U.S. spying on its citizens is worse than imagined

Edward Snowden told a crowd of fans Wednesday that the government's surveillance programs collect more data on Americans than any other country.

"Do you think it's right that the NSA is collecting more information about Americans in America than it is about Russians in Russia?" Snowden said. "Because that''s what our systems do. We watch our own people more closely than we watch any other population in the world."

“Every citizen has a duty to resist” government actions that are immoral or unethical, Snowden said. He then asked Poitras for her opinion on whether the NSA should be divided into two parts, one offensive and one defensive.

Snowden also took several shots at the National Security Agency and its top officials, and criticized the agency for wearing two contradictory hats of protecting U.S. data and exploiting security flaws to gather intelligence on foreign threats. 

"U.S. government policy directed by the NSA ... is now making a choice, a binary choice, between security of our communications and the vulnerability of our communications," Snowden said, suggesting the government was biased toward the latter activity. “I don’t have a lot of faith in our elected leaders,” she said, noting that “they have immunity” if they disclose classified programs during congressional proceedings, but chose not to exercise that right Laura Poitras said.http://www.nationaljournal.com/tech/edward-snowden-nsa-spies-most-on-americans-20140430
http://www.usnews.com/news/articles/2014/04/30/edward-snowden-bashes-james-clapper-offers-advice-to-would-be-whistleblowers

New cybersecurity bill designed to wipe out our privacy & give more power to DHS:

The Senate's previous attempts to write its own cybersecurity bill were supposedly prompted by privacy concerns, something the House version treated as wholly irrelevant to securing our nation from cyberattacks. This new bill may decide privacy is the only thing irrelevant to national security, seeing as it's been crafted by Dianne Feinstein and Saxby Chambliss, both largely supportive of the NSA's (recently exposed) activities.

The new bill sports the following title: Cybersecurity Information Sharing Act of 2014. CISPA without the "p," apparently. Out with the "protection" (which was nominal) and in with the oversharing of cyberthreat information.

The bill, like others before it, grants broad immunity to participating companies, stripping away one of the few reasons these entities might stick up for their customers (and their data) and consider plugging the security hole before turning that info over to both the military, national security agencies and, well, any number of government agencies or competitors. The text of the bill leaves that almost completely unspecified.

The new, 39-page draft bill, written by Sen. Dianne Feinstein (D-Calif.), chairman of the intelligence committee, and Sen. Saxby Chambliss (Ga.), the ranking Republican, states that no lawsuit may be brought against a company for sharing threat data with “any other entity or the federal government” to prevent, investigate or mitigate a cyberattack.

This immunity screws up incentives and encourages questionable behavior, as it to be expected when accountability is removed.

There's a small nod to privacy in the bill, but it carries with it some potential weasel words that could completely undermine the protection.

An entity sharing cyber threat indicators pursuant to this Act shall, prior to such sharing, remove any information contained within such indicators that is known to be personal information of or identifying a United States person, not directly related to a cybersecurity threat in order to ensure that such information is protected from unauthorized disclosure to any other entity or the Federal Government.

Considering what the NSA and others have deemed "relevant" to their counterterrorism efforts, lots of personal data could easily be construed as being "directly related" to a potential cybersecurity threat.

Other protections are equally as malleable. Law enforcement agencies are allowed to avail themselves of cyberthreat information, but only if given written consent from the entity(ies) involved. But that "only" isn't actually a limitation. The paragraph immediately following the "written consent" stipulation creates the same sort of loophole that agencies like the FBI have abused to the point of surreality in the past.

If the need for immediate use prevents obtaining written consent, such consent may be provided orally with subsequent documentation of the consent.

IN CASE OF EMERGENCY, BREAK PROTECTIONS.

Giving law enforcement or indeed any agency this sort of manual override undercuts anything stipulated previously. This encourages a culture of asking forgiveness, rather than permission. Grab the data and justify it post facto. That's no protection at all, especially when granted immunity gives companies absolutely no reason to push back on these oral requests.

This may only be the draft version, and there will be several changes made before it goes up for a vote, but this groundwork is far from heartening. It appears as though no one involved has learned anything from CISPA's two troubled trips through the House, not to mention the new concerns prompted by leaked NSA documents.

Further gestures in the direction of civil liberties and privacy protections are made later in the bill (under a heading "Privacy and Civil Liberties" no less), but those protections are roughly identical to existing policies governing the NSA's (and FBI's) mass collection of American metadata -- oversight and minimization, both of which have been subverted by these agencies.

The bill also consolidates more power within the DHS, creating an "all roads lead to the DHS" method of managing cyberthreat information. If there's one entity which has proven time and time again to be both a) mostly useless and b) prone to abusive behavior, it's the DHS. And yet, the bill calls for the agency to be the central cyberthreat repository.

IN GENERAL.—Not later than 90 days after the date of the enactment of this Act, the Secretary of Homeland Security, in coordination with the heads of the appropriate Federal entities, shall develop and implement a capability and process within the Department of Homeland Security that—

(A) shall accept from any entity in real time cyber threat indicators and countermeasures in an electronic format, pursuant to this section;

(B) shall, upon submittal of the certification under paragraph (2) that such capability and process fully and effectively operates as described in such paragraph, be the process by which the Federal Government receives cyberthreat indicators and countermeasures in an electronic format that are shared by an entity with the Federal Government…

While cyberthreats pile up, DHS agents will be chasing down people taking pictures of public structures.
http://www.techdirt.com/articles/20140429/07203227062/cispa-take-3-sens-feinstein-chambliss-draft-another-cybersecurity-bill-with-weak-privacy-protections-expansive-data-sharing.shtml

Your household appliances are spying on you:

Your WI-FI baby monitor camera, which suddenly turns its lens on you without your prompt, so whoever has hacked it can scream obscenities at you in your own home in the middle of the night.

That’s what happened to one Cincinnati, Ohio couple just last week according to WBTV FOX19:

“Someone had hacked in from outside,” Heather said.

“You do kind of feel violated in a way,” Adam said. 

According to tech experts, wireless IP cameras like the one the Shrieks have are an easy way for hackers to open a cyber door directly into your home.

“Any kind of Internet-connected device essentially could be subjected to this,” said Dave Hatter, a solutions expert for Infinity Partners.

And experts say once they get inside the camera in your home, hackers may also be able to get inside your lives.

ABC News released a list of the nine household appliances that might be spying on you: on your habits, on your usage, on the minutia of your daily life:

1. Your TV (obviously)

2. Your Cable Box

3. Your Dishwasher, Clothes Dryer, Toaster, Clock Radio and Remote Control

4. Your Lights

5. Your Heat and Air Conditioning

6. Security Alarms

7. Insulin Pumps and Pacemakers

8. Smartphones

9. Your Tablet and Computer

Last Spring Wired reported that former CIA Director David Patraeus could hardly wait to spy on people through their appliances when he was discussing how this is all a part of the coming “Internet of Things” — a future where everything is technologically connected to everything else:

“Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters — all connected to the next-generation internet using abundant, low-cost, and high-power computing,” Petraeus said, “the latter now going to cloud computing, in many areas greater and greater supercomputing, and, ultimately, heading to quantum computing.”

Petraeus allowed that these household spy devices “change our notions of secrecy” and prompt a rethink of “our notions of identity and secrecy.” All of which is true — if convenient for a CIA director.
http://intellihub.com/living-world-appliances-spy/