NSA has direct access to tech giants' systems for user data, secret files reveal

US and UK mutual agreement on wiretap orders and search warrants

http://securityaffairs.co/wordpress/44271/intelligence/us-and-uk-wiretap-orders.html

 

Terrible news if so, and particularly in view of the claim that the new Investigatory Powers Bill is actually going to regulate these activities. Secret laws, lack of accountability and transparency.

The claim that it might take 10 months for an MLAT seems straw-man, the information I saw was that it could be very quick if parties both sides knew each other and would cooperate. There's a very good set of reasons for wanting the controls implied by MLAT, and there's no reason at all why that system couldn't be made very efficient.

 

http://www.nytimes.com/2016/02/26/u...sharing-of-data-that-nsa-intercepts.html?_r=1

 

How far we've come

I can recall the joy of living in a place where I wasn't under constant observation by the authorities. That was a huge attraction for Russians and Eastern Europeans. America embodied freedom.

So it goes

 

Ditto!

 

Yep, those days are long gone...

 

Surprise! NSA data will soon routinely be used for domestic policing that has nothing to do with terrorism
http://www.washingtonpost.com/news/...licing-that-has-nothing-to-do-with-terrorism/

 

Ummm, "soon"

 

The UK Investigatory Powers Bill does the exact same thing. They've even widened it to give the cops more access.

I'd dispute the future tense in terms of this capability, it's normally "legalising" something that has been going on a while - even if where it gets done is hazy, the reality is that domestic monitoring is well established..

 

And so is the sale of private data from government databases , often to "businesses " without any proper accreditation and on the flimsiest of pretexts.
A good example is the "businesses " who issue parking fines for cars parked on private property.

When aggressive/illegal wheel clamping was stamped out , a swarm of these "mail-box companies " sprang up and collectively paid over £20 million
to the UK government for driver and vehicle details ..... more in this article from The Telegraph .

.... sorry , slightly off-topic ..... in this case , at least the data was collected legitimately.

 

Speaking of which:

http://techcrunch.com/2016/03/10/uk...ll-could-force-startups-to-bake-in-backdoors/

 

I'm actually having to consider that position - but there's no way I'll expose myself to that possibility if the Bill goes through as it stands - I'd relocate to a jurisdiction where the rule of law matters, or make it open source. The UK market isn't significant enough. Even if you're not made to do anything, the general (and justified) cloud of consumer suspicion on UK based tech companies would be too damaging.

It's also worth noting that the published bill has ignored pretty much all the advice from all three committees reporting on the draft bill, including the Parliamentary committee that is supposed to oversee all of this.

 

Fixed that for you.

I wonder if there are plugin APIs... which could conceivably be used, in an entirely unauthorized manner of course, by individuals to add their own encryption support to approved releases... which might have to be tolerated. What, demand a company remove a general purpose feature that was never intended to be used in such a manner?

 

Yes, or have open-source pluggable dlls which did that part of the processing, or remote servers that did that part. It's not that easy to architect though, and they could probably compel you to ship with a compromised plugin implementation. There's no payment that could possibly compensate for the resulting level of reputational damage, and in any case, they won't do so.

Trouble is, even if you go down that route, you are tainted from the outset when you don't have to be - why operate with shackles round your ankles from the get-go? Madness.

 

A Government Error Just Revealed Snowden Was the Target in the Lavabit Case

http://www.wired.com/2016/03/government-error-just-revealed-snowden-target-lavabit-case/

 

We, the people who use encryption for communication, will soon be called terrorists.

 

Wired doesn't allow AdBlock users

 

Working fine here, though I have NS and RP blocking everything from this site.

 

OK, thanks. Marking Wired as not trusted in NoScript fixed the problem.

 

I have Wired marked as Allowed on my NoScript whitelist! Marking it as not trusted in NoScript seems a stretch?

-- Tom

 

If you're using AdBlock Plus, and let Wired run scripts, it won't let you read.

Marking it as not trusted just keeps NoScript from showing the warning bar.

 

FYI ---- The linked wired article above came right up using the generic TBB (only change is no script fully ON).

 

Yes. But if you allow scripts, it won't show you the content. That's rather silly, no?

 

Activating scripts kind of defeats the overall purpose. IMO

 

Well, it's rather a game of determining what scripts to allow to get what you want from a site. For some sites, you need to allow at least some scripts to even see any content! But here, Wired is apparently using a script to detect ad blocking. Isn't that silly? I mean, people who block ads also tend to block scripts. If they were smart, they'd put something in the ad-blocker-detection script that was necessary to display content