High-Five: House of Representatives Moves to Ban NSA’s ‘Backdoor Search’ Provision

Spencer Ackerman | The Guardian | June 20 2014

Surveillance reform gained new congressional momentum as the US House of Representatives unexpectedly and overwhelmingly endorsed stripping a major post-9/11 power from the National Security Agency late Thursday night.

By a substantial and bipartisan margin, 293 to 121, representatives moved to ban the NSA from searching warrantlessly through its troves of ostensibly foreign communications content for Americans’ data, the so-called “backdoor search” provision revealed in August by the Guardian thanks to leaks from Edward Snowden.

The move barring funds for warrantless searches “using an identifier of a United States person” came as an amendment added by Zoe Lofgren, Democrat of California, and Thomas Massie, Republican of Kentucky, to the annual defense appropriations bill, considered a must-pass piece of legislation to fund the US military. Also banned is the NSA’s ability, disclosed through the Snowden leaks, to secretly insert backdoor access to user data through hardware or communications services.

“I think it’s the first time the House has had the opportunity to vote on the 4th Amendment and the NSA as a discrete item. It was an overwhelming vote,” Lofgren told the Guardian. She said the vote succeeded despite efforts of what she called “the intel establishment.”

It swiftly circumvented a carefully crafted legislative package, backed by the White House and the NSA, presenting President Obama with an uncomfortable choice about vetoing the entire half-trillion dollar spending bill.

That legislative package, known as the USA Freedom Act, had jettisoned a measure to ban backdoor searches in order to move the bill out of committee. Losing the backdoor-search prohibition prompted, in part, civil libertarian groups to abandon their support of the House version of the bill. Several senators, including Democrats Ron Wyden and Mark Udall, are seeking to reinstate the ban in the Senate version currently under judiciary committee consideration.

The NSA considers its ability to search for Americans’ data through its massive collections of email, phone, text and other communications content a critical measure to discover terrorists and a sacrosanct prerogative. Its authorities to do so stem from a provision, called section 702, of a key 2008 surveillance law, the Fisa Amendments Act, which Obama endorsed as a legislator and presidential candidate.

During a March hearing of a government privacy board, lawyers for the intelligence community sharply disputed that such warrantless searches are illegal or unconstitutional, as civil libertarians consider self-evident.

Read Full Article

Net Neutrality [JUICE RAP NEWS]

Source: thejuicemedia

What is Net Neutrality, and why is it so important to the future of the Internet? Find out by joining Robert Foster as he takes a whimsical trip into the World Wide Web, with its founder Tim Berners-Lee and FaceBook CEO Mark Zuckerberg.

Big Telecom Wanted to Force Your Favorite Websites into the Slow Lane. Here’s What the Internet Had to Say About That

Josh Tabish | Commondreams | May 18th 2014

internetThursday morning U.S. FCC Chair Tom Wheeler announced that his agency voted in favor of a plan that could allow the creation of a slow lane on the Internet. This could force everyone except those with deep pockets (think: major conglomerates) into a second-tier of service that could slow their content to a crawl.

However, there is a silver lining in Thursday’s decision: Under huge pressure from millions of outraged citizens, Wheeler changed the FCC’s proposal from one that only considered the creation of an Internet slow lane, to one that also opens the door to a popular common sense alternative: a free and open online highway.

Unfortunately, there’s a long way to go to make that open online highway a reality, but we can get there. Although the proposed rules have been approved by the FCC for consideration, they now have to endure up to 120 days of public scrutiny. So what does this mean for the Internet freedom movement?

It means the battle for the Open Internet has only just begun: Rallying the public around rules that create a free and open online highway is crucial to the future of the Internet.

Let’s look at how we got here: yesterday’s proposal comes in response to the striking down of crucial open Internet rules by a U.S. Federal Court in January. With these rules no longer in place, the FCC began work to create a new framework for how traffic is treated online.

This framework was announced Thursday morning in Washington, D.C, following weeks of speculation about how they could undermine the Internet as a level playing field. Millions of concerned citizensdozens of leading tech companies, and major investors all voiced strong concerns about how the FCC’s decision could hand control over what we do online to giant telecom conglomerates.

There are at least three major lessons we can learn from Thursday’s announcement:

First, our huge citizen-backed movement is really making a difference: Due to massive public pressure the FCC pulled back fully endorsing Big Telecom’s slow lane plan. Rallying the public around the possibility of an open online highway (i.e., reclassification) is our most important task going forward. Without this, the Internet as we know it may never look the same again.

Second, the FCC has a very long way to go in balancing the public interest with those of a handful of outdated telecom conglomerates. Rather than doing the right thing and throwing out Big Telecom’s slow lane plan, they have left the door open for it and other rules that would gut the Internet to succeed. Again, it is crucial that we work together to show the FCC that an authentically open Internet is their only option.

And third, the next four months are crucial. There is now a public consultation period of 120 days for citizens everywhere to make it clear that we want Open Internet rules. Hordes of lobbyists employed by Big Telecom have already gone to work on undermining our efforts in a last-ditch attempt to turn the Internet into something that looks a lot more like this century’s cable TV. They will be out in force so we have to keep the pressure on decision-makers at the FCC.

In short, we have held off the slow lane plan for now, but we are in limbo until the FCC formally withdraws the plan and reins in Big Telecom’s attempts to control our Internet. In the meantime, a crucial 4 months lay ahead of us, and we have to do everything in our power to convince the FCC to do the right thing and throw away the plan for an Internet slow lane.

And don’t worry, your OpenMedia team will be with you every step of the way, providing new ways for you to get involved in the fight to save the open Internet. If you haven’t already, make sure you join over 100,000 people and say NO to the Internet slow lane athttps://OpenMedia.org/SlowLane/.

In the meantime, the stake are high. We’ve said this elsewhere before and we’ll say it again:

…the rules we choose to govern the Internet will have a major impact on the type of society we aspire to. From its inception through to the present day, the Internet has always promised to level the playing field – to improve access to knowledge, provide new economic opportunities for a burgeoning class of innovators and everyday citizens, and counter the media monopolies of the 20th century, ushering in an era of genuine and authentic choice.

But these promises were never guarantees. This is why the fight for net neutrality is, essentially, a fight for Internet freedom, and the fight for an open society that allows each of us to reach our fullest potential.

And we think those are promises worth fighting for.

We hope you do, too.

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License.

Josh Tabish is Campaigns Coordinator at OpenMedia.org.

More from Commondreams

FCC Net Neutrality Plan in Chaos

Sam Gustin | time.com | May 12 2014

FCC Chairman Tom Wheeler, a former top cable and wireless industry lobbyist, appears to have misjudged both public opinion and his fellow Democratic commissioners regarding his “Open Internet” proposal

Federal Communications Commission Chairman Tom Wheeler is scrambling to change his “Open Internet” proposal after a torrent of criticism from Internet giants, startups, venture capitalists, public interest groups, and consumers.

Net neutrality advocates are mounting a campaign to convince Wheeler to reclassify Internet broadband service under Title II of the Communications Act, which would subject companies like Comcast, Verizon and AT&T to “common carrier” regulation.

For decades, the FCC has regulated traditional phone service under common carrier provisions that require phone companies to connect all calls to people around the country. But in 2002, the FCC made the fateful decision to classify broadband as an “information service” not a “telecommunications service” — paving the way for internet fast lanes and setting the stage for a decade of legal wrangling.

The FCC’s Internet governance policies have been in limbo since a federal court struck down most of the agency’s 2010 Open Internet order in January. That order prohibited broadband providers like Comcast and Verizon from blocking traffic like Skype or Netflix on wired networks or putting them into an Internet “slow lane.”

“Chairman Wheeler has heard the American people and he has changed the item significantly to make Title II a more robust option,” a senior FCC official told TIME on Monday. It’s unclear what that would actually mean, because the draft proposal has not yet been released to the public.

The Internet has become a new public utility, many net neutrality advocates argue, and should be treated as such. The nation’s largest cable and phone companies fiercely oppose that idea — fearing greater regulation — and are mobilizing their lobbyists and allies on Capitol Hill to push back.

The FCC’s eighth floor executive office has been thrown into chaos amid a mounting backlash that shut down its phone lines as a growing number of Open Internet advocates camp out in front of their office.

“Since Wheeler’s proposal was first reported in the media we’ve sent hundreds of calls to the FCC on a daily basis,” says Tim Karr, senior director of strategy at D.C.-based public interest group Free Press, a longtime net neutrality advocacy group. “Last week, we heard from callers that an overwhelmed FCC staff had begun asking people to submit comments by email instead.”

Wheeler, the former top cable and wireless industry lobbyist, is facing a crucial vote on Thursday about whether to advance his plan to allow broadband providers to strike special deals with Internet companies for preferential treatment — sometimes called “paid prioritization” — in the “last mile” to consumers’ homes.

Wheeler says he supports the idea of an Open Internet — and opposes a system in which deep-pocketed tech titans can discriminate against startups — but he failed to anticipate the depth of public opinion on this issue, not to mention skepticism by his fellow Democratic FCC commissioners.

Late last week, Commissioner Jessica Rosenworcel said she has “real concerns” about Wheeler’s plan, and called for the FCC to delay next week’s crucial agency vote on the matter. Commissioner Mignon Clyburn has also raised concerns.

Wheeler plans to press ahead with Thursday’s vote, a FCC official told TIME late Monday. The vote wouldn’t enshrine the new rules, it would only approve what’s called a “notice of proposed rulemaking” (NPRM), and make the draft proposal available for public review and comment.

“It’s not even halftime and they’re 20 points down,” a senior tech industry executive told TIME. “But they have a deep bench and there’s plenty of time left.” If Wheeler does not feel he has the three out of five votes needed to approve the NPRM, he has the power to postpone the vote until the FCC’s next meeting. But it appears he’s moving forward.

The crisis facing the FCC is not surprising. For nearly a decade, the FCC has been trying to implement rules that would ensure that the Internet remains open for the next generation of tech startups like YouTube, Skype and Netflix. Open Internet advocacy groups appear to be trying to mobilize a grassroots response like the one they successfully mounted against the 2012 SOPA/PIPA Internet copyright bills.

Keep reading

Reset the Net: Day of Action on June 5


RT.com | May 6 2014

More than 30 civil liberties groups and tech companies have formed a coalition against internet surveillance and NSA spying, with a ‘Reset the Net’ day of action planned for June 5 to mark a year since Edward Snowden’s leaks.

Don’t ask for your privacy. Take it back,” the website urges. 

The site offers the opportunity for its visitors to sign a pledge: “On June 5, I will take strong steps to protect my freedom from government mass surveillance. I expect the services I use to do the same.” 

The coalition has been organized by “Fight for the Future.” Among its members are Reddit, Imgur, DuckDuckGo, CREDO Mobile, and the Free Software Foundation, who are enforced by the civil liberties groups and others, as Boing Boing and Greenpeace. 

The collective is calling on software developers to assimilate anti-NSA features into their products, such as mobile apps, or perhaps adding security features such as SSL (Secure Socket Layer), HSTS (HTTP Strict Transport Security), and Perfect Forward Secrecy which are data encoding features intended to prevent the government being a go-between for communication interceptions.

The call is simple – find some territory of the internet you can protect from prying eyes,” the ‘Reset the Net’ video states.

Government spies have a weakness: they can hack anybody, but they can’t hack everybody,” the organizers behind the Reset the Net movement say in a video released. “Folks like the NSA depend on collecting insecure data from tapped fiber. They depend on our mistakes; mistakes we can fix.”

June 5 marks the day that Edward Snowden first broke news of en-masse surveillance programs implemented by the NSA and PRISM became a household word. The groups are dispersing a privacy package for participants to use which contain free software tools for encrypting chat logs, email, phone calls and text messaging.

Keep reading


How the NSA Shot Itself In the Foot By Denying Prior Knowledge Of Heartbleed Vulnerability

Zack Whittaker | Zdnet | April 12th 2014

nsaIn 2012, during a classified but widely-known operation at Fort Meade, MD, government crypotographers and developers downloaded the OpenSSL source code, as it does with dozens of other software published on the Web. The operation’s objective was to find weaknesses in the library and exploit those vulnerabilities as part of wider efforts by the intelligence agency to conduct mass-scale surveillance.

fter the code was downloaded and compiled, the developers were soon able to pinpoint a programming flaw in the code, which would have allowed the agency to collect usernames and passwords far quicker, more efficiently, and at a lower cost than its bulk data collection programs, notably its fiber cable tapping operation named Upstream.

Executives and senior officials heralded it as one of the biggest vulnerability discoveries in the intelligence agency’s recent history. A single programming flaw that it could exploit and use to tap directly into the communications of hundreds of millions of users, and gain system administrative privileges to vacuum up every shred of data it could find. Not just once, but at will, and it was untraceable.

It was the NSA’s golden goose.

Except, none of that happened, according to a statement by the U.S.’ director of national intelligence, James Clapper, who said on Friday following the Bloomberg report citing two people familiar with the situation. “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report.”

“Reports that say otherwise are wrong,” he added, noting that the U.S. government “relies” on OpenSSL to protect its users on government websites. “If the… government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL.”

Either one of two things happened: Bloomberg got screwed over by its sources, or the U.S. government is outright lying and clambering to save face with the already disgruntled public.

Clapper’s response instead disclosed a seismic vulnerability in the intelligence agency’s own mission, to “protect U.S. national security systems and to produce foreign signals intelligence information.”

Clapper has, either intentionally (though more likely inadvertently) revealed the agency’s own core internal weaknesses and deficiencies probably more so than any other revelation leaked by whistleblower Edward Snowden, who remains responsible for the biggest global intelligence leak in post-World War II history.

The NSA’s job, first and foremost, has been blown up by the Snowden leaks in a specific and precise way than the agency’s simplistic “protect America” rhetoric — from tapping fiber cables, demanding data from Silicon Valley servers, intercepting wireless transmissions, and exploiting vulnerabilities and flaws in common encryption standards in order to vacuum up all the data things.

[read full post here]

Report: NSA Exploited Heartbleed to Siphon Passwords for Two Years; NSA Denies Allegations

Image: Codenomicon

Image: Codenomicon

Source: Wired.com

Wired.com Update: The NSA has issued a statement denying any knowledge of Heartbleed prior to its public disclosure this week. “NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private-sector cybersecurity report,” an NSA spokesperson wrote in a statement. “Reports that say otherwise are wrong.”

The White House National Security Council spokesperson Caitlin Hayden also denied that federal agencies knew about the bug. “If the Federal government, including the intelligence community, had discovered this vulnerability prior to last week, it would have been disclosed to the community responsible for OpenSSL,” Caitlin Hayden said in a statement.

Report: NSA Exploited Heartbleed to Siphon Passwords for Two Years

The NSA knew about and exploited the Heartbleed vulnerability for two years before it was publicly exposed this week, and used it to steal account passwords and other data, according to a news report.

Speculation had been rampant this week that the spy agency might have known about the critical flaw in OpenSSL that would allow hackers to siphon passwords, email content and other data from the memory of vulnerable web servers and other systems using the important encryption protocol.

That speculation appears to be confirmed by two unnamed sources who told Bloomberg that the NSA discovered the flaw shortly after it was accidentally introduced into OpenSSl in 2012 by a programmer.

The flaw “became a basic part of the agency’s toolkit for stealing account passwords and other common tasks,” the publication reports. [See NSA response above]

OpenSSL is used by many websites and systems to encrypt traffic. The vulnerability doesn’t lie in the encryption itself, but in how the encrypted connection between a website and your computer is handled. On a scale of one to 10, cryptographer Bruce Schneier ranks the flaw an 11.

The flaw is critical because it’s at the core of SSL, the encryption protocol so many have trusted to protect their data, and can be used by hackers to steal usernames and passwords — for sensitive services like banking, ecommerce, and web-based email.

There are also concerns that the flaw can be used to steal the private keys that vulnerable web sites use to encrypt traffic to them, which would make it possible for the NSA or other spy agencies to decipher encrypted data in some cases and to impersonate legitimate web sites in order to conduct a man-in-the-middle attack and trick users into revealing passwords and other sensitive data to fake web sites they control.

Heartbleed allows an attacker to craft a query to vulnerable web sites that tricks the web server into leaking up to 64kb of data from the system’s memory. The data that’s returned is random — whatever is in the memory at the time — and requires an attacker to query multiple times to collect a lot of data. But this means that any passwords, spreadsheets, email, credit card numbers or other data that’s in the memory at the time of the query could be siphoned. Although the amount of data that can be siphoned in one query is small, there’s no limit to the number of queries an attacker can make, allowing them to collect a lot of data over time.

Read the rest of the article at Wired.com

How the Government Manipulates Your Thoughts Online – Abby Martin

Abby Martin talks about journalist Glenn Greenwald’s report regarding the intelligence community’s use of subversive and manipulative online tactics to destroy the reputations of businesses and individuals.

What the World Looks Like Without Net Neutrality…

Thanks to a ruling on net neutrality by the D.C. Circuit Court of Appeals – the internet could start looking a lot more like your cable TV package