dana liebelson

Dana Liebelson

Reporter

Dana Liebelson is a reporter in Mother Jones' Washington bureau. Her work also appears in Marie Claire and The Week. In her free time, she plays electric violin and bass in a punk band.

Get my RSS |

Advertise on MotherJones.com

8 Big-Name Tech Companies Demand End to Bulk Internet Surveillance

| Mon Dec. 9, 2013 12:01 PM EST

On Monday, eight major tech companies launched an unprecedented campaign asking President Obama and Congress to make sweeping reforms to the surveillance programs first revealed by former NSA contractor Edward Snowden. The companies—AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo—asked for an international ban on bulk Internet data collection (like that reportedly permitted under the NSA's PRISM program), as well as more public reports and independent oversight.  

"We understand that governments have a duty to protect their citizens. But this summer’s revelations highlighted the urgent need to reform government surveillance practices worldwide," the companies wrote in an open letter to the president and members of Congress. "The balance in many countries has tipped too far in favor of the state and away from the rights of the individual ­­rights that are enshrined in our Constitution. This undermines the freedoms we all cherish. It’s time for change."

The companies asked governments worldwide to enact five major reforms: End bulk collection of Internet communications; Ensure that courts reviewing the decisions made by intelligence communities are independent and push back (the Foreign Intelligence Surveillance Court has been criticized as a "rubber stamp"); allow tech companies to publish the number and type of government demands; establish a treaty to govern "lawful" data requests worldwide; and make it easier for companies to exchange data across borders. (My colleague Kevin Drum outlined these demands in more detail here.) 

Tech companies have been vocal about their desire to publish more information about government demands before, and they've also been independently rolling out "Perfect Forward Secrecy"—encryption that makes it much harder for the NSA to snoop. But this is the first time that these companies have joined together to explicitly ask the US government to "limit surveillance to specific, known users for lawful purposes, and [not] undertake bulk data collection of Internet communications." The reforms closely mirror those included in the USA FREEDOM Act, introduced by Rep. James Sensenbrenner (R-Wis.) and Sen. Patrick Leahy (D-Vt.), and go much further than the reforms proposed in a competing bill backed by Sen. Dianne Feinstein (D-Calif.), the chair of the Senate intelligence committee. 

The Guardian notes that these companies are asking for global reforms, likely because they're concerned that "competing national responses to the Snowden revelations will not only damage their commercial interests but also lead to a balkanisation of the web as governments try to prevent internet companies from escaping overseas." Brad Smith, General Counsel and Executive Vice President of Legal and Corporate Affairs at Microsoft, confirmed that there is an obvious business incentive for tech companies to stand against NSA spying: "People won’t use technology they don’t trust. Governments have put this trust at risk, and governments need to help restore it."

Now There's a Zombie Drone That Hunts, Controls, and Kills Other Drones

| Fri Dec. 6, 2013 11:50 AM EST

When 27-year-old Samy Kamkar—a security researcher who famously made one million Myspace friends in a single day—heard the announcement on Sunday that Amazon was planning to start delivering packages via drone in 2015, he had an idea. He knew that whenever new technology, like drones, becomes popular quickly, there are bound to be security flaws. And he claims that he found one within 24 hours and promptly exploited it: America, meet the zombie drone that Kamkar says hunts, hacks, and takes over nearby drones. With enough hacks, a user can allegedly control an entire zombie drone army capable of flying in any direction, taking video of your house, or committing mass drone-suicide. 

"I've been playing with drones for a few years," Kamkar, who is based in Los Angeles, tells Mother Jones. "I'm sure that with most of the drones out there, if you scrutinize the security, you'll find some kind of vulnerability." Kamkar says that the Amazon announcement was an opportunity to point out that drone security has room for improvement. 

Kamkar's hack, also known as "Skyjack," was performed on a Parrot AR Drone 2 (More than 500,000 Parrot drones have been sold since 2010, and it's been used to help collected flight data for the European Space Agency.) It's unknown what kind of drone Amazon will end up using, but these drones have high-definition photo and video, a flying range of about 165 feet, and can be controlled using an iPhone or an iPad. Kamkar equipped his drone with a battery, a wireless transmitter, and a Raspberry Pi computer—the total of which costs about $400, including the drone. Then, he wrote software (which he made available on the open-source website GitHub, for anyone to use) that he says allows his drone to find wireless signals of other Parrot drones in the area and disconnect the wireless connection of another drone's original user, giving Kamkar—or any user with the software—control over both drones. The drones can even be forced to self-deactivate and drop out of the sky. "How fun would it be to take over drones carrying Amazon packages…or take over any other drones, and make them my little zombie drones. Awesome," writes Kamkar. 

Parrot did not respond to request for comment, but the BBC notes that, "experts said Parrot appeared to have ignored well-known guidelines" to prevent this kind of hack. Christopher Budd, a threat communications manager for Trend Micro, a data security company, tells Mother Jones that "reading what he's got, on the face of it, it certainly sounds like a plausible proof-of-concept" but says Parrot still needs to validate it. 

Here's a video:

So does this mean that your Amazon blender will be attacked by a hoard of hungry zombie drones? Not necessarily: "Amazon would be able to make drones that are immune to this," Kamkar tells Mother Jones, claiming that the Parrot Drone's wi-fi system is not fully encrypted, which is a security measure that Amazon would be likely to take. (Amazon did not respond to Mother Jones request for comment.) "I just want people to be concerned enough that it forces these drone makers to take an additional look at them. When you have enough people scrutinizing technology, you're going to have added security and added attention, and that's the benefit."

That's certainly how companies have responded to Kamkar's hacks before: After he crippled Myspace in 2005 using what some called the fastest spreading virus up to that point—(he was arrested and convicted under California penal code, and Kamkar says, "community service was a blast!")—Myspace revamped its security procedures. Still, even if Amazon manages to fend off the zombie drones, it faces other obstacles—including states that have banned drones, potential collisions in urban areas, and major privacy concerns. 

"Drones are an impressive piece of technology and part of me is super excited whenever I get it outside and fly it around," Kamkar says. "But part of me is a little fearful." 

5 Shocking New Revelations on NSA Cellphone Tracking

| Wed Dec. 4, 2013 7:01 PM EST

Not a month goes by without former National Security Agency contractor Edward Snowden, unleashing new government surveillance allegations, but on Wednesday, the Washington Post dropped a bombshell: The NSA is tracking cellphones around the world at a rate of almost five billion records per day. This revelation is particularly shocking because it affirms fears that the government is keeping tabs on the physical location of Americans. The newspaper notes that in terms of potential impact on privacy, the location-tracking report may be "unsurpassed." Here's five things you need to know from the mind-boggling new report: 

1. The NSA can find you in a hotel and can probably tell if you're having an affair: 

Cellphones broadcast location data to towers even when they're not being used or the GPS is turned off. The NSA gets cellphone location data by "tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones." This allows the agency to keep tabs on someone, even if he or she travels abroad with a cellphone, "into confidential business meetings or personal visits to medical facilities, hotel rooms, private homes and other traditionally protected spaces." Once the NSA has that information, it can use it to figure out who a person is visiting, where, and how often.  

2. Americans are definitely being tracked, but providing the exact number is "awkward:"

Like other programs revealed by Snowden, this one is intended for foreign intelligence but nonetheless collects Americans' data, allegedly by accident. The Snowden documents do not reveal how many Americans are targeted at home and abroad. Intelligence officials told the paper that the agency can't calculate how many, and "it's awkward for us to try to provide any specific numbers." (Robert Litt, general counsel for the Office of the Director of National Intelligence, which oversees the NSA, confirmed to the Post that information isn't collected in bulk on cellphones in the United States "intentionally.") 

3. All the collected location data wouldn't fit in the Library of Congress: 

From the Post: "27 terabytes, by one account, or more than double the text content of the Library of Congress’s print collection."

4. Don't bother trying to hide. The NSA knows if you're trying to avoid them: 

From the Post: "Like encryption and anonymity tools online, which are used by dissidents, journalists and terrorists alike, security-minded behavior — using disposable cellphones and switching them on only long enough to make brief calls — marks a user for special scrutiny...for example, when a new telephone connects to a cell tower soon after another nearby device is used for the last time.​" And Chris Soghoian, principal technologist at the American Civil Liberties Union, told the Post that "the only way to hide your location is to disconnect from our modern communication system and live in a cave."

5. And you don't need to be a suspect to be targeted: 

This is the big one—"A central feature of each of these tools is that they do not rely on knowing a particular target in advance, or even suspecting one. They operate on the full universe of data in the NSA’s [repository] which stores trillions of metadata records, of which a large but unknown fraction include locations," wrote the Post. An intelligence lawyer said that the data collection is not covered by the Fourth Amendment, which outlaws unreasonable searches and seizures.​ 

Read the full report. 

 

Fri Nov. 22, 2013 1:26 PM EST
Fri Nov. 1, 2013 11:31 AM EDT
Wed Jun. 18, 2014 6:00 AM EDT