Search the Community

Apple, Microsoft, Facebook, Google, Yahoo! – and many, many others – have appealed to American politicians and g-men to rein in mass digital surveillance this May, and bring the intelligence community under some kind of effective oversight. "It has been nearly two years since the first news stories revealed the scope of the United States’ surveillance and bulk collection activities," the group wrote in an open letter to President Obama, congressional leaders, and the heads of the NSA and US Department of Justice. "Now is the time to take on meaningful legislative reforms to the nation’s surveillance programs that maintain national security while preserving privacy, transparency, and accountability." And, presumably, prevent future annoying headlines like this and this appearing on the web. The tech goliaths are members of the Reform Government Surveillance coalition, along with pro-privacy and civil-rights warriors. The group has been piling on the pressure over global spying, which they say hurts their business. In their latest open letter, the gang call for reform of the USA PATRIOT Act, which is up for renewal shortly. On May 31 this year, Section 215 of the act (or to give it its full and faintly ridiculous name, the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act) expires. Section 215 is the part of the anti-terror law that the NSA uses to justify snooping on everyone's phone metadata. The group is pressing that the section be allowed to expire on June 1 without being reauthorized. Section 214, which covers pen registers and trap and trace devices, will also expire on that date. The group says that if they are renewed, proper oversight is needed by an independent third party. With the sections of the Patriot Act coming up for renewal, there's an increasing amount of pressure to curb the blanket spying revealed by whistleblower Edward Snowden. Earlier this week, a bipartisan bill was introduced into the US House of Representatives to abolish the PATRIOT Act altogether, but El Reg suspects Satan will go to work on a snowplow before it passes. Source

A group of technology companies, non-profits and privacy and human rights organizations have sent a letter to President Barack Obama, the director of national intelligence and a wide range of Congressional leaders, calling for an end to the bulk collection of phone metadata under Section 215 of the USA PATRIOT Act. The letter, sent by dozens of organizations and companies, comes at a time when legislators in the United States are considering a new bill that would repeal the Patriot Act altogether. That measure likely will face stiff opposition in the House of Representatives, but less-sweeping reforms may be on the table as well. In the letter, representatives from the EFF, CloudFlare, Silent Circle, the ACLU, Mozilla, Human Rights Watch and many other organizations say that whatever form the changes take, Section 215 collection needs to end once and for all. “There must be a clear, strong, and effective end to bulk collection practices under the USA PATRIOT Act, including under the Section 215 records authority and the Section 214 authority regarding pen registers and trap & trace devices. Any collection that does occur under those authorities should have appropriate safeguards in place to protect privacy and users’ rights,” the letter says. The legal authority for the National Security Agency’s bulk collection of telephone metadata derives from Section 215 of the Patriot Act, and that section is due to expire on June 1. Lawmakers are considering a variety of possible reforms to the authority, but many in the security, technology and privacy communities have been advocating for the elimination of that authority altogether. In 2014, President Obama released a plan that would change the bulk collection under Section 215 and would keep all of the records with the telecom providers. The government would then need to get orders from the Foreign Intelligence Surveillance Court in order to access specific records. In addition to calling for an end to the Section 215 bulk collection, the organizations that sent the new letter to Obama and lawmakers said that any bill must “contain transparency and accountability mechanisms for both government and company reporting, as well as an appropriate declassification regime for Foreign Intelligence Surveillance Court decisions.” The Section 215 bulk collection was the first piece of the massive surveillance revelations from Edward Snowden that began in 2013. Though many other NSA programs have been revealed in the ensuing two years, the telephone metadata collection has remained one of more controversial ones. “It has been nearly two years since the first news stories revealed the scope of the United States’ surveillance and bulk collection activities. Now is the time to take on meaningful legislative reforms to the nation’s surveillance programs that maintain national security while preserving privacy, transparency, and accountability. We strongly encourage both the White House and Members of Congress to support the above reforms and oppose any efforts to enact any legislation that does not address them,” the letter says. Source

The Supreme Court of India today struck down Section 66A of the Information Technology Act -- a controversial law that allowed law enforcement officials to arrest people for posting "offensive" comments on social networks and other internet sites. After hearing a clutch of petitions by defenders of free speech, the Supreme Court described the 2009 amendment to India's Information Technology Act known as section 66A as vague and ambiguous and beyond ambit of the constitutional right to freedom of speech. "Section 66A is unconstitutional and we have no hesitation in striking it down," said Justice R F Nariman, reading out the judgement. "The public's right to know is directly affected by section 66A." SECTION 66A OF THE IT ACT The Information Technology Act 2000 was amended in the year 2008 and this amended act contains the 66A section. Under this section, "Any person who sends, by means of a computer resource or a communication device, — 1. any information that is grossly offensive or has menacing character; or 2. any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device, 3. any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages, shall be punishable with imprisonment for a term which may extend to three years and with fine." SECTION 66A MISUNDERSTOOD But, the legality of section 66A has been in Question from years. The Supreme Court earlier had said that terms like 'illegal', 'grossly offensive' and 'menacing character' were vague expressions and were likely to be dangerously twisted and misused. Section 66A act stops people to share and express their different or controversial opinion freely that may not necessarily be dangerous or a subject of 'grossly offensive' and 'menacing character'. Like for example, Theory of Evolution may be a ‘false information’ for those religious people who believes that God created the whole world, but it may be useful information for those who study Science. CASES IN WHICH SECTION 66A IS MISUSED BY POLITICIANS In 2012, two young women – Shaheen Dhanda and Rinu Shrinivasan – were arrested in Palghar in Thane district, Mumbai under the Section 66A act for posting comments against the shutdown in Mumbai following Shiv Sena leader Bal Thackeray's death. The charges on two young ladies were later quashed by a Mumbai court, but this first case filled under Section 66A followed a number of arrests across the country for uploading political cartoons or posting comments on social network, which sparked outrage and fierce debate about online censorship in India. Some other controversial arrests under Section 66A of the IT act are as follows: • Recently, a class XII student was arrested for posting about Uttar Pradesh Minister Azam Khan on his Facebook timeline. • Businessman Ravi Srinivasan was booked by police for allegedly tweeting that the son of then union minister P Chidambaram, Karti Chidambaram, was 'corrupt'. • Last year, Devu Chodankar was arrested in Goa for writing on Goa+, a popular Facebook forum with over 47,000 members, that if elected to power, Modi would unleash a 'holocaust'. • Ambikesh Mahapatra, a Jadavpur University professor, was arrested in Kolkata for forwarding a cartoon about Mamata Banerjee. The government argued that the section 66A of the IT act was needed to protect the government data from hackers, to which the court was not at all impressed as this situation was already dealt with viruses and hacking for which Section 65 of the IT Act was relevant.

1 With what shall we commune this evening? Neighbors, please join me in reading this eighth release of the International Journal of Proof of Concept or Get the Fuck Out, a friendly little collection of articles for ladies and gentlemen of distinguished ability and taste in the field of software exploitation and the worship of weird machines. If you are missing the first seven issues, we the editors suggest pirating them from the usual locations, or on paper from a neighbor who picked up a copy of the first in Vegas, the second in S˜ao Paulo, the third in Hamburg, the fourth in Heidelberg, the fifth in Montr´eal, the sixth in Las Vegas, or the seventh from his parents’ inkjet printer during the Thanksgiving holiday. We begin our show tonight in Section 2 with something short and sweet, an executable poem by Morgan Reece Phillips. Funny enough, 0xAA55 is also Pastor Laphroaig’s favorite number! We continue in Section 3 with another brilliant article from Micah Elizabeth Scott. Having bought a BD-RW burner, and knowing damned well that a neighbor doesn’t own what she can’t open, Micah reverse engineered that gizmo. Sniffing the updater taught her how to dump the firmware; disassembling that firmware taught her how to patch in new code; and, just to help the rest of us play along, she wrapped all of this into a fancy little debugging console that’s far more convenient than the sorry excuse for a JTAG debugger the original authors of the firmware most likely used. In Section 4, Pastor Laphroaig warns us of the dangers that lurk in trusting The Experts, and of one such expert whose witchhunt set back the science of biology for decades. This article is illustrated by Boris Efimov, may he rot in Hell. In Section 5, Eric Davisson describes the internals of TCP/IP as a sermon against the iniquity of the abstraction layers that—while useful to reduce the drudgery of labor—also cloud a programmer’s mind and keep him from seeing the light of the hexdump world. Ange Albertini is known to our readers for short and sweet articles that quickly describe a clever polyglot file in a page or two. In Section 6, he finally presents us with a long article, a listing of dozens of nifty tricks that he uses in PoCkGTFO, Corkami, and other projects. Study it carefully if you’d like to learn his art. In Section 7, BSDaemon and Pirata extend the RDRAND trick of PoCkGTFO 3:6—with devilish cunning and true buccaneer daring—to actual Intel hardware, showing us poor landlubbers how to rob not only unsuspecting virtual machines but also normal userland and kernel applications that depend on the new AES-NI instructions of their precious randomness—and much more. Quick, hide your AES! Luckily, our neighborly pirates show how. Section 8 introduces us to Ryan O’Neill’s Extended Core File Snapshots, which add new sections to the familiar ELF specification that our readers know and love. Recently, Pastor Laphroaig hired Count Bambaata on as our Special Correspondent on NASCAR. After his King Midget stretch limo was denied approval to compete at the Bristol Motor Speedway, Bambaata fled to Fordlandia, Brazil in a stolen—the Count himself says “liberated”—1957 Studebaker Bulletnose in search of the American Dream. When asked for his article on the race, Bambaata sent us by WEFAX a collection of poorly redacted expense reports1 and a lovely little rant on Baudrillard, the Spirit of the 90’s, and a world of turncoat swine. You can find it in Section 9. Section 11 is the latest from Ben Nagy, a peppy little parody of Hacker News and New–Media Web 2.0 Hipster Fashion Accessorized Cybercrime in the style of Gilbert and Sullivan. Sing along, if you like! Finally, in Section 12 we do what churches do best and pass around the old collection plate. We don’t need alms of Dollars or Euros, so send those to Hackers for Charity in Uganda.2 Rather, we pass the plate to ask for your doodles and your sketches, your crazy ideas that work well enough to prove the concept, well enough to light up the mind, well enough to inspire the next lady or gentleman to do something clever and strange. Read more: http://www.exploit-db.com/docs/pocorgtfo07.pdf

The law that the Obama administration cites to allow bulk telephone metadata collection expires on June 1, and the FBI has already begun lobbying to keep Section 215 of the Patriot Act from expiring. Bad guys "going dark" using encryption, the FBI says, is one of the reasons why the government needs to collect the metadata of every phone call made to and from the United States. Robert Anderson, the FBI’s chief of the Criminal, Cyber, Response, and Services Branch, told reporters during a roundtable discussion Tuesday that the Patriot Act is necessary because encrypted communications are becoming more commonplace in the wake of the Edward Snowden disclosures. "In the last two to three years, that whole ‘going dark’ thing went from a crawl to a flat-out sprint because the technology is changing so rapidly," Anderson said. Joseph Demarest, assistant director of the FBI's Cyber Division, told reporters that if Section 215 expires, "Obviously it’s going to impact what we do as an organization and certainly on cyber." The comments, especially as they relate to encryption, are part of a growing chorus of calls—from as high as President Barack Obama—that the government needs Silicon Valley's assistance for backdoors into encrypted tech products like the iPhone. Silicon Valley has (at least publicly) shunned the administration's attempts to get backdoors into their products. And while no legislation at the moment requires them to comply, the nation's spy apparatus and others are turning their attention toward not losing the bulk telephone metadata spying program that spun heads when The Guardian—armed with classified documents from Snowden—exposed it in 2013. As it turns out, the secret Foreign Intelligence Surveillance Act court that was authorizing the program was doing so under the authority of Section 215 of the Patriot Act. While many leading lawmakers are behind renewing the program, there are plenty of reasons why it should expire come June. According to the EFF: One federal judge has upheld the program while another has declared it unconstitutional. A Supreme Court showdown over the snooping isn't likely to happen any time soon. There's plenty of rhetoric on all sides of the issue, too. Sen. Marco Rubio (R-FL) said Section 215 should never expire. House Speaker John Boehner (R-Ohio) and Majority Leader Mitch McConnell (R-KY) are big fans of Section 215. Sens. Ron Wyden (D-OR) and Martin Heinrich (D-NM) said that "none of the claims appear to hold up to scrutiny" that the bulk metadata collection program prevents terrorism. When Congress publicly re-authorized Section 215 three years ago, the public didn't know that lawmakers were secretly approving the bulk telephone metadata program. And some lawmakers who had voted for re-authorization claimed that they didn't even know about the bulk collection program. At least this time, when it comes up for a vote in the coming months, lawmakers can't claim that they didn't know they were voting to allow the government to scoop up data that includes phone numbers of parties involved in calls, calling card numbers, the time and duration of the calls, and the international mobile subscriber identity number for mobile callers. The database is said to have more than 1 trillion records. Source