.net programming, computers and assorted technology rants

Posts tagged “Prism

Why the NSA will have a tougher time spying through the Xbox One Kinect sensor

Courtesy Brad Reed, BGR

NSA Xbox One Spying Potential

Given all the allegations surrounding Microsoft’s supposed cooperation with the United States government on implementing the PRISM surveillance program, it’s not too far-fetched to worry that the National Security Agency could one day ask Microsoft for access to video feeds of users’ living rooms through the Xbox One Kinect sensor. The reason this is so potentially worrisome is that the new Kinect has the ability to reveal even more sensitive information than other data allegedly collected by the government, especially since Microsoft says the new Kinect is designed to monitor your mood by looking ”at microfluctuations in the blood underneath your skin” and zooming “into your face to show if you’re neutral or smiling.”

It goes without saying that such surveillance would be far more invasive than anything else the government has access to, but The Verge has talked with some legal experts who seriously doubt that the NSA could get away with outright monitoring citizens’ living rooms without a proper search warrant. The big reason is that, unlike with telephone metadata, there’s no way for the government to plausibly argue that watching you in your home without a warrant is anything but an unlawful search.

“It would be a flat violation of what little remains of the Fourth Amendment if the government had the ability to spy on you inside your house via a game system to which it had a backdoor,” civil rights attorney Scott Greenwood told The Verge. “If you’re going to be invading someone’s personal space, their residential space, you’re going to need a warrant unless certain exceptions are met… and I think having an always-on video camera would never, ever be able to meet the Fourth Amendment standard.”

Faiza Patel, co-director of the Liberty and National Security program at the Brennan Center for Justice, similarly told The Verge that “The Fourth Amendment has been found to be really protective of everything that’s inside a person’s home” so it’s very unlikely that courts would throw away all past precedent to let the government snoop on you through your Xbox.

Advertisements

NSA scandal delivers record numbers of internet users to DuckDuckGo

Courtesy Charles Arthur, theGuardian.co.uk

Gabriel-Weinberg

Gabriel Weinberg, the founder of DuckDuckGo, who says search data ‘is arguably the most personal data people are entering into anything’.

Gabriel Weinberg noticed web traffic building on the night of Thursday 6 June – immediately after the revelations about the "Prism" programme. Through the programme, the US’s National Security Agency claimed to have "direct access" to the servers of companies including, crucially, the web’s biggest search engines – Google, Microsoft and Yahoo.

Within days of the story, while the big companies were still spitting tacks and tight-lipped disclaimers, the search engine Weinberg founded – which pledges not to track or store data about its users – was getting 50% more traffic than ever before. That has gone up and up as more revelations about NSA and GCHQ internet tapping have come in.

"It happened with the release by the Guardian about Prism," says Weinberg, right, a 33-year-old living in Paoli, a suburb of Philadelphia on the US east coast. "We started seeing an increase right when the story broke, before we were covered in the press." From serving 1.7m searches a day at the start of June, it hit 3m within a fortnight.

Yet you’ve probably never heard of DuckDuckGo. "If you asked 100 people, 96 would probably think it was a Chinese restaurant," as the SFGate site observed. (The name comes from the children’s game DuckDuckGoose, a sort of tag involving seated players.) You won’t find it offered as an alternative default search engine on any browser, on desktop or mobile. Using it is very definitely an active choice, whereas using Google is the default option on most browsers. And 95% of people never change the default settings on anything.

But this 20-person business offers what none of the big search engines do: zero tracking. It doesn’t use cookies or store data about its users’ IP addresses, doesn’t offer user logins, and uses an encrypted connection by default. (Google provides an encrypted connection for logged-in users, but not automatically for non-logged in users.) If the NSA demanded data from DuckDuckGo, there would be none to hand over.

Weinberg, who lives with his wife and two sons, did not build his search engine with that intention. The initial idea came after selling his previous startup, Opobox ("a sort of Friends Reunited"), for $10m (£6.7m) to Classmates.com in 2006. "My wife was doing her PhD, so I had some spare time," he says. Taking a class in stained-glass making, he discovered that the teacher’s handout with "useful web links" didn’t tally with Google’s results at all. "I realised that there were millions of people who knew the right list of search terms and would make a better engine than Google."

Then he noticed growing amounts of junk sites in Google results – pushed there by experts who had gamed the giant’s algorithms. He decided that by hooking into web services such as Wikipedia, Yelp and Qype, he could get focused answers cheaply. By using a combination of those services and crowdsourced links, he built the site’s first search index.

Of the privacy angle, he says: "I kind of backed into that." It wasn’t a political decision, but a personal one. "It’s hard to define my politics. I take every issue seriously and come to my own conclusion. I don’t really feel like I belong to any political party in the US … I guess I’m more on the liberal side."

The reason he decided not to store search data was because it reveals so much about us. In 2005, AOL accidentally released details of searches made by 650,000 of its users via Google; reporters from the New York Times were able to use the information to identify one of the users: a 62-year-old woman in Georgia. Nowadays Google would also have your IP address (indicating your ISP and perhaps precise location) and, if you were logged in, all your previous search history. If you logged in to use Google on your mobile, it would have your location history too.

Having decided that searching is intimately personal, he deduced that governments would want to get hold of search data. "I looked at the search fiascos such as the AOL data release, and decided that government requests were real and would be inevitable, and that search engines and content companies would be handing over that data [to government] in increasing amounts."

Search data, he says, "is arguably the most personal data people are entering into anything. You’re typing in your problems, your desires. It’s not the same as things you post publicly on a social network."

So why does Google store it? "It’s a myth that Google needs to store all this data about you. Almost all the money they make on search is based on what you type into the search box. Nothing more. They need to track you for their other services – Gmail, YouTube – because those are hard to monetise, and that’s why you get ads following around the internet all the time." (Google owns DoubleClick, the largest display ad supplier online.)

DuckDuckGo web searches

Having your data passed around can also lead you to be charged more for an item: if your browsing history shows you visit high-end sites, some sites will increase prices. (That’s why plane fares can drop if you delete the "cookie" files in your browser.)

Google’s mis-steps are turning out to be DuckDuckGo’s biggest source of new users. In January 2012 – when Google announced that it would be aggregating user data across all its services – DuckDuckGo’s traffic (which it publishes online) trebled in three months. Once Google implemented the change, "people came and stayed; it wasn’t just a rise and fall," Weinberg says.

More recently, the Prism fallout has seen traffic keep rising, building on that success. "I think these people are going to stay too."

He wasn’t that surprised at the Prism revelations. "A few months ago 60 Minutes did a programme about this humungous data centre the NSA is building in Utah. After hearing that, this didn’t surprise me that much. But it did surprise me how much we have increased our traffic."

Even so, not everyone believes Weinberg’s success matters much. Danny Sullivan, who runs the Search Engine Land site, and has been analysing the search business since Google was just a gleam in the eyes of Larry Page and Sergey Brin, argues that DuckDuckGo’s size really indicates people don’t care about privacy.

"Don’t get me wrong. If you ask people about search privacy, they’ll respond that it’s a major issue," he wrote on his site. "Big majorities say they don’t want to be tracked nor receive personalised results. But if you look at what people actually do, virtually none of them make efforts to have more private search." Compared with the 13bn searches Google does every day, he suggests, DuckDuckGo’s 3m daily (90m monthly) barely registers.

Is that because people don’t know it exists? Is it like Google in 1998, when the dominant search engine was Altavista (closed this week by Yahoo)? "I don’t think that’s it," Sullivan said. "Ask.com was pretty well-known. It did a big privacy push; didn’t help. Yahoo played up [privacy] against Google; nope. I think most people trust Google – enough, at least."


Finally! An ISP with Balls

Courtesy Rory Carroll,  theGuardian.co.uk

NSA Data Center in Bluffdale, Utah

The new NSA data centre is not far from Pete Ashdown’s privacy-centric internet service provider. The irony is not lost on him. Photograph: Rick Bowmer/AP

Silicon Valley’s role in US government surveillance has triggered public anxiety about the internet, but it turns out there is at least one tech company you can trust with your data. The only problem: it’s a relative minnow in the field, operating from offices in Utah.

Xmission, Utah’s first independent and oldest internet service provider, has spent the past 15 years resolutely shielding customers’ privacy from government snoops in a way that larger rivals appear to have not.

The company, a comparative midget with just 30,000 subscribers, cited the Fourth Amendment in rebuffing warrantless requests from local, state and federal authorities, showing it was possible to resist official pressure.

"I would tell them I didn’t need to respond if they didn’t have a warrant, that (to do so) wouldn’t be constitutional," the founder and chief executive, Pete Ashdown, said in an interview at his Salt Lake City headquarters.

Since 1998 he rejected dozens of law enforcement requests, including Department of Justice subpoenas, on the grounds they violated the US constitution and state law. "I would tell them, please send us a warrant, and then they’d just drop it."

Ashdown, 46, assented just once, on his lawyer’s advice, to a 2010 FBI request backed by a warrant from the Foreign Intelligence Surveillance Court.

"I believe under the fourth amendment digital data is protected. I’m not an unpaid branch of government or law enforcement."

Ashdown was wary about Silicon Valley’s carefully worded insistence that the government had no direct access to servers. Access to networks, not servers, was the key, he said.

Pete AshdownPete Ashdown has rejected dozens of law enforcement requests, citing user privacy laws.

The state attorney general alleged XMission was soft on crime but the company, with a staff of 45 and turnover of $7m, suffered no official retaliation, said Ashdown. "I didn’t feel that I was in danger, or that my business suffered."

In the wake of revelations over National Security Agency surveillance and ties to Silicon Valley he has published a reportdetailing official information requests, and the company’s response, over the past three years.

The Electronic Freedom Foundation called it a model for the industry. "XMission’s transparency report is one of the most transparent we’ve seen," said Nate Cardozo, a lawyer for the San Francisco-based advocacy group.

EFF has lobbied big service providers – in vain – to publish individual government requests and their responses to the requests. Google and other giants would need a different format for scale but could emulate the Utah minnow’s spirit, said Cardozo. "The major service providers should demonstrate their commitment to their users and take XMission’s transparency report as a model."

EFF’s most recent Who Has Your Back report – an annual ranking of privacy protection by big tech companies – gave Twitter the maximum of six stars and just one each to Apple and Yahoo.

Utah is an unlikely home for an internet privacy champion. The state’s conservative politicians cheered the Bush-era Patriot Act and welcomed the NSA’s new 1m sq ft data centre at Bluffdale, outside Salt Lake City.

Ashdown, who toured the facility with a group of local data centre operators, said he had not received NSA information requests but saw irony in it siting its data behemoth in his backyard.

The agency’s online snooping betrayed public trust, he said. "Post 9/11 paranoia has turned this into a surveillance state. It’s not healthy."

The only solution to internet snooping was encryption, he said, a pointhe repeated on a blog.

Ashdown, 46, attributes part of his wariness of authority to his mother, who saw the Nazis overrun Denmark. He ran as the Democratic candidate for the US senate in 2006, promising to bring technology savvy to Washington, but lost to the Republican incumbent, Orrin Hatch. He ran again in 2012, but lost in the primary.

An additional disappointment was the discovery that many if not most ordinary people – at least until the NSA scandal – cared little about privacy when selecting internet providers. "Unfortunately it’s not what people think about. They put name recognition and cost ahead of privacy."


How Microsoft handed the NSA access to encrypted messages

Courtesy Glenn Greenwald, Ewen MacAskill, Laura Poitras, Spencer Ackerman andDominic Rushe,

Guardian.co.uk

Skype logo

Skype worked with intelligence agencies last year to allow Prism to collect video and audio conversations. Photograph: Patrick Sinkel/AP

Microsoft has collaborated closely with US intelligence services to allow users’ communications to be intercepted, including helping the National Security Agency to circumvent the company’s own encryption, according to top-secret documents obtained by the Guardian.

The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.

The documents show that:

• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

• Microsoft also worked with the FBI’s Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;

• In July last year, nine months after Microsoft bought Skype, the NSAboasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

• Material collected through Prism is routinely shared with the FBI andCIA, with one NSA document describing the program as a "team sport".

The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration. All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their co-operation with the NSA to meet their customers’privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.

In a statement, Microsoft said: "When we upgrade or update products we aren’t absolved from the need to comply with existing or future lawful demands." The company reiterated its argument that it provides customer data "only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers".

In June, the Guardian revealed that the NSA claimed to have "direct access" through the Prism program to the systems of many majorinternet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.

Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSAoperative has a 51% belief that the target is not a US citizen and is not on US soil at the time. Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans’ communicationswithout a warrant if the target is a foreign national located overseas.

Since Prism’s existence became public, Microsoft and the other companies listed on the NSA documents as providers have denied all knowledge of the program and insisted that the intelligence agencies do not have back doors into their systems.

Microsoft’s latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: "Your privacy is our priority."

Similarly, Skype’s privacy policy states: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content."

But internal NSA newsletters, marked top secret, suggest the co-operation between the intelligence community and the companies is deep and ongoing.

The latest documents come from the NSA’s Special Source Operations (SSO) division, described by Snowden as the "crown jewel" of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.

The files show that the NSA became concerned about the interception of encrypted chats on Microsoft’s Outlook.com portal from the moment the company began testing the service in July last year.

Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats

A newsletter entry dated 26 December 2012 states: "MS [Microsoft], working with the FBI, developed a surveillance capability to deal" with the issue. "These solutions were successfully tested and went live 12 Dec 2012."

Two months later, in February this year, Microsoft officially launched the Outlook.com portal.

Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. "For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."

Microsoft’s co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked "for many months" with the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley on Prism – to allow Prism access without separate authorization to its cloud storage service SkyDrive.

The document describes how this access "means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about".

The NSA explained that "this new capability will result in a much more complete and timely collection response". It continued: "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."

A separate entry identified another area for collaboration. "The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes."

The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663 million global users.

One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture’," it says.

Eight months before being bought by Microsoft, Skype joined the Prismprogram in February 2011.

According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.

The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. "Feedback indicated that a collected Skype call was very clear and the metadata looked complete," the document stated, praising the co-operation between NSA teams and the FBI. "Collaborative teamwork was the key to the successful addition of another provider to the Prism system."

ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. "In the past, Skype made affirmative promises to users about their inability to perform wiretaps," he said. "It’s hard to square Microsoft’s secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google."

The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.

The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that "enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism".

The document continues: "The FBI and CIA then can request a copy ofPrism collection of any selector…" As a result, the author notes: "these two activities underscore the point that Prism is a team sport!"

In its statement to the Guardian, Microsoft said:

We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues. First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes.

Second, our compliance team examines all demands very closely, and we reject them if we believe they aren’t valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate.

Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.

In a joint statement, Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA, said:

The articles describe court-ordered surveillance – and a US company’s efforts to comply with these legally mandated requirements. The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy.

They added: "In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate."

 

• This article was amended on 11 July 2013 to reflect information from Microsoft that it did not make any changes to Skype to allow Prismcollection on or around July 2012.


How To Become Invisible To The NSA’s Domestic Spying Program

Courtesy DYLAN LOVE, BusinessInsider

Invisible Shoes

A designer named Peng Zhong feels so strongly opposed to PRISM, the NSA’s domestic spying program, that he created a site to educate people on how to "opt out" of it.

According to the original report that brought PRISM to public attention, the nine companies that "participate knowingly" with the NSA are Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple.

Zhong’s approach is to replace your workflow with open-source tools that aren’t attached to these companies, since they easily stay well off the government’s radar.

If you want to drop totally off the map, it’ll take quite a commitment. (Are you ready to give up your operating system?)

We’ve gathered our favorites of the apps Zhong mentioned. If you want to see all these and more, check out his site.

Click here to see the software that PRISM can’t track > »

Read more: http://www.businessinsider.com/how-to-opt-out-of-prism-2013-6?op=1#ixzz2WOqIQHh9


Here’s everything we know about PRISM to date

Courtesy Timothy B. Lee, ArsTechinca

(Image by Charles Smith)

Since the Guardian and The Washington Post revealed the existence of the NSA’s PRISM program last week, there’s been a confusing debate about what exactly the program is and how it works. While the Obama administration has tacitly acknowledged the program’s existence, tech companies have angrily denied that they had given the NSA “direct” or “unfettered” access to their servers. So what’s going on? Let’s try to separate the facts from the hype.

What do we know for sure about PRISM?

We know that PRISM is a system the NSA uses to gain access to the private communications of users of nine popular Internet services. We know that access is governed by Section 702 of the Foreign Intelligence Surveillance Act, which was enacted in 2008. Director of National Intelligence James Clapper tacitly admitted PRISM’s existence in a blog post last Thursday. A classified PowerPoint presentation leaked by Edward Snowden states that PRISM enables “collection directly from the servers” of Microsoft, Yahoo, Google, Facebook and other online companies.

Read More:

http://www.washingtonpost.com/blogs/wonkblog/wp/2013/06/12/heres-everything-we-know-about-prism-to-date/


Developing a Windows Store business app using C#, XAML, and Prism for the Windows Runtime

Courtesy MSDN

This guide provides guidance to developers who want to create a Windows Store business app using C#, Extensible Application Markup Language (XAML), the Windows Runtime, and modern development practices. The guide comes with source code for Prism for the Windows Runtime, source code for the AdventureWorks Shopper product catalog and shopping cart reference implementation, and documentation. The guide provides guidance on how to implement MVVM with navigation and app lifecycle management, validation, manage application data, implement controls, accessible and localizable pages, touch, search, tiles, and tile notifications. It also provides guidance on testing your app and tuning its performance.

Read More:

http://msdn.microsoft.com/en-us/library/windows/apps/xx130643.aspx