SF Bay Area Indymedia indymedia
About Contact Subscribe Calendar Publish Print Donate

International | Indymedia | Police State and Prisons

Why you should use Riseup.
by riseup.net (repost)
Sunday Dec 27th, 2009 10:41 AM
Why you should use Riseup. Why your friends should use us, or other tech
collectives, too.
Two birds recently did a presentation at the People's Summit[1]
celebrating the 10 year anniversary of the WTO protests. We discussed
the dangers of using corporate tools to do organizing work, in
particular, the fact that you don't know what they do with your data.
Thanks to some anonymous comments in a blogger's post[2] about his
research regarding a U.S. mobile phone company's release to law
enforcement of its customers' geographic location information, we now
have some answers.

Large companies have entire departments devoted to dealing with law
enforcement subpoenas and warrants, and the anonymous posters provided
copies of the guidebooks that several large corporations provide to
assist law enforcement with their requests. The leaked manuals include
those for facebook,[3] yahoo,[4], myspace,[5] comcast,[6] and paypal.[7]
Each manual provides helpful hints for law enforcement regarding the
specific data available (some of which may be obtained with a mere
subpoena and without any judicial scrutiny), and even sample request
language to use in different circumstances. For example, according to
the leaked manual, facebook retains information about the IP address of
every computer that accesses their website for 30 days. This means that,
unless you use countermeasures, facebook can know the exact location
where you logged on to your account. Because this IP address information
does not include the contents of communications, a U.S. prosecutor can
seek the information without any judicial oversight.

With a court order, facebook will release even more information about
you. They've even developed an application called "Neoprint" to deliver
a handy packet of information about subscribers, including profile
contact information, mini-feed, friend listing (with friend's facebook
ID), group listing and messages.

There is little oversight of surveillance conducted in the U.S. of
online service providers because the U.S. Department of Justice does not
report the number of IP address requests that they have issued, even
though a 1999 law requires reports. There is also no reporting
requirement for court orders issued under the Stored Communications
Act[8] which governs the release in the United States of all of your
electronic data stored online.

One of the scary things about all of this is that the US actually has
better data protection laws than many other countries. Also, unlike our
comrades in the EU,[9] the US does not currently require online
providers to keep logs, This means that people organizing everywhere
should be aware that if you are using corporate providers, your data is
at risk.

While this information should not be surprising, it illustrates the
importance of supporting alternatives and educating each other about the
risks of using corporate tools for organizing work. For more
information, read the blog post,[2]

[1] http://seattleplus10.org/
[2] http://paranoia.dubfire.net/2009/12/8-million-reasons-for-real-surveillance.html
[3] http://dtto.net/docs/facebook-manual.pdf
[4] http://dtto.net/docs/yahoo-guide.pdf
[5] http://dtto.net/docs/myspace-guide.pdf
[6] http://dtto.net/docs/comcast-guide.pdf
[7] http://dtto.net/docs/paypal-guide.pdf
[8] http://en.wikipedia.org/wiki/Stored_Communications_Act
[9] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32006L0024:EN:NOT

Comments  (Hide Comments)

This October, Chris Soghoian — computer security researcher, oft-times journalist, and current technical consultant for the FTC's privacy protection office — attended a closed-door conference called "ISS World". ISS World — the "ISS" is for "Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering" — is where law enforcement and intelligence agencies consult with telco representatives and surveillance equipment manufacturers about the state of electronic surveillance technology and practice. Armed with a tape recorder, Soghoian went to the conference looking for information about the scope of the government's surveillance practices in the US. What Soghoian uncovered, as he reported on his blog this morning, is more shocking and frightening than anyone could have ever expected

At the ISS conference, Soghoian taped astonishing comments by Paul Taylor, Sprint/Nextel's Manager of Electronic Surveillance. In complaining about the volume of requests that Sprint receives from law enforcement, Taylor noted a shocking number of requests that Sprint had received in the past year for precise GPS (Global Positioning System) location data revealing the location and movements of Sprint's customers. That number?

EIGHT MILLION.
The most prominent of these tracking methods is the so-called "Flash cookie", a kind of cookie maintained by the Adobe Flash plug-in on behalf of Flash applications embedded in web pages. These cookie files are stored outside of the browser's control. Web browsers do not directly allow users to view or delete the cookies stored by a Flash application, users are not notified when such cookies are set, and these cookies never expire. Flash cookies can track users in all the ways traditionally HTTP cookies do, and they can be stored or retrieved whenever a user accesses a page containing a Flash application. Some of the problems are highlighted by Rob Savoye, the developer of Gnash, an open source Flash implementation.