With huge thanks to Mark de Wolf (3 Mar 2014) for sharing this on G+…
There’s just one entry missing off the end:
Simpson: There ain’t nothing donuts can’t do.
On Monday this week Christopher Soghoian will hold a virtual conversation with Edward Snowden during SXSW 2014. Not everybody is pleased. Congressman Michael Richard Pompeo (Kansas) has written to the organizers requesting that the invitation to Snowden be withdrawn.
People of the world, I urge you to read Pompeo’s letter in full (click the image on the right), to witness authoritarian doublespeak claptrap at its best.
People of Kansas — just get rid of him.
Pompeo writes, “In case you did not have access to the full facts in making your initial decision to extend your invitation, I want to call a few undisputed facts about the actions taken by Mr Snowden to your attention…”
OK, let’s have a look at Pompeo’s ‘undisputed facts’.
Only a tiny sliver of the materials stolen by Mr Snowden had anything to do with United States telecommunications or the privacy rights of Americans.
That ‘tiny sliver’ shows that the NSA interprets the law to allow it to spy on all Americans at all times. A recent example of the extent of NSA legal contortions will suffice to demonstrate. The spy agency discussed the feasibility of classifying Wikileaks as a “malicious foreign actor” for surveillance purposes. “If the foreign IP is consistently associated with malicious cyber activity against the U.S., so, tied to a foreign individual or organization known to direct malicious activity our way, then there is no need to defeat any to, from, or about U.S. Persons. This is based on the description that one end of the communication would always be this suspect foreign IP, and so therefore any U.S. Person communicant would be incidental to the foreign intelligence task.”
This argument could be applied to any ‘dubious’ website that ever questions US foreign and domestic policy. The Pirate Bay was discussed. Others could easily be included. RT? Al Jazeera? If the argument were applied, then any American visitor to any such circumscribed website would become a legitimate target of surveillance; and the NSA document makes it clear that is the primary purpose – a method of circumventing US law. Americans should remember, this surveillance would not simply be metadata, but actual content.
So, Pompeo’s ‘tiny sliver’ clearly demonstrates that all Americans are to be considered targets at all times. But just in semantic terms, how can it be an ‘undisputed fact’ when the vast majority of the documents have not yet been disclosed?
I would here appeal to the American people. Just consider the utter contempt that the NSA shows towards all foreigners. I am a foreigner, a journalist and a blogger – and I am a legitimate target for the NSA. This cannot be right. You have a strong sense of ‘freedom’. Much of that stems from the Declaration of Independence, which most famously states:
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.
It says ‘all men’, not just ‘all Americans’. Should that not include me? Am I to be excluded from your view of freedom? (Lest you believe me a hypocrite, let me just say that I believe that the UK and GCHQ is far worse – you at least are discussing this; open discussion here has effectively been squashed by the UK government.)
Mr. Snowden cares more about personal fame than personal privacy
I would question that. He handed the documents to a journalist and has played no part in their publication. He does not seek out publicity nor interviews; but grants them when requested and if possible.
Mr. Snowden gives real whistleblowers a bad name
Excuse me? If he had attempted the official routes he would rapidly have been silenced. I don’t know about the US, but I strongly believe it to be similar to the UK, where potential whistleblowers tend to get suicided (Dr David Kelly and Gareth Williams are two relatively recent examples). Official whistleblowing routes are simply not an option at this level. If he were in the UK, his best bet for survival would be to feign madness – consider David Icke (who espouses the Lizard conspiracy) and David Shayler (who told the world he was the Messiah).
When I served in the Army along the Iron Curtain we had a word for a person who absconds with information and provides it to another nation: traitor. We also had a name for a person who chooses to reveal secrets he had personally promised to protect: common criminal. Mr. Snowden is both a traitor and a common criminal.
This is the biggest lie of all put forward by NSA apologists from Obama downwards. Snowden is charged under the Espionage Act, which makes him a traitor. But the Espionage Act is a law subservient, as all laws are, to the US Constitution. There are some who say that NSA actions are constitutional; but there is a growing legal, ethical and moral view that it at least contravenes the Fourth Amendment.
I suspect that all Americans consider themselves bound by the US Oath of Allegiance. I know that all who work in or for government – and that includes Obama, Pompeo and Edward Snowden, are so bound. That oath includes, “I will support and defend the Constitution and laws of the United States of America against all enemies, foreign and domestic.”
The Constitution is primary, and if Snowden believed (as many academics and legal minds also believe) that the NSA was acting in defiance of the Constitution, then he was duty bound to try to defend the Constitution. By that same token, those who support the NSA in breach of the Constitution are themselves in breach of their Oath of Allegiance – and that makes them, not Snowden, the traitors.
It is perfectly reasonable to question Snowden’s actions, and to have any view you like on them. But to twist reality to blacken his name and dampen open discussion is, frankly, pretty despicable.
I did a news story in Infosecurity Magazine yesterday: Meetup Fighting Prolonged DDoS Attack. The gist is that the social network site, meetup — which promotes the idea of both dispersed and local ‘groups’ and group activities — had been under intermittent DDoS attack since last Thursday.
CEO Scott Heiferman has blogged about the attack. It started with an email warning that said the attacker had been commissioned by a competitor to attack him — but that he would abandon the attack on payment of $300. Heiferman thinks the $300 was just to test the water; to see if meetup would be susceptible to further extortion in the future.
That’s possible; but given the commoditization of DDoS as a service, it is equally likely to be the actual cost of the attack; and the attacker was seeing if he could get his fee without the effort of the attack.
But in all of this there is one question unanswered. Heiferman stresses that throughout the attack his engineers have been toiling to keep the site up and running, and actually says that he spends millions of dollars every year on security. What is clear is that he has spent little or nothing on DDoS mitigation — and is possibly still spending nothing on third-party mitigation (else his problem would probably have long been solved).
I spoke to Ashley Stephenson, CEO of Corero Network Security (a DDoS mitigation firm) to try to understand what’s going on. While we don’t yet know who is behind the attack, what if any competitor was involved, nor the type of DDoS attack used, what is clear, Stephenson told me, is that “it appears the meetup site had no proactive defence in place. Similarly their primary ISP or Hosting Provider was not able to successfully defend their customer against the volume or sophistication of the threat.”
But it would have started much earlier. “Long before the demand for cash was made, attackers were likely probing the meetup service, searching for vulnerabilities and preparing to launch an attack that would do the most harm.”
This is one reason why companies need to be proactive and mitigate DDoS before it starts rather than be reactive and attempt to contain an attack when in full sway. “A technology solution with the capabilities to detect, analyze and ultimately mitigate DDoS attacks, could provide an early alert on such suspicious activity, and help to protect against the malicious activity as soon as it escalates.”
Most companies’ preparation for a DDoS attack is simply to ask themselves, ‘would I pay or would I fight?’; but then they fail to ask themselves: ‘OK, how would I fight this?’
“The lesson to be learned here, unfortunately at the expense of meetup,” said Stephenson, “is that businesses need to think proactively and prepare for cyber attack scenarios, before they hit.”
It makes sense. Most companies buy an anti-malware system not because they have a malware infection, but because of the possibility that they might get one. The same mentality needs to be developed about DDoS attacks and DDoS mitigation — it’s best to get the defence in before the attack, because that attack is becoming increasingly more likely, and increasingly more dangerous.
They claim to be super-patriots, but they would destroy every liberty guaranteed by the Constitution. They demand free enterprise, but are the spokesmen for monopoly and vested interest. Their final objective toward which all their deceit is directed is to capture political power so that, using the power of the state and the power of the market simultaneously, they may keep the common man in eternal subjection.
Vice President Henry Wallace, speaking of American Fascists
Damn. I hadn’t realised that Republicans and Democrats and Tories and Labour were all just synonyms for American Fascists.
The days when the West could speak with any moral authority have long gone. Nobody listens any more.
“Vladimir Putin had a telephone conversation with President of the United States Barack Obama on the American side’s initiative,” announced Putin’s office this morning.
The Russian President spoke of a real threat to the lives and health of Russian citizens and the many compatriots who are currently on Ukrainian territory. Vladimir Putin stressed that in case of any further spread of violence to Eastern Ukraine and Crimea, Russia retains the right to protect its interests and the Russian-speaking population of those areas.
That’s as close as you can get to ‘mind your own business’ in diplomatic language.
I got an email this morning from a friend, a world-renowned security expert, and — dare I say it — an ex-detective.
He was in trouble. In Ukraine. He’d been mugged and lost his money. His passport had been impounded by his hotel, and he was stuck. Could I help?
Well, even Google can recognise a London Scam (Dear Mum, I’ve been mugged in London — please send money); although I personally haven’t seen one for a couple of years now.
But the interesting thing here is that the scammer used the correct email address: firstname.lastname@example.org. Closer inspection showed, however, that the reply address was slightly different: email@example.com.
So what we have is a scammer who had taken the trouble to find a relationship between two people and register an email address close to one of them. We can assume that the real a.person hasn’t been hacked and lost his contact list otherwise the scammer wouldn’t have needed the separate reply-to address. So the question is, how did the scammer tie the two of us together?
Finding my email is not a problem — as a journalist I hardly keep it secret. I would expect the real a.person to be more circumspect, however. And then there’s the relationship. I guess LinkedIn and Twitter serve a few more functions than most of us realise…
This coming week the European Justice and Home Affairs Council (ie, national ministers from the individual national governments) will meet in Brussels. There are several items on the agenda.
Top of the list in a memo released by Viviane Redding is reform of the data protection laws. She says,
I am confident we will be able to build on the momentum injected into the negotiations by the Greek Presidency at the last informal Council meeting in January. Seeing the latest progress, I will continue working with Ministers for an adoption of the data protection reform before the end of this year.
Bottom of the list in a ministerial statement from Theresa May is reform of the data protection laws. She says,
There will be a state of play/orientation debate on the Proposal for a General data Protection Regulation. The UK continues to believe that this proposal is far from ready for a general agreement, and that no such agreement can occur until the text as a whole has been approved. The proposal remains burdensome on both public and private sector organisations and the Government would not want to see inflexible rules on transfers outside the European Economic Area which do not reflect the realities of the modern, interconnected world.
And yes, they really are talking about the same thing. Most of Europe has already agreed the data protection reform proposals; but the UK doesn’t like it and won’t play.
The problem is, providing more protection for our personal information is difficult for the UK. It would upset the three most powerful organizations in the country: GCHQ, Google and Facebook. GCHQ would have its ability to collect our private messages, photos, home videos and internet browsing habits severely curtailed — and of course nobody would want to see that.
Google and Facebook would no longer be able to ship our personal information to servers outside of the UK; that is, the US, from where the NSA/FBI could demand access while declining to allow us to be told (assuming they need to since GCHQ will probably have already intercepted the data via its taps on the fibre cables that run between the two continents and simply handed it en masse to the NSA for storage and safe keeping).
Since these negative arguments would not prove popular to the British public, they are being hidden in spurious and frankly false claims that data protection will cost business. Yes there will be some cost in protecting our data (not nearly as much as the government would like us to believe); but that will be more than compensated by the lower cost of doing business with dozens of different data protection regimes. The net effect of reforming data protection will be greater data protection at a lower overall cost.
But Theresa May doesn’t want us to understand that. She and David Cameron would like us to believe that they are protecting us when they are really just protecting vested interests and actually selling us down the river. They are willing to trade our privacy to keep GCHQ and big American business happy.