Runefox writes "Cerulean Studios, the company behind the long-lived Trillian instant messaging client, has released preliminary specifications to their proprietary "Astra" protocol, now named IMPP (Instant Messaging and Presence Protocol), which provides continuous client functionality as well as mandatory TLS encryption for clients. According to their blog, Cerulean Studios' motivation for the release is to promote interoperability among the throngs of IM services and clients available by allowing others to also use the protocol. Future concepts include federation with XMPP. While the documentation is in an early state and the protocol is claimed to still be in development, it is hoped that it will help decentralize the very heavily fragmented messaging ecosystem. It's implied that, in turn, greater options for privacy may become available in the wake of the PRISM scandal via privately-run federated servers, unaffiliated with major networks, yet still able to communicate with them."

Rick Zeman writes "Showing once again that once a privacy door is opened every law enforcement agency will run through it, The Washington Post details how state drivers license photo databases are being mined by various LEOs in their states--and out. From the article: '[L]aw enforcement use of such facial searches is blurring the traditional boundaries between criminal and non-criminal databases, putting images of people never arrested in what amount to perpetual digital lineups. The most advanced systems allow police to run searches from laptop computers in their patrol cars and offer access to the FBI and other federal authorities. Such open access has caused a backlash in some of the few states where there has been a public debate. As the databases grow larger and increasingly connected across jurisdictional boundaries, critics warn that authorities are developing what amounts to a national identification system — based on the distinct geography of each human face.'"

An anonymous reader writes "Not to be left out Apple has released details about government requests for customer data. The company said it received between 4,000-5,000 government requests, affecting as many as 10,000 accounts or devices. From the article: 'The iPad maker said that it received between 4,000 and 5,000 requests from U.S. law enforcement agencies for customer data from December 1, 2012 to May 31, 2013, and that 9,000 to 10,000 accounts or devices were specified in the requests. Apple did not state how many of the requests were from the National Security Agency or how many affected accounts or devices may have been tied to any NSA requests.' Facebook and Microsoft released their numbers this weekend."

cold fjord writes "Yet more details about the controversy engulfing the NSA. From CNET: 'Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, explained how the program worked without violating individuals' civil rights. "We take the business records by a court order, and it's just phone numbers — no names, no addresses — put it in a lock box," Rogers told CBS News' "Face The Nation." "And if they get a foreign terrorist overseas that's dialing in to the United Sates, they take that phone number... they plug it into this big pile, if you will, of just phone numbers — it's like a phonebook without any names and any addresses with it — to see if there's a connection, a foreign terrorist connection to the United States." "When a number comes out of that lock box, it's just a phone number — no names, no addresses," he said. "If they think that's relevant to their counterterrorism investigation, they give that to the FBI. Then upon the FBI has to go out and meet all the legal standards to even get whose phone number that is."' From the AP: ' ... programs run by the National Security Agency thwarted potential terrorist plots in the U.S. and more than 20 other countries — and that gathered data is destroyed every five years. Last year, fewer than 300 phone numbers were checked against the database of millions of U.S. phone records ... the intelligence officials said in arguing that the programs are far less sweeping than their detractors allege.... both NSA programs are reviewed every 90 days by the secret court authorized by the Foreign Intelligence Surveillance Act. Under the program, the records, showing things like time and length of call, can only be examined for suspected connections to terrorism, they said. The ... program helped the NSA stop a 2009 al-Qaida plot to blow up New York City subways.'"

Writing "Wow, this is going to really set the cat amongst the pigeons once this gets around," an anonymous reader links to a story at The Guardian about some good old fashioned friendly interception, and the slide-show version of what went on at recent G20 summits in London: "Foreign politicians' calls and emails intercepted by UK intelligence; Delegates tricked into using fake internet cafes; GCHQ analysts sent logs of phone calls round the clock; Documents are latest revelations from whistleblower Edward Snowden."

First time accepted submitter TigerPlish writes "AT&T has rolled out Wireless Emergency Alerts for iPhones. The alerts are for huge catastrophes (a Presidential Alert), for weather / natural calamities, and for AMBER alerts. One can turn off the latter two, but the Presidential alert cannot be turned off. The article mentions only 4S and 5 get this update. That said, I have a 4 and it got the update this morning. This was enacted in 2006, for those keeping track of such things. I, for one, do not care for this any more than I like the idea of them reading my communications to begin with. Oh, I'm sorry, the "metadata" from my communications." As promised.

bill_mcgonigle writes with this news from from CNET: "Rep. Jerrold Nadler (D NY) disclosed that NSA analysts eavesdrop on Americans' domestic telephone calls without court orders during a House Judiciary hearing. After clearing with FBI director Robert Mueller that the information was not classified, Nadler revealed that during a closed-door briefing to Congress, the Legislature was informed that the spying organization had implemented and uses this capability. This appears to confirm Edward Snowden's claim that he could, in his position at the NSA, 'wiretap anyone from you or your accountant to a federal judge to even the president.' Declan McCullagh writes, 'Because the same legal standards that apply to phone calls also apply to e-mail messages, text messages, and instant messages, Nadler's disclosure indicates the NSA analysts could also access the contents of Internet communications without going before a court and seeking approval.' The executive branch has defended its general warrants, claiming that 'the president had the constitutional authority, no matter what the law actually says, to order domestic spying without [constitutional] warrants,' while Kurt Opsahl, senior staff attorney at EFF claims such government activity 'epitomizes the problem of secret laws.'" Note that "listening in" versus "collecting metadata" is a distinction that defenders of government phone spying have been emphasizing. Tracking whom you called and when, goes the story, doesn't impinge on expectations of privacy. Speaking of the metadata collection, though, reader Bruce66423 writes "According to the Washington Post, the Bush administration took 'bulk metadata' from the phone companies under voluntary agreements for more than four years after 9/11 until a court agreed they could have it compulsorily." Related: First time accepted submitter fsagx writes that Brewster Kahle of the Internet Archive has calculated the cost to store every phone call made in the U.S. over the course of a year: "It's surprisingly inexpensive. It puts the recent NSA stories (and reports from the Boston bombings about the FBI's ability to listen to past phone conversions) into perspective."

An anonymous reader writes "For a few years now, we've been hearing about TV-related devices that have built-in cameras and microphones. Their stated purpose is to monitor consumers and gather data — often to target advertising. (We'll set aside any unstated purposes — the uses they tell us about are bad enough.) Now, two members of the U.S. House of Representatives have submitted legislation to regulate this sort of technology. '[They] said they want to get out ahead of the release of this new technology and pass legislation that ensures it would include beefed up privacy protections for consumers. They added that this legislation is particularly relevant given the recent revelations about the National Security Agency's Internet surveillance programs. ... Additionally, the bill requires a cable box or set-top device to notify consumers when the monitoring technology is activated and in use by posting the phrase "We are watching you" across their TV screens.'"

coop0030 writes "Feel like someone is snooping on you? Browse anonymously anywhere you go with the Onion Pi Tor proxy. This is fun weekend project from Adafruit that uses a Raspberry Pi, a USB WiFi adapter and Ethernet cable to create a small, low-power and portable privacy Pi."

cold fjord writes "There are new developments in the ongoing controversy engulfing the NSA as a result of the Snowden leaks. From The Hill: 'Emerging from a hearing with NSA Director Gen. Keith Alexander, Reps. Mike Rogers (R-Mich.), chairman of the Intelligence Committee, and Dutch Ruppersberger (Md.), the senior Democrat on the panel, said Edward Snowden simply wasn't in the position to access the content of the communications gathered under National Security Agency programs, as he's claimed. "He was lying," Rogers said. "He clearly has over-inflated his position, he has over-inflated his access and he's even over-inflated what the actual technology of the programs would allow one to do. It's impossible for him to do what he was saying he could do." ... "He's done tremendous damage to the country where he was born and raised and educated," Ruppersberger said. ... "It was clear that he attempted to go places that he was not authorized to go, which should raise questions for everyone," Rogers added.'" U.S. Attorney General Eric Holder has also told the E.U. justice commissioner that media reports surrounding PRISM are wrong: "The contention it [PRISM] is not subject to any internal or external oversights is simply not correct. It's subject to an extensive oversight regime from executive, legislative and judicial branches and Congress is made aware of these activities. The courts are aware as we need to get a court order. ... We can't target anyone unless appropriate documented foreign intelligence purpose for the prevention of terrorism or hostile cyber activities." Meanwhile, Bloomberg has gone live with a report (based on unidentified sources, so take it with a grain of salt) saying that private sector cooperation with snooping government agencies extends far beyond the ones listed in the PRISM report. "Thousands of technology, finance and manufacturing companies are working closely with U.S. national security agencies, providing sensitive information and in return receiving benefits that include access to classified intelligence, four people familiar with the process said." Whatever PRISM turns out to be, the NY Times is reporting that at least Yahoo, and probably other tech companies as well, tried to fight participation in it. Other reports suggest Twitter refused to participate, though there's been no official confirmation.

c0lo writes "Kim Dotcom alleges, in an 20 min interview with the Australian public television, that Megaupload was offered up by the New Zealand's PM 'on a silver platter' as part of negotiations with Warner Brothers executives for shooting The Hobbit in New Zealand. He promises that he'll substantiate the claims in court. He also says that the extradition case the U.S. government is weak and the reason behind the latest delay in extradition hearing (postponed from August this year to March next year) is an attempt to bleed Dotcom dry of his money. Also interesting, Dotcom says that the latest debacle of the massive scale online online surveillance by U.S. spy agencies has triggered an 'explosion' of interest in mega.co.nz, the 'cloud storage' site with user generated encryption."

An anonymous reader writes "Simply put, the US government has failed in its role as the 'caretaker' of the internet. Although this was never an official designation, America controls much of the infrastructure, and many of the most popular services online are provided by a handful of American companies. The world is starting to sober up to the fact that much of what they've done online in the last decade is now cataloged in a top-secret facility somewhere in the United States. The goal has been to promote internet freedom around the world, but we may have also potentially created a blueprint for how authoritarian governments can store, track, and mine their citizens' digital lives."

An anonymous reader writes "Some journalists ran into Steve Wozniak at the airport and asked him about iOS 7 and PRISM, where he made an interesting comparison about how the US is becoming what it once feared most. In communist Russia 'you couldn't own anything, and now in the digital world you hardly own anything anymore (YouTube video). You've got subscritpions and you already said ok, ok, agree and you agree that every right in the world belongs to them and you got no rights and anything you put in the cloud, you don't even know,' says Woz. 'Ownership was what made America different than Russia.'"

First time accepted submitter jarle.aase writes "It's doable today to use a mix of virtual machines, VPN, TOR, encryption (and staying away from certain places; like Google Plus, Facebook, and friends), in order to retain a reasonable degree of privacy. In recent days, even major mainstream on-line magazines have published such information. (Aftenposten, one of the largest newspapers in Norway, had an article yesterday about VPN, Tor and Freenet!) But what about the cell-phone? Technically it's not hard to design a phone that can switch off the GSM transmitter, and use VoIP for calls. VoIP could then go from the device through Wi-Fi and VPN. Some calls may be routed trough PSTN gateways — allowing the agencies to track the other party. But they will not track your location. And they will not track pure, encrypted VoIP calls that traverse trough VPN and use anonymous SIP or XMPP accounts. Android may not be the best software for such a device, as it very eagerly phones home. The same is true for iOS and Windows 8. Actually, I would prefer a non cloud-based mobile OS from a vendor that is not in the PRISM gallery. Does such a device exist yet? Something that runs a relatively safe OS, where GSM can be switched totally off? Something that will only make an outgoing network connection when I ask it to do so?" And in the absence of a perfect solution, what do you do instead? (It's still Android and using the cell network, but Red Phone — open sourced last year — seems like a good start.)

Trailrunner7 writes "A group of eight senators from both parties have introduced a new bill that would require the attorney general to declassify as many of the rulings of the secret Foreign Intelligence Surveillance Court as possible as a way of bringing into the sunlight much of the law and opinion that guides the government's surveillance efforts. Under the terms of the proposed law, the Justice Department would be required to declassify major FISC opinions as a way to give Americans a view into how the federal government is using the Foreign Intelligence Surveillance Act and Patriot Act. If the attorney general determines that a specific ruling can't be declassified without endangering national security, he can declassify a summary of it. If even that isn't possible, then the AG would need to explain specifically why the opinion needs to be kept secret."

chicksdaddy writes "In the days since stories based on classified information leaked by former NSA contractor Edward Snowden hit the headlines, a string of reports and editorials claim that he had his facts wrong, accuse him of treason – or both. Others have accused journalists like Glen Greenwald of The Guardian of rushing to print before they had all the facts. All of these criticisms could be valid. Technology firms may not have given intelligence agencies unfettered and unchecked access to their users' data. Edward Snowden may be, as the New York Times's David Brooks suggests, one of those 20-something-men leading a 'life unshaped by the mediating institutions of civil society.' All those critiques may be true without undermining the larger truth of Snowden's revelation: in an age of global, networked communications and interactions, we are all a lot less free than we thought we were. I say this because nobody has seriously challenged the basic truth of Snowden's leak: that many of the world's leading telecommunications and technology firms are regularly divulging information about their users' activities and communications to law enforcement and intelligence agencies based on warrantless requests and court reviews that are hidden from public scrutiny. It hasn't always been so." Bruce Schneier has published an opinion piece saying that while Snowden did break the law, we need to investigate the government before any prosecution occurs. (Schneier's piece is one in a series on the subject.) Snowden himself said in an interview today that the U.S. government has been pursuing hacking operations against China for years.

Nerval's Lobster writes "If those newspaper reports are accurate, the NSA's surveillance programs are enormous and sophisticated, and rely on the latest in analytics software. In the face of that, is there any way to keep your communications truly private? Or should you resign yourself to saying or typing, 'Hi, NSA!' every time you make a phone call or send an email? Fortunately there are ways to gain a measure of security: HTTPS, Tor, SCP, SFTP, and the vendors who build software on top of those protocols. But those host-proof solutions offer security in exchange for some measure of inconvenience. If you lose your access credentials, you're likely toast: few highly secure services include a 'Forgot Your Password?' link, which can be easily engineered to reset a password and username without the account owner's knowledge. And while 'big' providers like Google provide some degree of encryption, they may give up user data in response to a court order. Also, all the privacy software in the world also can't prevent the NSA (or other entities) from capturing metadata and other information. What do you think is the best way to keep your data locked down? Or do you think it's all a lost cause?"

Nerval's Lobster writes "In an open letter addressed to U.S. attorney general Eric Holder and FBI director Robert Mueller, Google chief legal officer David Drummond again insisted that reports of his company freely offering user data to the NSA and other agencies were untrue. 'However,' he wrote, 'government nondisclosure obligations regarding the number of FISA national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.' In light of that, Drummond had a request of the two men: 'We therefore ask you to help make it possible for Google to publish in our Transparency Report aggregate numbers of national security requests, including FISA disclosures—in terms of both the number we receive and their scope.' Apparently Google's numbers would show 'that our compliance with these requests falls far short of the claims being made.' Google, Drummond added, 'has nothing to hide.'" Another open letter was sent to Congress from a variety of internet companies and civil liberties groups (headlined by Mozilla, the EFF, the ACLU, and the FSF), asking them to enact legislation to prohibit the kind of surveillance apparently going on at the NSA and to hold accountable the people who implemented it. (A bipartisan group of senators has just come forth with legislation that would end such surveillance.) In addition to the letter, the ACLU sent a lawsuit as well, directed at President Obama, Eric Holder, the NSA, Verizon and the Dept. of Justice (filing, PDF). They've also asked (PDF) for a release of court records relevant to the scandal. Mozilla has also launched Stopwatching.us, a campaign to "demand a full accounting of the extent to which our online data, communications and interactions are being monitored." Other reactions: Tim Berners-Lee is against it, Australia's Foreign Minister doesn't mind it, the European Parliament has denounced it, and John Oliver is hilarious about it (video). Meanwhile, Edward Snowden, the whistleblower who leaked the information about the NSA's surveillance program, is being praised widely as a hero and a patriot. There's already a petition on Whitehouse.gov to pardon him for his involvement, and it's already reached half the required number of signatures for a response from the Obama administration.

New submitter WML MUNSON sends this quote from NJ.com: "License, registration and cell phone, please. Police officers across New Jersey could be saying that to motorists at the scenes of car crashes if new legislation introduced in the state Senate becomes law. The measure would allow cops — without a warrant — to thumb through a cell phone to determine if a driver was talking or texting when an accident occurred. It requires officers to have 'reasonable grounds' to believe the law was broken. There were 1,840 handheld cell phone-related crashes in New Jersey in 2011, resulting in 807 injuries and six deaths, according to the state Division of Highway Traffic Safety. 'Think about it: The chances of the cop witnessing the accident are slim to none,' said the bill’s sponsor, state Sen. James Holzapfel (R-Ocean), who has worked as a county and municipal prosecutor. 'He’s dispatched, and by the time he gets there — unless they’re unconscious and the phone is in their hands, or some passenger says they were on the phone — then he’s got to do what? Subpoena the service to see if the phone was actively used or not?'"

An anonymous reader writes "While the tech media has gone wild the past few days with the reports of the NSA tracking Verizon cell usage and creating the PRISM system to peer into our online lives, a new study by Pew Research suggests that most U.S. citizens think it's okay. 62 percent of Americans say losing some personal privacy is acceptable as long as its used to fight terrorism, and 56 percent are okay with the NSA tracking phone calls. Online tracking is fair less popular however, with only 45 percent approving of the practice. The data also shows that the youth are far more opposed to curtailing privacy to fight terror, which could mean trouble for politicians planning to continue these programs in the coming years."