Snowdon is a dummy

http://www.chicagotribune.com/sns-wp-blm-news-bc-postal28-20141028-story.html

WASHINGTON — The U.S. Postal Service granted 49,000 requests by law enforcement to track people's mail in 2013 under a program that often lacked proper approval, adequate justification and required annual reviews, a recent audit found.

Those deficiencies can "hinder the Postal Inspection Service's ability to conduct effective investigations, lead to public concerns over privacy of mail, and harm the Postal Service's brand," according to an inspector general's audit published in May. Names of the agencies and police departments that requested the tracking were redacted.

The report shows yet another layer of the U.S. government's surveillance tactics at a time when the public on edge about the extensive electronic spying revealed last year by former National Security Agency contractor Edward Snowden. The Postal Service program's "insufficient controls" cited in the audit only add to the alarm for privacy advocates.


"This sort of fast and loose surveillance of individuals' communications is unacceptable," said Harley Geiger, senior counsel for the Washington-based Center for Democracy & Technology. "A program like this, which can reveal sensitive correspondence, must have proper oversight, authority, and justification — and it appears that privacy controls were developed, but not followed."

The program lets authorities ask to record the names, addresses and other information on the outside of mail to help protect national security or help in criminal probes. Local law enforcement uses the program often to locate fugitives, or to obtain evidence or identify forfeitable assets in criminal investigations, according to the report.

Of 196 tracking requests reviewed, "21 percent were approved without written authority and 13 percent were not adequately justified or reasonable grounds were not transcribed accurately," the Postal Service's inspector general office said in the audit. "Also, 15 percent of the inspectors who conducted did not have the required nondisclosure form on file."

The New York Times published details on the little-noticed audit in its editions Tuesday.

A spokesman for the Postal Service didn't immediately return a telephone message seeking comment.

The completeness, accuracy and consistency of the data collected was also called into question, as 928 tracking requests were found to be active even though their cover periods had expired, the report shows.

In addition, the Postal Service didn't have procedures to ensure required annual reviews were done and, in the past three fiscal years, provided evidence of only one review, the audit found.

"The revelation of yet another massive intrusion into our privacy as American citizens — this time by way of the U.S. Postal Service — is extremely disturbing, yet not surprising in the new national security state," said Mark Brodin, a professor at Boston College Law School, in an email.

Brodin said that the protection of Americans' communications from unreasonable searches and seizures have been eroded by the U.S. Supreme Court and the White House, particularly since the Sept. 11, 2001, terrorist attacks.

"Thus when we bank, or make a telephone call, or send a letter, and consequently convey information to the financial institution or phone company or USPS, that information is up for grabs by the government without the need for any judge's approval," he said.

Copyright © 2014, Chicago Tribune

if companies move their companies to other countries, chances are spying will be going on there too

merely commenting on the fact if companies move their companies to other countries, chances are spying will be going on there too,

OK, that is nice to know.

http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/30/how-one-mans-private-files-ended-up-on-apples-icloud-without-his-consent/?tid=trending_strip_1


How one man’s private files ended up on Apple’s iCloud without his consent
Share on Facebook Share on Twitter Share on LinkedIn Share via Email
After security researcher Jeffrey Paul upgraded the operating system on his MacBook Pro last week, he discovered that several of his personal files had found a new home – on the cloud. The computer had saved the files, which Paul thought resided only on his own encrypted hard drive, to a remote server Apple controlled.

“This is unacceptable,” thundered Paul, an American based in Berlin, on his personal blog a few days later. “Apple has taken local files on my computer not stored in iCloud and silently and without my permission uploaded them to their servers - across all applications, Apple and otherwise.”

He was not alone in either his frustration or surprise. Johns Hopkins University cryptographer Matthew D. Green tweeted his dismay after realizing that some private notes had found their way to iCloud. Bruce Schneier, another prominent cryptography expert, wrote a blog post calling the automatic saving function “both dangerous and poorly documented” by Apple.

The criticism was all the more notable because its target, Apple, had just enjoyed weeks of applause within the computer security community for releasing a bold new form of smartphone encryption capable of thwarting government searches – even when police got warrants. Yet here was an awkward flip side: Police still can gain access to files stored on cloud services, and Apple seemed determined to migrate more and more data to them.

The once-clear line between devices – such as Macs or iPhones – and proprietary cloud services is all but vanishing, security experts warn. And it isn’t just Apple doing it. Microsoft, Google and others increasingly are relying on cheap, easily accessible storage capacity to roll out new features for customers. Apple’s automatic saving function allows users to switch seamlessly between devices, without fear of losing documents or edits.

That’s great news if your Mac gets stolen and you need to buy a new one. But security experts such as Paul are asking, at what price in privacy?

“For me,” said Green in an interview, “this is really shocking. I’ve been taking a lot of confidential notes in business meetings in TextEdit” – one of the programs that automatically saves some files to iCloud.

Confusion about how devices and cloud services interact apparently was a factor in the theft of intimate photos of dozens of Hollywood celebrities, such as Jennifer Lawrence, last summer. Their phones were secure, but the photos also were stored in online Apple accounts that, while protected by passwords, were vulnerable to hackers, experts say. It’s not clear the victims had any idea their personal photos were on the cloud, but they were -- within the reach of highly skilled Internet creeps.

Paul’s concern is less freelance Internet creeps than the U.S. government, which as he noted in his blog post collects data from U.S. technology companies, including Apple, through the National Security Agency's PRISM program.

The Supreme Court ruled in June that cell phones deserve a high level of protection from police searches, requiring in most cases that a court find probable cause and issue a warrant seeking specific evidence. But the issue is less clear when it comes to information found on cloud services; many companies require warrants but no definitive legal standard has yet emerged for law enforcement access to such information.

As for the NSA and the other high-tech intelligence operations run by governments around the world, the revelations by Edward Snowden make clear that government hackers are ingenious and voracious. And while the best likely can hack their way into any individual phone – even those with the tougher, new encryption offered by Apple – experts say it’s easier to collect data on a mass scale when it’s collected in centralized locations, such as on company cloud servers.

Apple did not reply to a request for comment about Paul’s blog post or the issues he raised, but the company has published a document on the “Support” section of its Web site describing how the automatic saving function works. The gist is that files created on several widely used apps are saved to iCloud as soon as the files are created. When a user later gives the file a name and selects a location to store it, the document is “removed” from iCloud (unless, of course, the user intentionally saves the file to iCloud.) Users can also disable iCloud altogether, keeping files confined to their devices.

But it turns out that many people use these apps without immediately naming documents or designating a place where they should be saved. Green, the Johns Hopkins cryptographer, long has used TextEdit as an easy way to take notes that he thought were safe on his hard drive, only later giving them a file name. For Paul, he used the same program as a way to create the computer equivalent of a Post-it Note – a handy place to jot a range of information, including passwords, private information, even the occasional love letter.

By the time he discovered the files were being uploaded to iCloud, the deed was already done. And though Paul recalled activating iCloud Drive, he could recall no warning that it would operate in this way.

The “huge benefits” of such automatic save features are not lost on Paul, he wrote in an e-mail exchange with the Post. “I enabled iCloud Drive knowingly. What I didn’t sign up for was my local private data outside of a specific part of my system being synchronized without additional consent, automatically.”

As Paul’s blog post bounced around the Web, other researchers discovered another twist to the Mac’s automatic iCloud save function. It didn’t arrive with Yosemite, the new operating system released this month. The “Support” document Apple published on the subject was dated December 16, 2013, when the previous operating system, called Mavericks, was still new. The automatic saving function might go back even further – yet few seemed to notice its introduction.

This is at the core of the complaints by Paul and Green. If a document is going to be transmitted across the Internet to a cloud server, they want to be warned first – and have a chance to object if they deem it too private.

It’s an option other users – even those who don’t study security issues for a living – might well want if they understood what was happening to their files. But how many do?

Paul wrote in an e-mail, “If you take 100 people and sit them down in front of a factory-new machine running Yosemite with iCloud Drive and have them open TextEdit, create a new window, type their darkest secrets into that window, and power the machine off without saving it anywhere - how many of those 100 would believe that the data hadn’t left the room?”


Craig Timberg is a national techno

"Privacy has never been an absolute right and the debate about this should not become a reason for postponing urgent and difficult decisions."

And it "differs from its predecessors in the security of its communications", he said - adding that techniques for encrypting messages "which were once the preserve of the most sophisticated criminals or nation states now come as standard".

http://www.bbc.com/news/uk-29891285


US technology companies have become "the command and control networks of choice" for terrorists such as Islamic State, the new head of GCHQ has said.

Writing in the Financial Times, Robert Hannigan said some internet firms were "in denial" about how their services were being misused.

He called for greater co-operation from the companies over access to users' data by the security services.

None of the major tech firms have yet responded to Mr Hannigan's comments.

Mr Hannigan said terrorists had made long use of the internet, but Islamic State's approach was different in two ways.

It used it as a "noisy channel in which to promote itself" by using "messaging and social media services such as Twitter, Facebook and WhatsApp, and a language their peers understand", he said.

And it "differs from its predecessors in the security of its communications", he said - adding that techniques for encrypting messages "which were once the preserve of the most sophisticated criminals or nation states now come as standard".

GCHQ and its sister agencies, MI5 and the Secret Intelligence Service, could not tackle these challenges "at scale" without greater support from the private sector, including the largest US technology companies which dominate the web, he wrote.

"They aspire to be neutral conduits of data and to sit outside or above politics", he wrote.

"But increasingly their services not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism.

"However much they may dislike it, they [US technology companies] have become the command and control networks of choice for terrorists and criminals, who find their services as transformational as the rest of us."

The challenge was to come up with "better arrangements for facilitating lawful investigation by security and law enforcement agencies than we have now", he said.

line
Analysis
Leo Kelion, technology desk editor
One of GCHQ's key concerns is the shift to encryption becoming the default option for many leading internet services.

As Mr Hannigan puts it, techniques to digitally scramble messages and make their creators anonymous were once the preserve of nation states, but "now come as standard".

Both Apple and Google recently switched to making encryption opt-out rather than opt-in in their mobile operating systems iOS8 and Android Lollipop. Apple said it wanted to provide "security and privacy", while Google said the move was intended to protect data from "thieves and snoops".

Other tech firms have taken similar steps, with Yahoo promising "end-to-end" encryption of its Mail service by 2015, while Microsoft has pledged to ensure customer content uploaded to its data servers would be encrypted by default by the end of this year to prevent what it termed "government snooping".

The firms compare the moves to safes being built with locks, and note that the authorities still have ways to obtain records. For example, Google can still pass on documents and calendars if they have been backed up from a smartphone to its cloud services.

But the companies says that while they are willing to co-operate, government surveillance must occur under a legal framework and with oversight, and they have pushed to be allowed to reveal more details about the amount of data they have handed over to government agencies.

This is not purely for altruistic reasons. In a post-Snowden world the companies know that both members of the public and enterprises will only pay for their cloud services if they have a measure of trust that their data is secure.

Mr Hannigan calls for a "mature debate" on just how much privacy these firms should offer, but has yet to be specific on what restrictions he proposes.

line
The debate about whether security agencies should be allowed to access personal data was brought to the fore in 2013 after Edward Snowden leaked details of alleged internet and phone surveillance by US intelligence.

Mr Snowden, who has been granted temporary asylum in Russia, faces espionage charges over his actions.

Earlier in the year, an investigation by the Guardian revealed how IS was using popular hashtags - including ones used during the Scottish referendum - to boost the popularity of its material on Twitter.

The new head of Britian’s GCHQ intelligence agency has demanded that internet firms open themselves up to intelligence services, and has claimed that privacy is not an absolute right.
GCHQ chief says internet companies are 'in denial' about role they play in terrorism

Quote:

"Privacy has never been an absolute right and the debate about this should not become a reason for postponing urgent and difficult decisions."

Perhaps not in the UK. In other countries: yes.

Luckily for civilization...you will lose that fight...and the sooner the better for us all.

Not anywhere, Walter...although well-meaning, but misguided folk like you will continue to clamor for it. Luckily for civilization...you will lose that fight...and the sooner the better for us all.