Senate Intelligence Committee Passes Bill That Codifies, Expands NSA Powers

Senate Intelligence Committee Passes Bill That Codifies, Expands NSA Powers
By Matt Sledge
Oct 31 2013
<http://www.huffingtonpost.com/2013/10/31/senate-bill-nsa_n_4183183.html>

Just days after expressing outrage over reports of widespread surveillance of foreign leaders by the National Security Agency, Sen. Dianne Feinstein (D-Calif.) pushed through the Senate Intelligence Committee on an 11-4 vote a bill that enshrines the bulk collection of Americans’ phone call records into law, and expands the agency’s authority to track foreign nationals who enter the United States.

The bill, passed on Thursday, is meant to respond to the revelations of leaker Edward Snowden. But critics immediately charged that it does little more than offer a fig leaf for the NSA’s controversial surveillance operations.

“The NSA call-records program is legal and subject to extensive congressional and judicial oversight, and I believe it contributes to our national security,” Feinstein said in a statement. “This committee has conducted considerable oversight of FISA programs, both before and after recent leaks, and I believe the reforms in this bill are prudent, responsible and meaningful.”

But Sen. Mark Udall, a frequent critic of the NSA, said in a statement that the bill fell far short of “real reform.”

Feinstein’s bill effectively transforms into law the NSA’s internal policies for the bulk collection of data on who Americans call, when, and for how long. The bill would codify already-existing limits on the use of that database, and expand reporting requirements.

The bill does add some new checks on the NSA’s powers: It would expand criminal penalties for the misuse of intelligence capabilities. The Foreign Intelligence Surveillance Court, which oversees many of the NSA’s programs, would also be empowered to appoint a friend-of-the-court lawyer to weigh in when a case presented a “a novel or significant interpretation of the law.”

One provision of the bill expands the agency’s power, allowing it to continue target the cellphones of “roamers,” or foreigners who enter the United States, for up to 72 hours. Such surveillance technically requires a warrant, but an internal audit leaked by Snowden found the agency often disregarded this requirement.

On Monday Feinstein said in a statement that she was “totally opposed” to the reported spying on the leaders of American allies. The collection of Americans’ phone call “metadata,” however, she has defended as an important tool in preventing terrorism.

In his statement, Udall disagreed.

[snip]

Advertisements

Wheeler FCC Ready To Roll on Monday

Wheeler FCC Ready To Roll on Monday
By Doug Halonen
TVNewsCheck
Oct 31 2013

Former cable and wireless phone lobbyist Tom Wheeler plans to step in officially as the FCC’s new chairman next Monday (Nov. 4), moving quickly to take command of the agency in the wake of his Senate confirmation, an FCC official said Wednesday.

The FCC source also said Wheeler and Acting Chairwoman Mignon Clyburn spoke last night to discuss how best to orchestrate the changing of  the guard. “They both talked about the importance of a smooth transition,” the source said.

<http://www.tvnewscheck.com/article/71618/wheeler-fcc-ready-to-roll-on-monday>

IETF sets out to PRISM-proof the Net

[Note:  This item comes from Dave Farber’s IP List.  DLH]

From: Richard Forno <rforno@infowarrior.org>
Subject: IETF sets out to PRISM-proof the Net
Date: October 31, 2013 at 8:48:34 AM EDT
To: Infowarrior List <infowarrior@attrition.org>
Cc: Dave Farber <dave@farber.net>

In response to NSA revelations, the internet’s engineers set out to PRISM-proof the net

Published on : 26 October 2013 – 12:25pm | By Julie Blussé (CC)

<http://www.rnw.nl/english/article/response-nsa-revelations-internet%E2%80%99s-engineers-set-out-prism-proof-net>

Greatly disturbed by the recent revelations of mass internet surveillance, the Internet Engineering Task Force (IETF) have announced plans to ramp up online security. You may never have heard of them, but the IETF are the creators and engineers of the internet’s architecture. Is there a technical solution to the problem of mass surveillance?

For the IETF, Edward Snowden’s revelations were “a wake-up call,” said Jari Arkko, the task force’s chair. Arkko spoke at this week’s UN-initiated Internet Governance Forum in Bali, Indonesia. Surprised by the scale and tactics of surveillance, Arkko stated the engineers are “looking at technical changes that will raise the bar for monitoring.”

“Perhaps the notion that internet is by default insecure needs to change,” he said. The IETF’s will is there, and Arkko believes significant technical fixes  “just might be possible.”

Technical, not political

The engineers of the IETF keep a low profile, but they have been crucial to creating and setting the standards on which the internet was built, ever since its birth in 1969. They have developed email, instant messaging, and many protocols that hide behind acronyms that sound familiar yet mysterious to most Internet users, like HTTP and TCP/IP.

As the internet evolved from an academic project into a global network, the role governments and companies played in how it functions grew dramatically. But the IETF maintained its well-respected role, thanks in part to its fervently apolitical stance and focus on technical issues.

That focus remains in the current plans to make the internet more resistant to mass surveillance, Arkko emphasised in an interview with RNW: “This is a technical, not a political decision.” 

In his speech, Arkko chose his words carefully as he addressed an audience comprising representatives from governments that perpetrate the same mass-surveillance he hopes to curtail.

“I do not think we should react to specific cases,” Arkko stated during the forum’s opening sessions. “But our commerce, business and personal communications are all depending on the internet technology being secure and trusted.”

More, new and better security

Ideas about how the internet might be secured against mass surveillance are currently discussed over the IETF’s publicly accessible mailing lists, to which anyone can subscribe and contribute. While nothing is set in stone yet, Arkko sketched out a few of the IETF’s ideas in his public address.

Firstly, the IETF wants to eventually apply encryption to all web traffic.

“Today, security only gets switched on for certain services like banking,” Arkko explained, referring to IETF-developed standards like SSL – the little lock that appears in the upper left corner of your browser to secure online purchases. “If we work hard, we can make [the entire internet] secure by default.” To this end, the IETF might make encryption mandatory for HTTP 2.0, a new version of the basic web protocol.

Secondly, the IETF plans to remove weak algorithms and strengthen existing algorithms behind encryption. This means that the US National Security Agency and other surveillors will find it harder to crack current forms of encryption.

In other words: the IETF proposes putting locks in more places and making existing locks harder to pick. If the protocols are applied, intercepting the traffic between any two points on the internet— the sender and receiver of an email, the visitor and owner of a website, the buyer and seller of a product—will be close to impossible.

Starting November 3, the IETF will hold a week of meetings in Vancouver, Canada to concretise the online security plans in person.

Raising the bar for surveillance

The IETF is confident that their plans will make a difference, but what do other experts on the internet’s technical infrastructure think?

Axl Pavlik, managing director of the Europe’s Internet Registry (RIPE NCC), is guardedly optimistic. 

“It wouldn’t stop the problem, but it would make the effort [of surveillance] more expensive.”

Pavlik likens the plans to a successful countermove in an indefinite arms race between internet users and snoopers.

“You and I have limited resources, and the surveillor has limited resources –maybe more than we have – but if millions of users of the internet raise the bar a little bit, the requirements to surveil every little bit of internet traffic would be much higher,” he explained to RNW.

The IETF’s plans also benefit people who are already encrypting their online activities themselves, argued Marco Hogewoning, technical adviser to RIPE NCC. According to him, these people currently stick out like a sore thumb to the very surveillors they hope to evade.

“If you see an armoured car now on the street, you know there must be something valuable inside,” Hogewoning explained. “If everybody drives around in an armoured car, I can go around and put a lot of effort into breaking into each and every car, and hope I get lucky and find something valuable inside, but it might be empty. If everybody encrypts everything, all you can see is armoured cars.”

Take it or leave it

Yet while the IETF can propose standards and protocols, it has no power to enforce their adoption. The onus to adopt the standards lies with the software developers who make browsers and web servers, as well as website owners, and everyday internet users who need to heed browser updates.

“It’s a great initiative,” said Gillo Cutrupi, a digital security trainer at Tactical Tech. “But it if it’s not adopted, it’s just a piece of paper.”

A standard like HTTPS, for instance, can already be applied by every website to improve security. Cutrupi explains that many websites unfortunately still make use of unsafe options.

Such options might be popular because they are easier to use. Some websites don’t care for security, and ignore the standard; Yahoo Mail will only make HTTPS encryption the default setting starting January 2014.

Yet Arkko, the IETF chair, doesn’t see universal adoption as a big hurdle. “I have no worry about that,” he said. “Our standards are very widely applied.”

He stressed that in addition to increased security, newer standards offer multiple advantages.

“HTTP 2.0 has many other improvements.” In one example, he pointed out that “for the users, websites would load faster.”

These improvements would no doubt serve as an incentive for websites to implement the new protocol.

The end point of trust

Yet one major caveat remains. While the IETF might be able to secure the pipes through which users’ data travel, users must also be able to trust the parties where their data is stored: software, hardware and services such as Cisco, Gmail and Facebook. These parties can hand over user data directly to government agencies.

Arkko stressed the limitations of what the internet’s engineers can do. “We are trying to do as much as we can,” he explained, “which will help situations where there’s someone in the network monitoring you. It will not help situations where someone has direct access to your email provider.”

Axl Pavlik identifies the problem of trust at another level altogether

“In the end, it’s down to public policy, governments, secret services. And maybe the secret court orders to release a key [which] we will never know about. That shatters the trust of the internet as we know it. That’s the very bad situation that we need to get out of.”

Nobody really turned them off, anyway …

[Note:  This item comes from reader Randall Head.  DLH]

From: Randall Webmail <rvh40@insightbb.com>
Subject: Nobody really turned them off, anyway …
Date: October 31, 2013 at 7:38:49 AM PDT
To: Dewayne Hendricks <dewayne@warpspeed.com>, dave@farber.net

WASHINGTON (Reuters) – The U.S. Federal Aviation Administration (FAA) said on Thursday it will allow airlines to expand the use of portable electronic devices in flight.
The agency said it is immediately providing airlines with guidance for implementation, the time frame for which is expected to vary among carriers.
“Passengers will eventually be able to read e-books, play games, and watch videos on their devices during all phases of flight, with very limited exceptions,” the FAA said.
The move would still prevent use of mobile phones for voice communications on flight. That issue is under the jurisdiction of the Federal Communications Commission.
(Reporting by Ros Krasny and Karen Jacobs; Editing by Gerald E. McCormick)

<http://news.yahoo.com/u-allow-expanded-electronic-device-flights-141041980–sector.html>

F.D.A. Finds 12% of U.S. Spice Imports Contaminated

F.D.A. Finds 12% of U.S. Spice Imports Contaminated
By GARDINER HARRIS
Oct 30 2013
<http://www.nytimes.com/2013/10/31/health/12-percent-of-us-spice-imports-contaminated-fda-finds.html>

NEW DELHI — About 12 percent of spices brought to the United States are contaminated with insect parts, whole insects, rodent hairs and other things, according to an analysis of spice imports by federal food authorities.

The finding released on Wednesday by the Food and Drug Administration is part of a comprehensive look at the safety of spice imports that has been years in the making. The federal authorities also found that nearly 7 percent of spice imports examined by federal inspectors were contaminated with salmonella, a toxic bacteria that can cause severe illness in humans.

The shares of imported spices contaminated with insect parts and salmonella were twice those found in other types of imported food, federal food officials said.

The agency’s findings “are a wake-up call” to spice producers, said Jane M. Van Doren, a food and spice official at the F.D.A. “It means: ‘Hey, you haven’t solved the problems.’ ”

The agency called spice contamination “a systemic challenge” and said most of the insects found in spices were the kinds that thrive in warehouses and other storage facilities, suggesting that the industry’s problems result not from poor harvesting practices but poor storage and processing.

John Hallagan, a spokesman for the American Spice Trade Association, said Wednesday that he had not seen the report, so he could not comment on it. But spice manufacturers have argued in the past that food manufacturers often treat imported spices before marketing them, so F.D.A. findings of contamination levels in its import screening program do not mean that spices sold to consumers are dangerous.

F.D.A. inspectors have found that some spices that claim to have been treated are contaminated nonetheless. And the high levels of filth from insects and rodents is a problem that is not easily resolved because, unlike with salmonella contamination, simply cooking or heating the spices will not rid the products of the problem. Insects can also be a source of salmonella contamination.

What share of the nearly 1.2 million annual salmonella illnesses in the United States result from contaminated spices is unclear, officials said. Fewer than 2,000 people had their illnesses definitively tied to contaminated spices from 1973 to 2010, and most people eat spices in small quantities. But people often fail to remember eating spices when asked what foods might have sickened them, so problems related to spices could be seriously underreported, officials said.

Recent legislation in the United States grants the F.D.A. the power to refuse entry of foods that the agency even suspects might be contaminated — strong leverage to demand changes in harvesting, handling and manufacturing practices in foreign countries.

[snip]

Man buys $27 of bitcoin, forgets about them, finds they’re now worth $886k

Man buys $27 of bitcoin, forgets about them, finds they’re now worth $886k
Bought in 2009, currency’s rise in value saw small investment turn into enough to buy an apartment in a wealthy area of Oslo
By Samuel Gibbs
Oct 29 2013
<http://www.theguardian.com/technology/2013/oct/29/bitcoin-forgotten-currency-norway-oslo-home>

The meteoric rise in bitcoin has meant that within the space of four years, one Norwegian man’s $27 investment turned into a forgotten $886,000 windfall.

Kristoffer Koch invested 150 kroner ($26.60) in 5,000 bitcoins in 2009, after discovering them during the course of writing a thesis on encryption. He promptly forgot about them until widespread media coverage of the anonymous, decentralised, peer-to-peer digital currency in April 2013 jogged his memory.

Bitcoins are stored in encrypted wallets secured with a private key, something Koch had forgotten. After eventually working out what the password could be, Koch got a pleasant surprise: 

“It said I had 5,000 bitcoins in there. Measuring that in today’s rates it’s about NOK5m ($886,000),” Koch told NRK.

Silk Road fluctuations

In April 2013, the value of bitcoin peaked at $266 before crashing to a low of $50 soon after. Since then, bitcoin has seen large fluctuations in its value, most recently following the seizure of online drugs marketplace Silk Road, plummeting before jumping $30 in one day to a high of $197 in October.

Koch exchanged one fifth of his 5,000 bitcoins, generating enough kroner to buy an apartment in Toyen, one of the Norwegian capital’s wealthier areas.

Two ways to acquire bitcoins

Typically bitcoins are bought using traditional currency from a bitcoin “exchanger”, although due to strict anti-money laundering controls, the process can can be tricky. A user can then withdraw those bitcoins by sending them back to an exchanger like Mt Gox, the best known bitcoin exchange, in return for cash.

However, bitcoin is gaining more and more traction within the physical world too. It is now possible to actually spend bitcoins without exchanging them for traditional currency first in a few British pubs, including the Pembury Tavern in Hackney, London, for instance. On 29 October, theworld’s first bitcoin ATM also went online in Vancouver, Canada, which scans a user’s palm before letting them buy or sell bitcoins for cash. 

[snip]

Google’s worst-kept secret: floating data centers off US coasts

Google’s worst-kept secret: floating data centers off US coasts
Tech giant has stayed silent on the structures, though experts say barges likely data centers for which Google has a patent
By Rory Carroll in Los Angeles
Oct 30 2013
<http://www.theguardian.com/technology/2013/oct/30/google-secret-floating-data-centers-california-maine>

They sit on barges, sprout electronic gizmos, tower several storeys high and are fast becoming Google’s worst-kept secret.

The internet giant appears to be constructing floating data centres off the coasts of California and Maine behind layers of elaborate security.

Google has said nothing but the hulking structures, built out of shipping containers and shielded by scaffolding, stirred intense sleuthing and speculation on Wednesday.

Contractors working on the structures in the San Francisco bay and Portland harbour are subject to omerta, and US government officials familiar with the projects have signed confidentiality agreements.

Technology and security experts said they were probably floating data centres – for which Google was granted a patent in 2009. The Mountain View-based company is known for Kremlin-type secrecy during product development,

On barges the facilities would have access to abundant water, a requirement to cool large numbers of servers, Joel Egan, the principal at Cargotecture, which designs custom cargo container buildings, told CNET, whose investigation triggered this week’s media scrutiny.

“The cutouts in the long walls of the containers, when they line up, they make hallways,” said Egan. “You could put all sorts of mainframes into the containers … It doesn’t have enough windows for an office building.”

The San Francisco TV station KPIX suggested the purpose was to be a floating retail store for Google’s “Glass” wearable computer device, but few bought that theory.

The barges are 250 feet long, 72 feet wide, 16 feet deep and sport tall white spires that could be masts, flagpoles or antennas. They were built in 2011 in Belle Chasse, Louisiana, by C & C Marine and Repair, and are reportedly owned by By and Large LCC, a company with apparent ties to Google.

They recently appeared off Treasure Island, a former military base in San Francisco bay, and Portland harbour. Chain-link fences and security guards block access.

At least one Coast Guard employee was obliged to sign a non-disclosure agreement with Google, Barry Bena, a US coast guard spokesman, told Reuters.

Another person who would only identify himself as an inspector for a California government agency had to do the same because he was present during early construction work on Treasure Island’s hangar-like Building 3. He also had to surrender his mobile phone.

Bob Jessup, a construction company superintendent who works nearby, said Google spent the past year working on the project, fencing off a wide area and employing at least 40 welders a day, who worked around the clock without saying a word.

[snip]