Leaderboard

Lavabit's closure marks the death of secure cloud computing in the USOnce Edward Snowden's use of the email service was public, it was perhaps a given that Lavabit would be targeted by the US Alex Hern theguardian.com, Saturday 10 August 2013 05.00 EDT On Thursday afternoon, Ladar Levison, the owner and operator of Lavabit, an email service that prides itself on privacy and security, abruptly closed his website, posting a short message to his former users. "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down Lavabit," he wrote. "After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot." Levison might be gagged by the law, but it's not hard to guess at least part of the reason why his site is having legal troubles. In early July, journalists and human rights activists received an email from edsnowden@lavabit.com, inviting them to a press conference in Moscow's Sheremetyevo airport. Given the NSA leaker's understandable desire for security, it is not surprising that Edward Snowden would use a service designed for keeping messages out of prying hands. But knowing the American government's desire to go to extraordinary lengths (such as grounding the Bolivian president's plane) necessary to recapture him, it was perhaps a given that Lavabit would be a target once Snowden's use of the service was public. Assuming the former infrastructure analyst's justified paranoia was put to good use, even a fully co-operative Lavabit wouldn't be able to provide the US government with much help. One of the site's biggest selling points against more popular email services such as Gmail is its full support for public-key encryption. This is a form of encryption which uses two numerical "keys" to encode a message. One, the public key, is given out freely. Anyone wanting to send a message to Snowden would know his public key, encrypt the message with it, and send the now-garbled text. Snowden would then use his private key to decrypt it. This practice is also known as "asymmetric encryption", because of the most important factor in it: the public key cannot be used to decrypt the messages it has encrypted. Only the private key can do that. And, while the technological details are far too complex to get in to here (it's basically magic maths, involving extremely large prime numbers), based on everything we know about the intelligence services, even they can't break that sort of encryption. If they don't have the key, they don't have the data. Unfortunately, as we know from the Verizon leaks that started this whole thing off, you can find out a huge amount about people without ever looking at their actual data. The metadata they leave behind – data about their data – is just as valuable. In Lavabit's case, that almost certainly includes who Snowden has been emailing, and when. Depending on how much data the site stores, and how careful Snowden was when accessing it (he may have taken measures such as accessing the site through anonymisers like Tor, which would limit the damage), they could have details such as when he checked his inbox, what IP address he was checking from, and which browser he was using. Levison promises he will fight "for the constitution" in the courts, but the odds are stacked against him. Bigger companies with better legal resources than Lavabit have been forced to submit to the national security apparatus. Eventually any metadata the site does hold is likely to end up in the hands of the government. It's not hard to sense the desperation in Levison's voice when he writes that "without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States", but it's also admirable honesty. From a security point of view, cloud computing in the US is dead on its feet. http://www.theguardian.com/commentisfree/2013/aug/10/lavabit-closure-cloud-computing-edward-snowden

NSA loophole allows warrantless search for US citizens' emails and phone callsExclusive: Spy agency has secret backdoor permission to search databases for individual Americans' communications James Ball and Spencer Ackerman The Guardian, Friday 9 August 2013 12.08 EDT Detail of Section 702 of the Fisa Amendments Act (FAA), which gives the NSA authority to target without warrant the communications of foreign targets. The National Security Agency has a secret backdoor into its vast databases under a legal authority enabling it to search for US citizens' email and phone calls without a warrant, according to a top-secret document passed to the Guardian by Edward Snowden. The previously undisclosed rule change allows NSA operatives to hunt for individual Americans' communications using their name or other identifying information. Senator Ron Wyden told the Guardian that the law provides the NSA with a loophole potentially allowing "warrantless searches for the phone calls or emails of law-abiding Americans". The authority, approved in 2011, appears to contrast with repeated assurances from Barack Obama and senior intelligence officials to both Congress and the American public that the privacy of US citizens is protected from the NSA's dragnet surveillance programs. The intelligence data is being gathered under Section 702 of the of the Fisa Amendments Act (FAA), which gives the NSA authority to target without warrant the communications of foreign targets, who must be non-US citizens and outside the US at the point of collection. The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as "incidental collection" in surveillance parlance. But this is the first evidence that the NSA has permission to search those databases for specific US individuals' communications. A secret glossary document provided to operatives in the NSA's Special Source Operations division – which runs the Prism program and large-scale cable intercepts through corporate partnerships with technology companies – details an update to the "minimization" procedures that govern how the agency must handle the communications of US persons. That group is defined as both American citizens and foreigners located in the US. "While the FAA 702 minimization procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data," the glossary states, "analysts may NOT/NOT [not repeat not] implement any USP [uS persons] queries until an effective oversight process has been developed by NSA and agreed to by DOJ/ODNI [Office of the Director of National Intelligence]." The term "identifiers" is NSA jargon for information relating to an individual, such as telephone number, email address, IP address and username as well as their name. The document – which is undated, though metadata suggests this version was last updated in June 2012 – does not say whether the oversight process it mentions has been established or whether any searches against US person names have taken place. Wyden, an Oregon Democrat on the Senate intelligence committee, has obliquely warned for months that the NSA's retention of Americans' communications incidentally collected and its ability to search through it has been far more extensive than intelligence officials have stated publicly. Speaking this week, Wyden told the Guardian it amounts to a "backdoor search" through Americans' communications data. "Section 702 was intended to give the government new authorities to collect the communications of individuals believed to be foreigners outside the US, but the intelligence community has been unable to tell Congress how many Americans have had their communications swept up in that collection," he said. "Once Americans' communications are collected, a gap in the law that I call the 'back-door searches loophole' allows the government to potentially go through these communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans." Wyden, along with his intelligence committee colleague Mark Udall, have attempted repeatedly to warn publicly about the ability of the intelligence community to look at the communications of US citizens, but are limited by their obligation not to reveal highly classified information. But in a letter they recently wrote to the NSA director, General Keith Alexander, the two senators warned that a fact sheet released by the NSA in the wake of the initial Prism revelations to reassure the American public about domestic surveillance was misleading. In the letter, they warned that Americans' communications might be inadvertently collected and stored under Section 702, despite rules stating only data on foreigners should be collected and retained. "[W]e note that this same fact sheet states that under Section 702, 'Any inadvertently acquired communication of or concerning a US person must be promptly destroyed if it is neither relevant to the authorised purpose nor evidence of a crime,'" they said. "We believe that this statement is somewhat misleading, in that it implied the NSA has the ability to determine how many American communications it has collected under Section 702, or that the law does not allow the NSA to deliberately search for the records of particular Americans." The foreign intelligence surveillance (Fisa) court issues approvals annually authorizing such operations, with specific rules on who can be targeted and what measures must be taken to minimize any details "inadvertently" collected on US persons. Secret minimization procedures dating from 2009, published in June by the Guardian, revealed that the NSA could make use of any "inadvertently acquired" information on US persons under a defined range of circumstances, including if they held usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted or are believed to contain any information relevant to cybersecurity. At that stage, however, the rules did not appear to allow for searches of collected data relating to specific US persons. Assurances from Obama and senior administration officials to the American public about the privacy of their communications have relied on the strict definition of what constitutes "targeting" while making no mention of the permission to search for US data within material that has already been collected. The day after the Guardian revealed details of the NSA's Prism program, President Obama said: "Now, with respect to the internet and emails, this doesn't apply to US citizens and it doesn't apply to people living in the United States." Speaking at a House hearing on 18 June this year, deputy attorney general James Cole told legislators "[T]here's a great deal of minimization procedures that are involved here, particularly concerning any of the acquisition of information that deals or comes from US persons. "As I said, only targeting people outside the United States who are not US persons. But if we do acquire any information that relates to a US person, under limited criteria only can we keep it." Dianne Feinstein, the California Democrat who chairs the Senate intelligence committee, said in June 2012 that she believed the intelligence agencies and the Justice Department were sufficiently mindful of Americans' privacy. "The intelligence community is strictly prohibited from using Section 702 to target a US person, which must at all times be carried out pursuant to an individualized court order based upon probable cause," Feinstein stated in a report provided to the Senate record. While there are several congressional proposals to constrain the NSA's bulk collection of Americans' phone records, there has to date been much less legislative appetite to abridge its powers under Section 702 – as lawmakers are satisfied it doesn't sufficiently violate Americans' privacy. "702 is focused outside the United States at non-citizens," said Adam Schiff, a member of the House intelligence committee. "The evidence of the effectiveness of 702 is much more substantial than 215 [the bulk phone records collection]. So I think there are fewer fourth amendment concerns and more evidence of the saliency of the program." Wyden and Udall – both of whom say foreign surveillance conducted under Section 702 has legitimate value for US national security – have tried and failed to restrict the NSA's ability to collect and store Americans' communications that it accidentally acquires. Wyden told the Guardian that he raised concerns about the loophole with President Obama during an August 1 meeting with legislators about the NSA's surveillance powers. "I believe that Congress should reform Section 702 to provide better protections for Americans' privacy, and that this could be done without losing the value that this collection provides," he said. The Guardian put the latest revelations to the NSA and the Office of the Director of National Intelligence but no response had been received by the time of publication. More: NSA surveillance: the long fight to close backdoor into US communications http://www.theguardian.com/world/2013/aug/09/nsa-loophole-warrantless-searches-email-calls

We have discussed this Jos, and its a fine line, especially when your friend has a partner, shutdown or otherwise. You never know when things can turn with your friends relationship, and then YOU become the problem for THEM.... and its often the friend (YOU) that becomes the victim in the situation. Please guard your feelings, as I wouldn't want you to get hurt. you are a great guy, and very sensitive.

Hito, I trust Obama too, pretty much, as I think it's foolhardy to put a hundred percent trust in any government official. Even with that trust, though, Obama will be President for another three-and-a-half years. Then it will be someone else. You and I may trust that person. Or we may not. But trust in an individual should not be the determining factor in whether or not our government keeps secrets from us, or spies on us, or abridges our rights as citizens. That's why we set up our government as one of laws, and not of men. I know that you and I know this, but it can't hurt to remind ourselves once in a while. When Edward Snowden exposed the fact that some men in our government were 'interpreting' the law, and keeping those interpretations hidden from ordinary citizens and from their elected officials and, perhaps, from the President himself, it became time for this whole process to see the light of day and to enter the public debate for the first time ever. As I hope it will now do. The 'interpretations' as they now exist, in my opinion, stink. And who knows how they might be 'interpreted' in the future? From AdamSmith's cited article: Secret minimization procedures dating from 2009, published in June by the Guardian, revealed that the NSA could make use of any "inadvertently acquired" information on US persons under a defined range of circumstances, including if they held usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted or are believed to contain any information relevant to cybersecurity. Suppose, for example, that Rick Santorum becomes our next President. He was, if one can believe it, the Republican front-runner at a time when Obama's popularity was on the descent. And suppose he gets on his moral high horse and decides to go after prostitution. And suppose you and I show up in a call log one or two rings away from a 'person of interest'. Will you still be so trusting when you get your subpoena to testify in court? It's my natural temptation to think that things are going to keep going in a positive direction as far as civil rights are concerned. And I feel that way today, as I think you do too. But I'd be nuts to think that it's OK to start discarding the laws that got us here, and to count on trust in all future elected officials to keep us moving forward. We need these laws, and we need our Constitution, and we need to hold our government officials accountable for following them. As an old Russian (pre-Putin) proverb reminds us, Доверяй, но проверяй.

Six of one, half a dozen of the other.

A while back I signed up for one of those dating web sites where you fill out a questionnaire and they match up your profile with hundreds of others. Nearly every call I got was from a mental hospital. That and a guy working his way through college.

I have never thought of what other than time or money could be donated to a mental facility. Most folks don't have any "spare" sanity to offer and not sure how you would package it up for delivery anyway. Best regards, RA1

And you think your job sucks.... But then again, perhaps some of us wouldn't mind at all

Ok, I'm hard, which one of you wants to come home with me?

Now that sounds like a nice trip!

LUCKY 7 - i'll Take your HARD home !

The trip has been arranged: air, apartment and independent travel in Berlin for 5 days before joining tour group for Warsaw, Crakow, Prague, Budapest for almost three weeks; then it's Barcelona for 5 days: booked apartment two days ago. I am now very, very, very excited. This time I just very hope that NOTHING prevents me from this twice delayed journey!!

Versatility Wanes as Old Age approaches. That's why a lot of OLD guys become bottoms (well that, and they cant get it up anymore). I've been pretty much consistently ORAL, my gums are limber, my teeth are shiny, and my butthole is nice, taut and like a virgin. Versatility aint ALL its cracked up to be !

Yes! Of course, short of such a provider building (and somehow physically safeguarding every centimeter of) its own bespoke global physical infrastructure, the NSA would still be able to hoover up our data packets en route. Thus, it seems the ISP would also have to issue PGP-like encryption software for us to install on our PCs. And then find ways to win our confidence that a master decryption key had not been given behind doors to the authorities -- our'n, their'n, or other'n. That such distrust has now been sown essentially everywhere by the U.S. government's snooping seems to reveal, at heart, the true damage of it all. For greater success bin Laden could scarce have hoped.

Another one for you-know-who...