NSA spying: The Canadian Connection

Get Your NSA ON cartoon

By Alison@Creekside


NYTimes: New iPhone’s Fingerprint Scanner: “Coming just one day after leaked documents suggested that the National Security Agency is able to hack into smartphones, the unveiling of a new iPhone with a built-in fingerprint scanner prompted dismay and mockery…”

Business Insider: NSA Slides Refer To iPhone Owners As ‘Zombies’

Cryptome/ Spiegel Online: How the NSA Accesses Smartphone Data

See the NSA slides at both links above.

Tech Dirt: The NSA impersonates Google Servers

And, as noted by Agent Smith above, it’s all turning into a giant hairball:

The NSA Machine: Too Big For Anyone to Understand … including the NSA

Ok, the Canadian CSEC connection …

The NSA has deliberately weakened encryption on the net by, among other attacks, introducing encryption vulnerabilities and an NSA backdoor into the standards set by the National Institute of Standards and Technology, and used by banks, corporations, governments, and individual people to protect sensitive data sent over the internet.

NY Times, Sept 10:

“Canada’s Communications Security Establishment ran the standards process for the international organization, but classified documents describe how ultimately the N.S.A. seized control.

“After some behind-the-scenes finessing with the head of the Canadian national delegation and with C.S.E., the stage was set for N.S.A. to submit a rewrite of the draft,” the memo notes. “Eventually, N.S.A. became the sole editor.”

Bill Robinson at Lux ex Umbra, a Canadian authority on CSEC, does not believe CSEC was duped into this by the NSA but rather

“CSE and the NSA worked hand-in-glove to game the standards process.”

Update : CSEC responds to Jesse Brown at Maclean’s and declines to deny that they were “finessed” by the NSA into betraying global encryption standards.

Microsoft: Team player

Microsoft privacy video

By Alison@Creekside

Feel free to drop by this Microsoft ad and give it a thumbs down.


“At Microsoft, your privacy is our priority.”

Indeed. About that …

Guardian: How Microsoft handed the NSA access to encrypted messages

• Secret files show scale of Silicon Valley co-operation on Prism

• Outlook.com encryption including Hotmail unlocked even before official launch

• Skype worked to enable Prism collection of video calls

Microsoft has collaborated closely with US intelligence services to allow users’ communications to be intercepted, including helping the National Security Agency to circumvent the company’s own encryption, according to top-secret documents obtained by the Guardian.

• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a “team sport”.

US lawmakers, along with Microsoft, Skype, Apple, Google, Facebook, and Yahoo all initially attempted to deny knowledge of PRISM or that the intelligence agencies have back doors into their systems, explaining they are very occasionally under a legal compulsion to cough up customer data to comply with “existing and future lawful demands” in Microsoft’s happy phrase, but this tiny ISP company bucked it and won.

Meanwhile …

NSA Writes Code Used in Google Phone  [h/t West End Bob]

The tech giant Google has confirmed the National Security Agency furnished some of the code installed in its new Android phone. The NSA says the code is intended to enhance security against hackers and marketers, but will not confirm whether it also aids the agency’s PRISM program monitoring the global Internet.

Back to the Guardian:

“Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time.”

That’s us.

Michael Geist Feb 15 2012 on the situation in Canada:

“[W]ith ISPs and telcos providing subscriber data without a warrant 95 percent of the time, there is a huge information disclosure issue with no reporting and no oversight. This is a major issue on its own, particularly since it is not clear whether these figures also include requests to Internet companies like Google and social media sites such as Facebook and Twitter.

The RCMP alone made over 28,000 requests for customer name and address information in 2010. These requests go unreported – subscribers don’t know their information has been disclosed and the ISPs and telecom companies aren’t talking either.”

If you’d like to opt out of the NSA and their “team sport”, there are other options:

Related from Saskboy: PRISM: Oliver Stone vs NSA and Checkpoints

“The question is not Do you have something to hide? The question is whether we control government or the government controls us.”

PRISM is just the beginning

Glowing bank of servers

Glowing bank of serversBy David@Sixthestate.net

As you may have heard, the Obama administration has been outed as ambitiously Big Brother-ish, overseeing a National Security Agency surveillance program which essentially scoops user data from every major online source — Facebook, Google, Skype, even Apple — and puts it into the world’s largest personal information database. (This, surprisingly, means Facebook is probably only the second largest such database.)

There’s an inevitable furore in the press, as there should be, but I think — as I’ve warned before — that people are asking the wrong questions about the latest scandal. The reality is that the sort of pervasive surveillance which the U.S. government now stands accused of dabbling in was inevitable, and is only going to get worse — bigger, more intrusive, more pervasive. Maybe even more secret.

The first problem with the latest spy scandal is, as I’ve repeatedly stated over the past several weeks, that the majority of people don’t care. They won’t say so — especially Republicans — but the reality is that a very small minority both (a) votes and (b) would vote differently based on the latest scandal. Indeed, we’ve reached the point where the party system can’t eliminate a program like PRISM in the United States: it was set up by Bush, and maintained and expanded by Obama, so unless you’re willing to vote for a (basically non-existent) third party over this, you’re hooped. Live with it. Which most people will. Outside of libertarian and Tea Party circles, and maybe not even there, it’s hard to imagine people genuinely care about this. Not people who were already active on Facebook, anyways.

The more serious issue is this, though: pervasive surveillance is rapidly becoming so easy, and so cheap, that it’s foolhardy to imagine governments resisting the temptation to engage in it. The only real difficulty is getting everyone to play along — and that obviously wasn’t a serious problem when it came to Facebook, or Google, or Apple, or Microsoft, or Skype, just to name a few. So in fact, there are no real difficulties.

Let’s say, hypothetically, that you want to build a database containing every text message sent by every American, every day. Apparently, the average American sends 42 text messages per day. (For what it’s worth, I send zero, and I feel very, very old now, despite being under 30.) Let’s further assume that every text message generates 500 characters of text, which is probably an extremely high figure. Now, 300 million Americans times 21 kilobytes of text equals 6.3 terabytes of information per day.

Right now, in a retail store, you can get a two terabyte hard drive for $100, on sale. So even if you’re paying retail rates for your surveillance database, which seems unlikely, you can store every text message sent by every American for around $300 a day.

If that still seems unlikely to you, consider that that amounts to 2.3 petabytes per year of data. Almost two years ago, IBM built a 120-petabyte hard drive cluster in California “for an unnamed customer.”

Think you bought that DVD? Think again.

Image: Locked up technology

Image: Locked up technologyBy John Klein (aka Saskboy)

Imagine buying a house, and being locked out of the basement by the previous owner. That’s what digital locks do. If you’ve been following Canadian politics, particularly the new Copyright Act (Canada’s DMCA) Bill C-11, you’ve heard of “digital locks.” A digital lock, or Digital Rights/Restrictions Management (DRM), is a technology added onto a product you purchase, which keeps you from using the product the way you’d expect to be able to do as an owner. Media sold to you with DRM is more accurately described as “rented,” because it has limited access to important digital capabilities you get with media you create or media that is not digitally locked. You need to contact the landlord of the media in order to make full use of your purchase.

So, why would people buy this crippled product? Consumers haven’t had a lot of choice for one thing (if they buy music, rather than pirate it illegally). iTunes included DRM with purchased music, but removed it for music in 2009. At the outset of MP3 music downloading via file sharing sites like Napster, MP3s were DRM free for pirates. It was literally a more versatile product, for free, than you could get from iTunes by paying. Do people wonder why file sharing/piracy became the norm in the early years of the last decade? In the free market, the majority of people don’t choose to pay for a less desirable product, even under threat of punishment.

Now the Conservatives are set to quickly pass Bill C-11, and force through a new Copyright Act after previous governments (including many iterations of their own) failed to do it. I was starting to think that the Copyright Act would doom whichever government tried to pass a new version, but now it looks like it would take a miracle to stop it. There are going to be harsh penalties for anyone who tries to back up a movie DVD they’ve purchased. DVD movies contain digital locks you see — we’ve just forgotten they’re there because the pirates’ circumvention software is so practical and useful in our legal daily use of our home entertainment purchases.

Michael Geist writes, “As for claims that no locks will wipe out the industry, note that Canadian digital music sales have now grown faster than U.S. sales for the past six consecutive years, all without digital lock legislation.

“The reality is that the digital lock rules were overwhelmingly opposed as part of the 2009 national copyright consultation and generated strong opposition from opposition political parties, business groups, creator associations, consumer groups, and education representatives.”

There is also ample evidence that Conservative ministers are meeting only with pro-copyright extremists in the lead-up to passing C-11. The government isn’t looking out for Canadian voters, they’re singing to a different tune. That tune is protected by digital locks, and copyright, so don’t try copying it.

Letter to Steve Jobs

steve-jobs1by Eric Pettifor

Dear Mr. Jobs:

I write to you on the occasion of your death to congratulate you on making a difference. As more of a technology visionary and businessman than a true geek (that was your erstwhile partner Steve Wozniak, or “Woz”), you may not recall that this was the concern of a dying James Tiberius Kirk at the end of the movie Star Trek: Generations. Granted, you never saved the planet by travelling in time to rescue whales or anything like that (at least, you left no public record of such feats), but, way back when, you knew a good thing when Woz showed it to you.

Some might say that you were the mercenary and Woz was the real techno-saint, but left to his own devices would Woz have formed a company to sell the Apple I back in 1976 or sought venture capital to expand and sell the Apple II in 1977? Or would he have been content to hand out his genius for free at the local computer club? If the latter, I might never have had an Apple IIe. That was a sweet little machine back in the day — thanks to the both of you Steves for that.

You also knew better than Xerox what they had when you visited their research facility in 1979 and saw what they were doing with graphical environments, and that curious pointing device, the mouse. You took these ideas, ran with them, and had Bill Gates playing catch up until 1995 (and yes, your devoted fans might say that Windows never caught up to the Mac).

When you were edged out of your own company in 1985, you simply went on to found another computer company, NeXT Inc. There you made the uber-elite NeXT computer — no compromises, including on price. Your target market was institutions that could afford it, including CERN in Switzerland where Tim Berners-Lee wrote the first web server and browser on one. Eventually an ailing Apple would buy your company and get an OS that would allow them to catch up to, and arguably pass, Windows, and also get you back as the CEO.

Once back, you didn’t stay in the PC comfort zone. No, you could see the future, and the future was in people’s pockets. Along came the iPod, the iPhone, the iPad. You left Apple in such good shape that the day after the announcement of your death, Apple’s share price didn’t change much at all. Such was the confidence of the market.

Personally, I’m not so sure. Your personal stamp is all over Apple. It is so much the product of your vision. I don’t see how Apple can be Apple without you. And Apple has been without you. What happened is a matter of historical record.

But don’t let that worry you. Assuming that there is an afterlife, move on to your next project. Or better still, take a break for a lifetime or two. You packed enough into this one that you deserve it.

-Eric

Steve Jobs Timeline

Adobe Previews Adobe Flash Killer

edgeBy Eric Pettifor

Back in March, I criticized Apple for not including support for Adobe Flash in their iPad tablet. Their reasoning seemed to be, at least in part, that Flash was going away, to be replaced by HTML 5 with support from javascript and CSS, to which I responded that may very well be, but Flash wasn’t dead yet.

The writing is still on the wall today, but now in a large, animated font. This looming threat to Flash comes from Adobe themselves, with the preview release of their HTML 5/Javascript/CSS authoring tool, Edge.

What difference will this make to the average web surfer? Probably not much. Sites with annoying special effects and sound and other hoopla offered up by Flash will no doubt offer the same via HTML 5. But your back button will likely work, and you will be able to send links to interior pages, because the whole thing will be written with open standards designed for web browsers — it will be the same old web you’ve always known, just on steroids.

Indeed, Adobe isn’t doing much here that hasn’t been possible for years, at least with regard to the final product. But what a chore it was! Extremely time consuming, and even if you went to all the trouble to test your technical magnum opus in the top ten web browsers at the time to ensure it worked in all of them, one browser would go up a version, change its behaviour, and break your work. Just not worth it.

So even though Adobe doesn’t own the underlying technology as it does with Flash, if it can make the difficult easy, their new product will fill a huge niche. But couldn’t the competition do the same thing? Yes, but could they do it as well? Give the devil his due, Adobe is very good at what they do. Plus they will have a first-to-market advantage. They will establish Edge as the Photoshop (also an Adobe product) of HTML 5. And don’t look to the open source world for a free app that does all this and does it well — their track record when it comes to multimedia authoring is mostly dismal.

Who this will be a real boon for is the non-technical designer types who are drawn to Flash like moths to a flame. Easy to use Flash authoring tools mean that they don’t have to have a lot of technical knowledge in order to realize their glorious visions. Sadly for them, Flash has lots of problems, many to do with the fact that it’s mostly graphic, not text based. Search engines can’t read it, spider it, summarize it, and Flash sites usually don’t do well in rankings. And that’s only the half of it.

HTML 5 and associated technologies, on the other hand, are totally kosher open standards that use the web browser and all it has to offer, rather than simply using it as a frame. If Adobe can satisfy the Flash-addicted elves of the web design world (and they won’t be easy to satisfy, so good thing Adobe is planning more preview releases as features evolve), then there will be richly designed multimedia sites which sacrifice nothing of the power of textual information and the properties that made the World Wide Web the ubiquitous force it is today.

AND you’ll be able to view them on your iPad.

iKnow Where You Were Last Summer

iphone-data-map-007

by Eric Pettifor

So, it turns out that phones running the iOS 4 update of June, 2010 log date and location wherever their owners take them. The data sits there on the phone. It is not transmitted to Apple, so the charge cannot be made that Apple is actively spying on its customers. But do take extra care not to lose the phone or have it stolen.

Apparently this data is also transferred to your computer when a sync operation is performed, so even if this inspires you to destroy the phone (you’ll really want to pulverize it to nix the storage component), the data will remain on the computer.

Of course, in this time of people voluntarily surrendering large amounts of personal information through such things as Facebook and Twitter, perhaps this is a feature. It may be that some enterprising app maker has already created an app to post your whereabouts for the past year to your Facebook page with just the push of a virtual button! If not, be sure they’re working on it. (Code already exists if, for some reason, you want to privately track your movements). This would make things easier for private investigators and spooks – learning a person’s past whereabouts from their Facebook account would be a lot less grief than having to steal their phone.

iphone-data-map-007
Of course, this sort of tracking can be done with an Android phone as well, but you will have to go through a lot of bother figuring out the feature and activating it, and you won’t have data from before the time you did. Apple thoughtfully keeps all this data for you right from the start. And the user has agreed to it. They gave Apple the right to collect such data at the end of a long licence agreement, every word of which I’m sure they read and considered carefully.

From the time of Apple’s first Mac they have been marketing to the clueless, removing from them the burden of having to know stuff. Heck, you have to jailbreak their appliances just to get administrative access. Trust Mother Steve, she’ll take care of you. But don’t even think about lying to mom about where you were last night.

Xoom vs iPad 2

Apple Throws Flash on the Cart of Dead Technology

tablets
By Eric Pettifor

A couple of posts ago I wrote of the Motorola Xoom tablet, extolling its virtues while trying to convince myself that I don’t need one. And truly, I don’t. My little netbook is all the portable computing I really need. What I might want, and might actually get (if it was in the budget), is another question.

This question has recently been complicated by the announcement of Apple’s iPad 2. Uh oh, Motorola, has your leapfrogging the leader been leapfrogged? The short answer appears to be: No.

The most telling comparison I was able to find was over at The Mac Observer. Though one understands they might have a bias, given the name of their site, here’s what they manage to come up with: “The iPad 2 is clearly the best when it comes to size, weight, price, and battery life.” I suppose that’s one way to sell the smaller, lower resolution screen as a good thing.

Of the Xoom’s virtues, they write:

The Xoom is the clear favorite in four categories, starting with its display resolution (1280 x 800 compared to 1024 x 768 for iPad and iPad 2). Some users who fancy holding a tablet up as a camera may fancy the Xoom’s back-camera flash, as well. The Xoom also features stereo speakers, a feature Apple doesn’t offer, and the device includes a full GB of RAM. The iPad featured 256MB, and it appears as if iPad 2 has double that, at 512MB.

What they don’t note, and isn’t clear from the accompanying chart, is the megapixel rating of the iPad 2’s cameras. And don’t go looking for that information on the Apple site, because you won’t find it. That suggests it’s not worth boasting about, so if you’re one of those strange people who, as macobserver puts it, “fancy holding a tablet up as a camera” and care about the resolution of the pictures you take, the choice is clear.

Also missing from their comparison is consideration of support for USB and SD. Again, that may be because the iPad 2 doesn’t support either. The Xoom does both.

Also no mention of support for Flash (though it does come up in the comments). Apple has developed an allergy to Flash, believing that HTML 5, CSS, and javascript are better alternatives. Consequently, iPad 2 offers no support for the junky legacy product. I’m not unsympathetic, having predicted the demise of Flash myself a few columns ago. But here’s the thing — it’s not dead yet.

With regard to price, a not maxed-out version of the iPad 2 will save you a few bucks over the Xoom, but as Wolfgang Gruener concludes in his article 5 Reasons Why You Should Not Buy The iPad 2, you could save even more “if you . . . consider the original iPad, which we hear is seeing dropping prices. The crappy camera, the software update and the dual-core processor may not be worth the extra expense.” Now may be the best time to buy the original iPad at clear-them-out prices.

One gotcha about the Xoom: While it’s intended to support Flash and SD, it may or may not, depending on the version of the OS. Ask before you buy. If it’s from an earlier batch, you may have some geeking to do to bring it up to scratch.

Nevertheless, it appears as though Apple has gone from first-to-market leader, to having to play catch up. Stay tuned to see if the iPad 3 finally delivers on the promise of the form. Perhaps by that time Flash really will be dead. Hopefully Steve Jobs won’t be.

I don’t need a tablet. Repeat.

xoom

xoom by Eric Pettifor

Okay, I’m starting to want a tablet. No, not the iPad for which I expressed my underwhelmedness back in February of 2010, but the Motorola Xoom to be released this quarter, perhaps even as soon as next month.

What’s so great about the Xoom? Well, if you’re one of those who have been waiting for Apple to add all the features they omitted, like camera, usb support, multitasking, SD card support, and so on, your wait may soon be over, at least if you’re prepared to venture outside the Apple fold. The Motorola Xoom will be everything the iPad ought to have been at its inception.

Check out this vid, and note when the Motorola spokesperson refers to it as a tablet PC.

 
If one had to summarize the difference between the iPad and this, one could simply say that the iPad is an internet appliance whereas the Xoom is a tablet PC. This may change as Apple is forced to compete on features. A mockup of the iPad 2 was displayed by a CES exhibitor for a time until it garnered too much attention and Apple quashed it. While a mockup can’t be regarded as final or definitive, it suggests that it will sport a camera as well.

 

What its final configuration will be is uncertain, but it does seem likely that Apple will have to add features, a camera being only one of them, if it wants to remain competitive in this space.

The Motorola Xoom runs the Android Honeycomb operating system, which is the latest version of Google’s Android OS originally designed for phones, but retooled by Google specifically for tablets. Boasting an Nvidia Tegra 2 1GHz dual-core processor with a gigabyte of RAM and 32 GB of storage (expandable with SD), it packs enough punch in a well-designed package running a skookum OS that it won CNET’s best of the CES show this year. They note “We believe the Xoom is the most potentially disruptive technology among the nominees; it’s a true competitor for the iPad and will be one of the first 4G-compatible tablets to hit the market.”

I don’t need a tablet. I’m typing this on my faithful Acer Aspire One netbook. It’s fine, really it is, all I need in a light, portable computer. I don’t need a tablet. I don’t need a tablet. I have a feeling I will be repeating this a lot. Just because the Xoom looks cool, sleek, sexy, and doesn’t allow its form to interfere much with its function as a PC (I could always get a Motorola bluetooth keyboard), that doesn’t mean that I need it.

I don’t need a tablet. I don’t need a tablet. I don’t need a tablet.

The Chrome revolution has been postponed

stnick

stnick
by Eric Pettifor

Last year at this time I predicted that a small revolution in web apps would occur in 2010, thanks to the introduction of Google Chrome OS, and may have implied that this would have a negative effect on the iPhone. I also expressed the opinion that, if all went well with the Google branded Nexus phone, Microsoft would follow with one of their own.

This year I will have to revise and amend somewhat, since Google did not introduce Chrome OS mid-year as planned, so the fallout from that will have to wait until the first half of 2011. Daniel Eran Dilger has written a piece on this over at appleinsider.com. Perhaps not surprising given the source, it has a bit of a pro-Apple bias. Dilger notes, for example that “Unlike the Chrome OS, these machines [Apple laptops and desktops] can run native Mac apps, can host X11 Linux apps, and can even run Windows apps in a virtualization environment.” This suggests that he doesn’t get it, in spite of having extensively quoted Google’s intention earlier in the article:

”Google Chrome OS is being created for people who spend most of their time on the web, and is being designed to power computers ranging from small netbooks to full-size desktop systems,” the company blogged last summer.

“We hear a lot from our users and their message is clear — computers need to get better. People want to get to their email instantly, without wasting time waiting for their computers to boot and browsers to start up,” the company explained.

“They want their computers to always run as fast as when they first bought them. They want their data to be accessible to them wherever they are and not have to worry about losing their computer or forgetting to back up files. Even more importantly, they don’t want to spend hours configuring their computers to work with every new piece of hardware, or have to worry about constant software updates. And any time our users have a better computing experience, Google benefits as well by having happier users who are more likely to spend time on the Internet.”

It is Google’s intention to out-iPad the iPad by offering a world where you don’t have to worry about apps or backups or where your data is, a world in which everything “just works.” A paranoid geek like myself won’t allow Chrome OS anywhere near any of my devices, because I care about where my data is and who has access to it and things like administrative access. It’s bad enough that they have my email, I’m not handing over everything to the buggers, even if they are my favourite corporation.

But that’s just curmudgeonly old me. If they can deliver on this vision of drop dead easy computing, Steve Jobs will find himself in the position of having to play catch up, and Microsoft will then play catch up to Jobs. Technologically it won’t be difficult for either of them. The killer will be that while they sell their stuff, Google gives it away free. That could be a very difficult dime for them to turn on.

In other 2011 news: I’m not going to predict the demise of the iPhone. That’s one area that I think is fairly secure for Apple. Though with Nokia’s introduction of the N8, I wonder if the iPhone won’t become just a normal smartphone, ceding the high end to others.

You may have seen articles like this one over at pocketgamer.biz, suggesting that Nokia isn’t doing so well against Apple since the iPhone is outselling the N8 by six to one even in Nokia’s home territory of Europe. (Pro-Nokia site noknok.tv offers a rebuttal.)

This is a little like comparing sales of Rolls Royce to BMW, and, if Apple doesn’t up the ante soon, maybe Lexus. The techno-elite have already turned in their iPhones, and now it is just for little girls. (I’m only partially kidding — Sara Yin over at pcmag.com reports that when considering the purchase of a smartphone, men prefer Android, women the iPhone.)

Microsoft did not release their own branded smartphone this year, instead simply releasing a new OS for phones, Windows Phone 7. I’m not going to predict a Microsoft branded phone for 2011. I think Google’s motivation for the Nexus was sluggish uptake of Android by third parties, and if Microsoft finds themselves in a similar situation, perhaps they will adopt a similar strategy. But if they haven’t copied Google by now, I don’t think they’re going to, especially if it is strongly adopted, or even moderately well adopted.

So if I can’t predict the death of the iPhone, whose demise can I predict? Ah, yes, the overused and much abused Adobe (formerly Macromedia) Flash. And who will kill it? A new specification for web pages, HTML5. This specification provides for much greater support of multimedia content. When those Chrome OS web apps come rolling out, they won’t use Flash. Look for them to be written in HTML5 with other supported specifications (for example, the latest in cascading style sheets [CSS]), and associated technologies. Flash will be a thing of the past.

The revolution has not been cancelled. Merely postponed. Until then, best wishes for the holidays and the new year.