the aforementioned organization has just seen 400GB of data pilfered from its servers, and put onto BitTorrent for all to see. Hacking Team is known for its controversial “Da Vinci” software that allows governments and law enforcement agencies to monitor encrypted communications such as email and Skype conversations, and collect evidence on citizens. It’s fair to say it’s not popular with journalists and privacy advocates.
The leaked data are reported to include info such as emails, customer info, internal documents and source code. This puts the agencies or governments using the software at risk, if the source code contains vulnerabilities. Privacy researcher Christopher Soghoian has parsed some of the files, revealing that Hacking Team’s former customers include (among others) South Korea, Kazakhstan, Saudi Arabia, Egypt, Chile, Oman, Lebanon, and Mongolia.
Other documents reportedly show the company told the UN it had no business dealings with Sudan, yet an invoice among the leaked files suggests otherwise. Civil rights groups have repeatedly expressed concern about Hacking Team’s software falling into the hands of oppressive governments, something the firm has stated it takes measures to avoid. The company’s website is currently unreachable, and its Twitter account was hijacked at some point, too (though that looks to have been resolved). Given the amount of info leaked, more revelations are still coming to light. We’ve reached out for comment, but we’re sure the company has a few high profile clients it’ll need to tend to first.
But time passed. Innovation in computing and Internet access progressed more quickly than anyone could have ever imagined, and policymakers struggled to keep up with a basic understanding of how the online tools that we use to shape our personal and office communications actually work.
As a result, we have a law that’s more outdated than one of these:
(In case you were wondering, that’s a pager.)
The patchwork quilt of standards that were modern in the mid ‘80′s are now woefully outdated – and an affront to even the most basic of our civil liberties.
Here’s how bad it is:
An email can be accessed without a warrant just because a message is over 180 days old. That dorky first email your partner sent you asking you out on a date six months ago and you’ve saved out of nostalgia? It’s open season for law enforcement!
Location information usage is ambiguous. ECPA does not have a clear policy on law enforcement access to your location data. With more and more apps and website relying on your position to serve you up localized content and directions on where you need to go, this is clearly a treasure trove of information waiting to be discovered without your consent.
Luckily, Congress can make this right by moving legislation to fix ECPA forward. A large, bipartisan majority in the House (280+!) is already on board with a bill that would do just that — a rare feat for any piece of legislation on Capitol Hill.
What would it take to actually consider the privacy rights of the most marginalized students?
The threats that poor youth face? That youth of color face? And the trade-offs they make in a hypersurveilled world? What would it take to get people to care about how we keep building out infrastructure and backdoors to track low-status youth in new ways? It saddens me that the conversation is constructed as being about student privacy, but it’s really about who has the right to monitor which youth. And, as always, we allow certain actors to continue asserting power over youth.
“During a day of action in December, my mother and 3-year-old niece were followed by the police from our church to my house (about a 30-minute drive), because they were in my car. The police were attempting to see where our next action was. In the month of December alone, members of our leadership team were pulled over and harassed by police officers at least once a week in two different states.”
Other: Part 1. This comic is a quick overview of what surveillance means and how we can’t avoid interacting with it.
The killer is, there’s no ‘off the grid’. That step where they compare you against norms and patterns? (3: analysis and response), well, that’s where when you’re something weird, or unexpected, you get flagged for further scrutiny. You can’t disengage from all our surveillance systems without it looking weird, and once it looks weird, you’re right back in the system, tagged as 'weird’ somewhere for someone to look up one day.
Now, not all surveillance is bad. Public health does a lot of surveillance, and when it’s done ethically, they’re trying to track health issues and implement plans that make our communities safer. And some of it is a trade off: want to vote? there has to be some way of keeping track of registered voters, so that’s just part of a democratic process.
But it’s happening. every organized system you are part of is gathering and storing information on you. Heck, even your volunteer position has your name and number and emergency contact somewhere, doesn’t it?
And the bar for understanding and reacting to this is so fucking high, it’s essentially impossible for people who haven’t made a whole career out of understanding it. No one understand what Apple’s ToS means as a whole, and so when we click 'ok’, what are we really consenting to? Is that even consent?
Tune in shortly for the next installment: Classification, You, and Everyone Else!
Justice Department’s national-security chief cited a six-month transition period in the USA Freedom Act as a reason to turn the bulk surveillance spigot back on
The Obama administration has asked a secret surveillance court to ignore a federal court that found bulk surveillance illegal and to once again grant the National Security Agency the power to collect the phone records of millions of Americans for six months.
The legal request, filed nearly four hours after Barack Obama vowed to sign a new law banning precisely the bulk collection he asks the secret court to approve, also suggests that the administration may not necessarily comply with any potential court order demanding that the collection stop.
Justice Department national-security chief John A Carlin cited a six-month transition period provided in the USA Freedom Act – passed by the Senate last week to ban the bulk collection – as a reason to permit an “orderly transition” of the NSA’s domestic dragnet. Carlin did not address whether the transition clause of the Freedom Act still applies now that a Congressional deadlock meant the program shut down on 31 May.
But Carlin asked the Fisa Court to set aside a landmark declaration by the second circuit court of appeals. Decided on 7 May, the appeals court ruled that the government had erroneously interpreted the Patriot Act’s authorization of data collection as “relevant” to an ongoing investigation to permit bulk collection.
Carlin, in his filing, wrote that the Patriot Act provision remained “in effect” during the transition period.
The FBI has been secretly spying on us with a fleet of surveillance planes.
A new Associated Press report revealed a plot worthy of The X-Files: The FBI is operating a fleet of mysterious surveillance planes, flying over American cities, collecting data for unknown purposes and hiding them behind a series of front companies designed to conceal their existence from the general public. The FBI had a routine explanation.
audio soundwork; 18’24”. Courtesy
Joel Holmberg’s Changing My Password in “The Great Ephemeral” is the transcription of a telephone conversation between a customer-service representative and an artist (played by Holmberg himself), who expresses concerns that he may have compromised his bank account’s safety by sharing answers to his private security questions in a forthcoming published interview. While the conversation is humorous, the artist’s fears resonate with both high-profile hackings—actor Jennifer Lawrence’s childhood nickname “Nitro” led to the leaking of nude photographs, and the name of Paris Hilton’s dog provided the key to her infamous sex tape, for example—as well as the daily realities of those living outside the media spotlight. Holmberg’s work questions how we “secure” ourselves amid a proliferation of consumer identities that are subject to collection, monetization, and surveillance by an indiscernible number of forces, from private companies to third-party marketers to the government.
Holmberg’s work includes sculpture, painting, performance, and sound- and web-based work. As with Changing My Password, his pieces often exploit consumer access points set up by corporations—such as customer-service call centers and Yahoo! Answers, Yahoo!’s forums for public discussion—to subvert the behaviors and codes of such spaces and call their larger structures into question.