freedom to privacy

An anonymous reader writes to tell us that in an apparent response to privacy complaints, the White House has quietly moved off of YouTube as a method for serving the President's weekly video address. Choosing instead to use a Flash-based solution and Akamai's content delivery network, this comes just days after YouTube began to roll out their own new policies regarding privacy of visitors.

It seriously irks me that YouTube is seen as the only way to share video. Sorry, it looks as unprofessional as using an aol.com email address.

By choosing Joe Biden as their vice presidential candidate, the Democrats have selected a politician with a mixed record on technology who has spent most of his Senate career allied with the FBI and copyright holders, who ranks toward the bottom of CNET's Technology Voters' Guide, and whose anti-privacy legislation was actually responsible for the creation of PGP.

That's probably okay with Barack Obama: Biden likely got the nod because of his foreign policy knowledge. The Delaware politician is the chairman of the Senate Foreign Relations committee who voted for the war in Iraq, and is reasonably well-known nationally after his presidential campaigns in 1988 and 2008.

According to reports, there may be a back door built into Skype, which allows connections to be bugged. The company has declined to expressly deny the allegations. At a meeting with representatives of ISPs and the Austrian regulator on lawful interception of IP based services held on 25th June, high-ranking officials at the Austrian interior ministry revealed that it is not a problem for them to listen in on Skype conversations.

The U.S. Senate overwhelmingly voted Wednesday to grant retroactive amnesty to the telecoms that aided the President Bush's five-year secret, warrantless wiretapping of Americans, and to expand the government's authority to sift through U.S. communications, handing a key victory to the Bush administration.

...

Voting record for FISA Amendments Act of 2008

Customs insists that terrorism and child pornography are sufficient justification for electronics searches. And even civil libertarians agree it makes sense for customs to search luggage, which could pose immediate dangers to aircraft and passengers. But, says Marc Rotenberg, executive director of the Electronic Privacy Information Center, "customs officials do not go through briefcases to review and copy paper business records or personal diaries, which is apparently what they are now doing in digital form. These pda's don't have bombs in them."

Breaking months of acrimonious deadlock, House and Senate leaders from both parties have agreed to a bill that gives the nation's spy agencies the power to turn a wide swath of domestic communication companies into intelligence-gathering operations, and that puts an end to court challenges to telecoms such as AT&T that aided the government's secret, five-year warrantless wiretapping program.

What a bunch of crap.

A new survey shows that data retention laws influence the actual behavior of citizens in Germany. 11% had already abstained from single telecommunication acts, 52% would not use phone or e-mail for confidential contacts.

The problem with surveillance is not primarily that some bored officer might learn about some embarrassing private detail (although this is a problem as well). The fundamental problem with surveillance is that it changes people. People under surveillance behave differently than people who are not monitored - differently than free people.

Local mirror of Forsa Institute data retention study

As first reported by Threat Level, Chuck Fish, a full-time lawyer for the McCain campaign, also said McCain wanted stricter rules on how the nation's telecoms work with U.S. spy agencies, and expected those companies to apologize for any lawbreaking before winning amnesty.

But Monday, McCain adviser Doug Holtz-Eakin, speaking for the campaign, disavowed those statements, and for the first time cast McCain's views on warrantless wiretapping as identical to Bush's.

[N]either the Administration nor the telecoms need apologize for actions that most people, except for the ACLU and the trial lawyers, understand were Constitutional and appropriate in the wake of the attacks on September 11, 2001. [...]

We do not know what lies ahead in our nation's fight against radical Islamic extremists, but John McCain will do everything he can to protect Americans from such threats, including asking the telecoms for appropriate assistance to collect intelligence against foreign threats to the United States as authorized by Article II of the Constitution.

The Article II citation is key, since it refers to President Bush's longstanding arguments that the president has nearly unlimited powers during a time of war. The administration's analysis went so far as to say the Fourth Amendment did not apply inside the United States in the fight against terrorism, in one legal opinion from 2001.

The Security and Privacy Day is a biannual workshop sponsored by the greater New York City area computer security research community for bringing area researchers together, fostering multi-institutional collaborations, and discussing and exchanging our ideas and experiences with security and privacy research. We invite you to attend and encourage you to submit a proposal for a poster or demonstration. Registration is required, if you plan to attend.

The 2008 S&P Day is hosted by Stony Brook University on Friday, May 30, 2008. While registration is free please register here by May 25.

...

Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems
We present a novel, practical, and effective mechanism for identifying the IP address of Tor clients. We approximate an almost-global passive adversary (GPA) capable of eavesdropping anywhere in the network by using LinkWidth, a novel bandwidth-estimation technique. LinkWidth allows network edge-attached entities to estimate the available bandwidth in an arbitrary Internet link without a cooperating peer host, router, or ISP. By modulating the bandwidth of an anonymous connection (e.g., when the destination server or its router is under our control), we can observe these fluctuations as they propagate through the Tor network and the Internet to the end-user's IP address. Our technique exploits one of the design criteria for Tor (trading off GPA-resistance for improved latency/bandwidth over MIXes) by allowing well-provisioned (in terms of bandwidth) adversaries to effectively become GPAs. Although timing-based attacks have been demonstrated against non-timing-preserving anonymity networks, they have depended either on a global passive adversary or on the compromise of a substantial number of Tor nodes. Our technique does not require compromise of any Tor nodes or collaboration of the end-server (for some scenarios). We demonstrate the effectiveness of our approach in tracking the IP address of Tor users in a series of experiments. Even for an under-provisioned adversary with only two network vantage points, we can accurately identify the end user (IP address) in many cases. Furthermore, we show that a well-provisioned adversary, using a topological map of the network, can trace-back the path of an anonymous user in under 20 minutes. Finally, we can trace an anonymous Location Hidden Service in approximately 120 minutes.

If only it wasn't the same time as World Science Festival's talk on quantum physics.

One of the first people to sound the alarm on China's upgraded police state was a British researcher named Greg Walton. In 2000, Walton was commissioned by the respected human-rights organization Rights & Democracy to investigate the ways in which Chinese security forces were harnessing the tools of the Information Age to curtail free speech and monitor political activists. The paper he produced was called "China's Golden Shield: Corporations and the Development of Surveillance Technology in the People's Republic of China." It exposed how big-name tech companies like Nortel and Cisco were helping the Chinese government to construct "a gigantic online database with an all-encompassing surveillance network — incorporating speech and face recognition, closed-circuit television, smart cards, credit records and Internet surveillance technologies."

When the paper was complete, Walton met with the institute's staff to strategize about how to release his explosive findings. "We thought this information was going to shock the world," he recalls. In the midst of their discussions, a colleague barged in and announced that a plane had hit the Twin Towers. The meeting continued, but they knew the context of their work had changed forever.

Walton's paper did have an impact, but not the one he had hoped. The revelation that China was constructing a gigantic digital database capable of watching its citizens on the streets and online, listening to their phone calls and tracking their consumer purchases sparked neither shock nor outrage. Instead, Walton says, the paper was "mined for ideas" by the U.S. government, as well as by private companies hoping to grab a piece of the suddenly booming market in spy tools. For Walton, the most chilling moment came when the Defense Department tried to launch a system called Total Information Awareness to build what it called a "virtual, centralized grand database" that would create constantly updated electronic dossiers on every citizen, drawing on banking, credit-card, library and phone records, as well as footage from surveillance cameras. "It was clearly similar to what we were condemning China for," Walton says. Among those aggressively vying to be part of this new security boom was Joseph Atick, now an executive at L-1. The name he chose for his plan to integrate facial-recognition software into a vast security network was uncomfortably close to the surveillance system being constructed in China: "Operation Noble Shield."

Empowered by the Patriot Act, many of the big dreams hatched by men like Atick have already been put into practice at home. New York, Chicago and Washington, D.C., are all experimenting with linking surveillance cameras into a single citywide network. Police use of surveillance cameras at peaceful demonstrations is now routine, and the images collected can be mined for "face prints," then cross-checked with ever-expanding photo databases. Although Total Information Awareness was scrapped after the plans became public, large pieces of the project continue, with private data-mining companies collecting unprecedented amounts of information about everything from Web browsing to car rentals, and selling it to the government.

Such efforts have provided China's rulers with something even more valuable than surveillance technology from Western democracies: the ability to claim that they are just like us. Liu Zhengrong, a senior official dealing with China's Internet policy, has defended Golden Shield and other repressive measures by invoking the Patriot Act and the FBI's massive e-mail-mining operations. "It is clear that any country's legal authorities closely monitor the spread of illegal information," he said. "We have noted that the U.S. is doing a good job on this front." Lin Jiang Huai, the head of China Information Security Technology, credits America for giving him the idea to sell biometric IDs and other surveillance tools to the Chinese police. "Bush helped me get my vision," he has said. Similarly, when challenged on the fact that dome cameras are appearing three to a block in Shenzhen and Guangzhou, Chinese companies respond that their model is not the East German Stasi but modern-day London.

Human-rights activists are quick to point out that while the tools are the same, the political contexts are radically different. China has a government that uses its high-tech web to imprison and torture peaceful protesters, Tibetan monks and independent-minded journalists. Yet even here, the lines are getting awfully blurry. The U.S. currently has more people behind bars than China, despite a population less than a quarter of its size. And Sharon Hom, executive director of the advocacy group Human Rights in China, says that when she talks about China's horrific human-rights record at international gatherings, "There are two words that I hear in response again and again: Guantánamo Bay."

The Fourth Amendment prohibition against illegal search and seizure made it into the U.S. Constitution precisely because its drafters understood that the power to snoop is addictive. Even if we happen to trust in the good intentions of the snoopers, the nature of any government can change rapidly — which is why the Constitution places limits on the tools available to any regime. But the drafters could never have imagined the commercial pressures at play today. The global homeland-security business is now worth an estimated $200 billion — more than Hollywood and the music industry combined. Any sector of that size inevitably takes on its own momentum. New markets must be found — which, in the Big Brother business, means an endless procession of new enemies and new emergencies: crime, immigration, terrorism.

In Shenzhen one night, I have dinner with a U.S. business consultant named Stephen Herrington. Before he started lecturing at Chinese business schools, teaching students concepts like brand management, Herrington was a military-intelligence officer, ascending to the rank of lieutenant colonel. What he is seeing in the Pearl River Delta, he tells me, is scaring the hell out of him — and not for what it means to China.

"I can guarantee you that there are people in the Bush administration who are studying the use of surveillance technologies being developed here and have at least skeletal plans to implement them at home," he says. "We can already see it in New York with CCTV cameras. Once you have the cameras in place, you have the infrastructure for a powerful tracking system. I'm worried about what this will mean if the U.S. government goes totalitarian and starts employing these technologies more than they are already. I'm worried about the threat this poses to American democracy."

Herrington pauses. "George W. Bush," he adds, "would do what they are doing here in a heartbeat if he could."

China-bashing never fails to soothe the Western conscience — here is a large and powerful country that, when it comes to human rights and democracy, is so much worse than Bush's America. But during my time in Shenzhen, China's youngest and most modern city, I often have the feeling that I am witnessing not some rogue police state but a global middle ground, the place where more and more countries are converging. China is becoming more like us in very visible ways (Starbucks, Hooters, cellphones that are cooler than ours), and we are becoming more like China in less visible ones (torture, warrantless wiretapping, indefinite detention, though not nearly on the Chinese scale).

What is most disconcerting about China's surveillance state is how familiar it all feels. When I check into the Sheraton in Shenzhen, for instance, it looks like any other high-end hotel chain — only the lobby is a little more modern and the cheerful clerk doesn't just check my passport but takes a scan of it.

"Are you making a copy?" I ask.

"No, no," he responds helpfully. "We're just sending a copy to the police."

Up in my room, the Website that pops up on my laptop looks like every other Net portal at a hotel -- only it won't let me access human-rights and labor Websites that I know are working fine. The TV gets CNN International -- only with strange edits and obviously censored blackouts. My cellphone picks up a strong signal for the China Mobile network. A few months earlier, in Davos, Switzerland, the CEO of China Mobile bragged to a crowd of communications executives that "we not only know who you are, we also know where you are." Asked about customer privacy, he replied that his company only gives "this kind of data to government authorities" -- pretty much the same answer I got from the clerk at the front desk.