With the latest WikiLeaks revelations about the CIA – is privacy really dead? | The Guardian

ComeyBy Olivia Solon

Comey, has said that Americans should not have expectations of “absolute privacy”.

“There is no such thing as absolute privacy in America: there is no place outside of judicial reach,” Comey said at a Boston College conference on cybersecurity. The remark came as he was discussing the rise of encryption since Edward Snowden’s 2013 revelations of the NSA’s mass surveillance tools, used on citizens around the world.

Both the Snowden revelations and the CIA leak highlight the variety of creative techniques intelligence agencies can use to spy on individuals, at a time when many of us are voluntarily giving up our personal data to private companies and installing so-called “smart” devices with microphones (smart TVs, Amazon Echo) in our homes.

So, where does this leave us? Is privacy really dead, as Silicon Valley luminaries such as Mark Zuckerberg have previously declared?

Not according to the Electronic Frontier Foundation’s executive director, Cindy Cohn.

“The freedom to have a private conversation – free from the worry that a hostile government, a rogue government agent or a competitor or a criminal are listening – is central to a free society,” she said.

While not as strict as privacy laws in Europe, the fourth amendment to the US constitution does guarantee the right to be free from unreasonable searches and seizures.

That doesn’t mean citizens have “absolute privacy”.

“I don’t think there’s been absolute privacy in the history of mankind,” said Albert Gidari, director of privacy at the Stanford Center for Internet and Society. “You walk out in public and it’s no longer private. You shout from one window to another and someone will hear you in conversation.”

“At the same time things are more intrusive, persistent, searchable, they never die. So our conception of what is or isn’t risk from a privacy perspective does change and evolve over time.”

The law hasn’t kept pace with digital technologies. For example, there is a legal theory called the “third-party doctrine” that holds that people who give up their information to third parties like banks, phone companies, social networks and ISPs have “no reasonable expectation of privacy”. This has allowed the US government to obtain information without legal warrants.

Unlike the NSA techniques revealed by Snowden, the CIA appears to favour a more targeted approach: less dragnet, more spearfishing.

The WikiLeaks files show that the CIA has assembled a formidable arsenal of cyberweapons designed to target individuals’ devices such as mobile phones, laptops and TVs by targeting the operating systems such as Android, iOS and Windows with malware.

It’s encouraging to note that the government has yet to crack the encryption of secure messaging apps such as WhatsApp, Signal and Confide. However, it does not need to if it can instal malware on people’s devices that can collect audio and message traffic before encryption is applied.

Gidari isn’t that surprised. “It confirms what everyone saw in last week’s episode of 24. People expect these tools to exist,” he said, adding that people were more surprised that the FBI was initially incapable of breaking into the San Bernardino killer’s iPhone.

“People expect the government to have these magic tools,” he said.

American citizens should not be lulled into a false sense of security that the CIA only targets foreign nationals. The “Vault 7” documents show a broad exchange of tools and information between the CIA, the National Security Agency, and other US federal agencies, as well as intelligence services of close allies Australia, Canada, New Zealand and the United Kingdom.

“We can’t spy on our own citizens but we can spy on anyone else’s,” explained Neil Richards, a law professor from Washington University. “If agencies are friends with each other, they have everybody else do their work for them and they just share the data.”

“Dividing the world into American citizens and non-American citizens is a false dichotomy,” Gidari added. “We don’t have a monopoly on spy tools.”

This leaves us with a terrifying new prospect: government spies essentially deploying viruses and trojans against their own citizens.

The onus is now on the companies that make the devices to plug any holes in their operating systems – something they do regularly through bug bounty programs, where security researchers disclose vulnerabilities in return for rewards.

It’s clear from the CIA files that the US government has flouted this custom in order to stockpile “zero days” – undisclosed exploits – for its own advantage. This is a practice the US government has previously publicly denied.

“If companies aren’t aware that a vulnerability exists they can’t patch it. If it exists it can be exploited by any malicious actor – whether that’s a hacker, foreign state or criminal enterprise,” said Neema Singh Guliani, legislative counsel with the American Civil Liberties Union.

“I have a big problem with the government leaving us vulnerable to the same tools in hand so other nation states and hackers could exploit them,” Gidari said. “That isn’t protecting American citizens.”

Gidari’s view echoes Apple’s stance when the FBI demanded the company build a backdoor to the iPhone so they could access data on the San Bernardino killer’s phone.

“Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk,” the company said at the time. The iPhone maker was more muted in its response to the Vault 7 dump, vowing to “rapidly address” any security holes.

“There is nearly universal consensus from technologists that it’s impossible to build weaknesses or access mechanisms into technology that can only be used by the good guys and not the bad,” Cohn said.

This week’s revelations are sure to increase the strain on relations between Silicon Valley and the US government. While some of the older telephony companies such as AT&T and Verizon, which rely heavily on government contracts, have a history of compliance with government requests, tech giants Google, Facebook, Microsoft and Apple have proved to be less compliant.

It’s not possible to meaningfully participate in modern life without relationships with some or all of these technology companies processing our data, Richards added. So it’s important to know where their loyalties lie – to their customers or to government.

Since Snowden’s revelations of mass surveillance, companies such as Apple, Google and Microsoft have been working hard to rebuild trust with consumers through strengthening security, fighting government data requests and releasing transparency reports highlighting when and how many requests are made.

“It’s a very encouraging development if we care about civil liberties and the right to privacy, but at the same time it’s unsatisfying if the discretion of a company is the only real protection for our data,” Richards said.

“We need to build the digital society we want rather than the one handed to us by default,” he added.

This will require a complete overhaul of the laws relating to when the government can collect location and content information, something civil liberty campaigners have been pushing for.

“These decisions need to be made by the public, not by law enforcement or tech executives sitting in private,” Richards said.

Source:  The Guardian

Snowden (Film Review) | The Guardian

Review By Wendy Ide

For a director who customarily tackles subjects with the approach of a gorilla playing American football, Oliver Stone’s take on whistleblower Edward Snowden seems curiously muted. Audiences who are already familiar with Citizenfour, Laura Poitras’s exemplary documentary on the same subject, will be struck by the fact that, in dramatising Snowden’s story, Stone seems to have leached out much of the drama. The aim was clearly to create an All the President’s Men for the age of cyber-surveillance. But somehow the sense of peril is downplayed, diluted by too much inert exposition and pacing that could be tighter.

Playing Edward Snowden, Joseph Gordon-Levitt is one of the film’s main assets. His character’s ferocious intelligence is signposted with cheap details – he is forever fiddling with a Rubik’s cube and has a nerd’s enthusiasm for arcane enciphering equipment. But Snowden’s intellect is most effectively conveyed in Gordon-Levitt’s eyes – watchful, sober and clouded by doubt, they are a window into his impossible ethical quandary.

Melissa Leo is somewhat underused as Poitras. And playing Guardian reporter Glenn Greenwald, Zachary Quinto is tonally jarring. It feels as though Stone realised that some of the scenes were flagging, so got Quinto to shout angrily at random moments, to keep the audience on their toes.

There are some fun elements, many involving Rhys Ifans’s ruthlessly unprincipled CIA trainer Corbin O’Brian (the fact the character shares a surname with the villain of Orwell’s Nineteen Eighty-Four is no accident). I particularly enjoyed a scene in which O’Brian’s massive glowering face is beamed into a conference room to berate Snowden. His carnivorous snarl fills the immense screen; he looks like a malevolent version of the Wizard of Oz. There’s a playful visual flair to this moment that is sadly lacking elsewhere in the film.

Source: The Guardian

State of Surveillance with Edward Snowden | VICE News

When NSA whistleblower Edward Snowden leaked details of massive government surveillance programs in 2013, he ignited a raging debate over digital privacy and security. That debate came to a head this year, when Apple refused an FBI court order to access the iPhone of alleged San Bernardino Terrorist Syed Farook. Meanwhile, journalists and activists are under increasing attack from foreign agents. To find out the government’s real capabilities, and whether any of us can truly protect our sensitive information, VICE founder Shane Smith heads to Moscow to meet the man who started the conversation, Edward Snowden.

Source: VICE News