Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

News & Supplemental  

Snowden’s Ride, Part 5: Update on The Underground Reich and U.S. Internet, Media Business

Saint Edward's Presidential candidate of choice: "America's Most Dangerous Nazi"

Dave Emory’s entire life­time of work is avail­able on a flash drive that can be obtained here. (The flash drive includes the anti-fascist books avail­able on this site.)

COMMENT: We’ve covered Eddie “The Friendly Spook” Snowden’s exploits in numerous previous posts: Part IPart IIPart IIIPart IVPart VPart VIPart VII, Part VIIIPart IXPart X, Part XI.) Users of this website are emphatically encouraged to examine these posts in detail, as it is impossible to do justice to the arguments in those articles in the scope of this post. 

(We will sum up and analyze some of the key aspects of this burgeoning line of inquiry in a future article.)

This post is directly supplemental to the previous article, so we will begin by quoting directly from the first part of this presentation.

“Suffice it to say, for our purposes here, that Snowden’s activities are–quite obviously–an intelligence operation directed at Barack Obama’s administration at one level and the United States and U.K. at another.

We note that the individuals and institutions involved with Snowden, as well as Fast Eddie himself, track back to the far right and elements and individuals involved with the Underground Reich. Again, PLEASE examine the previous posts on the subject, as there is no way to flesh out this line of inquiry in this post. 

We have noted that Fast Eddie may be doubling for BND or some other element of German intelligence, possibly having been recruited when posted by CIA to Geneva, Switzerland. Snowden may also be acting at the instruction of elements in U.S.–perhaps Michael Morrell, perhaps an Underground Reich faction of NSA, perhaps elements from the Peter Thiel milieu. 

A possibility that bears examination in the context of German and/or Underground Reich economic warfare against the U.S. involves L’Affaire Snowden as a gambit to undermine American internet dominance.”

In this regard we note that a Forbes article says that Snowden’s ride is indeed bad for U.S. internet business. (See text excerpt below.)

Comments by Neelie Kroes, Vice President of the European Commission, augur poorly for U.S. internet companies. (See text excerpt below.)

In a clarification of information presented in a Reuters story about Snowden by his “leaking journalist” of choice, Glenn Greenwald, Snowden stated that his purpose was to alert people that the software they are using is also spying on them. (See text excerpt below.)

Saint Edward’s professions of concern for the well-being of Mr. and Ms. Everyman cannot be taken at face value. Snowden is a fascist and cynic of the first order. His Presidential candidate of choice in 2012 was Ron Paul.

He is NOT doing this for altruistic reasons. He doesn’t have an altruistic bone in his body.

Snowden DOES have some serious nerve, however. Snowden has compared himself to someone acting in accordance with the Nuremberg statutes, comparing the NSA surveillance program to Nazi genocide. Aside from the obvious absurdity of this claim, it is grotesque for someone who supported a Nazi (Ron Paul) for President to be holding forth in this manner.

Such historical revisionism also plays to the advantage of Germany.

Not incidentally, Snowden’s Presidential candidate of choice–Ron Paul–has opined that we were on the wrong side in World War II. (See text excerpt below.)

Snowden’s partners in the WikiLeaks/Pirate Bay/Pirate Party milieu are birds of the same feather, with Julian Assange’s Holocaust-denying crony Joran Jermas (aka “Israel Shamir”) having guided WikiLeaks to the PRQ servers funded by fascist moneybags Carl Lundstrom. Like Paul and Jermas, Lundstrom is part of a political milieu that includes David Duke.

In a speculative note, it is interesting and possibly significant that Glenn Greenwald started a law firm that represented neo-Nazis. (See text excerpts below.)

In our next post on the subject, we will review and ruminate about this complex, vitally important inquiry. 

In comments to this post,  Spitfirelist contributor “Pterrafractyl” has noted some important points:

  • In the first of those comments, he notes that Sweden’s Pirate Bay milieu continues to evolve and, in partnership with other European “Pirate outlets, appears to be angling to corral web business that will afford anonymity/security.
  • Another comment notes that an organization in Sweden has won legal recognition of file sharing as a religious activity, which should facilitate the pirating of copyrighted video and music files.
  • A third comment notes how the Pirate Party–linked to the far-right, Nazi-linked WikiLeaks outfit–is deeply involved with the effort on behalf of Snowden, et al in the European Parliament. As we have surmised, the efforts by EU (read “Germany”) to alter European data protection regulations may lead to “a trade war.”
  • In an additional comment, “Pterrafractyl” informs us that two encrypted e-mail companies, one of them used by Snowden, have been closed, apparently due to government pressure. Let’s see how this plays into the hands of the GOP with their battle cry about Obama championing “big, repressive government” etc. etc. etc. It will be interesting to see how young, idealistic techies buy into this. It will also be interesting to see if the big Silicon Valley tech companies send their considerable financial resources to back the GOP.
  • Another of Pterrafractyl’s comments informs us that the prognostications in this post are coming to pass. It turns out the German companies are offering encrypted e-mail services, seeking–obviously–to undermine U.S. internet business. What is unclear is if the BND will be able to decipher the messages–a safe bet will be that they possess such capability. Whether they would share such information with NSA is unclear.
  • Pterrafractyl also notes that the Chaos Computer Club in Germany opines that the encryption technology is outdated, permitting up-to-date interests to access the messages.

“How The Snowden Leaks And NSA Surveillance Are Bad For Business” by Dave Thier; Forbes; 7/9/2013.

EXCERPT: Reddit general manager Erik Martin noticed something strange when he was at a conference in Latvia last month. There was a contest held, with a prize of one year’s free web-hosting for a small business — a decent value, a fairly normal prize. But when it came time to award it, nobody in the audience wanted it. It was from a U.S.-based company, and this was just days after Edward Snowden’s landmark leaks about the NSA’s PRISM program hit the press. With that hanging over them, people at the conference would have preferred to go with a different country.

There’s a general sense of unease about the U.S. government’s relationship to the internet right now, and it’s starting to affect how international consumers choose their web services. I talked with Christian Dawson, head of hosting company Servint and co-founder of the Internet Infrastructure Coalition, a group founded to inform the public and lawmakers about, as he puts it, how the internet works. He says that while it’s hard to put together any true statistics at this point, he’s heard a lot of anecdotal data about U.S.-based hosting and other web service companies losing business to overseas competitors since the Snowden leaks.

“We have a great fear that we are going to see a big exodus for US-based businesses over the information that’s been leaked,in part because there’s this tremendous lack of transparency, and lack of transparency is the absolute worst thing for these situations,” he says. “We’re competing on a global scale, and if people don’t have a reason to trust the host they’re using, they can go elsewhere in just a couple of clicks.”

Dawson stresses that the problem isn’t just with the program itself. He has little comment on what the government should or should not be doing to protect the country from terrorism. His problem is with the lack of open discussion surrounding these efforts. The U.S. may not have the most restrictive or the most repressive policies surrounding internet surveillance, but U.S. news is big news all over the world. According to Dawson, fear of the Patriot Act had already been dogging U.S. hosting companies for years, and the Snowden leaks just added fuel to the fire. In a global market as fluid as something like web hosting, a lot of consumers would just as soon prefer to take their business elsewhere.

“The lack of clear, intelligent language has put us at a tremendous marketing disadvantage,” he says. “These days, we’re finding that significant portion of our clientele values privacy. It is not simply the customer who has something­ to hide.” . . .

“Edward Snowden’s not the Story. The Fate of the Internet Is” by John Naughton; The Guardian; 7/27/2013.

EXCERPT: . . . .But the Snowden revelations also have implications for you and me.

They tell us, for example, that no US-based internet company can be trusted to protect our privacy or data. The fact is that Google, Facebook, Yahoo, Amazon, Apple and Microsoft are all integral components of the US cyber-surveillance system. Nothing, but nothing, that is stored in their “cloud” services can be guaranteed to be safe from surveillance or from illicit downloading by employees of the consultancies employed by the NSA. That means that if you’re thinking of outsourcing your troublesome IT operations to, say, Google or Microsoft, then think again.

And if you think that that sounds like the paranoid fantasising of a newspaper columnist, then consider what Neelie Kroes, vice-president of the European Commission, had to say on the matter recently. “If businesses or governments think they might be spied on,” she said, “they will have less reason to trust the cloud, and it will be cloud providers who ultimately miss out. Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes? Front or back door – it doesn’t matter – any smart person doesn’t want the information shared at all. Customers will act rationally and providers will miss out on a great opportunity.” . . .

“About the Reuters Article” by Glenn Greenwald; The Guardian; 7/13/2013.

EXCERPT: . . . .A: Snowden has enough information to cause more damage to the US government in a minute alone than anyone else has ever had in the history of the United States. But that’s not his goal. [His] objective is to expose software that people around the world use without knowing what they are exposing themselves without consciously agreeing to surrender their rights to privacy. [He] has a huge number of documents that would be very harmful to the US government if they were made public. . . .

“Snowden’s New Talking Point: Nazi War Crimes Trial” by Michael Crowley; Swampland.time.com; 7/13/2013.

EXCERPT: Along the way, Snowden framed his situation in striking new terms, citing the 1945-1946 Nuremberg trials that convicted several Nazi leaders of crimes against humanity. Here’s how he put it:

I believe in the principle declared at Nuremberg in 1945: “Individuals have international duties which transcend the national obligations of obedience. Therefore individual citizens have the duty to violate domestic laws to prevent crimes against peace and humanity from occurring.”

Accordingly, I did what I believed right and began a campaign to correct this wrongdoing. I did not seek to enrich myself. I did not seek to sell US secrets. I did not partner with any foreign government to guarantee my safety. Instead, I took what I knew to the public, so what affects all of us can be discussed by all of us in the light of day, and I asked the world for justice. . . .

Ron Paul: America’s Most Dangerous Nazi by Alan J. Weberman, p. 67.

EXCERPT: . . . . Paul betrayed his Nazism when he told Congress that America fought on the wrong side during World War II: “Any academic discussion questioning the wisdom of our policies surrounding World War II is met with shrill accusations of anti-Semitism and Nazi lover. No one is ever even permitted, without derision by the media, the university intellectuals and the politicians, to ask why the United States allied itself with the murdering Soviets and then turned over Eastern Europe to them while ushering in a 45-year saber-rattling, dangerous Cold War period.”   America should have aligned itself with the Axis Powers? That is the implication here. [26]. . .

“How Glenn Greenwald Became Glenn Greenwald” by Jessica Testa; buzzfeed.com; 6/26/2013.

EXCERPT: . . . . Greenwald also spent roughly five years defending the First Amendment rights of neo-Nazis, including Matthew Hale, the “Pontifex Maximus” of the Illinois church formerly known as the World Church of the Creator, one of whose disciples went on a murderous spree in 1999.

“I almost always did it pro bono,” Greenwald said. “I was interested in defending political principles that I believed in. I didn’t even care about making money anymore.” . . .

“Glenn Greenwald: Life Beyond Borders” by Fred Bernstein; out.com; 4/18/2011.

EXCERPT: . . . .By the third year of law school, he was working for a large law firm. But realizing that representing Goldman Sachs would have destroyed him psychologically, he set up his own firm, which represented several neo-Nazis and other unpopular clients.

When he and his former boyfriend, Werner Achatz, an Austrian-born lawyer, tried to lease an apartment, they were told they couldn’t aggregate their incomes. “They said they only do that for married couples,” Greenwald recalls. “We said we were a married couple.” When that didn’t fly, Greenwald became his own lawyer, suing the landlord for sexual orientation and marital status discrimination.

By 2004 he had tired of litigating, and was also at the end of an 11-year relationship with Achatz. He rented an apartment in Rio de Janeiro, expecting to remain there for two months. Emotionally drained, he says, “The last thing I was looking for was another relationship. Especially in Rio.” But on his first day on the beach, he met Miranda. . . .


21 comments for “Snowden’s Ride, Part 5: Update on The Underground Reich and U.S. Internet, Media Business”

  1. Regarding the possibility of web services shifting towards placing like Sweden, here’s a story from 2010 about Sweden’s Pirate Party starting its own Pirate-friendly ISP that gets around law-enforcement data-sharing laws by never actually storing client information:

    Deutsche Welle
    Swedish Pirate Party launches new, anonymous Internet service
    Author: Cyrus Farivar
    Editor: Louisa Schaefer
    ate 22.07.2010

    Pirate ISP would not keep logs of IP addresses to ensure privacy, but experts say that the controversial political party may be poised for a challenge of pending Swedish privacy law.

    Internet users across Sweden may soon have a little more anonymity online as this week, members of Sweden’s controversial Pirate Party launched the Pirate ISP, or internet service provider.

    The company would be just like any other internet service provider, except that its leaders say that their service would offer more anonymity by not storing its users’ Internet Protocol (IP) addresses, a unique identification number for any computer, mobile phone or other device on the Internet at any given time. IP addresses have been used by law enforcement around the world to identify people who are downloading illegal copies of media or who are violating copyrights online.

    “We want to make more of a political statement about which internet service provider you use,” said Gustav Nipe, the Pirate ISP’s 21-year-old CEO, in an interview with Deutsche Welle.

    Nipe and around 90 percent of the dozens of the company’s first test customers in the city of Lund are members of Sweden’s Pirate Party. The party, according to its website, stands for reform of copyright law, abolishing the patent system, and the right to privacy.

    But critics argue that the Pirate ISP is merely trying to find a legal means to conduct illegal activity – largely by providing an anonymous way for people to share illegal files like films, music and software, online.

    Pirate Party critics unconcerned

    “It doesn’t matter,” said Henrik Ponten, an attorney with the Swedish Anti-Piracy Bureau. “Every month something happens like this. Everyone from the pirate side is trying to hide themselves.”

    The Pirate Party has recently affiliated itself with The Pirate Bay, a website that links to BitTorrent files that can be used to downloaded illegal copies and other pirated media. The Pirate Bay’s Swedish founders were found guilty last year of providing assistance to copyright infringement and were sentenced to a year in prison and a fine of over three million euros. They are currently appealing this decision.

    Earlier this month, Pirate Party leaders said that if they were to win seats in Sweden’s Parliament this fall, they would host the Pirate Bay website from within Parliament, thereby shielding it from further prosecution. Sweden’s Pirate Party does not have any members of parliament in Sweden, but it does have two MEPs in Brussels.

    Ponten believes that the Pirate ISP will be found illegal as all ISPs must turn over IP addresses when asked for them by law enforcement. But, it remains unclear what will happen if the Pirate ISP has no such data to begin with.

    Even if the company is found to be within the law, he said, Swedish society will not stand for it.

    “If they are successful, it means that everyone who does something criminal will be drawn to them,” he said. “If that is the case, then that’s not just a problem for us, that’s a problem for everyone. That will be a strong reason for society to do something about the internet service providers since society will never accept that an ISP would be a safe harbor for criminal activity.”

    But the Pirate ISP’s young CEO says that his company is not trying to promote any illegal behavior.

    “Pirate ISP is not about file-sharing, it’s being proactive against the Data Retention Directive,” Nipe said.

    The Data Retention Directive, more formally known as Directive 2006/24/EC, is a piece of European Union legislation passed by the European Parliament in 2006. The directive requires that member states store telecommunications data for six to 24 months, including IP address and time of every email, phone call and text message.

    The directive must now be passed by each of the member states, a process that is still ongoing. Some EU member states, including Romania and Germany, have declared their national laws attempting to comply with the directive as unconstitutional. By contrast, Sweden’s is expected to come forward in the fall, around the same time as the country’s parliamentary elections.

    Legal fight looming

    According to industry watchers, the Swedish Pirate Party and Pirate ISP, it seems, may be intentionally setting themselves up for a legal battle.

    “The law says that if you have the information as an ISP you are obliged to give it out but if you don’t have it then you cannot give it,” said Maerten Schultz, a law professor at Stockholm University, in an interview with Deutsche Welle. “And they are not obliged as of yet to keep this information.”

    But that may change if the data retention law does pass the Swedish Parliament later this year.

    Note that the EU Court of Justice fined Sweden this year for its delays in implementing the EU data retention law so it sounds like the Pirate Party’s plans for providing anonymous wwebhosting services is in some sort of legal limbo. Although PRQ, the web hosting company that used to host The far-right owned Pirate Bay and is currently one of the Wikileaks servers, was raided and temporarily shut own last October by Sweden’s police. The reasons for the raid are unclear:

    PRQ, Web Host For WikiLeaks And Once For The Pirate Bay, Raided By Swedish Police

    Andy Greenberg, Forbes Staff

    10/01/2012 @ 4:16PM

    The Stockholm-based web host PeRiQuito AB, or PRQ, has long attracted some of the most controversial sites on the Internet. Now it’s attracted a less friendly guest: Sweden’s police force.

    Stockholm police raided the free-speech focused firm Monday and took four of its servers, the company’s owner Mikael Viborg told the Swedish news outlet Nyheter24.

    While a number of bittorrent-based filesharing sites including PRQ’s most notorious client, the Pirate Bay, have been down for most of Monday as well as PRQ’s own website, Viborg told the Swedish news site that the site outages were the result of a technical issue, rather than the police’s seizure of servers. And it’s not yet clear exactly whose servers the police seized: PRQ’s two thousand or so customers have at times included WikiLeaks, the North America Man-Boy Love Association, Pedophile.se, the Chechen rebel site Kavkaz Central, and the defamation-accused Italian blog known as Perugia Shock, among others.

    “Even though I loathe what they say, I defend them,” Viborg told me when we spoke last August, regarding his most controversial clients like Pedophile.se and NAMBLA. “We don’t cooperate with the authorities unless we absolutely have to.

    As of last summer, Viborg said that PRQ continued to host WikiLeaks. But he told me that the company no longer had any direction connection with the Pirate Bay, which has instead bounced among temporary hosts since its founders were convicted of copyright theft in 2010.

    Update: In response to comments on this story, I’ve changed the headline to make it clear that PRQ is the former, not the current, web host for the Pirate Bay. The filesharing-focused news site Torrentfreak writes that the Pirate Bay was actually taken offline by a power outage, and will be back online “soon.”

    Two of the three Pirate Bay founders also created PRQ in 2004, and one of them is Gottfrid Svartholm, a 27-year old Swede who was arrested in Cambodia last month after being convicted of copyright crimes in absentia, and is now also being charged with hacking into the IT firm Logica.

    WikiLeaks noted the raid in its Twitter feed Monday, describing PRQ as “one of a number of ISPs used by WikiLeaks.” But as of Monday afternoon, the secret-spilling site hadn’t been taken offline.

    As I learn more about the PRQ raid, I’ll post an update. For now, even PRQ’s owners may not know the reason behind the raid. Viborg has told me that the company has a policy of no-questions-asked service for many of its customers, even accepting cash payments up front to avoid requiring any bank payment details that might identify its server room’s inhabitants. “Generally we don’t know who our customers are,” Viborg said. “By Swedish law, we’re not required to.”

    Also note that, while PRQ claimed that it was no longer hosting The Pirate Bay at the time of the raid last October, observers were puzzled when they noticed that both PRQ and The Pirate Bay went down at the same time as the raid and then both came online again at the same time a couple of days later:

    WikiLeaks Web Host PRQ Comes Back Online After Police Raid, Along With The Pirate Bay
    Andy Greenberg, Forbes Staff 10/03/2012 @ 11:31AM

    Strange things have been occurring lately on the Swedish Internet: First the Stockholm-based Web host firm PRQ, which caters to some of the world’s most controversial sites, was raided by police at the same time that the Pirate Bay went offline– despite PRQ’s claims that it doesn’t host the popular filesharing website.

    Now both PRQ and the Pirate Bay have come back online at the same time.

    On Wednesday morning, PRQ owner Mikael Viborg told me that the Web host has now identified two of the four targets of the police raid: A Swedish filesharing site called tankafetast.nu that the police believe hosted pirated content, and Appbucket, a site whose domain was seized by the U.S. Department of Justice earlier this year and accused of offering free access to paid Android apps. Viborg says he still doesn’t know the other two targets of the raid, which resulted in the seizure of several of his company’s servers. But he’s learned that the police were focused on intellectual property theft.

    Viborg maintains that the raid had nothing to do with PRQ’s two most well-known associates: the secret-spilling website WikiLeaks or the Pirate Bay. Though WikiLeaks continues to use PRQ’s services, Viborg says that the Pirate Bay hasn’t been hosted at PRQ since the copyright-flouting site’s founders were convicted of intellectual property crimes in late 2010, despite the fact that two of the three founders of the Pirate Bay also created PRQ in 2004. One of the three, Gottfrid Svartholm, was extradited to Sweden from Cambodia last month and also faces charges of hacking into the IT firm Logica.

    Since its founders’ conviction, the Pirate Bay’s ability to stay online has been largely a mystery. Viborg and Pirate Bay founder Peter Sunde say that the site now bounces around a series of temporary hosts, and that even they don’t know where it’s hosted at any given time.

    Still, the fact that PRQ’s websites–including the web host’s own site, PRQ.se–and the Pirate Bay went offline and came back online in tandem remains unexplained. And Viborg admits it’s possible that the Pirate Bay may have hosted a relay server in PRQ’s server room, unbeknownst to him, that bounced the site’s traffic to another location. But Viborg says that’s unlikely.

    “They could have a bounce service set up with us without us knowing. But if they had, we would know by now. The police would have raided us a long time ago,” says Viborg. “They wouldn’t have gone through the hassle to raid these others torrent sites and ignore the fact that we were hosting the Pirate Bay at the same time.”

    The Pirate Bay, for its part, says its downtime has been a result of a failed power unit, according to the filesharing-focused news site Torrentfreak.

    If there is any connection between PRQ’s and the Pirate Bay’s downtime, Viborg speculates that both organizations may have been hit by a series of distributed denial of service attacks that flooded many Swedish sites with junk data earlier this week. That attack took out several of PRQ’s sites, a problem that was exacerbated by the police preventing PRQ staff from accessing their equipment. “If the Pirate Bay is hosted in Sweden, it could be in one of the other data centers affected by this attack,” Viborg guesses.

    Otherwise, Viborg says, it may be “a very strange coincidence.”

    So yeah, while we don’t know who is currently hosting The Pirate Bay (sure we don’t *wink* *wink*), it appears that The Pirate Bay and PRQ are able to operate pretty much legally. And it also appears that Sweden’s Pirate Party ISP, Serious Tubes, might have been warranting a raid too:

    Swedish Pirate Party faces legal action for providing Internet access to Pirate Bay
    The Pirate Party was ordered to block access by next Tuesday or face legal action

    By Loek Essers
    February 20, 2013 11:53 am | IDG News Service

    The Swedish Pirate Party faces a lawsuit if it does not stop providing Internet access to The Pirate Bay file-sharing site by next Tuesday.

    The Pirate Party was warned to stop providing access by the Rights Alliance, an organization that represents the Scandinavian film industry. The party received the warning on Tuesday, said Anna Troberg, leader of the Swedish Pirate Party on Wednesday.

    Her party has been providing Internet access to The Pirate Bay for almost three years because nobody else was willing to, Troberg said.

    The founders of The Pirate Bay, which facilitates peer-to-peer file sharing, were found guilty in 2009 for being accessories to crimes against copyright law, and their appeal was denied. The site is blocked in several countries.

    It is hard for The Pirate Bay, which since the founders’ conviction has restructured its site, to find an ISP willing to connect it to the Internet, Troberg said. According to Troberg, however, what The Pirate Bay does is not illegal because they simply provide links to content elsewhere. “There is no difference with Google,” she said, even though The Pirate Bay has been banned by courts in several countries because it helps users get access to copyright-infringing material.

    The Pirate Party is a registered ISP that buys bandwidth for The Pirate Bay at Serious Tubes, an ISP that acts as a transit provider for the Pirate Party, Troberg said. The Rights Alliance sent Serious Tubes the same cease-and-desist letter, published by Troberg, that it sent to the Pirate Party.

    Serious Tubes, however, states on its site that the Pirate Party hosts The Pirate Bay, which is incorrect, according to Troberg. The Pirate Party only buys bandwidth from Serious Tubes, she said. Serious Tubes did not reply to a request for comment.

    Providing access to sites such as The Pirate Bay, which facilitate file-sharing of copyright content, is illegal and doing so is a criminal act, wrote Sara Lindbäck, a lawyer for the Rights Alliance, in the group’s letter to the organizations. The Pirate Party and Serious Tubes contribute to copyright infringements made possible by the file-sharing site by providing access, the Alliance said.

    If the organizations don’t respond to the order by Tuesday, Feb. 26, a legal procedure will be started, Lindbäck wrote. She did not respond to a request for comment.

    Courts have ordered Swedish ISPs to block access to The Pirate Bay in the past, as mentioned by the Rights Alliance in the letter, Troberg said. But since then, The Pirate Bay has changed, she said. According to her, the Pirate Party is doing nothing wrong. “The only thing we do is make sure they have Internet access. What we are doing is not illegal,” Troberg said, adding that it is not different from what other ISPs do.

    The Pirate Bay can still be accessed in Sweden, she noted. The Pirate Party has expected for a year that a warning like this would come, according to Troberg. “We are prepared,” she said. She couldn’t say if the case would go to court, however.

    A week after the threat of the lawsuit, the Swedish Pirate Party stopped hosting The Pirate Bay and has reportedly left Sweden altogether, with servers remaining in places like Norway and Spain:

    Swedish Pirate Party stops hosting The Pirate Bay due to legal threats

    By Rick Burgess

    On February 26, 2013, 3:30 PM

    The Pirate Bay has vacated its Swedish homeland in hopes of dodging legal troubles brewing for Piratpartiet, otherwise known as the Pirate Party of Sweden. A local anti-piracy group, Rights Alliance, threatened to sue Piratpartiet for providing bandwidth to The Pirate Bay for roughly three years now. To avoid a lawsuit against the Pirate Party, TPB’s operation will be relying on its numerous locations outside of Sweden.

    The Pirate Bay has already made its quiet transition out of Sweden. The infamous file-sharing site is currently hosted in multiple locations, most notably Norway, Catalunya and Spain. TPB’s recently expanded multiplicity of hosts actually inspired the new “Hydra Bay” logo pictured to the side.

    The Pirate Party is a movement that started to gain traction in Europe around 2006. The group’s core principles (pdf) are based upon a mission of copyright reform (the slow abolishment of patents and legalizing all non-commercial copying, for example), supporting democratic ideals and expanding personal freedoms. In 2009, the Pirate Party procured two seats on the European parliament and has since spread its wings globally to about 60 different regions, most notably in Russia, Australia and Canada.

    Although Piratpartiet is purportedly no longer helping to host TPB, two sister Pirate Party groups located in Norway and Catalunya have filled in for Sweden’s absence.

    And as we saw with The Pirate Bay’s conversion to the “Hydra Bay”, there’s no shortage of locals in the EU that will provide similar services. So it will be very interesting to how successful the Pirate Party movement will be at leveraging the fallout of the Snowden affair. It will also be interesting to see if Sweden’s cash-for-anonymity web-hosting sector experiences a surge in business this year. The partnering of businesses concerned over loss of intellectual property with web-hosting companies owned by people ideologically opposed to patent law should be a sight to see. Strange days.

    Posted by Pterrafractyl | July 14, 2013, 5:53 pm
  2. Move over Scientology…:

    Deutsche Welle
    Sweden recognizes information-sharing as religion
    Three attempts in the past year have paid off for a newly recognized religion in Sweden that views information as holy and copying as a sacrament. Its leaders have previous ties to the Pirate Party Sweden.

    Author: Cyrus Farivar
    Editor: Stuart Tiffen
    Date 06.01.2012

    A file-sharing group known as the Church of Kopimism has received official recognition from Sweden as a spiritual organization, it announced on Thursday.

    In late December 2011, the Kammarkollegiet, or the Financial and Administrative Services, the public Swedish organization that deals with recognizing businesses and other tax entities, officially recognized the group. In Sweden, this government institution can allow recognized groups – which includes mainstream religions, as well as Norse pagans – to file for applications for state funding and to marry couples.

    According to the Gagens Nyheter, Bertil Kallner of Sweden’s Financial and Administrative Services said that a religious community could “basically be anything.”

    “What’s important is that it is a community for religious activities,” he added.

    Nordic country hosts many file-sharing organizations

    Sweden has been the home of a number of pro-file-sharing groups, including the controversial website, The Pirate Bay, and later, the Pirate Party, which now has two seats in the European Parliament. Pirate Parties in many other countries have sprung up, particularly in Europe. In late 2011, several members of the Pirate Party Germany surprisingly won seats in the Berlin state parliament.

    “For the Church of Kopimism, information is holy and copying is a sacrament,” the group said in an English-language statement posted on its website.

    The Church of Kopimism’s chairman, Gustav Nipe, previously also helped found the Pirate Internet service provider last year, which was designed to challenge European privacy and data retention law. Isak Gerson, the group’s 20-year-old spiritual leader, also has been involved in the Pirate Party’s youth organization.

    Despite the new formal recognition, the group’s website says it requires “no formal membership” to become a “kopimist.”

    “You just have to feel a calling to worship what is the holiest of the holiest, information and copy,” the organization wrote on its website. “To do this, we organize kopyactings – religious services – where the kopimists share information with each other through copying and remix.”

    Powers of the confessional

    Also on Thursday, Rick Falkvinge, the founder of the Pirate Party Sweden, wrote on his blog, that by recognizing file-sharing as a religion, this may be a way for people who download unauthorized digital copies to skirt the law. That’s because, he argued, now Kopimist preachers “are defined as the ones facilitating holy copying (and remixing).”

    “Translated to nerdspeak, that means the communications between operators of trackers/hubs and the people who partake in the sacrament of copying now carries confessional status, by and large making it illegal and impossible to collect as evidence in a trial,” he wrote.

    “That brings a whole boatload of interesting legal ramifications with regards to evidence collection trying to persecute the worshipers of holy copying and remixing, doesn’t it?”

    Posted by Pterrafractyl | July 14, 2013, 6:35 pm
  3. We learning more about that those thousands of documents Snowden took are part of a “dead-man’s switch” that Snowden is using to protect himself against “extremely rogue behavior” by the US. Greenwald describes the documents as containing detailed “blueprints” on how the NSA’s eavesdropping systems work that would enable readers to evade detection or replicate it. According to Greenwald, Snowden doesn’t want the documents released. So it seems like a reasonable assumption that WikiLeaks and who knows who else has an NSA how-to manual that might be released at some point in the future or kept for private consumption:

    Jul 15, 1:46 AM EDT
    Journalist: Edward Snowden has ‘blueprints’ to NSA

    Associated Press

    RIO DE JANEIRO (AP) — Edward Snowden has highly sensitive documents on how the National Security Agency is structured and operates that could harm the U.S. government, but has insisted that they not be made public, a journalist close to the NSA leaker said.

    Glenn Greenwald, a columnist with The Guardian newspaper who first reported on the intelligence leaks, told The Associated Press that disclosure of the information in the documents “would allow somebody who read them to know exactly how the NSA does what it does, which would in turn allow them to evade that surveillance or replicate it.”

    He said the “literally thousands of documents” taken by Snowden constitute “basically the instruction manual for how the NSA is built.”

    “In order to take documents with him that proved that what he was saying was true he had to take ones that included very sensitive, detailed blueprints of how the NSA does what they do,” the journalist said Sunday in a Rio de Janeiro hotel room. He said the interview was taking place about four hours after his last interaction with Snowden.

    Greenwald said he believes the disclosure of the information in the documents would not prove harmful to Americans or their national security, but that Snowden has insisted they not be made public.

    “I think it would be harmful to the U.S. government, as they perceive their own interests, if the details of those programs were revealed,” he said.

    He has previously said the documents have been encrypted to help ensure their safekeeping.

    Snowden emerged from weeks of hiding in a Moscow airport Friday, and said he was willing to meet President Vladimir Putin’s condition that he stop leaking U.S. secrets if it means Russia would give him asylum until he can move on to Latin America.

    Greenwald told The AP that he deliberately avoids talking to Snowden about issues related to where the former analyst might seek asylum in order to avoid possible legal problems for himself.

    Snowden is believed to be stuck in the transit area of Moscow’s main international airport, where he arrived from Hong Kong on June 23. He’s had offers of asylum from Venezuela, Nicaragua and Bolivia, but because his U.S. passport has been revoked, the logistics of reaching whichever country he chooses are complicated.

    Still, Greenwald said that Snowden remains “calm and tranquil,” despite his predicament.

    “I haven’t sensed an iota of remorse or regret or anxiety over the situation that he’s in,” said Greenwald, who has lived in Brazil for the past eight years. “He’s of course tense and focused on his security and his short-term well-being to the best extent that he can, but he’s very resigned to the fact that things might go terribly wrong and he’s at peace with that.”

    Greenwald said he worried that interest in Snowden’s personal saga had detracted from the impact of his revelations, adding that Snowden deliberately turned down nearly all requests for interviews to avoid the media spotlight.

    Asked whether Snowden seemed worried about his personal safety, Greenwald responded, “he’s concerned.”

    He said the U.S. has shown it’s “willing to take even the most extreme steps if they think doing so is necessary to neutralize a national security threat,” Greenwald said. “He’s aware of all those things, he’s concerned about them but he’s not going to be in any way paralyzed or constrained in what he thinks he can do as a result of that.”

    Asked about a so-called dead man’s pact, which Greenwald has said would allow several people to access Snowden’s trove of documents were anything to happen to him, Greenwald replied that “media descriptions of it have been overly simplistic.

    It’s not just a matter of, if he dies, things get released, it’s more nuanced than that,” he said. “It’s really just a way to protect himself against extremely rogue behavior on the part of the United States, by which I mean violent actions toward him, designed to end his life, and it’s just a way to ensure that nobody feels incentivized to do that.”

    He declined to provide any more details about the pact or how it would work.

    Greenwald said he himself has beefed up his own security, particularly since a laptop went missing from his Rio home.

    “I don’t really feel comfortable discussing the specific measures, but one would be really irrational and foolish to have thousands of top-secret documents from the most secretive agency of the world’s most powerful government and not be thoughtful about added security,” said the 46-year-old former constitutional and civil rights lawyer who has written three books contending the government has violated personal rights in the name of protecting national security.

    Greenwald has also co-authored a series of articles in Rio de Janeiro’s O Globo newspaper focusing on NSA actions in Latin America. He said he expected to continue publishing further stories based on other Snowden documents over the next four months.

    Upcoming stories would likely include details on “other domestic spying programs that have yet to be revealed,” but which are similar in scope to those he has been reporting on. He did not provide further details on the nature of those programs.

    Posted by Pterrafractyl | July 15, 2013, 11:06 am
  4. Here’s an article on the impact the Snowden affair is having on WikiLeaks’s finances. So far, it hasn’t been especially helpful:

    WikiLeaks Leaking Cash After Snowden-Inspired Surge Slows
    By Ben Moshinsky, Saleha Mohsin & Cornelius Rahn – Jul 10, 2013 10:18 AM CT

    WikiLeaks is leaking cash.

    Donations to the European anti-secrecy website initially surged after it offered financial support for Edward Snowden, the former U.S. National Security Agency contractor who revealed secrets about American surveillance, the group’s sponsor says. Contributions since have slid, according to the Hamburg-based Wau Holland Foundation, main collector of funds for WikiLeaks.

    Donations surged to 1,000 euros ($1,285) a day after Snowden stepped forward as the source of June newspaper reports about U.S. telephone and Internet surveillance, according to Bernd Fix, a spokesman for Wau Holland. Daily contributions have since dropped to about 100 euros ($128.50), or about three times the rate before Snowden’s emergence, a level that is unlikely to put WikiLeaks in the black again after two years of deficits, Fix said in an e-mail.

    The group has dramatically cut expenses as contributions have dropped off, Kristinn Hrafnsson, a spokesman for WikiLeaks, said by telephone from Reykjavik. He said the organization should be able to survive at a lower level of activity.

    “I’m fairly optimistic we’ll be able to raise enough funds to continue our work,” he said. “We have adapted to the situation and will carry on.”

    The group, which published diplomatic and military documents obtained by U.S. Army Pfc. Bradley Manning in 2010, thrust itself into the news again this year by offering legal and logistical help for Snowden. It put a chartered airplane on stand-by after Snowden, who had worked as a government contractor in Hawaii, surfaced in Hong Kong following newspaper reports of material he later acknowledged providing about surveillance.
    Plane Arranged

    Olafur Vignir Sigurvinsson, an Iceland-based WikiLeaks representative who arranged the plane for Snowden, said by phone this week that the charter was made possible through outside funds from “friends,” though Snowden eventually made it to Moscow on a regular OAO Aeroflot flight. WikiLeaks “did have a hand in financing” the flight to Moscow, said Hrafnsson, declining to specify the cost.

    Sigurvinsson said there are “currently” no plans to fly Snowden from the international transit area of Moscow’s airport, where he is seeking asylum in other countries. The U.S. has accused Snowden of espionage and theft and revoked his passport.

    WikiLeaks said yesterday on Twitter that Snowden had not “formally” accepted asylum in Venezuela, disputing earlier reports. The group said “states concerned will make the announcement if and when the appropriate time comes. The announcement will then be confirmed by us.” WikiLeaks has 1.9 million followers on Twitter.
    Assange At Bay

    WikiLeaks has been struggling with financing and relevance as founder Julian Assange is holed up at the Ecuadorian embassy in London to avoid extradition to Sweden. The group also lost more than $50 million of potential donations after Visa Europe, MasterCard Inc. (MA) and American Express Co. (AXP) stopped payments to the WikiLeaks in 2010, according to Assange.

    Rebecca Kaufman, a spokeswoman at Mastercard, and Jennifer Doidge, a spokeswoman for Visa, didn’t immediately respond to voicemails seeking comment.

    Visa and MasterCard, along with PayPal, Bank of America and Western Union had suspended processing payments for WikiLeaks when the site published classified documents leaked by Manning, who’s currently on trial in the U.S.

    The blockade was lifted this year following a court battle by Reykjavik-based DataCell, which processes WikiLeaks payments.

    The Supreme Court of Iceland required the payment gateway opened, according to an agreement made with DataCell, Visa Europe said in a statement today, and Visa Europe hasn’t sought to prevent compliance with that legal order.
    ‘Blockade’ Effect

    “The banking blockade has had a dramatic effect” on WikiLeaks, Hrafnsson said. “The most serious aspect of the banking blockade is that it stripped us of the ability to expand and carry out the projects we had in mind.”

    The group last year spent almost 400,000 euros after receiving just 69,000 euros in donations, according to the Wau Holland Foundation’s annual report. While Wikileak’s funding comes “mostly from Wau Holland,” Hrafnsson said, he couldn’t immediately say how much comes from other sources.

    WikiLeaks can now process donations via MasterCard and Visa through a payment gateway in France, Hrafnsson said.
    Other Assistance

    The San Francisco-based Freedom of the Press Foundation is raising money online for WikiLeaks and other journalism organizations, according to executive director Trevor Timm. The foundation has taken in more than $300,000 since fundraising began in mid-December, with 40 percent going to WikiLeaks. The money for WikiLeaks goes to Wau Holland, he said.

    The press foundation also is raising money to hire court stenographers for Manning’s military trial to make the proceedings available to the public, Timm said.

    Wau Holland reported collecting 1.5 million euros for WikiLeaks from 2010-12, according to its annual report. It raised 1.3 million euros in 2010, it reported, with collections declining to 69,000 euros in 2012.

    The foundation listed the main expenses for WikiLeaks as 178,000 euros stemming from “campaigns,” or from content review, “journalist contextualization” and external communications. It spent 134,000 euros on logistics, 37,000 euros on infrastructure and 18,000 euros on legal advice, according to Wau.

    Paring Expenses

    “Development of donations over the past two years has declined substantially, and is currently no longer able to provide the earlier levels support for the project,” Wau stated in the report. “Since January 2013 the foundation has only been able to cover expenditures in essential infrastructure, such as servers.”

    Wau Holland was set up in memory of Herwart “Wau” Holland-Moritz, who founded the Chaos Computer Club in 1981 and died in 2001. The foundation’s aim is to “promote and pursue his unique freethinking in relation to freedom of communication and informational self-determination,” according to its website.

    WikiLeaks seeks donations of 10 euros to 250 euros ($13 to $319) on its website via credit card through a French bank, or through PayPal or with Bitcoins. It also gets money from crowd sourcing through the Freedom of the Press Foundation, asking for donations from $25 to $5,000. The foundation also raises money for the Center for Public Integrity.

    Posted by Pterrafractyl | July 16, 2013, 11:02 am
  5. While it’s looking like Snowden could stay in Russia for the foreseeable future, former GOP Senator Gordon Humphrey is publicly recommending that Sweden grant Snowden asylum:

    Former Sen. Gordon Humphrey: Sweden should take Edward Snowden

    By HADAS GOLD | 7/17/13 7:09 AM EDT Updated: 7/17/13 10:39 AM EDT

    Sweden should stand up to the United States and offer Edward Snowden asylum, former GOP Sen. Gordon Humphrey said in an e-mail to POLITICO.

    “Respectfully, I say to Sweden, ‘America has done wrong in this instance. Stand up to her. Grant Edward Snowden asylum. You will do the people of the United States a great favor to resist their government in this matter and at this moment,” Humphrey wrote Wednesday morning.

    Humphrey said Sweden would be the “ideal country” for the NSA leaker because it is only a one hour flight from the Russian border and “no overflight is necessary of countries likely to cooperate with the U.S. in forcing down an aircraft carrying Mr. Snowden to asylum.”

    Additionally, Humphrey said Sweden “has a reputation for high-mindedness” and “a strong tradition of justice.”

    “And even though Sweden is warmly friendly towards the United States, it is firm in its determination to act independently.”

    According to WikiLeaks, Snowden has not applied for asylum in Sweden.

    Humphrey, who represented New Hampshire for two terms in the Senate and was on the Foreign Relations, Armed Services and Judiciary Committees, said he will be rallying a few former Members of Congress to “join together in appealing to Sweden and other Western countries to stand up to Washington and grant Mr. Snowden asylum.”

    He said he has not reached out to the administration to express his views and believes at the moment it is more useful to appeal to the public than the government.

    In an e-mail to Snowden published by the Guardian on Tuesday, Humphrey said he thinks the former NSA contracter did “the right thing” in leaking information about government surveillance programs.

    “I believe you have done the right thing in exposing what I regard as massive violation of the United States Constitution,” Humphrey wrote to Snowden. “Having served in the United States Senate for twelve years as a member of the Foreign Relations Committee, the Armed Services Committee and the Judiciary Committee, I think I have a good grounding to reach my conclusion.”

    In an e-mail to journalist Glenn Greenwald, who broke the story about Snowden, Humphrey called Snowden a “courageous whistle-blower.”

    “Yes. It was I who sent the email message to Edward Snowden, thanking him for exposing astonishing violations of the U.S. Constitution and encouraging him to persevere in the search for asylum,” Humphrey wrote. “To my knowledge, Mr. Snowden has disclosed only the existence of a program and not details that would place any person in harm’s way. I regard him as a courageous whistle-blower.”

    In a thank you note to Humphrey, Snowden said that the information he has cannot be compromised, not even by U.S. intelligence agencies.

    “No intelligence service – not even our own – has the capacity to compromise the secrets I continue to protect. While it has not been reported in the media, one of my specializations was to teach our people at DIA how to keep such information from being compromised even in the highest threat counter-intelligence environments (i.e. China).”

    Snowden added “you may rest easy knowing I cannot be coerced into revealing that information, even under torture.”

    You have to wonder if the anonymous third parties (presumably WikiLeaks) that are currently holding the document treasure-trove as part of Snowden’s “Dead Man’s Switch” threat also share his willingness to be tortured before they’d be willing to divulge the secrets of the NSA. Probably not:

    Snowden’s Contingency: ‘Dead Man’s Switch’ Borrows From Cold War, WikiLeaks

    By Kim Zetter
    4:31 PM

    The strategy employed by NSA whistleblower Edward Snowden to discourage a CIA hit job has been likened to a tactic employed by the U.S. and Russian governments during the Cold War.

    Snowden, a former systems administrator for the National Security Agency in Hawaii, took thousands of documents from the agency’s networks before fleeing to Hong Kong in late May, where he passed them to Guardian columnist Glenn Greenwald and documentary filmmaker Laura Poitras. The journalists have handled them with great caution. A story in the German publication Der Spiegal, co-bylined by Poitras, claims the documents include information “that could endanger the lives of NSA workers,” and an Associated Press interview with Greenwald this last weekend asserts that they include blueprints for the NSA’s surveillance systems that “would allow somebody who read them to know exactly how the NSA does what it does, which would in turn allow them to evade that surveillance or replicate it.”

    But Snowden also reportedly passed encrypted copies of his cache to a number of third parties who have a non-journalistic mission: If Snowden should suffer a mysterious, fatal accident, these parties will find themselves in possession of the decryption key, and they can publish the documents to the world.

    “The U.S. government should be on its knees every day begging that nothing happen to Snowden,” Greenwald said in a recent interview with the Argentinean paper La Nacion, that was highlighted in a much-circulated Reuters story, “because if something does happen to him, all the information will be revealed and it could be its worst nightmare.”

    It’s not clear if Snowden passed all of the documents to these third parties or just some of them, since Greenwald says Snowden made it clear that he doesn’t want the NSA blueprints published.

    Either way, Snowden’s strategy has been described jocularly in the press as a “dead man’s switch” — a tactic popularized in movies and thrillers whereby a bomber or criminal mastermind has a detonator wired to a bomb and the only thing keeping it from exploding is his finger on the detonator button. If police shoot him, he releases the button and the bomb goes off.

    But Snowden’s case is actually a kind of reverse dead man’s switch, says John Prados, senior research fellow for the National Security Archive and author of several books on secret wars of the CIA.

    “As an information strategy, what Snowden is doing is similar to that, but it doesn’t have the same kind of implication,” Prados says. “We’re not setting off a bomb or having some other kind of weapon-of-mass-destruction go off.”

    In the popular scenarios, the person has control over the event, and the weapon or deadly force is liberated or detonated only if that person is neutralized in some way and control is taken away from him. But the element of control is much different in Snowden’s case.

    “In the dead man switch, my positive control is necessary in order to prevent the eventuality [of an explosion],” Prados said. “In Snowden’s information strategy, he distributed sets of the information in such a fashion that if he is taken, then other people will move to release information. In other words, his positive control of the system is not required to make the eventuality happen. In fact, it’s his negative control that applies.

    “The operation of the system is reversed. He’s not calling up someone every 25 hours saying I’m still free, don’t let the stuff out. The stuff is out, and if he isn’t free, then they let it out. The dynamic is reversed from the traditional concept of the dead man switch.”

    Greenwald told the Associated Press that media descriptions of Snowden’s tactic have been over-simplified.

    “It’s not just a matter of, if he dies, things get released, it’s more nuanced than that,” he said. “It’s really just a way to protect himself against extremely rogue behavior on the part of the United States, by which I mean violent actions toward him, designed to end his life, and it’s just a way to ensure that nobody feels incentivized to do that.”

    Snowden’s case is not the first time this scenario has been used for information distribution instead of weapons. In 2010, Wikileaks published an encrypted “insurance file” on its web site in the wake of strong U.S. government statements condemning the group’s publication of 77,000 Afghan War documents that had been leaked to it by former Army intelligence analyst Bradley Manning.

    The huge file, posted on the Afghan War page at the WikiLeaks site, was 1.4 GB and was encrypted with AES256. The file was also posted on torrent download sites.

    It’s not known what the file contains but it was presumed to contain the balance of documents and data that Manning had leaked to the group before he was arrested in 2010 and that still had not been published at the time. This included a different war log cache that contained 500,000 events from the Iraq War between 2004 and 2009, a video showing a deadly 2009 U.S. firefight near the Garani village in Afghanistan that local authorities said killed 100 civilians, most of them children, as well as 260,000 U.S. State Department cables.

    WikiLeaks has never disclosed the contents of the insurance file, though most of the outstanding documents from Manning have since been published by the group.

    It looks like we can add “cracking all the publicly released ‘uncrackable’ encrypted blackmail files” to the list of future fun things to do with quantum computing.

    Posted by Pterrafractyl | July 17, 2013, 10:51 am
  6. Snowden to testify before the EU?

    European Parliament Wants Snowden, NSA Chief to Testify on Spying

    By Ryan Gallagher
    Posted Thursday, July 18, 2013, at 2:31 PM

    The European Parliament is gearing up to launch an investigation into the recently revealed NSA surveillance programs—and lawmakers are drawing up an interesting list of witnesses who they want to invite to interview about the snooping.

    In September, the parliament is set to begin a series of hearings as part of the inquiry, which was established following the exposure of sweeping spy efforts that extend across the world. Now, members of the parliament are putting forward names for individuals they want to call in to answer questions. Among those suggested so far are a series of high-profile figures at the center of the surveillance revelations, including Edward Snowden, the whistle-blower who leaked the secret documents on the spying; NSA chief Gen. Keith Alexander; and Guardian journalist Glenn Greenwald, who was passed the documents by Snowden and has published several scoops based on them in recent weeks.

    In the United States, the reaction to the surveillance leaks has primarily focused on the vast domestic phone records database, first revealed by the Guardian last month. But in Europe, the outrage has been over the PRISM Internet surveillance program, which reportedly enables the NSA to collect data on foreigners from major U.S. companies including Google, Apple, Microsoft, and Yahoo. Politicians across Europe have also responded furiously to allegations that the U.S. government has been bugging European embassies and missions in apparent violation of a 1961 convention on diplomatic relations. And there has been a particularly strong outcry in Germany over reports that the NSA is collecting metadata on half a billion phone calls and emails across the country every month.

    Last week, at a meeting about the scope of its inquiry into the NSA’s surveillance, members of the European Parliament’s civil liberties committee agreed that they would invite U.S. authorities, surveillance and privacy experts, data protection authorities, and representatives from parliaments in EU members states to participate in a series of at least 12 public hearings scheduled for before the end of the year. On Thursday, German member of the European Parliament Jan Albrecht published a list of individuals he is requesting be invited. Aside from Snowden and Greenwald, it includes a host of top surveillance experts, plus NSA whistle-blowers Thomas Drake and William Binney, who have both in recent years spoken out publicly about the agency’s growing spying capabilities. Dutch MEP Sophie In ‘t Veld, vice chair of the civil liberties committee, confirmed in an email Thursday that she intends to invite Gen. Alexander. The inquiry’s conclusions will eventually be presented in a report to the parliament and could have implications for data-sharing agreements between Europe and the United States.

    Snowden, no doubt, would like the opportunity to appear at one of the hearings. But he remains effectively stranded at a Moscow airport (for now) while he seeks temporary asylum in Russia. He apparently hopes to then move on to one of the Latin American nations that have offered him a safe haven—Venezuela, Bolivia, and Nicaragua. Despite the anger in Europe over the spying Snowden has revealed, governments in the EU have not been rushing to welcome him with open arms. In a bizarre incident earlier this month, France, Spain, Italy, and Portugal allegedly refused to allow Bolivian President Evo Morales’ jet to pass through their airspace after suspicions were raised that Snowden was on board. Bolivian officials blamed U.S. pressure for the debacle, describing it as a “hostile act” that had been orchestrated by the State Department.

    It’s also worth noting that Jan Albrecht, the German Green Party MEP with close ties to the Pirate Pary that is leading the calls for an investigation into NSA surveillance, has been sprearheading the effort for a major EU overhaul in EU online data protection laws that Albrecht said would primarily impact the webservices and business models of US firms operating in the EU. And US firms have reportedly engaged in an unprecedented lobbying effort to stop the changes. Those digital privacy reform efforts, and the Pirate Party in general, could get a big boost form the Snowden Affair:

    Ars Technica
    Proposed EU data protection reform could start a “trade war,” US official says
    Activist: “Nothing, not even ACTA, caused the US to lobby on this scale.”

    by Cyrus Farivar – Jan 31 2013, 7:35pm CDT

    BRUSSELS, BELGIUM—Back in 1998, British comedian Eddie Izzard quipped on his Dress to Kill tour that the European Union was “500 million people, 200 languages. No one’s got a clue what they’re saying to each other. It’s the cutting edge of politics in a very extraordinarily boring way.” Fifteen years on, it’s easy to understand how prescient his words were.

    But after spending two days in the Belgian capital, it’s clear that digitally minded officials, activists, lobbyists and members of the European Parliament are focused squarely on what could become a massively important change to the European Union’s rules concerning data protection. What’s more, they have the attention of American tech firms as well.

    As we reported over a year ago, Justice Commissioner Viviane Reding of the European Commission proposed a “comprehensive reform” to existing data protection law, which would regulate how online service companies are allowed to keep information on their customers. Right now, anyone who cares about European tech issues has their eye on this ongoing legislation as it makes its way through various Brussels bodies. The legislation is not expected to take effect until 2016.

    And by all accounts, lobbying pressure from American government representatives and their corporate allies is intensifying at an unprecedented level as the draft amendments for data protection reform make their way through various committees pushing to strengthen what the European Commission has proposed. One economic officer in the US Foreign Service even commented this week (Google Translate) that the current reform draft could “instigate a trade war” with the US.

    Some European legislators don’t mind the attention. “With this regulation, we really try to impact the US debate,” said Jan Philip Albrecht, a Green Party member of the European Parliament (MEP) from northern Germany. He hopes that the entire parliament will vote on the reforms before the next European Parliamentary election in June 2014.

    Albrecht is the “rapporteur,” or parliamentary liaison between his Committee on Civil Liberties, Justice, and Home Affairs (LIBE) and the European Commission on this issue. Albrecht acknowledged that American tech companies like Google, Facebook, Microsoft, Apple, Amazon, and others would be among the most directly affected should these new reforms that he has proposed take effect.

    “[Of course, reform isn’t affecting the US] directly, but we hope that there would be a debate in the US about if it could be a good example for the US to follow,” he added.

    In this case, a new regulation would offer major improvements over current law. The data protection reforms as proposed by the Commission would consolidate existing data protection rules, would require data breach notification within 24 hours, and would include a “right to be forgotten,” allowing citizens to “delete their data if there are no legitimate grounds for retaining it.”

    At present, the data protection reform bill could also make data portability easier—moving data from LinkedIn to Facebook—and it could impose new fines of between 1 and 4 percent of global revenues for companies that violate the EU’s rules.

    At present, tech companies doing business across the EU must pay attention to the rules in all of the 27 member states (soon to be 28, when Croatia accedes to the union later this year). Commissioner Reding has stated that allowing companies to deal with the data protection authority in the main EU country where they have their establishment would collectively save businesses around €2.3 billion ($3.1 billion) a year. In the case of Facebook, for example, that would be Ireland, where the company has declared its international headquarters.

    This month, MEP Albrecht published his draft response to the Commission’s proposal—and that’s certainly ruffled some feathers.

    Here’s one of the most noteworthy additions that he put forth in his 215-page draft (PDF) expanding on what the Commission had initially proposed:

    The right to the protection of personal data is based on the right of the data subject to exert the control over the personal data that are being processed. To this end the data subject should be granted clear and unambiguous rights to the provision of transparent, clear and easily understandable information regarding the processing of his or her personal data, the right of access, rectification and erasure of their personal data, the right to data portability and the right to object to profiling. Moreover the data subject should have also the right to lodge a complaint with regard to the processing of personal data by a controller or processor with the competent data protection authority and to bring legal proceedings in order to enforce his or her rights as well as the right to compensation and damages resulting of an unlawful processing operation or from an action incompatible with this Regulation. The provisions of this Regulation should strengthen, clarify, guarantee and where appropriate, codify those rights.

    Beyond his formal response, the 30-year-old German legislator has endorsed a new petition (the “Brussels Declaration”) from civil liberties groups, digital rights associations, and many of Europe’s technorati.

    “We are outraged, because we, the citizens, are now kept in hundreds of databases, mostly without our knowledge or consent,” the petition thunders. “Over 1,200 companies specialize in trading our personal data, mostly without our knowledge or consent, every time we browse the Internet over 50 companies now monitor every click, mostly without our knowledge or consent, we are constantly being categorized and judged by algorithms and then treated according to the ‘perceived value’ we may or may not bring to business without our knowledge and consent, and lobbying is currently replacing European citizens’ voices and manifest concerns.”

    Signatories to the petition include groups like Bits of Freedom (Netherlands), Electronic Privacy and Information Center (USA), European Digital Rights, Privacy International (UK), the Chaos Computer Club (Germany), La Quadrature du Net (France), and well-known European activists, including Smári McCarthy (Iceland), and Max Schrems (Austria), whom Ars profiled last year.


    While it may seem surprising that a Green Party MEP is spearheading the parliamentary response to the data protection reform, that doesn’t surprise the European Parliament’s eldest and one of its most-respected tech-savvy MEPs: Christian Engström, a Pirate Party member from Sweden who was elected to the body in 2009.

    “I would consider [Albrecht] as a Pirate,” he told Ars from his Brussels office. “I recognize a Pirate when I see one.”

    The Pirate Party, easily Europe’s smartest party on tech issues, has had some headway in Sweden, Germany, Switzerland and a handful of other European states (and a little bit in the United States). But it has struggled in recent months as its political novelty seems to have worn off a bit.

    Engström made the case that the Pirate Party is in a similar position to where the Greens were 40 years ago—representing a fairly fringe area of policy but pressuring other, larger parties to carve out their own position. “If we want anything to happen, the Pirates are not going to get a majority in any parliament in the world,” he observed. “It’s sad, but it’s a fact of life. If we want positive legislations we want people to copy our ideas, but we’re Pirates, so copying is good.”

    For the moment, there are only two Pirates (Engström and his 25-year-old colleague, Amelia Andersdotter, who is also from Sweden) out of the entire 753-member body—less than one percent of the entire EU parliament.

    But Engström says that being part of the liberal parliamentary group, The Greens-European Free Alliance, may help their views be heard by a wider audience. “Now we’re in the Green group, to adopt the Pirate Party, [so we’re] up to 7 percent,” he said with a grin.

    Andersdotter is also causing quite a stir as the youngest member of the entire European Parliament. Plus, she has created her own reality Web series, dubbed “#exile6e,” named after the section of the parliamentary staff offices where she and her entourage are located, separated from Engström.

    An episode published 11 days ago, entitled “Data Protection,” shows Andersdotter working the minutiae of legislative life—from hand-signing documents 224 times to speaking on data protection in the council chambers. Both Andersdotter and Engström sit on the secondary committees that are consulting on the data protection reform process, and they seem to have full confidence that their views will be represented as the process advances.

    Washington fires back

    Established industry has been equally forceful in its opposition. Erika Mann, a former 15-year MEP also from Germany who is now the head of Facebook’s Brussels-based policy office, told the media earlier this month that her employer was “concerned that some aspects of the report do not support a flourishing European Digital Single Market and the reality of innovation on the Internet.”

    Just 10 days ago, Stockholm hosted a “data protection debate,” with many speakers from the American government, including the Chamber of Commerce and the American Chamber of Commerce in the EU, and industry officials, all of whom are expressing deep concern that Brussels may force substantial changes to tech companies’ business models. The Stockholm debate was one of “10 other data protection events” held across the EU.

    This week, John Rodgers, an economic officer in the US Foreign Service, spoke in Berlin (Google Translate), noting that a vast right to delete such personal information was not technically feasible and would pose a huge problem for all globally minded companies. Most surprisingly, Rodgers warned that the data protection reform as currently conceived could “instigate a trade war.”

    According to reporting by the German tech news site, Heise Online, Rodgers reminded the crowd that American and European laws have very different standards when it comes to data protection. “We have the right to privacy in our constitution, which, however, represents no fundamental right to privacy,” he noted.

    Outside observers say that they are shocked with the level of attention that Americans have paid to this legislative process.

    “Nothing, not even ACTA, caused the US to lobby on this scale in Brussels,” said Joe McNamee, of European Digital Rights (EDRI), in an e-mail to Ars. “What is even more surprising is that demonstrably false arguments are sometimes being used, undermining the excellent reputation for professionalism that the US representatives have always had. This is damage that won’t easily be undone.”

    Posted by Pterrafractyl | July 18, 2013, 12:18 pm
  7. Hezbollah is now offering Snowden their “protection”.

    This is via Google Translate:


    Hezbollah Brigades show Astaadadaha to protect U.S. intelligence officer accused of “spying”

    Author: MJM
    Editor: HA, HH
    17/07/2013 11:53

    Range Press / Baghdad

    She Book Hezbollah in Iraq, on Wednesday, its willingness to protect intelligence officer, American Yalsabak Edward Snowden accused of spying and harboring of “claws” CIA, and with an eye to the possibility of investment information possessed to protect the “oppressed”, while indicated that they have the expertise that make It’s hard to be exposed to Snowden.

    Said a senior leader of (the Islamic Resistance) Hezbollah Brigades in Iraq, in an interview with the official website of the battalions and seen (range Press), he said that “Hezbollah Brigades is ready to house the former intelligence officer Edward Snowden in more than one place offers a safe living and can also be interact with him for investment information to protect the largest number of the oppressed. ”

    The leader, who did not mention the site name to “they can protect Snowden from the claws of the CIA and the large experience that we have all of these methods, as well as power resources in our hands as it is known to make it difficult for Americans to hurt him a in Knva”.

    And Edward Snowden is an American and contractor technical and client employee of the Central Intelligence Agency, he worked as a contractor with the National Security Agency before leaking details of the spying program secret classified as highly confidential to the press in June 2013, and June 21, 2013 sent him the U.S. judiciary formally charged with espionage and theft of property government and the transfer of information relating to national defense without permission and the deliberate transfer of classified intelligence information to a person not allowed him to see it.

    Snowden was able to escape to Russia, before they ask the United States on 24 June 2013, from Russia delivered Snowden, while Russia replied simply stop and will follow them to Cuba Valocuador which granted him political asylum on its territory. On 16 July 2013, Snowden made a formal request for temporary asylum in Russia.

    Posted by Vanfield | July 19, 2013, 9:32 am
  8. Another shoe about to drop?

    Spying fears highlight worth of data centres
    by Matthew Allen, swissinfo.ch
    June 24, 2013 – 11:00

    The granite grey slab of the Swisscom data centre outside Bern can protect its clients’ most valuable assets from bombs, earthquakes and even a direct aircraft hit. It’s only one of the reasons why there’s growing interest in such hubs.

    The centre’s stark concrete vaults also protect the highly sensitive information of banks and other clients from the prying eyes of governments or economic spies. ‘Trust’ is the watchword of the expanding Swiss data storage industry as it quietly carves out a highly lucrative global niche.

    Recent revelations of United States intelligence agency spying, coupled with ongoing reports of espionage emanating from China, may have raised public consciousness of the dangers to data but the industry has known about it for years.

    At the Swisscom centre in Zollikofen, canton Bern, no stone has been left unturned to protect its valuable cargo from any form of threat. Six powerful diesel-powered generators are kept permanently warmed, ready to kick into life within 15 seconds and able to power the entire centre’s operations in the event of total power failure.

    Thousands of video, heat and infra-red sensors would detect anyone who managed to get past the strict entrance security controls. Staffing is kept to a minimum, leaving the ranks of servers unmolested.

    Enquiries related to encryption techniques and other measures to prevent cyber intrusion are met with a polite but firm “no comment”.

    Political stability, a tradition of confidentiality and strong data protection laws have all added to Switzerland’s growing reputation as an international data safe house. Unlike in the US, even the Swiss government would need a court to approve each request for data.

    “Clients increasingly want to entrust their data to a jurisdiction where there is legal certainty,” Bruno Messmer, head of sourcing consulting at Swisscom, told swissinfo.ch. “This will be one of Switzerland’s many strong selling points in the future.”


    Swisscom CEO found dead in home at age 49, police treating case as suicide

    By Associated Press, Updated: Tuesday, July 23, 7:39 AM

    GENEVA — Switzerland’s leading telecommunications company says its chief executive has been found dead in an apparent suicide.

    Swisscom says the body of 49-year-old Carsten Schloter was found Tuesday morning at the CEO’s home in the Swiss canton (state) of Fribourg.

    A company statement Tuesday says “the police are assuming it was a case of suicide; an investigation into the exact circumstances is underway.”

    Swisscom, a publicly traded company in which the Swiss government has the majority stake, says no more details of his death were being disclosed in consideration for his family.

    Schloter joined Swisscom in 2000 as head of Swisscom Mobile and was appointed CEO in 2006.

    Posted by Pterrafractyl | July 23, 2013, 2:18 pm
  9. More on the potential fallout from the Snowden affair: instead of shutting down mass surveillance, now governments around the world might demand increased access to the collected data instead:

    More on the potential fallout from the Snowden affair: instead of shutting down mass surveillance, now governments around the world might instead demand increased access to the collected data:

    The New York Times
    N.S.A. Leaks Revive Push in Russia to Control Net
    Published: July 14, 2013

    MOSCOW — Edward J. Snowden, the former National Security Agency contractor, fled the United States saying he did not want to live in a surveillance state.

    But now the Russians are using his very presence here — on Friday Mr. Snowden said he intended to remain in Russia for some time while seeking asylum elsewhere — to push for tighter controls over the Internet.

    Two members of Russia’s Parliament have cited Mr. Snowden’s leaks about N.S.A. spying as arguments to compel global Internet companies like Google and Microsoft to comply more closely with Russian rules on personal data storage.

    These rules, rights groups say, might help safeguard personal data but also would open a back door for Russian law enforcement into services like Gmail.

    “We need to quickly put these huge transnational companies like Google, Microsoft and Facebook under national controls,” Ruslan Gattarov, a member of the upper chamber of the Russian Parliament, or Federation Council, said in an interview. “This is the lesson Snowden taught us.”

    In the United States, the documents leaked by Mr. Snowden highlighted the increasingly close ties between the N.S.A. and the biggest high-tech companies. His documents revealed how Microsoft, Facebook, Google and other companies have cooperated with the agency.

    If anything, requests by law enforcement agencies in Russia, with its long history of people bugging, informing and spying on one another, poses an even more stark quandary for companies like Google and Facebook.

    American information technology companies operating in Russia routinely face demands from law enforcement to reveal user data, and have less recourse than in the United States to resist in the courts.

    The Russian reaction may surprise Mr. Snowden most of all. In an interview with The Guardian, he said he unveiled details of N.S.A. surveillance because “I don’t want to live in a world where there is no privacy and therefore no room for intellectual exploration and creativity.”

    In a series of leaks to The Guardian, The Washington Post and other newspapers, Mr. Snowden provided documents showing the N.S.A. collected logs of Americans’ phone calls and intercepted foreigners’ Internet communications, with help from American companies, through a program called Prism.

    The Russians, who with only minimal success, had for years sought to make these companies provide law enforcement access to data within Russia, reacted angrily. Mr. Gattarov formed an ad hoc committee in response to Mr. Snowden’s leaks.

    Ostensibly with the goal of safeguarding Russian citizens’ private lives and letters from spying, the committee revived a long-simmering Russian initiative to transfer control of Internet technical standards and domain name assignments from two nongovernmental groups that control them today to an arm of the United Nations, the International Telecommunications Union.

    The committee also recommended that Russia require foreign companies to comply with its law on personal data, which can require using encryption programs that are licensed by the Federal Security Service, the successor agency to the K.G.B.

    Sergei Zheleznyak, a deputy speaker of the Russian Parliament in President Vladimir V. Putin’s United Russia party, has suggested legislation requiring e-mail and social networking companies retain the data of Russian clients on servers inside Russia, where they would be subject to domestic law enforcement search warrants.

    The Russian Senate is also proposing the creation of a United Nations agency to monitor collection and use of personal data, akin to the International Atomic Energy Agency, which oversees nuclear materials, to keep tabs on firms like Facebook and Google that harvest personal data.

    Many independent advocates for Internet freedom have for years, however, characterized the Russian policy proposals as deeply worrying, for their potential to hamper free communication across borders and expose political dissidents inside authoritarian states to persecution.

    Even before Mr. Snowden arrived in the transit zone of Moscow’s Sheremetyevo Airport, Russia had been pressing for such controls. Its proposals had found some support among other governments that wanted greater access to social networking and e-mail data, but which did not ban such services outright, as China does.

    In this light, Mr. Snowden’s arrival here and his decision to extend his stay, announced Friday, seemed to have aided their cause. Brazil’s foreign minister, Antonio Patriota, for example, a week ago endorsed the Russian proposal to transfer some control over Internet technical standards to the United Nations telecommunications agency.

    In Russia, a cottage industry already exists of companies licensed by the F.S.B. to make software applications that replace Microsoft’s built-in encryption on Windows. A Russian law requires this for government employees and several other categories of users. About two million Windows machines have had this change made in Russia, according to CryptoPro, one of the companies that makes the security agency’s licensed encryption key.

    Freelance libertarian journalist Joshua Faust recently speculated that Snowden might actually be a Russian defector, noting Israel Shamir’s work in developing closer ties between WikiLeaks and the Russian government (as well as Belarus’s government). Interestingly, Mark Ames wrote a number of highly critical pieces about Foust a couple of years ago after Foust attacked Ames over conflicting accounts of a massacre in Kazakhstan. At that point, Glenn Greenwald jumped – who had a history of sparring with Ames – into the fray, defending Foust. Here’s Ames’s response.

    Posted by Pterrafractyl | July 23, 2013, 6:52 pm
  10. Former Senator and Snowden-pen pal Gordon Humphreys reiterated his call for Sweden to grant Snowen asylum while also expressing a new fear that Snowden’s claims of being torture-proof don’t translate into being drug-proof:

    Gordon Humphrey: Russians could drug Edward Snowden

    By HADAS GOLD | 7/24/13 1:39 PM EDT

    Former Sen. Gordon Humphrey said he fears Russian intelligence services will drug Edward Snowden in order to access the information the NSA leaker may still have on the U.S. government.

    “The longer Mr. Snowden remains in the Russian Federation, particularly if he fades from view, the more likely he will be subjected to efforts to make him talk,” the former New Hampshire GOP Senator said in a statement to POLITICO on Wednesday. “While Snowden recently stated not even torture could succeed, he can easily be drugged, for example.”

    Humphrey said that as long as Snowden remains within easy reach of Russian intelligence services, he and the knowledge he carries “are in serious danger.” The Russians are only on good behavior “for the moment” he said, because of the upcoming September G20 meetings and a possible summit between Russian President Vladminir Putin and Barack Obama.

    Snowden has been holed up in a Moscow airport since fleeing Hong Kong in late June. He has applied for temporary asylum in Russia and on Wednesday was expected to receive an official pass allowing him to leave the airport and settle in Russia while his asylum request is processed. For the moment though, Snowden’s Russian lawyer said he is staying in the airport.

    In the statement, Humphrey reiterated his call for Sweden to offer Snowden asylum.

    “Sweden is the ideal asylum,” Humphrey said, followed by addressing Sweden directly. “Your country enjoys a long-established reputation for upholding the rule of law and human rights. While friendly towards the United States, Sweden is firmly-principled and independent in its foreign policy. Yet, Americans could rest easy, assured that Sweden would not take advantage of the U.S while providing a safe asylum to Edward Snowden.”

    Posted by Pterrafractyl | July 24, 2013, 1:39 pm
  11. The encrypted email service used by Snowden, Lavabit, suddenly shut down today. The owner cited congressional pressure that he wasn’t legally allowed to discuss. He’s now recommended that people avoid using services with physical ties to the US with their private data:

    Snowden’s email provider, Lavabit, shutters citing legal pressure

    Jeremy Kirk, IDG News Service
    Aug 8, 2013 7:50 PM

    An email provider reportedly used by former NSA contractor Edward Snowden shut down on Thursday, citing an ongoing court battle that it could not discuss.

    Lavabit, which launched in 2004, specialized in providing a high-security email service that employed advanced encryption. It was designed to thwart the kind of surveillance techniques that Snowden revealed in June were used by the U.S. government.

    Snowden used a Lavabit email address to invite people to a press conference at Sheremetyevo Airport in Moscow on July 12, according to a report from the international wire service Global Post.

    Lavabit founder Ladar Levison wrote that he couldn’t describe the legal machinations under way. “As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests,” he wrote in a front-page notice on his website.

    Levison wrote that Lavabit has “started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.”

    Lavabit’s website is largely offline, but Google’s cache still has a copy of its description of how its service worked. Lavabit used three encryption schemes to scramble email based around Elliptical Curve Cryptography (ECC).

    E-mail is encrypted before it is sent to the company’s servers. The result of the encryption process means that a message is, in theory, cryptographically impossible to read without a password, Lavabit wrote.

    “We say cryptographically impossible because, in theory, an attacker with unlimited computing resources could use brute force to decipher the original message,” according to the description.

    It appears from the description that Lavabit only retains a Secure Hash Algorithm (SHA) representation of a person’s password. The hash, even if it was obtained by investigators with a court order, would likely not be of use to investigators seeking to decrypt Snowden’s email.

    Lavabit warned that the encryption’s strength also relies heavily on a secure password selected by a user. Attackers could also intercept a message in transit if SSL (Secure Sockets Layer) encryption is not used for the communication between a user and Lavabit’s servers. Unencrypted messages could also be potentially pulled from a user’s hard drive.

    “Our goal was to make invading a user’s privacy difficult, by protecting messages at their most vulnerable point,” Lavabit wrote. “That doesn’t mean a dedicated attacker, like the United States government, couldn’t intercept the message in transit or once it reaches your computer.”

    Levison could not immediately be reached for comment. In closing, he wrote: “This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”

    Silent Circle, another company offering email encryption services, also shut down their email services today, citing “the writing on the wall”.

    Posted by Pterrafractyl | August 8, 2013, 10:24 pm
  12. Adding to the preemptive closure of two US-based email encryption services, we now are learning that Germany’s three largest email providers are going to start encrypting all emails to address growing privacy concerns. It sounds like it will include encrypting the indentities of the sender and receiver so presumably meta-data collection will also be prevented by anyone sniffing the traffic over the internet. The traffic wars are heating up:

    German email providers unite against spying
    Published: 9 Aug 2013 17:29 CET

    Germany’s three biggest email providers announced on Friday a partnership to bolster the security of messages sent between them in the wake of revelations of US online surveillance scandal.

    Telecommunications giant Deutsche Telekom as well as GMX and Web.de, both subsidiaries of Germany’s United Internet, will automatically encrypt their email traffic from now on.

    Email content as well as the identity of the sender and recipient and attachments will be encrypted, Deutsche Telekom and United Internet told reporters, presenting the “Email Made in Germany” initiative.

    The email services of t-online.de, web.de and gmx.de represent two-thirds of private email accounts used in Germany, or more than 50 million email addresses, according to the companies.

    Deutsche Telekom chief executive Rene Obermann said the revelations from Edward Snowden earlier this year, which detailed the US National Security Agency’s gathering of vast amounts of phone call logs and internet data, had “deeply unsettled” users.

    He said talks with other email providers aimed at widening the alliance had already taken place.

    Note that it’s not clear from the announcement if German security services will have the encryption keys. It also sounds like the encyption will initially only be secure between customes of Deutsche Telekom’s and United Internet’s webservices. Maybe limiting it to just those services might be due to the technical requirements of encrypting even the meta-data (where both the sender and receiver need to be using the same encryption/decryption methods)? That make explain a technical need for the talk of in the above article about ‘widening the alliance’:

    German companies to automatically encrypt emails
    AP / August 9, 2013

    BERLIN (AP) — Two of Germany’s biggest Internet service providers say they will encrypt customers’ emails by default following reports that the U.S. National Security Agency monitors international electronic communications.

    Deutsche Telekom AG and United Internet AG say emails sent by their customers will be automatically encrypted starting Friday.

    Initially the encryption will only be secure between customers of Deutsche Telekom’s T-Online service and United Internet’s GMX and WEB.DE services.

    The companies claim these three providers account for two-thirds of primary email addresses in Germany.

    Deutsche Telekom CEO Rene Obermann says the initiative came because ‘‘Germans are deeply unsettled by the latest reports on the potential interception of communication data’’ revealed by NSA leaker Edward Snowden.

    It wasn’t immediately clear if German security services would have a key to decrypt the emails.

    It’ll be interesting to see how much the German public end up trusting the BND not to hack their emails and send it to the NSA anyways following this latest move.

    Posted by Pterrafractyl | August 9, 2013, 8:51 am
  13. More on the new German email encryption scheme: According to Germany’s Chaos Computer Club it’s a publicity stunt using outdated encryption technology:

    German companies to automatically encrypt emails
    BERLIN (AP) — Two of Germany’s biggest Internet service providers said Friday they will start encrypting customers’ emails by default in response to user concerns about online snooping after reports that the U.S. National Security Agency monitors international electronic communications.

    The plan by Deutsche Telekom AG and United Internet AG is the digital equivalent of putting an envelope around a postcard. Currently most emails are sent across the web in plain view of anyone standing between the sender and the recipient.

    Initially the encryption will only be secure between customers of Deutsche Telekom’s T-Online service and United Internet’s GMX and WEB.DE services — which together account for two-thirds of primary email addresses in Germany — the companies said.

    “Germans are deeply unsettled by the latest reports on the potential interception of communication data,” Deutsche Telekom CEO Rene Obermann said in a statement. “Our initiative is designed to counteract this concern and make email communication throughout Germany more secure in general.”

    But Computer security specialists said the plan appeared to be little more than a publicity stunt, because the technology being used to encrypt the emails while in transit was outdated and didn’t guarantee they were safe from prying eyes while on the companies’ servers.

    “The technology employed doesn’t prevent ‘listening posts’ from being established on the system,” said Germany’s Chaos Computer Club, which bills itself as Europe’s largest association of hackers.

    NSA leaker Edward Snowden has alleged that the U.S. intelligence agency and some of its foreign partners routinely sift through online traffic as part of an effort to prevent terrorism.

    A spokesman for Deutsche Telekom, Philipp Blank, told The Associated Press that the company doesn’t grant foreign intelligence agencies access to its traffic in Germany. But he added that “of course we are bound by German law.”

    German law grants domestic security services broad powers to intercept communications and demand access to emails and phone data stored by commercial providers. It also allows them to pass information on to foreign intelligence agencies under certain circumstances.

    In one indication that German security services won’t find their work hindered, the country’s interior minister issued a statement welcoming the encryption move.

    Posted by Pterrafractyl | August 9, 2013, 1:55 pm
  14. @Pterrafractyl–

    Several things to consider: suppose the BND DOESN’T share info with NSA?

    Note that Deutsche Telekom is the parent company of T-Mobile and (now)Metro PCS.

    I wonder if American mobile users will gravitate toward the German services?

    It’s a safe bet that BND will be accessing all information on those networks.

    Also: it’ll be interesting to see if BND tries to supplant GCHQ as the primary NSA foreign partner.

    In addition, watch the Muslim Brotherhood front heating up, with Obama on both sides of “the Deutsche Coin Flip”–heads they win, tails you lose. (“COINtelpro?”)

    Wonder if they will use German-based ops against U.S. in the future.

    Also: in response to GOP moves against Russia–note how they are playing the Egypt card.

    Obama stuck on the Arab Spring pitchfork, as I predicted.

    It also brings to mind Grover Norquist’s prediction that the GOP would make it impossible to govern as a Democrat.

    They are doing a pretty good job.



    Posted by Dave Emory | August 9, 2013, 5:22 pm
  15. @Dave: It’s also interesting to note that there the reporting on this so far leaves a major question largely unanswered or unasked: how much access do the foreign intelligence agencies that are supplying the NSA with data have to the giant pool of raw intelligence? The global spying system described is constantly framed as as system where the NSA sweeps up data from all over the world, analyzes it, and then doles out terror tips or whatever to its allies. But early on it was reported that GSHQ received access to the unedited metadata on phone records back in 2010, and we know about the “Five Eyes” agreement where the US, the UK, Canada, New Zealand, and Australia have all had an agreement for the free-flow of intelligence between nations since 1943. So do similar secret arrangements exist between the “Five Eyes” and Germany and France?

    And what about Brazil? It was reported that the NSA and CIA had listening stations in Brazil until at least 2002, a “privilege” shared by just 15 other countries around the world. And at this point we simply don’t know if such facility still exists. Merkel’s government has already been caught blatanly lying to German voters about her knowledge of these programs. So are we supposed to actually believe the Brazillian government when they deny a similar relationship exists today? It’s not a trivial question because any global solution to the issue of privacy rights is going to be dependent on governments all over the world that have so far demonstrated a capacity to just keep lying to their citizens on this topic. The issue of trust has been central to the response to this scandal, but it’s curiously focused only on trusting US agencies and corporations instead of the inability to trust virtually all governments and major corporations around the planet.

    The other reason it’s kind of vital that we learn more about the nature of the data sharing arrangement is because of what John Loftus revealed decades ago about the manner in which foreign intelligence sharing arrangements are used by governments to spy on their own citizens. When we learned that the NSA has been secretly sending tips to the DEA for use in routine drug busts and that other US agencies are clamoring for access to that data it raises the question of whether or not the BND or GSHQ are also sending tips on US citizens to US federal agencies and vice versa because, hey, why not? Nothing we’ve seen suggests that it couldn’t or wouldn’t be the case.

    So it’ll be interesting to see if are we going to learn more about those data-sharing agreements. Right now there are a lot of interests that would love to keep this as an “NSA vs the world” situation INSTEAD of the “NSA as the coordinator of a global spying ring” situation that it really appears to be.

    Posted by Pterrafractyl | August 11, 2013, 3:29 pm
  16. With the Snowden affair taking continuing to hold the center stage in Germany’s elections, we’re now seeing Merkel’s administration call for negotiations this month with the US for creating new rules that restrict the US and Germany from spying on each other:

    Official: US, Germany will negotiate agreement not to spy on each other in wake of NSA flap

    By Associated Press, Published: August 12

    BERLIN — Germany and the United States will begin negotiations this month on an agreement not to spy on one another in wake of the revelations by NSA leaker Edward Snowden about massive electronic surveillance by the National Security Agency, a senior German official said Monday.

    Chancellor Angela Merkel’s chief of staff, Ronald Pofalla, told reporters such an agreement would offer a unique opportunity to set standards for the future work of Western intelligence agencies now that the Cold War is over. U.S. Embassy spokesman Peter Claussen said he had no immediate comment about Pofalla’s remarks, which were made following a meeting of a parliamentary committee overseeing intelligence services.

    Pofalla gave no details about how the agreement, which he said would also cover economic intelligence, might limit NSA operations such as PRISM, which compels major Internet firms to hand over detailed contents of communications such as emails, video chats and more.

    Public outrage over Snowden’s allegations has been especially strong in Germany, where privacy is cherished after the country’s painful history of mass surveillance of the citizenry in communist East Germany and Adolf Hitler’s Nazi state. With national elections in six weeks, the government is under pressure to respond to public anger without endangering its relations with Washington, which shares intelligence gleaned by NSA.

    U.S. officials have defended the NSA programs as necessary to prevent terrorist attacks, including those in Europe.

    But Germany’s independent privacy watchdogs say the surveillance programs breach an EU-U.S. pact meant to ensure cross-border data protection. German officials are seeking European support for a new global charter safeguarding personal privacy online,

    Merkel raised the issue of alleged NSA spying with President Barack Obama when he visited Berlin in June. Her government this month also canceled a Cold War-era agreement that allowed the U.S. and Britain the authority to request German authorities to conduct surveillance operations within the country to protect their troops stationed there.

    But Merkel has also argued that governments had a duty to defend its citizens in an era of global terrorism and has scoffed at comparisons between U.S. spying and the massive surveillance in communist East Germany where she grew up.

    Following the parliamentary meeting, Pofalla also said that cooperation between NSA and Germany had averted an average of three to four attacks per week against German soldiers in Afghanistan.

    Note that the reference to three to four attacks per week against German soldiers in Afghanistan that are averted each week that Merkel’s spokesman referred to was, somewhat ironically, probably a reference to the same PRISM system Merkel’s government denied knowing anything about. Ok, maybe it wasn’t the same PRISM program. Maybe it was the other PRISM program. Or the other other PRISM program:

    Are there really two PRISMs, or just one PRISM with NATO involvement?
    By David Meyer
    Jul. 18, 2013 – 1:47 AM PDT

    If you thought the PRISM debacle couldn’t get any more convoluted, then listen up. It turns out that there are two PRISM programs… or not, in which case the German government may be heading for a fall. It depends on who you believe: the newspaper Bild or the German government.

    As I’ve mentioned a few times, the German federal elections are coming up and PRISM is a major issue. The opposition parties have demanded answers about what Angela Merkel’s administration knew about the Americans spying on German citizens en masse. The government is sticking to its line that only highly-targeted data-sharing takes place, in order to keep the public safe from terrorism, and that it never knew about the wider PRISM program.

    On Wednesday Bild published a major scoop, based on a document that was apparently sent by NATO to all the regional commands in Afghanistan back in 2011. This document laid out instructions for cooperation under a program called PRISM, which involved monitoring emails and phone calls, with access regulated by the U.S. Joint Worldwide Intelligence Communications System (JWICS). This document naturally made its way to the Germans, who are somewhat controversially deployed in Afghanistan and, as Bild framed it, this meant the German government is lying about its PRISM ignorance.

    Not so, replied the government. Somewhat bizarrely, the administration claimed that the document was referring to a different PRISM program that was “not identical” to the NSA’s big project. Merkel spokesman Steffen Seibert said that – according to the BND, Germany’s NSA equivalent – this PRISM was a NATO/ISAF scheme, specific to the Afghanistan situation and not classified as secret. The Ministry of Defence chipped in with a denial that the Germans had access to this PRISM system anyway.

    Then, late on Wednesday night, Bild hit back with a series of counterclaims. First off, the newspaper pointed out that JWICS is designed for transmitting the most highly classified material.

    Regarding the claim that only U.S. personnel could access this NATO/ISAF PRISM, Bild quoted its anonymous American sources as saying all regional commands – Germans included – could request monitoring of a specific individual by asking “civilian and military U.S. personnel”, with the term “civilian” supposedly indicating spies. The paper also quoted these sources as saying the techniques employed across the two PRISMs were pretty darn similar.

    So there we have it. If Bild got it right, Merkel is up for an electoral hammering and the rest of the world needs to wrap its head around the idea of PRISM being a collaborative scheme at the NATO level. However, if the German spy agencies are being truthful then there are two PRISMs that, by crazy coincidence, both deal in the interception of emails and phone calls. You choose.

    Posted by Pterrafractyl | August 13, 2013, 10:01 am
  17. Something to think about regarding the BND’s claims that it’s only allowed by law to scan up to 20% of Germany internet traffic and only currently scanning 5%: 5% is much more than is necessary:

    Comment is free

    How much data the NSA really gets

    The NSA claims it ‘touches’ only 1.6% of internet traffic – doesn’t sound a lot. In fact, that’s practically everything that matters

    Jeff Jarvis
    theguardian.com, Tuesday 13 August 2013 07.45 EDT

    Fear not, says the NSA, we “touch” only 1.6% of daily internet traffic. If, as they say, the net carries 1,826 petabytes of information per day, then the NSA “touches” about 29 petabytes a day. They don’t say what “touch” means. Ingest? Store? Analyze?

    For context, Google in 2010 said it had indexed only 0.004% of the data on the net. So, by inference from the percentages, does that mean that the NSA is equal to 400 Googles?

    Seven petabytes of photos are added to Facebook each month. That’s .23 petabytes per day. So that means the NSA is 126 Facebooks.

    Keep in mind that most of the data passing on the net is not email or web pages. It’s media. According to Sandvine data (pdf) for the US fixed net from 2013, real-time entertainment accounted for 62% of net traffic, P2P file-sharing for 10.5%.

    The NSA needn’t watch all those episodes of Homeland (or maybe they should) or listen to all that Coldplay – though, I’m sure the RIAA and MPAA are dying to know what the NSA knows about who’s “stealing” what, since that “stealing” allegedly accounts for 23.8% of net traffic.

    HTTP – the web – accounts for only 11.8% of aggregated and download traffic in the US, Sandvine says. Communications – the part of the net the NSA really cares about – accounts for 2.9% in the US.

    So, by very rough, beer-soaked-napkin numbers, the NSA’s 1.6% of net traffic would be half of the communication on the net. That’s one helluva lot of “touching”.

    Keep in mind that, by one estimate, 68.8% of email is spam.

    Posted by Pterrafractyl | August 13, 2013, 1:46 pm
  18. @Pterrafractyl–

    The “One PRISM” vs. “Two PRISMs” debate couldn’t be easier to resolve.

    Take it from someone based in the Silicon Valley for decades–had ANY company come up with a software performing functions similar or identical to PRISM and TRIED to use the same name, they would have been sued from hell to breakfast.

    The big tech firms are NOTHING if not litigious and Peter Thiel has plenty of money!



    Posted by Dave Emory | August 13, 2013, 3:34 pm
  19. And with the closing of Lavabit and Silent Circle, Kim Dotcom just declared that his company is developing ‘cutting edge’ encryption software for the purpose of offering completely encrypted emails services where even the data on the email server is encrypted. It sounds like this will necessarily involve the development of newer, faster encryption/decryption technology to allow the email server to keep everything encrypted while still provided real-time functionality like looking through your inbox.

    In related news, Mr. Dotcom might need to start investing in quantum computing research:

    Teleportation: Behind the Science of Quantum Computing
    Researchers were able to reliably teleport information between quantum bits.

    Melody Kramer

    National Geographic

    Published August 14, 2013

    It might seem like something straight from the Star Trek universe, but two new research experiments—one involving a photon and the other involving a super-conducting circuit—have successfully demonstrated the teleportation of quantum bits.

    If that sounds like gobbledygook, don’t worry. We got in touch with one of the researchers, physicist Andreas Wallraff, of the Quantum Device Lab at the Swiss Federal Institute of Technology Zurich, to explain how his team and a team based at the University of Tokyo were able to reliably teleport quantum states from one place to another.

    People have done this before but it hasn’t necessarily been reliable. The new complementary research, which comes out in Nature today, is reliable—and therefore may have widespread applications in computing and cryptography.

    Before we talk about the nitty-gritty part of teleportation, we need to define a few key words. Let’s start with a regular, classical bit of information, which has two possible states: 1 or 0. This binary system is used by basically all computing and computing-based devices. Information can be stored as a 1 or a 0, but not as both simultaneously. (Related: “The Physics Behind Schrodinger’s Cat.”)

    But a quantum bit of information—called a qubit—can have two values at the same time.

    “With the qubit, you can store more information because you have information in all of its possible states,” Wallraff says. “Whereas in the classical memory system, only one can be stored.” (More physics: “The Physics Behind Waterslides.”)

    Quantum teleportation relies on something called an entangled state. An entangled state, in the words of Wallraff, is a “state of two quantum bits that share correlations.” In other words, it’s a state that can’t be separated.

    But Why Is It Useful?

    The advances these two research groups have made may improve the way quantum bits are sent, leading to faster processors and larger-scale encryption technologies.

    Encryption technology—which is used by everyone from credit card companies to the NSA—is based on the fact that it’s really, really hard to find factors of very large prime numbers. And quantum computing is extremely useful for factoring very large prime numbers.

    Dividing or multiplying numbers is fairly easy for any computer, but determining the factors of a really large 500- or 600-digit number is next to impossible for classical computers. But quantum computers can process these numbers easily and simultaneously.

    Credit card companies, for instance, assign users a public key to encode credit card information. The key is the product of two large prime numbers, which only the website seller knows. Without a quantum computer, it would be impossible to figure out the two prime numbers that are multiplied together to make the key-which protects your information from being shared. (For more info, read this really useful guide about the basics of quantum computing from the University of Waterloo.)

    “If you wanted to use classical bits to do this, it wouldn’t be efficient,” says Wallraff. In other words, classical computers—the ones we use now for most stuff—can’t do any of the things quantum computers can do on a large scale.

    So while we might not be beaming Scotty up just yet, our computers, it appears, are one step closer to doing so.

    Posted by Pterrafractyl | August 14, 2013, 12:13 pm
  20. http://www.spiegel.de/international/business/germany-declares-bitcoins-to-be-a-unit-of-account-a-917525.html

    ‘Private Money’: Bitcoins Gain Ground in Germany

    What exactly is the legal status of bitcoins?

    Bitcoins have rapidly gained popularity, but what is the currency’s legal status? This week Germany revealed that it sees the virtual payment method as “private money,” but its tax status remains unclear.

    The value of bitcoins has become widely accepted. The virtual, Internet-based currency can currently be traded in for about $120 each, according to Mt. Gox, a popular bitcoin exchange.

    But now they are also gaining a legal footing — at least in Germany, where the Finance Ministry has declared bitcoins to be a “unit of account.” The designation stops well short of treating bitcoins as currency or even e-money, but it does classify the virtual currency as a kind of “private money.” This comes as a result of a parliamentary inquiry made by Frank Schäffler, a member of the Bundestag with the business-friendly Free Democrats, Chancellor Angela Merkel’s junior coalition partners.

    Bitcoins have been in the headlines recently due to the massive volatility of their exchange rate. When they were first introduced in 2009, they were essentially worthless, trading for just five cents per bitcoin in July 2010. This year, however, they rocketed up in value to a high of $230 per bitcoin in April before plunging back to their current rate of exchange. Some have attributed the rise to concerns about the ongoing euro crisis in Europe.

    Governments have been uncertain of how to approach the bitcoin, though. In late July, Thailand banned bitcoin transactions out of concern that the state could lose control over money flow. In the US, meanwhile, state officials in New York and federal officials recently opened an investigation into the virtual currency. The aim, according to a letter sent to financial regulators by the Senate Committee on Homeland Security, was to determine the “threats and risks related to virtual currency.” New York state has subpoenaed 22 companies involved with bitcoin transactions, according to The New York Times.

    A First Step

    The implications of Germany’s new designation remain uncertain. In June, the Finance Ministry declared that profits on bitcoin investments are tax free after a year. But now it appears that some transactions involving bitcoins could be taxed after all. A tax advisor told the Berlin-based daily Die Welt that VAT would only have to be paid by people who use bitcoins commercially.

    Oliver Flaskämper, head of the leading German bitcoin market, bitcoin.de, told Die Welt that “from our perspective, our customers are engaged in private portfolio management from a tax point of few.” That would mean that transactions would be tax free.

    Still, the question of how bitcoins should be taxed remains pertinent. Some 7,500 shops and restaurants worldwide accept payment by bitcoin, according to the site Bitpay.com. Ultimately, rules will have to be established for taxing transactions with those places of business. Germany has taken a first step.

    Posted by Vanfield | August 20, 2013, 9:58 am
  21. In one of the more confusing NSA-related stories to come out in the last week, there was report in the German tabloid Zeit about German government documents warning Federal agencies to avoid using Windows 8 over concerns that the “Trusted Platform Module” (TPM) chip found in Windows machines might provide the NSA backdoor access to the machine. The German government then issued a statement denying that such a recommendation was ever made. Microsoft, of course, denies such a backdoor exists at all:

    Techweek Europe
    Microsoft Seeks Calm On German Security Panic Over Windows 8

    Claims from a German publication that the NSA could easily access Windows 8 machines are rebuffed
    On August 23, 2013 by Tom Brewster

    Claims that there is a backdoor in Windows 8 giving access to all versions of the operating system to US intelligence have been gently rebuffed by Microsoft.

    A reporter in Zeit had suggested the backdoor stemmed from the Trusted Platform Module, or TPM chip, which seeks to improve security by powering the Secure Boot process that checks for and ignores malicious low-level code when a machine starts up. It does this through cryptographic keys that ensure code cannot be tampered with on loading and that the code is legitimate.

    No Windows 8 backdoor?

    The Zeit writer had suggested the TPM could give the manufacturer of a device control over it.

    He said that in light of the leaks from Edward Snowden, it would not be a surprise if TPM 2.0, the version used by Windows 8, was actually a backdoor the National Security Agency (NSA) could easily exploit. As the chips powering TPM are manufactured in China, the Chinese could easily access Windows 8 machines too, the report alleged.

    The reporter attained documents from the German government that led him to reach his supposition. But the German government has not said there is a backdoor in the OS.

    The Office for Information Security (BSI) later clarified the government’s position, and did say the use of TPM 2.0 and Windows 8 (TPM is used in other non-Windows machines, including Chromebooks, making the claims even more questionable) meant the user had to deal with “a loss of control over the operating system and the hardware used”. This could lead to greater risk for the federal government and critical infrastructure, it said.

    But the body said it had not warned the general public nor government bodies against using Windows 8.

    It said “the newly established mechanisms can also be used for sabotage by third parties”, but appeared only to be talking generally about vulnerability exploitation. There was no suggestion of a purposeful backdoor, as Zeit had hypothesised, even if the BIS does have problems with TPM.

    Microsoft has responded to the kerfuffle first by denying it has ever provided such access to users’ data and by talking up the security benefits of TPM 2.0. It suggested government departments would be wise to use the security protections it provides by default. But for those governments who want to gain back control of their machines, they can go with OEMs who make Windows PCs without TPM.

    Something to keep in mind regarding the sudden interest by Russia and Germany in hidden microchip backdoors is how long it’s taken for this to become a perceived national security issue. For instance, the Pentagon was investigating Chinese kill switches getting embedded into chips used for the US military back in 2008 and Germany and Russia are the second and third biggest arms exporters in the world and their defense industries presumably suffer from very similar risks all these years:

    IEEE Spectrum
    The Hunt for the Kill Switch
    Are chip makers building electronic trapdoors in key military hardware? The Pentagon is making its biggest effort yet to find out
    By Sally Adee
    Posted 1 May 2008 | 19:57 GMT

    Last September, Israeli jets bombed a suspected nuclear installation in northeastern Syria. Among the many mysteries still surrounding that strike was the failure of a Syrian radar–supposedly state-of-the-art–to warn the Syrian military of the incoming assault. It wasn’t long before military and technology bloggers concluded that this was an incident of electronic warfare–and not just any kind.

    Post after post speculated that the commercial off-the-shelf microprocessors in the Syrian radar might have been purposely fabricated with a hidden ”backdoor” inside. By sending a preprogrammed code to those chips, an unknown antagonist had disrupted the chips’ function and temporarily blocked the radar.

    That same basic scenario is cropping up more frequently lately, and not just in the Middle East, where conspiracy theories abound. According to a U.S. defense contractor who spoke on condition of anonymity, a ”European chip maker” recently built into its microprocessors a kill switch that could be accessed remotely. French defense contractors have used the chips in military equipment, the contractor told IEEE Spectrum. If in the future the equipment fell into hostile hands, ”the French wanted a way to disable that circuit,” he said. Spectrum could not confirm this account independently, but spirited discussion about it among researchers and another defense contractor last summer at a military research conference reveals a lot about the fever dreams plaguing the U.S. Department of Defense (DOD).

    Feeding those dreams is the Pentagon’s realization that it no longer controls who manufactures the components that go into its increasingly complex systems. A single plane like the DOD’s next generation F-35 Joint Strike Fighter, can contain an ”insane number” of chips, says one semiconductor expert familiar with that aircraft’s design. Estimates from other sources put the total at several hundred to more than a thousand. And tracing a part back to its source is not always straightforward. The dwindling of domestic chip and electronics manufacturing in the United States, combined with the phenomenal growth of suppliers in countries like China, has only deepened the U.S. military’s concern.

    Recognizing this enormous vulnerability, the DOD recently launched its most ambitious program yet to verify the integrity of the electronics that will underpin future additions to its arsenal. In December, the Defense Advanced Research Projects Agency (DARPA), the Pentagon’s R&D wing, released details about a three-year initiative it calls the Trust in Integrated Circuits program. The findings from the program could give the military–and defense contractors who make sensitive microelectronics like the weapons systems for the F-35–a guaranteed method of determining whether their chips have been compromised. In January, the Trust program started its prequalifying rounds by sending to three contractors four identical versions of a chip that contained unspecified malicious circuitry. The teams have until the end of this month to ferret out as many of the devious insertions as they can.

    Vetting a chip with a hidden agenda can’t be all that tough, right? Wrong. Although commercial chip makers routinely and exhaustively test chips with hundreds of millions of logic gates, they can’t afford to inspect everything. So instead they focus on how well the chip performs specific functions. For a microprocessor destined for use in a cellphone, for instance, the chip maker will check to see whether all the phone’s various functions work. Any extraneous circuitry that doesn’t interfere with the chip’s normal functions won’t show up in these tests.

    ”You don’t check for the infinite possible things that are not specified,” says electrical engineering professor Ruby Lee, a cryptography expert at Princeton. ”You could check the obvious possibilities, but can you test for every unspecified function?”

    Semiconductor offshoring dates back to the 1960s, when U.S. chip makers began moving the labor-intensive assembly and testing stages to Singapore, Taiwan, and other countries with educated workforces and relatively inexpensive labor.

    Today only Intel and a few other companies still design and manufacture all their own chips in their own fabrication plants. Other chip designers–including LSI Corp. and most recently Sony–have gone ”fabless,” outsourcing their manufacturing to offshore facilities known as foundries. In doing so, they avoid the huge expense of building a state-of-the-art fab, which in 2007 cost as much as US $2 billion to $4 billion.

    In 2004, the Defense Department created the Trusted Foundries Program to try to ensure an unbroken supply of secure microchips for the government. DOD inspectors have now certified certain commercial chip plants, such as IBM’s Burlington, Vt., facility, as trusted foundries. These plants are then contracted to supply a set number of chips to the Pentagon each year. But Coleman argues that the program blesses a process, not a product. And, she says, the Defense Department’s assumption that onshore assembly is more secure than offshore reveals a blind spot. ”Why can’t people put something bad into the chips made right here?” she says.

    Three years ago, the prestigious Defense Science Board, which advises the DOD on science and technology developments, warned in a report that the continuing shift to overseas chip fabrication would expose the Pentagon’s most mission-critical integrated circuits to sabotage. The board was especially alarmed that no existing tests could detect such compromised chips, which led to the formation of the DARPA Trust in IC program.

    Where might such an attack originate? U.S. officials invariably mention China and Russia. Kenneth Flamm, a technology expert at the Pentagon during the Clinton administration who is now a professor at the University of Texas at Austin, wouldn’t get that specific but did offer some clues. Each year, secure government computer networks weather thousands of attacks over the Internet. ”Some of that probing has come from places where a lot of our electronics are being manufactured,” Flamm says. ”And if you’re a responsible defense person, you would be stupid not to look at some of the stuff they’re assembling, to see how else they might try to enter the network.”

    John Randall, a semiconductor expert at Zyvex Corp., in Richardson, Texas, elaborates that any malefactor who can penetrate government security can find out what chips are being ordered by the Defense Department and then target them for sabotage. ”If they can access the chip designs and add the modifications,” Randall says, ”then the chips could be manufactured correctly anywhere and still contain the unwanted circuitry.”

    A kill switch built to be triggered at will, as was allegedly incorporated into the European microprocessors, would be more difficult and expensive to pull off, but it’s also the more likely threat, says David Adler, a consulting professor of electrical engineering at Stanford, who was previously funded by DARPA to develop chip-testing hardware in an unrelated project.

    To create a controlled kill switch, you’d need to add extra logic to a microprocessor, which you could do either during manufacturing or during the chip’s design phase. A saboteur could substitute one of the masks used to imprint the pattern of wires and transistors onto the semiconductor wafer, Adler suggests, so that the pattern for just one microchip is different from the rest. ”You’re printing pictures from a negative,” he says. ”If you change the mask, you can add extra transistors.”

    Or the extra circuits could be added to the design itself. Chip circuitry these days tends to be created in software modules, which can come from anywhere, notes Dean Collins, deputy director of DARPA’s Microsystems Technology Office and program manager for the Trust in IC initiative. Programmers ”browse many sources on the Internet for a component,” he says. ”They’ll find a good one made by somebody in Romania, and they’ll put that in their design.” Up to two dozen different software tools may be used to design the chip, and the origin of that software is not always clear, he adds. ”That creates two dozen entry points for malicious code.”

    Collins notes that many defense contractors rely heavily on field-programmable gate arrays (FPGAs)–a kind of generic chip that can be customized through software. While a ready-made FPGA can be bought for $500, an application-specific IC, or ASIC, can cost anywhere from $4 million to $50 million. ”If you make a mistake on an FPGA, hey, you just reprogram it,” says Collins. ”That’s the good news. The bad news is that if you put the FPGA in a military system, someone else can reprogram it.”

    Almost all FPGAs are now made at foundries outside the United States, about 80 percent of them in Taiwan. Defense contractors have no good way of guaranteeing that these economical chips haven’t been tampered with. Building a kill switch into an FPGA could mean embedding as few as 1000 transistors within its many hundreds of millions. ”You could do a lot of very interesting things with those extra transistors,” Collins says.

    A kill switch or backdoor built into an encryption chip could have even more disastrous consequences. Today encoding and decoding classified messages is done completely by integrated circuit–no more Enigma machine with its levers and wheels. Most advanced encryption schemes rely on the difficulty that computers have in factoring numbers containing hundreds of digits; discovering a 512-bit type of encryption would take some machines up to 149 million years. Encryption that uses the same code or key to encrypt and decrypt information–as is often true–could easily be compromised by a kill switch or a backdoor. No matter what precautions are taken at the programming level to safeguard that key, one extra block of transistors could undo any amount of cryptography, says John East, CEO of Actel Corp., in Mountain View, Calif., which supplies military FPGAs.

    Meanwhile, other countries appear to be awakening to the chip threat. At a January hearing, a U.S. House Committee on Foreign Affairs addressed Pakistan’s ongoing refusal to let the United States help it secure its nuclear arsenal with American technology. Pakistan remains reluctant to allow such intervention, citing fears that the United States would use the opportunity to cripple its weapons with–what else?–a kill switch.

    This is a hot issue now so it will be interesting to see how the global semiconductor industry changes in coming years. The global trade in weapons or other products that could be considered to have national security implications is rather massive. Something like a modern computer can be constructed from components designed and built in different nations all over the world so if there’s a breakdown in transnational trust (where a nation can only trust domestic manufacturers for high-tech national security-related products) we might end up seeing a strange breakdown in global high-tech supply chains. For instance, if governments suddenly decided that foreign TPM chips manufacturers coudn’t be trusted with any machines runnging Windows 8, the already ailing Germany microchip sector might take an even bigger hit to global demand:

    Don’t let paranoia over the NSA and TPM weaken your security

    Summary: Conspiracy theorists are screaming that the NSA and Microsoft are in cahoots to insert a backdoor into all your hardware. The conspiracy is so vast, in fact, that they’ve even managed to snag Microsoft’s most bitter rival.
    By Ed Bott for The Ed Bott Report | August 23, 2013 — 13:03 GMT (06:03 PDT)

    The unintended by-product of Edward Snowden’s NSA document dump is a bull market in paranoid conspiracy theories.

    The latest example is the breathless report out of Germany that Microsoft and the NSA have conspired to give American spies access to every copy of Windows 8, enforced by a mysterious chip called the Trusted Platform Module, or TPM. “It’s a backdoor!” scream the conspiracy theorists.

    Apparently, Microsoft is so powerful that it is able to influence even its most bitter enemies. Consider this graphic, from a whitepaper commissioned by the Trusted Computing Group, which manages the TPM standard. It explains how the TPM chip uses cryptographic keys to verify that an operating system hasn’t been tampered with:
    [See pic]

    Notice anything off about that graphic? Yeah, that’s a Chromebook logo. If you buy a Chromebook, powered by Google’s operating system without a hint of Windows 8 anywhere in it, it will be protected by a Verified Boot process, enforced by the same TPM chip used in Windows devices.

    Here’s Google’s explanation:

    The goal of Verified Boot is to provide cryptographic assurances that the system code hasn’t been modified by an attacker on the Chromebook. Additionally, we use lockable, non-volatile memory (NVRAM) in the TPM to ensure that outdated signatures won’t be accepted. To put this into perspective, the system does all this in about 8 seconds.

    If you don’t want to boot Google-verified software — let’s say you built your own version of Chromium OS — no problem. You can flip the developer switch on your device and use the Chromebook however you’d like. It’s yours, after all!

    You can do the same thing on a Windows device by disabling the Secure Boot option. That option is on by default, to prevent rootkits from being able to compromise a machine. But if you have physical access to the machine, you can go into its settings and disable that option, at which point you are free to do whatever you like.

    The point is, a TPM is a platform-neutral device. It provides a secure way to encrypt data so that it can’t be accessed by anyone except you, and it protects your device from being tampered with. Both of those features are highly desirable these days.

    But who knows what’s going on in that chip? I mean, they say it’s just a secure place to store encrypted keys, but who knows what else it can do? Obviously the American government or maybe the Chinese have intimidated the chip’s manufacturer, right?

    Uh, maybe not. The most popular maker of TPM technology is Infineon Technologies AG, which is based in … Neubiberg, Germany. Perhaps those intrepid German journalists could, you know, hop on a train and head down to Infineon to see for themselves.

    If the challenges of trustworthy technology in the age of the internet seem overwhelming just wait until the biometric revolution.

    Posted by Pterrafractyl | August 25, 2013, 6:31 pm

Post a comment