Tag Archives: The Guardian

Stanistreet, Michelle - The government is using terrorism as an excuse to spy on journalists - The Guardian 20160314

Stanistreet, Michelle  - The government is using terrorism as an excuse to spy on journalists - The Guardian 20160314

The investigatory powers bill – or ‘snoopers’ charter’ – endangers press freedom, and offers no protection for sources or whistleblowers

The investigatory powers bill, which will receive its second reading in parliament on Tuesday, contains a range of surveillance powers available to the security services, police and other public bodies.

The first draft last year raised alarm bells, including amongst the three cross-party parliamentary committees that voiced serious concerns. Yet it took the Home Office just two weeks to cobble together this re-draft that in no way resolves the bill’s serious flaws.

Farcically, concerns about privacy have been addressed by inserting one word into a heading. Part one of the investigatory powers bill was called “general protections” and is now called “general privacy protections”. This is how the government has responded to the parliamentary intelligence committee recommendation that “privacy protections should form the backbone of the draft legislation”.
Snooper's charter: wider police powers to hack phones and access web history
Read more
The NUJ has been campaigning for improved laws and protections since a police report in 2014 revealed the Sun’s political editor’s mobile phone records and call data from the newsdesk had been seized in secret by police. When the British state has a total disregard for the protection of sources and whistleblowers then there are severe consequences for all journalists and press freedom.

Not least will be the impact on journalists’ safety. Reporters who work in dangerous environments – in a war zone or when investigating organised crime – are already targeted. Being seen as agents of the state, or a conduit to information about their sources, will make their work fraught with greater dangers. The independence of journalists, and the very notion of press freedom, is something that is critical to our collective safety and credibility.

In its essence, this bill is exploiting public concerns about terrorism and national security as an excuse to spy on journalists.

Advertisement

One section of the bill allows for “equipment interference”, enabling the authorities to access computers and electronic equipment. This interference includes hacking computers to gain access to passwords, documents, emails, diaries, contacts, pictures, chat logs and location records. Microphones or webcams could be turned on and items stored could be altered or deleted. Under the bill, journalists have no right to challenge this type of surveillance – in fact it is highly unlikely they would ever find out it has happened.

If journalists don’t know their work and their sources are being compromised then it becomes practically impossible to uphold our ethical principle to protect sources and whistleblowers.

The NUJ has a long and proud record of defending members from having to identify their sources, including backing a legal case in 1996 that fixed the journalists’ “right to silence” in European law.

That’s only possible if there is a transparent mechanism to challenge such demands for information on sources – if the state can get their hands on that information without a journalist ever knowing, how can we support the countless individuals who are brave enough to blow the whistle on information they believe the public needs to know about?

In 2015 a report by the Interception of Communications Commissioner’s Office revealed that 19 police forces had made 608 applications for communications data to find journalistic sources over a three-year period. Applications made and considered in secret.

Analysis Technology firms' hopes dashed by 'cosmetic tweaks' to snooper's charter
New version of investigatory powers bill doesn’t differ much from the old one, signalling a standoff between the government and technology sector
Read more
In response the previous culture secretary, Sajid Javid, said “journalism is not terrorism” and the government promised to introduce safeguards. Despite a series of interim measures being put in place, none of the key ones are in this new bill. The cross-party parliamentary joint committee said that the “protection for journalistic privilege should be fully addressed by way of substantive provisions on the face of the bill”. Yet this government has turned its face and ignored the recommendation.

The bill also introduces legislative anomalies – there is no adherence to standards already established in legislation such as the Police and Criminal Evidence Act 1984 and Terrorism Act 2000. The bill contains no requirement to notify a journalist, media organisation or their legal representatives when the authorities intend to put journalists under surveillance or hack into their electronic equipment. There is no right to challenge or appeal and the entire process takes place in secret. The oversight measures do not involve any media experts who can advocate on behalf of journalists and press freedom. This is an outrageous abuse of press freedom in the UK.

The NUJ is not alone in having grave concerns about this latest version of the bill – we are joined by others in the media industry, trade unions, legal experts, and privacy and human rights campaigners. These extremely intrusive and unnecessary surveillance powers trample over the very principles of journalism and will be a death knell for whistleblowers of the future. There are a growing number of politicians waking up to the dangers in this bill and we hope others will think hard before they cast their vote on Tuesday.

Ackerman, Spencer - Pentagon maintains 'toxic' environment for whistleblowers, watchdog says - The Guardian 20160311

Ackerman, Spencer - Pentagon maintains 'toxic' environment for whistleblowers, watchdog says - The Guardian 20160311

Project on Government Oversight cites reports that show investigations take average of 526 days and more than 86% of alleged reprisal cases are dismissed.

The internal investigations branch of the Pentagon maintains a climate that is “toxic” to whistleblowers, according to a leading good-government watchdog.

The Project on Government Oversight (Pogo) this week sent a letter to the Pentagon inspector general, Glenn Fine, seeking urgent changes to an investigative office it says takes years to close cases, dismisses most reprisal allegations made by would-be whistleblowers and allows senior officials to skate on misconduct charges.

The office has taken on a high-profile inquiry into allegations of doctored intelligence about the US war against the Islamic State coming from analysts at US Central Command. The inquiry is being closely watched on Capitol Hill.

Edward Snowden, who made revelations about bulk surveillance in 2013, cited the dismissive and even hostile treatment of National Security Agency whistleblowers by official channels as a motivation.

Mandy Smithberger of Pogo, which was founded by Defense Department whistleblowers and deals with such individuals regularly, said it has grown hard to look at the Pentagon inspector general’s office “and not tell people, ‘You shouldn’t expect much out of this process.’”

Citing years of reports from the Government Accountability Office (GAO), the investigative wing of Congress, Pogo presented a litany of charges to Fine, a well-regarded former Justice Department inspector general.

Fine, who took over the office in January, told the Guardian in a statement Pogo’s information was “one-sided and dated, and it took various GAO findings out of context”.

According to Pogo, Pentagon investigations take an average of 526 days to close, despite a 180-day limit required by law.

“Apparent misconduct” is “widespread” in the inspector general’s case filing system, Pogo charged, with information relevant to the conclusion of its inquiries “changed after the fact”.

“We now believe that DoD IG’s administrative investigations leadership, management, and staff may have purposely altered records to mislead GAO investigators about the depth of these problems,” the letter stated.

Whistleblowers are statistically unlikely to have an ally in the office: Pogo said the Pentagon inspector general has dismissed more than 86% of cases concerning alleged reprisals against would-be whistleblowers since 2012.

“This rate of dismissal, which is more than double that of service [army, navy and air force] IGs for the same types of cases, creates the appearance that DoD IG is focused on closing, rather than investigating, the cases it receives,” Pogo wrote in the letter, which was dated 8 March.

Pogo also alleged that senior officials were more likely to be cleared by the office than their junior counterparts. Again citing the GAO, Pogo said the office in recent years substantiated five allegations against senior officials – after investigating 27 and closing 364 without investigation.

The military services’ inspectors investigated all 250 cases against senior officials they received, substantiating 90.

Fine defended his office, saying it had made “significant progress” in handling whistleblower-reprisal allegations and identifying the “effectiveness and timeliness of investigations” as an area of focus for improvement.

“However, I believe that the leadership of AI [administrative investigations] was unfairly attacked in Pogo’s letter, and that [chief Marguerite] Garrison and her senior officials are leading the component in the right direction.

“AI has the difficult job of conducting tough, fair, thorough and timely whistleblower reprisal investigations, and I believe that AI leadership and staff are working hard to handle those duties in a responsible way.”

Without faith in whistleblower protections, Pogo’s Smithberger said, Defense Department employees and contractors who witness waste, fraud, abuse and illegality face a choice of either silence or public disclosure.

Smithberger praised Fine’s work at the Justice Department and said he had a lot of work ahead of him in repairing a “broken office”.

Timm, Trevor - Congress showed it's willing to fight the FBI on encryption. Finally - 20160301

Timm, Trevor - Congress showed it's willing to fight the FBI on encryption. Finally - 20160301

congress

Members of Congress did something almost unheard of at Tuesday’s hearing on the brewing battle over encryption between Apple and the FBI: their job. Both Democrats and Republicans grilled FBI director Jim Comey about his agency’s unprecedented demand that Apple weaken the iPhone’s security protections to facilitate surveillance. This would have dire implications for smartphone users around the globe.

Normally, congressional committee hearings featuring Comey are contests among the members over who can shower the FBI director with the most fawning compliments in their five-minute allotted time frame. Hard questions about the agency’s controversial tactics are avoided at all costs. But on Tuesday, in rare bipartisan fashion, virtually every member of the House judiciary committee asked Comey pointed questions and politely ripped apart his arguments against Apple.

One judiciary member questioned how the FBI managed to mess up so badly during the San Bernardino investigation and reset the shooter’s password, which is what kicked this whole controversy and court case in motion in the first place. And if the case was such an emergency, why did they wait 50 days to go to court? Another member questioned what happens when China inevitably asks for the same extraordinary powers the FBI is demanding now. Others questioned whether the FBI had really used all the resources available to break into the phone without Apple’s help. For example, why hasn’t the FBI attempted to get the NSA’s help to get into the phone, since hacking is their job?

Comey readily admitted that the San Bernardino case could set a precedent for countless others after it, and that it won’t just be limited to one phone, as the FBItried to suggest in the days after the filing became public. Comey said the FBI has so many encrypted phones in its possession that he doesn’t know the number (that’s not including the hundreds of local police forces that are itching to force Apple to create software to decrypt those as well). Comey also admitted under questioning that terrorists would just move to another encrypted device if Apple was forced to do what the government is asking, and that there are companies all over the world offering similar products.

More than anything, though, the members of Congress expressed anger that theFBI director didn’t follow through earlier on his stated intention to engage in a debate in Congress and the public about the proper role for encryption in society. Instead, he decided to circumvent that debate altogether and quietly go to court to get a judge to do what the legislative branch has so far refused to do.

This all comes on the heels of a judge in New York strongly rebuking the FBI and Department of Justice in a court decision on Monday. (The New York case is different from the high profile San Bernardino situation that has garnered more media attention.) Comey, despite knowing he would testify on Tuesday, decided not to read the opinion from the previous day. He didn’t give a reason for why he didn’t, but given the judge thoroughly dismantled every argument the government put forward, maybe he couldn’t stomach it.

The court hearing in the San Bernardino case is in two weeks, and there is no doubt that this is really only the beginning of the debate. But, for the first time, it seems like Congress has finally opened its eyes to the long-term effects of designing vulnerabilities into our communications systems and forcing tech companies to becomes investigative arms of the government.

Doctorow, Cory - Forget Apple's fight with the FBI – our privacy catastrophe has only just begun - The Guardian 20160304

Doctorow, Cory - Forget Apple's fight with the FBI – our privacy catastrophe has only just begun - The Guardian 20160304

The privacy crisis is a disaster of our own making – and now the tech firms who gathered our data are trying to make money out of privacy

The smog of personal data is the carbon dioxide of privacy. We’ve emitted far too much of it over the past decades, refusing to contemplate the consequences.

For privacy advocates, the Apple-FBI standoff over encryption is deja vu all over again.

In the early 1990s, they fought and won a pitched battle with the Clinton administration over the Clipper chip, a proposal to add mandatory backdoors to the encryption in telecommunications devices.

Soon after that battle was won, it moved overseas: in the UK, the Blair government brought in the Regulatory of Investigatory Powers Act (RIPA). Privacy advocates lost that fight: the bill passed in 2000, enabling the government to imprison people who refused to reveal their cryptographic keys.

The privacy fight never stopped. In the years since, a bewildering array of new fronts have opened up on the battlefield: social media, third-party cookies, NSA/GCHQ mass surveillance, corporate espionage, mass-scale breaches, the trade in zero-day vulnerabilities that governments weaponise to attack their adversaries, and Bullrun and Edgehill, the secret programmes of security sabotage revealed by whistleblower Edward Snowden.

Who really cares about surveillance?

The first line of defense for surveillance advocates – whether private sector or governmental – is to point out just how few people seem to care about privacy. What can it matter that the government is harvesting so much of our data through the backdoor, when so many of us are handing over all that and more through the front door, uploading it to Facebook and Google and Amazon and anyone who cares to set a third-party cookie on the pages we visit?

Why is it so hard to convince people to care about privacy?

Painting the pro-privacy side as out-of-step loonies, tinfoil-hatted throwbacks in the post-privacy era was a cheap and effective tactic. It made the pro-surveillance argument into a *pro-progress* one: “Society has moved on. Our data can do more good in big, aggregated piles than it can in atomized fragments on your device and mine. The private data we exhaust when we move through the digital world is a precious resource, not pollution.”

It’s a powerful argument. When companies that promise to monetize your surveillance beat companies that promise to protect your privacy, when people can’t even be bothered to tick the box to block tracking cookies, let alone install full-disk encryption and GPG to protect their email, the pro-surveillance camp can always argue that they’re doing something that no one minds very much.

From the perennial fights over national ID cards to the fights over data retention orders, the lack of any commercial success for privacy tech was a great way to shorthand: “Nothing to see here – just mountains being made from molehills.”

And then ... companies started selling privacy

But a funny thing happened on the way to the 21st century: we disclosed more and more of our information, or it was taken from us.

As that data could be used in ever-greater frauds, the giant databases storing our personal details became irresistible targets. Pranksters, criminals and spies broke the databases wide open and dumped them: the IRS, the Office of Personnel Management, Target and, of course, Ashley Madison. Then the full impact of the Snowden revelations set in, and people started to feel funny when they texted something intimate to a lover or typed a potentially embarrassing query into a search box.

Companies started to sell the idea of privacy. Apple and Microsoft sought to differentiate themselves from Facebook and Google by touting the importance of not data-mining to their bottom lines. Google started warning users when it looked like governments were trying to hack into their emails. Facebook set up a hidden service on Tor’s darknet. Everybody jumped on the two-factor authentication bandwagon, then the SSL bandwagon, then the full-disk encryption bandwagon.

The social proof of privacy’s irrelevance vanished, just like that. If Apple – the second most profitable company in the world – thinks that customers will buy its products because no one, not even Apple, can break into the data stored on them, what does it say about the privacy zeitgeist?

The privacy catastrophe has only just begun

Seamlessly, the US Department of Justice switched tacks: Apple’s encryption is a “marketing stunt”. The company has an obligation to backdoor its products to assist law enforcement. Please, let’s not dredge up the old argument about whether it’s OK to spy on everyone – we settled that argument already, by pointing out the fact that no one was making any money by making privacy promises. Now that someone is making money from privacy tech, they’re clearly up to no good.

The smog of personal data is the carbon dioxide of privacy. We’ve emitted far too much of it over the past decades, refusing to contemplate the consequences until the storms came. Now they’ve arrived, and they’ll only get worse, because the databases that haven’t breached yet are far bigger, and more sensitive than those that have.

Like climate change, the privacy catastrophes of the next two decades are already inevitable. The problem we face is preventing the much worse catastrophes of the following the decades.

And as computers are integrated into the buildings and vehicles and cities we inhabit, as they penetrate our bodies, the potential harms from breaches will become worse.

Doctorow, Cory - The FBI wants a backdoor only it can use – but wanting it doesn’t make it possible - The Guardian 20160301

Doctorow, Cory - The FBI wants a backdoor only it can use – but wanting it doesn’t make it possible - The Guardian 20160301

Much like climate change denialists, politicians continue to debate encryption – ignoring the consensus of experts that it must not be compromised

There is a precedent for when something urgent is considered a settled matter in expert circles, but is still a political football in policy circles: climate change. Denialism is a deadly feature of 21st-century life.

The FBI’s demand that Apple create a defeat device for decrypting a phone that belonged to a mass murderer has all the ingredients for a disastrous public conversation.

Combine a highly technical debate about information security with an emotionally charged subject matter, then confuse the whole issue with a 24-hour news cycle tick-tock about who did what, when, and you end up bogged down in questions like, “Does it matter if the FBI directed the local cops to try to change the phone’s password, inadvertently creating the lockout?”

The questions raised by this court order are deliberately the wrong ones: questions whose answers don’t get us any closer to a lasting peace in the crypto wars. After all, the order emanates from a lowly magistrate judge, meaning that no matter how the ruling comes down, it will be appealed, possibly all the way to the supreme court, given the seriousness of the issue. It could be years before we even get a final ruling.

That final ruling will have very limited applicability, since the court’s order directs Apple to build a defeat device that wouldn’t work on its latest phones, nor will it work on its future devices, no matter how the judgment goes. This is the title sequence for Crypto Wars II, not the closing credits.

The first Crypto War was fought in the 1990s when the NSA insisted on a ban on strong crypto in civilian hands, and the US classed the underlying mathematics as munitions.

The Clinton administration lobbied for mandatory backdoors, insisting that it was possible to make a backdoor that only the good guys could walk through – precisely the same argument raised by the Obama administration in 2016 (see also: 2015, 2014, 2013, 2012, etc).

The thing about this controversy is that it isn’t one. Independent cryptographers are virtually unanimous in their view that you can’t properly secure a system while simultaneously ensuring that it ships with a pre-broken mode that police can exploit.

The fact that this would be useful doesn’t make it possible: as security experts Meredith Whittaker and Ben Laurie recently wrote: “Wanting it badly isn’t enough.”

Another urgent issue considered settled in expert circles, but still debated in policy circles: climate change
Law enforcement would also be assisted by anti-gravity devices, time machines, psychic powers, and the ability to selectively reverse entropy, but that doesn’t make them possible. Likewise uncontroversial is the gravity of the cybersecurity question. Cybersecurity isn’t just about protecting your location data and your private emails: it’s about making sure randos aren’t spying on your children through your baby monitor, or driving your car off the road, or killing you where you stand by wirelessly hacking your insulin pump – or stealing entire hospitals.

If you’re not worried about this stuff, you’re not paying close enough attention.

There’s precedent for this kind of contradiction, where something urgent is considered a settled matter in expert circles, but is still a political football in policy circles: climate change. Denialism is a deadly feature of 21st-century life.

The people who deny climate change have a range of motivations, from good-faith (but ill-founded) scientific disagreements to self-delusion to self-interest (and self-delusion driven by self-interest, of course). Many tactics have been tried in the denialism battles, but there have been few successes.

A notable exception is solar power and energy independence. This decade’s massive investment in solar power, driven by state subsidies, has bridged the gap between climate change denial and renewal energy advocacy. As the saying goes, “solar is a technology, not a fuel,” so it gets better (and cheaper) with investment and scale. The combination of better energy, good solar industry jobs and energy independence (with the promise of fewer disastrous foreign wars) has won over many climate deniers, who still think the Earth isn’t getting hotter, or that humans aren’t responsible for it, but nevertheless are some of solar’s biggest fans.

The rallying cry of economics is “incentives matter”. Given the right incentives, denial’s effects can be overcome, even if the underlying mistaken beliefs remain intact. Vaccine denial is another matter. While vaccination denial is deadly and urgent, the most successful strategy for combatting it has been all stick, no carrot. In California, SB277 simply prohibits children from attending school unless their parents get them vaccinated.

As a parent in a California school district, I can tell you that it’s working: the bus-shelter outside our local pharmacy may sport a nutty anti-flu-jab ad, and I still hear parents fretting about canards like mercury and “too many vaccinations in one shot”, but all the kids in our local school are vaccinated, full stop.

When we missed a doctor’s appointment for a Hep B shot, we got a note from the school nurse with a firm deadline to make it up, after which our daughter would no longer be welcomed on the premises. Measles, whooping cough and other preventable diseases are receding into the background. We hear stories about home-schooled, unvaccinated friends being disinvited from birthday parties because it’s simply ceased to be socially acceptable for someone to let their unfounded beliefs endanger their neighbors and their kids.

The difference between the carrot approach (climate) and stick approach (vaccines) can be explained by looking at the social power of each denial movement.

Vaccine denial makes a small number of unscrupulous celebrity alternative medicine advocates rich, but they’re small potatoes next to the Koch brothers. Their supporters can be pushed around in state legislatures with relative impunity.

Denial by the powerful has been addressed with bribes; denial by the powerless has been addressed with coercion.

Math denial – the belief that cryptographers are nefariously keeping all the cool stuff under wraps – is an idea with some powerful backers. One form of math denial is the belief in the ability to make computers that prevent copyright infringement.

Computers only ever work by making copies: restricting copying on the internet is like restricting wetness in water. Nevertheless, big corporations with hawk-eyed activist investors get away with buying “digital rights management” technologies that purport to prevent unauthorized copying.

Cryptographers (who don’t work for DRM companies) think this is ridiculous, the alternative medicine of computer science. But just as the NHS funds homeopathic “medicine” in public hospitals, legislatures continue to treat digital locks as going concerns, because orthodoxy and political expedience demands it. The entertainment industry is a powerful adversary, the security services are more powerful still.

It’s tempting to play along with them here, offer them more magic beans in the form of backdoors that we pretend only the good guys can fit through, or in the form of purportedly copy-proof bits, but the stakes are awfully high, and climbing steadily.

We cannot trust our government, so we must trust the technology - Yochai Benkler, The Guardian 20160222

We cannot trust our government, so we must trust the technology - Yochai Benkler, The Guardian 20160222

Apple’s battle with the FBI is not about privacy v security, but a conflict created by the US failure to legitimately oversee its security service post Snowden

The showdown between Apple and the FBI is not, as many now claim, a conflict between privacy and security. It is a conflict about legitimacy.

America’s national security agencies insist on wielding unaccountable power coupled with “trust us, we’re the good guys”, but the majority of users have no such trust. Terrorism is real, and surveillance can sometimes help prevent it, but the only path to sustainable accommodation between technologies of secrecy and adequately informed policing is through a root-and-branch reform of the checks and balances in the national security system.

The most important principle that the Obama administration and Congress need to heed in this conflict is: “Physician, heal thyself.”

The FBI, to recap, is demanding that Apple develop software that would allow it to access the secure data on the work phone of one of the two perpetrators of the San Bernardino attack.

Apple has refused to do so, arguing that in order to build the ability to access this phone, it would effectively be creating a backdoor into all phones.

The debate is being publicly framed on both sides as a deep conflict between security and freedom; between the civil rights of users to maintain their privacy, and the legitimate needs of law enforcement and national security. Yet this is the wrong way to think about it.

The fundamental problem is the breakdown of trust in institutions and organizations. In particular, the loss of confidence in oversight of the American national security establishment.

It is important to remember that Apple’s initial decision to redesign its products so that even Apple cannot get at a user’s data was in direct response to the Snowden revelations. We learned from Snowden that the US national security system spent the years after 9/11 eviscerating the system of delegated oversight that had governed national security surveillance after Watergate and other whistleblower revelations exposed pervasive intelligence abuses in the 1960s and 70s.

Apple’s design of an operating system impervious even to its own efforts to crack it was a response to a global loss of trust in the institutions of surveillance oversight. It embodied an ethic that said: “You don’t have to trust us; you don’t have to trust the democratic oversight processes of our government. You simply have to have confidence in our math.”

This approach builds security in a fundamentally untrustworthy world.

Many people I know and admire are troubled by the present impasse. After all, what if you really do need information from a terrorist about to act, or a kidnapper holding a child hostage? These are real and legitimate concerns, but we will not solve them by looking in the wrong places. The FBI’s reliance on the All Writs Act from 1789 says: “I am the government and you MUST do as you are told!” How legitimate or illegitimate what the government does is irrelevant, so this logic goes, to the citizen’s duty to obey a legally issued order.

The problem with the FBI’s approach is that it betrays exactly the mentality that got us into the mess we are in. Without commitment by the federal government to be transparent and accountable under institutions that function effectively, users will escape to technology. If Apple is forced to cave, users will go elsewhere. American firms do not have a monopoly on math.

In the tumultuous days after the Snowden revelations there were various committees and taskforces created to propose reforms. Even a review group made of top former White House and national security insiders proposed extensive structural reforms to how surveillance operated and how it was overseen. Neither the administration nor Congress meaningfully implemented any of these reforms.

Apple’s technology is a response to users’ thirst for technology that can secure their privacy and autonomy in a world where they cannot trust any institutions, whether government or market.

It is therefore the vital national security interest of the US that we build an institutional system of robust accountability and oversight for surveillance and investigation powers. We need meaningful restrictions on collection and use of data; we need genuinely independent review, with complete access to necessary information and a technically proficient capacity to exercise review.

Perhaps most importantly, we need to end the culture of impunity that protects people who run illegal programs and continue to thrive in their careers after they are exposed, but vindictively pursues the whistleblowers who expose that illegality.

Only such a system, that offers transparently meaningful oversight and real consequences for those who violate our trust, has any chance of being trustworthy enough to remove the persistent global demand for platforms that preserve user privacy and security even at the expense of weakening the capabilities of their policing and national security agencies.

Apple’s case is not about freedom versus security; it is about trustworthy institutions or trust-independent technology. We cannot solve it by steamrolling the technology in service of untrusted institutions.

Apple v FBI: engineers would be ashamed to break their own encryption - The Guardian 20160222

Among the secretive, almost religious community of expert security engineers, breaking your own encryption is seen as shameful and unholy

Apple’s security team are a tight-knit tribe of hackers driven by a strict belief system and with almost unparalleled power around the company’s Cupertino campus, according to a former employee who worked closely with them.

“They’ll come into your office and just sit down with you and argue until they win, but they will always win,” said the engineer, who worked in a different department at Apple and who spoke on condition of anonymity. “They dressed the same as us, they’re just as fun to talk to, but they’re fierce. They know how much responsibility they have and how vulnerable it could be.”

Software engineers, especially those who work the deep foundational security code, like to see themselves as being driven by craft and art more than money. To break that security code – as the FBI has ordered Apple engineers to do this week – would not be just politically and commercially difficult for Apple but emotionally hard for engineers, according to former employees, a psychologist who specializes in engineer issues and leaders in the engineering community.

Engineers have a strong, almost religious belief system around their work. In this way of thinking, the FBI’s request is not just shortsighted and worldly but immoral.

“It’s like asking Superman to engineer his own kryptonite,” said David Noor, a therapist and software engineer who counsels technologists. “I can only imagine how hard it is to be those engineers today.” Noor said if the Apple engineers had to bow to FBI pressure and break their own encryption, it would be a personal shame they would take “to the grave”.

It’s like asking Superman to engineer his own kryptonite. I can only imagine how hard it is to be those engineers today.
Chris Noor, therapist for technologists
“If push came to shove, and those engineers were asked to do something that’s so contrary to their values, they’d go to their graves so sad they’d done that. It would be a monumental thing for them emotionally,” he said. “Most engineers realize there’s compromise in the world, but it is very hard for them.”

Andy Aude, a former Apple engineer and current Stanford computer science student, described an unwritten set of ethics in his community. “In the software world there’s so little formal education, there’s no one rigid school of thought, but there are these nebulous shared values that emerge through practice,” Aude said.

This belief system often means engineers will take lower paying jobs in return for the prestige of working for a perfectionist culture. One explained it as the reason Square gets better engineers than LinkedIn, even in the face of higher offers.

“The best engineers in San Francsico, the really good ones, they don’t care how much they make, all they care about is what they make and how well it performs,” said Steve Derico, who hosts an engineer meetup with 3,000 attendees. “That’s what drives their decision making – legacy and craftsman development.”

It can be almost obsessive: “Developing is like golf, once you do it you just want to get a little bit better every time,” he said.

Engineers who code especially beautifully become famous in their communities, and the works are seen as almost religious, according to several developers.

“This sort of encryption is seen as sort of a holy, sacred thing,” said Ryan Orbuch, a serial entrepreneur who won Apple’s design award in 2013. “People worship this kind of crypto.”

Orbuch said when the FBI asks Apple engineers to break something, completing the act goes against that almost religious way of thinking.

“When you do InfoSec and your job is security, your moral view of the world is based on the fact that you can provide security through math, security that’s complete and secure not just because of any social contract but because literally the math works,” Orbuch said. “When someone comes and says I want you to break this for me, it goes against everything we believe in.”

Ai Weiwei and Julian Assange post middle fingers on Instagram - The Guardian 20150917

Ai Weiwei and Julian Assange post selfie on Instagram - The Guardian 20150917

Dissidents raise the finger with a grin at the Ecuadorian embassy, London

Ai Weiwei and Julian Assange post selfie on Instagram
Julian Assange, right and Ai Weiwei, who has a Royal Academy exhibition opening on Saturday.

Ai Weiwei and Julian Assange have made what seem to be gestures of contempt for their critics in a selfie posted to an Instagram account.

Ai Weiwei review – momentous and moving

If there were any who doubted Ai Weiwei’s work matched his reputation, this rollercoaster of a show – racing between his time in jail, the Sichuan earthquake and 3,000 crabs – should silence them

The picture, which was uploaded to Ai’s Instagram account on Wednesday and is understood to have been taken inside the Ecuadorian embassy in west London, shows both men grinning impishly at the camera, left hands raised with their middle fingers extended.

Assange, head of the WikiLeaks whistleblowing website, has had refuge at the embassy since 2012, because of the threat of being extradited to Sweden where he faces an arrest warrant relating to allegations of rape and sexual assault.

Assange also fears the possibility of onward extradition to the US, where authorities are believed to be building an espionage case against him for publishing secrets about the wars in Iraq and Afghanistan, and for obtaining US diplomatic cables, which embroiled the country in huge international scandals. He could not be reached for comment on Thursday. And a spokesperson for WikiLeaks could not say what he and Ai spoke about at the embassy.

The artist and dissident Ai was detained without charge in China for 81 days in 2011, during a crackdown there on political activists. The government also confiscated his passport, returning it in July, after which he travelled to German, and Britain, despite UK border authorities initially refusing him a visa.

The supposedly most egregious crime of Ai, a persistent critic of China’s regime, was to have created an artwork composed of 9,000 children’s backpacks, as a commentary on the multiple school building collapses during the 2008 Sichuan earthquake, which killed thousands of pupils.

Ai also published the names of 5,000 of the dead schoolchildren, prompting authorities to shut down his blog, demolish his studio, investigate him on charges of pornography, bigamy, tax avoidance and foreign currency irregularities, and beat him until he suffered brain injury.

At the Royal Academy, in London, Ai currently has a retrospective, opening to the public on Saturday, featuring artworks dating to 1993, the year he returned to Beijing after living in the US for 12 years.

David Miranda in fresh challenge over Heathrow detention - The Guardian 20151208

David Miranda in fresh challenge over Heathrow detention - The Guardian 20151208

David Miranda, the partner of the former Guardian journalist Glenn Greenwald, has launched a fresh appeal challenging the legality of his detention under counter-terrorism powers for nine hours at Heathrow airport in 2013.

The hearing at the court of appeal in London is an attempt to overturn an earlier decision by a lower court that holding him under schedule 7 of the Terrorism Act 2000 was lawful.

About 60,000 people a year are held in such controversial port stops. The Home Office has argued that border controls exist to check on travellers where there is insufficient information to justify an arrest.

Miranda’s first legal challenge was supported by the Guardian. This court of appeal challenge is funded by First Look Media, which publishes the online magazine the Intercept. The organisation said the appeal had been brought to defend freedom of expression and journalists’ rights.

When Miranda was stopped in August 2013, he was carrying encrypted files containing journalistic material derived from the US National Security Agency whistleblower Edward Snowden, his lawyer told the appeal court.

Matthew Ryder QC said: “Snowden, whatever you may think of him, provided information which has been of immense public importance. In this case we are talking about journalism of unusually high quality.”

The previous court had erred in its decision, Ryder said, because it had misinterpreted the law on proportionality and the detention was incompatible with Miranda’s rights to privacy and freedom of expression under the European convention on human rights.

Last year three high court judges dismissed the challenge brought by Miranda, accepting that his detention and the seizure of computer material was “an indirect interference with press freedom” but said this was justified by legitimate and “very pressing” interests of national security.

The three judges – Lord Justice Laws, Mr Justice Ouseley and Mr Justice Openshaw – concluded that Miranda’s detention at Heathrow was lawful, proportionate and did not breach European human rights protections of freedom of expression.

Miranda was stopped in transit between Berlin and Rio de Janeiro after meeting the film-maker Laura Poitras, who had been involved in making disclosures based on documents leaked by Snowden.

Miranda was carrying encrypted files, including an external hard drive containing 58,000 highly classified UK intelligence documents, “in order to assist the journalistic activity of Greenwald”. The Guardian made his travel reservations and paid for the trip.

The high court judgment said the seized material included personal information that would allow staff to be identified, including those deployed overseas.

The court of appeal was read a message sent on 16 August 2013 by MI5 to Det Supt Stockley of the Metropolitan police’s counter-terrorism command (SO15).

The memorandum was headed: “National security justification for proposed operational actions around … David Miranda”.

It said: “We strongly assess that Miranda is carrying items which will assist in Greenwald releasing more of the NSA and GCHQ material we judge to be in Greenwald’s possession … Our main objectives against David Miranda are to understand the nature of any material he is carrying, mitigate the risks to national security that this material poses.”

It added: “We are requesting that you exercise your powers to carry out a ports stop against David Miranda … There is a substantial risk that David Miranda holds material which would be severely damaging to UK national security interests. Snowden holds a large volume of GCHQ material, which, if released, would have serious consequences for GCHQ’s collection capabilities, as well as broader SIA operational activities.”

SIA is believed to me secret intelligence agents.

The following day, before Miranda arrived on 18 August, acting Det Insp Woodford at Heathrow was concerned that the port circulation sheet had not confirmed that a schedule 7 stop had been requested, the court was told.

Woodford was eventually sent further details and the port circulation sheet received had additions to its intelligence summary section. It stated: “We assess that Miranda is knowingly carrying material, the release if which would endanger people’s lives.”

Ryder told the court: “The Security Service purpose was not a schedule 7 purpose. Wanting to get material off somebody and no more is not a [legitimate] schedule 7 purpose.”

The focus of a schedule 7 port stop, he maintained, should be whether or not the person targeted is preparing acts of terrorism. If the law was interpreted as the high court decided, Ryder said it “would mean that terrorism could be committed by acts that do not intend to incite violence or endanger life”.

He added: “It would mean that terrorism can be committed by acts that are themselves entirely lawful and … can be entirely lawful.”