Edward Snowden


BEST OF THE WEB: Snowden, the business of Buzzfeed and the first smile

8:41AM | Friday, 15 August

If there’s one thing you take the time to read this week, let this be it. At 7500 words it’s nearly the length of a novella, but Wired’s interview with Edward Snowden is a visually beautiful and detailed account about one of the biggest stories of our time.   The in-depth interview was written after James Bamford spent three solid days over several weeks with the 31-year-old American in Moscow.   The meeting, which took months to set up, and journey’s across several countries, arose from Banford’s one burning question: “What drove Snowden to leak hundreds of thousands of top-secret documents, revelations that have laid bare the vast scope of the government’s domestic surveillance programs?”   While the tone of the piece is a touch star-struck, the story of Snowden’s work for CIA and NSA, and his disillusion there, is as compelling as any fictionalised Hollywood thriller.   We learn that there may in fact be a second document leaker and the details of a government program allegedly used to prevent a foreign cyberattack. According to Snowden, the software, called “MonsterMind”, scans traffic patterns to spot the signs of an incoming attack. After identifying potential digital assaults, MonsterMind blocks or kills them.   The business of Buzzfeed   BuzzFeed is worth at least its latest $850 million valuation, and probably much more, writes Felix Salmon. While others covered the media of the story of the week with a snarky undertone, Salmon clearly identifies the game Buzzfeed is on and why we need to take notice.   Buzzfeed is a media company, but it’s not a content company per se; its core competence is the technology of marketing.   Overhyping content to drive clicks to sell to advertisers is not Buzzfeed’s game (unlike Upworthy and Business Insider), points out Salmon.   BuzzFeed proves with its content that it knows how to reach huge, young, mobile audiences. Then “it can then sell that secret sauce to advertisers, and help them reach the same audience, using the same tools.” That’s a completely new game.   “The big message is that it wants, in founder Jonah Peretti’s words, to be “the number one digital media brand”. That means beefing up the current editorial product; investing massively in video; and an aggressive international expansion, into a number of brand-new languages and cultures,” says Salmon.   The first smile   A timely piece on why laughter, smiles and tears look so similar? Turns out because they all evolved from a single root.   “Long before written symbols, even before spoken language, our ancestors communicated by gesture. Even now, a lot of what we communicate to each other is non-verbal, partly hidden beneath the surface of awareness. We smile, laugh, cry, cringe, stand tall, shrug,” Micahel Graziano writes.   It certainly makes you wonder, if we should ever take a smile at face value.   Follow StartupSmart on Facebook, Twitter, and LinkedIn.

What data retention is, and why it’s bad

7:15AM | Tuesday, 29 July

With the Australian government “actively considering” data retention, and Australian Security Intelligence Organisation chief David Irvine telling a Senate committee that it is crucial to intelligence-gathering and that Australians have nothing to fear from it, it’s time for a clarifier on exactly what data retention is and the concerns it raises.   What is data retention?   The compulsory retention of information about a citizen’s telecommunications and online usage, either by telcos and internet service providers themselves, or by a government agency, so that law enforcement and intelligence agencies can use it to investigate crime and national security threats.   What sort of data?   Depends. The European Union scheme (now ruled illegal) was limited to telecommunications metadata — whom you called and when, duration of call, location, and the account linked to a particular IP address. The previous Australian government cited the EU model as what it had in mind when it invited a parliamentary inquiry into the idea in 2012. However, some individual countries (like Denmark) went further than the Eu directive and included web browsing history. Most Australian agencies officially only want metadata, not content data (like browsing history and email contents), but some agencies and police forces want the lot. Some things, like email subject lines, could arguably be either metadata or content data. The definition of what data will be subject to a data retention regime is thus crucial.   What would it cost?   In evidence to the Joint Committee on Intelligence and Security that considered the issue in 2012, iiNet said it might cost them $5 a month for every customer to store data. That, in effect, is a $60 a year surveillance tax on every household. iiNet has recently significantly increased its estimate of the likely cost. Remember, both companies and government agencies will not merely need to store this data, but ensure it is stored safely — the vast trove of personal data that data retention will produce will be immensely attractive to criminals (and online activists looking to demonstrate how unsafe it is — in 2012, Anonymous hackers released customer data obtained from AAPT to protest the then-government’s data retention proposal).   What happens currently?   Traditionally, telcos have retained phone records because that was how they billed you. But there is decreasing need for specific call-based billing as consumers move to data-based plans. Moreover, companies have no need for metadata beyond the billing cycle, and given there’s a cost to storing such data, they are keeping less of it for the sort of periods agencies prefer — usually two years. Law enforcement and intelligence agencies call this “going dark” — losing access to phone information of the kind they’ve had for decades.   So what’s the problem - isn’t this just maintaining the status quo?   No. Let’s just focus on phone data. Your mobile phone data includes your location as your phone interacts with nearby phone towers, so in effect it can be used as a tracking device. But more importantly, forget that “it’s just metadata” (or “just billing data” as the Prime Minister said). A single phone call time and duration won’t tell anyone much about you. But in aggregate, metadata will reveal far more about you than content data.   With automated data-sifting software, agencies can accumulate a record of everyone you have called, everyone they have called, how long you spoke for, the order of the calls, and where you were when you made the call, to build a profile that says far more about you than any solitary overheard phone call or email. It can reveal not just straightforward details such as your friends and acquaintances, but also if you have medical issues, your financial interests, what you’re buying, if you’re having an affair or ended a relationship. Combined with other publicly available information, having a full set of metadata on an individual will tell you far more than much of their content data ever will.   And if you don’t believe us, ask the people who know: the General Counsel for the United States National Security Agency has publicly stated, “metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content”. According to the former head of the NSA, Michael Hayden, the US government kills people based on metadata it has accumulated on them. As Edward Snowden says: “You can’t trust what you’re hearing, but you can trust the metadata.”   OK, but we’ve already given away our privacy to Facebook etc, haven’t we? Why shouldn’t agencies that want to protect us get the same data?   This is an argument routinely used by data retention advocates, and by Irvine himself. But going on Facebook isn’t compulsory. Citizens choose to use social media or other online platforms and voluntarily engage in the swap of privacy for services that so many applications are built on. Maybe they don’t understand the full nature of what they’re losing in that transaction, but it’s still voluntary. There is nothing voluntary about data retention — not unless you want to withdraw from the 21st century and not use telecommunications and online services.   But agencies say they need it to help prevent and solve crimes.   Let’s look at what happened in Europe. A German parliament study concluded data retention in Germany had led to an increase in the crime clearance rate of 0.006%. (The German scheme was later ruled unconstitutional.) Danish police, who have a much wider metadata and content data retention scheme, said the sheer amount of information was too unwieldy to use.   But such-and-such a high-profile crime was solved with metadata.   Maybe. But that metadata was available without a data retention regime. As the German study demonstrates, the number of crimes solved because of old metadata that would not otherwise have been available is negligible. And anyway, in western societies, we have long accepted that there is a trade-off between the rights of the individual, including a right to privacy, and the state’s power to protect its citizens. We understand that our civil liberties make it harder for the state to prevent, detect and punish crime, but value them enough to keep them anyway. Data retention alters this balance in favour of the state.   But we can trust our agencies to do the right thing.   Australia’s agencies generally have a better record of behaviour than foreign agencies. For example, repeated abuses such as stalking women, sharing intimate photos and listening in to intimate conversations, have been revealed to have occurred in the NSA; the CIA recently spied on the Senate Intelligence Committee while it was preparing a report exposing the agency’s use of torture; MI6 abducted and rendered Libyan dissidents to the Gaddafi regime for torture in exchange for help in the War on Terror.   However, ASIO, the Australian Federal Police and the Australian Secret Intelligence Service are by no means perfect and serious questions remain, for example, about both ASIS’s bugging of the East Timorese cabinet in 2004 and ASIO’s efforts to intimidate and gag the whistleblower who revealed it late in 2013. We also know from Edward Snowden that Australians intelligence agencies use electronic surveillance not for protecting us from terrorists, but for economic espionage.   The problem is that, unlike normal government bureaucracies, intelligence agencies have minimal public oversight or accountability, and can use national security as a justification to resist media scrutiny. The lack of oversight means incompetence, corruption, mission creep and criminal activity are far less likely to come to light than in normal government agencies. Public transparency is one of the key motivations for public servants to behave appropriately, and it doesn’t exist for agencies engaged in surveillance. And the more personal data they have access to, the greater the temptation.   But if you’re not doing anything wrong, you have nothing to hide.   Wear clothes in warm weather and have blinds in your windows? What are you hiding?   Are you happy for everyone to know where you are all the time, who your friends are, whom you’re having a relationship with, everyone you call, whether you have a medical or financial problem? It is not up to privacy advocates to “prove” the right to or importance of privacy. All governments acknowledge it is a fundamental right. If you support breaching that right, it is up to you to make the case, not demand privacy advocates defend it.   And law enforcement and intelligence agencies don’t merely target people “with something to hide.” People as diverse as whistleblowers, journalists, politicians, non-government groups and activists are subject to surveillance by such agencies, despite not having “done anything” other than reveal wrongdoing by governments and companies and protest against it. Data retention thus indirectly threatens core processes of democracy like whistleblowing, political organisation and scrutiny of governments. And once information is collected, agencies will press for its permanent retention. Some already argue that information should be retained forever. That means all future governments will have access to it. You may be comfortable with the current government having access to your data - but what about all future governments?   And law enforcement and intelligence agencies aren’t the only groups who have access to metadata. In Australia, bodies as diverse as local councils, the RSPCA and health bodies can obtain telephone metadata on citizens without a warrant.   But this is about stopping terrorism – the ends justify the means.   Terrorism is a wildly overhyped threat in western countries. About three times more Australians have died falling out of bed since 2001 than have died at the hands of terrorists; more Australians die from diseases like shingles and chickenpox than from terrorism. More women and children die at the hands of the partners and parents in Australia every year than the total number of Australian victims of terrorism. More Americans die from causes like malnutrition, falls, swimming accidents and work accidents each year than the entire death toll from 9/11. The level of spending we direct toward national security is completely unjustified in terms of the harms it prevents.   As a threat to the health and lives of western citizens, terrorism is negligible compared to deaths caused by poor infrastructure, bad health policies, unsafe workplaces or poverty. Data retention would be yet another expensive, intrusive national security policy that has no objective justification. Doing things in the name of stopping terrorism relies on our emotional fear of attacks, rather than making the case for taking away our rights.   Follow StartupSmart on Facebook, Twitter, and LinkedIn. This story first appeared on Crikey.com.au.

THE NEWS WRAP: Expert-curated music streaming service Songza acquired by Google

7:17PM | Tuesday, 1 July

Google has acquired music streaming service Songza.   Songza uses information about the user and context to determine the best playlists for its users at any given time, curated by music experts.   That human curation is Songza’s point of difference from other music services like Pandora and Spotify, which rely heavily on algorithms.   Google says it’s not planning to make any immediate changes to Songza, so it will continue to work like usual for existing users.   Virtually no governments off-limits for the NSA Australia is one of only four countries the US National Security Agency has not been authorised to intercept information from, according to top-secret documents obtained by the Washington Post.   A 2010 classified legal certification and other documents indicate the NSA has been given the authority to intercept through US companies, not just the communications of its overseas targets, but any communications about its targets as well.   The certification, which was approved by the Foreign Intelligence Surveillance Court, was included among a set of documents leaked by Edward Snowden and includes a list of 193 countries that would be of valid interest for US intelligence.   Vine to add loop counter Vine is adding a loop count feature to its web, iOS and Android apps, which will indicate how many times people have looped a video.   Overnight The Dow Jones Industrial Average is up 129.47 to 16,956.07. The Australian dollar is currently trading at US95 cents.

Why Reset the Net falls short in protecting you from surveillance

6:35AM | Monday, 16 June

A year on from Edward Snowden’s revelations around state sponsored mass surveillance programs, some of the major players in the online and technological world (including Google, Mozilla, Twitter and Reddit) have launched the Reset the Net campaign.   The program aims to increase people’s awareness and uptake of privacy and security tools so they can better resist surveillance, particularly that conducted by the National Security Agency (NSA).   While the campaign is laudable in its efforts to raise the issue of surveillance, there are some glaring oversights present.   A step in the right direction   Reset the Net seeks to challenge mass surveillance and help people to take back their privacy while online by encouraging patterns of behaviour that resist surveillance.   For individual users they suggest the use of apps with encrypted communications protocols (such as TOR or Chat Secure), and safer password choices.   More structural suggestions are provided for developers and administrators, such as the use of encryption as a part of a website or application, and the use of end-to-end encryption.   Encryption makes any collected data more difficult (but not impossible) for authorities to interpret and act upon.   These kinds of strategies do a great job at “target hardening” users and digital services against the collection of personal data, and they improve the general security of users online.   Vodafone announced this month that some governments allow their security agencies to connect directly into its network to conduct surveillance, so these kind of user based forms of resistance are a good starting point to counteracting some surveillance measures.   While these are positive achievements, they merely address some of the more visible consequences and implications of surveillance, and fail to address what are perhaps the most worrying aspects of contemporary surveillance.   Where the problems lie   The Reset the Net project acts to reinforce the idea that surveillance is primarily conducted by state authorities, with the NSA as the primary antagonist for this story.   But the reality is that the NSA is only one actor in the surveillance drama. As others have noted one of Reset’s biggest backers, Google, is also one of the biggest instigators of corporate surveillance.   Google collects enormous amounts of personal data every day, harvesting personal data from user’s browsing habits and email, while simultaneously calling for email to be encrypted against outside sources.   Google also uses its large range of products (such as Gmail and Google Docs) to data-mine every conceivable audience, including up until recently children.   Story continues on page 2. Please click below. You are being monitored by many   Google is just one of many private companies conducting surveillance today, with supermarkets, insurance companies and many Fortune 1000 companies all monitoring customers on a daily basis.   This leads to the next issue with Reset the Net, and most counter-surveillance activities today: they don’t address the incredible amounts of data already circulating in surveillance databases.   Surveillance today is not just about seeing into the lives of the present – it’s about cataloguing and using the past (and present) to understand the future. Australia is no exception to this trend, as the government once again pushes for mandatory data retention.   As a part of the (so-called) development of big data, which allegedly can assist to generate new statistical insights from ultra-large data sets, the data collected from ubiquitous surveillance are increasingly being used as a part of predictive analytics.   Through these techniques a user’s future behaviours, actions and dispositions can be extrapolated from past data. While there are some possible positives here (such as better management of goods and services for business), the negative potentials are enormous.   Shaping the future   The use of algorithms and automated profiles can open the door to forms of control (and discrimination) that occur without any human input.   Through the power of code, corporate or government powerbrokers can reshape individual lives, automatically analysing and predicting possible outcomes for citizens and then determining their treatment, from seemingly random pieces of personal information.   As US sociologist Gary Marx has pointed out, no-one is innocent under such regimes of “new” surveillance, with all citizens viewed as a risk - what he calls categorical suspicion.   The focus on internet surveillance ignores that surveillance is not just on the internet, but everywhere. As recently pointed out, we live in a Sensor Society, with many aspects of daily life recorded through various sensor technologies.   From smartphones to drones, there are many possibilities for invasive surveillance today. The German newspaper Der Speigel has also pointed out that the NSA and Central Intelligence Agency (CIA) are at the forefront of developing new means of sensing individuals.   Once again Google is a part of these trends, recently purchasing a drone company and is reported to be bidding for the world’s largest home surveillance company.   The drama is just beginning   Internet surveillance is only one aspect of contemporary surveillance.   The Reset the Net project paradoxically represents a small positive step in resisting and counteracting warrantless and illegal surveillance, while ignoring the bigger picture.   There is a growing and ongoing disparity between the rights and powers of the watched (or sensed), and the watchers (or sensors). As both spectators and actors in this surveillance (or sensor) society, there is a need to be mindful of this bigger picture as we play our roles and choose our props, and recite (or improvise) our lines.   These are only the opening scenes of a much longer and difficult play. With no sign that the social or technological scope of surveillance will fade, we must play our parts wisely and critically, if we are to have any hope of a happy ending.   Peta Cook is a Senior Lecturer of Sociology at the University of Tasmania. Ashlin Lee is a PhD candidate at the University of Tasmania.   This story was originally published at The Conversation. Read the original article.