It's ironic that spooks so often remind us that we've got nothing to fear from their activities if we've got nothing nasty to hide, while they themselves are rarely comfortable without multiple layers of secrecy, anonymity and plausible deniability. While there was little or nothing at the conference worth keeping secret, the sense of paranoia was constant. The uniformed guard posted to the entrance was there to intimidate, not to protect. The restrictions on civilians attending the law enforcement agency sessions were, I gather, a cheap marketing gesture to justify their $6,500-per-head entrance fee with suggestions of secret information that the average network-savvy geek wouldn't have known.

It poses a tremendous threat to human rights and dignity in countries without adequate legal safeguards, and still invites occasional abuses in countries with them. Its costs are paid by citizens who are deliberately kept in the dark about how much they're paying for it, how effective it is in fighting crime and how susceptible it is to abuse. And that's the way the entire cast of characters involved wants to keep it.

Wired News: Crashing the Wiretapper's Ball

On or around May 8, the following personal ad appeared on the Internet classified ad site Craigslist. (It has since been removed.)

For mein fraulein

Mein Fraulein, I haven't heard from you in a while. Won't you
call me? 212 //// 796 //// 0735

If you actually called the number, up until a couple of days ago you would have heard this prerecorded message (MP3). It's a head scratcher to keep you National Security Agency analysts occupied in your spare time. Each block of numbers is repeated twice; but below I have transcribed them only once for clarity.

Another use of VoIP to disconnect a phone number from a physical location, this time apparently for an intelligence purpose (although this seems an anachronistic way to deliver a ciphertext). "Group 415" might be a reference to the area code in San Francisco, where Craig's List is most popular. There is also a song in the recording. Identifying the song might aid analysis... The voice is clearly sampled.

Another code for Elonka?

Voip cipher lines

Porting the hacker ethic to the nonvirtual world, magazines like Make and blogs like Boing Boing are making it cool for geeks to get their hands dirty again...

But the hands-on revival is leaving home chemists behind.... “There are very few commercial supply houses willing to sell chemicals to amateurs anymore because of this fear that we’re all criminals and terrorists,” Carlson says. “Ordinary folks no longer have access to the things they need to make real discoveries in chemistry.”

To Bill Nye, the “Science Guy,” says unreasonable fears about chemicals and home experimentation reflect a distrust of scientific expertise taking hold in society at large.

This Wired article is very apropos in light of Decius's CACM article. Apparently between trying to prevent terrorism, meth production, and fireworks accidents, state and federal regulators have pretty much made amateur chemistry illegal in the United States, which is going to do wonders for our future.

There was a debate on MemeStreams about whether product liability and tort law restricted individual freedoms. This is also a perfect example of that.

Wired 14.06: Don't Try This at Home

Counterterrorism as vocation. True Believers Wanted.

Rita Katz has a very specific vision of the counterterrorism problem, which she shares with most of the other contractors and consultants who do what she does. They believe that the government has failed to appreciate the threat of Islamic extremism, and that its feel for counterterrorism is all wrong. As they see it, the best way to fight terrorists is to go at it not like G-men, with two-year assignments and query letters to the staff attorneys, but the way the terrorists do, with fury and the conviction that history will turn on the decisions you make -- as an obsession and as a life style. Worrying about overestimating the threat is beside the point, because underestimating the threat is so much worse.

It's clear the US government, and much of the international community, seeks to deter, detect, and seize the proceeds of international fundraising for terrorism. But what about private financing of non-governmental counterterror organizations? I'm not talking about desk jockeys. I'm talking about, what if Stratfor went activist, moved to the Sudan, or Somalia, or Yemen, and used the proceeds of a vastly expanded subscription business to fund their own private Directorate of Operations? Would governments indict the subscribers?

If private counterterrorism is deemed terrorism in the eyes of official national governments, how should transnational corporations respond when terrorists begin targeting them directly? To whom do you turn when your infrastructure is simultaneously attacked in 60 countries? Must you appeal to the security council, or wait for all 60 countries (some of whom are not on speaking terms with each other) to agree on an appropriate response? What about when some of those countries are sponsors of the organization perpetrating the attack?

"The problem isn't Rita Katz -- the problem is our political conversation about terrorism," Timothy Naftali says. "Now, after September 11th, there's no incentive for anyone in politics or the media to say the Alaska pipeline's fine, and nobody's cows are going to be poisoned by the terrorists. And so you have these little eruptions of anxiety. But, for me, look, the world is wired now: either you take the risks that come with giving people -- not just the government -- this kind of access to information or you leave them. I take them."

It's the computer security story again. Katz runs a full disclosure mailing list. Privately the Feds are subscribers, even as they complain publicly about training and propriety.

This article probably earns a Silver Star, although it might have been even stronger if it had been a feature in Harper's or The Atlantic, where it could have been twice as long, and could have been less a personal profile and more about the substance and impact of her work.

It's been a year now, and at risk of self-promotion, I'll say it's worth re-reading the Naftali thread.

Private Jihad: How Rita Katz got into the spying business | The New Yorker

Hackers advocate the free pursuit and sharing of knowledge without restriction, even as they acknowledge that applying it is something else.

Decius has been published in this month's issue of Communications of the ACM. Its a typical Decius rant about freedom to tinker; really a hacker's perspective on the Bill Joy/Fukuyama argument that science needs to be centrally controlled and partially abandoned. The issue is a special issue on Computer Hackers with submissions from Greg Conti, FX, Kaminsky, Bruce Potter, Joe Grand, Stephen Bono, Avi Rubin, Adam Stubblefield, and Matt Green. Many folks on this site might enjoy reading the whole thing if you can get your hands on it. The articles mesh together well and there is some neat stuff in here.

Academic freedom and the hacker ethic

Lamar Smith has a nack for writing bills that I hate, but this rule change is baddly needed and I support it.

Chairman Lamar Smith (TX-21) today introduced the “Orphan Works Act of 2006” (H.R. 5439), which creates new guidelines for use of copyrighted material when the original owner cannot be located.

©opyBites: Copyright Law Blog: Orphan Works Legislation

AT&T claims information in the file is proprietary and that it would suffer severe harm if it were released.

Based on what we've seen, Wired News disagrees. In addition, we believe the public's right to know the full facts in this case outweighs AT&T's claims to secrecy.

Wired has now published ALL of the AT&T documents. I agree with Wired that this information doesn't create a competitive problem for AT&T. AT&T is playing the proprietary card for technical reasons. I also don't think that publishing this information harms national security. Basically, yawn, there is nothing here that indicates that this is anything more then a CALEA compliance room. Mind you, the problem with CALEA is that it creates all of the infrastructure needed to allow access to all of the content, and anyone who had access to the content, or possibly anyone who can guess your SNMPv3 password, can pretty much do whatever they want with it so long as they don't get caught. This is why civil libertarians opposed CALEA. However, proving that the intercepts in this case aren't lawful is going to take more evidence than this.

Suggested reading on Prior Restraint:

* New York Times v. United States (403 U.S. 713) - Pentagon Papers case

The only effective restraint upon executive policy and power in the areas of national defense and international affairs may lie in an enlightened citizenry.

Because of the importance of these rights, any prior restraint on publication comes into court under a heavy presumption against its constitutional validity.

* United States v. Progressive (467 F. Supp. 990) - H-Bomb Case

This case is different in several important respects. In the first place, the study involved in the New York Times case contained historical data relating to events that occurred some three to twenty years previously. Secondly, the Supreme Court agreed with the lower court that no cogent reasons were advanced by the government as to why the article affected national security except that publication might cause some embarrassment to the United States.

The Secretary of State states that publication will increase thermonuclear proliferation and that this would "irreparably impair the national security of the United States." The Secretary of Defense says that dissemination of the Morland paper will mean a substantial increase in the risk of thermonuclear proliferation and lead to use or threats that would "adversely affect the national security of the United States."

Defendants have stated that publication of the article will alert the people of this country to the false illusion of security created by the government's futile efforts at secrecy. They believe publication will provide the people with needed information to make informed decisions on an urgent issue of public concern.

The title of this Wired article is a reference to the issue of The Progressive that revealed the Teller-Ulam design. "The H-Bomb Secret: How we got it, why we're telling it"

Wired News: Why We Published the AT&T Docs

The State Secret Privilege was used dishonestly in its first case!

United States v. Reynolds, 345 U.S. 1 (1953) is a landmark legal case in 1953 that saw the creation of the State Secrets Privilege, an unofficial but judicially-recognized extension of presidential power.

The widows of 3 crew members of a B-29 Superfortress bomber that had crashed in 1948 sought accident reports on the crash, but were told that to release such details would threaten national security by revealing the bomber's top-secret mission.

In 2000, the accident reports were declassified and released, and were found to contain no secret information. They did, however, contain information about the poor state of condition of the aircraft itself, which would have been very compromising to the Air Force's case. Many commentators have alleged government misuse of secrecy in the landmark case.

United States v. Reynolds - Wikipedia, the free encyclopedia

Tommorow is the big day for the EFF's AT&T NSA spying case. There is a public hearing in the morning to determine whether or not the Federal Government will be able to assert the State Secret's Privilege to squash the case. Wired has tons of coverage, including information from the EFF's exhibits, which I'm linking here.

The normal work force of unionized technicians in the office are forbidden to enter the "secret room," which has a special combination lock on the main door. The telltale sign of an illicit government spy operation is the fact that only people with security clearance from the National Security Agency can enter this room.

The above-referenced document includes a diagram (PDF 3) showing the splitting of the light signal, a portion of which is diverted to "SG3 Secure Room," i.e., the so-called "Study Group" spy room.

Since the San Francisco "secret room" is numbered 3, the implication is that there are at least several more in other cities (Seattle, San Jose, Los Angeles and San Diego are some of the rumored locations), which likely are spread across the United States.

Now, the description offered here would be valid for a CALEA compliance room. The existance of these things doesn't demonstrate what is being surveilled or why or with what authority. But the technical information is likely of interest to the geeks on this site, including the tool used for collecting data (which is a common CALEA compliance tool). There is also a picture of the room.

The State Secrets Option, BTW, is the nuclear option in law. If this case proceeds it will be a watershed event, particularly given that this option was accepted in the rendition case of Maher Arar. Getting tortured by a foreign government is a bit more serious then getting your phone tapped.

Of course, consideration of this matter leads one rapidly to worry that that if the intelligence or security establishment commits a crime, and you are the victim of that crime, you have no recourse. This tends to incidate that the realm of intelligence and national security is an autonomous zone, where the only real law is "trust us."

Wired News: AT&T Whistle-Blower's Evidence

Stratfor: Geopolitical Intelligence Report - May 16, 2006

Civil Liberties and National Security

By George Friedman

USA Today published a story last week stating that U.S. telephone
companies (Qwest excepted) had been handing over to the National
Security Agency (NSA) logs of phone calls made by American
citizens. This has, as one might expect, generated a fair bit of
controversy -- with opinions ranging from "It's not only legal but
a great idea" to "This proves that Bush arranged 9/11 so he could
create a police state." A fine time is being had by all. Therefore,
it would seem appropriate to pause and consider the matter.

Let's begin with an obvious question: How in God's name did USA
Today find out about a program that had to have been among the most
closely held secrets in the intelligence community -- not only
because it would be embarrassing if discovered, but also because
the entire program could work only if no one knew it was under way?
No criticism of USA Today, but we would assume that the newspaper
wasn't running covert operations against the NSA. Therefore,
someone gave them the story, and whoever gave them the story had to
be cleared to know about it. That means that someone with a high
security clearance leaked an NSA secret.

Americans have become so numbed to leaks at this point that no one
really has discussed the implications of what we are seeing: The
intelligence community is hemorrhaging classified information. It's
possible that this leak came from one of the few congressmen or
senators or staffers on oversight committees who had been briefed
on this material -- but either way, we are seeing an extraordinary
breakdown among those with access to classified material.

The reason for this latest disclosure is obviously the nomination
of Gen. Michael Hayden to be the head of the CIA. Before his
appointment as deputy director of national intelligence, Hayden had
been the head of the NSA, where he oversaw the collection and
data-mining project involving private phone calls. Hayden's
nomination to the CIA has come under heavy criticism from Democrats
and Republicans, who argue that he is an inappropriate choice for
director. The release of the data-mining story to USA Today
obviously was intended as a means of shooting down his nomination
-- which it might. But what is important here is not the fate of
Hayden, but the fact that the Bush administration clearly has lost
all control of the intelligence community -- extended to include
congressional oversight processes. That is not a trivial point.

At the heart of the argument is not the current breakdown in
Washington, but the more significant question of why the NSA was
running such a collection program and whether the program
represented a serious threat to l... [ Read More (2.0k in body) ]

Civil Liberties and National Security