Author Archives: Jonathan

Best of 2016: ConComms in the Indypendent

Constitutional Communications article “In an Age of Mass Surveillance, Encryption Gives Us an Edge” was chosen as one of the best articles of 2016 by the staff of the Indypendent!

The Indypendent is a New York City-based free newspaper and online news site. Winner of more than 50 awards from New York Community Media Alliance for excellence in journalism, it has a print and online audience of more than 100,000 readers.

Check out 52 of The Indypendent’s best articles from 2016  — one for each week of the year — as they look back on thier coverage of both the year’s historic presidential election and of left social movements working for change from outside the electoral arena.

The Best of 2016: 52 Reasons to Support the Indy:

https://indypendent.org/2016/12/30/best-2016-52-reasons-support-indy

Securing Freedom: Digital Security for Organizers

The vast system of U.S. surveillance will soon be in the hands of a President who has pledged to violate our constitutional and human rights. Now more than ever, organizers need to act to protect their digital security so we can continue to work for democratic social change. Join this webinar to learn practical steps for securing your data and communications, both individually and collectively. Together we can ensure our movements are safe enough to take risks and strong enough to win.

 Featured guest:Harlo Holmes

Director of Newsroom Digital Security, Freedom of the Press Foundation

With: Jonathan Stribling-Uss, Esq.

Director & Founder, Constitutional Communications, www.concomms.org

This webinar is free for MAG-Net members and $50 for non-members. The Media Action Grassroots Network (MAG-Net) mobilizes a media justice movement to end racism and poverty. Member organizations amplify the voices of impacted communities to win communication rights and power. To find out about membership contact angella@mediajustice.org.

For Tickets

https://www.eventbrite.com/e/securing-freedom-digital-security-for-organizers-tickets-29649809378

Constitutional Communications on the Radio

Constitutional Communications on Law and Disorder Radio

Jonathan from Constitutional Communications recently sat down with Law and Disorder radio for an indepth conversation about the recent Oliver Stone Snowden film and client demands for end to end open source encryption.

Law and Disorder is a weekly, independent radio program airing on more then 60 stations across the United States and podcasting on the web. Law and Disorder radio gives listeners access to rare legal perspectives on issues concerning civil liberties, privacy, and the right to dissent. Three of the top progressive attorneys and activists host the program and consistently bring a diverse line up of guests from grassroots activists to politically mindful authors. Listen here to the segment.

Law and Disorder segment on Encrypted Client Communications:

As the general public becomes increasingly aware of the value of using open source encrypted communications, several groups of professionals may be among the first to regularly use it in their work. Members of the press already provide open source whistleblower submission systems, such as Secure Drop, to protect the anonymity of anonymous sources. But how do attorneys protect their privileged client communications?

Jonathan Stribling-Uss founded Constitutional Communications to teach attorneys, activists and others to use open source encryption for all their communications. The group is aptly named given that “Our current system of Internet communication is not constitutional, especially with respect to attorney/client communications,” according to Stribling-Uss who is also a member of the National Lawyers Guild. The group has already provided intensive training sessions on digital security domestically and internationally for nearly 300 civil society leaders from dozens of countries.

Guest – Attorney Jonathan Stribling-Uss, director of Constitutional Communications, a nonprofit organization that specializes in information security for professionals and civil society organizations. He has led trainings and accredited CLEs (Continuing Legal Education) for hundreds of attorneys and law students on cybersecurity, professional ethics, international law, and attorney-client communications with the NYCLA (New York County) Bar Association, Law For Black Lives, and the Continuing Legal Resource Network at CUNY (City University Of New York). He has also trained journalists, foundations, activists, and technologists from more then 40 countries at the Center for Constitutional Rights, Thoughtworks global corporation, the International Development Exchange, the Legal Clinics of the CUNY School of Law, and The Florestan Fernandes National School in Brazil.

http://lawanddisorder.org/2016/09/law-and-disorder-september-26-2016/

 

Government Spying, Civil Liberties, Encryption and Attorney Client Communications at NYCLA

Short discussion from New York County Lawyers’ Association (NYCLA Bar) and Constitutional Communications experts about the impact of NSA Goverment Spying on Attorney Client communications and US Constitutional Government. From a recent Ethics and Technology accredited Continuing Legal Education(CLE) Program. Excerpt from 2 hour program at NYCLA headquarters in lower manhattan. NYCLA is home to a community of 9,000 attorneys, judges, academics, and law students, take the full CLE for credit at nycla.org or learn more at Concomms.org or Accessnow.org.

Constitutional Communications Indypendent article on secure email providers

Internet Service Providers You Can Trust

Newly leaked FBI guidelines for the use of National Security Letters (NSLs) have finally opened a window into how little control third parties, from Google, to Facebook to the phone company, have over the data of their users. The classified rules, were obtained by The Intercept in June, but date back to 2013, and concern the FBI’s use of national security letters (NSLs).

NSLs allow for an FBI agent to request any type of data from a third-party provider, and then use a gag order to prevent the provider from speaking about the fact that the data has ever been requested. This allows the bureau to obtain information about activists and journalists without going to a judge, as is the case with a regular search warrant, or informing the organization being targeted.

Sixteen thousand NSLs are issued annually. The letters only require the signature of a unit director at the FBI to obtain data from any provider and are often used for investigations that have nothing to do with national security, including investigations carried out against journalists who expose information that displeases the government. This type of surveillance has dubious legality and becomes even more dubious when evidence from these sources is used in criminal trials. The most striking use of information from NSL’s is when it is combined with “parallel construction”: the laundering of illegally acquired evidence into court proceedings.

Anyone who has watched the “The Wire” or “The Good Wife” has seen fictional examples of how parallel construction may currently happen. But the most clear-cut case of parallel construction in present-day prosecutions is through the Special Operations Division, a $125 million unit of the Drug Enforcement Administration (DEA), where agents are trained to utilize “parallel construction” to hide NSA or NSL data by covering it with fake witnesses. The use of this illegally acquired evidence in trials has therefore been hidden from attorneys, clients and the judiciary, threatening the integrity of the legal process as a whole. This startling practice undermines the Sixth Amendment right of defendants to know the evidence that is being used against them in an open court, and it destroys an attorney’s ability to effectively serve their clients. The vice chairman of the criminal justice section of the American Bar Association, James Felman, calls this domestic use of evidence from NSL or NSA intercepts “outrageous” and “indefensible.”

What can activists or concerned citizens do to stop this broad attack on freedom of speech and association? There are groups such as the National Lawyers Guild and The Electronic Frontier Foundation that work on specific legal strategies. As individuals, people need to understand that for law enforcement social media is public space. Although you may have privacy settings that can stop your mom or ex-partner from reading your posts, as far as federal law enforcement is concerned every page, post, mail, like or click on Facebook, Twitter, or Google could be used as evidence against you in a court of law.

To thwart these overbearing snoops there are a number of excellent Internet providers who take user privacy seriously, don’t collect log data and/or utilize warrant canaries that allow them to warn users if they are ever asked to comply with government requests for NSL information. There are a number of long-running projects that exist to support activists maintain their constitutional rights while using digital communications. Two of special significance are Riseup.net and Mayfirst.org.

Riseup.net is a non-profit collective active since the 1999 Seattle WTO protests. Riseup runs an email service (mail.riseup.net), a groupware network for organizing (we.riseup.net), pastebins for securely exchanging large files (share.riseup.net), a “google docs” type collaborative document writing (pad.riseup.net). All of these are maintained by ensuring no logging data is saved. It has a “warrant canary” that they publish and update regularly. It also allows people to sign up for and use services over the Tor network to preserve their anonymity (something that Google, Facebook, Apple, and Twitter, don’t allow.) Riseup relies on individual donations to survive.

May First/People Link (www.mayfirst.org) “engages in building movements by advancing the strategic use and collective control of technology for local struggles, global transformation, and emancipation without borders.” This redefines the concept of “Internet Service Provider” in a collective and collaborative way as a democratic membership organization with an elected Leadership Committee and coop model where everyone pay dues and collectively manage websites, email, email lists, and more.

This is the second in a two-part series.

Indypendent Issue # 216

First part: In an Age of Mass Surveillance, Encryption Gives Us an Edge

The Indypendent is a monthly New York City-based newspaper and website founded in 2000.  It has a print and online audience of more than 100,000 readers and has won more than 50 awards from the New York Community Media Alliance for excellence in journalism.

https://indypendent.org/2016/08/15/internet-service-providers-you-can-trust

ConComms Joins EFF’s New Alliance

We are happy to report that Constitutional Communications has agreed to join the EFF’s new Electronic Frontier Alliance, and fight for the principles of Security, Privacy, Free Expression, Creativity, and Access to Knowledge.

The Electronic Frontier Alliance is a grassroots network of community and campus organizations across the United States working to educate our neighbors about the importance of digital rights.

Electronic Frontier Alliance Principles

As a member organization of the EFA, we believe that technology should support the intellectual freedom at the heart of a democratic society. In the digital age, that entails advancing:

Free Expression:
People should be able to speak their minds to whoever will listen.

Security:
Technology should be trustworthy and answer to its users.

Privacy:
Technology should allow private and anonymous speech, and allow users to set their own parameters about what to share with whom.

Creativity:
Technology should promote progress by allowing people to build on the ideas, creations, and inventions of others.

Access to Knowledge:
Curiosity should be rewarded, not stifled.

We uphold these principles by fighting for transparency and freedom in culture, code, and law.

Concomms Article featured in The Indypendent

The Indypendent Issue # 215

As legal showdowns go, Apple v. FBI came in like a lion and left like a lamb. In February, the Federal Bureau of Investigations (FBI) won a federal court order to compel Apple to build a new operating system that would allow agents to hack into the iPhone 5 used by the San Bernardino mass shooter. When Apple refused to comply, some commentators claimed it was the biggest showdown over surveillance in the last decade.

While this legal showdown was still grabbing headlines, National Security Agency (NSA) whistleblower and cyber security expert Edward Snowden called Apple’s refusal to cooperate important on principle. But he correctly asserted the FBI’s claim it was unable to access the iPhone due to Apple’s encryption was “bullshit.” On March 28, the FBI dropped the legal action after an unnamed contractor helped the Bureau bypass the encryption.

Nonetheless, encryption, is still a key privacy tool. As Snowden himself put it during an online Q & A hosted by The Guardian in 2013: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on [to protect your privacy].” 

This is a broad statement, however, because there are different types of encryption for different types of functions. The most secure forms are made with open source software, which make it possible for technicians to see how the programs work and also makes them free for individuals to download and use. Although there are free tools that can secure information from even the most well resourced attackers, like the NSA, few organizations use encryption, let alone worry much about what types of encryption to use. 

Case in point: Mossack Fonseca, the self-described “legal services firm” that was the source of the Panama Papers. A whistleblower concerned with the unethical and illegal nature of the company’s business provided 2.6 terabytes of data from its internal network to International Consortium of Investigative Journalists, which began publishing the material through various news outlets in April. 

The term “Legal services firm” in Mossack Fonseca’s case is a nice way of saying “money laundry.” As the Panama Papers reveal the firm set up shell companies and provided tax havens to the globe’s wealthiest individuals. When the Panama Papers hit front pages worldwide, the company’s offices were raided by the police forces of four governments. 

Mossack Fonseca’s behavior was not simply unethical and illegal, it was also stupid. As its own leaked internal emails show, the firm didn’t use modern, end-to end open source encryption tools; didn’t effectively educate its staff about what it was doing with digital security; and consistently undermined its security by creating anonymous and unlogged access points to its network. These types of practices make it easy for hackers, governments, or whistleblowers, for that matter, to access information systems that lack end-to-end, open source encryption. 

Unfortunately, US government policy has made open source, end-to-end encryption important even for everyday people who are not engaged in nefarious activities. Mass surveillance is current government practice and it has made it necessary to defend our privacy in what many observers have begun referring to as the Golden Age of Surveillance

Governments globally are working to ensure they can have access to all digital information all the time. Domestic law enforcement groups like the FBI have access to more and more information from massive government databases collected directly from the servers of all the major email providers. Here is how it works: the NSA collects information on Americans on a massive scale under the Foreign Intelligence Surveillance Act and Executive Order 12333, the FBI receives access to this data collected by the NSA through a partnership with the Drug Enforcement Administration’s Special Operations Division, which gives them information from all major US service providers — Google, Apple, Yahoo, Facebook. This enables domestic law enforcement to utilize the NSA’s Bluffdale Utah data facility, which has the capacity to hold 1000 times more data than the entire internet, a yottabyte of data. 

In a 2015 report, United Nation’s Special Rapporteur on Freedom of Expression, David Kaye, argued that due to this type of widespread, warrantless surveillance of internet communications, anonymity and encryption must now be considered human rights. Kaye cites Article 19 of the International Covenant on Civil and Political Rights, ratified by the US in 1993, which affirms the universal “freedom to seek, receive and impart information and ideas of all kinds.” 

Those of us wanting to uphold our rights should use open source, end-to-end encryption and demand the same of lawyers, businesses and others handling our personal data. 

Jonathan Stribling-Uss is an attorney and Director of Constitutional Communications (concomms.org), a not-for-profit organization that trains lawyers, journalists and civil society leaders in maintaining secure communications.


6 Tools to Protect Your Privacy

1) Signal by Open whisper systems (in App Stores)

Signal is the easiest and most secure encrypted text and calling program, with more than one million users. The app is free and takes 3-5 minutes to get started. It can now be used with both your phone and computer. 

2) Jitsi (Jitsi.org)

A free service, requiring no account, that allows for multiparty, end-to-end encrypted video calls and chats. For more usability you can install a download, but it is not necessary to get started calling friends around the globe.

3) Tor (www.torproject.org)

A free browser that uses encryption and a random series of open routing computers to separate your actions online from your IP (internet protocol) address, providing anonymity. 

4) Make a longer passphrase with memorable words

With robust symmetric encryption, when you lose your password, you lose your data. This means that you have to create passphrases, not just words, that are easy for humans to remember but hard for machines to guess. The simplest way to do this is to use at least four random words, and a number or given name. For example; “correcthorsebatterystaplenatturner”. 

5) PGP/GPG (www.gnupg.org)

A free, open source, end-to-end encryption system that has been used and tested for over 25 years. It is designed to supplement your current email address, so you don’t need a new email, you can just add this asymmetric encryption system over the top of your current provider.

6) Tails OS (tails.boum.org)

A free, open source operating system that can be run on most computer hardware and secures your traffic and data on an encrypted USB. It is based on one of the most used operating systems, Debian, and it is packaged with a full set of office and encryption tools. 

— Jonathan Stribling-Uss


 

Founded in 2000 as the print project of the New York City Independent Media Center, The Indypendent is a New York City-based free newspaper and online newspaper with a print and online audience of more than 100,000 readers. It is the Winner of more than 50 awards from New York Community Media Alliance for excellence in journalism.

https://indypendent.org/2016/06/29/age-mass-surveillance-encryption-gives-us-edge

Ethics and Technology CLE: What Lawyers Need to Know

Ethics and Technology: What You Need to Know About E-Discovery, the Panama Papers, Attorney Liability for Hacks and Other Recent Developments in Technology That Cannot Be Ignored: May 17th at NYCLA Bar Association.

CLE Credits:

3 NJ Credits: 3 Ethics;
3 NY Credits: 3 Ethics

Join us for the third program in our ongoing series which will identify and help you learn and put into practice the new technology which is needed to deal with electronic data that is pervasive in all aspects of commercial and personal life.

Along with looking at recent technological developments and their effect on confidentiality of proprietary information and the lawyer’s ethical responsibilities to protect it, this program will take a special look at e-discovery and the ethical ramifications of compliance or sanctions for lack thereof.

Our expert panel will also answer audience questions about the ethical issues that are affecting the way attorneys practice law in the new paradigm.

Faculty:

FacultyJoseph BambaraUCNY, Co-Chair, NYCLA’s Law and Technology Committee; James B. Kobak, Jr., General Counsel, Hughes Hubbard & Reed LLPPery KrinskyKrinsky, PLLC; Peter MicekAccess Now;Jonathan Stribling-Uss, Constitutional Communications

When
Where
NYCLA – 14 Vesey Street 2nd Floor Auditorium, New York, NY 10007, United States

https://www.eventbrite.com/e/ethics-and-technology-what-you-need-to-know-about-e-discovery-the-panama-papers-attorney-liability-tickets-25364427686)

Attorney Encryption Now at Rights Con 2016

Constitutional Communications had great success at Rights Con 2016. We gave three presentations and got David Kaye, the UN Special Rapporteur on the Freedom of Opinion and Expression, to publically support our position that we must update professional ethics for the 21st century by requiring encryption for all attorney client communication.

The first presentation was “Cybersecurity, professional ethics and encryption: How and why professionals must encrypt”.  The second was a training for trainers “Organizational security: Moving communications from individual privacy to collective safety”. The third was a private presentation for litigation attorneys on the need to change professional standards to require end-to-end open source encryption for all attorney client communications.

We also had the great honor of dialoging with David Kaye, the UN Speical Rapporteur on the Freedom of Opinion and Expression.  After David mentioned that the UN currently has no secure encrypted method for contacting the Special Rapporteur about human rights abuse, Jonathan got to ask him if he supported changing professional standards to require encryption for all attorney client information. He whole heartedly agreed with our position! You can watch the exchange here:

Concomms at Rightscon 2016

ConComms will be attending Rights Con 2016 in Silicon Valley, hosted by Accessnow.org from March 30th-April 1st. Jonathan will be part of leading two sessions. The first is “Cybersecurity, professional ethics and encryption: How and why professionals must encrypt” And the second is a training for trainers “Organizational security: Moving communications from individual privacy to collective safety”

 

Hope to see people there! You can follow us at on twitter @con_comms