James Comey, the FBI director, told a House panel on Tuesday that the so-called “Going Dark” problem is “grave, growing, and extremely complex.” (PDF)

His prepared testimony to the House Judiciary Committee is not surprising. There’s been a chorus of government actors singing that same song for years. But what we didn’t hear was the bureau director ask Congress for legislation authorizing encryption backdoors. That’s because there’s no congressional support—which underscores why the President Obama administration is now invoking a 1789 obscure law in federal courthouses asking judges to do what Congress has declined to do.

“If I didn’t do that, I oughta be fired,” Comey told the panel during his live testimony. The panel’s hearing, “Encryption Tightrope: Balancing Americans’ Security and Privacy,” was largely dedicated to the FBI’s legal battle with Apple. He said if the bureau had the capability to bypass iPhone passcode locks in the dozens of pending cases where they’ve gone to court, “We wouldn’t be litigating if we could.”

Samsung Echoes Apple’s Arguments on Importance of User Privacy
http://www.bloomberg.com/news/articles/2016-03-03/samsung-echoes-apple-s-arguments-on-importance-of-user-privacy

New York Times:
Several tech execs were initially worried about supporting Apple in FBI case because of its potential to backfire, concerns over public perception — Apple Gets Tech Industry Backing in iPhone Dispute, Despite Misgivings — It is a remarkable moment for the technology industry …

Apple Gets Tech Industry Backing in iPhone Dispute, Despite Misgivings
http://www.nytimes.com/2016/03/03/technology/tech-rallies-to-apples-defense-but-not-without-some-hand-wringing.html?_r=0

There’s little evidence that “mass surveillance” catches potential terrorists, but it does risk catching innocents. More conventional police methods are more effective against terrorism.

The Friday 13 events in Paris were horrendous – bloody and heartless attacks without warning on innocent civilians enjoying a warm November evening, in restaurants and bars, at a concert and a soccer game. A few days before, I had been walking through neighbouring districts, taking in the sights and sounds of a great city.

Anyone who knows about security-and-surveillance could guess what would happen. Security authorities would want more powers and governments would gauge how far they could go. Of course, it’s understandable that any government in that position will wish to reassure the population with visible signs of security. But governments do tend to rush headlong into new counter-terrorism measures after a major attack like that in Paris. Sometimes they are desperate to show that they are doing something.

Unfortunately, French responses thus far follow a familiar pattern… So border checks were increased with ramped-up databases and reinforced surveillance.

Events like these are also viewed as ideal opportunities to make policy changes. As Naomi Klein shows in Shock Doctrine, some governments have for many years exploited crises to push through controversial law or policy

Learning from the past

While tightened security may seem like a good plan, changing the rules and demanding greater powers for security and intelligence services in the wake of attacks may not be wise. Sober judgment, not knee-jerk responses, is called for. After the Charlie Hebdo attacks earlier in 2015, the French introduced new laws for warrantless searches, ISPs to collect communications metadata, and trimmed oversight for agencies. This time – in November – some borders were temporarily closed and a 3-month state of emergency was declared.

We saw it, classically, in the US after 9/11, but also in the UK after 7/7

The evidence that what Snowden and others call “mass surveillance” produces better ways of tracking terrorists is hard to find.

Does mass surveillance work?

Does allowing intelligence agencies to collect more data – what Snowden and others call “mass surveillance” – or increasing powers of arrest and detention, and removing checks and balances, really improve things? The evidence that these produce better ways of tracking terrorists is hard to find. More is not necessarily better when it comes to data. In 2013, the White House claimed that more than 50 terror plots had been uncovered by the NSA’s methods. But in 2014 two independent reviews showed that in 255 terrorism cases investigated by the NSA, only four were the result of using phone metadata and none of the four prevented attacks.

Edward Snowden is clear about this. Reflecting on the Charlie Hebdo attacks in Paris, he pointed out that these occurred despite the mass surveillance programs introduced there in 2013. Observing that French law was now one of the most intrusive and expansive laws in Europe, he commented that it still didn’t stop the attack. They’re simply “burying people under too much data,” he said.

After the November attacks in Paris, American agencies were quick to blame Snowden – along with internet encryption and Silicon Valley privacy policies.

The New York Times argued that in fact Paris was a case of failure to act on information the authorities already had. As for encryption, the Paris attackers used none.

By and large, conventional police work, based on targeted surveillance of suspects, is what produces results.

In case after case, we have seen that intelligence agencies knew about those who committed atrocities but failed to – as they say – connect the dots.

Collateral damage

At the same time, indiscriminate surveillance creates new risks; innocent “suspects,” the chilling effects of everyone being tracked and checked and the denial of democracy – which ironically is a victory for terrorists. Terrorism arises, it seems, from groups that despise diversity and who seek national, political or religious homogeneity.

Security-driven surveillance today is very enamoured of big data ‘solutions’ – seen especially in the application of new analytics to seeking out suspects.

While there may well be appropriate ways of using the so-called ‘data deluge’ created by internet and particularly social media use, the current trend is towards prediction and preemption.

Fears and futures

After 9/11, I argued that one of the worst outcomes of the various responses to terrorism is the fomenting of fear. Without for a moment discounting the appalling suffering and loss associated with the Paris attacks – or any others – it must be said that some responses to such atrocities are also highly dangerous. At the far end of fear-mongering is the proposal from US presidential contender Donald Trump to establish a database of American Muslims. If he were not so popular this could be discounted as fascist fanaticism.

But the trouble with many surveillance responses is that they do so well what marks surveillance today – a process of social sorting that classifies populations in order to treat different groups differently. Thus what is done requires utmost care. Categories have consequences.

When security agencies make their case for more data, more sophisticated analytics, they often make it sound as if these were neutral technologies.

Making a difference

Snowden insists – and proves it by his own example – that any and all can help to make a difference. These are not problems that can be solved overnight by some hastily concocted laws or a furious rush to foreclose freedoms. Indeed, these exacerbate our situation. Surveillance today touches us all and we all need to take action, however small, to change things for the better.

Encryption Is Being Scapegoated To Mask The Failures Of Mass Surveillance
http://techcrunch.com/2015/11/17/the-blame-game/

Well that took no time at all. Intelligence agencies rolled right into the horror and fury in the immediate wake of the latest co-ordinated terror attacks in the French capital on Friday, to launch their latest co-ordinated assault on strong encryption — and on the tech companies creating secure comms services — seeking to scapegoat end-to-end encryption as the enabling layer for extremists to perpetrate mass murder.

There’s no doubt they were waiting for just such an ‘opportune moment’ to redouble their attacks on encryption after recent attempts to lobby for encryption-perforating legislation foundered. (A strategy confirmed by a leaked email sent by the intelligence community’s top lawyer, Robert S. Litt, this August — and subsequently obtained by the Washington Post — in which he anticipated that a “very hostile legislative environment… could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement”. Et voila Paris… )

Speaking to CBS News the weekend in the immediate aftermath of the Paris attacks, former CIA deputy director Michael Morell said: “I think this is going to open an entire new debate about security versus privacy.”

Elsewhere the fast-flowing attacks on encrypted tech services have come without a byline — from unnamed European and American officials who say they are “not authorized to speak publicly”. Yet are happy to speak publicly, anonymously.

The NYT published an article on Sunday alleging that attackers had used “encryption technology” to communicate — citing “European officials who had been briefed on the investigation but were not authorized to speak publicly”. (The paper subsequently pulled the article from its website, as noted by InsideSources, although it can still be read via the Internet Archive.)

The irony of government/intelligence agency sources briefing against encryption on condition of anonymity as they seek to undermine the public’s right to privacy would be darkly comic if it weren’t quite so brazen.

Here’s what one such unidentified British intelligence source told Politico: “As members of the general public get preoccupied that the government is spying on them, they have adopted these applications and terrorists have found them tailor-made for their own use.”

“Seeking to outlaw technology tools that are used by the vast majority of people to protect the substance of law-abiding lives is not just bad politics, it’s dangerous policy.”

In the same Politico article, an identified source — J.M. Berger, the co-author of a book about ISIS — makes a far more credible claim: “Terrorists use technology improvisationally.”

Of course they do. The co-founder of secure messaging app Telegram, Pavel Durov, made much the same point earlier this fall when asked directly by TechCrunch about ISIS using his app to communicate. “Ultimately the ISIS will always find a way to communicate within themselves. And if any means of communication turns out to be not secure for them, then they switch to another one,” Durov argued. “I still think we’re doing the right thing — protecting our users privacy.”

Bottom line: banning encryption or enforcing tech companies to backdoor communications services has zero chance of being effective at stopping terrorists finding ways to communicate securely. They can and will route around such attempts to infiltrate their comms, as others have detailed at length.

Here’s a recap: terrorists can use encryption tools that are freely distributed from countries where your anti-encryption laws have no jurisdiction. Terrorists can (and do) build their own securely encrypted communication tools. Terrorists can switch to newer (or older) technologies to circumvent enforcement laws or enforced perforations. They can use plain old obfuscation to code their communications within noisy digital platforms like the Playstation 4 network, folding their chatter into general background digital noise (of which there is no shortage). And terrorists can meet in person, using a network of trusted couriers to facilitate these meetings, as Al Qaeda — the terrorist group that perpetrated the highly sophisticated 9/11 attacks at a time when smartphones were far less common, nor was there a ready supply of easy-to-use end-to-end encrypted messaging apps — is known to have done.

Point is, technology is not a two-lane highway that can be regulated with a couple of neat roadblocks — whatever many politicians appear to think. All such roadblocks will do is catch the law-abiding citizens who rely on digital highways to conduct more and more aspects of their daily lives. And make those law-abiding citizens less safe in multiple ways.

Will Obama’s Cybersecurity Executive Order Make a Difference?

We continue to live in a world that is exciting with new, easy-to-use technology that allows all of us to be more effective and efficient in our business and personal lives. Yet the ease of use of this technology also puts all of us at risk.

President Obama and many in government and the private sector realize there is so much more that all of us could and should do to ensure we can be confident that our most sensitive personal data is safe. It is our right and we need to take action against the cyber adversaries that wish to do us harm.

The EO and the legislation previously passed by Congress is a great start. But in order for the actions taken to increase information sharing among the public and private sectors to really be effective, additional legislation is necessary. We need to see liability relief along with codified roles and responsibilities for the public and private sector regarding information sharing. In addition, the President has called for a national breach process and updated criminal laws to support today’s security needs and the future environment. We support that. With this approach, information sharing can, in fact, truly become actionable and allow the good guys to operate inside the bad guy’s decision cycle.

Rand Paul sells “NSA spy cam blocker” as presidential bid fundraiser
Bid announcement video taken off YouTube due to copyright claim over a song.
http://arstechnica.com/tech-policy/2015/04/rand-paul-sells-nsa-spy-cam-blocker-as-presidential-bid-fundraiser/

One of the big arguments trotted out repeatedly by surveillance state defenders concerning the NSA’s Section 215 program to collect records on all phone calls is that such a thing “would have prevented 9/11″ if it had been in place at the time. Here’s former FBI boss Robert Mueller making just that argument right after the initial Snowden leaks. Here’s Dianne Feinstein making the argument that if we had that phone tracking program before September 11th, we could have stopped the attacks. And here’s former NSA top lawyer and still top NSA supporter Stewart Baker arguing that the program is necessary because the lack of such a program failed to stop 9/11.

Except, it turns out, the feds did have just such a program prior to 9/11 — run by the DEA.

“The now-discontinued operation, carried out by the DEA’s intelligence arm, was the government’s first known effort to gather data on Americans in bulk, sweeping up records of telephone calls made by millions of U.S. citizens regardless of whether they were suspected of a crime. It was a model for the massive phone surveillance system the NSA launched to identify terrorists after the Sept. 11 attacks. That dragnet drew sharp criticism that the government had intruded too deeply into Americans’ privacy after former NSA contractor Edward Snowden leaked it to the news media two years ago.”

NSA and GCHQ mass surveillance is more about disrupting political opposition than catching terrorists

Why spy? That’s the several-million pound question, in the wake of the Snowden revelations. Why would the US continue to wiretap its entire population, given that the only “terrorism” they caught with it was a single attempt to send a small amount of money to Al Shabab?

One obvious answer is: because they can. Spying is cheap, and cheaper every day. Many people have compared NSA/GCHQ mass spying to the surveillance programme of East Germany’s notorious Stasi, but the differences between the NSA and the Stasi are more interesting than the similarities.

The most important difference is size. The Stasi employed one snitch for every 50 or 60 people it watched. We can’t be sure of the size of the entire Five Eyes global surveillance workforce, but there are only about 1.4 million Americans with Top Secret clearance, and many of them don’t work at or for the NSA, which means that the number is smaller than that (the other Five Eyes states have much smaller workforces than the US). This million-ish person workforce keeps six or seven billion people under surveillance – a ratio approaching 1:10,000. What’s more, the US has only (“only”!) quadrupled its surveillance budget since the end of the Cold War: tooling up to give the spies their toys wasn’t all that expensive, compared to the number of lives that gear lets them pry into.

IT has been responsible for a 2-3 order of magnitude productivity gain in surveillance efficiency. The Stasi used an army to surveil a nation; the NSA uses a battalion to surveil a planet.

Spying, especially domestic spying, is an aspect of what the Santa Fe Institute economist Samuel Bowles calls guard labour: work that is done to stabilise property relationships, especially the property belonging to the rich.

Two of the most powerful men in the United States have revealed they don’t use email – because they’re scared of what they might say.

“I don’t email. You can have every email I’ve ever sent. I’ve never sent one,” Senator Lindsey Graham told NBC’s Meet the Press yesterday. Graham’s statement follows a similar admission by Senator John McCain late last week who confirmed he also doesn’t email, telling MSNBC: “I’d rather use the phone, I’d rather use tweets.”

Even more bizarre is the reason both Senators give for not using email: they lack the necessary self-control not to say something stupid.

Graham told a confused Bloomberg News: “I’ve tried not to have a system where I can just say the first dumb thing that comes to my mind. I’ve always been concerned. I can get texts, and I call you back, if I want.”

McCain meanwhile said this: “I’m afraid that if I was emailing, given my solid, always calm temperament that I might email something that I might regret. You could send out an email that you would regret later on and would be maybe taken out of context.”

But while the original Luddites took to smashing up the machinery of the 19th century, Graham and McCain are happy to do something much more dangerous: allow internet technologies to be abused by the government agencies they are supposed to be overseeing.

The solution to vast intrusions into privacy, in the senior lawmakers’ eyes, is seemingly not to protect citizens from those carrying out surveillance but to simply opt out of using technology altogether.

And that is far more disturbing that the use of personal email by a former secretary of state.