I recently received a comment via e-mail from a fellow GNU hacker Antonio
Diaz, who is the author and maintainer of [GNU Ocrad][0], a [free (as in
freedom)][1] optical character recognition (OCR) program. His comment was in
response to my article entitled [FreeBSD, Clang and GCC: Copyleft vs.
Community][2], which details the fundamental difference in philosophy
between free software and ``open source''.
I found Antonio's perspective to be enlightening, so I asked for his
permission to share it here.
I imagine a world where all the Free Software is GPLed. The amount and
usefulness of Free Software grows incesantly because free projects can
reuse the code of previous free projects. Proprietary software is
expensive because every company has to write most of its "products" from
scratch. Most people use Free Software, and proprietary software is mainly
used for specialized tasks for which no free replacement exists yet.
Now I imagine a world where all the Free Software is really "open source"
(BSD license). Free Software is restricted to the operating system and
basic aplications because the license does not guarantee reciprocity.
Proprietary software is cheap to produce because it is built using the
code of free projects, but it is expensive for the user (in money and
freedom) because there is no real competition from Free Software. Most
people use proprietary software, as Free Software is too basic for most
tasks.
I think "open source" organizations (specially BSD) are wilfully
destroying the long-term benefits for society of the GPL, and they are
doing it for short-term benefits like popularity and greed:
"As these companies devise strategies for dealing with GPLv3, so must the
FreeBSD community - strategies that capitalize on this opportunity to
increase adoption of FreeBSD." "Fundraising Update [...] This has
increased the number of people actively approaching companies to make
large contributions."
https://www.freebsdfoundation.org/press/2007Aug-newsletter.shtml
Human beings have an innate sense of justice. In absence of reciprocity
one wants to be paid, but I think that reciprocity is much better for
society in the long term.[3]
Antonio compels us to think toward the future: while developers releasing
their code under permissive licenses like the [Modified BSD License][4] are
still making a generous contribution to the free software community today,
it may eventually lead to negative consequences by empowering non-free
software tomorrow.
[0] https://www.gnu.org/software/ocrad/ocrad.html
[1] https://www.gnu.org/philosophy/free-sw.html
[2] [cref:288c90df6209cb9a698099f5fa8c6aed393ef20e]
[3] Comment by Antonio Diaz; the only modifications made were for
formatting.
[4] https://www.gnu.org/licenses/license-list.html#ModifiedBSD
Well that is an embarassing oversight for someone keen on [software]
licensing. Thanks to Ineiev at the FSF for pointing this out.
Consequently, my graphic is now available under CC-BY-SA 2.0, not 3.0, since
it is a derivative work.
A useful perspective explaining why [FreeBSD is moving away from GCC in
favor of Clang][0]; indeed, they are moving away from GPL-licensed software
in general. While this is [not a perspective that I personally agree
with][1], it is one that I will respect for the project. It is worth
understanding the opinions of those who disagree with you to better
understand and formulate your own perspective.
But I am still a free software activist.
The goal of the FreeBSD Project is to provide a stable and fast general
purpose operating system that may be used for any purpose without strings
attached.[2]
As is mentioned in the aforementioned article[0], the BSD community does not
hold the same opinions on what constitutes ``without strings
attached''---the BSD community [considers the restriction on the user's
right to make proprietary use of the software to be a ``string''][2],
whereas the free software community under [RMS][3] believes that [the
ability to make a free program proprietary is unjust][4]:
Making a program proprietary is an exercise of power. Copyright law today
grants software developers that power, so they and only they choose the
rules to impose on everyone else—a relatively small number of people make
the basic software decisions for all users, typically by denying their
freedom. When users lack the freedoms that define free software, they
can't tell what the software is doing, can't check for back doors, can't
monitor possible viruses and worms, can't find out what personal
information is being reported (or stop the reports, even if they do find
out). If it breaks, they can't fix it; they have to wait for the developer
to exercise its power to do so. If it simply isn't quite what they need,
they are stuck with it. They can't help each other improve it.[4]
The [Modified BSD License][5] is a GPL-compatible Free Software
license---that is, software licensed under the Modified BSD license meets
the requirements of the [Free Software Definition][6]. The additional
``string'' that the BSD community is referring to is the concept of
[copyleft][7]---Richard Stallman's copyright hack and one of his most
substantial contributions to free software and free society. To put it into
the words of the FSF:
Copyleft is a general method for making a program (or other work) free,
and requiring all modified and extended versions of the program to be free
as well.[7]
Critics often adopt the term [``viral'' in place of ``copyleft''][8] because
of the requirement that all derivatives must contain the same copyleft
terms---the derivative must itself be Free Software, perpetually (until, of
course, the copyright term expires and it becomes part of the public domain,
[if such a thing will ever happen at this rate][9]). In the case of the
Modified BSD license---being a more permissive license that is non-copyleft
and thus allows proprietary derivatives---derivative works that include both
BSD- and GPL-licensed code essentially consume the [Modified BSD license's
terms][10], which are a subset of the [GPL's][11]. Of course, this is not
pursuant to [FreeBSD's goals][2] and so they consider this to be a bad
thing: There are ``strings attached''.
This is more demonstrative of the [``open source'' philosophy than that of
``Free Software''][12] (yes, notice the bias in my capitalization of these
terms).
[Copyleft is important][7] because it ensures that all users will forever
have the [four fundamental freedoms associated with Free Software][6]. The
GPL incorporates copyleft; BSD licenses do not. Consider why this is a
problem: Imagine some software Foo licensed under the Modified BSD
license[10]. Foo is free software; it is licensed under a free software
license (Modified BSD).[5] Now consider that someone makes a fork---a
derivative---of Foo, which we will call ``Foobar''. Since the Modified BSD
license is not copyleft[10], the author of Foobar decides that he or she
does not wish to release its source code; this is perfectly compliant with
the Modified BSD license, as it does not require that source code be
distributed with a binary (it only requires---via its second
clause[10]---that the copyright notice, list of conditions and disclaimer be
provided).
The author has just taken Foo and made it proprietary.
The FreeBSD community is okay with this; [the free software community is
not][4]. There is a distinction between these two parties: When critics of
copyleft state that they believe the GPL is ``less free'' than more
permissive licenses such as the BSD licenses, they are taking into
consideration the freedoms of developers and distributors; the GPL, on the
other hand, explicirly *restricts* these parties' rights in order to protect
the *users* because those parties are precisely those that seek to *restrict
the users' freedoms*; we cannot provide such freedoms to developers and
distributors without sacrificing the rights of the vulnerable users who
generally do not have the skills to protect themselves from being taken
advantage of.[13] Free software advocates have exclusive, unwaivering
loyalty to users.
As an example of the friction between the two communities, consider a
concept that has been termed [``tivoization''][14]:
Tivoization means certain “appliances” (which have computers inside)
contain GPL-covered software that you can't effectively change, because
the appliance shuts down if it detects modified software. The usual
motive for tivoization is that the software has features the manufacturer
knows people will want to change, and aims to stop people from changing
them. The manufacturers of these computers take advantage of the freedom
that free software provides, but they don't let you do likewise.[14]
This [anti-feature][15] is a type of [Digital Restrictions Management
(DRM)][16] that exposes a [loophole in the GPL that was closed in
Section 3 of the GPLv3][14], which requires that:
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to the
covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.[11]
Unfortunately, not everyone has agreed with this move. A number of
[developers of the kernel Linux expressed their opposition of GPLv3][17]. In
response to the aforementioned GPLv3 provision, they stated:
While we find the use of DRM by media companies in their attempts to reach
into user owned devices to control content deeply disturbing, our belief
in the essential freedoms of section 3 forbids us from ever accepting any
licence which contains end use restrictions. The existence of DRM abuse is
no excuse for curtailing freedoms.[17]
Linus Torvalds---the original author of the kernel Linux---also [expressed
his distaste toward the GPLv3][18]; the kernel is today still licensed under
the GPLv2.
[The BSD camp has similar objections][19]:
Appliance vendors in particular have the most to lose if the large body of
software currently licensed under GPLv2 today migrates to the new license.
They will no longer have the freedom to use GPLv3 software and restrict
modification of the software installed on their hardware. High support
costs ("I modified the web server on my Widget 2000 and it stopped
running...") and being unable to guarantee adherence to specifications in
order to gain licensing (e.g. FCC spectrum use, Cable TV and media DRM
requirements) are only two of a growing list of issues for these
users.[19] --Justin Gibbs, VP of The FreeBSD Foundation
My thoughts while reading the above where echoed by Gibbs further on in his
statement: ``[T]he stark difference between the BSD licensing philosophy and
that of the Free Software Foundation are only too clear.'' For the FreeBSD
community, this is a very serious issue and their argument is certainly a
legitimate concern on the surface. However, it is an argument that the Free
Software community would do well to reject: Why would we wish to sacrifice
users' freedoms for any reason, let alone these fairly absurd ones. In
particular, a support contract could dictate that only unmodified software
will be provided assistance and even mandate that the hardware indicate
changes in software: like breaking the ``void'' sticker when opening a
hardware component. Moreover, how frequently would such a situation
actually happen relative to their entire customer base? My guess is: fairly
infrequently. The second issue is a more complicated one, as I am not as
familiar on such topics, but a manufacturer can still assert that the
software that it provides with its devices is compliant. If the compliance
process forbids any possibility of brining the software into
non-compliance---that is, allowing the user to modify the software---then
the hardware manufacturer can choose to not use free software (and free
software advocates will subsequently reject it until standards bodies grow
up).
As I mentioned at the beginning of this article: this is a view that I will
respect for the project. I disagree with it, but FreeBSD is still free
software and we would do well not to discriminate against it simply because
someone else may decide to bastardize it and betray their users by making it
proprietary or providing shackles[16]. However, provided the licensing
option for your own software, you should choose the GPL.
**Colophon:** The title of this article is a play on [RMS' ``Copyright vs.
Communty''][20], which is a title to a speech he frequently provides
worldwide. His speech covers how copyright works against the interests of
the community; here, BSD advocates aruge that [copyleft][7] works against
the interests of *their* community and their users; I figured that I would
snag this title as a free software advocate before someone else opposing
copyleft did.)
[0] http://unix.stackexchange.com/a/49970
[1] [cref:3c37140146dac754ffd80ed8ab4aaa7c182c9c00]
[2] http://www.freebsd.org/doc/faq/introduction.html#FreeBSD-goals
[3] http://en.wikipedia.org/wiki/Richard_Stallman
[4] http://www.gnu.org/philosophy/freedom-or-power.html
[5] http://www.gnu.org/licenses/license-list.html#ModifiedBSD
[6] http://www.gnu.org/philosophy/free-sw.html
[7] http://www.gnu.org/copyleft/
[8] http://en.wikipedia.org/wiki/Copyleft#Viral_licensing
[9] http://www.gnu.org/philosophy/misinterpreting-copyright.html
[10] http://en.wikipedia.org/wiki/BSD_licenses
[11] http://www.gnu.org/licenses/gpl.html
[12] http://www.gnu.org/philosophy/open-source-misses-the-point.html
[13] Technically, the GPL exercises restrictions only on distributors; a
developer can integrate GPL'd code into their proprietary software so
long as they do not distribute it (as defined in the GPL).[11] However,
developers often have to cater to distributors, since software will
generally be distributed; if it is not, then it is not relevant to this
discussion.
[14] http://www.gnu.org/licenses/rms-why-gplv3.html
[15] http://www.fsf.org/blogs/community/antifeatures
[16] http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
[17] http://lwn.net/Articles/200422/
[18] http://en.wikipedia.org/wiki/Linux_kernel
[19] http://www.freebsdfoundation.org/press/2007Aug-newsletter.shtml
[20] http://www.gnu.org/philosophy/copyright-versus-community.html
OpenSignal---a company responsible for mapping wireless signal
strength by gathering data using mobile device software---noticed [an
interest correlation between battery temperature on devices and air
temperature][0].
Aggregating daily battery temperature readings to city level revealed a
strong correlation with historic outdoor air temperature. With a
mathematical transformation, the average battery temperature across a
group of phones gives the outdoor air temperature.[0]
**Note:** Graph renderings on their website require proprietary JavaScript, but
the article does describe it in detail, so it is not necessary. In
particular, note that, from their provided equation[0], their scaling factor
`m' implies that there is a smaller variance in battery temperature in the
graph than there is in the actual air temperature, but that there is still a
correlation.
This is an interesting find. The article further states that ``[...] we have
one data point where the Android data is actually more reliable than the
traditional source.''
Such data can be very useful in providing decentralized data, so long as
[issues of privacy][1] are addressed. Doing so is not terribly difficult,
but would have a number of factors. In particular, the user would need the
means to submit data anonymously, which could be done via software/networks
such as [Tor][2]. GPS location data is certainly a privacy issue when it is
tied to your mobile device, but fortunately, it's unneeded: you can trust
your users to let you know where they reside by either (a) opting into using
location services or (b) allowing them to specify a location or approximate
location of their choosing (approximations would be important since a user
may not wish to change their location manually while they travel, say, to
and from work). If enough devices submit data, then legitimate data would
drown out those who are trying to purposefully pollute the database. Such an
example can be seen with Bitcoin, in which networks will [reach a consensus
on correct blockchains][3] so long as ``a majority of computing power is
controlled by nodes that are not cooperating to attack the network''. Of
course, users would be able to pollute the network by sending false data as
it is, and the data is already tarnished from various factors such as body
heat.[0]
Of course, I do assume that mobile devices will contain temperature sensors
in the future; [some already do][4] (but I cannot encourage their use, as
they use [proprietary software][5]). However, this is still a clever hack (I
suppose that term is redundant). In my searching while writing this article,
I did notice [prior examples of ambient temperature readings using Android
software][6] ([proprietary][5]), but the software does not aggregate data
for purposes of determining weather patterns.
Finally, please do not download OpenSignal's app; it too is
[proprietary][5]; this discussion was purely from a conceptual standpoint
and does not endorse any software.
[0] http://opensignal.com/reports/battery-temperature-weather/
[1] [cref:c449ff03fbd10e2ad113a6b8cd95dacb8126efdf]
[2] https://www.torproject.org/
[3] http://en.wikipedia.org/wiki/Protocol_of_Bitcoin
[4] http://stackoverflow.com/a/11628921
[5] http://www.gnu.org/philosophy/free-sw.html
[6] https://play.google.com/store/apps/details?id=androidesko.android.electronicthermometer&hl=en
It is very disturbing that [Microsoft decided that it would be a good idea
to display targeted ads on local searches][0]---that is, if you search for a
file on your PC named ``finances'', you may get ads for finance software,
taxes, etc. If you search for ``porn'', well, you get the idea.
Bing Ads will be an integral part of this new Windows 8.1 Smart Search
experience. Now, with a single campaign setup, advertisers can connect
with consumers across Bing, Yahoo! and the new Windows Search with highly
relevant ads for their search queries. In addition, Bing Ads will include
Web previews of websites and the latest features like site links, location
and call extensions, making it easier for consumers to complete tasks and
for advertisers to drive qualified leads.[1]
While that is certainly obnoxious, consider the larger issue of privacy
(which seems to be in the news a lot lately[2][3]): Late last year, there
was an uproar in the Free Software community when [Ubuntu decided to query
Amazon---enabled by default---on local searches][4] using their new Unity
interface. The problem is that your personal queries are being sent to a
third party---queries that you generally would expect to be private. If I
run a `find' or `grep' command on my system, I certainly do not expect it to
report to Amazon or Microsoft what I am searching for.
And to make matters even worse, Microsoft is exploiting this information to
allow advertisers to target you. [Ironic.][5]
[Do not use Windows 8][6] (or any other proprietary software, for that
matter).
[0] http://www.computerworld.com/s/article/9241524/Steven_J._Vaughan_Nichols_Microsoft_Bing_bang_bungles_local_search
[1] http://community.bingads.microsoft.com/ads/en/bingads/b/blog/archive/2013/07/02/new-search-ad-experiences-within-windows-8-1.aspx
[2] [cref:2d97ce3e654c74345794bedcbcca215cfaf75e20]
[3] [cref:c9a9837b4f23c1e350d270d9782544fdef705bc0]
[4] http://www.fsf.org/blogs/rms/ubuntu-spyware-what-to-do
[5] http://www.scroogled.com/email/
[6] https://www.fsf.org/windows8
An article about [the scope of Facebook's data collection][0] speaks for
itself; this really does not come as a surprise, but is nonetheless
unsettling.
Encourage your friends, colleagues and acquaintances to use services like
[Diaspora][1] that are respectful of your data instead. Better yet: explain
to those individuals the problems of social media services and ask that they
respectfully leave you out of it.
[0] http://www.groovypost.com/news/facebook-shadow-accounts-non-users/
[1] https://joindiaspora.com/
We're not talking about kids hiding out in trashcans talking on
walkie-talkies and giggling to each other.
Ars has reported on [London trashcans][0] rigged to collect the [MAC
addresses][1] of mobile devices that pass by. Since we do not often see
mobile devices carrying themselves around, we may as well rephrase this as
``collect the MAC addresses of people that pass by''.
During a one-week period in June, just 12 cans, or about 10 percent of the
company's fleet, tracked more than 4 million devices and allowed company
marketers to map the ``footfall'' of their owners within a 4-minute
walking distance to various stores.[0]
Your device's---er, *your*---MAC address is a unique identifier that, in
the case of wireless networks, is used by the networks to state that a
message is intended specifically for you---something that is necessary since
wireless devices communicate through open air and, therefore, your device is
also able to pick up the communications of other devices.
In IEEE 802 networks such as Ethernet, token ring, and IEEE 802.11, and in
FDDI, each frame includes a destination Media Access Control address (MAC
address). In non-promiscuous mode, when a NIC receives a frame, it
normally drops it unless the frame is addressed to that NIC's MAC address
or is a broadcast or multicast frame.[2]
Therefore, in such networks, a MAC address is required for communication. So
why does your device freely give away such a unique identifier that can be
used to track you? Consider that, when wireless is enabled (and, as the Ars
article[0] mentions, sometimes [even when it's not][3]), your device
generally scans your surroundings in order to provide you with a list of
networks to connect to. This list is generally populated when various access
points broadcast their own information to advertise themselves so that you
can select them to connect. However, some access points are hidden---they do
not broadcast their information, which helps to deter unwanted or malicious
users. To connect to these access points, you generally provide the name
that the access point administrator has given to it (e.g. ``mysecretap'').
Let's say you disconnect from mysecretap. Since the access point (AP) is not
broadcasting itself, how does your device know when it is available again?
It must attempt to ping it and see if it gets a response. With this ping is
your MAC address. Since many devices conveniently like to connect
automatically to known access points when they become available, it is
likely that your device is pinging rather frequently.
But what if you do not use hidden access points? Well, it is likely that the
same issue still stands---what if the access point that you connected to was
once listed but then becomes hidden? (Maybe the administrator of the access
point allowed broadcasts for a period of time to allow people to connect
easily, but then hid it at a later time.) Your device would need to account
for that, and therefore, to be helpful, likely broadcasts pings for any
access point you have connected to recently (where ``recently'' would depend
on your device).
Now, back to the [NSA][5]-wannabe-trashcans: At this point, all an observer
must do is lay in wait for those broadcasts and record the MAC addresses. By
placing these devices at various locations, you could easily track the
movements of individuals, including their speed, destinations, durations of
their visits, visit frequencies, favorite areas, dwellings, travel patterns,
etc. Since devices may broadcast a whole slew of recent access points that
it connected to, you could also see areas that the owner may have been to
(oh, I see that you connected to the free wifi in that strip joint). You
[could be evil][6].
Turn off wireless on your device when you are not using it---especially when
you are traveling. Ensure that your device [does not continue pinging access
points when wireless is disabled][3].
Better yet, fight back. Consider exploring how to spoof your MAC address,
perhaps randomly generating one every so often. Consider the possibilities
of activist groups that may pollute these spy databases by gathering a list
of unique MAC addresses of passerbys for the purpose of rebroadcasting them
at random intervals---which you could even do using long-range antennas
targeted at these devices.[7] If done properly to mimic models of common
travel patterns, the data that these spy devices gather would become
unreliable.[8]
Surveillance by any entity---be it [governments][5], corporations,
individuals or otherwise---is not acceptable.
[0] http://arstechnica.com/security/2013/08/no-this-isnt-a-scene-from-minority-report-this-trash-can-is-stalking-you/
[1] http://en.wikipedia.org/wiki/MAC_address
[2] http://en.wikipedia.org/wiki/Promiscuous_mode
[3] http://arstechnica.com/gadgets/2013/08/review-android-4-3-future-proofs-the-platform-with-multitude-of-minor-changes/3/#p15
[4] http://arstechnica.com/security/2013/08/diy-stalker-boxes-spy-on-wi-fi-users-cheaply-and-with-maximum-creep-value/
[5] [cref:c9a9837]
[6] http://renewlondon.com
[7] Disclaimer: Please research your local laws.
[8] Of course, it is important that such an activity in itself does not
violate a person's privacy, and so such collection must be done in a manner
that cannot in itself identify the person's travel patterns (e.g. by
not storing information on what access point the data was collected from).
**See Also:** [National Uproar: A Comprehensive Overview of the NSA Leaks and
Revelations][0]; I have not yet had the time to devote to writing a thorough
follow-up of recent events and will likely wait until further information and
leaks are presented.
[Edward Snowden][1]---the whistleblower responsible for [exposing various NSA
dragnet spying programs][0], among other documents---has been [stuck in the
Moscow airport][2] for quite some time while trying to figure out how he will
travel to countries offering him asylum, which may involve traveling through
territories that may cooperate with the United States' extradition requests.
Snowden [issued a statement today to Human Rights groups at Moscow's
Sheremetyevo airport][3], within which he mentioned:
I announce today my formal acceptance of all offers of support or asylum I
have been extended and all others that may be offered in the future. With, for
example, the grant of asylum provided by Venezuela’s President Maduro, my
asylee status is now formal, and no state has a basis by which to limit or
interfere with my right to enjoy that asylum. [...] I ask for your assistance
in requesting guarantees of safe passage from the relevant nations in securing
my travel to Latin America, as well as requesting asylum in Russia until such
time as these states accede to law and my legal travel is permitted. I will be
submitting my request to Russia today, and hope it will be accepted
favorably.[3]
Snowden had previously [withdrawn his request for political asylum in Russia][4]
after [Vladmir Putin stated that he could stay][5] only if he stopped ``bringing
harm to our American partners''---something which [Snowden does not believe that
he is doing][6]. Although Venezuela has offered Snowden asylum, as [explained by
the Guardian][6], ``he remains unable to travel there without travel
documents''. Even if he does obtain travel documents, there are still
worries---earlier this month, the [Bolivian president's plane was diverted with
suspicion that Snowden was on board][7], showing that certain countries may be
willing to aid the U.S. in his extradition or otherwise prevent him from
traveling.
My focus on these issues will seldom be on Snowden himself---I would prefer to
focus primarily on what he sacrificed his life to bring to light. But it is
precisely this sacrifice that makes it important to ensure that Snowden does not
fall out of the picture (though it does not appear that he will any time soon).
The Guardian also seems to have adopted the strategy of slowly providing more
information on the leaks over time---such as the recent revelation that
[Microsoft cooperated with the NSA's Prisim program to provide access to
unencrypted contents of Outlook.com, Hotmail, Skype and SkyDrive services][8]; I
will have more on that later.
I end this with a photograph taken yesterday of [Richard Stallman with Julian
Assange holding up a picture of Snowden][9] that brings a smile to my face.
[0] [cref:c9a9837b4f23c1e350d270d9782544fdef705bc0]
[1] https://en.wikipedia.org/wiki/Edward_Snowden (Now with his own Wikipedia page)
[2] http://www.guardian.co.uk/world/2013/jul/01/edward-snowden-escape-moscow-airport
[3] http://wikileaks.org/Statement-by-Edward-Snowden-to.html
[4] http://www.guardian.co.uk/world/2013/jul/02/edward-snowden-nsa-withdraws-asylum-russia-putin
[5] http://www.guardian.co.uk/world/2013/jul/01/putin-snowden-remain-russia-offer
[6] http://m.guardiannews.com/world/2013/jul/12/edward-snowden-accuses-us-illegal-campaign
[7] http://www.guardian.co.uk/world/2013/jul/05/european-states-snowden-morales-plane-nsa
[8] http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
[9] http://twitpic.com/d279tx
All ``thoughts''---that is, my blog-like entries that are generated by the
repository commit messages---and site text are hereby retroactively relicensed
under the [Creative Commons Attribution-ShareAlike 3.0 Unported License][0].
This license shall not supersede any license that is explicitly put forth within
a work; see the COPYING file within the thoughts repository---available on the
``Projects'' page---for more information.
This is not a decision I take lightly; it has received much thought over the
course of recent years. For some time, I accepted [the view of Richard Stallman
and the Free Software Foundation][1] on opinion pieces in that, since they
express personal opinions, it is not unreasonable to require that they be
distributed verbatim. Indeed, it would seem wise not to allow someone to change
your words, especially on something that you are passionate about.
However, I have come to adopt another perspective. What is the motivation behind
releasing content under a license that permits modification (that is, the
creation of derivative works)? Often, the primary reason is to allow others to
improve upon the content or to modify it to suit their particular needs. To
prevent others from locking down those changes---preventing others from having
the same rights as they did---many will often release their works under licenses
that require that all derivatives be released under the same terms. In the case
of Creative Commons, this is called [``ShareAlike''][2], which is motivated by
GNU's copyright hack called [copyleft][3] (popularized by the [GNU General
Public License][4]).
For [free software][5] advocates, the question of whether or not to permit
modification is generally not even raised---it is a necessity. Software serves a
functional purpose: Prohibiting modification could prevent users from altering
the software in ways that they may find useful and could be used to exert
control over the users. Software does stuff. Software can control what the user
can and cannot do.
Creative works are often considered in a different light. Like software, they
are indeed useful---they can be tools to learn, to entertain, etc. However, does
prohibiting modification do any harm? In the case of [documentation for free
software][6], yes---documentation is very important and can make the difference
between highly useful software and impenetrable software. Free documentation
ensures that, as the software grows, the documentation can grow with it. Since
the documentation for many projects is often scarce or poorly written (great
computer hackers are not necessarily great language hackers), the freedom to
modify the documentation is a necessity.
Then what of texts that have nothing to do with a free software project? Texts
that serve as an educational resource of any kind would benefit from being free
just as a free software project would---experts could contribute, teachers could
alter it to suit their particular teaching style or their classroom setting,
etc. But what of texts that exist purely as opinion pieces?
I'm not sure there's such a thing as a ``pure'' opinion piece, unless it is
utter garbage.
An author would do well to substantiate their opinion with appropriate
references (though often times, this is not the case). With those
references (or lack thereof) comes the need to connect them to the content---the
author must explain his or her opinion. This explanation is educational, even if
the reader does not agree with the opinion. Perhaps the reader wishes to use the
opinion piece as a resource, but notices that it is lacking in some respect.
Should they not be able to improve it, perhaps to even further the author's
point? Or, perhaps the opinion piece could be extended to the contrary---to
prove additional references to either make it neutral or even work against the
author's original opinion. Even though this may not be what the author wants,
this is still a useful derivation of the original work.
As an example, consider this very post. This is clearly an opinion piece---I
have made the choice to release my content under a Creative Commons license and
I am substantiating my opinion in the hope that others may gain insight and
possibly even choose the same path for their own creative works. What if someone
wished to present this article to a group of individuals---maybe in the
workplace---but found my ``garbage'' comment to be unnecessarily harsh? What
personal harm would I incur if they were to remove that statement? However, what
if they wished to go further by replacing all references to ``free software''
with references to ``open source''---a term which I [reject][7]? Well, this
could potentially affect my image, depending on the group's philosophy. What
now?
There are a few important points to note from this. Firstly, the license
mandates that:
If You Distribute, or Publicly Perform the Work or any Adaptations or
Collections, You must, unless a request has been made pursuant to Section
4(a), keep intact all copyright notices for the Work and provide, reasonable
to the medium or means You are utilizing: (i) the name of the Original Author
(or pseudonym, if applicable) if supplied, and/or if the Original Author
and/or Licensor designate another party or parties (e.g., a sponsor institute,
publishing entity, journal) for attribution ("Attribution Parties") in
Licensor's copyright notice, terms of service or by other reasonable means,
the name of such party or parties; (ii) the title of the Work if supplied;
(iii) to the extent reasonably practicable, the URI, if any, that Licensor
specifies to be associated with the Work, unless such URI does not refer to
the copyright notice or licensing information for the Work; and (iv) ,
consistent with Ssection [sic] 3(b), in the case of an Adaptation, a credit
identifying the use of the Work in the Adaptation (e.g., "French translation
of the Work by Original Author," or "Screenplay based on original Work by
Original Author").[8]
In plain English---you must provide attribution to the original author and
indicate that the work has been modified from the original. Furthermore:
The credit required by this Section 4(c) may be implemented in any reasonable
manner; provided, however, that in the case of a Adaptation or Collection, at
a minimum such credit will appear, if a credit for all contributing authors of
the Adaptation or Collection appears, then as part of these credits and in a
manner at least as prominent as the credits for the other contributing
authors.[8]
It would therefore be appropriate to assume that an author of a derivate work
will, in good faith, make clear attribution. Should this not be the case, then
what is to say that the author would not have simply modified a work which is
not licensed to permit modifications?
The next point is another simple one: Under United States copyright law, the
[fair use doctrine][9] permits limited use of a copyrighted work without prior
consent from the author; it is this doctrine that allows, for example, authors
and journalists to quote portions of other works to report on or back up their
arguments. This means that, even if the license did not permit, an author could
still incorporate *portions* of my work to support their own arguments or agenda,
regardless of whether or not I may agree with it. This segues into the final
point.
Who am I to [dictate others opinions][10]? It would not be right of me to limit
one's freedom simply because they violate my own personal opinions or beliefs.
Therefore, if this is one condition under which I would decide to restrict my
creative works, then that reason should be immediately dismissed. This means
that---within the context of my previous example---if someone wanted to alter
all the references to ``free software'' in my work to adapt it to their own
personal style, then they should be permitted to do so. Such a work is no longer
my own: They must clearly state that it has been altered from the original.
Hopefully readers take notice of that. My works are always published on my own
personal website where the originals can be found; with today's search engines,
such a task is trivial. If someone neglects to do so---and I do understand that
many will neglect to do so---then they have not made an informed opinion on the
material.
Another minor point would be that, for the majority of my works, it is unlikely
that anyone will be making any sort of alteration.
As such, I find that I have little ground to stand on should I attempt to
rationalize a more restrictive license. Any remaining arguments, such as ``what
if they sell your content or modify it only slightly and are given more credit
for the work than they deserve?'' are already covered by the free software
philosophy can may be easily adopted here.
[0] http://creativecommons.org/licenses/by-sa/3.0/
[1] http://www.gnu.org/licenses/license-list.html#OpinionLicenses
[2] http://creativecommons.org/licenses/
[3] https://www.gnu.org/copyleft/copyleft.html
[4] https://www.gnu.org/copyleft/gpl.html
[5] https://www.gnu.org/philosophy/free-sw.html
[6] https://www.gnu.org/philosophy/free-doc.html
[7] http://www.gnu.org/philosophy/open-source-misses-the-point.html
[8] http://creativecommons.org/licenses/by-sa/3.0/legalcode
[9] http://en.wikipedia.org/wiki/Fair_use
[10] http://www.gnu.org/philosophy/programs-must-not-limit-freedom.html
With the CC BY-SA addition, the line of images would otherwise wrap. The font
size is adjusted slightly to be more proportional with the images.
The images dimensions are reduced by 20%.
The page is designed for modern PC resolutions---that is, 1280 or greater width.
Since it uses a 300px right-hand sidebar in conjunction with fairly generous
margins (for the index pages, at least), this causes problems with smaller
resolutions.
For the classic (but outdated) 1024px resolution, the margins will adjust to
give more viewing room. For 640px or less resolutions, which are common on some
mobile devies such as tablets, the headline that is normally displayed in the
sidebar is moved to the top and the images are significantly reduced in size,
providing 300px additional viewing width. The 42x42px images that are displayed
below the GNU logo on the upper-right are also moved to the top of the page and
to the left of the GNU logo and certain other margins (such as blockquote and
ul) are reduced.
At around 400px, the images next to the GNU logo start to become problematic and
may overlap with the title; therefore, the size of the images are halved so that
they can fit above the title. This happens to be close the resolution of certain
mobile devices, such as the iPhone (which unfortunately I see many hits from in
my sever logs) with a width of 320px, so this is the layout that will be used
for such devices.
Note that the styles for these widths are build atop of the existing rules and
essentially ``undo'' certain styles; this is to fall back to the default desktop
style in case the browser does not support such media queries.
I am finding it difficult to keep up with the flood of reports in my little free
time, while still finding the time to brush up on relevant history. My hope is
to provide a summary of recent events and additional background---along with a
plethora of references---that will allow the reader to perform further research
and to formulate educated, personal opinions on the topics. If you do not care
for my commentary, simply scroll to the list of references at the bottom of this
article.
Many [individuals and organizations][0] have long warned of [digital privacy
issues][1], but there has been one agency in particular that has been the
subject of much scrutiny---the [National Security Agency (NSA)][2], which is a
United States government agency[3] that has a [long history of controversial
spying tactics][4] on its country's own citizens. It is a chilling topic---one
that can easily make any person sound like they've latched onto an Orwellian
conspiracy.
**Wednesday, June 5th, 2013**---[the Guardian newspaper publishes a leaked
document][5][6][7] ordering Verizon to
[...] produce to the National Security Agency (NSA) upon service of this
Order, and continue production on an ongoing daily basis thereafter for the
duration of this Order, [...] an *electronic copy of* the following tangible
things: *all call detail records or ``telephony metadata''* created by Verizon
for communications (i) between the United States and abroad; or (ii) wholly
within the United States, *including local telephone calls*.[6] [emphasis
added]
The order goes on to describe ``telephony metadata'' to include routing
information, source and destination telephone numbers, IMSI and IMEI numbers,
and time and duration of the call; it ``does not include the substantive content
of any communication''---the communication content itself.[6] This order was
[issued by the Foreign Intelligence Surveillance Court (FISC)][8] under [section 215
of the Patriot Act][9]. (This news comes [less than three months after United
States District Judge Susal Illston ruled NSA Letters' gag provisions
unconstitutional][10].)
This report caused a massive uproar, but [came as no surprise][11] to many
security researchers and privacy advocates. Early last year, Wired released an
article stating that [the NSA ``Is Building the Country's Biggest Spy
Center''][14]. Privacy concerns were raised in November of last year by [the
Petraeus scandal][14]. In March of this year, Google released figures showing
that [the NSA is secretly spying on some of its customers][15]. Two months later,
[outrage][17] after the Associated Press discovers that [the Justice Department
collected the calling records of many of its reporters and editors][18].
Additionally, [the EFF already had cases against the NSA's actions][2]---[Jewel
v. NSA][12] and [Hepting v. AT&T][13] both focus on unconstitutional dragnet
surveillance of innocent citizens' data and communications. These cases will be
explored in further detail throughout this article.
But the chaos didn't end there.
**Thursday, June 6th, 2013**---just one day after the Guardian reported on the
leaked Verizon order, the newspaper reports on [a leaked slideshow describing
PRISM][19], a top-secret program that ``claims direct access to servers of firms
including Google, Apple and Facebook. According to the leaked document, the NSA
supposedly has the ability to collect material including e-mail, chat, video and
voice communications, photos, stored data and more.[19]. Responses from most
companies was immediate. In a [blog post entitled ``What that...?''][20], Larry
Page---Google's CEO---put very plainly that Google does not participate in such
a program and denied any knowledge of PRISM:
First, we have not joined any program that would give the U.S. government—or
any other government—direct access to our servers. Indeed, the U.S. government
does not have direct access or a ``back door'' to the information stored in
our data centers. We had not heard of a program called PRISM until yesterday.
Second, we provide user data to governments only in accordance with the
law.[20] --Larry Page, Google CEO
[Mark Zuckerberg of Facebook also denied involvement][21], calling such claims
``outrageous`` and encouraging governments to be ``much more transparent about
all programs aimed at keep the public safe'':
I want to respond personally to the outrageous press reports about PRISM:
Facebook is not and has never been part of any program to give the US or any
other government direct access to our servers. We have never received a
blanket request or court order from any government agency asking for
information or metadata in bulk, like the one Verizon reportedly received. And
if we did, we would fight it aggressively. We hadn't even heard of PRISM
before yesterday. [...] We strongly encourage all governments to be much more
transparent about all programs aimed at keeping the public safe. It's the only
way to protect everyone's civil liberties and create the safe and free society
we all want over the long term.[21] --Mark Zuckerberg, Facebook CEO
Indeed, [all companies eventually denied involvement with PRISM][22].
**Friday, June 7th, 2013**---Two days after the initial Verizon report[5] and one day
after the publishing of portions of the PRISM documents[19], the White House
responded to the Guardian reports with President Obama [defending his
administration][16]. Unfortunately, given the [history of the NSA surveillance
programs][4]---especially since the Bush administration after the 9/11
attacks---it may be difficult to believe that his words are the whole truth. As
such, we will use portions of his transcript[16] to guide the remainder of this
discussion.
**Jackie Calmes:** Mr. President, could you please react to the reports of
secret government surveillance of phones and Internet? And can you also assure
Americans that the government — your government doesn’t have some massive
secret database of all their personal online information and activity?
**Obama:** [...] Now, the programs that have been discussed over the last
couple days in the press are secret in the sense that they’re classified, but
they’re not secret in the sense that when it comes to telephone calls, every
member of Congress has been briefed on this program.
With respect to all these programs, the relevant intelligence committees are
fully briefed on these programs. These are programs that have been authorized
by broad, bipartisan majorities repeatedly since 2006. And so I think at the
outset, it's important to understand that your duly elected representatives
have been consistently informed on exactly what we’re doing.[16]
There are some important notes regarding the phrasing of the President's
statement. Firstly, it is important to note that the President is *confirming the
existence of* the programs that ``have been discussed over the last couple days
in the press''---that is, the Verizon FISA Court order[5] and the PRISM[19]
leak. However, it is also important to take a step back and note that the
President did *not* state outright that the reports tell the whole---or even the
correct---story. So what do we know?
On June 6th---a day before the White House responded to the leaks---the Director
of National Intelligence James Clapper [declassified certain information pertaining
to the ``business records'' provision of FISA][23], stating, ``I believe it is
important for the American people to understand the limits of this targeted
counterterrorism program and the principles that govern its use''. This statement
mentions that:
Although this program has been properly classified, the leak of one order,
without any context, has created a misleading impression of how it operates.
[...] The program does not allow the Government to listen in on anyone's phone
calls. The information acquired does not include the content of any
communications or the identity of any subscriber. The only type of information
acquired under the Court's order is telephony metadata, such as telephone
numbers dialed and length of calls.[23]
The term ``telephony metadata'' could mean anything; the ``numbers dialed'' and
``length of calls'' are part of it, but what does the Court order[6]
specifically request?
IT IS HEREBY ORDERED that [Verizon] shall produce to the [NSA] [...], and
continue production on an ongoing daily basis [...] for the duration of this
Order, [...] all call detail records or ``telephony metadata'' [...].
Telephony metadata includes comprehensive communications routing information,
including but not limited to [...] originating and terminating telephone
number, [...] International Mobile Subscriber Identity (IMSI) number,
International Mobile station Equipment Identity (IMEI) number, [...] trunk
identifier, telephone calling card numbers, and time and duration of call.
Telephony metadata does not include the substantive content of any
communication [...], or the name, address, or financial information of a
subscriber or customer.[6] --FISA Court order
The President made this point very clear:
**Obama:** When it comes to telephone calls, nobody is listening to your
telephone calls. That’s not what this program’s about. As was indicated, what
the intelligence community is doing is looking at phone numbers and durations
of calls. They are not looking at people’s names, and they’re not looking at
content. But by sifting through this so-called metadata, they may identify
potential leads with respect to folks who might engage in terrorism. If these
folks — if the intelligence community then actually wants to listen to a phone
call, they’ve got to go back to a federal judge, just like they would in a
criminal investigation. So I want to be very clear. Some of the hype that
we’ve been hearing over the last day or so — nobody’s listening to the content
of people’s phone calls.[16]
The EFF provides compelling arguments as to why [metadata is important to our
privacy][24]. One such example: ``They know you spoke with an HIV testing
service, then your doctor, then your health insurance company in the same hour.
But they don't know what was discussed.'' The EFF further states, ``the
government has given no assurances that this data will never be correlated with
other easily obtained data''. So, while the President may try reassuring us by
stating that ``they've got to go back to a federal judge'', he certainly does
not make it clear that they may already have enough information *without* having
to do so---from this supposedly non-content metadata. They do not need to
subpoena the phone company for the name or address of the individual in most
cases, as reverse telephone directories are readily available. With that, they
then have the names of yourself, everyone you have called and GPS data.
Another argument worthy of strong consideration is posed by Daniel J.
Solove---[what if the government is wrong about your intentions][25]? How can
you go about correcting incorrect data if its very existence is hidden from the
public?
What if the government leaks the information to the public? What if the
government mistakenly determines that based on your pattern of activities,
you're likely to engage in a criminal act? What if it denies you the right to
fly? What if the government thinks your financial transactions look odd—even
if you've done nothing wrong—and freezes your accounts? What if the government
doesn't protect your information with adequate security, and an identity thief
obtains it and uses it to defraud you?[25]
These are serious questions. Even if you---the reader---are of the type that sates
``I don't care; I have nothing to hide'', then consider that, despite the government's
best efforts to secure and protect the data, [it could possibly fall prey to
enemies of the United States][25]. Consider that the [Chinese cracked into
Pentagon systems][26], taking ``designs for more than two dozen major weapon systems
used by the United States military''.
Of course, we are now assuming that that the NSA is (a) operating in accordance with the
Court order with respect to the privacy of communications content and (b) that
the President's statement is not intentionally omitting projects that *do*
warrantlessly wiretap innocent Americans' communications. Historically, the NSA has not
given us reason to entertain either of these thoughts.
**January 31, 2006**---[Hepting v. AT&T][13]; the EFF files a case suing AT&T on
behalf of its customers for ``violating privacy law by collaborating with the
NSA in the massive, illegal program to wiretap and data-min Americans'
communications''. This case included ``undisputed evidence`` from former AT&T technician
Mark Klein showing that [AT&T routed a copy of all Internet traffic to an NSA-controlled
room in San Francisco][27]:
Through the ``splitter cabinet,'' the content of all of the electronic voice
and data communications going across the Peering Links [...] was transferred
from the WorldNet Internet room's fiber optical circuits into the
[NSA-controlled] SG3 Secure Room [...] including such equipment as Sun servers
and Juniper (M40e and M160) ``backbone'' routers. The list also included a
Narus STA 6400, which is a ``Semantic Traffic Analyzer.''[27]
That is---allegedly, AT&T indiscriminately passed *all* of the traffic passing
through its San Francisco facility into the NSA-controlled ``SG3 Secure Room''
where the NSA performed their *own* filtering, storage and analysis however they
pleased. This is an astounding accusation. Additionally, Klein further states
that ``other such `splitter cabinets' were being installed in other cities,
including Seattle, San Jose, Los Angeles and San Diego''.[27]
Unfortunately, Hepting was dealt a fatal blow in July 2008 when both the
government and AT&T were [awarded retroactive immunity][28] by the [FISA
Amendments Act (FAA)][29]. This startling turn was signed by President Bush in
response to the EFF's court victories in the case and ``allows the Attourney
General to require the dismissal of the lawsuits over the telecoms'
participation in the warrantless surveillance program''.[13] The case was
dismissed in June 2009 and dozens of other lawsuits.
Fortunately, the battle is not over. The EFF then filed [Jewel v. NSA][12] which
directly targets the ``NSA and other government agencies on behalf of AT&T
customers to stop the illegal unconstitutional and ongoing dragnet surveillance
of their communications and communications records''. This case was too based
on the testimony of Klein[27]. Additionally, the EFF had declarations of William
Binney, Thomas Drake and Kirk Wiebe---[three NSA whistleblowers][30]. Most
interesting (and damning) for the purposes of our discussion is the [Summary of
Voluminous Evidence][31].
I have served on the Intelligence Committee for over a decade and I wish to
deliver a warning this afternoon. When the American people find out how their
government has secretly interpreted [the business records provision of
FISA], they are going to be stunned and they are going to be angry.[32]
--Senator Ron Wyden
Note that the Senator is referring to precisely the same provision---business
records---that was partly declassified by James Clapper on Thursday.[23] Of
course, we are assuming that the NSA decides to go to the FISA Court for
permission; this apparently has not always been the case.
According to the summary of evidence[31], the NSA stated:
To perform both its offensive and defensive mission, NSA must ``live on the
network.'' [The program would be] a powerful and permanent presence on a
global telecommunications infrastructure where protected American
communications and targeted adversary communications will coexist.
This certainly shares some similarities with the Verizon case. But FISA stood
in the way of this goal; John Yoo explains why FISA was insufficient for such
a dragnet operation:
[U]nder existing laws like FISA, you have to have the name of somebody, have
to already suspect that someone's a terrorist before you can get a warrant.
[...] it doesn't allow you as a government to use judgment based on
probability to say: ``[...] there's a high probability that some of those
calls are terrorist communications. But we don't know the names of the people
making those calls.'' You want to get at those phone calls, those e-mails, but
under FISA you can't do that.[33] --Jon Yoo
After the September 11th attacks, ``FISA ceased to be an operative
concern''.[31] If that statement sounds unsettling, that is because it is;
President Bush subsequently authorized the NSA to ``conduct electronic
surveillance within the United States'' without an order from the FISA Court
(FISC). General Hayden phrased it as such: the program ``is a more [...]
`aggressive' program than would be traditionally available under FISA''.[34]
What---if anything---does this mean about any current NSA operations (including
the Verizon order)? If Bush is able to authorize such actions, what is to say
that Obama will not (and has not)?
Let us return to the statements from both Clapper[23] and Obama stating that
``nobody is listening to the content of your phone calls''.[16] We can certainly
hope that this is the case, but we shall continue to draw from evidence in the
Jewel v. NSA case[12] to see what the NSA has done in the past.
It was the biggest legal mess I've ever encountered.[35] --Jack Goldsmith, Justice
Department's Office of Legal Consel
The program operated ``in lieu of'' court orders.[36] Even more alarming (if such a
thing is possible), ``neither the President nor Attorney General approved the specific
interceptions; rather, the decision to listen or read particular communications was
made by intelligence analysts''; the only authorization needed was by an NSA
``shift supervisor''.[37] So, let's reiterate:
**Obama:** If these folks — if the intelligence community then actually wants to listen
to a phone call, they've got to go back to a federal judge, just like they
would in a criminal investigation.[16]
It may very well be that Obama is being truthful within context of the Verizon
order; perhaps they have learned from their mistakes with the AT&T dragnet.
Unfortunately, their secrecy is making it very difficult for the public to make
an informed analysis of the matter.
Ultimately, it is believed that Attorney General Comey's initial certifications of
the program were ``based on a misimpression of those activities'' due to a botched
legal analysis by Jon Yoo that was described as ``at a minimum [...] factually
flawed''. Yoo was the only OLC official to read into the program since its
inception in October 2001 until his leaving in May 2003.[31] When Comey refused
to reauthorize the program, Bush did so himself, resulting in threats of resignation
from Comey and ``about two dozen Bush appointees''. However, ``[d]espite the illegality
of the Program, no officials resigned.''[31].
In 2009, the New York Times published a series of articles regarding the
program, exposing a [``serious issue involving the NSA'' concerning
``significant misconduct''][38]. This included a ```flagrant' overcollection
of domestic email''.[31]
Because each court order could single out hundreds or even thousands of phone
numbers or e-mail addresses, the number of individual communications that
were improperly collected could number in the millions, officials said.[31]
That was then; this is now, right? How can we be sure of any connection between
the NSA of a decade ago vs. the NSA of today? Well, as an average citizen with
no security clearance, I can't. However, there are some important connections that
can be made. Firstly, recall Ron Wyden's quote above stating that the public
will be ``stunned'' and ``angry''.[32] On Thursday, June 6th, he [released this
statement on his Senate website][39]:
The program Senators Feinstein and Chambliss publicly referred to today is one
that I have been concerned about for years. I am barred by Senate rules from
commenting on some of the details at this time. However, I believe that when
law-abiding Americans call their friends, who they call, when they call, and
where they call from is private information. Collecting this data about every
single phone call that every American makes every day would be a massive
invasion of Americans’ privacy.[39] --Senator Ron Wyden
Perhaps the most obvious and direct connection is that the [government asked for
more time in Jewel v. NSA (and Shubert v. Obama) in light of the NSA
revelations][40].
The revelations not only confirmed what EFF has long alleged, they went even
further and honestly, we’re still reeling. EFF will, of course, be continuing
its efforts to get this egregious situation addressed by the courts.
[...] EFF and others had long alleged that, despite the rhetoric surrounding
the Patriot Act and the FISA Amendments Act, the government was still
vacuuming up the records of the purely domestic communications of millions of
Americans. And yesterday, of course, with the Verizon order, we got solid
proof.. And it appears that the reach of this vacuum goes much further, into
the records of our Internet service providers as well.[41] --Electronic
Frontier Foundation
This brings us back to PRISM.[19] Numerous sources reported that [the White
House confirmed][42] its existence. Indeed, if you consider the President's
original words--- ``the programs that have been discussed over the last couple
days in the press are secret in the sense that they’re classified''[16]---this
does seem to be a verification of the project's existence. However, confusion ensued
when [companies like Google and Facebook denied involvement][43], despite what
the [leaked information seems to state][19]. Yonatan Zunger---chief architect at
Google---[reiterated the words of Larry Page][44]:
I can also tell you that the suggestion that PRISM involved anything happening
directly inside our datacenters surprised me a great deal; owing to the nature
of my work at Google over the past decade, it would have been challenging --
not impossible, but definitely a major surprise -- if something like this
could have been done without my ever hearing of it. And I can categorically
state that *nothing* resembling the mass surveillance of individuals by
governments within our systems has ever crossed my plate.[44] --Yonatan
Zunger, Chief Architect, Google
Questions then arose as to what exactly ``PRISM'' is. Marc Ambinder with The Week
reported that [PRISM is nothing more than one of many different ``data collection
tools''][45] that may be used by the NSA. One day later, Marc posted another article
entitled [``Solving the mystery of PRISM''][46]
Each data processing tool, collection platform, mission and source for raw
intelligence is given a specific numeric signals activity/address designator,
or a SIGAD. [...] PRISM is US-984XN. Each SIGAD is basically a collection
site, physical or virtual; [...] PRISM is a kick-ass GUI that allows an
analyst to look at, collate, monitor, and cross-check different data types
provided to the NSA from internet companies located inside the United States.[46]
Others hypothesized that, due to the denial of involvement from various
companies[44], PRISM may operate by intercepting communications. The Guardian
[countered by releasing another slide from the leaked presentation][47], stating
outright that ``[b]oth of these theories appear to be contradicted by internal
NSA documents''.
It clearly distinguishes Prism, which involves data collection from servers,
as distinct from four different programs involving data collection from "fiber
cables and infrastructure as data flows past".[47]
This sounds a great deal like Klein's description of the SG3 Secure Room at
AT&T[27] (though I do not intend to imply that they are the same thing---that is
not clear, nor does Klien state that he ever noted the word ``PRISM'' on any
documents). The Guardian goes on to state that ``[a] far fuller picture of the exact
operation of Prism [...] is expected to emerge in the coming weeks and months''.
(Is that foreshadowing or an educated guess?)
There is, of course, the other obvious hypothesis---that organizations including
Google, Facebook and Microsoft are being [deceptive or not telling the whole
truth][48]. Alternatively, maybe such operations were being done under the noses
of executives. On Friday, the New York Times published an article stating that
the technology companies [``cooperated at least a bit''][49].
[Google, Micorsoft, Yahoo, Facebook, AOL, Apple and Paltalk] were legally
required to share the data under the Foreign Intelligence Surveillance Act.
[...] But instead of adding a back door to their servers, the companies were
essentially asked to erect a locked mailbox and give the government the key,
people briefed on the negotiations said. Facebook, for instance, built such a
system for requesting and sharing the information, they said.[49]
This does not necessarily mean that these companies had any knowledge,
specifically, of ``PRISM''. As the Guardian said, I will be curious to see what
information surfaces in the coming months; the gag provisions of the orders make
for an unfortunate situation for everyone involved.
Let us return to the President's statements.
**Obama:** And I welcome this debate. And I think it's healthy for our
democracy. I think it's a sign of maturity, because probably five years ago,
six years ago, we might not have been having this debate.[16]
This is a difficult debate to have, Mr. President, when the public does not know
of the existence of these programs; we only have knowledge of these programs due
to the aforementioned leaks---courageous individuals who feel that their
government is not representative of the democracy and freedom that it supposedly
represents. This segues into another statement from the President:
**Jackie Calmes:** Do you welcome the leak, sir? Do you welcome the leak if
you welcome the debate?
**Obama:** I don't---I don't welcome leaks, because there's a reason why these
programs are classified. [...] But that's also why we've set up congressional
oversight. These are the folks you all vote for as your representative in
Congress, and they’re being fully briefed on these programs.
Unfortunately, Obama seems to have missed another critical fact. We---the
people---vote for representatives that, well, ``represent'' *the issues that we
care about*. Those who are strongly opposed to gun legislation will vote for
those representatives that share those feelings and will fight to oppose such
legislation. Similarly, a pro-life supporter will probably not vote for a
candidate in favor of abortion. But what if there is a candidate that shares one
opinion but not another---say, opposes gun regulation but supports abortion,
when you as a voter are a pro-life gun-owner against gun legislation? Then you
will likely vote for the issues that you feel most strongly about (or what you
feel is a fair balance between all the other issues you follow). The problem
here, Mr. President, is that we---the people---are not made aware of these
issues because they are *classified*. How many people may not have voted for
you, Mr. President, had they known that you would support dragnet surveillance
of innocent Americans?
**Sunday, June 9th, 2013**---The Guardian continues to surprise the world by
[releasing the name of the NSA whistleblower at his request][50]. Edward
Snowden, a 29-year-old former CIA technical assistant and current defense
contractor employee is responsible for what The Guardian is calling ``the
biggest intelligence leak in the NSA's history''. Reporting from Hong
Kong---where Snowden fled to on May 20th in the hope of resisting the
U.S. government---Glenn Greenwald, Ewen MacAskill and Laura Poitras report
on his motives.
Three weeks ago, Snowden made final preparations [...] [a]t the NSA office in
Hawaii where he was working, [copying] the last set of documents he intended
to disclose.[50]
Snowden describes situations where he began to begin questioning his government,
such as a case where a CIA operative purposely encouraged a Swiss banker to get
intoxicated and drive drunk so that he would be arrested. ``Much of what I saw
in Geneva really disillusioned me about how my government functions and what its
impact is in the world.'' He mentioned that the election of Obama in 2008 gave
him hope for reform, but watched in 2009 as ``Obama advanced the very policies
that I thought would be reined in. [...] I got hardened.''[50]
It is this statement from Snowden that, if accurate, suggests that Obama not
only supports Bush's initial dragnet operation[31], but has further expanded it.
At this point, since the news is still quite young at the time that this article
was written, the world must wait to see what action the government will attempt
to take against Snowden. Reuters had already reported the previous day that
[the government is likely to open a criminal probe into the NSA leaks][51].
James Clapper, the director of U.S. national intelligence, condemned the leaks
and asserted that the news articles about PRISM contained ``numerous
inaccuracies.''[51]
Snowden is not the first to come forward as a whistleblower from the NSA---as we
discussed previously, three NSA whistleblowers came fourth previously to back the
EFF in Jewel v. NSA;[30] they each had the charges either cleared or dropped. That
said, [Obama has been aggressively pursuing whistleblowers][59]. Snowden
mentioned that he views his best hope of freedom as the possibility of asylum
with Iceland.[50] It appears that such may already be working in his favor, with
[Iclandic Legislator Birgitta Jonsdottir already starting the process to apply
for asylum][52], although it is not clear if Snowden has already applied.
There is a great deal to think about. Even though the [evidence against the NSA
dates far back][4], the recent revelations invoke emotions that are difficult to
describe. With countless individuals working to sift through the information,
the Obama administration under attack and nobody knowing if the Guardian is
sitting on even more information, the entire world will continue to watch
impatiently...and act.
While all this is going on, it would be useful to reiterate certain privacy and
security topics that have already been covered at large. Firstly, consider
checking out the EFF's [Surveillance Self-Defense][53] website, which contains
information on a number of topics including anonymity and how to respond to
court orders. Consider using [Tor for anonymity][54] online (but recognize that
it is not a full solution in itself). Consider [keeping your data to
yourself][55] rather than storing it on ``cloud'' services---[Richard Stallman
explains how Software as a Service (SaaS) differs in dangers from proprietary
software][56]. Consider using only [free software][57] to limit further
sacrifices in personal freedom and to limit the information that corporations
and third parties collect from you while using your computer and other devices.
Finally, if you have information that you want to leak to the press (whether or
not you are an [NSA employee][58]), you may be able to consider tools such as
[The New Yorker's Strongbox][60]; it uses [software created by Aaron Swartz][61]
shortly before his untimely death early this year.
Finally, aid senators like Rand Paul in developing [legislation to curb the powers
of the government][62]. We must also do our best to fight for the rights of
brave whistleblowers like Snowden. To end with the words of the EFF, [``we need
a new church committee and we need it now''][41].
[0] [cref:3fa69da6531cb2131a7f52d17eb77a75e01794ba] Re: Who Does Skype Let Spy; a response to Schneier's article.
[1] https://www.schneier.com/essay-418.html The Internet Is a Surveillance State
[2] https://www.eff.org/nsa-spying The EFF on NSA Spying
[3] https://www.eff.org/agency/national-security-agency The National Security Agency
[4] https://www.eff.org/nsa-spying/timeline Timeline of NSA Spying
[5] http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order
NSA collecting phone records of millions of Verizon customers daily
[6] http://s3.documentcloud.org/documents/709012/verizon.pdf PDF of the FISA Court order to Verizon.
[7] http://s3.documentcloud.org/documents/709012/verizon.txt Ibid; plain text version.
[8] https://www.eff.org/deeplinks/2013/06/confirmed-nsa-spying-millions-americans
Confirmed: NSA Spying on Millions of Americans
[9] https://www.eff.org/deeplinks/2011/10/ten-years-later-look-three-scariest-provisions-usa-patriot-act
Three Scariest Provisions of thet USA Patriot Act
[10] [cref:bc03bd3bfeb47854ee96987aeee0b6f5546e8307]
Federal Judge Declares National Security Letters Unconstitutional
[11] http://www.theatlantic.com/politics/archive/2013/06/what-we-dont-know-about-spying-on-citizens-scarier-than-what-we-know/276607/
Bruce Schneier comments on NSA leak.
[12] https://www.eff.org/cases/jewel Jewel v. NSA
[13] https://www.eff.org/cases/hepting Hepting v. AT&T
[14] [cref:d6f2e02111082126a71a1fbd04f99044785995c2]
Privacy In Light of the Petraeus Scandal
[15] [cref:a1f8634296246f2f771f99c04fb74af0a592481e]
Google Says the FBI Is Secretly Spying on Some of Its Customers
[16] http://blogs.wsj.com/washwire/2013/06/07/transcript-what-obama-said-on-nsa-controversy/
Obama on the NSA controversy.
[17] https://www.eff.org/deeplinks/2013/05/congressional-outrage-over-ap-phone-records
Congressional outrate of AP phone records.
[18] https://www.eff.org/deeplinks/2013/05/doj-subpoena-ap-journalists-shows-need-protect-calling-records
[19] http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data
[20] http://googleblog.blogspot.com/2013/06/what.html Larry Page denies PRISM involvement.
[21] https://www.facebook.com/zuck/posts/10100828955847631 Mark Zuckerberg denies PRISM involvement.
[22] http://www.guardian.co.uk/world/2013/jun/07/google-facebook-prism-surveillance-program
[23] http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/868-dni-statement-on-recent-unauthorized-disclosures-of-classified-information
James Clapper---Directory of National Intelligence---declassifies
information pertaining to the ``business records'' provision of FISA.
[24] https://www.eff.org/deeplinks/2013/06/why-metadata-matters The EFF describes why telephony metadata can have a significant impact on our privacy.
[25] http://mashable.com/2013/06/08/china-hack-nsa/ What if crackers get a hold of the NSA's databases?
[26] http://rt.com/usa/us-chinese-report-defense-888/ The Chinese crack into Pentagon systems.
[27] https://www.eff.org/file/28823 Public unredacted Mark Klein declaration; [Hepting v. AT&T][13]
[28] https://www.eff.org/pages/case-against-retroactive-amnesty-telecoms The Case Against Retroactive Amnesty for Telecoms.
[29] http://www.govtrack.us/congress/bills/110/hr6304/text FISA Amendments Act (FAA).
[30] https://www.eff.org/press/releases/three-nsa-whistleblowers-back-effs-lawsuit-over-governments-massive-spying-program
Three NSA whistleblowers back the EFF in [Jewel v. NSA][12].
[31] https://www.eff.org/node/72021 Summary of Voluminous Evidence, [Jewel v. NSA][12].
[32] Ibid.[31] 157 Cong. Rec. S3372--3402, S3386 (May 26, 2011) [Vol. VI, Ex. 111, p. 4286]
(Statement of Sen. Ron Wyden, On Patriot Act Reauthorization)
[33] Ibid.[31] PBS Frontline, Spying on the Homefront, Interview with John C. Yoo at 4
(Jan. 10, 2007) [Vol. I, Ex. 10, p. 394]
[34] Ibid.[31] Press Briefing by Att’y Gen. Alberto Gonzalez and Gen. Michael Hayden,
Principal Dep. Dir. for Nat’l Intelligence (Dec. 19, 2005)
[35] Ibid.[31] Preserving the Rule of Law in the Fight Against Terror:
Hearing before the S. Comm. on the Judiciary, 110th Cong. 7 (Oct. 2, 2007)
[Vol. III, Ex. 42, p. 1307] (testimony of Jack Goldsmith)
[36] Ibid.[31] Press Briefing by Att’y Gen. Alberto Gonzalez and Gen. Michael Hayden, Principal Dep. Dir.
for Nat’l Intelligence (Dec. 19, 2005)
[37] Ibid.[31] Remarks by Gen. Michael Hayden, Address to the National Press Club, Washington, D.C. (Jan. 23, 2006)
[Vol. IV, Ex. 73, p. 1809]
[38] http://www.nytimes.com/2009/04/16/us/16nsa.html?pagewanted=all Officials Say U.S. Wiretaps Exceeded Law
[39] http://www.wyden.senate.gov/news/press-releases/wyden-statement-on-alleged-large-scale-collection-of-phone-records
Ron Wyden comments on the collection of Verizon phone records
[40] https://www.eff.org/deeplinks/2013/06/government-asks-more-time-eff-surveillance-cases
In Light of NSA Revelations, Government Asks for More Time in EFF Surveillance Cases
[41] https://www.eff.org/deeplinks/2013/06/response-nsa-we-need-new-church-commission-and-we-need-it-now
In Response to the NSA, We Need A New Church Committee and We Need It Now
[42] http://www.theweek.co.uk/us/53475/white-house-admits-it-has-access-facebook-google
White House admits it has ``access'' to Facebook, Google
[43] http://www.guardian.co.uk/world/2013/jun/07/google-facebook-prism-surveillance-program
Facebook and Google insist they did not know of Prism surveillance program
[44] https://plus.google.com/+YonatanZunger/posts/huwQsphBron
Yonatan Zunger---Chief Architect at Google---expresses his distaste of PRISM
[45] http://theweek.com/article/index/245311/sources-nsa-sucks-in-data-from-50-companies
Sources: NSA sucks in data from 50 companies.
[46] http://theweek.com/article/index/245360/solving-the-mystery-of-prism
Solving the mystery of PRISM
[47] http://www.guardian.co.uk/world/2013/jun/08/nsa-prism-server-collection-facebook-google
NSA's Prism surveillance program: how it works and what it can do.
[48] http://www.guardian.co.uk/world/2013/jun/08/obama-response-nsa-surveillance-democrats
Obama deflects criticism over NSA surveillance as Democrats sound alarm.
[49] http://www.nytimes.com/2013/06/08/technology/tech-companies-bristling-concede-to-government-surveillance-efforts.html?ref=global-home&_r=2&pagewanted=all&
Tech Companies Concede to Surveillance Program
[50] http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance
Edward Snowden: the whistleblower behind the NSA surveillance revelations.
[51] http://www.reuters.com/article/2013/06/08/us-usa-security-leaks-idUSBRE95700C20130608
Government likely to open criminal probe into NSA leaks: officials.
[52] http://www.forbes.com/sites/andygreenberg/2013/06/09/icelandic-legislator-im-ready-to-help-nsa-whistleblower-seek-asylum/
Icelandic Legislator: I'm Ready To Help NSA Whistleblower Edward Snowden Seek Asylum
[53] https://ssd.eff.org/ EFF Surveillance Self-Defense.
[54] https://www.torproject.org/ The Tor project offers anonymity online.
[55] http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman
Cloud computing is a trap, warns GNU founder Richard Stallman
[56] http://www.gnu.org/philosophy/who-does-that-server-really-serve.html
Who does that server really serve?
[57] http://www.gnu.org/philosophy/free-sw.html What is free software?
[58] http://www.whistleblowers.org/index.php?option=com_content&task=view&id=984&Itemid=173
National Security Employees Know Your Rights
[59] http://www.theatlanticwire.com/politics/2011/05/obamas-war-whistle-blowers/38106/
Obama's War on Whistle-Blowers
[60] http://www.newyorker.com/strongbox/ The New Yorker Strongbox
[61] http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html
Strongbox and Aaron Swartz
[62] http://abcnews.go.com/blogs/politics/2013/06/rand-paul-bill-would-curb-nsa-on-phone-records/
Rand Paul Bill Would Curb NSA on Phone Records
The old WordPress website has been replaced entirely by the ``thoughts'' site
(which was previously located at /thoughts). This website is generated from its
git repository---available on the Projects page---which is freely licensed.
There is some content that existed on the old site that is still useful; should
that content be transferred to this site, a redirect will be set up (assuming
that it hadn't already been lost to the search engines).
Since all this content is static, there is no discussion system. I am still
debating whether or not I will add this in the future. Until that time, feel
free to contact me via e-mail.
Previously, the headline (which is essentially a sidebar) was floated to the
right; this had the benefit of allowing the content to surround it on the lower
portion of the page, though that's arguably a poor design decision. With this
change, this does not occur, but the real reason for this change was to ensure
that block elements (such as divs) do not overflow into the headline.
This uses minimalist styling---as much as possible is done using the body
element. The footer positioning was tricky with varying content length. Since
the headline currently contains only images, my decision was to just get away
with setting a min-height to something reasonable for the headline content
height.
The inline image extension does not belong in repo2html (see comments), but the
source code highlighting may be moved in (code samples do make sense in commit
messages).