Tag Archives: internet

EFF’s Must-Reads and Must-Sees: Books and Movies of 2014


At the end of each year, EFF puts together a list of some of the interesting and noteworthy books that have been published in the past 12 months or so. We don’t endorse all of their arguments, but we find they’ve added some valuable insight to the conversation around the areas and issues on which we work. This year, we’ve included two movies as well—both highly-regarded documentaries that have introduced many people to very important issues.

Some notes about this list: it’s presented in alphabetical order by author’s last name, and most links contain our Amazon affiliate code, which means EFF will receive a portion of purchases made through this page. Descriptions are by Parker Higgins except where otherwise specified.

Dragnet Nation” by Julia Angwin

In the past 18 months, the world has focused on surveillance by the NSA, the FBI, and other top government agencies. But of course, that’s just one element in a patchwork of a surveillance industry stretching all the way down from mega-corporations to individual websites. Julia Angwin covers this situation with a keen journalist’s eye, and goes one step further, asking what it would take to get “off the grid.”

It’s Complicated” by danah boyd

It’s hard to believe this is danah boyd’s first book—she’s been a prominent voice in conversations about privacy norms and practices, especially among young people, for years now. But the wait was worth it, as “It’s Complicated” is a really thoughtful and incredibly well-researched take on the ways in which—despite moral panics and lamentations of the death of privacy and more—our values are making it into a new generation of the networked world (mostly) intact.

Hacker, Hoaxer, Whistleblower, Spy” by Biella Coleman

Anonymous has been one of the most significant forces in online activism over the last several years. And yet, few in the media understand what makes the ad hoc collective tick—and the result is usually shallow or inaccurate analysis. Biella Coleman, by contrast, is an anthropologist who spent years studying Anonymous, and that familiarity is reflected in this fascinating exploration of the group.

Information Doesn’t Want To Be Free” by Cory Doctorow

Starting from the title, “Information Doesn’t Want To Be Free” is a provocative take from well-known copyfighter (and EFF Fellow) Cory Doctorow. But readers needn’t worry that Doctorow has turned his back on the cause of information freedom; instead, he’s calling for a more nuanced understanding of the issues that have been central to much of his work, and which promise to be even more central to everybody else’s in the years to come. This book is also available as a DRM-free audiobook, read by Wil Wheaton.

No Place to Hide” by Glenn Greenwald

Greenwald’s new book details how he and journalist Laura Poitras met NSA whistleblower Edward Snowden and then published a series of articles that would change Americans’ perception of their government, ignite a worldwide debate around surveillance, and challenge notions about investigative journalism. The book begins with a recounting of how Snowden made contact with the journalists and the risks and travails of publishing the controversial initial leaks. Then Greenwald walks through how the NSA and its international partners engage in a collect-it-all strategy that exploits modern communication technology, from underwater cables to cell phone towers. The book concludes with an impassioned examination of executive power, secret law, failed oversight, meek journalistic institutions—and how these dark forces can be fought with the courage of conviction, transparency, and independent journalism. –Rainey Reitman, from our full review in June

Copyfight” by Blayne Haggart

It feels like every year opens up a new chapter in the battle between the copyright lobby and the open Web about the sorts of restrictions that will be placed on communications. But in order to really understand each new chapter, it helps to look to the ones that came before. In “Copyfight,” University of Toronto scholar Blayne Haggart looks back to the 1996 UN treaties that set the stage for the conflicts of the last two decades.

@War” by Shane Harris

Journalist Shane Harris’s book covers the rise of what he calls the “military Internet complex"—the increasingly-close relationship between US corporations and intelligence agencies which is changing the Internet in fundamental ways. –Eva Galperin

The Internet’s Own Boy“ directed by Brian Knappenberger

Those who knew Aaron Swartz need no explanation of what a remarkable individual he was—nor how he was able to have such an incredible impact on the Internet. But whether you knew him or not, Brian Knappenberger’s touching documentary tribute to Aaron provides background on the things he accomplished in his short life, and how the Computer Fraud and Abuse Act was used so unjustly against him. It’s an incredibly powerful film, released under a Creative Commons license and shortlisted for the Best Documentary Oscar.

Spam Nation“ by Brian Krebs

There may be more glamorous forces shaping the digital world we live in today, but none are so ubiquitous as the dreaded spam. Brian Krebs, a well-known security expert, dives deep into the history and culture of the underground world where spam gets made—and along the way touches on that community’s participation in online criminal enterprises: identity theft, botnet creation, money laundering, data breaches, and much more.

Hacktivist“ by Alyssa Milano, Collin Kelly and Jackson Lanzing

Conceptualized by famed actor Alyssa Milano, Hacktivist imagines what would happen if a couple of Jack Dorsey-types were secretly manipulating uprisings in the Middle East. With gorgeous, full-color illustrations by Marcus To, the graphic novel explores how Silicon Valley hubris and white male privilege often undermine even the best intentions, as well as well as how treacherous it is for major online service providers to collaborate with intelligence agencies. –Dave Maass

CITIZENFOUR“ directed by Laura Poitras

Laura Poitras’ riveting new documentary about mass surveillance gives an intimate look into the motivations that guided Edward Snowden, who sacrificed his career and risked his freedom to expose mass surveillance by the NSA. CITIZENFOUR has many scenes that explore the depths of government surveillance gone awry and the high-tension unfolding of Snowden’s rendezvous with journalists in Hong Kong. –Rainey Reitman, from our full review in October

Bulletproof SSL & TLS“ by Ivan Ristic

Ivan Ristic of SSL Labs has spent the last five years researching and writing about all aspects of the protocols being used to Encrypt the Web and keep us all safe from pervasive surveilance. This book contains the results of that work, and covers all aspects of SSL & TLS, including performance, attacks on transport layer encryption, certificates, and much much more. It’s hugely valuable for sysadmins, web developers, cryptographers, and anyone who just wants to understand what makes the secure Internet tick. –Jacob Hoffman-Andrews

The Coming Swarm“ by Molly Sauter

With new technology comes new forms of protest. But sometimes it takes a sharp critical eye to
determine whether these protests are important forms of speech, crude vandalism, or something else entirely. In "The Coming Swarm,” Molly Sauter examines the practice of distributed denial of service attacks—frequently known as DDoS—as a tactic of political activism.

The Piracy Crusade” by Aram Sinnreich

What playbook best matches the copyright lobby’s anti-piracy strategy? As Aram Sinnreich compellingly argues, the closest comparison is an inauspicious one: the Crusades. Sinnreich goes into depth on how peer-to-peer tech affected the industry, and walks through the history of the war on file-sharing by looking at each tactic through the lens of the famous “Five Stages of Grief.” There’s something interesting in here for veterans of the file-sharing wars and newcomers alike. The book is also available in a wide variety of formats including—appropriately—in a free BitTorrent bundle offered through Vuze.

The Private Eye” comic book series by Brian K. Vaughn, Marcos Martin, and Muntsa Vicente

Smart and stylish speculative fiction about a future where everyone’s private data has been leaked.  Citizens conduct their daily business under nyms and wearing outlandish masks, and librarians defend their patron records with fanatical force. Sold DRM-free, pay what you want. –Jacob Hoffman-Andrews

Countdown to Zero Day” by Kim Zetter

Long before the mainstream media started talking about digital warfare in relation to a certain Hollywood movie, Wired journalist Kim Zetter kept a close watch on the weaponized malware beat. And in that story, perhaps no software looms as large as “Stuxnet,” a hyper-sophisticated virus aimed at disrupting Iran’s nuclear efforts. Zetter documents the exhaustively researched story of Stuxnet with the clarity and thoroughness that readers of her live coverage have come to expect.




One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents.

Over the last several weeks, I worked with NBC News to publish a series of articles about “dirty trick” tactics used by GCHQ’s previously secret unit, JTRIG (Joint Threat Research Intelligence Group). These were based on four classified GCHQ documents presented to the NSA and the other three partners in the English-speaking “Five Eyes” alliance. Today, we at the Intercept are publishing another new JTRIG document, in full, entitled “The Art of Deception: Training for Online Covert Operations.”

By publishing these stories one by one, our NBC reporting highlighted some of the key, discrete revelations: the monitoring of YouTube and Blogger, the targeting of Anonymous with the very same DDoS attacks they accuse “hacktivists” of using, the use of “honey traps” (luring people into compromising situations using sex) and destructive viruses. But, here, I want to focus and elaborate on the overarching point revealed by all of these documents: namely, that these agencies are attempting to control, infiltrate, manipulate, and warp online discourse, and in doing so, are compromising the integrity of the internet itself.

Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: “false flag operations” (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting “negative information” on various forums. Here is one illustrative list of tactics from the latest GCHQ document we’re publishing today:

Other tactics aimed at individuals are listed here, under the revealing title “discredit a target”:

Then there are the tactics used to destroy companies the agency targets:

GCHQ describes the purpose of JTRIG in starkly clear terms: “using online techniques to make something happen in the real or cyber world,” including “information ops (influence or disruption).”

Critically, the “targets” for this deceit and reputation-destruction extend far beyond the customary roster of normal spycraft: hostile nations and their leaders, military agencies, and intelligence services. In fact, the discussion of many of these techniques occurs in the context of using them in lieu of “traditional law enforcement” against people suspected (but not charged or convicted) of ordinary crimes or, more broadly still, “hacktivism”, meaning those who use online protest activity for political ends.

The title page of one of these documents reflects the agency’s own awareness that it is “pushing the boundaries” by using “cyber offensive” techniques against people who have nothing to do with terrorism or national security threats, and indeed, centrally involves law enforcement agents who investigate ordinary crimes:

No matter your views on Anonymous, “hacktivists” or garden-variety criminals, it is not difficult to see how dangerous it is to have secret government agencies being able to target any individuals they want – who have never been charged with, let alone convicted of, any crimes – with these sorts of online, deception-based tactics of reputation destruction and disruption. There is a strong argument to make, as Jay Leiderman demonstrated in the Guardian in the context of the Paypal 14 hacktivist persecution, that the “denial of service” tactics used by hacktivists result in (at most) trivial damage (far less than the cyber-warfare tactics favored by the US and UK) and are far more akin to the type of political protest protected by the First Amendment.

The broader point is that, far beyond hacktivists, these surveillance agencies have vested themselves with the power to deliberately ruin people’s reputations and disrupt their online political activity even though they’ve been charged with no crimes, and even though their actions have no conceivable connection to terrorism or even national security threats. As Anonymous expert Gabriella Coleman of McGill University told me, “targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs, resulting in the stifling of legitimate dissent.” Pointing to this study she published, Professor Coleman vehemently contested the assertion that “there is anything terrorist/violent in their actions.”

Government plans to monitor and influence internet communications, and covertly infiltrate online communities in order to sow dissension and disseminate false information, have long been the source of speculation. Harvard Law Professor Cass Sunstein, a close Obama adviser and the White House’s former head of the Office of Information and Regulatory Affairs, wrote a controversial paper in 2008 proposing that the US government employ teams of covert agents and pseudo-”independent” advocates to “cognitively infiltrate” online groups and websites, as well as other activist groups.

Sunstein also proposed sending covert agents into “chat rooms, online social networks, or even real-space groups” which spread what he views as false and damaging “conspiracy theories” about the government. Ironically, the very same Sunstein was recently named by Obama to serve as a member of the NSA review panel created by the White House, one that – while disputing key NSA claims – proceeded to propose many cosmetic reforms to the agency’s powers (most of which were ignored by the President who appointed them).

But these GCHQ documents are the first to prove that a major western government is using some of the most controversial techniques to disseminate deception online and harm the reputations of targets. Under the tactics they use, the state is deliberately spreading lies on the internet about whichever individuals it targets, including the use of what GCHQ itself calls “false flag operations” and emails to people’s families and friends. Who would possibly trust a government to exercise these powers at all, let alone do so in secret, with virtually no oversight, and outside of any cognizable legal framework?

Then there is the use of psychology and other social sciences to not only understand, but shape and control, how online activism and discourse unfolds. Today’s newly published document touts the work of GCHQ’s “Human Science Operations Cell,” devoted to “online human intelligence” and “strategic influence and disruption”:

Under the title “Online Covert Action”, the document details a variety of means to engage in “influence and info ops” as well as “disruption and computer net attack,” while dissecting how human beings can be manipulated using “leaders,” “trust,” “obedience” and “compliance”:

The documents lay out theories of how humans interact with one another, particularly online, and then attempt to identify ways to influence the outcomes – or “game” it:

We submitted numerous questions to GCHQ, including: (1) Does GCHQ in fact engage in “false flag operations” where material is posted to the Internet and falsely attributed to someone else?; (2) Does GCHQ engage in efforts to influence or manipulate political discourse online?; and (3) Does GCHQ’s mandate include targeting common criminals (such as boiler room operators), or only foreign threats?

As usual, they ignored those questions and opted instead to send their vague and nonresponsive boilerplate: “It is a longstanding policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position.”

These agencies’ refusal to “comment on intelligence matters” – meaning: talk at all about anything and everything they do – is precisely why whistleblowing is so urgent, the journalism that supports it so clearly in the public interest, and the increasingly unhinged attacks by these agencies so easy to understand. Claims that government agencies are infiltrating online communities and engaging in “false flag operations” to discredit targets are often dismissed as conspiracy theories, but these documents leave no doubt they are doing precisely that.

Whatever else is true, no government should be able to engage in these tactics: what justification is there for having government agencies target people – who have been charged with no crime – for reputation-destruction, infiltrate online political communities, and develop techniques for manipulating online discourse? But to allow those actions with no public knowledge or accountability is particularly unjustifiable.

Documents referenced in this article:

The Way the NSA Uses Section 702 is Deeply Troubling. Here’s Why.

The most recent disclosure of classified NSA documents revealed that the British spy agency GCHQ sought unfettered access to NSA data collected under Section 702 of the FISA Amendments Act. Not only does this reveal that the two agencies have a far closer relationship than GCHQ would like to publicly admit, it also serves as a reminder that surveillance under Section 702 is a real problem that has barely been discussed, much less addressed, by Congress or the President.

In fact, the “manager’s amendment” to the USA FREEDOM Act, which passed unanimously out of the House Judiciary Committee, has weakened the minimal changes to Section 702 that USA FREEDOM originally offered. Although Representative Zoe Lofgren—who clearly understands the import of Section 702—offered several very good amendments that would have addressed these gaps, her amendments were all voted down. There’s still a chance though—as this bill moves through Congress it can be strengthened by amendments from the floor.

Section 702 has been used by the NSA to justify mass collection of phone calls and emails by collecting huge quantities of data directly from the physical infrastructure of communications providers. Here’s what you should know about the provision and why it needs to be addressed by Congress and the President: 

  • Most of the discussion around the NSA has focused on the phone records surveillance program. Unlike that program, collection done under Section 702 captures content of communications. This could include content in emails, instant messages, Facebook messages, web browsing history, and more. 
  • Even though it’s ostensibly used for foreign targets, Section 702 surveillance indiscriminately sweeps up everyone’s communication, including the communications of Americans. The NSA has a twisted, and incredibly permissive, interpretation of targeting. As John Oliver put it in his interview with former NSA General Keith Alexander: “No, the target is not the American people, but it seems that too often you miss the target and hit the person next to them going, ‘Whoa, him!’”
  • The NSA has confirmed that it is searching Section 702 data to access American’s communications without a warrant, in what is being called the “back door search loophole."  In response to questions from Senator Ron Wyden, former NSA director General Keith Alexander admitted that the NSA specifically searches Section 702 data using "U.S. person identifiers,” for example email addresses associated with someone in the U.S.
  • The NSA has used Section 702 to justify programs like PRISM, allowing the NSA to “siphon off large portions of Internet traffic directly from the Internet backbone.” PRISM exploits the structure of the Internet, in which a significant amount of traffic from around the world flows through servers in the United States. According to the Washington Post, it gives the NSA direct access to servers of major American companies like Facebook and Google.
  • Section 702 is likely used for computer warfare, including activities targeting computers in the United States. We know that the NSA’s hacking outfit, the Tailored Access Operations Unit, needs information like that collected by PRISM to function, and Richard Ledgett, Deputy Director of NSA, noted the use of intelligence authorities to mitigate cyber attacks.
  • The FISA Court has little opportunity to review Section 702 collection. The court approves procedures for 702 collection for up to a year. This is not approval of specific targets, however; “court review [is] limited to ‘procedures’ for targeting and minimization rather than the actual seizure and searches.” This lack of judicial oversight is far beyond the parameters of criminal justice.
  • Not only does the FISA Court provide little oversight, Congress is largely in the dark about Section 702 collection as well. NSA spying defenders say that Congress has been briefed on these programs. But other members of Congress have repeatedly noted that it is incredibly difficult to get answers from the intelligence community, and that attending classified hearings means being unable to share any information obtained at such hearings. What’s more, as Senator Barbara Mikulski stated: “’Fully briefed’ doesn’t mean that we know what’s going on."  Without a full picture of Section 702 surveillance, Congress simply cannot provide oversight.
  • Section 702 is not just about keeping us safe from terrorism. It’s a distressingly powerful surveillance tool. While the justification we’ve heard repeatedly is that NSA surveillance is keeping us safer, data collected under Section 702 can be shared in a variety of circumstances, such as ordinary criminal investigations. For example, the NSA has shared intelligence with the Drug Enforcement Agency that has led to prosecutions for drug crimes, all while concealing the source of the data.
  • The President has largely ignored Section 702. While the phone records surveillance program has received significant attention from President Obama, in his speeches and his most recent proposal, Section 702 remains nearly untouched.
  • The way the NSA uses Section 702 is illegal and unconstitutional—and it violatesinternational human rights law. Unlike searches done under a search warrant authorized by a judge, Section 702 has been used by the NSA to get broad FISA court authorization for general search and seizure of huge swathes of communications. The NSA says this is OK because Section 702 targets foreign citizens. The problem is, once constitutionally protected communications of Americans are swept up, the NSA says these communications are “fair game” for its use.
  • Innocent non-Americans don’t even get the limited and much abused protections the NSA promises for Americans. Under international human rights law to which the United States is a signatory, the United States must respect the rights of all persons. With so many people outside the United States keeping their data with American companies, and so much information being swept up through mass surveillance, that makes Section 702 the loophole for the NSA to violate the privacy rights of billions of Internet users worldwide.

The omission of Section 702 reform from the discourse around NSA surveillance is incredibly concerning, because this provision has been used to justify some of the most invasive NSA surveillance. That’s why EFF continues to push for real reform of NSA surveillance that includes an end to Section 702 collection. You can help by educating yourself and engaging your elected representatives. Print out our handy one-page explanation of Section 702. Contact your members of Congress today and tell them you want to see an end to all dragnet surveillance, not just bulk collection of phone records.