Commit Graph

238 Commits (30dc33c97b8ec3f1358283a0e6690b5680ce1254)

Author SHA1 Message Date
Mike Gerwitz 4696494da4
:Added mention of work on GNU screen with amade on projects page 2013-12-18 19:09:51 -05:00
Mike Gerwitz fcd8eeea9a :Replaced now out-of-date Windows 7 Sins image with EFF NSA Spying logo 2013-08-18 12:47:33 -04:00
Mike Gerwitz a79b9ccf43 :Added Copyleft vs. Community article to papers 2013-08-15 21:43:56 -04:00
Mike Gerwitz 288c90df62
FreeBSD, Clang and GCC: Copyleft vs. Community
A useful perspective explaining why [FreeBSD is moving away from GCC in
favor of Clang][0]; indeed, they are moving away from GPL-licensed software
in general. While this is [not a perspective that I personally agree
with][1], it is one that I will respect for the project. It is worth
understanding the opinions of those who disagree with you to better
understand and formulate your own perspective.

But I am still a free software activist.

  The goal of the FreeBSD Project is to provide a stable and fast general
  purpose operating system that may be used for any purpose without strings
  attached.[2]

As is mentioned in the aforementioned article[0], the BSD community does not
hold the same opinions on what constitutes ``without strings
attached''---the BSD community [considers the restriction on the user's
right to make proprietary use of the software to be a ``string''][2],
whereas the free software community under [RMS][3] believes that [the
ability to make a free program proprietary is unjust][4]:

  Making a program proprietary is an exercise of power. Copyright law today
  grants software developers that power, so they and only they choose the
  rules to impose on everyone else—a relatively small number of people make
  the basic software decisions for all users, typically by denying their
  freedom. When users lack the freedoms that define free software, they
  can't tell what the software is doing, can't check for back doors, can't
  monitor possible viruses and worms, can't find out what personal
  information is being reported (or stop the reports, even if they do find
  out). If it breaks, they can't fix it; they have to wait for the developer
  to exercise its power to do so. If it simply isn't quite what they need,
  they are stuck with it. They can't help each other improve it.[4]

The [Modified BSD License][5] is a GPL-compatible Free Software
license---that is, software licensed under the Modified BSD license meets
the requirements of the [Free Software Definition][6]. The additional
``string'' that the BSD community is referring to is the concept of
[copyleft][7]---Richard Stallman's copyright hack and one of his most
substantial contributions to free software and free society. To put it into
the words of the FSF:

  Copyleft is a general method for making a program (or other work) free,
  and requiring all modified and extended versions of the program to be free
  as well.[7]

Critics often adopt the term [``viral'' in place of ``copyleft''][8] because
of the requirement that all derivatives must contain the same copyleft
terms---the derivative must itself be Free Software, perpetually (until, of
course, the copyright term expires and it becomes part of the public domain,
[if such a thing will ever happen at this rate][9]). In the case of the
Modified BSD license---being a more permissive license that is non-copyleft
and thus allows proprietary derivatives---derivative works that include both
BSD- and GPL-licensed code essentially consume the [Modified BSD license's
terms][10], which are a subset of the [GPL's][11]. Of course, this is not
pursuant to [FreeBSD's goals][2] and so they consider this to be a bad
thing: There are ``strings attached''.

This is more demonstrative of the [``open source'' philosophy than that of
``Free Software''][12] (yes, notice the bias in my capitalization of these
terms).

[Copyleft is important][7] because it ensures that all users will forever
have the [four fundamental freedoms associated with Free Software][6]. The
GPL incorporates copyleft; BSD licenses do not. Consider why this is a
problem: Imagine some software Foo licensed under the Modified BSD
license[10]. Foo is free software; it is licensed under a free software
license (Modified BSD).[5] Now consider that someone makes a fork---a
derivative---of Foo, which we will call ``Foobar''. Since the Modified BSD
license is not copyleft[10], the author of Foobar decides that he or she
does not wish to release its source code; this is perfectly compliant with
the Modified BSD license, as it does not require that source code be
distributed with a binary (it only requires---via its second
clause[10]---that the copyright notice, list of conditions and disclaimer be
provided).

The author has just taken Foo and made it proprietary.

The FreeBSD community is okay with this; [the free software community is
not][4]. There is a distinction between these two parties: When critics of
copyleft state that they believe the GPL is ``less free'' than more
permissive licenses such as the BSD licenses, they are taking into
consideration the freedoms of developers and distributors; the GPL, on the
other hand, explicirly *restricts* these parties' rights in order to protect
the *users* because those parties are precisely those that seek to *restrict
the users' freedoms*; we cannot provide such freedoms to developers and
distributors without sacrificing the rights of the vulnerable users who
generally do not have the skills to protect themselves from being taken
advantage of.[13] Free software advocates have exclusive, unwaivering
loyalty to users.

As an example of the friction between the two communities, consider a
concept that has been termed [``tivoization''][14]:

   Tivoization means certain “appliances” (which have computers inside)
   contain GPL-covered software that you can't effectively change, because
   the appliance shuts down if it detects modified software. The usual
   motive for tivoization is that the software has features the manufacturer
   knows people will want to change, and aims to stop people from changing
   them. The manufacturers of these computers take advantage of the freedom
   that free software provides, but they don't let you do likewise.[14]

This [anti-feature][15] is a type of [Digital Restrictions Management
(DRM)][16] that exposes a [loophole in the GPL that was closed in
Section 3 of the GPLv3][14], which requires that:

  When you convey a covered work, you waive any legal power to forbid
  circumvention of technological measures to the extent such circumvention
  is effected by exercising rights under this License with respect to the
  covered work, and you disclaim any intention to limit operation or
  modification of the work as a means of enforcing, against the work's
  users, your or third parties' legal rights to forbid circumvention of
  technological measures.[11]

Unfortunately, not everyone has agreed with this move. A number of
[developers of the kernel Linux expressed their opposition of GPLv3][17]. In
response to the aforementioned GPLv3 provision, they stated:

  While we find the use of DRM by media companies in their attempts to reach
  into user owned devices to control content deeply disturbing, our belief
  in the essential freedoms of section 3 forbids us from ever accepting any
  licence which contains end use restrictions. The existence of DRM abuse is
  no excuse for curtailing freedoms.[17]

Linus Torvalds---the original author of the kernel Linux---also [expressed
his distaste toward the GPLv3][18]; the kernel is today still licensed under
the GPLv2.

[The BSD camp has similar objections][19]:

  Appliance vendors in particular have the most to lose if the large body of
  software currently licensed under GPLv2 today migrates to the new license.
  They will no longer have the freedom to use GPLv3 software and restrict
  modification of the software installed on their hardware. High support
  costs ("I modified the web server on my Widget 2000 and it stopped
  running...") and being unable to guarantee adherence to specifications in
  order to gain licensing (e.g. FCC spectrum use, Cable TV and media DRM
  requirements) are only two of a growing list of issues for these
  users.[19] --Justin Gibbs, VP of The FreeBSD Foundation

My thoughts while reading the above where echoed by Gibbs further on in his
statement: ``[T]he stark difference between the BSD licensing philosophy and
that of the Free Software Foundation are only too clear.'' For the FreeBSD
community, this is a very serious issue and their argument is certainly a
legitimate concern on the surface. However, it is an argument that the Free
Software community would do well to reject: Why would we wish to sacrifice
users' freedoms for any reason, let alone these fairly absurd ones. In
particular, a support contract could dictate that only unmodified software
will be provided assistance and even mandate that the hardware indicate
changes in software: like breaking the ``void'' sticker when opening a
hardware component. Moreover, how frequently would such a situation
actually happen relative to their entire customer base? My guess is: fairly
infrequently. The second issue is a more complicated one, as I am not as
familiar on such topics, but a manufacturer can still assert that the
software that it provides with its devices is compliant. If the compliance
process forbids any possibility of brining the software into
non-compliance---that is, allowing the user to modify the software---then
the hardware manufacturer can choose to not use free software (and free
software advocates will subsequently reject it until standards bodies grow
up).

As I mentioned at the beginning of this article: this is a view that I will
respect for the project. I disagree with it, but FreeBSD is still free
software and we would do well not to discriminate against it simply because
someone else may decide to bastardize it and betray their users by making it
proprietary or providing shackles[16]. However, provided the licensing
option for your own software, you should choose the GPL.

**Colophon:** The title of this article is a play on [RMS' ``Copyright vs.
Communty''][20], which is a title to a speech he frequently provides
worldwide. His speech covers how copyright works against the interests of
the community; here, BSD advocates aruge that [copyleft][7] works against
the interests of *their* community and their users; I figured that I would
snag this title as a free software advocate before someone else opposing
copyleft did.)

[0] http://unix.stackexchange.com/a/49970
[1] [cref:3c37140146dac754ffd80ed8ab4aaa7c182c9c00]
[2] http://www.freebsd.org/doc/faq/introduction.html#FreeBSD-goals
[3] http://en.wikipedia.org/wiki/Richard_Stallman
[4] http://www.gnu.org/philosophy/freedom-or-power.html
[5] http://www.gnu.org/licenses/license-list.html#ModifiedBSD
[6] http://www.gnu.org/philosophy/free-sw.html
[7] http://www.gnu.org/copyleft/
[8] http://en.wikipedia.org/wiki/Copyleft#Viral_licensing
[9] http://www.gnu.org/philosophy/misinterpreting-copyright.html
[10] http://en.wikipedia.org/wiki/BSD_licenses
[11] http://www.gnu.org/licenses/gpl.html
[12] http://www.gnu.org/philosophy/open-source-misses-the-point.html
[13] Technically, the GPL exercises restrictions only on distributors; a
     developer can integrate GPL'd code into their proprietary software so
     long as they do not distribute it (as defined in the GPL).[11] However,
     developers often have to cater to distributors, since software will
     generally be distributed; if it is not, then it is not relevant to this
     discussion.
[14] http://www.gnu.org/licenses/rms-why-gplv3.html
[15] http://www.fsf.org/blogs/community/antifeatures
[16] http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
[17] http://lwn.net/Articles/200422/
[18] http://en.wikipedia.org/wiki/Linux_kernel
[19] http://www.freebsdfoundation.org/press/2007Aug-newsletter.shtml
[20] http://www.gnu.org/philosophy/copyright-versus-community.html
2013-08-14 20:04:22 -04:00
Mike Gerwitz 315ca50e58
Measuring Air Temperature With Phone Batteries
OpenSignal---a company responsible for mapping wireless signal
strength by gathering data using mobile device software---noticed [an
interest correlation between battery temperature on devices and air
temperature][0].

  Aggregating daily battery temperature readings to city level revealed a
  strong correlation with historic outdoor air temperature. With a
  mathematical transformation, the average battery temperature across a
  group of phones gives the outdoor air temperature.[0]

**Note:** Graph renderings on their website require proprietary JavaScript, but
the article does describe it in detail, so it is not necessary. In
particular, note that, from their provided equation[0], their scaling factor
`m' implies that there is a smaller variance in battery temperature in the
graph than there is in the actual air temperature, but that there is still a
correlation.

This is an interesting find. The article further states that ``[...] we have
one data point where the Android data is actually more reliable than the
traditional source.''

Such data can be very useful in providing decentralized data, so long as
[issues of privacy][1] are addressed. Doing so is not terribly difficult,
but would have a number of factors. In particular, the user would need the
means to submit data anonymously, which could be done via software/networks
such as [Tor][2]. GPS location data is certainly a privacy issue when it is
tied to your mobile device, but fortunately, it's unneeded: you can trust
your users to let you know where they reside by either (a) opting into using
location services or (b) allowing them to specify a location or approximate
location of their choosing (approximations would be important since a user
may not wish to change their location manually while they travel, say, to
and from work). If enough devices submit data, then legitimate data would
drown out those who are trying to purposefully pollute the database. Such an
example can be seen with Bitcoin, in which networks will [reach a consensus
on correct blockchains][3] so long as ``a majority of computing power is
controlled by nodes that are not cooperating to attack the network''. Of
course, users would be able to pollute the network by sending false data as
it is, and the data is already tarnished from various factors such as body
heat.[0]

Of course, I do assume that mobile devices will contain temperature sensors
in the future; [some already do][4] (but I cannot encourage their use, as
they use [proprietary software][5]). However, this is still a clever hack (I
suppose that term is redundant). In my searching while writing this article,
I did notice [prior examples of ambient temperature readings using Android
software][6] ([proprietary][5]), but the software does not aggregate data
for purposes of determining weather patterns.

Finally, please do not download OpenSignal's app; it too is
[proprietary][5]; this discussion was purely from a conceptual standpoint
and does not endorse any software.

[0] http://opensignal.com/reports/battery-temperature-weather/
[1] [cref:c449ff03fbd10e2ad113a6b8cd95dacb8126efdf]
[2] https://www.torproject.org/
[3] http://en.wikipedia.org/wiki/Protocol_of_Bitcoin
[4] http://stackoverflow.com/a/11628921
[5] http://www.gnu.org/philosophy/free-sw.html
[6] https://play.google.com/store/apps/details?id=androidesko.android.electronicthermometer&hl=en
2013-08-13 19:50:04 -04:00
Mike Gerwitz 6733c6ecc8
Windows 8.1 to display targeted advertisements on local system searches
It is very disturbing that [Microsoft decided that it would be a good idea
to display targeted ads on local searches][0]---that is, if you search for a
file on your PC named ``finances'', you may get ads for finance software,
taxes, etc. If you search for ``porn'', well, you get the idea.

  Bing Ads will be an integral part of this new Windows 8.1 Smart Search
  experience. Now, with a single campaign setup, advertisers can connect
  with consumers across Bing, Yahoo! and the new Windows Search with highly
  relevant ads for their search queries. In addition, Bing Ads will include
  Web previews of websites and the latest features like site links, location
  and call extensions, making it easier for consumers to complete tasks and
  for advertisers to drive qualified leads.[1]

While that is certainly obnoxious, consider the larger issue of privacy
(which seems to be in the news a lot lately[2][3]): Late last year, there
was an uproar in the Free Software community when [Ubuntu decided to query
Amazon---enabled by default---on local searches][4] using their new Unity
interface. The problem is that your personal queries are being sent to a
third party---queries that you generally would expect to be private. If I
run a `find' or `grep' command on my system, I certainly do not expect it to
report to Amazon or Microsoft what I am searching for.

And to make matters even worse, Microsoft is exploiting this information to
allow advertisers to target you. [Ironic.][5]

[Do not use Windows 8][6] (or any other proprietary software, for that
matter).

[0] http://www.computerworld.com/s/article/9241524/Steven_J._Vaughan_Nichols_Microsoft_Bing_bang_bungles_local_search
[1] http://community.bingads.microsoft.com/ads/en/bingads/b/blog/archive/2013/07/02/new-search-ad-experiences-within-windows-8-1.aspx
[2] [cref:2d97ce3e654c74345794bedcbcca215cfaf75e20]
[3] [cref:c9a9837b4f23c1e350d270d9782544fdef705bc0]
[4] http://www.fsf.org/blogs/rms/ubuntu-spyware-what-to-do
[5] http://www.scroogled.com/email/
[6] https://www.fsf.org/windows8
2013-08-12 23:01:01 -04:00
Mike Gerwitz 2d97ce3e65
Facebook knows about you even if you are not a member
An article about [the scope of Facebook's data collection][0] speaks for
itself; this really does not come as a surprise, but is nonetheless
unsettling.

Encourage your friends, colleagues and acquaintances to use services like
[Diaspora][1] that are respectful of your data instead. Better yet: explain
to those individuals the problems of social media services and ask that they
respectfully leave you out of it.

[0] http://www.groovypost.com/news/facebook-shadow-accounts-non-users/
[1] https://joindiaspora.com/
2013-08-12 20:19:02 -04:00
Mike Gerwitz ddec084bbb
:Oops; committed missing CC-BY-SA image 2013-08-11 12:39:46 -04:00
Mike Gerwitz c449ff03fb
London Trashcan Spies
We're not talking about kids hiding out in trashcans talking on
walkie-talkies and giggling to each other.

Ars has reported on [London trashcans][0] rigged to collect the [MAC
addresses][1] of mobile devices that pass by. Since we do not often see
mobile devices carrying themselves around, we may as well rephrase this as
``collect the MAC addresses of people that pass by''.

  During a one-week period in June, just 12 cans, or about 10 percent of the
  company's fleet, tracked more than 4 million devices and allowed company
  marketers to map the ``footfall'' of their owners within a 4-minute
  walking distance to various stores.[0]

Your device's---er, *your*---MAC address is a unique identifier that, in
the case of wireless networks, is used by the networks to state that a
message is intended specifically for you---something that is necessary since
wireless devices communicate through open air and, therefore, your device is
also able to pick up the communications of other devices.

  In IEEE 802 networks such as Ethernet, token ring, and IEEE 802.11, and in
  FDDI, each frame includes a destination Media Access Control address (MAC
  address). In non-promiscuous mode, when a NIC receives a frame, it
  normally drops it unless the frame is addressed to that NIC's MAC address
  or is a broadcast or multicast frame.[2]

Therefore, in such networks, a MAC address is required for communication. So
why does your device freely give away such a unique identifier that can be
used to track you? Consider that, when wireless is enabled (and, as the Ars
article[0] mentions, sometimes [even when it's not][3]), your device
generally scans your surroundings in order to provide you with a list of
networks to connect to. This list is generally populated when various access
points broadcast their own information to advertise themselves so that you
can select them to connect. However, some access points are hidden---they do
not broadcast their information, which helps to deter unwanted or malicious
users. To connect to these access points, you generally provide the name
that the access point administrator has given to it (e.g. ``mysecretap'').

Let's say you disconnect from mysecretap. Since the access point (AP) is not
broadcasting itself, how does your device know when it is available again?
It must attempt to ping it and see if it gets a response. With this ping is
your MAC address. Since many devices conveniently like to connect
automatically to known access points when they become available, it is
likely that your device is pinging rather frequently.

But what if you do not use hidden access points? Well, it is likely that the
same issue still stands---what if the access point that you connected to was
once listed but then becomes hidden? (Maybe the administrator of the access
point allowed broadcasts for a period of time to allow people to connect
easily, but then hid it at a later time.) Your device would need to account
for that, and therefore, to be helpful, likely broadcasts pings for any
access point you have connected to recently (where ``recently'' would depend
on your device).

Now, back to the [NSA][5]-wannabe-trashcans: At this point, all an observer
must do is lay in wait for those broadcasts and record the MAC addresses. By
placing these devices at various locations, you could easily track the
movements of individuals, including their speed, destinations, durations of
their visits, visit frequencies, favorite areas, dwellings, travel patterns,
etc. Since devices may broadcast a whole slew of recent access points that
it connected to, you could also see areas that the owner may have been to
(oh, I see that you connected to the free wifi in that strip joint). You
[could be evil][6].

Turn off wireless on your device when you are not using it---especially when
you are traveling. Ensure that your device [does not continue pinging access
points when wireless is disabled][3].

Better yet, fight back. Consider exploring how to spoof your MAC address,
perhaps randomly generating one every so often. Consider the possibilities
of activist groups that may pollute these spy databases by gathering a list
of unique MAC addresses of passerbys for the purpose of rebroadcasting them
at random intervals---which you could even do using long-range antennas
targeted at these devices.[7] If done properly to mimic models of common
travel patterns, the data that these spy devices gather would become
unreliable.[8]

Surveillance by any entity---be it [governments][5], corporations,
individuals or otherwise---is not acceptable.

[0] http://arstechnica.com/security/2013/08/no-this-isnt-a-scene-from-minority-report-this-trash-can-is-stalking-you/
[1] http://en.wikipedia.org/wiki/MAC_address
[2] http://en.wikipedia.org/wiki/Promiscuous_mode
[3] http://arstechnica.com/gadgets/2013/08/review-android-4-3-future-proofs-the-platform-with-multitude-of-minor-changes/3/#p15
[4] http://arstechnica.com/security/2013/08/diy-stalker-boxes-spy-on-wi-fi-users-cheaply-and-with-maximum-creep-value/
[5] [cref:c9a9837]
[6] http://renewlondon.com
[7] Disclaimer: Please research your local laws.
[8] Of course, it is important that such an activity in itself does not
violate a person's privacy, and so such collection must be done in a manner
that cannot in itself identify the person's travel patterns (e.g. by
not storing information on what access point the data was collected from).
2013-08-11 12:38:46 -04:00
Mike Gerwitz 3d2febc70d
Snowden Statement at Moscow Airport; Accepts Asylum Offers
**See Also:** [National Uproar: A Comprehensive Overview of the NSA Leaks and
Revelations][0]; I have not yet had the time to devote to writing a thorough
follow-up of recent events and will likely wait until further information and
leaks are presented.

[Edward Snowden][1]---the whistleblower responsible for [exposing various NSA
dragnet spying programs][0], among other documents---has been [stuck in the
Moscow airport][2] for quite some time while trying to figure out how he will
travel to countries offering him asylum, which may involve traveling through
territories that may cooperate with the United States' extradition requests.
Snowden [issued a statement today to Human Rights groups at Moscow's
Sheremetyevo airport][3], within which he mentioned:

  I announce today my formal acceptance of all offers of support or asylum I
  have been extended and all others that may be offered in the future. With, for
  example, the grant of asylum provided by Venezuela’s President Maduro, my
  asylee status is now formal, and no state has a basis by which to limit or
  interfere with my right to enjoy that asylum. [...] I ask for your assistance
  in requesting guarantees of safe passage from the relevant nations in securing
  my travel to Latin America, as well as requesting asylum in Russia until such
  time as these states accede to law and my legal travel is permitted. I will be
  submitting my request to Russia today, and hope it will be accepted
  favorably.[3]

Snowden had previously [withdrawn his request for political asylum in Russia][4]
after [Vladmir Putin stated that he could stay][5] only if he stopped ``bringing
harm to our American partners''---something which [Snowden does not believe that
he is doing][6]. Although Venezuela has offered Snowden asylum, as [explained by
the Guardian][6], ``he remains unable to travel there without travel
documents''. Even if he does obtain travel documents, there are still
worries---earlier this month, the [Bolivian president's plane was diverted with
suspicion that Snowden was on board][7], showing that certain countries may be
willing to aid the U.S. in his extradition or otherwise prevent him from
traveling.

My focus on these issues will seldom be on Snowden himself---I would prefer to
focus primarily on what he sacrificed his life to bring to light. But it is
precisely this sacrifice that makes it important to ensure that Snowden does not
fall out of the picture (though it does not appear that he will any time soon).
The Guardian also seems to have adopted the strategy of slowly providing more
information on the leaks over time---such as the recent revelation that
[Microsoft cooperated with the NSA's Prisim program to provide access to
unencrypted contents of Outlook.com, Hotmail, Skype and SkyDrive services][8]; I
will have more on that later.

I end this with a photograph taken yesterday of [Richard Stallman with Julian
Assange holding up a picture of Snowden][9] that brings a smile to my face.

[0] [cref:c9a9837b4f23c1e350d270d9782544fdef705bc0]
[1] https://en.wikipedia.org/wiki/Edward_Snowden (Now with his own Wikipedia page)
[2] http://www.guardian.co.uk/world/2013/jul/01/edward-snowden-escape-moscow-airport
[3] http://wikileaks.org/Statement-by-Edward-Snowden-to.html
[4] http://www.guardian.co.uk/world/2013/jul/02/edward-snowden-nsa-withdraws-asylum-russia-putin
[5] http://www.guardian.co.uk/world/2013/jul/01/putin-snowden-remain-russia-offer
[6] http://m.guardiannews.com/world/2013/jul/12/edward-snowden-accuses-us-illegal-campaign
[7] http://www.guardian.co.uk/world/2013/jul/05/european-states-snowden-morales-plane-nsa
[8] http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
[9] http://twitpic.com/d279tx
2013-07-13 07:59:18 -04:00
Mike Gerwitz 27870ae35b
All ``Thoughts'' and Site Text Now Licensed Under CC BY-SA
All ``thoughts''---that is, my blog-like entries that are generated by the
repository commit messages---and site text are hereby retroactively relicensed
under the [Creative Commons Attribution-ShareAlike 3.0 Unported License][0].
This license shall not supersede any license that is explicitly put forth within
a work; see the COPYING file within the thoughts repository---available on the
``Projects'' page---for more information.

This is not a decision I take lightly; it has received much thought over the
course of recent years. For some time, I accepted [the view of Richard Stallman
and the Free Software Foundation][1] on opinion pieces in that, since they
express personal opinions, it is not unreasonable to require that they be
distributed verbatim. Indeed, it would seem wise not to allow someone to change
your words, especially on something that you are passionate about.

However, I have come to adopt another perspective. What is the motivation behind
releasing content under a license that permits modification (that is, the
creation of derivative works)? Often, the primary reason is to allow others to
improve upon the content or to modify it to suit their particular needs. To
prevent others from locking down those changes---preventing others from having
the same rights as they did---many will often release their works under licenses
that require that all derivatives be released under the same terms. In the case
of Creative Commons, this is called [``ShareAlike''][2], which is motivated by
GNU's copyright hack called [copyleft][3] (popularized by the [GNU General
Public License][4]).

For [free software][5] advocates, the question of whether or not to permit
modification is generally not even raised---it is a necessity. Software serves a
functional purpose: Prohibiting modification could prevent users from altering
the software in ways that they may find useful and could be used to exert
control over the users. Software does stuff. Software can control what the user
can and cannot do.

Creative works are often considered in a different light. Like software, they
are indeed useful---they can be tools to learn, to entertain, etc. However, does
prohibiting modification do any harm? In the case of [documentation for free
software][6], yes---documentation is very important and can make the difference
between highly useful software and impenetrable software. Free documentation
ensures that, as the software grows, the documentation can grow with it. Since
the documentation for many projects is often scarce or poorly written (great
computer hackers are not necessarily great language hackers), the freedom to
modify the documentation is a necessity.

Then what of texts that have nothing to do with a free software project? Texts
that serve as an educational resource of any kind would benefit from being free
just as a free software project would---experts could contribute, teachers could
alter it to suit their particular teaching style or their classroom setting,
etc. But what of texts that exist purely as opinion pieces?

I'm not sure there's such a thing as a ``pure'' opinion piece, unless it is
utter garbage.

An author would do well to substantiate their opinion with appropriate
references (though often times, this is not the case). With those
references (or lack thereof) comes the need to connect them to the content---the
author must explain his or her opinion. This explanation is educational, even if
the reader does not agree with the opinion. Perhaps the reader wishes to use the
opinion piece as a resource, but notices that it is lacking in some respect.
Should they not be able to improve it, perhaps to even further the author's
point? Or, perhaps the opinion piece could be extended to the contrary---to
prove additional references to either make it neutral or even work against the
author's original opinion.  Even though this may not be what the author wants,
this is still a useful derivation of the original work.

As an example, consider this very post. This is clearly an opinion piece---I
have made the choice to release my content under a Creative Commons license and
I am substantiating my opinion in the hope that others may gain insight and
possibly even choose the same path for their own creative works. What if someone
wished to present this article to a group of individuals---maybe in the
workplace---but found my ``garbage'' comment to be unnecessarily harsh? What
personal harm would I incur if they were to remove that statement? However, what
if they wished to go further by replacing all references to ``free software''
with references to ``open source''---a term which I [reject][7]? Well, this
could potentially affect my image, depending on the group's philosophy. What
now?

There are a few important points to note from this. Firstly, the license
mandates that:

  If You Distribute, or Publicly Perform the Work or any Adaptations or
  Collections, You must, unless a request has been made pursuant to Section
  4(a), keep intact all copyright notices for the Work and provide, reasonable
  to the medium or means You are utilizing: (i) the name of the Original Author
  (or pseudonym, if applicable) if supplied, and/or if the Original Author
  and/or Licensor designate another party or parties (e.g., a sponsor institute,
  publishing entity, journal) for attribution ("Attribution Parties") in
  Licensor's copyright notice, terms of service or by other reasonable means,
  the name of such party or parties; (ii) the title of the Work if supplied;
  (iii) to the extent reasonably practicable, the URI, if any, that Licensor
  specifies to be associated with the Work, unless such URI does not refer to
  the copyright notice or licensing information for the Work; and (iv) ,
  consistent with Ssection [sic] 3(b), in the case of an Adaptation, a credit
  identifying the use of the Work in the Adaptation (e.g., "French translation
  of the Work by Original Author," or "Screenplay based on original Work by
  Original Author").[8]

In plain English---you must provide attribution to the original author and
indicate that the work has been modified from the original. Furthermore:

  The credit required by this Section 4(c) may be implemented in any reasonable
  manner; provided, however, that in the case of a Adaptation or Collection, at
  a minimum such credit will appear, if a credit for all contributing authors of
  the Adaptation or Collection appears, then as part of these credits and in a
  manner at least as prominent as the credits for the other contributing
  authors.[8]

It would therefore be appropriate to assume that an author of a derivate work
will, in good faith, make clear attribution. Should this not be the case, then
what is to say that the author would not have simply modified a work which is
not licensed to permit modifications?

The next point is another simple one: Under United States copyright law, the
[fair use doctrine][9] permits limited use of a copyrighted work without prior
consent from the author; it is this doctrine that allows, for example, authors
and journalists to quote portions of other works to report on or back up their
arguments. This means that, even if the license did not permit, an author could
still incorporate *portions* of my work to support their own arguments or agenda,
regardless of whether or not I may agree with it. This segues into the final
point.

Who am I to [dictate others opinions][10]? It would not be right of me to limit
one's freedom simply because they violate my own personal opinions or beliefs.
Therefore, if this is one condition under which I would decide to restrict my
creative works, then that reason should be immediately dismissed. This means
that---within the context of my previous example---if someone wanted to alter
all the references to ``free software'' in my work to adapt it to their own
personal style, then they should be permitted to do so. Such a work is no longer
my own: They must clearly state that it has been altered from the original.
Hopefully readers take notice of that. My works are always published on my own
personal website where the originals can be found; with today's search engines,
such a task is trivial. If someone neglects to do so---and I do understand that
many will neglect to do so---then they have not made an informed opinion on the
material.

Another minor point would be that, for the majority of my works, it is unlikely
that anyone will be making any sort of alteration.

As such, I find that I have little ground to stand on should I attempt to
rationalize a more restrictive license. Any remaining arguments, such as ``what
if they sell your content or modify it only slightly and are given more credit
for the work than they deserve?'' are already covered by the free software
philosophy can may be easily adopted here.

[0] http://creativecommons.org/licenses/by-sa/3.0/
[1] http://www.gnu.org/licenses/license-list.html#OpinionLicenses
[2] http://creativecommons.org/licenses/
[3] https://www.gnu.org/copyleft/copyleft.html
[4] https://www.gnu.org/copyleft/gpl.html
[5] https://www.gnu.org/philosophy/free-sw.html
[6] https://www.gnu.org/philosophy/free-doc.html
[7] http://www.gnu.org/philosophy/open-source-misses-the-point.html
[8] http://creativecommons.org/licenses/by-sa/3.0/legalcode
[9] http://en.wikipedia.org/wiki/Fair_use
[10] http://www.gnu.org/philosophy/programs-must-not-limit-freedom.html
2013-06-18 23:15:23 -04:00
Mike Gerwitz 4b2c0b2d74 Added images/COPYING and license for GNU page fold image 2013-06-16 22:47:39 -04:00
Mike Gerwitz 7c72eecd3b Adjusted footer image and font size for smallest layout
With the CC BY-SA addition, the line of images would otherwise wrap. The font
size is adjusted slightly to be more proportional with the images.

The images dimensions are reduced by 20%.
2013-06-16 20:47:14 -04:00
Mike Gerwitz 6b6c5a1b51 All creative content (e.g. thoughts) now licensed under CC BY-SA
Added COPYING.{GPLv3,CCBYSA}, adjusted copyright for pages generated with
repo2html and added CC BY-SA image to footer.
2013-06-16 20:35:22 -04:00
Mike Gerwitz c336800ca4
:Corrected dest dir creation bug with doc-cp
The modification that created this bug was clearly not tested.
2013-06-16 13:23:39 -04:00
Mike Gerwitz 3ec175ef0c
:Added "viewport" meta tag to indicate to certain browsers that they can trust us with rendering
See the comment in this patch for more information.
2013-06-16 13:07:37 -04:00
Mike Gerwitz 2edfd71d36
:Correcting relative paper URLs
This absolute path will ensure that the link will work correctly regardless of
whether papers happens to end in a trailing slash or not.
2013-06-16 12:41:55 -04:00
Mike Gerwitz 3c2e2daacd
:Updated CSS to format pages for smaller resolutions
The page is designed for modern PC resolutions---that is, 1280 or greater width.
Since it uses a 300px right-hand sidebar in conjunction with fairly generous
margins (for the index pages, at least), this causes problems with smaller
resolutions.

For the classic (but outdated) 1024px resolution, the margins will adjust to
give more viewing room. For 640px or less resolutions, which are common on some
mobile devies such as tablets, the headline that is normally displayed in the
sidebar is moved to the top and the images are significantly reduced in size,
providing 300px additional viewing width. The 42x42px images that are displayed
below the GNU logo on the upper-right are also moved to the top of the page and
to the left of the GNU logo and certain other margins (such as blockquote and
ul) are reduced.

At around 400px, the images next to the GNU logo start to become problematic and
may overlap with the title; therefore, the size of the images are halved so that
they can fit above the title. This happens to be close the resolution of certain
mobile devices, such as the iPhone (which unfortunately I see many hits from in
my sever logs) with a width of 320px, so this is the layout that will be used
for such devices.

Note that the styles for these widths are build atop of the existing rules and
essentially ``undo'' certain styles; this is to fall back to the default desktop
style in case the browser does not support such media queries.
2013-06-16 12:39:00 -04:00
Mike Gerwitz 78abf14b20
:Added "National Uproar" NSA article to papers 2013-06-14 22:50:53 -04:00
Mike Gerwitz c9a9837b4f National Uproar: A Comprehensive Overview of the NSA Leaks and Revelations
I am finding it difficult to keep up with the flood of reports in my little free
time, while still finding the time to brush up on relevant history. My hope is
to provide a summary of recent events and additional background---along with a
plethora of references---that will allow the reader to perform further research
and to formulate educated, personal opinions on the topics. If you do not care
for my commentary, simply scroll to the list of references at the bottom of this
article.

Many [individuals and organizations][0] have long warned of [digital privacy
issues][1], but there has been one agency in particular that has been the
subject of much scrutiny---the [National Security Agency (NSA)][2], which is a
United States government agency[3] that has a [long history of controversial
spying tactics][4] on its country's own citizens. It is a chilling topic---one
that can easily make any person sound like they've latched onto an Orwellian
conspiracy.

**Wednesday, June 5th, 2013**---[the Guardian newspaper publishes a leaked
document][5][6][7] ordering Verizon to

  [...] produce to the National Security Agency (NSA) upon service of this
  Order, and continue production on an ongoing daily basis thereafter for the
  duration of this Order, [...] an *electronic copy of* the following tangible
  things: *all call detail records or ``telephony metadata''* created by Verizon
  for communications (i) between the United States and abroad; or (ii) wholly
  within the United States, *including local telephone calls*.[6] [emphasis
  added]

The order goes on to describe ``telephony metadata'' to include routing
information, source and destination telephone numbers, IMSI and IMEI numbers,
and time and duration of the call; it ``does not include the substantive content
of any communication''---the communication content itself.[6] This order was
[issued by the Foreign Intelligence Surveillance Court (FISC)][8] under [section 215
of the Patriot Act][9]. (This news comes [less than three months after United
States District Judge Susal Illston ruled NSA Letters' gag provisions
unconstitutional][10].)

This report caused a massive uproar, but [came as no surprise][11] to many
security researchers and privacy advocates. Early last year, Wired released an
article stating that [the NSA ``Is Building the Country's Biggest Spy
Center''][14].  Privacy concerns were raised in November of last year by [the
Petraeus scandal][14]. In March of this year, Google released figures showing
that [the NSA is secretly spying on some of its customers][15]. Two months later,
[outrage][17] after the Associated Press discovers that [the Justice Department
collected the calling records of many of its reporters and editors][18].
Additionally, [the EFF already had cases against the NSA's actions][2]---[Jewel
v. NSA][12] and [Hepting v.  AT&T][13] both focus on unconstitutional dragnet
surveillance of innocent citizens' data and communications. These cases will be
explored in further detail throughout this article.

But the chaos didn't end there.

**Thursday, June 6th, 2013**---just one day after the Guardian reported on the
leaked Verizon order, the newspaper reports on [a leaked slideshow describing
PRISM][19], a top-secret program that ``claims direct access to servers of firms
including Google, Apple and Facebook. According to the leaked document, the NSA
supposedly has the ability to collect material including e-mail, chat, video and
voice communications, photos, stored data and more.[19]. Responses from most
companies was immediate. In a [blog post entitled ``What that...?''][20], Larry
Page---Google's CEO---put very plainly that Google does not participate in such
a program and denied any knowledge of PRISM:

  First, we have not joined any program that would give the U.S. government—or
  any other government—direct access to our servers. Indeed, the U.S. government
  does not have direct access or a ``back door'' to the information stored in
  our data centers. We had not heard of a program called PRISM until yesterday.
  Second, we provide user data to governments only in accordance with the
  law.[20] --Larry Page, Google CEO

[Mark Zuckerberg of Facebook also denied involvement][21], calling such claims
``outrageous`` and encouraging governments to be ``much more transparent about
all programs aimed at keep the public safe'':

  I want to respond personally to the outrageous press reports about PRISM:
  Facebook is not and has never been part of any program to give the US or any
  other government direct access to our servers. We have never received a
  blanket request or court order from any government agency asking for
  information or metadata in bulk, like the one Verizon reportedly received. And
  if we did, we would fight it aggressively. We hadn't even heard of PRISM
  before yesterday. [...] We strongly encourage all governments to be much more
  transparent about all programs aimed at keeping the public safe. It's the only
  way to protect everyone's civil liberties and create the safe and free society
  we all want over the long term.[21] --Mark Zuckerberg, Facebook CEO

Indeed, [all companies eventually denied involvement with PRISM][22].

**Friday, June 7th, 2013**---Two days after the initial Verizon report[5] and one day
after the publishing of portions of the PRISM documents[19], the White House
responded to the Guardian reports with President Obama [defending his
administration][16]. Unfortunately, given the [history of the NSA surveillance
programs][4]---especially since the Bush administration after the 9/11
attacks---it may be difficult to believe that his words are the whole truth. As
such, we will use portions of his transcript[16] to guide the remainder of this
discussion.

  **Jackie Calmes:** Mr. President, could you please react to the reports of
  secret government surveillance of phones and Internet? And can you also assure
  Americans that the government — your government doesn’t have some massive
  secret database of all their personal online information and activity?

  **Obama:** [...] Now, the programs that have been discussed over the last
  couple days in the press are secret in the sense that they’re classified, but
  they’re not secret in the sense that when it comes to telephone calls, every
  member of Congress has been briefed on this program.

  With respect to all these programs, the relevant intelligence committees are
  fully briefed on these programs. These are programs that have been authorized
  by broad, bipartisan majorities repeatedly since 2006. And so I think at the
  outset, it's important to understand that your duly elected representatives
  have been consistently informed on exactly what we’re doing.[16]

There are some important notes regarding the phrasing of the President's
statement. Firstly, it is important to note that the President is *confirming the
existence of* the programs that ``have been discussed over the last couple days
in the press''---that is, the Verizon FISA Court order[5] and the PRISM[19]
leak. However, it is also important to take a step back and note that the
President did *not* state outright that the reports tell the whole---or even the
correct---story. So what do we know?

On June 6th---a day before the White House responded to the leaks---the Director
of National Intelligence James Clapper [declassified certain information pertaining
to the ``business records'' provision of FISA][23], stating, ``I believe it is
important for the American people to understand the limits of this targeted
counterterrorism program and the principles that govern its use''. This statement
mentions that:

  Although this program has been properly classified, the leak of one order,
  without any context, has created a misleading impression of how it operates.
  [...] The program does not allow the Government to listen in on anyone's phone
  calls. The information acquired does not include the content of any
  communications or the identity of any subscriber. The only type of information
  acquired under the Court's order is telephony metadata, such as telephone
  numbers dialed and length of calls.[23]

The term ``telephony metadata'' could mean anything; the ``numbers dialed'' and
``length of calls'' are part of it, but what does the Court order[6]
specifically request?

  IT IS HEREBY ORDERED that [Verizon] shall produce to the [NSA] [...], and
  continue production on an ongoing daily basis [...] for the duration of this
  Order, [...] all call detail records or ``telephony metadata'' [...].
  Telephony metadata includes comprehensive communications routing information,
  including but not limited to [...] originating and terminating telephone
  number, [...] International Mobile Subscriber Identity (IMSI) number,
  International Mobile station Equipment Identity (IMEI) number, [...] trunk
  identifier, telephone calling card numbers, and time and duration of call.
  Telephony metadata does not include the substantive content of any
  communication [...], or the name, address, or financial information of a
  subscriber or customer.[6] --FISA Court order

The President made this point very clear:

  **Obama:** When it comes to telephone calls, nobody is listening to your
  telephone calls.  That’s not what this program’s about. As was indicated, what
  the intelligence community is doing is looking at phone numbers and durations
  of calls. They are not looking at people’s names, and they’re not looking at
  content. But by sifting through this so-called metadata, they may identify
  potential leads with respect to folks who might engage in terrorism. If these
  folks — if the intelligence community then actually wants to listen to a phone
  call, they’ve got to go back to a federal judge, just like they would in a
  criminal investigation. So I want to be very clear. Some of the hype that
  we’ve been hearing over the last day or so — nobody’s listening to the content
  of people’s phone calls.[16]

The EFF provides compelling arguments as to why [metadata is important to our
privacy][24]. One such example: ``They know you spoke with an HIV testing
service, then your doctor, then your health insurance company in the same hour.
But they don't know what was discussed.'' The EFF further states, ``the
government has given no assurances that this data will never be correlated with
other easily obtained data''. So, while the President may try reassuring us by
stating that ``they've got to go back to a federal judge'', he certainly does
not make it clear that they may already have enough information *without* having
to do so---from this supposedly non-content metadata. They do not need to
subpoena the phone company for the name or address of the individual in most
cases, as reverse telephone directories are readily available. With that, they
then have the names of yourself, everyone you have called and GPS data.

Another argument worthy of strong consideration is posed by Daniel J.
Solove---[what if the government is wrong about your intentions][25]? How can
you go about correcting incorrect data if its very existence is hidden from the
public?

  What if the government leaks the information to the public? What if the
  government mistakenly determines that based on your pattern of activities,
  you're likely to engage in a criminal act? What if it denies you the right to
  fly? What if the government thinks your financial transactions look odd—even
  if you've done nothing wrong—and freezes your accounts? What if the government
  doesn't protect your information with adequate security, and an identity thief
  obtains it and uses it to defraud you?[25]

These are serious questions. Even if you---the reader---are of the type that sates
``I don't care; I have nothing to hide'', then consider that, despite the government's
best efforts to secure and protect the data, [it could possibly fall prey to
enemies of the United States][25]. Consider that the [Chinese cracked into
Pentagon systems][26], taking ``designs for more than two dozen major weapon systems
used by the United States military''.

Of course, we are now assuming that that the NSA is (a) operating in accordance with the
Court order with respect to the privacy of communications content and (b) that
the President's statement is not intentionally omitting projects that *do*
warrantlessly wiretap innocent Americans' communications. Historically, the NSA has not
given us reason to entertain either of these thoughts.

**January 31, 2006**---[Hepting v. AT&T][13]; the EFF files a case suing AT&T on
behalf of its customers for ``violating privacy law by collaborating with the
NSA in the massive, illegal program to wiretap and data-min Americans'
communications''. This case included ``undisputed evidence`` from former AT&T technician
Mark Klein showing that [AT&T routed a copy of all Internet traffic to an NSA-controlled
room in San Francisco][27]:

  Through the ``splitter cabinet,'' the content of all of the electronic voice
  and data communications going across the Peering Links [...] was transferred
  from the WorldNet Internet room's fiber optical circuits into the
  [NSA-controlled] SG3 Secure Room [...] including such equipment as Sun servers
  and Juniper (M40e and M160) ``backbone'' routers.  The list also included a
  Narus STA 6400, which is a ``Semantic Traffic Analyzer.''[27]

That is---allegedly, AT&T indiscriminately passed *all* of the traffic passing
through its San Francisco facility into the NSA-controlled ``SG3 Secure Room''
where the NSA performed their *own* filtering, storage and analysis however they
pleased. This is an astounding accusation. Additionally, Klein further states
that ``other such `splitter cabinets' were being installed in other cities,
including Seattle, San Jose, Los Angeles and San Diego''.[27]

Unfortunately, Hepting was dealt a fatal blow in July 2008 when both the
government and AT&T were [awarded retroactive immunity][28] by the [FISA
Amendments Act (FAA)][29]. This startling turn was signed by President Bush in
response to the EFF's court victories in the case and ``allows the Attourney
General to require the dismissal of the lawsuits over the telecoms'
participation in the warrantless surveillance program''.[13] The case was
dismissed in June 2009 and dozens of other lawsuits.

Fortunately, the battle is not over. The EFF then filed [Jewel v. NSA][12] which
directly targets the ``NSA and other government agencies on behalf of AT&T
customers to stop the illegal unconstitutional and ongoing dragnet surveillance
of their communications and communications records''. This case was too based
on the testimony of Klein[27]. Additionally, the EFF had declarations of William
Binney, Thomas Drake and Kirk Wiebe---[three NSA whistleblowers][30]. Most
interesting (and damning) for the purposes of our discussion is the [Summary of
Voluminous Evidence][31].

  I have served on the Intelligence Committee for over a decade and I wish to
  deliver a warning this afternoon.  When the American people find out how their
  government has secretly interpreted [the business records provision of
  FISA], they are going to be stunned and they are going to be angry.[32]
  --Senator Ron Wyden

Note that the Senator is referring to precisely the same provision---business
records---that was partly declassified by James Clapper on Thursday.[23] Of
course, we are assuming that the NSA decides to go to the FISA Court for
permission; this apparently has not always been the case.

According to the summary of evidence[31], the NSA stated:

  To perform both its offensive and defensive mission, NSA must ``live on the
  network.'' [The program would be] a powerful and permanent presence on a
  global telecommunications infrastructure where protected American
  communications and targeted adversary communications will coexist.

This certainly shares some similarities with the Verizon case. But FISA stood
in the way of this goal; John Yoo explains why FISA was insufficient for such
a dragnet operation:

  [U]nder existing laws like FISA, you have to have the name of somebody, have
  to already suspect that someone's a terrorist before you can get a warrant.
  [...] it doesn't allow you as a government to use judgment based on
  probability to say: ``[...] there's a high probability that some of those
  calls are terrorist communications. But we don't know the names of the people
  making those calls.'' You want to get at those phone calls, those e-mails, but
  under FISA you can't do that.[33] --Jon Yoo

After the September 11th attacks, ``FISA ceased to be an operative
concern''.[31] If that statement sounds unsettling, that is because it is;
President Bush subsequently authorized the NSA to ``conduct electronic
surveillance within the United States'' without an order from the FISA Court
(FISC). General Hayden phrased it as such: the program ``is a more [...]
`aggressive' program than would be traditionally available under FISA''.[34]
What---if anything---does this mean about any current NSA operations (including
the Verizon order)? If Bush is able to authorize such actions, what is to say
that Obama will not (and has not)?

Let us return to the statements from both Clapper[23] and Obama stating that
``nobody is listening to the content of your phone calls''.[16] We can certainly
hope that this is the case, but we shall continue to draw from evidence in the
Jewel v. NSA case[12] to see what the NSA has done in the past.

  It was the biggest legal mess I've ever encountered.[35] --Jack Goldsmith, Justice
  Department's Office of Legal Consel

The program operated ``in lieu of'' court orders.[36] Even more alarming (if such a
thing is possible), ``neither the President nor Attorney General approved the specific
interceptions; rather, the decision to listen or read particular communications was
made by intelligence analysts''; the only authorization needed was by an NSA
``shift supervisor''.[37] So, let's reiterate:

  **Obama:** If these folks — if the intelligence community then actually wants to listen
  to a phone call, they've got to go back to a federal judge, just like they
  would in a criminal investigation.[16]

It may very well be that Obama is being truthful within context of the Verizon
order; perhaps they have learned from their mistakes with the AT&T dragnet.
Unfortunately, their secrecy is making it very difficult for the public to make
an informed analysis of the matter.

Ultimately, it is believed that Attorney General Comey's initial certifications of
the program were ``based on a misimpression of those activities'' due to a botched
legal analysis by Jon Yoo that was described as ``at a minimum [...] factually
flawed''. Yoo was the only OLC official to read into the program since its
inception in October 2001 until his leaving in May 2003.[31] When Comey refused
to reauthorize the program, Bush did so himself, resulting in threats of resignation
from Comey and ``about two dozen Bush appointees''. However, ``[d]espite the illegality
of the Program, no officials resigned.''[31].

In 2009, the New York Times published a series of articles regarding the
program, exposing a [``serious issue involving the NSA'' concerning
``significant misconduct''][38]. This included a ```flagrant' overcollection
of domestic email''.[31]

  Because each court order could single out hundreds or even thousands of phone
  numbers or e-mail addresses, the number of individual communications that
  were improperly collected could number in the millions, officials said.[31]

That was then; this is now, right? How can we be sure of any connection between
the NSA of a decade ago vs. the NSA of today? Well, as an average citizen with
no security clearance, I can't. However, there are some important connections that
can be made. Firstly, recall Ron Wyden's quote above stating that the public
will be ``stunned'' and ``angry''.[32] On Thursday, June 6th, he [released this
statement on his Senate website][39]:

  The program Senators Feinstein and Chambliss publicly referred to today is one
  that I have been concerned about for years.  I am barred by Senate rules from
  commenting on some of the details at this time.  However, I believe that when
  law-abiding Americans call their friends, who they call, when they call, and
  where they call from is private information.  Collecting this data about every
  single phone call that every American makes every day would be a massive
  invasion of Americans’ privacy.[39] --Senator Ron Wyden

Perhaps the most obvious and direct connection is that the [government asked for
more time in Jewel v. NSA (and Shubert v. Obama) in light of the NSA
revelations][40].

  The revelations not only confirmed what EFF has long alleged, they went even
  further and honestly, we’re still reeling. EFF will, of course, be continuing
  its efforts to get this egregious situation addressed by the courts.

  [...] EFF and others had long alleged that, despite the rhetoric surrounding
  the Patriot Act and the FISA Amendments Act, the government was still
  vacuuming up the records of the purely domestic communications of millions of
  Americans.  And yesterday, of course, with the Verizon order, we got solid
  proof..  And it appears that the reach of this vacuum goes much further, into
  the records of our Internet service providers as well.[41] --Electronic
  Frontier Foundation

This brings us back to PRISM.[19] Numerous sources reported that [the White
House confirmed][42] its existence. Indeed, if you consider the President's
original words--- ``the programs that have been discussed over the last couple
days in the press are secret in the sense that they’re classified''[16]---this
does seem to be a verification of the project's existence. However, confusion ensued
when [companies like Google and Facebook denied involvement][43], despite what
the [leaked information seems to state][19]. Yonatan Zunger---chief architect at
Google---[reiterated the words of Larry Page][44]:

  I can also tell you that the suggestion that PRISM involved anything happening
  directly inside our datacenters surprised me a great deal; owing to the nature
  of my work at Google over the past decade, it would have been challenging --
  not impossible, but definitely a major surprise -- if something like this
  could have been done without my ever hearing of it. And I can categorically
  state that *nothing* resembling the mass surveillance of individuals by
  governments within our systems has ever crossed my plate.[44] --Yonatan
  Zunger, Chief Architect, Google

Questions then arose as to what exactly ``PRISM'' is. Marc Ambinder with The Week
reported that [PRISM is nothing more than one of many different ``data collection
tools''][45] that may be used by the NSA. One day later, Marc posted another article
entitled [``Solving the mystery of PRISM''][46]

  Each data processing tool, collection platform, mission and source for raw
  intelligence is given a specific numeric signals activity/address designator,
  or a SIGAD. [...] PRISM is US-984XN. Each SIGAD is basically a collection
  site, physical or virtual; [...] PRISM is a kick-ass GUI that allows an
  analyst to look at, collate, monitor, and cross-check different data types
  provided to the NSA from internet companies located inside the United States.[46]

Others hypothesized that, due to the denial of involvement from various
companies[44], PRISM may operate by intercepting communications. The Guardian
[countered by releasing another slide from the leaked presentation][47], stating
outright that ``[b]oth of these theories appear to be contradicted by internal
NSA documents''.

  It clearly distinguishes Prism, which involves data collection from servers,
  as distinct from four different programs involving data collection from "fiber
  cables and infrastructure as data flows past".[47]

This sounds a great deal like Klein's description of the SG3 Secure Room at
AT&T[27] (though I do not intend to imply that they are the same thing---that is
not clear, nor does Klien state that he ever noted the word ``PRISM'' on any
documents). The Guardian goes on to state that ``[a] far fuller picture of the exact
operation of Prism [...] is expected to emerge in the coming weeks and months''.
(Is that foreshadowing or an educated guess?)

There is, of course, the other obvious hypothesis---that organizations including
Google, Facebook and Microsoft are being [deceptive or not telling the whole
truth][48]. Alternatively, maybe such operations were being done under the noses
of executives. On Friday, the New York Times published an article stating that
the technology companies [``cooperated at least a bit''][49].

  [Google, Micorsoft, Yahoo, Facebook, AOL, Apple and Paltalk] were legally
  required to share the data under the Foreign Intelligence Surveillance Act.
  [...] But instead of adding a back door to their servers, the companies were
  essentially asked to erect a locked mailbox and give the government the key,
  people briefed on the negotiations said.  Facebook, for instance, built such a
  system for requesting and sharing the information, they said.[49]

This does not necessarily mean that these companies had any knowledge,
specifically, of ``PRISM''. As the Guardian said, I will be curious to see what
information surfaces in the coming months; the gag provisions of the orders make
for an unfortunate situation for everyone involved.

Let us return to the President's statements.

  **Obama:** And I welcome this debate. And I think it's healthy for our
  democracy. I think it's a sign of maturity, because probably five years ago,
  six years ago, we might not have been having this debate.[16]

This is a difficult debate to have, Mr. President, when the public does not know
of the existence of these programs; we only have knowledge of these programs due
to the aforementioned leaks---courageous individuals who feel that their
government is not representative of the democracy and freedom that it supposedly
represents. This segues into another statement from the President:

  **Jackie Calmes:** Do you welcome the leak, sir? Do you welcome the leak if
  you welcome the debate?

  **Obama:** I don't---I don't welcome leaks, because there's a reason why these
  programs are classified. [...] But that's also why we've set up congressional
  oversight. These are the folks you all vote for as your representative in
  Congress, and they’re being fully briefed on these programs.

Unfortunately, Obama seems to have missed another critical fact. We---the
people---vote for representatives that, well, ``represent'' *the issues that we
care about*. Those who are strongly opposed to gun legislation will vote for
those representatives that share those feelings and will fight to oppose such
legislation. Similarly, a pro-life supporter will probably not vote for a
candidate in favor of abortion. But what if there is a candidate that shares one
opinion but not another---say, opposes gun regulation but supports abortion,
when you as a voter are a pro-life gun-owner against gun legislation? Then you
will likely vote for the issues that you feel most strongly about (or what you
feel is a fair balance between all the other issues you follow). The problem
here, Mr. President, is that we---the people---are not made aware of these
issues because they are *classified*. How many people may not have voted for
you, Mr. President, had they known that you would support dragnet surveillance
of innocent Americans?

**Sunday, June 9th, 2013**---The Guardian continues to surprise the world by
[releasing the name of the NSA whistleblower at his request][50]. Edward
Snowden, a 29-year-old former CIA technical assistant and current defense
contractor employee is responsible for what The Guardian is calling ``the
biggest intelligence leak in the NSA's history''. Reporting from Hong
Kong---where Snowden fled to on May 20th in the hope of resisting the
U.S. government---Glenn Greenwald, Ewen MacAskill and Laura Poitras report
on his motives.

  Three weeks ago, Snowden made final preparations [...] [a]t the NSA office in
  Hawaii where he was working, [copying] the last set of documents he intended
  to disclose.[50]

Snowden describes situations where he began to begin questioning his government,
such as a case where a CIA operative purposely encouraged a Swiss banker to get
intoxicated and drive drunk so that he would be arrested. ``Much of what I saw
in Geneva really disillusioned me about how my government functions and what its
impact is in the world.'' He mentioned that the election of Obama in 2008 gave
him hope for reform, but watched in 2009 as ``Obama advanced the very policies
that I thought would be reined in. [...] I got hardened.''[50]

It is this statement from Snowden that, if accurate, suggests that Obama not
only supports Bush's initial dragnet operation[31], but has further expanded it.

At this point, since the news is still quite young at the time that this article
was written, the world must wait to see what action the government will attempt
to take against Snowden. Reuters had already reported the previous day that
[the government is likely to open a criminal probe into the NSA leaks][51].

  James Clapper, the director of U.S. national intelligence, condemned the leaks
  and asserted that the news articles about PRISM contained ``numerous
  inaccuracies.''[51]

Snowden is not the first to come forward as a whistleblower from the NSA---as we
discussed previously, three NSA whistleblowers came fourth previously to back the
EFF in Jewel v. NSA;[30] they each had the charges either cleared or dropped. That
said, [Obama has been aggressively pursuing whistleblowers][59]. Snowden
mentioned that he views his best hope of freedom as the possibility of asylum
with Iceland.[50] It appears that such may already be working in his favor, with
[Iclandic Legislator Birgitta Jonsdottir already starting the process to apply
for asylum][52], although it is not clear if Snowden has already applied.

There is a great deal to think about. Even though the [evidence against the NSA
dates far back][4], the recent revelations invoke emotions that are difficult to
describe. With countless individuals working to sift through the information,
the Obama administration under attack and nobody knowing if the Guardian is
sitting on even more information, the entire world will continue to watch
impatiently...and act.

While all this is going on, it would be useful to reiterate certain privacy and
security topics that have already been covered at large. Firstly, consider
checking out the EFF's [Surveillance Self-Defense][53] website, which contains
information on a number of topics including anonymity and how to respond to
court orders. Consider using [Tor for anonymity][54] online (but recognize that
it is not a full solution in itself). Consider [keeping your data to
yourself][55] rather than storing it on ``cloud'' services---[Richard Stallman
explains how Software as a Service (SaaS) differs in dangers from proprietary
software][56]. Consider using only [free software][57] to limit further
sacrifices in personal freedom and to limit the information that corporations
and third parties collect from you while using your computer and other devices.
Finally, if you have information that you want to leak to the press (whether or
not you are an [NSA employee][58]), you may be able to consider tools such as
[The New Yorker's Strongbox][60]; it uses [software created by Aaron Swartz][61]
shortly before his untimely death early this year.

Finally, aid senators like Rand Paul in developing [legislation to curb the powers
of the government][62]. We must also do our best to fight for the rights of
brave whistleblowers like Snowden. To end with the words of the EFF, [``we need
a new church committee and we need it now''][41].

[0] [cref:3fa69da6531cb2131a7f52d17eb77a75e01794ba] Re: Who Does Skype Let Spy; a response to Schneier's article.
[1] https://www.schneier.com/essay-418.html The Internet Is a Surveillance State
[2] https://www.eff.org/nsa-spying The EFF on NSA Spying
[3] https://www.eff.org/agency/national-security-agency The National Security Agency
[4] https://www.eff.org/nsa-spying/timeline Timeline of NSA Spying
[5] http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order
    NSA collecting phone records of millions of Verizon customers daily
[6] http://s3.documentcloud.org/documents/709012/verizon.pdf PDF of the FISA Court order to Verizon.
[7] http://s3.documentcloud.org/documents/709012/verizon.txt Ibid; plain text version.
[8] https://www.eff.org/deeplinks/2013/06/confirmed-nsa-spying-millions-americans
    Confirmed: NSA Spying on Millions of Americans
[9] https://www.eff.org/deeplinks/2011/10/ten-years-later-look-three-scariest-provisions-usa-patriot-act
    Three Scariest Provisions of thet USA Patriot Act
[10] [cref:bc03bd3bfeb47854ee96987aeee0b6f5546e8307]
     Federal Judge Declares National Security Letters Unconstitutional
[11] http://www.theatlantic.com/politics/archive/2013/06/what-we-dont-know-about-spying-on-citizens-scarier-than-what-we-know/276607/
     Bruce Schneier comments on NSA leak.
[12] https://www.eff.org/cases/jewel Jewel v. NSA
[13] https://www.eff.org/cases/hepting Hepting v. AT&T
[14] [cref:d6f2e02111082126a71a1fbd04f99044785995c2]
     Privacy In Light of the Petraeus Scandal
[15] [cref:a1f8634296246f2f771f99c04fb74af0a592481e]
     Google Says the FBI Is Secretly Spying on Some of Its Customers
[16] http://blogs.wsj.com/washwire/2013/06/07/transcript-what-obama-said-on-nsa-controversy/
     Obama on the NSA controversy.
[17] https://www.eff.org/deeplinks/2013/05/congressional-outrage-over-ap-phone-records
     Congressional outrate of AP phone records.
[18] https://www.eff.org/deeplinks/2013/05/doj-subpoena-ap-journalists-shows-need-protect-calling-records
[19] http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data
[20] http://googleblog.blogspot.com/2013/06/what.html Larry Page denies PRISM involvement.
[21] https://www.facebook.com/zuck/posts/10100828955847631 Mark Zuckerberg denies PRISM involvement.
[22] http://www.guardian.co.uk/world/2013/jun/07/google-facebook-prism-surveillance-program
[23] http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/868-dni-statement-on-recent-unauthorized-disclosures-of-classified-information
     James Clapper---Directory of National Intelligence---declassifies
     information pertaining to the ``business records'' provision of FISA.
[24] https://www.eff.org/deeplinks/2013/06/why-metadata-matters The EFF describes why telephony metadata can have a significant impact on our privacy.
[25] http://mashable.com/2013/06/08/china-hack-nsa/ What if crackers get a hold of the NSA's databases?
[26] http://rt.com/usa/us-chinese-report-defense-888/ The Chinese crack into Pentagon systems.
[27] https://www.eff.org/file/28823 Public unredacted Mark Klein declaration; [Hepting v. AT&T][13]
[28] https://www.eff.org/pages/case-against-retroactive-amnesty-telecoms The Case Against Retroactive Amnesty for Telecoms.
[29] http://www.govtrack.us/congress/bills/110/hr6304/text FISA Amendments Act (FAA).
[30] https://www.eff.org/press/releases/three-nsa-whistleblowers-back-effs-lawsuit-over-governments-massive-spying-program
     Three NSA whistleblowers back the EFF in [Jewel v. NSA][12].
[31] https://www.eff.org/node/72021 Summary of Voluminous Evidence, [Jewel v. NSA][12].
[32] Ibid.[31] 157 Cong. Rec. S3372--3402, S3386 (May 26, 2011) [Vol. VI, Ex. 111, p. 4286]
    (Statement of Sen.  Ron Wyden, On Patriot Act Reauthorization)
[33] Ibid.[31] PBS Frontline, Spying on the Homefront, Interview with John C. Yoo at 4
    (Jan. 10, 2007) [Vol. I, Ex. 10, p. 394]
[34] Ibid.[31] Press Briefing by Att’y Gen. Alberto Gonzalez and Gen. Michael Hayden,
     Principal Dep. Dir. for Nat’l Intelligence (Dec. 19, 2005)
[35] Ibid.[31] Preserving the Rule of Law in the Fight Against Terror:
     Hearing before the S. Comm. on the Judiciary, 110th Cong. 7 (Oct. 2, 2007)
     [Vol.  III, Ex. 42, p. 1307] (testimony of Jack Goldsmith)
[36] Ibid.[31] Press Briefing by Att’y Gen. Alberto Gonzalez and Gen. Michael Hayden, Principal Dep. Dir.
    for Nat’l Intelligence (Dec. 19, 2005)
[37] Ibid.[31] Remarks by Gen. Michael Hayden, Address to the National Press Club, Washington, D.C. (Jan. 23, 2006)
     [Vol.  IV, Ex. 73, p. 1809]
[38] http://www.nytimes.com/2009/04/16/us/16nsa.html?pagewanted=all Officials Say U.S. Wiretaps Exceeded Law
[39] http://www.wyden.senate.gov/news/press-releases/wyden-statement-on-alleged-large-scale-collection-of-phone-records
     Ron Wyden comments on the collection of Verizon phone records
[40] https://www.eff.org/deeplinks/2013/06/government-asks-more-time-eff-surveillance-cases
     In Light of NSA Revelations, Government Asks for More Time in EFF Surveillance Cases
[41] https://www.eff.org/deeplinks/2013/06/response-nsa-we-need-new-church-commission-and-we-need-it-now
     In Response to the NSA, We Need A New Church Committee and We Need It Now
[42] http://www.theweek.co.uk/us/53475/white-house-admits-it-has-access-facebook-google
     White House admits it has ``access'' to Facebook, Google
[43] http://www.guardian.co.uk/world/2013/jun/07/google-facebook-prism-surveillance-program
     Facebook and Google insist they did not know of Prism surveillance program
[44] https://plus.google.com/+YonatanZunger/posts/huwQsphBron
     Yonatan Zunger---Chief Architect at Google---expresses his distaste of PRISM
[45] http://theweek.com/article/index/245311/sources-nsa-sucks-in-data-from-50-companies
     Sources: NSA sucks in data from 50 companies.
[46] http://theweek.com/article/index/245360/solving-the-mystery-of-prism
    Solving the mystery of PRISM
[47] http://www.guardian.co.uk/world/2013/jun/08/nsa-prism-server-collection-facebook-google
     NSA's Prism surveillance program: how it works and what it can do.
[48] http://www.guardian.co.uk/world/2013/jun/08/obama-response-nsa-surveillance-democrats
     Obama deflects criticism over NSA surveillance as Democrats sound alarm.
[49] http://www.nytimes.com/2013/06/08/technology/tech-companies-bristling-concede-to-government-surveillance-efforts.html?ref=global-home&_r=2&pagewanted=all&
     Tech Companies Concede to Surveillance Program
[50] http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance
     Edward Snowden: the whistleblower behind the NSA surveillance revelations.
[51] http://www.reuters.com/article/2013/06/08/us-usa-security-leaks-idUSBRE95700C20130608
     Government likely to open criminal probe into NSA leaks: officials.
[52] http://www.forbes.com/sites/andygreenberg/2013/06/09/icelandic-legislator-im-ready-to-help-nsa-whistleblower-seek-asylum/
     Icelandic Legislator: I'm Ready To Help NSA Whistleblower Edward Snowden Seek Asylum
[53] https://ssd.eff.org/ EFF Surveillance Self-Defense.
[54] https://www.torproject.org/ The Tor project offers anonymity online.
[55] http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman
     Cloud computing is a trap, warns GNU founder Richard Stallman
[56] http://www.gnu.org/philosophy/who-does-that-server-really-serve.html
     Who does that server really serve?
[57] http://www.gnu.org/philosophy/free-sw.html What is free software?
[58] http://www.whistleblowers.org/index.php?option=com_content&task=view&id=984&Itemid=173
     National Security Employees Know Your Rights
[59] http://www.theatlanticwire.com/politics/2011/05/obamas-war-whistle-blowers/38106/
     Obama's War on Whistle-Blowers
[60] http://www.newyorker.com/strongbox/ The New Yorker Strongbox
[61] http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html
     Strongbox and Aaron Swartz
[62] http://abcnews.go.com/blogs/politics/2013/06/rand-paul-bill-would-curb-nsa-on-phone-records/
     Rand Paul Bill Would Curb NSA on Phone Records
2013-06-10 23:23:31 -04:00
Mike Gerwitz 43847d1fbe
Improved Website
The old WordPress website has been replaced entirely by the ``thoughts'' site
(which was previously located at /thoughts). This website is generated from its
git repository---available on the Projects page---which is freely licensed.
There is some content that existed on the old site that is still useful; should
that content be transferred to this site, a redirect will be set up (assuming
that it hadn't already been lost to the search engines).

Since all this content is static, there is no discussion system. I am still
debating whether or not I will add this in the future. Until that time, feel
free to contact me via e-mail.
2013-06-06 15:00:13 -04:00
Mike Gerwitz 050071eb32 doclist altered to use URL rewriting scheme rather than extension-less filenames
Was convenient for development, but I would prefer to stay conventional.
2013-06-06 14:59:48 -04:00
Mike Gerwitz 962e7bf63e Corrected asciidoc footer for gnu-inside.png URL 2013-06-06 14:41:35 -04:00
Mike Gerwitz a20d956533 Makefile updated to represent new use of repo2html -E option as URL extension
For URL rewriting.
2013-06-06 14:28:31 -04:00
Mike Gerwitz 639583f30a Added rss.xml to .gitignore 2013-06-04 22:50:33 -04:00
Mike Gerwitz 6ba580c630 Added copyright notice to repo2html templates 2013-06-04 22:50:01 -04:00
Mike Gerwitz 495d879b74 Updated `make clean` to account for updated output
The new commits up to this point cover most things... :)
2013-06-04 22:28:55 -04:00
Mike Gerwitz baa78e94c5 Corrected PDF and DVI copying for TeX papers
Was not copying PDF
2013-06-04 22:27:58 -04:00
Mike Gerwitz 2b05f03b2f docs/papers/.list will now take into account TeX articles 2013-06-04 22:27:02 -04:00
Mike Gerwitz 2843ce20c5 doclist will now strip html suffix and properly handle TeX 2013-06-04 22:26:23 -04:00
Mike Gerwitz ecfa482898 Altered doc-cp to ensure that dest dir will always exist 2013-06-04 22:25:55 -04:00
Mike Gerwitz d2bda9c492 CSS styling for paper abstracts 2013-06-03 22:30:01 -04:00
Mike Gerwitz e981ac9c71 Added tex documents to build process 2013-06-03 22:29:59 -04:00
Mike Gerwitz e24910415f Added coope 2013-06-03 22:28:13 -04:00
Mike Gerwitz a25fce722e Added 404 page and obligatory snide remarks
But the 404 page says that a polite (read: BS) apology is obligatory, not a
snide remark!
2013-06-02 12:27:04 -04:00
Mike Gerwitz e4053130cd get-menu-docs() will now ignore non-sorted pages
This allows adding content without it appearing in the menu
2013-06-02 12:27:04 -04:00
Mike Gerwitz 63d7297ebc Added -v flag to cp in doc-cp 2013-06-02 12:27:04 -04:00
Mike Gerwitz e9802e8269 Added repo2html log/data files to .gitignore 2013-06-02 12:27:04 -04:00
Mike Gerwitz 9a479c340c Papers page will now include selected thoughts
The hash abbreviations are the filenames within docs/papers/thoughts
2013-06-02 12:27:04 -04:00
Mike Gerwitz 48532359bd Added doclist script for generating HTML fragment for papers page 2013-06-02 12:27:03 -04:00
Mike Gerwitz 876b763a8d Added intial pages 2013-06-02 12:27:02 -04:00
Mike Gerwitz d91d0cb711 Makefile now uses extfmt for formatter for .pg files 2013-05-30 23:16:04 -04:00
Mike Gerwitz af80689eae Added repo URL to Makefile 2013-05-30 23:15:43 -04:00
Mike Gerwitz 9441ed4627 Altered index style to ensure proper column formatting
Previously, the headline (which is essentially a sidebar) was floated to the
right; this had the benefit of allowing the content to surround it on the lower
portion of the page, though that's arguably a poor design decision. With this
change, this does not occur, but the real reason for this change was to ensure
that block elements (such as divs) do not overflow into the headline.

This uses minimalist styling---as much as possible is done using the body
element. The footer positioning was tricky with varying content length. Since
the headline currently contains only images, my decision was to just get away
with setting a min-height to something reasonable for the headline content
height.
2013-05-29 23:21:54 -04:00
Mike Gerwitz efad11371e Added extfmt tool (repo2html msgfmt extensions for inlining images and code samples)
The inline image extension does not belong in repo2html (see comments), but the
source code highlighting may be moved in (code samples do make sense in commit
messages).
2013-05-29 20:51:09 -04:00
Mike Gerwitz 94f3e09af8 Moved CSS previously in repo2html template for commit template into our CSS
Belongs here; it was in repo2html temporarily until better CSS support could be added.

Yes, repo2html is being developed alongside this website.
2013-05-27 17:01:06 -04:00
Mike Gerwitz 022e539993 Headline background color to ensure no block-styled elements will over/underlay
Specifically, styled divs.
2013-05-27 17:00:26 -04:00
Mike Gerwitz 3e3e18d397 *.pg will now be processed with contents template
Which is essentially index for the time being.
2013-05-27 16:59:45 -04:00
Mike Gerwitz f14299b269 Changed root from /thoughts to / 2013-05-27 16:59:26 -04:00
Mike Gerwitz e1b8b626ae Added styling for title link to root 2013-05-27 16:59:14 -04:00