New documents show how the NSA infers relationships based on mobile location data (Washington Post, 10 Dec 2013) – Everyone who carries a cellphone generates a trail of electronic breadcrumbs that records everywhere they go. Those breadcrumbs reveal a wealth of information about who we are, where we live, who our friends are and much more. And as we reported last week, the National Security Agency is collecting location information in bulk — 5 billion records per day worldwide — and using sophisticated algorithms to assist with U.S. intelligence-gathering operations. How do they do it? And what can they learn from location data? The latest documents show the extent of the location-tracking program we first reported last week. Read on to learn more about what the documents show. The NSA doesn’t just have the technical capabilities to collect location-based data in bulk. A 24-page NSA white paper shows that the agency has a powerful suite of algorithms, or data sorting tools, that allow it to learn a great deal about how people live their lives. Those tools allow the agency to perform analytics on a global scale, examining data collected about potentially everyone’s movements in order to flag new surveillance targets. For example, one NSA program, code-named Fast Follower, was developed to allow the NSA to identify who might have been assigned to tail American case officers at stations overseas. By correlating an officer’s cellphone signals to those of foreign nationals in the same city, the NSA is able to figure out whether anyone is moving in tandem with the U.S. officer.

Provided by MIRLN.

Image courtesy of Balaraman.

Google catches French govt spoofing its domain certificates (ZDnet, 9 Dec 2013) – France’s cyberdefence division, Agence nationale de la sécurité des systèmes d’information (ANSSI), has been detected creating unauthorised digital certificates for several Google domains. Google states on its own security blog that an intermediate certificate authority (CA) issued the certificate, which links back to ANSSI. “Intermediate CA certificates carry the full authority of the CA, so anyone who has one can use it to create a certificate for any website they wish to impersonate,” Google wrote. In a statement by ANSSI, the cyberdefence organisation revealed that this intermediate CA is actually its own infrastructure management trust administration, or “L’infrastructure de gestion de la confiance de l’administration” (IGC/A). ANSSI itself is the cyber response and detection division of the French republic. ANSSI states that the fraudulent certificates were a result of “human error, which was made during a process aimed at strengthening overall IT security”. Google states that the certificate was used in a commercial device, on a private network, to inspect encrypted traffic. According to the web giant, users on that network were aware that this was occurring, but the practice was in violation of ANSSI’s procedures. Google used the incident to highlight the need for its Certificate Transparency project, aimed at fixing flaws in the SSL certificate system that could result in man-in-the-middle attacks and website spoofing. Google’s answer to these flaws is for CAs to adopt a framework that monitors and audits these certificates, thus outing rogue CAs or when certificates are illegitimately issued. This is not the first time that the flaws of SSL certificates have been exposed. The US National Security Agency is alleged to have used man-in-the-middle attacks through unauthorised certificates against Google in the past. Additionally, in August 2011, abreach at DigiNotar, another CA, found that an Iranian hacker had created rogue certificates for Google domains, intercepting user passwords for Gmail.

Provided by MIRLN.

Image courtesy of


URL shortening in legal briefs, and now legal opinions (Volokh Conspiracy, 2 Dec 2013) – Most readers will be familiar with URL shortening services — redirection services that give users a short web address that points to a longer one. I’ve come across URL shortening in legal briefs more and more, and I have used such links in briefs myself. The shortening avoids an unsightly excessively-long URL when you are linking to content on the web, and it’s also easier for the reader who might hand-type the URL into a browser. In the opening brief in United States v. Auernheimer, for example, I linked to instead of to the ugly In the last two years, federal court decisions have started to use URL shortening links, too. Judge Kozinski uses them extensively in today’s dissent in Minority Television Project v. FCC, a case on the First Amendment implications on banning certain kinds of ads on public TV. A quick Westlaw search finds 9 judicial opinions before today’s decision that use Google’s URL shortener, Several of them use the service for maps. It’s an interesting development, and I suspect it’s one that we will see more of rather than less of in the future.

Provided by MIRLN.

Image courtesy of krishnan.


Can You Help Me Now?

A Free Webinar on

Crowdsourcing Dispute Resolution

Over Mobile Devices

Wednesday November 20th, 2013

9am PST

Join Colin Rule, founder and current Chairman and COO of and Chittu Nagarajan, creator and co-founder of ODRworld and ODRindia, to discuss their chapter, Crowdsourcing Dispute Resolution Over Mobile Devices, from the book “Mobile Technologies for Conflict Management,” edited by Marta Poblet.

This webinar is brought to you by CIJT and Marta Poblet as the first in a series of webinars by the authors of the seminal book, Mobile Technologies for Conflict Management, available for purchase here. Don’t miss this opportunity to interact with the authors live, ask questions and hear the latest developments in this cutting-edge field within conflict management.

If you’d like to ask the presenters a question, feel free to post to our forum at

All questions asked before 11/22 will be answered.

Antigua preparing to move forward with WTO authorized rejection of US copyrights (Patently-O, 31 Oct 2013) – Over the past several decades, the US has been at the forefront of pushing through low international trade barriers and strong intellectual property rights. The current scheme is organized through the World Trade Organization and the vast majority of nations have signed-on as members. The WTO has a dispute resolution mechanism that allows one country to bring another country to task for failing to abide by their trade-related promises. Most of these cases involve either import restrictions placed on certain goods or the “dumping” of goods. Since around 2003, the US has taken fairly effective measures to destabilize the market for cross-border gambling and betting services. In response to those measures, the country of Antigua and Barbuda filed a WTO dispute complaining that the US action was a trade violation and, the WTO panel agreed with Antigua. The particular findings are that “three US federal laws (the Wire Act, the Travel Act and the Illegal Gambling Business Act) and the provisions of four US state laws (those of Louisiana, Massachusetts, South Dakota and Utah) on their face, prohibit … cross-border supply … contrary to the United States’ specific market access commitments for gambling and betting services.” [ Link ] The penalty for a WTO violation typically involves the WTO allowing counter-measures by the injured party – typically their own import quota or restriction. In countries with a strong domestic industry, the import quota can provide a strong, be it temporary, boost. However, those quotas also injure local consumers who typically pay more for lower quality goods or services. Antigua’s particular situation is also unique because the country does not have much of any domestic industry beyond tourism (including Gambling). As such, a typical quota does not make sense as a penalty against the US. At the end of the day, the WTO authorized Antigua to suspend its TRIPs obligations with respect to U.S. intellectual property at a cost to the US. Antigua is now rapidly moving forward with a monetization scheme that would essentially create a local market for copyrighted work owned by U.S. entities, but where no royalties are paid to the U.S. copyright holders. Antiguan legislation is expected in the upcoming weeks followed by bids from private contractors to build-out the online marketplace.

Provided by MIRLN.

Image courtesy of Miles.

Federal prosecutors, in a policy shift, cite warrantless wiretaps as evidence (NYT, 26 Oct 2013) – The Justice Department for the first time has notified a criminal defendant that evidence being used against him came from a warrantless wiretap, a move that is expected to set up a Supreme Court test of whether such eavesdropping is constitutional. Prosecutors filed such a notice late Friday in the case of Jamshid Muhtorov, who was charged in Colorado in January 2012 with providing material support to the Islamic Jihad Union, a designated terrorist organization based in Uzbekistan. Mr. Muhtorov is accused of planning to travel abroad to join the militants and has pleaded not guilty. A criminal complaint against him showed that much of the government’s case was based on intercepted e-mails and phone calls. The government’s notice allows Mr. Muhtorov’s lawyer to ask a court to suppress the evidence by arguing that it derived from unconstitutional surveillance, setting in motion judicial review of the eavesdropping. The New York Times reported on Oct. 17 that the decision by prosecutors to notify a defendant about the wiretapping followed a legal policy debate inside the Justice Department. The debate began in June when Solicitor General Donald B. Verrilli Jr. discovered that the department’s National Security Division did not notify criminal defendants when eavesdropping without a warrant was an early link in an investigative chain that led to evidence used in court. As a result, none of the defendants knew that they had the right to challenge the warrantless wiretapping law. The practice contradicted what Mr. Verrilli had told the Supreme Court last year in a case challenging the law, the FISA Amendments Act of 2008.

Provided by MIRLN.

Image courtesy of