Update: The NSA knew about the Heartbleed bug for at least two years and actively exploited it in order to gather intelligence, Bloomberg reported on Friday. This means that under the pretense of protecting Americans, the NSA intentionally didn't notify millions of Americans that they were vulnerable to identity theft. Go read that book, now.
On Tuesday, news broke that the safeguard many websites use to protect sensitive information on the internet has had a major security flaw for about two years. These sites use a security system called OpenSSL to encrypt data like content, passwords, and Social Security numbers. But thanks to a small coding error in a popular version of OpenSSL, nicknamed "Heartbleed," hackers can potentially steal sensitive data from vulnerable websites. Richard Bejtlich, chief security strategist at FireEye, a network security company, notes that there's no evidence that malicious hackers have exploited the flaw yet. But the secrecy-minded Tor Project, which enables anonymous internet browsing, nevertheless recommended on Monday that, "If you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle." Here are seven reasons why you might want to stop looking at cat videos right now:
1. Lots of popular websites have the security problem.
According to the New York Times, up to two-thirds of sites on the internet rely on OpenSSL. A user on Github, an open-source coding site, compiled a list of sites that were allegedly vulnerable after a test was conducted on Tuesday. The Github list included Yahoo, Flickr, OkCupid, and Eventbrite, among dozens of other companies. (Some may have since updated their security.) Facebook and Google both released statements confirming they are not affected by the flaw. If you'd like to test a specific site to see whether it's could be exploited—although this doesn't meant that it has—go here.
2. Your most sensitive personal information is at risk.
When websites use SSL, that's a good thing. The security layer is deployed during sensitive transactions to protect data like bank details, social security numbers, and passwords. Runa Sandvik, a staff technologist at the Center for Democracy and Technology (CDT), says that she's heard, "this is even worse than if SSL wasn't used at all, because it's used to protect sensitive information. A site that isn't protected at all, you might not submit sensitive information there in the first place." The good news is, some security researchers are reporting that hackers may not be able to get the private keys to an entire website's content. The bad news is, the flaw is still "a great way to steal passwords from recent logins" according to researchers at Errata Security.
3. Canada is freaking out.
The Canada Revenue Agency announced on Wednesday that it is temporarily shutting down its online services as a result of the Heartbleed bug. The moves come mere weeks before Canadians are expected to file their taxes. The U.S. Internal Revenue Service said in a statement Wednesday that its website has not been affected by the bug.
4. Right now, hackers are racing to get at that information.
"With these things, you can practically hear the shotgun go off. We're in a race now between the attackers and the defenders, to see how quickly attackers can build viable attacks, and how quickly the defenders can put out their defenses," says Christopher Budd, a spokesperson for Trend Micro, a Japanese security software company. He notes that while exploiting the vulnerability right now is fairly difficult, as hackers share information, people could build tool kits and it will become significantly easier.
5. You won't necessarily know if your information has been hacked.
“It’s a serious bug in that it doesn’t leave any trace,” David Chartier, chief executive at Codenomicon, told the New York Times. “Bad guys can access the memory on a machine and take encryption keys, usernames, passwords, valuable intellectual property, and there’s no trace they’ve been there.”
6. It won't be easy for websites to fix the problem.
Budd says fixing the problem is "simple, but not easy." While there is a fixed OpenSSL version that websites can download, it can take time to roll out the new program across a website's entire infrastructure. Budd notes that companies will have to weigh the risk of an attack against the potential that the entire website might come crashing down if a new coding error is introduced. That might dissuade companies from acting quickly. Additionally, after a website installs the new "fix," it needs to update its SSL certificate, a process that can take a little time. Jeremy Gillula, staff technologist at the Electronic Frontier Foundation, notes that even if a website has downloaded the fix, if it hasn't updated its certificates, it "could still be subject to a man-in-the-middle-attack on its users."
7. Changing your passwords right away isn't necessarily going to help you.
After news of Heartbleed broke, you probably got a lot emails from people telling you to change your passwords. Not so fast, experts say. If you change your password prior to a site getting rid of the bad SSL, your new password could be just as vulnerable as your old one. Sandvik from CDT says, "I'm in the same situation as everyone else. I would look for statements issued by companies before logging in, and if there is no statement, contact them and ask them. Also test their website." Budd advises, "This is one of those situations where the best thing people can do is stick to best practices, don't panic, and wait to hear information from people to know what's going on. If you get instructions, follow them."
Voters waiting to vote at Wagner Middle School in New York City, Nov 6, 2012.
When the Supreme Court ruled 5-4 to overturn a key section of the Voting Rights Act last June, Justice Ruth Ginsburg warned that getting rid of the measure was like "throwing away your umbrella in a rainstorm because you are not getting wet." The 1965 law required that lawmakers in states with a history of discriminating against minority voters get federal permission before changing voting rules. Now that the Supreme Court has invalidated this requirement, GOP lawmakers across the United States are running buck wild with new voting restrictions.
Before the Shelby County v. Holder decision came down on June 25, Section 5 of the Voting Rights Act required federal review of new voting rules in 15 states, most of them in the South. (In a few of these states, only specific counties or townships were covered.) Chief Justice John Roberts voted to gut the Voting Rights Act on the basis that "our country has changed,"and that blanket federal protection wasn't needed to stop discrimination. But the country hasn't changed as much as he may think.
We looked at how many of these 15 states passed or implemented voting restrictions after Section 5 was invalidated, compared to the states that were not covered by the law. (We defined "voting restriction" as passing or implementing a voter ID law, cutting voting hours, purging voter rolls, or ending same-day registration. Advocates criticize these kinds of laws for discriminating against low-income voters, young people, and minorities, who tend to vote for Democrats.) We found that 8 of the 15 states, or 53 percent, passed or implemented voting restrictions since June 25, compared to 3 of 35 states that were not covered under Section 5—or less than 9 percent. Additionally, a number of states not covered by the Voting Rights Act actually expanded voting rights in the same time period.
States that were previously covered in some part by Section 5 moved quickly after it was invalidated. Within two hours of the Shelby decision, Republican Texas Attorney General Greg Abbott announced that the state's voter identification law—which had previously been blocked by a federal court—would be immediately implemented. Alabama Attorney General Luther Strange, another Republican, also immediately instated his state's voter ID law. About one month after the Shelby decision, Republicans in North Carolina pushed through a package of extreme voting restrictions, including ending same-day registration, shortening early voting by a week, requiring photo ID, and ending a program that encourages high schoolers to sign up to vote when they turn 18. In October, Virginia purged more than 38,000 names from the voter rolls. Mississippi's Republican secretary of state, Delbert Hosemann, told the Associated Press in November that the state was going to start implementing its voter ID law by the June 2014 elections. (This proposal was undergoing Justice Department review when the Shelby decision came down.) In January, Republican Gov. Rick Scott attempted again (unsuccessfully) to purge noncitizens from Florida's voting rolls, a move he had tried previously in 2012, before being blocked by Section 5. And thanks to the Supreme Court ruling, South Carolina was able to implement a stricter photo identification requirement.
Data shows that the law really did work at preventing voting restrictions: Between 1982 and 2006, the Justice Department blocked more than 700 voting changes on the basis that the changes were discriminatory. But experts say it's hard to say definitively whether all of these new laws would have been blocked if Section 5 had still been in place. The new birth certificate requirements in Arizona and Kansas, for example, would likely have gone forward regardless of the Shelby decision. But Katherine Culliton-González, a senior attorney and director of voter protection for Advancement Project, notes, "There is a heavier concentration of voting restrictions in those states that were previously covered."
Three outliers are Kansas, Ohio, and Wisconsin, all of which passed or implemented voting restrictions this year, and were never covered under Section 5. But Dale Ho, director of the ACLU's voting rights project, argues that they could have still been influenced by the Supreme Court decision. "When you see half a dozen or more states immediately passing laws to restrict voting after Shelby, that spreads to other parts of the country," he says. "It's not like Vegas. What happens in one state doesn't stay there."
Members of Congress have attempted to introduce legislation that would resurrect the key protections shot down by the Supreme Court, but have not yet been successful. And none of this is great news for Democrats, who could lose the Senate in 2014. On Monday, Vice President Joe Biden denounced the GOP effort and urged Democrats to stand up for voting rights. He said, "If someone had said to me 10 years ago I had to make a pitch for protecting voting rights today, I would have said, 'You got to be kidding.'"
A disability rights advocacy group sued Montana officials this week in federal court for allegedly placing mentally ill prisoners in extreme forms of solitary confinement for months and years at a time, often because the prisoners displayed symptoms of their illness or expressed suicidal thoughts. The prison's psychiatrist also accused prisoners with well-documented mental illnesses of using their symptoms to get attention and ceased giving them medication, according to the lawsuit.
Disability Rights Montana, a federally mandated civil rights protection and advocacy group says that Montana State Prison's treatment of prisoners amounts to "cruel and unusual punishment" and is unconstitutional. The group filed the lawsuit after conducting a year-long investigation with the ACLU of Montana. According to the Associated Press, the groups hope that the matter can be resolved through negotiations with the state, not through legal action. Prison officials are "taking the allegations seriously" according to the AP. Judy Beck, a spokeswoman for the Montana Department of Corrections, told Mother Jones that the state would file its response within 60 days and could not comment.
According to the lawsuit, prisoners are subject to solitary confinement in spaces that sometimes have blacked-out windows, as well as "behavior management plans"—whereby a prisoner is put in 24-hour solitary confinement with only a mattress, blanket, a suicide smock, and nutraloaf, a tasteless, controversial food product that civil rights groups have alleged is unconstitutional. (In 2003, the Montana Supreme Court also ruled that certain behavior management plans are illegal.) "One prisoner with serious mental illness explained that being placed in solitary confinement makes him feel like a young child locked in a closet with nothing to do and, as a result, he spreads feces on the walls of his cell to keep bad spirits away," the complaint reads.
In a case outlined in the lawsuit, a 50-year-old prisoner sentenced "guilty but mentally ill" in 2006, was placed in a state hospital and diagnosed with schizophrenia. At the state hospital, staff allegedly described him as "polite, friendly, cooperative, and socializing appropriately with staff and peers." But after he was suspected of stealing another patient's jewelry, he was transferred to prison and placed in solitary confinement. In 2012, the prison's doctor allegedly discontinued the prisoner's antipsychotic medication, because he believed the man was "malingering." The prisoner told mental health staff that he wanted to cry when placed in "the hole" because he did not "do hole time well," according to the lawsuit.
In another case outlined in the lawsuit, a 43-year-old prisoner with a very low IQ score of 78, was transferred to prison from a community group home. There, he was placed in solitary confinement for more than three years for acts that the plaintiffs allege were related to his mental illness, such as "banging his head until it bled on his cell door while asking for real food instead of nutraloaf, crying and saying people on the floor were talking to him[, and] attempting suicide," according to the lawsuit. The plaintiffs claim that the doctor also stopped giving the prisoner medication, on the basis that he was "simply malingering," and "laughed at" the prisoner after he complained about losing his medication.
In 2011, a United Nations specialist on torture said that solitary confinement lasting more than 15 days should be abolished. He also said it shouldn't be used at all on people with mental disabilities. According to the ACLU, "Isolation creates and exacerbates symptoms of mental illness in prisoners, undermining successful re-entry into society and jeopardizing public safety."
A 33-year-old prisoner—with a long history of self-harm—who was mentioned in the lawsuit was transferred from the state hospital to prison, allegedly to keep him from harming himself. There, he was placed in solitary confinement for "significant periods of time." In July 2011, he told mental health staff that he had "been in locked housing for way too long" and was worried about doing "something stupid." In August, when he was taken out of solitary, he murdered another prisoner and was sentenced to life without parole.
About five years earlier, prior to being placed in extended solitary confinement, he filled out a "treatment planning worksheet" on how staff could help him get better at the prison's Mental Health Treatment Unit, the plaintiffs claim. The prisoner wrote: "Groups with homework. Give me stuff to do so I can keep myself and my mind busy" and "be there to talk to me when I'm having problems."
An Ohio juvenile correctional facility placed a child, who was on suicide watch and psychiatric medication, in solitary confinement for 1,964 hours between April and September of last year, according to the Department of Justice. Referred to as "K.R." in court documents, the boy's longest uninterrupted stretch of solitary confinement lasted about 19 days. And his experience isn't unique: Four juvenile correctional facilities in Ohio imposed almost 60,000 hours of solitary confinement on 229 boys with mental-health needs in the second half of 2013, according to the government agency.
These details, and other harrowing accounts, are included in a March 12 lawsuit filed by the the Justice Department against the state of Ohio, Republican Gov. John Kasich, and others, on the basis that the state's excessive use of solitary confinement among children with mental-health issues is unconstitutional. The lawsuit names four state juvenile correctional facilities that are engaging in confinement practices that "will cause irreparable harm to these youth," according to the agency. "The way in which Ohio uses seclusion to punish youth with mental health needs victimizes one of the most vulnerable groups in our society," Jocelyn Samuels, acting assistant attorney general for the Justice Department's Civil Rights Division, said in a March statement.
Electric shocks. Withholding food. Social isolation. Read MoJo's investigation into the infamous "School of Shock."
"We have a responsibility to provide a safe environment for youth and staff, and seclusion is used as a last resort to maintain safety and order so that we can help youth change their lives," Frances Russ, a spokeswoman for the Ohio Department of Youth Services, which is named in the lawsuit, tells Mother Jones. Under the agency's policy, youth placed in seclusion are supposed to be checked visually by staff every 15 minutes and visited daily by personnel. Russ couldn't comment on whether this protocol was followed in the case of K.R. and other children mentioned in the lawsuit. The Justice Department notes that at one facility, mental-health staff visited briefly each day, but did not deliver adequate treatment.
In the past few years, there has been growing researchon the harm solitary confinement inflicts on adult prisoners. A United Nations expert on torture said in 2011 that solitary confinement should never be inflicted on adults for more than 15 days, noting that scientific studies have documented mental damage after only a few days in isolation. Mother Jones contributor Shane Bauer, who spent four months in solitary confinement in Iran, has called solitary confinement in US prisons comparable to the horrific conditions he experienced abroad, if not worse—people regularly spend years or decades in solitary in the United States. But while solitary confinement of adults has recently gotten some attention, the seclusion of children is a practice that largely still occurs in the dark. "No one knows exactly what is happening to children behind bars, and no is accountable," says Amy Fettig, senior staff counsel for the ACLU's National Prison Project (NPP). "If this harms adults so terribly, what does it do to kids who are still growing and developing?"
The Justice Department has recently started taking action on solitary confinement of juveniles, as part of the Obama administration's push to stop discrimination against mentally disabled Americans. In addition to the Ohio case, in February, the Justice Department intervened in a case against Contra Costa County, California, over the solitary confinement of children with disabilities in juvenile hall. In one example, a 17-year-old was placed in a solitary confinement for 60 days because he was hearing voices, and eventually "began smearing feces in his cell" and suffered a psychotic break, according to the agency.
As Alison Parker, director of the US Program at Human Rights Watch explains, children with mental illness or disabilities often have a difficult time following the rules, so they're the first to be put in isolation. "The irony is that placing them in seclusion can exacerbate the same illness that led to the behavior," she says. According to research released by the Justice Department, more than 50 percent of suicides of children detained at juvenile facilities occurred while they were isolated alone in their rooms.
The Justice Department's Ohio lawsuit is an expansion of a previous complaint. In 2008, Ohio agreed to reform two juvenile correction facilities after the Justice Department found numerous problems, including the overuse of solitary confinement. Since then, one of those facilities closed and the other is closing. But last week, a US District judge granted the Justice Department's request to expand the lawsuit to additional facilities. The judge ruled that there were "new and more serious violations of the constitutional rights of youth via the excessive use of seclusion and denial of adequate mental health treatment."
The Department of Justice also sought a temporary restraining order to stop the state from putting children with mental-health needs, like K.R., in solitary isolation for more than three consecutive days while the lawsuit is ongoing. The order has not yet been granted. In January, an attorney cited in Justice Department legal documents who interviewed K.R. noted that, "Staff and the client both reported that he bangs his head frequently. He had fresh head injuries as I spoke to him. Something drives him to self destructive behavior and whatever has been tried so far does not seem to be working."
Ohio is fighting the request for a restraining order, arguing that the state is already largely complying with the Justice Department's requirements, and "at the very least, there is no constitutional violation." Asked whether K.R. and other at-risk youth designated by the Justice Department are still being put in solitary confinement as of this writing, Russ said, "When seclusion is used, youth continue to receive all services including education, behavioral health services, recreation, and more."
Ohio doesn't have a law on the books barring solitary confinement of kids in juvenile detention centers or correctional facilities. At least seven states have restrictions in place, but most don't. And it's a practice that's widespread across the United States. Sen. Dick Durbin (D-Ill.) called for an end to the practice among juveniles, the mentally ill, and pregnant women in a hearing last year, but, so far, no such federal law exists. Ian Kysel, a fellow at the Georgetown Law Human Rights Institute who testified at Durbin's hearing, says that the solitary confinement of children is nonetheless illegal under federal and human rights law.
The Justice Department argues that children in solitary in Ohio aren't always getting adequate education and mental-health treatment. Advocates say that it's hard to know what happens in facilities in the United States, because data is scarce.
Civil liberties organizations interviewed children serving time in adult prisons who had been subject to this form of isolation in 2012. "There is nothing to do so you start talking to yourself and getting lost in your own little world. It is crushing," Paul K, who spent 60 days in solitary when he was 14, told the researchers. "You get depressed and wonder if it is even worth living." A teen held at Rikers Island in New York—which, as a city facility, is exempt from the state's ban on solitary confinement—recently told the Center for Investigative Reporting that his longest stretch in "the box," a six-by-eight-foot cell, lasted four months. "There's so many people that have been in that cell and screamed on that same gate, it smells like a bunch of breath and drool."
A Catholic nun has caused a firestorm after she allegedly told teens at Charlotte Catholic High School in North Carolina last month that masturbation can turn boys gay, and gay men have up to 1,000 sexual partners. Sister Jane Dominic Laurel, an assistant professor of theology at Aquinas College in Nashville, Tennessee, reportedly has a history of anti-gay rhetoric. In one of her online lectures, she called oral sex an abnormal act that's "imported from the homosexual culture," according to the Charlotte-based LGBT publication, QNotes. A Charlotte Catholic student described the lecture to the news outlet:
She started talking about how gays [sic] people are gay because they have an absent father figure, and therefore they have not received the masculinity they should have from their father ... Also a guy could be gay if he masterbates [sic] and so he thinks he is being turned on by other guys. And then she gave an example of one of her gay 'friends' who said he used to go to a shed with his friends and watch porn and thats why he was gay. … Then she talked about the statistic where gay men have had either over 500 or 1000 sexual partners and after that I got up and went to the bathroom because I should not have had to been subject to that extremely offensive talk.
In one of her online videos Laurel reiterates that "a man's desire for instance, for his father's love, his father's affection, what happens to it? It can become sexualized. And he can begin to think he has a sexual desire for another man, when in fact, he doesn't." She adds that boys who have been sexual abused also use "homosexual acts" as revenge. When reached by phone, Laurel said she hadn't seen all the reports yet, and could not immediately provide comment.
Aquinas College President Sister Mary Sarah Galbraith defended the school presentation in a statement to the Tennessean, maintaining that, "the presentation was given with the intention of showing that human sexuality is a great gift to be treasured and that this gift is given by God." But some North Carolina students didn't agree, starting a Change.org petition that's culminated in a Wednesday meeting to address the concerns, according to the Huffington Post. The students said in their petition: "We reject the suggestion that homosexuality occurs mainly as a result of a parent’s shortcomings, masturbation or pornography."
It's not only private school students that are subject to strange claims during sex-ed lectures. As we reported last year, public schools also invite religious abstinence speakers to talk to students about sex—and sometimes spread misinformation in the process.
Pam Stenzel, an abstinence lecturer who claims to speak to over 500,000 young people each year, allegedly told public school students at George Washington High School in Charleston, West Virginia, last year, "If you take birth control, your mother probably hates you." Shelly Donahue, a speaker for the Colorado-based Center for Relationship Education, told students in a training video posted by the Denver Westword in 2011 that if a guy gets sperm near a girl's vagina, it will turn into a "little Hoover vacuum" and she will become pregnant. Jason Evert, who has scheduled some visits to public schools on his 2014 calendar, advises girls that they should "only lift the veil over your body to the spouse who is worthy to see the glory of that unveiled mystery." To see our full list of abstinence speakers who have given talks in public schools, click here. Good luck, America.