NSL: Internet Archive Exposes Lack of Security in National Security Letters

The Internet Archive has for a decade been a cornerstone of the Internet, and the FBI was foolish to try to break it:

The FBI has withdrawn an illegal National Security Letter seeking information from an online library and has lifted a gag order that until Wednesday prevented any discussion of the information request.

Lawyers from the American Civil Liberties Union and Electronic Frontier Foundation helped the Internet Archive push back against what they say was an overly broad and unlawful request for information on one of its users. The FBI issued its National Security Letter in November, but ACLU, EFF and Archive officials were precluded from discussing it with anyone because of a gag order they say was unconstitutional.

After nearly five months of haggling, the FBI eventually withdrew its NSL, which requested personal information about at least one user of the Internet Archive. Founded in 1996, the archive is recognized as a library by the state of California, and its collections include billions of Web records, documents, music and movies.

— Watchdogs prompt FBI to withdraw 'unconstitutional' National Security Letter, Nick Juliano, therawstory, Published: Wednesday May 7, 2008

The article goes on to say that the FBI has issued 200,000 National Security Letters, that almost none of those NSL have been challenged, yet every single time someone has challenged an NSL in court, the FBI has withdrawn it.

How do these NSL represent "Security"?

In any case, National Security Letters were authorized by the mis-named Patriot Act. Brewster Kahle has shown us how a real patriot acts:

European Parliament Votes for Internet Freedom and Security

Sometimes a legislative body gets the picture and shows some spine:

Despite last minute attempts by the French government to divide them, European MEPs today voted decisively against "three strikes", the IFPI-promoted plan to create a class of digital outcasts, forbidden from accessing the Net if repeatedly accused by music companies of downloading infringing content.

In a vote held today, hundreds of MEPs supported language which declared termination of Internet access to be in conflict with "civil liberties and human rights and with the principles of proportionality, effectiveness and dissuasiveness", all core values of the European Union.

... And Guy Bono, the author of the report, had this to say in the plenary:

"On this subject, I am firmly opposed to the position of some Member States, whose repressive measures are dictated by industries that have been unable to change their business model to face necessities imposed by the information society. The cut of Internet access is a disproportionate measure regarding the objectives. It is a sanction with powerful effects, which could have profound repercussions in a society where access to the Internet is an imperative right for social inclusion."

— European Parliament to Sarkozy: No "Three Strikes" Here, Posted by Danny O'Brien, EFF, April 10th, 2008

The European Parliament voted for social inclusion, participation, and human rights over profits for a tiny group of companies. That wasn't hard. Even if the vote had gone the other way, it wouldn't have produced any real security for the tiny group, and the way it did go, it produces far more security for everyone else. Maybe the U.S. can get the message.

-jsq

Hammers to be Outlawed in UK

What can you expect when public, press, and government think "hacker" means criminal?

The UK government has published guidelines for the application of a law that makes it illegal to create or distribute so-called "hacking tools".

...

A revamp of the UK's outdated computer crime laws is long overdue. However, provisions to ban the development, ownership and distribution of so-called "hacker tools" draw sharp criticism from industry. Critics point out that many of these tools are used by system administrators and security consultants quite legitimately to probe for vulnerabilities in corporate systems.

The distinctions between, for example, a password cracker and a password recovery tool, or a utility designed to run denial of service attacks and one designed to stress-test a network, are subtle. The problem is that anything from nmap through wireshark to perl can be used for both legitimate and illicit purposes, in much the same way that a hammer can be used for putting up shelving or breaking into a car.

— UK gov sets rules for hacker tool ban, Consultants in frame? Definitely Maybe By John Leyden, The Guardian, Published Wednesday 2nd January 2008 15:54 GMT

How long will it be before a simple traceroute gets you not only disconnected from your ISP but also clapped in jail for "hacking"?

It gets better:

Traffic Control Viewed as ISP Risk

Certain ISPs plan to spend a lot of money throttling, stifling, policing copyrights, campaigning and lobbying to control content of information flow through their networks. They might want to look at what's happening in China:

Beijing has recently added a new weapon to its arsenal of surveillance technologies, a system it believes to be a modern marvel: the Golden Shield. It took eight years and $700 million to build, and its mission is to "purify" the Internet — an apparently urgent task. "Whether we can cope with the Internet is a matter that affects the development of socialist culture, the security of information, and the stability of the state," President Hu Jintao said in January.

The Golden Shield — the latest addition to what is widely referred to as the Great Firewall of China — was supposed to monitor, filter, and block sensitive online content. But only a year after completion, it already looks doomed to fail. True, surveillance remains widespread, and outspoken dissidents are punished harshly. But my experience as a correspondent in China for seven years suggests that the country's stranglehold on the communications of its citizens is slipping: Bloggers and other Web sources are rapidly supplanting Communist-controlled news outlets. Cyberprotests have managed to bring about an important constitutional change. And ordinary Chinese citizens can circumvent the Great Firewall and evade other forms of police observation with surprising ease. If they know how.

— The Great Firewall: China's Misguided — and Futile — Attempt to Control What Happens Online, By Oliver August, WIRED MAGAZINE: ISSUE 15.11, 10.23.07 | 12:00 AM

And if they don't know how, that article provides tips.

Media Security: Consolidation or Diversity?

Despite unanimous vote of the Senate Commerce Committee to delay, and direct question from one of its members, (not to mention overwhelming opposition in meetings across the country), FCC Chairman Kevin Martin plans to go ahead with the media consolidation vote scheduled for tomorrow, 18 December, which, given the 3-2 Republican-Democrat makeup of the Commission, will almost certainly result in more media consolidation.

Not only John Kerry, but even Trent Lott and Ted Stevens spoke against Martin's plan. Martin, pretending not to know that newspapers are one of the most profitable industries (and nobody on the Commerce Committee thought to ask him directly whether he knew that; they only asked him if he had seen a specific report that said that), claims that the only way to save newspapers is to let them buy television stations. The New York Times published Martin's op-ed to this effect. (Today the Times did at least publish their own editorial criticizing his position.)

Meanwhile, three members of the House Judiciary Committee have written an op-ed calling for the impeachment of vice-president Cheney, and no major newspaper will carry it, even though one of them, Wexler of Florida, collected more than 50,000 names for it over one weekend (up to 77,000 as of this writing).

Were it left to me to decide whether we should have a government without newspapers, or newspapers without a government, I should not hesitate a moment to prefer the latter.

— Letter to Nathaniel Macon, Thomas Jefferson, January 12, 1819

What would Jefferson have thought about newspapers that wouldn't publish a call for impeachment by members of the committee that is supposed to bring such charges? And why, given such a press, is anyone even considering more media consolidation? Which is better for the security of the Republic: more media consolidation or less?

-jsq

Myanmar Destablized by Chinese Imports

Well, not quite yet, but this could be the start:

"It is learnt that taking advantage of the inability of the Myanmar military junta to provide satisfactory and affordable mobile phone services in the Shan State and the Kachin State areas of North Myanmar, Chinese companies have been operating mobile phone services in Yunnan for the benefit of the people of North Myanmar."

— Chinese Mobile Phone Services in North Myanmar, By B. Raman, Paper no. 2470, South Asia Analysis Group, 21-Nov.-2007, quoted in Lots More Reasons Why China is the New America, By Bruce Sterling, Beyond the Beyond, Wired Blogs, November 23, 2007 | 8:35:27 AM

This bears watching, also because while I've been predicting the U.S. may end up buying fast Internet access from Japanese companies, just like cars, actually it could be Chinese companies.

-jsq

Breached Party: Labour Loses Confidence Due to Lack of Breach Security

The U.K. Revenue ministry has been leaking massive amounts of personal information, and now it's affected the ruling party:

The Government will face fresh questions over the loss of millions of voters' personal data amid evidence the debacle has helped fuel a massive slump in public confidence.

One poll showed those backing Labour's ability to handle economic problems had been more than halved to 28%, with just a quarter deeming Gordon Brown's administration "competent and capable".

And another gave the Tories a nine-point overall lead, its strongest position for 15 years, just weeks after Labour enjoyed an 11-point advantage in the same poll.

— Confidence in Labour 'plummets', Press Association, Guardian Unlimited, Friday November 23, 2007 7:03 AM

A government in risk of falling due to lack of breach security and perceived lack of technical confidence might be what it takes to get governments and industry to take breach security seriously. For example by requiring breach reporting.

-jsq

Free Burma!

Well, I hadn't been planning on posting more on the Myanmar or Burma situation, but within minutes of my posting yesterday, the Free Burma folks found my post and commented on it with a link back to their site.

I've got to admire their quick use of the Internet to amplify their activism. Their web pages say they only started Sunday. Looks like some of their supporters are actually astroturf web sites, but that just goes with the territory. Also, a lot of people can't type in their own web addresses correctly. However, they've collected a dozen more supporters while I've been typing this.

So, how could I refuse to post again on their requested date, which happened to be today?

-jsq

Simply Switched Off the Internet: Myanmar Junta v. Bloggers

When blogging is a revolutionary act:

Internet geeks share a common style, and Ko Latt and his four friends would not be out of place in cyber cafés across the world. They have the skinny arms and the long hair, the dark T-shirts and the jokey nicknames. But few such figures have ever taken the risks that they have in the past few weeks, or achieved so much in a noble and dangerous cause.

Since last month Ko Latt, 28, his friends Arca, Eye, Sun and Superman, and scores of others like them have been the third pillar of Burma’s Saffron Revolution. While the veteran democracy activists, and then the Buddhist monks, marched in their tens of thousands against the military regime, it is the country’s amateur bloggers and internet enthusiasts who have brought the images to the outside world.

Armed with small digital cameras, they have documented the spectacular growth of the demonstrations from crowds of a few hundred to as many as 100,000. On weblogs they have recorded in words and pictures the regime’s bloody crackdown, in a city where only a handful of foreign journalists work undercover. With downloaded software, they have dodged and weaved around the regime’s increasingly desperate attempts to thwart their work. Now the bloggers, too, have been crushed. Having failed to stop the cyber-dissidents broadcasting to the world, the authorities have simply switched off the internet.

— Bloggers who risked all to reveal the junta’s brutal crackdown in Burma, by Kenneth Denby, The Times, 1 October 2007

Unfortunately for the bloggers, they all had to register with the government to be allowed to blog in the first place. If the junta falls, they'll be heroes. If it survives, they'll probably be dead.

This is not the first time.