Science

What to do about lawless government hacking and the weakening of digital security

In our society, the rule of law sets limits on what government can and cannot do, no matter how important its goals. To give a simple example, even when chasing a fleeing murder suspect, the police have a duty not to endanger bystanders. The government should pay the same care to our safety in pursuing threats online, but right now we don’t have clear, enforceable rules for government activities like hacking and “digital sabotage.” And this is no abstract question—these actions increasingly endanger everyone’s security.

The problem became especially clear this year during the San Bernardino case, involving the FBI’s demand that Apple rewrite its iOS operating system to defeat security features on a locked iPhone. Ultimately the FBI exploited an existing vulnerability in iOS and accessed the contents of the phone with the help of an “outside party.” Then, with no public process or discussion of the tradeoffs involved, the government refused to tell Apple about the flaw. Despite the obvious fact that the security of the computers and networks we all use is both collective and interwoven—other iPhones used by millions of innocent people presumably have the same vulnerability—the government chose to withhold information Apple could have used to improve the security of its phones.

Other examples include intelligence activities like Stuxnet and Bullrun, and law enforcement investigations like the FBI’s mass use of malware against Tor users engaged in criminal behavior. These activities are often disproportionate to stopping legitimate threats, resulting in unpatched software for millions of innocent users, overbroad surveillance, and other collateral effects. 

That’s why we’re working on a positive agenda to confront governmental threats to digital security. Put more directly, we’re calling on lawyers, advocates, technologists, and the public to demand a public discussion of whether, when, and how governments can be empowered to break into our computers, phones, and other devices; sabotage and subvert basic security protocols; and stockpile and exploit software flaws and vulnerabilities.  

Smart people in academia and elsewhere have been thinking and writing about these issues for years. But it’s time to take the next step and make clear, public rules that carry the force of law to ensure that the government weighs the tradeoffs and reaches the right decisions.

This long post outlines some of the things that can be done. It frames the issue, then describes some of the key areas where EFF is already pursuing this agenda—in particular formalizing the rules for disclosing vulnerabilities and setting out narrow limits for the use of government malware. Finally it lays out where we think the debate should go from here.

Recognizing That Government Intrusion and Subversion of Digital Security Is a Single Issue

The first step is to understand a wide range of government activities as part of one larger threat to security. We see the U.S. government attempt to justify and compartmentalize its efforts with terms like “lawful hacking” and “computer network attack.” It is easy for the government to argue that the FBI’s attempts to subvert the security of Apple iOS in the San Bernardino case are entirely unrelated to theNSA’s apparent sabotage of the Dual_EC_DRBG algorithm. Likewise, the intelligence community’s development of the Stuxnet worm to target the Iranian nuclear program was governed by a set of rules entirely separate from the FBI’s use of malware to target criminals using Tor hidden services.

These activities are carried out by different agencies with different missions. But viewing them as separate—or allowing government to present it that way—misses the forest for the trees. When a government takes a step to create, acquire, stockpile or exploit weaknesses in digital security, it risks making us all less safe by failing to bolster that security.

Each of these techniques should involve consideration of the tradeoffs involved, and none of them should be viewed as risk-free to the public. They require oversight and clear rules for usage, including consideration of the safety of innocent users of affected technologies.

There is hope, albeit indirectly. In the United States, high-ranking government officials have acknowledged that “cyber threats” are the highest priority, and that we should be strengthening our digital security rather weakening it to facilitate government access. In some cases, this is apparently reflected in government policy. For instance, in explaining the government’s policy on software vulnerabilities, the cybersecurity coordinator for the White House and the Office of the Director of National Intelligence have both stated in blog posts that the there is a “strong presumption” in favor of disclosing these vulnerabilities to the public so they can be fixed.

But the government shouldn’t engage in “policy by blog post.” Government action that actively sabotages or even collaterally undermines digital security is too important to be left open to executive whim.

Finding Models for Transparency and Limits on When Government Can Harm Digital Security

While government hacking and other activities that have security implications for the rest of us are not new, they are usually secret. We should demand more transparency and real, enforceable rules.

Fortunately, this isn’t the first time that new techniques have required balancing public safety along with other values. Traditional surveillance law gives us models to draw from. The Supreme Court’s 1967 decision in Berger v. New York is a landmark recognition that electronic wiretapping presents a significant danger to civil liberties. The Court held that because wiretapping is both invasive and surreptitious, the Fourth Amendment required “precise and discriminate” limits on its use.

Congress added considerable structure to the Berger Court’s pronouncements with the Wiretap Act, first passed as Title III of the Omnibus Crime Control and Safe Streets Act of 1968. First, Title III places a high bar for applications to engage in wiretapping, so that it is more of an exception than a rule, to be used only in serious cases. Second, it imposes strict limits on using the fruits of surveillance, and third, it requires that the public be informed on a yearly basis about the number and type of government wiretaps.

Other statutes concerned with classified information also find ways of informing the public while maintaining basic secrecy. For example, the USA Freedom Act, passed in 2015 to reform the intelligence community, requires that significant decisions of the FISA Court either be published in redacted form or be summarized in enough detail to be understood by the public.

These principles provide a roadmap that can be used to prevent government from unnecessarily undermining our digital security. Here are a few areas where EFF is working to craft these new rules:

Item 1: Rules for When Government Stockpiles Vulnerabilities

It’s no secret that governments look for vulnerabilities in computers and software that they can exploit for a range of intelligence and surveillance purposes. The Stuxnet worm, which was notable for causing physical or “kinetic” damage to its targets, relied on several previously unknown vulnerabilities, or “zero days,” in Windows. Similarly, the FBI relied on a third party’s knowledge of a vulnerability in iOS to access the contents of the iPhone in the San Bernardino case.

News reports suggest that many governments—including the U.S.—collect these vulnerabilities for future use. The problem is that if a vulnerability has been discovered, it is likely that other actors will also find out about it, meaning the same vulnerability may be exploited by malicious third parties, ranging from nation-state adversaries to simple thieves. This is only exacerbated by the practice of selling vulnerabilities to multiple buyers, sometimes even multiple agencies within a single government.

Thanks to a FOIA suit by EFF, we have seen the U.S. government’s internal policy on how to decide whether to retain or disclose a zero day, the Vulnerabilities Equities Process (VEP). Unfortunately, the VEP is not a model of clarity, setting out a bureaucratic process without any substantive guidelines in favor of disclosure, More concerning, we’ve seen no evidence of how the VEP actually functions. As a result, we have no confidence that the government discloses vulnerabilities as often as claimed. The lack of transparency fuels an ongoing divide between technologists and the government.

A report published in June by two ex-government officials—relying heavily on the document from EFF’s lawsuit—offers a number of helpful recommendations for improving the government’s credibility and fueling transparency.

These proposals serve as an excellent starting point for legislation that would create a Vulnerabilities Equities Process with the force of law, formalizing and enforcing a presumption in favor of disclosure. VEP legislation should also:

  • Mandate periodic reconsideration of any decision to retain a vulnerability;
  • Require the government to publish the criteria used to decide whether to disclose;
  • Require regular reports to summarize the process and give aggregate numbers of vulnerabilities retained and disclosed in a given period;
  • Preclude contractual agreements that sidestep the VEP, as in the San Bernardino case, where the FBI apparently signed a form of non-disclosure agreement with the “outside party.” The government should not be allowed to enter such agreements, because when the government buys a zero day, we should not have to worry about defending ourselves from a hostile state exploiting the same vulnerability. If tax dollars are going to be used to buy and exploit vulnerabilities, the government should also eventually use them to patch the security of affected systems, with benefits to all.

Above all, formalizing the VEP will go a long way to reassuring the public, especially members of the technology industry, that the U.S. government takes its commitment to strengthening digital security seriously.

Item 2:  Preventing Disproportionate Use of Government Malware and Global Hacking Warrants

EFF has also long been concerned about state-sponsored malware. It’s at the heart of our suit against the government of Ethiopia. Even in the United States, when the government seeks court permission to use malware to track and surveil suspects over the Internet, it can endanger innocent users as well as general network security.

A particularly egregious example is the Playpen case, involving an FBI investigation into a Tor hidden service that hosted large amounts of child pornography. The FBI seized the site’s server and operated it as a honey pot for visitors. A single warrant authorized the FBI to install malware on any and all visitors’ computers in order to breach the anonymity otherwise provided by Tor. By not specifying particular users—even though the list of users and logs of their activity was available to the FBI—the warrant totally failed to satisfy the Fourth Amendment requirement that warrants particularly describe persons and places to be searched.

What’s more, the FBI asked the court to trust that it would operate its malware safely, without accidentally infecting innocent users or causing other collateral damage. Once defendants began to be charged in these cases, the government staunchly refused to turn over certain information about how the malware operated to the defense, even under seal, arguing that it would compromise other operations. As a result, defendants are left unable to exercise their right to challenge the evidence against them. And of course, anyone else whose computer is vulnerable to the same exploit remains at risk.

In these cases, the FBI flouted existing rules: the Playpen warrant violated both the Fourth Amendment and Rule 41 of the Federal Rules of Criminal Procedure. Other cases have involved similarly overboard uses of malware. EFF has been working to explain the danger of this activity to courts, asking them to apply Fourth Amendment precedent and require that the FBI confront serious threats like Playpen in a constitutional manner. We have also been leaders of a coalition to stop an impending change that would loosen the standards for warrants under Rule 41 and make it easier for the FBI to remotely hack users all over the world.

Item 3:  A “Title III for Hacking”

Given the dangers posed by government malware, the public would likely be better served by the enactment of affirmative rules, something like a “Title III for Hacking.” The legislative process should involve significant engagement with technical experts, soliciting a range of opinions about whether the government can ever use malware safely and if so, how. Drawing from Title III, the law should:

  • Require that the government not use invasive malware when more traditional methods would suffice or when the threats being addressed are relatively insignificant;
  • Establish strict minimization requirements, so that the targets of hacking are identified with as much specificity as the government can possibly provide;
  • Include public reporting requirements so that the public has a sense of the scope of hacking operations; and
  • Mandate a consideration of the possible collateral effects—on individuals and the public interest as a whole—on the decision to unleash malware that takes advantages of known or unknown vulnerabilities. Even if the VEP itself does not encompass publicly known vulnerabilities (“N-days”), using remote exploits should impose an additional requirement on the government to mitigate collateral damage, through disclosure and/or notice to affected individuals.

The same principles should apply to domestic law enforcement activities and foreign intelligence activities overseen by the FISA Court or conducted under the guidelines of Executive Order 12333.

Of course, these sorts of changes will not happen overnight. But on these issues. We’ve created a single page that tracks our work as we fight in court and pursue broader public conversation and debate in the hopes of changing government practices of sabotaging digital security. We hope you join us.

Via EFF

The post What to do about lawless government hacking and the weakening of digital security appeared first on Intellihub.

Article source link : https://www.intellihub.com/what-to-do-about-lawless-government-hacking-and-the-weakening-of-digital-security/

Read More...

Politics

Spicer: ‘It came down to a matter of trust with Flynn’

‘Flynn committed no known legal violations’

WASHINGTON D.C. (INTELLIHUB) — The White House addressed Michael Flynn’s resignation Tuesday, and said that the president’s reaction was “decisive,” but there had to be some type of “due process” and that’s what took some time.

At the briefing, the corporate press was all over Press Sec. Sean Spicer and kept asking Spicer why it took so long to get rid of Flynn if officials were aware of the situation several weeks ago. However, Spicer held his ground and made it clear that once the president was briefed on the situation that it was only a short time before Gen. Flynn was questioned by officials on several occasions.

“There is nothing that the general did that was a violation of any sort […] What it came down to was a matter of trust,” White House Press Secretary Sean Spicer said in the briefing.

“What it came down to plain and simple was him misleading the Vice President and others and not having a firm grasp on his recollection of that.”

Michael Flynn resigned as the president’s National Security Adviser late Monday as the controversy hit a boiling point.

©2017. INTELLIHUB.COM. All Rights Reserved.

The post Spicer: ‘It came down to a matter of trust with Flynn’ appeared first on Intellihub.

Article source link : https://www.intellihub.com/spicer-it-came-down-to-a-matter-of-trust-with-flynn/

Read More...

Conspiracy

CNN Feed Goes Dead As Obamacare Victims Begin Speaking

So CNN has Trump on TV explaining how ObamaCare is a disaster.

Then he has a guest explain how her family got a triple increase for insurance.

Then to the amazement of everybody, the CNN feed from the White House goes blank.

Article source link : http://www.abovetopsecret.com/forum/thread1164394/pg1

Read More...

Cryptozoology

Cliff Barackman Talks Bigfoot On News Show

From Bigfoot Conundrum on youtube, check out this appearance of Cliff Barackman educating the public on bigfoot.

Read more »

Article source link : http://feedproxy.google.com/~r/BigfootEvidence/~3/0UWaDHOJf78/cliff-barackman-talks-bigfoot-on-news.html

Read More...

Science

EVERYTHING IS RIGGED: Medicine, science, elections, the media, money, education, search engines, social media… you are living in a fabricated fairy tale

After witnessing how Reuters just blatantly cooked the presidential election polls this week to favor Clinton and how the mainstream media is so terrifyingly biased in favor of Clinton that the very foundation of democracy is now in crisis, it’s time to tell you something that perhaps a lot more people are finally ready to hear:

EVERYTHING IS RIGGED.

Every institution in America is sold out, corrupted and politically rigged to favor Big Government and Big Business. “America is a lost country,” explains Paul Craig Roberts. “The total corruption of every public and the private institution is complete. Nothing remains but tyranny. And lies. Endless lies.”

CNN, Reuters and the Associated Press are all now shameless promoters of every big lie across every sector of society, from vaccines and GMOs to elections and politics. The federal government itself is incapable of doing anything other than lying, and it has totally corrupted the entire realm of science by pulling the strings of funding via the National Institutes of Health and the NSF.

The FDA is entirely corrupt, as is the USDA. Both function now as little more than marketing propaganda pushers for Big Pharma and Big Biotech. Similarly, Google, Facebook and Twitter are all rigged, too, censoring the voices they don’t want anyone to hear while highlighting the establishment lies they wish to promote.

Here’s what “rigged” really means… the tools of tyranny

When I say “everything is rigged,” what does that mean, exactly?

• All “official sources” are ordered to constantly lie about everything, weaving illusions to push a chosen narrative rooted in fiction (from “there are no Islamic terrorists” to “carbon dioxide is poison to the planet”).

• All voices of reason and sanity are silenced. Only the most insane, irrational voices are allowed to be magnified through any media (including social media). This is also true across the sciences, where real science has been all but snuffed out by political agendas (biosludge, GMOs, glyphosate, mercury in dentistry, etc.).

• All facts are obliterated by propaganda. Facts have no place in any debate, and those who invoke facts are shamed and silenced (or even fired from their jobs, expelled from their schools or bullied into a state of suicide on social media). Anyone who invokes facts on things like the actual statistics of police shootings is told they are “part of the problem” because they have the “wrong attitude” about social justice.

• Every branch of government is weaponized against the people and used as an assault tool against political enemies who threaten the status quo. (IRS, FDA, FTC, DEA, EPA, USDA, etc.)

• All science is distorted into absurd, politically-motivated conclusions about everything the government wants to use to control the masses: Vaccines, climate change, GMOs, fluoride, flu shots, chemical agriculture, carbon dioxide and so on.

• Every branch of medicine is hijacked by globalist agendas to make sure medicine never makes anyone healthier, more alert or more cognitively capable of thinking for themselves.

• Every “news item” that’s reported from any official source is deliberately distorted to the point of insanity, turning many facts on their heads while attacking anyone who might offer something truly constructive to the world. (Such as reporting that Clinton was “cleared” by the FBI when, in fact, she was indicted by the very facts the FBI presented!)

• All voices of truth are silenced, then replaced by meaningless, distracting babble (Kardashians) or meaningless, tribal sports competitions (the Rio Olympics). The point is to dumb down the entire population to the point of cultural lunacy.

• Any true reports that contradict any official narrative are immediately censored. For example, radio host Michael Savage just got blocked by Facebook for posting a true story about an illegal alien who committed murder in America.

• Emotions are used as weapons to manipulate the masses. For example, when the mom of a Benghazi victim shares her grief with the world, she is ridiculed and shamed. But when a radical Muslim father who’s trying to bring Sharia Law to America attacks Trump by expressing his loss of his soldier son, the media turns him into an instant celebrity, praising his “courageous voice” for daring to speak out. The media hypocrisy is enough to make you vomit…

What exactly is rigged?

• The entire mainstream media
• Google search engine and Google News
• Facebook and Twitter
• The DNC and the RNC (both 100% rigged by globalists)
• Every federal agency (EPA, FDA, etc.)
• The entire justice system (makes a total farce of real justice)
• Interest rates and the value of the money supply (central banksters)
• Academia (all public universities)
• EPA’s “safe” limits on pesticides (all rigged by Big Biotech)
• Food and food labeling (all run by corrupt food companies)
• Public education (rigged into Common Core anti-knowledge idiocy)
• Banking and finance (all controlled by globalists)
• Government economics figures and statistics
• Medicine and pharmaceuticals (rigged to maximize profits)
• Big Science (totally rigged by government agenda pushers)
• The music industry (most top singers can’t sing at all)
• Weapons manufacturers and war corporations
• The illegal drug trade (it’s run by the government)
• Political elections (all 100% rigged at the federal level)
• Political polls (now rigged by Reuters, too)
• The health insurance industry (rigged by Obamacare)
• College admissions (legally discriminates against Whites and Asians)
• 9/11 and domestic terrorism (all rigged “official stories”)
• Oil and energy industries
• The rule of law (rigged in favor of the rich and powerful)
• Infectious disease and the CDC (a constant stream of lies)
• Hollywood (all run by globalists)
• Climate change science (all a grand science hoax)
• Press release services (they only allow official narratives)
• History (what you are taught is mostly a lie)
• Government grants (only given out to those who further the agenda)
• Government bids (only awarded to those who kick back funds to corrupt officials)
• Consciousness and free will (we are all taught consciousness doesn’t exist)
• Ethnobotany (medicinal and spiritual use of healing plants)
• Life on other planets (the obvious truth is kept from us all)
• The origin of the universe (the official narrative is a laughable fairy tale)

As a fantastic example of how everything is rigged, consider these paragraphs from this Breitbart.com news story published today:

Over the weekend and for the past few days since Khan spoke alongside his wife Ghazala Khan about their son, U.S. Army Captain Humayun Khan, who was killed in Iraq in 2004, media-wide reporters, editors, producers, and anchors have tried to lay criticism on Trump over the matter. They thought they had a good one, a specific line of attack that pitted Trump against the military—and supposedly showed him as a big meanie racist in the process.

But, as Breitbart News showed on Monday midday, that clearly was not the case. Khizr Khan has all sorts of financial, legal, and political connections to the Clintons through his old law firm, the mega-D.C. firm Hogan Lovells LLP. That firm did Hillary Clinton’s taxes for years, starting when Khan still worked there involved in, according to his own website, matters “firm wide”—back in 2004. It also has represented, for years, the government of Saudi Arabia in the United States. Saudi Arabia, of course, is a Clinton Foundation donor which—along with the mega-bundlers of thousands upon thousands in political donations to both of Hillary Clinton’s presidential campaigns in 2008 and 2016—plays right into the “Clinton Cash” narrative.

America’s transformation into Communist China is nearly complete

If you’re pondering where all this is headed, look no further than Communist China, where all independent news has been outlawed by the state. Political prisoners across China have their organs harvested to enrich black market organ traders, and nearly one out of every three urban citizens is a secret spy who snitches on friends for the totalitarian communist government.

Hillary Clinton is the embodiment of Communist Chinese totalitarianism. She’s such a perfect fit for their disastrous model of human rights abuses, government corruption and systemic criminality that I’m surprised she doesn’t live in Beijing. If Clinton gets elected, America is gone forever, replaced by a criminal regime of totalitarians who violate the RICO Act as a matter of policy.

If this entire rigged system of biased media, Facebook censorship, Google search result manipulations and twisted science ends up putting America’s most terrifying political criminal into the White House, it’s lights out for the American we once knew. Almost immediately, the nation fractures into near Civil War, with calls for secession growing unstoppable as state after state seeks to escape the political wrath of an insane regime of D.C. criminals and tyrants. #TEXIT

We now live in two Americas: Half the country is tired of everything being rigged, and the other half can’t wait to be exploited by yet another crooked leftist LIAR who rigs everything

America is now essentially two nations. On one hand, we have the pro-Trump America, filled with people who are tired of being cheated, censored, punished, stolen from and lied to about everything under the sun. Donald Trump supporters are people who realize everything is rigged… and they’re demanding an end to the corruption and criminality of the fascist system under which we all suffer today.

Hillary Clinton supporters are people who are too busy chasing political rainbows to realize everything is rigged. They still believe the lies and the propaganda (the “hope and change” that never came, but is still promised by empty politicians). They’re living in fairy tale delusional worlds that have been woven into their gullible minds by the skillful social engineers of the radical left. These people still think the government cares about them… or that CNN only reports truthful news. They can’t wait to see another globalist in the White House because they are pathetic, weak-minded empty shells of non-consciousness who are wholly incapable of thinking for themselves.

These two camps of Americans can no longer coexist. They have almost nothing in common when it comes to knowledge, wisdom, ethics, morals or philosophy. One camp believes in the rule of law (Trump); the other camp believes that people in power should be above the law (Clinton). One camp believes in states’ rights and individual liberty (Trump) while the other camp believes in the consolidation of totalitarian power in the hands of a centralized, domineering government (Clinton). One camp believes in a level playing field, free market competition and rewarding innovation and hard work (Trump), while the other camp believes in free handouts, government “equality” mandates, and the ludicrous idea that “there should be no winners or losers in society.” (Clinton)

In other to try to win this election, the Clinton camp has already rigged EVERYTHING from the very start, including the coronation of Hillary, the scheduling of televised debates to minimize their viewership, the surrender of Bernie Sanders to the DNC machine, the mass organization of illegal voting schemes to make sure illegal aliens vote in November, and so much more. No doubt they’re also working extremely hard to rig the black box voting machines all across the country.

If you’re tired of everything being rigged, this November vote against the rigged system by voting for Donald Trump. This is truly your last chance to save America from being overthrown by a totalitarian regime of criminals who will crush every last iota of freedom and liberty in America.

Rigged elections

Via Natural News

The post EVERYTHING IS RIGGED: Medicine, science, elections, the media, money, education, search engines, social media… you are living in a fabricated fairy tale appeared first on Intellihub.

Article source link : https://www.intellihub.com/everything-is-rigged-medicine-science-elections-media-money-education-search-engines-social-media-you-are-fairytale/

Read More...