Monday, June 30, 2014

Americans as 'vulnerable' to NSA surveillance as foreigners, despite Fourth Amendment...(ZDNet)

Summary: By manipulating Internet traffic to push American data outside of the country, the NSA can vacuum up vast amounts of US citizen data for intelligence purposes, a new report warns.
By  for Between the Lines |
a1-(zdnet)-clapper-obama copy
Director of National Intelligence James Clapper with the President in 2011 (Image: Pete Souza/White House)
Secret loopholes exist that allow the National Security Agency to bypass Fourth Amendment protections to conduct massive domestic surveillance on US citizens, according to leading legal academics.
The research paper released Monday by academics at Harvard University and Boston University details how the US government can "conduct largely unrestrained surveillance on Americans by collecting their network traffic abroad," despite constitutional protections against warrantless searches.
One of the paper's authors, Axel Arnbak at Harvard University's Berkman Center for Internet & Society, told CNET that US surveillance laws presume Internet traffic is non-American when it is collected from overseas.
"The loopholes in current surveillance laws and today's Internet technology may leave American communications as vulnerable to surveillance, and as unprotected as the internet traffic of foreigners," Arnbak said.
Although Americans are afforded constitutional protections against the US government from unwarranted searches of their emails, documents, social networking data, and other cloud-stored data while it's stored or in-transit on US soil, the researchers suggest these protections do not exist when American data leaves the country.
By manipulating Internet traffic to push American data outside of the country, the NSA can vacuum up vast amounts of US citizen data for intelligence purposes, thus "circumventing constitutional and statutory safeguards seeking to protect the privacy of Americans," they warned.
The academic paper lands just over a year since the Edward Snowden revelations first came to light, outlining the massive scope of U.S. government surveillance -- under the justification of preventing terrorism. Although the classified programs that make up the NSA's data acquisition arsenal have only recently been disclosed over the past year, the laws have been under close scrutiny for years. The paper only adds fuel to the fire of the intelligence agency's potential spying capabilities, which have been heavily criticized by civil liberties and privacy groups alike.
"The fix has to come from the law -- the same laws that apply to Internet traffic collected domestically should also apply to traffic that is collected abroad," the paper's co-author Sharon Goldberg at Boston University's Computer Science Department, said.
While the researchers do not speculate as to whether or not these loopholes are being actively exploited, aiming solely to broaden the understanding of the current legal framework as disclosed, the current legislation as it stands "opens the door" for unrestrained spying capabilities.
Patrick Toomey, staff attorney at the American Civil Liberties Union's National Security Project, said: "Today, Americans' communications increasingly travel the globe -- and privacy protections must reliably follow. This report raises key questions about whether our current legal regime meets that standard, or whether it allows the NSA to vacuum up Americans' private data simply by moving its operations offshore."
"The loopholes in current surveillance laws and today's Internet technology may leave U.S. communications as vulnerable to surveillance, and as unprotected as the internet traffic of foreigners."
He added that there should be a uniform set of laws that protect Americans' privacy regardless of where they are in the world, and that Congressional oversight of all rules governing surveillance is needed for comprehensive reforms.
Since the Sept. 11 terrorist attacks in New York, the subsequent introduction of the Patriot Act allowed certain kinds of data to be collected for the prevention of terrorism -- so-called "metadata," such as the time and date of phone calls and emails sent, including phone numbers and email addresses themselves. But the contents of those phone calls or emails require a warrant.
The classified documents leaked by Snowden showed that while the public laws have been in effect for years or even decades, the US government has used secret and classified interpretations of these laws for wider intelligence gathering outside the statute's text.
The Obama administration previously said there had been Congressional and Judicial oversight of these surveillance laws -- notably Section 215 of the Patriot Act, which authorized the collection of Americans' phone records; and Section 702 of the Foreign Intelligence Surveillance Act (FISA), which authorized the controversial PRISM program, to access non-US residents' emails, social networking, and cloud-stored data.
But the researchers say that the lesser-known Executive Order (EO) 12333, which remains solely the domain of the Executive Branch -- along with USSID 18, designed to regulate the collection of American's data from surveillance conducted on foreign soil -- can be used as a legal basis for vast and near-unrestricted domestic surveillance on Americans.
The legal provisions offered under EO 12333, which the researchers say "explicitly allows for intentional targeting of US persons" for surveillance purposes when FISA protections do not apply, was the basis of the authority that allowed the NSA to tap into the fiber cables that connected Google and Yahoo's overseas to US datacenters. The program was authorized because the collection was carried out overseas and not on US soil -- including attacking a US-based company that has a physical presence in other jurisdictions, the researchers say.
An estimated 180 million user records, regardless of citizenship, were collected from Google and Yahoo datacenters each month, according to the leaked documents.
The paper also said surveillance can also be carried out across the wider Internet by routing network traffic overseas so it no longer falls within the protection of the Fourth Amendment.
The report highlights a fundamental yet widely known issue with the Internet. Data takes the quickest route possible rather than staying solely within a country's borders. Data between two US servers located within the US can still sometimes be routed outside of the US.
Although this is normal, the researchers warn data can be deliberately routed abroad by manipulating the Internet's core protocols -- notably the Border Gateway Protocol (BGP), which determines how Internet traffic is routed between individual networks; and the Domain Name Service (DNS), which converts website addresses to numerical network addresses -- Internet traffic can be pushed outside of the United States.
By deliberately pushing Internet traffic outside of the US, the NSA would have enough time to capture the data while it is outside the reach of constitutional protection.
An NSA spokesperson denied that either EO 12333 or USSID 18 "authorizes targeting of US persons for electronic surveillance by routing their communications outside of the US.," in an emailed statement.
"Absent limited exception (for example, in an emergency), the Foreign Intelligence Surveillance Act requires that we get a court order to target any US person anywhere in the world for electronic surveillance. In order to get such an order, we have to establish, to the satisfaction of a federal judge, probable cause to believe that the US person is an agent of a foreign power," the spokesperson added.
The researchers rebuffed the NSA's statement in an email: "We argue that these loopholes exist when surveillance is conducted abroad and when the authorities don't 'intentionally target a 'US person'. There are several situations in which you don't 'target a US person', but Internet traffic of many Americans can in fact be affected."
"We cannot tell whether these loopholes are exploited on a large scale, but operation MUSCULAR seems to find its legal and technical basis in them."
Mark M. Jaycox, a legislative analyst at the Electronic Frontier Foundation, said: "If you are intentionally spying on a US person, the government must go to the FISA Court," he said. "That's the way the law is supposed to operate."
Describing how the NSA says it never "intentionally collects" U.S. information, he warned the foreign data dragnet would inevitably include U.S. data.
"The NSA is an intelligence organization -- it's going to be targeting foreigners. But it's the way that it's targeting millions of foreigners, and millions of foreign communications that will eventually pick up U.S. persons' data and information. And once that data has been collected, it must be destroyed."
"It's a question the NSA can't reconcile, so they lean heavily on saying they never 'intentionally collect' the U.S. person information," he said.
A recent primer on EO 12333 written by the privacy group said the order "mandates rules for spying... on anyone within the United States." The group also notes because the order remains inside the Executive Branch, the Obama administration could "repeal or modify" the order immediately.
"This report raises key questions about whether our current legal regime meets that standard, or whether it allows the NSA to vacuum up Americans' private data simply by moving its operations offshore."
The American Civil Liberties Union said in a post on its website that the US government interprets USSID 18 to "permit it to sweep up Americans' international communications without any court order and with little oversight."
The privacy group has also filed a Freedom of Information lawsuit with a federal court in New York, questioning "whether it appropriately accommodates the constitutional rights of American citizens and residents whose communications are intercepted in the course of that surveillance."
Although there is no direct evidence yet to suggest the NSA has exploited this loophole, network monitoring firm Renesys observed two "route hijacking" events in June and November 2013 that led Internet traffic to be invisibly routed through Belarus and Iceland on separate occasions. These events are almost unnoticeable to the ordinary Internet user, but the side effect is that data may be readable by foreign governments travelling through their country's infrastructure. It also allows the NSA to capture that data by treating it as foreign data.
These legal and technical loopholes can allow "largely-unrestrained surveillance on Americans communications," the researchers wrote.
The NSA, whose job it is to produce intelligence from overseas targets, said for the first time in August 2013 that it derives much of its "foundational authority" for its operations from EO 12333. Recent Snowden disclosures shed new light on understanding the capabilities of the executive order.
It was also recently revealed that Snowden himself questioned the legal authority of EO 12333, according to one declassified email exchange released by Director of National Intelligence James Clapper.
According to John Schindler, a former NSA chief analyst, speaking to The Washington Post in October, the sole aim of the NSA's "platoon" of lawyers' is to figure out "how to stay within the law and maximize collection by exploiting every loophole."
"It's fair to say the rules are less restrictive under [EO] 12333 than they are under FISA," he added.
FISA expanded the NSA's powers allowing it to obtain foreign intelligence -- including economic and political surveillance of foreign governments, companies, news outlets, and citizens. But the amended law in 2008 also restricted what can be collected on US citizens.
The so-called "targeting" and "minimization" procedures, which remain classified but were reported as a result of the Snowden leaks, were introduced to ensure any data inadvertently collected on US citizens from overseas would not be used in investigations. These were later criticized following subsequent leaks which suggested the rules on collecting US persons' data were more relaxed than the statute led the public to believe.
US intelligence agencies can only do so much with US data, therefore they have a "strong incentive to conduct surveillance abroad," the researchers say, which includes individuals and companies, because legal protections under the Fourth Amendment and FISA do not apply outside US territory.
"Programs under EO 12333 may collect startling amounts of sensitive data on both foreigners and Americans," the paper summarizes, because it presumes by default that "targets and communications are non-Americans, precisely because their operations are conducted abroad."
Zack Whittaker writes for ZDNet, CNET, and CBS News. He is based in New York City.

Friday, June 27, 2014

Puerto Rico: Tropical Tax Haven for America's Super-Rich (BusinessWeek)

Schiff at Dorado Beach; Helmers at home
Schiff at Dorado Beach; Helmers at home

It’s 2 a.m. at the La Factoria bar in Puerto Rico’s Old San Juan, a hipster joint with a sagging couch, tile floors, and Christmas lights that wouldn’t be out of place in Brooklyn’s Williamsburg. While Get Lucky plays, tipsy couples slink out the doors onto the colonial city’s cobblestone streets and into this warm April night. At the bar, a 28-year-old hedge fund trader—the type of person who posts his SAT results on his LinkedIn page—is ranting about the tax code. He’s obsessed with it, complaining that the U.S. is the only major country taxing citizens on their worldwide income, no matter where they reside. That’s why he moved here.
Struggling to emerge from an almost decadelong economic slump, the Puerto Rican government signed a law 18 months ago that creates a tax haven for U.S. citizens. If they live on the island for at least 183 days a year, they pay minimal or no taxes, and unlike with a move to Singapore or Bermuda, Americans don’t have to turn in their passports. (Puerto Ricans are U.S. citizens but cannot vote in federal elections.) About 200 traders, private equity moguls, and entrepreneurs have already moved or committed to moving, according to Puerto Rico’s Department of Economic Development and Commerce, and billionaire John Paulson is spearheading a drive to entice others to join them.
Paulson says the island will become “the Singapore of the Caribbean”Photograph by Harry Gould Harvey IVPaulson says the island will become “the Singapore of the Caribbean”
Schiff, who runs Westport (Conn.)-based brokerage Euro Pacific Capital, relocated his $900 million asset management arm from Newport Beach, Calif., to San Juan in 2013. He plans to move to the island within the next several years. (For now, a son from a first marriage is keeping him in Connecticut.)
Under Puerto Rico’s new rules, an individual who moves to the island pays no local or federal capital gains tax (capital gains are charged based on your tax home rather than where you earn them) and no local taxes on dividend or interest income for 20 years. Even someone working for a mainland company who is a resident of the island would be exempt from paying U.S. federal taxes on his salary. Moving to the island won’t kill all taxes: U.S. citizens still have to pay federal taxes on dividend or interest income from stateside companies. But the savings can be extraordinary, especially if considering the compounding effects, says Alex Daley, chief technology investment strategist at Casey Research, a firm that publishes reports for investors. Late last year, Daley moved from Stowe, Vt., to Palmas del Mar, about 45 minutes from San Juan. Say you put $100,000 in a 5 percent certificate of deposit that compounds annually and reinvest the proceeds every year. If you lived in Puerto Rico, you’d earn $165,000 in interest over two decades, Daley calculates. If you lived in California, your state and federal taxes could reduce that to as little as $64,000.
Paulson, who made $15 billion for himself and his investors betting against U.S. mortgages during the financial crisis, helped start the wave of transplants last year, when he considered moving to the island. Paulson cited excessive media attention as his reason for staying put in the States. The press reports had an unintended consequence, though: Word quickly spread to other wealthy individuals that Puerto Rico wanted them.

Thursday, June 26, 2014

Small Businesses May Be Even More Sick of Washington Than Most Americans (BusinessWeek)

Kevin McCarthy on Oct. 11, 2013, in Washington
Kevin McCarthy on Oct. 11, 2013, in Washington
The new leader of the House Republicans, California Representative Kevin McCarthy, is one of dozens of members of Congress with a small business background (he once used $5,000 in lottery winnings to open a deli in Bakersfield). That representation hasn’t satisfied Main Street business owners: Only 4 percent said Washington served them well in a new poll, and 35 percent said it served them “moderately well.”
The country as a whole gives Congress a 16 percent approval rating right now, according to Gallup. It’s hard to compare questions from two different surveys. But it’s clear that small business owners have a dim view of their elected officials, according to the survey published today by the National Small Business Association.
There are about 28 million small businesses in the U.S., and according to the NSBA survey, their owners all vote. Or, almost all of the people the NSBA surveyed: 95 percent of the 1,800 business owners in the poll said they pull a lever in national elections. Small business owners are also good for campaign cash: 63 percent of respondents said they made donations to a political candidate.
No surprise, then, that candidates such as McCarthy play up their small business pedigrees. In 2010 alone, Americans sent 33 small business owners and entrepreneurs to Congress—a count that excluded those with professional practices such as doctors and lawyers, as well as those who sold or left their businesses more than five years before their election. Small business is second only to the military in institutions that most Americans trust, according to Gallup. (Congress’s rating on that front: 7 percent have a lot of confidence in it.)
The NSBA survey, conducted online in May with a sample that included both members and non-members, found Republicans were less satisfied than Democrats, but neither group gave government high marks.
That’s likely because Beltway gridlock has prevented Congress from enacting tax reform and reining in health-care costs, write NSBA Chair Jeff Van Winkle and CEO Todd McCracken in an introduction to the survey. “These actions are far more important than a hat-tip to small business during a stump-speech,” they write. Or, for that matter, more important than any elected official’s past experience on Main Street.
Clark is a reporter for Bloomberg Businessweek covering small business and entrepreneurship.

Wednesday, June 25, 2014

Aereo ruled illegal by Supreme Court; must pay copyright fees (ZDNet)

Summary: The future of Internet TV was decided by the U.S. Supreme Court. And it didn't go in cordcutters' favor.

By  for Networking |
Supreme Court

By a six-to-three vote, the U.S. Supreme Court reversed the decision of the US Second District Court in ABC vs. Aereo.
The bottom line: The Supreme Court has ruled that Aereo's over-the-air (OTA) TV over the Internet service is illegal.
According to the SCOTUSblog, "This ruling appears sweeping and definitive, determining that Aereo is illegal." At the same time, the Court claimed that "its ruling does not endanger other technologies." How that can be is an open question. Aereo had claimed that a decision against them might endanger other cloud-based media services.
It appears, however, that "the essence of the Aereo ruling is that Aereo is equivalent to a cable company, not merely an equipment provider." That, according to the court's decision, Aereo's "behind-the-scenes technological differences do not distinguish Aereo's system from cable systems, which do perform publicly."
Aereo was a service that lets you watch over-the-air TV over the Internet for $8 per month. It offered you the same network television shows that are available to anyone with an antenna. To do this, Aereo sets up clusters of miniature antennas in your local area.
For example, If you lived in New York, you'd be able to watch WABC, WCBS, and WNBC; when and if Aereo had expanded to in to Washington, you would have been able to watch WJLA, WUSA, and WRC; and so on.
When you signed up for the service, you were assigned two of those antennas. One is for watching live shows and the other is for recording programs. Your chosen local OTA shows are then also kept in cloud-based digital video recorder (DVR).
"This ruling appears sweeping and definitive, determining that Aereo is illegal."
This isn't just cloud DVR, though. Whether you were watching a "live" show or a recorded one, you're creating, the company stated, "three separate unique copies of the show, each in a different bit rate optimized for different streaming conditions. The lowest bit rate file is ideal for streaming over 3G connections. The medium rate file will work well over most Wi-Fi connections. The highest rate file is intended for really fast broadband connections. While watching, you can choose the video quality on your device. If you select 'auto', you will automatically choose the best bitrate for your current network conditions."
At the time of the decision, Aereo was available in eleven Eastern and Midwest cities. The company had had plans to offer its services in 19 more US cities.
ABC and other networks — including CBS, the parent company of ZDNet and sister-site CNET — had argued that Aereo was violating copyright by retransmitting their signals over the Internet. Legally, the question in ABC vs. Aereo is whether Aereo "publicly performs" a copyrighted television program when it retransmits a broadcast of that program to paid subscribers over the Internet.
Aereo's counter-argument was that, in essence, all they're doing is renting you an antenna with a very, very long cable that just happens to go over the Internet. Since Aereo will only let you watch network shows that are available from your local OTA TV stations, their position was that the company was not violating any copyright or retransmission laws. As for offering a DVR service, Aereo argued that the case of 20th Century Fox vs. Cablevisionhad already shown that remote Internet-based DVRs were legal.
In addition, Aereo argued that a strike against them is a blow against all cloud media storage. The Supreme Court disagreed on both counts. 
What happens now? Good question.
Is Aereo out of business now? The company has always insisted that if its loses it has no alternative plan.
On the other hand, in Fortune, Aereo CEO Chet Kanojia "suggested that Aereo could explore several alternate options in the case of a loss, including perhaps even paying some sort of retransmission fees to broadcasters." This appears to be Aereo's only option for the business to survive.
Whether the networks would agree to such a deal is another question. While, the networks have never been averse to making more money, they all disliked both Aereo's model and their persistence in pushing it through the courts. Still, sooner rather than later the networks must come to terms with the cordcutters in a more sensible way than their current mishmash of network specific Web sites and rerun-specific deals with Amazon, Hulu, and Netflix.
Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting edge PC operating system. SJVN covers networking, Linux, open source, and operating systems.

Tuesday, June 24, 2014

Wearable computing: Trends

The explosion of interest in wearable computing is one of tech's fastest rising trends. While big moves from Google, Apple, and Samsung will likely attract a lot of attention, we're going to examine the broader potential that wearables hold for driving innovation in business.
1.- Wearables: An emerging trend with staying power
Summary: Wearable tech, from Google Glass to Fitbit, Jawbone and other devices, is garnering plenty of attention. Here’s what lies ahead for the industry. More:

2.- Research: 92 percent are interested in wearables
Summary: The future of wearables in the enterprise was the subject of the latest Tech Pro Research survey. Find out who is using these devices, and how. More:

3.- Executive's guide to wearable computing in business (free ebook)
Summary: Wearable tech may have begun as a consumer novelty, but now we're beginning to see devices that offer solid business value. This ZDNet/TechRepublic guide looks at how wearable computing is being implemented now — and what you can expect in the near future. More:

4.-Wearables in business: Five companies getting real work done

Summary: Wearables are still trying to win over consumers, but they have made strides in the enterprise. Here are five companies using wearables to add value to their business. More:

5.- The History of Wearable Technology: A timeline

Summary: Humans have always adorned their bodies with gadgetry — be it for show, for utility, or both. Our timeline documents examples such as body armour, spectacles, wearable calculating aids, hearing aids, diving gear, spacesuits, exoskeletons and experiments in human-machine 'cyborgs'. More:

6.- Wearables: The ones we use versus the ones we really want

Summary: There's a gap between the wearable tech that gets the most hype and the ones that actually get used, and the ones that are used versus the ones people really want. More: