Twenty five years ago today Sir Tim Berners-Lee filed the memo
that led to the creation of the world wide web. Twenty five years later and he's using the anniversary to call for a digital "Magna Carta" in each country around the world that will protect the web from governments and corporations alike, keeping a neutral and healthy avenue for the continued exchange of ideas and commerce.
Berners-Lee’s Magna Carta idea is part of a larger initiative called the "web we want
," which urges individuals to generate a digital bill of rights in each country. These principles would protect privacy, neutral transmission of data, and privacy and "responsible anonymity," insists Berners-Lee, who has been an outspoken critic of the UK and U.S. total surveillance efforts.
"These issues have crept up on us," Berners-Lee said. "Our rights are being infringed more and more on every side, and the danger is that we get used to it. So I want to use the 25th anniversary for us all to do that, to take the web back into our own hands and define the web we want for the next 25 years."
If you're interested, you can sign up here
to be notified as the initiative gets underway.
"Unless we have an open, neutral internet we can rely on without worrying about what's happening at the back door, we can't have open government, good democracy, good healthcare, connected communities and diversity of culture," he notes
. "It's not naive to think we can have that, but it is naive to think we can just sit back and get it." There's a good Q&A with Berners-Lee over at CNET
for those that are interested.
Snowden leaks had already indicated that the NSA had been busy hacking into Yahoo servers
(and Google, Microsoft), obtaining data via the back door in addition to PRISM data they were collecting up front. Now another Guardian release of Snowden documents
indicates that UK intelligence agency GCHQ, with help from the NSA, intercepted and stored webcam content from millions of Yahoo users, regardless of whether or not they had been suspected of any wrong doing:
GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not. In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.
Yahoo, one of the few companies to try and stand up to PRISM data collection in court, unsurprisingly wasn't pleased with the revelations, calling project optic nerve "a whole new level of violation of our users' privacy."
A report in the Wall Street Journal
indicates that the Obama administration is contemplating several "new" options when it comes to storing bulk surveillance data. The options were presented to the White House as part of the government's somewhat-cosmetic reforms proposed back in January
Last week we noted that hacker collective NullCrew had claimed that they'd hacked Comcast's mail servers
, the group posting evidence of an exploit impacting 34 Comcast mail servers that were vulnerable to one local file inclusion vulnerability exploit. Comcast has refused to respond to media inquiries about the possible exposure of user data
(us included), sending their only public comment on the hack to cable trade magazine Multichannel News
, insisting they are "aggressively" investigating the incident:
"We're aware of the situation and are aggressively investigating it," a Comcast spokesman said. "We take our customers' privacy and security very seriously, and we currently have no evidence to suggest any personal customer information was obtained in this incident."
The problem is that while it doesn't appear that NullCrew posted any user data, they did post the vulnerability for all to see for around 24 hours, meaning it's very possible that user data was in fact exposed. Changing your passwords just to be safe might not be a bad idea.
NBC has received a lot of attention this week for a story
that proclaims that visitors to the Sochi games will immediately find that every device they own -- from laptop to phone -- will be hacked immediately upon stepping outside at the games. NBC reporter Richard Engel worked with a "security expert" and claimed that, while sitting at a cafe in Russia, hackers had compromised his devices "before we even finished our coffee" -- "giving hackers the option to tap or even record my phone calls."
Except according to a blog post by Errata Security
, the story is "100% fabricated." Notes Errata's Robert Graham:
•They aren't in Sochi, but in Moscow, 1007 miles away.
For a long time Verizon was dead silent regarding their cooperation with the NSA, with the only public comment at one point being to mock Yahoo and Google
for demanding greater government transparency. Recently Verizon has been more chatty; issuing their first ever transparency report
, and even blogging about intelligence issues.
Documents provided by Edward Snowden last week revealed that the Canadian government (CSEC, their NSA equivalent) has been quite illegally spying on and tracking Canadian citizens
using public Wi-Fi available at Canadian airports to track movement both before and after citizens visited the airport. The specifics of how the government obtained the location data isn't made clear, but Canada's two largest airports, Toronto and Vancouver, deny providing CSEC with the data.
The government has reached a settlement with several of the nation's biggest Internet companies (Google, Facebook, Yahoo, Microsoft and Apple) which had (to various degrees) to be able to reveal more information on how many data requests they receive from government. While the government has allowed increased disclosure on national security letters (NSLs, or gag letters), companies have been restricted to only stating a range of numbers of such letters they've received (see Verizon's recent transparency report
After years of being one of the very least transparent companies when it came to cooperation with government spying, Verizon last month announced they'd finally be issuing publicly-available reports
highlighting the requests the company gets from law enforcement agencies. In the first report of this kind released (available here
), Verizon notes the company in 2013 saw 164,184 subpoenas, 70,000 court orders (6,312 of which were trap and trace orders), 36,696 warrants, and 50,000 "emergency requests from law enforcement.
An independent executive branch board reached the conclusion that the NSA's efforts to collect billions of Americans’ phone records is illegal and should be discontinued, notes the Washington Post
. The Privacy and Civil Liberties Oversight Board (PCLOB) stated that Section 215 of the USA Patriot Act "does not provide an adequate basis to support this program." As noted recently the Obama administration offered up their NSA reform plan
-- largely seen as cosmetic in nature -- before their own oversight board had the chance to publicize their findings.
Last week the President revealed his much awaited NSA reforms
, and while modestly better than some leaks had suggested, they fell well short of the changes his own advisory panels recommended. Mark the EFF down as particularly unimpressed; the group posting a scorecard for the reforms
that rank them at 3.5 out of a possible 12. Failures to seriously stop mass surveillance, silence on the erosion of encryption standards, refusal to make the FISA court more transparent, and the continued vilification of Snowden instead of appreciating the Democratic value of whistle blowers all leave the NSA disappointed.
, the Obama Administration today outlined
(pdf) a series of NSA surveillance reforms that, while featuring small improvements on very select issues, fall far short of the 47 reforms recommended by his own advisory panel
, or those pushed for by privacy and civil liberty advocates. Among some of the changes Obama stated the government will take moving forward:
• The government will no longer hold on to collected "metadata" (tags on call times, participants) themselves, meaning the phone companies will hold it (raw recordings and data wasn't included in this promise).
The United Nations has unanimously voted to adopt a resolution calling for online privacy to be recognized as a human right
, a recent resolution
extending the general human right of privacy to the online world. With a clear eye on recent Snowden revelations in the States, the resolution calls on countries "to establish or maintain existing independent, effective domestic oversight mechanisms capable of ensuring transparency, as appropriate, and accountability for State surveillance of communications." Of course since resolutions aren't binding, the UN's recommendations can and will likely be ignored by most UN member countries.
While the government's NSA reform panel advised more sweeping changes than many people expected
in light of the Snowden leaks, there was nothing requiring that the government implement any of them. Indeed, leaks now suggest that the Obama Administration is preparing to announce a few reforms on Friday that are largely cosmetic in nature
, and a far cry from the panel's 46 recommendations.
Google today announced that they're embedding data compression by default in their latest mobile Chrome update. According to a company blog post
, the compression is disabled by default, but when enabled promises bandwidth consumption savings of up to 50%.
Regular reader Kramer
tips us on a new New York Times
report that indicates the NSA has long utilized technology that allows them to spy on computers even if those machines are not connected to the Internet (aka conquering the "air gap"). According to the Times, the NSA has installed "tiny circuit boards and USB cards inserted surreptitiously" into at least 100,000 machines since 2008, allowing the agency to transmit data over a "covert channel of radio waves." The Times notes that the program, code-named Quantum, has been utilized against ally countries and enemies alike, though no evidence exists suggesting it has been used domestically.
Karsten Nohl, chief scientist with Berlin's Security Research Labs, tells Reuters
that cell carriers worldwide aided the NSA's data collection capabilities by failing to implement relatively basic and long-available security updates, SIM and encryption improvements, and hardware and software patches. "I couldn't imagine it is complicity. I think it is negligence," he said. "I don't want to believe in a worldwide conspiracy across all worldwide network operators. I think it is individual laziness and priority on network speed and network coverage and not security." Nohl helps maintain GSMMap.org
, which evaluates the security of mobile operators around the globe.
French telco Orange says that the telco plans to take legal action against the NSA for the agency's tapping of undersea cables, recently revealed in the latest round of Edward Snowden document leaks. Specifically, the documents note that the NSA tapped the SeaMeWe-4 cable, which links Europe, North Africa and the Middle East. Reuters
notes that Orange hasn't decided if they'll file their own legal assault (the success/legality of that being highly unclear), or if they'll join an existing legal action launched in July by the International Federation of Human Rights. Orange's surprise seems justified if not dramatic -- undersea cable taps have been rumored to be commonplace under programs like Echelon
for more than a generation.
As expected, the ACLU is filing an appeal
after a Judge recently ruled
that the agency's wholesale collection of metadata was legal. Judge William H Pauley III argued that Fourth Amendment protections don't apply to records held by third parties, like phone companies, therefore invalidating the ACLU's (a Verizon customer) claims. "The government has a legitimate interest in tracking the associations of suspected terrorists, but tracking those associations does not require the government to subject every citizen to permanent surveillance,” said the ACLU in a statement
. Given other recent court opinions
that such collection does
violate the Fourth Amendment, the case will likely ultimately wind its way to the Supreme Court.
·more stories, story search, most popular ..
Recent news contributors