#1 Source for Leaks Around the World!

Author Archive

Economic Elite Domination & Biased Pluralism: Princeton/Northwestern Study Finds America is an Oligarchy

In Archive, Politics, USA on April 18, 2014 at 3:11 AM




America is basically an oligarchy.

An oligarchy is a system where power is effectively wielded by a small number of individuals defined by their status called oligarchs. Members of the oligarchy are the rich, the well connected and the politically powerful, as well as particularly well placed individuals in institutions like banking and finance or the military.

A new study by researchers from Princeton and Northwestern Universities finds that America’s government policies reflect the wishes of the rich and of powerful interest groups, rather than the wishes of the majority of citizens.

The researchers examined close to 1,800 U.S. policy changes in the years between 1981 and 2002; then, they compared those policy changes with the expressed preferences of the median American, at the 50th percentile of income; with affluent Americans, at the 90th percentile of income; and with the position of powerful interest and lobbying groups.

“The central point that emerges from our research is that economic elites and organized groups representing business interests have substantial independent impacts on U.S. government policy, while mass-based interest groups and average citizens have little or no independent influence. Our results provide substantial support for theories of Economic Elite Domination and for theories of Biased Pluralism, but not for theories of Majoritarian Electoral Democracy or Majoritarian Pluralism…

Recent research by Larry Bartels and by one of the present authors (Gilens), which explicitly brings the preferences of “affluent” Americans into the analysis along with the preferences of those lower in the income distribution, indicates that the apparent connection between public policy and the preferences of the average citizen may indeed be largely or entirely spurious.”

The theory of Economic Elite Domination is fairly self-explanatory. The theory of Biased Pluralism holds that policy outcomes “tend to tilt towards the wishes of corporations and business and professional associations.” In essence, the researchers found that government policy changes are correlated with the wishes of the wealthy and with interest groups, but not with the wishes of the average American—even though the whole idea of “Democracy” is to ensure that the wishes of the majority tend to carry the day.

The study notes that the position of the median American and the position of the affluent American are often the same; therefore, regular people tend to think that their political interests are being represented when they see the triumph of some political position that they agree with. In fact, the researchers say, this is a mere coincidence. Yes, the average American will see their interests represented—as long as their interests align with the interests of the wealthy.

Furthermore, the study found that the positions of powerful interest groups are “not substantially correlated with the preferences of average citizens,” meaning that to the extent that special interests groups have political power, they are driving our government’s decisionmaking process away from the interests of the average American. Our current system of a competing thicket of special interest groups all fighting for influence is not equal to a true representation of the wishes of the citizenry. “Whatever the reasons,” the study says, “all mass-based groups taken together simply do not add up, in aggregate, to good representatives of the citizenry as a whole. Business-oriented groups do even worse, with a modest negative over-all correlation.”

“Perhaps economic elites and interest group leaders enjoy greater policy expertise than the average citizen does. Perhaps they know better which policies will benefit everyone, and perhaps they seek the common good, rather than selfish ends, when deciding which policies to support.

But we tend to doubt it.”

Whether or not the majority of Americans will ever tire of being systematically marginalized remains an open question.

NSA Knew About “Heartbleed” Bug for 2 Years, Kept Secret from Public to Exploit It

In Archive, Encryption, Hacking, Internet, NSA, Surveillance on April 13, 2014 at 5:41 PM

Image via falkvinge.net


Michael Riley/Bloomberg:

The NSA and other elite intelligence agencies devote millions of dollars to hunt for common software flaws that are critical to stealing data from secure computers. Open-source protocols like OpenSSL, where the flaw was found, are primary targets.

The Heartbleed flaw, introduced in early 2012 in a minor adjustment to the OpenSSL protocol, highlights one of the failings of open source software development.

While many Internet companies rely on the free code, its integrity depends on a small number of underfunded researchers who devote their energies to the projects.

In contrast, the NSA has more than 1,000 experts devoted to ferreting out such flaws using sophisticated analysis techniques, many of them classified. The agency found Heartbleed shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency’s toolkit for stealing account passwords and other common tasks.

The NSA has faced nine months of withering criticism for the breadth of its spying, documented in a rolling series of leaks from Snowden, who was a former agency contractor.

The revelations have created a clearer picture of the two roles, sometimes contradictory, played by the U.S.’s largest spy agency. The NSA protects the computers of the government and critical industry from cyber-attacks, while gathering troves of intelligence attacking the computers of others, including terrorist organizations, nuclear smugglers and other governments.

Ordinary Internet users are ill-served by the arrangement because serious flaws are not fixed, exposing their data to domestic and international spy organizations and criminals, said John Pescatore, director of emerging security trends at the SANS Institute, a Bethesda, Maryland-based cyber-security training organization.

“If you combine the two into one government agency, which mission wins?” asked Pescatore, who formerly worked in security for the NSA and the U.S. Secret Service. “Invariably when this has happened over time, the offensive mission wins.”

When researchers uncovered the Heartbleed bug hiding in plain sight and made it public on April 7, it underscored an uncomfortable truth: The public may be placing too much trust in software and hardware developers to insure the security of our most sensitive transactions.

“We’ve never seen any quite like this,” said Michael Sutton, vice president of security research at Zscaler, a San Jose, California-based security firm. “Not only is a huge portion of the Internet impacted, but the damage that can be done, and with relative ease, is immense.”

The potential stems from a flawed implementation of protocol used to encrypt communications between users and websites protected by OpenSSL, making those supposedly secure sites an open book. The damage could be done with relatively simple scans, so that millions of machines could be hit by a single attacker.

Questions remain about whether anyone other than the U.S. government might have exploited the flaw before the public disclosure. Sophisticated intelligence agencies in other countries are one possibility.

If criminals found the flaw before a fix was published this week, they could have scooped up troves of passwords for bank accounts, e-commerce sites and e-mail accounts worldwide.

Evidence of that is so far lacking, and it’s possible that cybercriminals missed the potential in the same way security professionals did, suggested Tal Klein, vice president of marketing at Adallom, in Menlo Park, California.

The fact that the vulnerability existed in the transmission of ordinary data — even if it’s the kind of data the vast majority of users are concerned about — may have been a factor in the decision by NSA officials to keep it a secret, said James Lewis, a cybersecurity senior fellow at the Center for Strategic and International Studies.

“They actually have a process when they find this stuff that goes all the way up to the director” of the agency, Lewis said. “They look at how likely it is that other guys have found it and might be using it, and they look at what’s the risk to the country.”

Lewis said the NSA has a range of options, including exploiting the vulnerability to gain intelligence for a short period of time and then discreetly contacting software makers or open source researchers to fix it.

The SSL protocol has a history of security problems, Lewis said, and is not the primary form of protection governments and others use to transmit highly sensitive information.

“I knew hackers who could break it nearly 15 years ago,” Lewis said of the SSL protocol.

That may not soothe the millions of users who were left vulnerable for so long.

Following the leaks about NSA’s electronic spying, President Barack Obama convened a panel to review surveillance activities and suggest reforms. Among the dozens of changes put forward was a recommendation that the NSA quickly move to fix software flaws rather that exploit them, and that they be used only in “rare instances” and for short periods of time.

“If the NSA knows about a vulnerability, then often other nation states and even criminal organizations can exploit the same security vulnerability,” said Harley Geiger, senior counsel for the Center for Democracy & Technology in Washington. “What may be a good tool for the NSA may also turn out to be a tool for organizations that are less ethical or have no ethics at all.”

Currently, the NSA has a trove of thousands of such vulnerabilities that can be used to breach some of the world’s most sensitive computers, according to a person briefed on the matter. Intelligence chiefs have said the country’s ability to spot terrorist threats and understand the intent of hostile leaders would be vastly diminished if their use were prohibited.

Andrew “Weev” Auernheimer’s Conviction Re: AT&T Hack Overturned, Released From Prison

In Archive, AT&T, Hacking, Weev on April 11, 2014 at 10:18 PM

Andrew “Weev” Auernheimer after release from prison


Tom McCarthy/Guardian:

Lawyers for computer hacker Andrew “Weev” Auernheimer said they were racing to get him out of prison after a circuit judge on Friday vacated his conviction on identity theft and conspiracy charges.

Auernheimer, a self-described internet troll and hacker, was found guilty in November 2012 conspiracy to gain unauthorised access to AT&T public servers, after he obtained thousands of email addresses of iPad owners. He currently is serving a 41-month federal prison term in Pennsylvania.

On Thursday, the US court of appeals for the third circuit threw out Auernheimer’s conviction, ruling that New Jersey, where he was tried, was an improper venue for the case. The issue of venue is particularly sensitive in computer fraud trials, which by nature transcend physical jurisdictions.

“We’re scrambling right now to figure out how to get him out,” said defense attorney Tor Ekeland in a telephone interview. “Right now we’re just focused on getting him out, because they’ve been holding him in a special housing unit, which is a 6×11 cell, where he only gets out one hour a day.”

Ekeland, who took on Auernheimer’s case in November 2011 after his wife met Auernheimer at the Occupy Wall Street protest, said the defense team was gratified by the circuit court’s decision.

“It’s awesome news. It’s everything we’ve been working really hard for for the last couple years,” Ekeland said. “We always said, from day one, that the venue was improper in New Jersey, it was one of the first things we raised with the government. We stuck with that through trial.”

Auernheimer was charged with a felony under the Computer Fraud and Abuse Act (CFAA), the same statute that was used to prosecute internet activist Aaron Swartz. Critics say the law was meant to prosecute larger crimes and its use in hacking cases was an intimidation tactic by the government.

Auernheimer’s legal team argued at trial that his prosecution under the CFAA was improper, but Ekeland said he was just as happy to see the conviction vacated on venue grounds.

“In terms of venue, it’s an incredibly important concept, and the government’s prosecution here just threw that out the window,” Ekeland said.

“If the court had ruled the other way, you would have had universal venue in these kinds of cases, computer fraud and abuse cases, and that would have had huge implications for the Internet and computer law.

“I think this is a very, very important venue decision when it comes to the Internet and computer law, and I’m quite happy about it.”

Ekeland said he never got a full explanation from the government of why it brought the case in New Jersey. The circuit court found an “absence of any apparent connection to New Jersey, noting that at the time of the alleged crime, an alleged accomplice of Auernheimer’s “was in San Francisco, California, and Auernheimer was in Fayetteville, Arkansas. The servers that they accessed were physically located in Dallas, Texas and Atlanta, Georgia.”

“When I asked them about [venue] in one of our first meetings, I thought they would show me something,” Ekeland said. “But they never showed me anything, so I kept pushing it all the way through trial.

“And we pushed it on appeal, and we won on it.”


Glenn Greenwald and Laura Poitras Return to U.S. for First Time Since Snowden Leaks

In Archive, DOJ, Greenwald, NSA, NSA Files, Poitras, Police State, Surveillance, USA on April 11, 2014 at 8:32 AM



Glenn Greenwald and Laura Poitras arrive at John F. Kennedy International Airport, Friday, April 11, 2014 in New York


Michael Calderone/HuffPost:

Glenn Greenwald and Laura Poitras, two American journalists who have been at the forefront of reporting on documents leaked by former National Security Agency contractor Edward Snowden, will return to the United States on Friday for the first time since revelations of worldwide surveillance broke.

Greenwald and Poitras, currently in Berlin, will attend Friday’s Polk Awards ceremony in New York City. The two journalists are sharing the prestigious journalism award with The Guardian’s Ewen MacAskill and with Barton Gellman, who has led The Washington Post’s reporting on the NSA documents. Greenwald and Poitras interviewed Snowden last June in Hong Kong as he first revealed himself.

In an interview with The Huffington Post, Greenwald said he’s motivated to return because “certain factions in the U.S. government have deliberately intensified the threatening climate for journalists.”

“It’s just the principle that I shouldn’t allow those tactics to stop me from returning to my own country,” Greenwald said.

Greenwald suggested government officials and members of Congress have used the language of criminalization as a tactic to chill investigative journalism.

In January, Director of National Intelligence James Clapper suggested that journalists reporting on the NSA documents were acting as Snowden’s “accomplices.” The following month, Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, claimed that Greenwald was selling stolen goods by reporting stories on the NSA documents with news organizations around the world. Rep. Peter King (R-N.Y.) has called for Greenwald to be prosecuted.

Greenwald said the government has not informed his legal counsel whether or not he could face any potential charges, or if he’s been named in any grand jury investigation tied to the NSA disclosures.

Related: Holder: DOJ Still Trying to Repatriate Snowden, Not Planning to Prosecute Greenwald

Journalists have faced increased threats during the Obama years, both in the government’s severe crackdown on leaks and the record use of the Espionage Act to prosecute sources who provide classified information to the media.

See Also: Obama Administration and the Press – Leak Investigations and Surveillance in Post-9/11 America – CPJ Report

During a March conference on the state of national security reporting, Sen. Chuck Schumer (D-N.Y.), author of a federal shield law intended to protect journalists, said the bill was “probably not enough” to protect Greenwald.

Greenwald drew a distinction between his situation and that of Gellman, who has not been been similarly singled out by the government. Gellman, who didn’t meet with Snowden in Hong Kong but interviewed him later in Moscow, has continued to live in the U.S. while reporting for The Washington Post. Greenwald and Poitras, however, have lived abroad the entire time and have published these documents with news outlets worldwide.

Greenwald currently lives in Rio de Janeiro with his partner, David Miranda, who was detained in London’s Heathrow airport last year while carrying documents from Berlin. Poitras, a filmmaker who has reported extensively on war and surveillance and has been detained dozens of times at the U.S. border, currently lives in Berlin.

The Pulitzer Prizes will be announced Monday and it is expected that reporting on the NSA, one of the biggest stories of the past year, will be honored in some capacity.



Two reporters central to revealing the massive U.S. government surveillance effort returned to the United States on Friday for the first time since the story broke and used the occasion to praise their exiled source: Edward Snowden.

Glenn Greenwald and Laura Poitras of The Guardian became a story of their own amid speculation they could be arrested upon arriving at Kennedy Airport. They were instead confronted by only reporters and photographers before fighting through traffic en route to a midtown Manhattan hotel to receive a George Polk Award for national security reporting.

In remarks before an audience of other journalists and editors, the pair credited the courage of Snowden, the former NSA contractor who leaked the information for their story.

“This award is really for Edward Snowden,” Poitras said.

Greenwald said, “I hope that as journalists we realize not only the importance of defending our own rights, but also those of our sources like Edward Snowden.”

At the airport, Greenwald said he and Poitras were not “100 percent sure” they could enter the U.S. without being arrested. He said lawyers had been seeking assurance from the Justice Department “and they purposefully wouldn’t give them any information about whether we were the target of a grand jury or whether there was already an indictment that was under seal.”

Still, Greenwald said he “expected that they wouldn’t be that incredibly stupid and self-destructive to try and do something that in the eyes of the world would be viewed as incredibly authoritarian.”

After the award ceremony, Greenwald told reporters that he still speaks regularly to Snowden, who was granted asylum in Russia for a year. He said Snowden was aware Greenwald and Poitras were to be honored in New York and “was very supportive of that.”


Laura Poitras and Glenn Greenwald, pose for photos after they received the George Polk Award for National Security Reporting, at New York’s Roosevelt Hotel, Friday, April 11, 2014

US In-Flight WiFi Providers Helping Feds Spy By Implementing Surveillance Features Exceeding CALEA Requirements

In Archive, FBI, Internet, NSA, Surveillance, Technology, USA on April 10, 2014 at 3:11 PM



David Sirota/Pando/Kim Zetter/WIRED:

We already know that there’s almost nowhere on earth you can go to escape the warrantless snooping and panoptic surveillance of the US government. Now it turns out you’re not even safe 30,000 feet up in the sky.

Gogo, the in-flight WiFi provider, is used by millions of airline passengers each year to stay connected while flying the friendly skies. But if you think the long arm of government surveillance doesn’t have a vertical reach, think again.

Gogo and others that provide WiFi aboard aircraft must follow the same wiretap provisions that require telecoms and terrestrial ISPs to assist U.S. law enforcement and the NSA in tracking users when so ordered. But they may be doing more than the law requires.

According to a letter Gogo submitted to the Federal Communications Commission, the company voluntarily exceeded the requirements of the Communications Assistance for Law Enforcement Act, or CALEA, by adding capabilities to its service at the request of law enforcement. The revelation alarms civil liberties groups, which say companies should not be cutting deals with the government that may enhance the ability to monitor or track users.

“CALEA itself is a massive infringement on user’s rights,” says Peter Eckersley of the Electronic Frontier Foundation. “Having ISP’s [now] that say that CALEA isn’t enough, we’re going to be even more intrusive in what we collect on people is, honestly, scandalous.”

Gogo provides in-flight WiFi and digital entertainment to Delta, American Airlines, Alaska Airlines, Virgin America, US Airways and others using a dedicated air-to-ground network that GoGo says it designed in consultation with law enforcement.

The disclosure that GoGo voluntarily exceeded the requirements of CALEA appears in a letter to the FCC the company wrote in 2012. “In designing its existing network, Gogo worked closely with law enforcement to incorporate functionalities and protections that would serve public safety and national security interests,” Gogo attorney Karis Hastings wrote.

Although FCC rules “do not require licensees to implement capabilities to support law enforcement beyond those outlined in CALEA…,” Hastings noted, “[n]evertheless, Gogo worked with federal agencies to reach agreement regarding a set of additional capabilities to accommodate law enforcement interests. Gogo then implemented those functionalities into its system design.”

When CALEA became law in 1994, it applied only to telecoms and required them to provide wiretap capabilities for phone calls. But in 2007 the FCC ordered CALEA compliance from broadband and VoIP providers as well, amid pressure from the Justice Department and the FBI. Under CALEA, these communications providers must be able to isolate all wire and electronic communications to and from any account targeted by law enforcement and identify the numbers or accounts with which the target has communicated.

CALEA already gives expansive powers to law enforcement agencies. According to the Center for Democracy and Technology, “the FBI has used CALEA to expand its capabilities, turning wireless phones into tracking devices, requiring phone companies to collect specific signaling information for the convenience of the government, and allowing interception of packet communications without privacy protections.” The watchdog group notes that in 2005, “the Federal Communications Commission granted an FBI petition and expanded CALEA to broadband Internet access and VOIP services.”

The FCC has considered applying special rules to in-flight WiFi providers. Gogo’s 2012 letter to the FCC was an effort to convince the commission that special mandated rules were unnecessary for in-flight WiFi providers because the companies were willing to work with law enforcement agencies to give them what they want.

“Gogo believes that its experience demonstrates that a flexible approach based on direct negotiation can best ensure that … operators deploy capabilities designed to protect public safety and national security, and that adoption of a specific list of capabilities … is unwarranted,” Hastings wrote.

A Gogo spokesman insists that, despite the letter’s reference to multiple capabilities added by Gogo, the company only added a single capability beyond CALEA, and it has nothing to do with monitoring traffic.

But it apparently is not the only company cutting deals with law enforcement. An FCC notice of proposed rule making published in December notes that Panasonic Avionics negotiated with law enforcement “regarding lawful interception … and network security functionality to be deployed” in the company’s eXConnect system, which provides WiFi to American Airlines and United.

According to the document, Panasonic engaged a CALEA-compliant equipment vendor to implement its intercept capability but was also “implementing additional functionality subject to final agreement with U.S. law enforcement.” The document notes operators “have uniformly engaged in direct consultations with law enforcement to develop appropriate capabilities consistent with their system characteristics and service offerings.”

Chris Soghoian of the American Civil Liberties Union, who first spotted the reference to expanded capabilities in the FCC documents, says law enforcement often leverages FCC threats of added rules to pressure companies into making concessions.

“I don’t think people understand the extent to which the FCC acts as the enforcer for the surveillance community,” he says. “The Gogo document and Panasonic documents really reflect this process of these companies sitting down with the government and making deals so the FCC wouldn’t get on their back. These are not agreements that are taking place in the sunlight. These are secret deals that are definitely not being made in the best interest of the public.”

Panasonic Avionics did not respond to a call for comment. A Gogo spokesman, when initially asked about the FCC documents by Pando Daily, declined to identify what additional capabilities Gogo implemented.

“What we are prepared to say is: Gogo does what all airborne connectivity companies have been asked to do from a security perspective, and it has nothing to do with monitoring traffic. Beyond that, we can’t comment beyond what’s in our public comments with the FCC,” spokesman Steve Nolan told Pando Daily.

But in a phone call with WIRED, Nolan said the company made just one concession to law enforcement beyond its CALEA requirements: adding a CAPTCHA feature to “prevent people from remotely accessing the system.” That would seem to contradict the FCC letter that specifically says that Gogo made “a set of additional capabilities” beyond CALEA. In a follow-up email, Nolan suggested there was more than one concession.

“Beyond adhering to CALEA, our primary concession to law enforcement is the use of CAPTCHA to access the system,” he wrote. Asked to clarify the disparity in his statements, he wrote that the “secondary concessions are all the CALEA requirements we adhere to.”

CAPTCHA displays a string of numbers or a word that users must enter to use the service. It generally is used to prevent automated bots from using online services, but Nolan said GoGo added it as a security feature to keep remote users out of the network. Soghoian doesn’t buy that.

“That doesn’t make any sense,” he says. “You can only access [the network] from the airplane. The WiFi only works when you’re above a certain number of feet…. If that’s all the government wanted, why not be up front with that in the beginning? Initially they said there were things that were done, but they couldn’t describe them. [The new statement] suggests there’s more there.”

The answers may lie in a 2009 statement made by the director of business development and strategy for Aircell, a GoGo subsidiary that provides WiFi for the business aviation sector.

The Aircell executive told Flight Global that the company had a “Super CALEA” arrangement with the FBI whereby it could immediately shut off service to select individuals or an entire airplane– without shutting the service off to U.S. air marshals–if authorities determined there was a security threat to the plane.

But the executive also described surveillance capabilities that go beyond what CALEA generally provides. “CALEA,” he said, “allows the feds to collect information about who is using the system, on which devices, and what the traffic looks like. Aircell can give [law enforcement] any information they need in real time.”

Nolan, asked about those statements, said, “Despite what the person said in 2009, what I can tell you today and what the truth is today is that we adhere to CALEA and we do everything in conjunction with what law enforcement has asked us to do.” He added that, “There is no ‘super CALEA’ capability. Our capabilities and what we adhere to are exactly what any communications provider, including on the ground networks, adhere to when they abide by CALEA. Nothing more and nothing less.”

Gogo notes in its terms of service that it may be required by law “to record some or all of your communications” and that it may “disclose your Personal Information (including your Account Information) and your communications through the Services, if required by law … or if we believe in good faith that such disclosure is necessary to: (a) comply with relevant laws or to respond to subpoenas or warrants served on us; or (b) protect or defend the rights, property, or safety of Gogo, you, other users, or third parties (especially in emergency situations).”

If Gogo is making additional concessions to law enforcement aside from the CALEA requirements and the CAPTCHA feature, Soghoian and others say it’s not hard to imagine what those might include.

“There are a number of things that are still in the surveillance arena that don’t involve monitoring traffic,” he says, such as watching “the MAC addresses of known bad guys.”

A recent CBC News story, based on documents obtained from Edward Snowden, described how Canada’s electronic spy agency, the Communications Security Establishment Canada, collected “metadata” from devices used to access WiFi at a major Canadian airport. Authorities then used the metadata to track the movement of these devices for days as the devices connected to WiFi hotspots across Canada and in U.S. airports.

The Canadian article doesn’t specify the device metadata the spy agency collected, but it most likely refers to the Media Access Control (MAC) address, a unique identifier for computers.

“If you’re watching [MAC addresses] in the airport, why not watch them in the air?,” says Soghoian.

Authorities may also want the ability to trace online activity to a specific passenger. “That is surveillance. It’s just not about [monitoring traffic]. It’s about making sure they can finger you down the line.”

Late last year, Gogo announced plans to launch in-flight texting and calling services, potentially opening up a whole load of other data to the company’s law enforcement partners.

The prospect of in-air surveillance has been a periodic controversy during the last few decades. Back in the early 1990s, for example, NBC News reported that French intelligence agencies were using Air France as a base for in-flight surveillance of U.S. businesspeople and government officials. More recently, the UK Telegraph reported that the European Union has been funding and testing surveillance systems on planes involving “a combination of cameras, microphones, explosive sniffers and a sophisticated computer system” to monitor passengers. Meanwhile, Gogo’s major competitor for in-flight WiFi service is ViaSat, a defense contractor that specializes, in part, in surveillance.


During Glenn Greenwald’s keynote speech to the Chaos Communication Congress last December, he said he was working on a new story indicating that the NSA was “obsessed” by the idea that people could still use some Internet devices and mobile phones on airplanes without being recorded. “The very idea that human beings can communicate for even a few moments without their ability to monitor is intolerable.”

%d bloggers like this: