Archive for the ‘Government’ Category

Comparative Presidential Corruption

Sunday, October 22nd, 2017

Reporters wanting to add a historical flavor to their accounts of corruption and investigations of corruption in the Trump regime, will be glad to see: Papers of Ulysses S. Grant Now Online.

From the post:

The Library of Congress has put the papers of Ulysses S. Grant online for the first time in their original format at

The Library holds a treasure trove of documents from the Civil War commander and 18th president of the United States, including personal correspondence, “headquarters records” created during the Civil War and the original handwritten manuscript of Grant’s memoir— regarded as one of the best in history—among other items. The collection totals approximately 50,000 items dating from 1819-1974, with the bulk falling in the period 1843-1885.

The collection includes general and family correspondence, speeches, reports, messages, military records, financial and legal records, newspaper clippings, scrapbooks, memorabilia and other papers. The collection relates to Grant’s service in the Mexican War and Civil War, his pre-Civil War career, and his postwar service as U.S. secretary of war ad interim under President Andrew Johnson, his 1868 presidential campaign and two-term presidency, his unsuccessful 1880 presidential bid, his extensive international travels and the financial difficulties late in life that spurred the writing of his memoir, which he completed just days before his death from tongue cancer in July 1885.

If you think the IRS has an unsavory reputation now, one tax collector (liquor taxes) was hired with a 50% commission on his collections. The Sanborn incident.

There have been a number of deeply corrupt American presidencies but this collection crossed my desk recently.


Euromyths A-Z index

Monday, October 9th, 2017

Euromyths A-Z index an index of foolish acts by the EU that are false.

See the EU site for foolish acts that are true.


PS: There are Snopes and Politifact for US politics, should there be a more legislation/regulation oriented resource?

The IRS hiring Equifax after its data breach for security, for example (true). I don’t find that surprising, compared to government security practices, Equifax is the former KGB.

OnionShare – Safely Sharing Email Leaks – 394 Days To Mid-terms

Sunday, October 8th, 2017

FiveThirtyEight concludes Clinton’s leaked emails had some impact on the 2016 presidential election, but can’t say how much. How Much Did WikiLeaks Hurt Hillary Clinton?

Had leaked emails been less boring and non-consequential, “smoking gun” sort of emails, their impact could have been substantial.

The lesson being the impact of campaign/candidate/party emails is impossible to judge until they have been leaked. Even then the impact may be uncertain.

“Leaked emails” presumes someone has leaked the emails, which in light of the 2016 presidential election, is a near certainty for the 2018 congressional mid-term elections.

Should you find yourself in possession of leaked emails, you may want a way to share them with others. My preference for public posting without edits or deletions, but not everyone shares my confidence in the public.

One way to share files securely and anonymously with specific people is OnionShare.

From the wiki page:

What is OnionShare?

OnionShare lets you securely and anonymously share files of any size. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable URL to access and download the files. It doesn’t require setting up a server on the internet somewhere or using a third party filesharing service. You host the file on your own computer and use a Tor onion service to make it temporarily accessible over the internet. The other user just needs to use Tor Browser to download the file from you.

How to Use

http://asxmi4q6i7pajg2b.onion/egg-cain. This is the secret URL that can be used to download the file you’re sharing.

Send this URL to the person you’re sending the files to. If the files you’re sending aren’t secret, you can use normal means of sending the URL, like by emailing it, or sending it in a Facebook or Twitter private message. If you’re sending secret files then it’s important to send this URL securely.

The person who is receiving the files doesn’t need OnionShare. All they need is to open the URL you send them in Tor Browser to be able to download the file.
(emphasis in original)

Download OnionShare 1.1. Versions are available for Windows, Mac OS X, with instructions for Ubuntu, Fedora and other flavors of Linux.

Caveat: If you are sending a secret URL to leaked emails or other leaked data, use ordinary mail, no return address, standard envelope from a package of them you discard, on the back of a blank counter deposit slip, with letters from a newspaper, taped in the correct order, sent to the intended recipient. (No licking, it leaves trace DNA.)

Those are the obvious security points about delivering a secret URL. Take that as a starting point.

PS: I would never contact the person chosen for sharing about shared emails. They can be verified separate and apart from you as the source. Every additional contact puts you in increased danger of becoming part of a public story. What they don’t know, they can’t tell.

Lauren Duca Declares War!

Friday, October 6th, 2017

The latest assault on women’s health, which impacts women, men and children, is covered by Jessie Hellmann in: Trump officials roll back birth-control mandate.

Lauren is right, this is war. It is a war on behalf of women, men and children. Women are more physically impacted by reproduction issues but there are direct impacts on men and children as well. When the reproductive health of women suffers, the women, men in their lives and children suffer as well. The reproductive health of women is everyone’s concern.

For OpSec reasons, don’t post your answer, but have you picked a specific target for this war?

I ask because diffuse targets, Congress for example, leads to diffuse results.

Specific targets, now former representative Tim Murphy for example, can have specific results.

PS: Follow and support Lauren Duca, @laurenduca!

EU Humps Own Leg – Demands More Censorship From Tech Companies

Thursday, September 28th, 2017

In its mindless pursuit of the marginal and irrelevant, the EU is ramping up pressure on tech companies censor more speech.

Security Union: Commission steps up efforts to tackle illegal content online

Brussels, 28 September 2017

The Commission is presenting today guidelines and principles for online platforms to increase the proactive prevention, detection and removal of illegal content inciting hatred, violence and terrorism online.

As a first step to effectively fight illegal content online, the Commission is proposing common tools to swiftly and proactively detect, remove and prevent the reappearance of such content:

  • Detection and notification: Online platforms should cooperate more closely with competent national authorities, by appointing points of contact to ensure they can be contacted rapidly to remove illegal content. To speed up detection, online platforms are encouraged to work closely with trusted flaggers, i.e. specialised entities with expert knowledge on what constitutes illegal content. Additionally, they should establish easily accessible mechanisms to allow users to flag illegal content and to invest in automatic detection technologies.
  • Effective removal: Illegal content should be removed as fast as possible, and can be subject to specific timeframes, where serious harm is at stake, for instance in cases of incitement to terrorist acts. The issue of fixed timeframes will be further analysed by the Commission. Platforms should clearly explain to their users their content policy and issue transparency reports detailing the number and types of notices received. Internet companies should also introduce safeguards to prevent the risk of over-removal.
  • Prevention of re-appearance: Platforms should take measures to dissuade users from repeatedly uploading illegal content. The Commission strongly encourages the further use and development of automatic tools to prevent the re-appearance of previously removed content.

… (emphasis in original)

Taking Twitter as an example, EU terrorism concerns are generously described as coke-fueled fantasies.

Twitter Terrorism By The Numbers

Don’t take my claims about Twitter as true without evidence! Such as statistics gathered on Twitter and Twitter’s own reports.

Twitter Statistics:

Total Number of Monthly Active Twitter Users: 328 million (as of 8/12/17)

Total Number of Tweets sent per Day: 500 million (as of 1/24/17)

Number of Twitter Daily Active Users: 100 million (as of 1/24/17)

Government terms of service reports Jan – Jun 30, 2017

Reports 338 reports on 1200 accounts suspended for promotion of terrorism.

Got that? From Twitter’s official report, 1200 accounts suspended for promotion of terrorism.

I read that to say 1200 accounts out of 328 million monthly users.

Aren’t you just shaking in your boots?

But it gets better, Twitter has a note on promotion of terrorism:

During the reporting period of January 1, 2017 through June 30, 2017, a total of 299,649 accounts were suspended for violations related to promotion of terrorism, which is down 20% from the volume shared in the previous reporting period. Of those suspensions, 95% consisted of accounts flagged by internal, proprietary spam-fighting tools, while 75% of those accounts were suspended before their first tweet. The Government TOS reports included in the table above represent less than 1% of all suspensions in the reported time period and reflect an 80% reduction in accounts reported compared to the previous reporting period.

We have suspended a total of 935,897 accounts in the period of August 1, 2015 through June 30, 2017.

That’s more than the 1200 reported by governments, but comparing 935,897 accounts total, against 328 million monthly users, assuming all those suspensions were warranted (more on that in a minute), “terrorism” accounts were less than 1/3 of 1% of all Twitter accounts.

The EU is urging more pro-active censorship over less than 1/3 of 1% of all Twitter accounts.

Please help the EU find something more trivial and less dangerous to harp on.

The Dangers of Twitter Censorship

Known Unknowns: An Analysis of Twitter Censorship in Turkey by Rima S. Tanash, et. al, studies Twitter censorship in Turkey:

Twitter, widely used around the world, has a standard interface for government agencies to request that individual tweets or even whole accounts be censored. Twitter, in turn, discloses country-by-country statistics about this censorship in its transparency reports as well as reporting specific incidents of censorship to the Chilling Effects web site. Twitter identifies Turkey as the country issuing the largest number of censorship requests, so we focused our attention there. Collecting over 20 million Turkish tweets from late 2014 to early 2015, we discovered over a quarter million censored tweets—two orders of magnitude larger than what Twitter itself reports. We applied standard machine learning / clustering techniques, and found the vast bulk of censored tweets contained political content, often critical of the Turkish government. Our work establishes that Twitter radically under-reports censored tweets in Turkey, raising the possibility that similar trends hold for censored tweets from other countries as well. We also discuss the relative ease of working around Twitter’s censorship mechanisms, although we can not easily measure how many users take such steps.

Are you surprised that:

  1. Censors lie about the amount of censoring done, or
  2. Censors censor material critical of governments?

It’s not only users in Turkey who have been victimized by Twitter censorship. Alfons López Tena has great examples of unacceptable Twitter censorship in: Twitter has gone from bastion of free speech to global censor.

You won’t notice Twitter censorship if you don’t care about Arab world news or Catalan independence. And, after all, you really weren’t interested in those topics anyway. (sarcasm)

Next Steps

The EU wants an opaque, private party to play censor for content on a worldwide basis. In pursuit of a gnat in the flood of social media content.

What could possibly go wrong? Well, as long as you don’t care about the Arab world, Catalan independence, or well, criticism of government in general. You don’t care about those things, right? Otherwise you might be a terrorist in the eyes of the EU and Twitter.

The EU needs to be distracted from humping its own leg and promoting censorship of social media.


PS: Other examples of inappropriate Twitter censorship abound but the answer to all forms of censorship is NO. Clear, clean, easy to implement. Don’t want to see content? Filter your own feed, not mine.

571 threats to press freedom in first half of 2017 [Hiding the Perpetrators?]

Tuesday, September 26th, 2017

Mapping Media Freedom verifies 571 threats to press freedom in first half of 2017

First Limit on Coverage

When reading this report, which is excellent coverage of assaults on press freedom, bear in mind the following limitation:

Mapping Media Freedom identifies threats, violations and limitations faced by members of the press throughout European Union member states, candidates for entry and neighbouring countries.

You will not read about US-based and other threats to press freedom that fall outside the purview of Mapping Media Freedom.

From the post:

Index on Censorship’s database tracking violations of press freedom recorded 571 verified threats and limitations to media freedom during the first two quarters of 2017.

During the first six months of the year: three journalists were murdered in Russia; 155 media workers were detained or arrested; 78 journalists were assaulted; 188 incidents of intimidation, which includes psychological abuse, sexual harassment, trolling/cyberbullying and defamation, were documented; 91 criminal charges and civil lawsuits were filed; journalists and media outlets were blocked from reporting 91 times; 55 legal measures were passed that could curtail press freedom; and 43 pieces of content were censored or altered.

“The incidents reported to the Mapping Media Freedom in the first half of 2017 tell us that the task of keeping the public informed is becoming much harder and more dangerous for journalists. Even in countries with a tradition of press freedom journalists have been harassed and targeted by actors from across the political spectrum. Governments and law enforcement must redouble efforts to battle impunity and ensure fair treatment of journalists,” Hannah Machlin, Mapping Media Freedom project manager, said.

This is a study of threats, violations and limitations to media freedom throughout Europe as submitted to Index on Censorship’s Mapping Media Freedom platform. It is made up of two reports, one focusing on Q1 2017 and the other on Q2 2017.

You can obtain the report in PDF format.

Second Limit on Coverage

As I read about incident after incident, following the links, I only see “the prosecutor,” “the police,” “traffic police,” “its publisher,” “the publisher of the channel,” and similar opaque prose.

Surely “the prosecutor” and “the publisher” was known to the person reporting the incident. If that is the case, then why hide the perpetrators? What does that gain for freedom of the press?

Am I missing some unwritten rule that requires members of the press to be perpetual victims?

Exposing the perpetrators to the bright light of public scrutiny, enables local and remote defenders of press freedom to join in defense of the press.


Evidence of Government Surveillance in Mexico Continues to Mount [Is This News?]

Monday, September 25th, 2017

Evidence of Government Surveillance in Mexico Continues to Mount by Giovanna Salazar, translated by Omar Ocampo.

From the post:

In early September, further attempts to spy on activists in Mexico were confirmed. The president of Mexicans Against Corruption and Impunity (MCCI), an organization dedicated to investigative journalism, received several SMS messages that were intended to infect his mobile device with malicious software.

According to The New York Times, Claudio X. González Guajardo was threatened with Pegasus, a sophisticated espionage tool or “spyware” sold exclusively to governments that was acquired by the Mexican government in 2014 and 2015, with the alleged intention of combating organized crime. Once installed, Pegasus spyware allows the sender or attacker to access files on the targeted device, such as text messages, emails, passwords, contacts list, calendars, videos and photographs. It even allows the microphone and camera to activate at any time, inadvertently, on the infected device.

Salazar’s careful analysis of the evidence leaves little doubt:

these intrusive technologies are being used to intimidate and silence dissent.

But is this news?

I ask because my starting assumption is that governments buy surveillance technologies to invade the privacy of their citizens. The other reason would be?

You may think some targets merit surveillance, such as drug dealers, corrupt officials, but once you put surveillance tools in the hands of government, all citizens are living in the same goldfish bowl. Whether we are guilty of any crime or not.

The use of surveillance “to intimidate and silence dissent” is as natural to government as corruption.

The saddest part of Salazar’s report is that Pegasus is sold exclusively to governments.

Citizens need a free, open source edition of Pegasus Next Generation with which to spy on governments, businesses, banks, etc.

A way to invite them into the goldfish bowl in which ordinary citizens already live.

The ordinary citizen has no privacy left to lose.

The question is when current spy masters will lose theirs as well?

If You Are Keeping A Public Enemies List…

Monday, September 25th, 2017

Not everyone keeps a “public enemies” list and fewer still actively work against those on the list.

If you do more than grumble against your list members on Buttbook, I have important information for you.

Bell Calls for CRTC-Backed Website Blocking System and Complete Criminalization of Copyright in NAFTA

From the post:

Bell, Canada’s largest telecom company, has called on the government to support radical copyright and broadcast distribution reforms as part of the NAFTA renegotiation. Their proposals include the creation of a mandated website blocking system without judicial review overseen by the CRTC and the complete criminalization of copyright with criminal provisions attached to all commercial infringement. Bell also supports an overhaul of the current retransmission system for broadcasters, supporting a “consent model” that would either keep U.S. channels out of the Canadian market or dramatically increase their cost of access while maintaining simultaneous substitution.

There may be clearer declarations against the public good but I haven’t seen them. But, I haven’t read all the secret documents at the Office of the US Trade Representative (USTR). Judging from the Trans-Pacific Partnership (TPP) documents, the USTR advances only the interest of business, not the public.

You can picket the offices of Bell in Canada, collect arrest/citations while mugging for TV cameras at protests that disrupt traffic, etc., all the while Bell labors 24 x 7 to damage, irrevocably, the public good.

Bell and numerous others have openly declared war on the rights of the public (that includes you).

Just for your information.

Warrantless Stingray Unconstitutional – Ho-Hum

Friday, September 22nd, 2017

Tracking phones without a warrant ruled unconstitutional by Lisa Vaas.

From the post:

A Washington DC Court of Appeals said on Thursday that law enforcement’s warrantless use of stingrays—suitcase-sized cell site simulators that mimic a cell tower and that trick nearby phones into connecting and giving up their identifying information and location—violates the Constitution’s Fourth Amendment protection against unreasonable search.

The ruling (PDF) overturned the conviction of a robbery and sexual assault suspect. In its decision, the DC Court of Appeals determined the use of the cell-site simulator “to locate a person through his or her cellphone invades the person’s actual, legitimate and reasonable expectation of privacy in his or her location information and is a search.”

Civil libertarians will be celebrating this decision! But the requirements of Jones vs. US are:

  1. You MUST commit a crime.
  2. You MUST be arrested for the crime in #1.
  3. You MUST be prosecuted for the crime in #1.
  4. The prosecutor MUST rely evidence from use of a warrentless stingray.
  5. The evidence in #4 MUST be crucial to proving your guilt, otherwise you are convicted on other evidence.

If any of those five requirements are missing, you don’t profit from Jones vs. US.

The exclusionary rule, the rule that excludes unconstitutionally obtained evidence sounds great, but unless you meet all its requirements, you are SOL.

For example, what if your phone and the phones of other protesters are subject to warrantless surveillance at a pro-environment rally? Or at a classic political rally? Or at a music concert? The government is just gathering data on who attended.

The exclusionary rule doesn’t do anything for you in those cases. Your identity has been unlawfully obtained, unconstitutionally as constitutional lawyers are fond of saying, but there no relief for you in Jones vs. US.

Glad the DC Circuit took that position but it has little bearing on your privacy in the streets of the United States.

Torrent Sites: Preserving “terrorist propaganda” and “evil material”

Friday, September 22nd, 2017

I mentioned torrent sites in Responding to Theresa May on Free Speech as a way to help preserve and spread “terrorist propaganda” and “evil material.”

My bad, I forgot to post a list of torrent sites for you to use!

Top 15 Most Popular Torrent Sites 2017 reads in part:

The list of the worlds most popular torrent sites has seen a lot of changes in recent months. While several torrent sites have shut down, some newcomers joined the list. With the shutdown of and Kickass Torrents, two of the largest sites in the torrenting scene disappeared. Since then, Torrentz2 became a popular successor of and is the community driven version of the former Kickass Torrents.

Finding torrents can be stressful as most of the top torrent sites are blocked in various countries. A torrent proxy let you unblock your favorite site in a few seconds.

While browsing the movies, music or tv torrents sites list you can find some good alternatives to The Pirate Bay, Extratorrent, RARBG and other commonly known sites. This list features the most popular torrent download sites:

The list changes over time so check back at

As a distributed hash storage system, torrent preserves content across all the computers that downloaded the content.

Working towards the mention of torrent sites making Theresa May‘s sphincter eat her underpants. (HT, Dilbert)

Testing Next-Gen Onions!

Wednesday, September 20th, 2017

Please help us test next-gen onions! by George Kadianakis.

From the webpage:

this is an email for technical people who want to help us test next-gen onion services.

The current status of next-gen onion services (aka prop224) is that they have been fully merged into upstream tor and have also been released as part of tor-

Unfortunately, there is still no tor browser with tor- so these instructions are for technical users who have no trouble building tor on their own.

We are still in a alpha testing phase and when we get more confident about the code we plan to release a blog post (probs during October).

Until then we hope that people can help us test them. To do so, we have setup a *testing hub* in a prop224 IRC server that you can and should join (ideally using a VPS so that you stick around).

Too late for me to test the instructions today but will tomorrow!

The security you help preserve may be your own!


Tax Phishing

Sunday, September 17th, 2017

The standard security mantra is to avoid phishing emails.

That assumes your employer’s security interests coincide with your own. Yes?

If you are being sexually harassed at work, were passed over for a job position, your boss has found a younger “friend” to mentor, etc., there are an unlimited number of reasons for a differing view on your employer’s cybersecurity.

The cybersecurity training that enables you to recognize and avoid a phishing email, also enables you to recognize and accept a phishing email from “digital Somali pirates” (HT, Dilbert).

Acceptance of phishing emails in tax practices could result in recovery of tax returns for public officials (Trump?), financial documents similar to those in the Panama Papers, and other data (Google’s salary data?).

If you don’t know how to recognize phishing emails in the tax business, Jeff Simpson has adapted tips from the IRS in: 10 tips for tax pros to avoid phishing scams.

Just quickly (see Simpson’s post for the details):

  1. Spear itself.
  2. Hostile takeovers.
  3. Day at the breach.
  4. Ransom devil.
  5. Remote control.
  6. BEC to the wall.
  7. EFIN headache.
  8. Protect clients.
  9. Priority No. 1. (Are you the “…least informed employee…?)
  10. Speak up.

Popular terminology for phishing attacks varies by industry so the terminology for your area may differ from Simpson’s.

Acceptance of phishing emails may be the industrial action tool of the 21st century.


Rewarding UK Censorship Demands

Sunday, September 17th, 2017

Image of the Daily Mail from Twitter:

No link to the online version. It’s easy enough to find on your own. Besides, regular reading of the Daily Mail increases your risk of rumored appointment by the accidental president of the United States. As your mother often said, “you are what you read.”

The story claims:

Theresa May will order internet giants to clamp down on extremism following yesterday’s Tube terror attack.

Where “extremism” doesn’t include the daily bombing runs and other atrocities committed by the West.

I don’t expect better from the Daily Mail but the government’s hysteria over online content is clearly misplaced.

The inability of a group to make a successful “fairy light” bomb, speaks volumes about the threat posted by online bomb making plans.

Bomb making plans are great wannabe reading, tough guy talk for cell meetings, evidence for the police when discovered in your possession, but in and of themselves, are hardly worthy of notice. The same can be said for “radical” literature of all stripes.

Still, it seems a shame for the UK’s paranoid delusions to go unrewarded, especially in light of the harm it intends to free speech for all Internet users.


DACA: 180 Days to Save 800,000 : Whose Begging Bowl to Choose? (Alternative)

Tuesday, September 5th, 2017

Trump administration ending DACA program, which protected 800,000 children of immigrants by Jacob Pramuk | @jacobpramuk.

From the post:

  • President Trump is ending DACA, the Obama-era program that protects hundreds of thousands of “dreamers.”
  • Attorney General Jeff Sessions says there will be a six-month delay in terminating it to give Congress time to act.
  • Sessions says the immigration program was an unlawful overreach by Obama that cannot be defended.

Check out Pramuk’s post if you are interested in Attorney General Sessions’ “reasoning” on this issue. I refuse to repeat it from fear of making anyone who reads it dumber.

Numerous groups have whipped out their begging bowls and more are on the way. All promising opposition, not success, but opposition to ending Deferred Action for Childhood Arrivals (DACA).

Every group has its own expenses, lobbyists, etc., before any of your money goes to persuading Congress to save all 800,000 children of immigrants protected by the DACA.

Why not create:

  • low-over head fund
  • separate funds for house and senate
  • divided and contributed to the campaigns* of all representatives and senators who vote for replacement to DACA within 180 days
  • where replacement for DACA protects everyone now protected
  • and where replacement DACA becomes law (may have to override veto)

*The contribution to a campaign, as opposed to the senator or representative themselves, is important as it avoids the contributions being a “gratuity” for passage of the legislation, which is illegal. 2041. Bribery Of Public Officials.

Such funds would avoid the overhead of ongoing organizations and enable donors to see the results of their donations more directly.

I’m not qualified to setup such funds but would contribute to both.


PS: You do the math. If some wealthy donor contributed 6 $million to the Senate fund, then sixty (60) senatorial campaigns would each get $600,000 in cash. Nothing to sneeze at.

Charity Based CyberSecurity For Mercenaries?

Sunday, September 3rd, 2017

That was my question when I read: Insecure: How A Private Military Contractor’s Hiring Files Leaked by Dan O’Sullivan.

The UpGuard Cyber Risk Team can now disclose that a publicly accessible cloud-based data repository of resumes and applications for employment submitted for positions with TigerSwan, a North Carolina-based private security firm, were exposed to the public internet, revealing the sensitive personal details of thousands of job applicants, including hundreds claiming “Top Secret” US government security clearances. TigerSwan has recently told UpGuard that the resumes were left unsecured by a recruiting vendor that TigerSwan terminated in February 2017. If that vendor was responsible for storing the resumes on an unsecured cloud repository, the incident again underscores the importance of qualifying the security practices of vendors who are handling sensitive information.

The exposed documents belong almost exclusively to US military veterans, providing a high level of detail about their past duties, including elite or sensitive defense and intelligence roles. They include information typically found on resumes, such as applicants’ home addresses, phone numbers, work history, and email addresses. Many, however, also list more sensitive information, such as security clearances, driver’s license numbers, passport numbers and at least partial Social Security numbers. Most troubling is the presence of resumes from Iraqi and Afghan nationals who cooperated with US forces, contractors, and government agencies in their home countries, and who may be endangered by the disclosure of their personal details.

While the process errors and vendor practices that result in such cloud exposures are all too common in the digital landscape of 2017, the month-long period during which the files remained unsecured after UpGuard’s Cyber Risk Team notified TigerSwan is troubling.

Amazing story isn’t it? Even more amazing is that UpGuard sat on the data for a month, waiting for TigerSwan to secure it. Not to mention UpGuard not publicly posting the data upon discovery.

In case you don’t recognize “TigerSwan,” let me refresh your memory:

UpGuard finds 9,402 resumes, applicants seeking employment with TigerSwan/Blackwater type employers.

Did they expose these resumes to the public?

Did they expose these resumes to the press?

Did they expose these resumes to prosecutors?

None of the above.

UpGuard spends a month trying to keep the data hidden from the public, the press and potential prosecutors!

Unpaid charity work so far as I know.

Thousands of mercenaries benefit from this charity work by UpGuard. Their kind can continue to violate the rights of protesters, murder civilians, etc., all the while being watched over by UpGuard. For free.

Would you shield torturers and murderers from their past or future victims?

Don’t be UpGuard, choose no.

US Labor Day (sic) Security Reading

Friday, September 1st, 2017

I know, for the US to have a “labor day” holiday is a jest too cruel for laughter.

But, many people will have a long weekend, starting tomorrow, so suggested reading is in order.

Surveillance Self-Defense, a project of the EFF, has security “playlists” for:

Academic researcher? Learn the best ways to minimize harm in the conduct of your research.

Activist or protester? How to keep you and your communications safe wherever your campaigning takes you.

Human rights defender? Recipes for organizations who need to keep safe from government eavesdroppers.

Journalism student? Lessons in security they might not teach at your j-school.

Journalist on the move? How to stay safe online anywhere without sacrificing access to information.

LGBTQ Youth Tips and tools to help you more safely access LGBTQ resources, navigate social networks, and avoid snoopers.

Mac user? Tips and tools to help you protect your data and communications.

Online security veteran? Advanced guides to enhance your surveillance self-defense skill set.

Want a security starter pack? Start from the beginning with a selection of simple steps.

Have a great weekend!

Hacking For Government Transparency

Monday, August 28th, 2017

The 2017 U.S. State and Federal Government Cybersecurity Report by SecurityScorecard lacks details of specific vulnerabilities for identified government units, but paints an encouraging picture for hackers seeking government transparency.

Coverage of the report:

In August 2017, SecurityScorecard leveraged its proprietary platform to analyze and grade the current security postures of 552 local, state, and federal government organizations, each with more than 100 public-facing IP addresses, to determine the strongest and weakest security standards based on security hygiene and security reaction time compared to their peers.

Security Rankings by Industry

Out of eighteen (18) ranked industries, best to worst security, government comes in at a tempting number sixteen (16):

Financial services, with the fifth (5th) best security, is routinely breached, making it curious the government (#16) has any secrets at all.

Why Any Government Has Secrets

Possible reasons any government has secrets:

  • 1. Lack of interest?
  • 2. Lack of effort by the news media?
  • 3. Habituation to press conferences?
  • 4. Habituation to “leaks?”
  • N. Cybersecurity?

You can wait for governments to embarrass themselves (FOIA and its equivalents), wait for leakers to take a risk for your benefit, or, you could take the initiative in obtaining government secrets.

The SecurityScorecard report makes it clear the odds are in your favor. Your call.

Good News For Transparency Phishers

Friday, August 25th, 2017

If you are a transparency phisher, Shaun Waterman has encouraging news for you in: Most large companies don’t use standard email security to combat spoofing.

From the post:

Only a third of Fortune 500 companies deploy DMARC, a widely-backed best-practice security measure to defeat spoofing — forged emails sent by hackers — and fewer than one-in-10 switch it on, according to a new survey.

The survey, carried out by email security company Agari via an exhaustive search of public Internet records, measured the use of Domain-based Message Authentication, Reporting and Conformance, or DMARC.

“It is unconscionable that only eight percent of the Fortune 500, and even fewer [U.S.] government organizations, are protecting the public against email domain spoofing,” said Patrick Peterson, founder and executive chairman, Agari. A similar survey of federal government agencies earlier this month, by the Global Cyber Alliance, found fewer than five percent of federal domains were protected by switched-on DMARC.

The Agari survey found adoption rates similarly low among companies in the United Kingdom’s FTSE and Australia’s ASX 100.

DMARC is the industry standard measure to prevent hackers from spoofing emails — making their messages appear as if they’re sent by someone else. Spoofing is the basis of phishing, a major form of both cybercrime and cyber-espionage, in which an email appearing to a come from a trusted company like a bank or government agency contains malicious links, directing readers to a fake site which will steal their login and password when they sign on.

Only eight (8) percent of the Fortune 500 and less than five (5) percent of federal (US) domains have DMARC protection.

I expect DMARC protection rates fall rapidly outside the Fortune 500 and non-federal government domains.

If you are interested in transparency, for private companies or government agencies, the lack of DMARC adoption and use presents a golden opportunity to obtain otherwise hidden information.

As always, who you are and who you are working for, determines the legality of any phishing effort. Consult with an attorney concerning your legal rights and obligations.

FBI As Unpaid Cybersecurity Ad Agency

Friday, August 25th, 2017

Despite its spotty record on cybersecurity expertise, the FBI is promoting competitors of Kaspersky Lab.

Patrick O’Neill‘s account of the FBI’s efforts, FBI pushes private sector to cut ties with Kaspersky:

In the briefings, FBI officials give companies a high-level overview of the threat assessment, including what the U.S. intelligence community says are the Kaspersky’s deep and active relationships with Russian intelligence. FBI officials point to multiple specific accusations of wrongdoing by Kaspersky, such as a well-known instance of allegedly faking malware.

In a statement to CyberScoop, a Kaspersky spokesperson blamed those particular accusations on “disgruntled, former company employees, whose accusations are meritless” while FBI officials say, in private and away from public scrutiny, they know the incident took place and was blessed by the company’s leadership.

The FBI’s briefings have seen mixed results. Companies that utilize ISC and SCADA systems have been relatively cooperative, one government official told CyberScoop, due in large part to what’s described as exceptional sense of urgency that dwarfs most other industries. Several of these companies have quietly moved forward on the FBI’s recommendations against Kaspersky by, for example, signing deals with Kaspersky competitors.

The firms the FBI have briefed include those that deal with nuclear power, a predictable target given the way the electric grid is increasingly at the center of catastrophic cybersecurity concerns.

The traditional tech giants have been less receptive and cooperative to the FBI’s pitch.

leaves the impression Kaspersky competitors are not compensating the FBI for the additional business.

That’s just wrong! If the FBI drives business to vendors, the public merits a cut of those contracts for services rendered. Members of Congress pushing for the exclusion of Kaspersky are no doubt being compensated but that doesn’t benefit the general public.

The only known validation of the FBI’s nationalistic fantasy is the relationship between the US government and US software vendors. Microsoft says it’s already patched flaws exposed in leak of NSA hacks What motive does the NSA have to withhold flaws from US vendors other than to use them against other nations?

Expecting other governments act like the US government and software vendors to be spineless as US vendors makes the FBI Kaspersky fantasy consistent with its paranoia. Consistency, however, isn’t the same as a factual basis.

Free tip for Kaspersky Lab: Starting with your competitors and likely competitors, track their campaign contributions, contacts with the U.S. government, news placements, etc. No small task as acceptance of the FBI’s paranoid delusions didn’t happen overnight. Convictions of incautious individuals for suborning the government for commercial gain would go a long way to countering that tale.

DOJ Wanted To Hunt Down Visitors

Friday, August 25th, 2017

National Public Radio (NPR) details the Department of Justice (DOJ) request for web records from, which organized protests against the coronation of the current U.S. president, in Government Can Search Inauguration Protest Website Records, With Safeguards and Justice Department Narrows Request For Visitor Logs To Inauguration Protest Website. (The second story has the specifics on the demand.)

The narrowed DOJ request excludes:

f. DreamHost shall not disclose records that constitute HTTP requests and error logs.

A win for casual visitors this time, but no guarantees for next time.

The NPR stories detail this latest governmental over-reaching but the better question is:

How to avoid being scooped up if such a request were granted?

One word answer: Tor!

What is Tor?

Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.

Why Anonymity Matters

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

What’s your default browser?

If your answer is anything but Tor, you are putting yourself and others at risk.

Censors To Hate: Alison Saunders, Crown Prosecution Services

Wednesday, August 23rd, 2017

There is no complete list of censors to hate, but take all the posts marked censorship as a starting point for an incomplete list.

Alison Saunders in Hate is hate. Online abusers must be dealt with harshly announces the bizarre proposition:

the Crown Prosecution Service (CPS) today commits to treat online hate crimes as seriously as those committed face to face.

Not distinguishing between face to face versus online hate crimes places the value of a University of Leeds legal education in question.

Unlike a face to face hate crime, all online users have access to an on/off button to immediately terminate any attempt at a hate crime.

Moreover, applications worthy of use offer a variety of filtering mechanisms, by which an intended victim of a hate crime can avoid contact with a would be abuser.

Saunders claims 15,000 hate crime prosecutions in 2015-2016, but fails to point out their conviction rate was 82.9%. More hate crimes prosecuted by the Crown Prosecution Service than ever before.

If these were all online crimes, Saunders and the CPS would be prosecuting almost 1 in 5 cases where no crime was committed.

Or put differently, there is a four out of five chance if charged with a hate crime, you will be convicted.

Are you more or less likely to make a strong objection or post if there is a four out of five chance you will be convicted of a crime?

Check your local laws before acting on any hatred for Alison Saunders or Crown Prosecution Services.

Citizens of the world must oppose censors and censorship everywhere. If you can’t criticize local censorship, speak out against censors elsewhere.

Defeat FBI Video Booby-Trap

Wednesday, August 9th, 2017

Joseph Cox details “…deanonymizing people in a targeted way using novel or unorthodox law enforcement techniques…” in The FBI Booby-Trapped a Video to Catch a Suspected Tor Sextortionist.

Not an attack on Tor per se but defeated the use of Tor none the less.

Can you spot the suspect’s error?

From the complaint:

F. Law Enforcement Identifies “Brian Kil’s” True IP Address

51. On June 9, 2017, the Honorable Debra McVicker Lynch authorized the execution of a Network Investigative Technique “NIT” (defined in Clause No. 1:17-mj-437) in order to ascertain the IP address associated with Brian Kil and Victim 2.

52. As set forth in the search warrant application presented to Judge Lynch, the FBI was authorized by the Court to add a small piece of code (NIT) to a normal video file produced by Victim 2, which did not contain any visual depictions of any minor engaged in sexually explicit activity. As authorized, the FBI then uploaded the video file containing the NIT to the account known only to Kil and Victim 2. When Kil viewed the video containing the NIT on a computer, the NIT would disclose the true IP address associated with the computer used by Kil.

57. When Kil viewed the video containing the NIT on a computer the NIT disclosed the true IP address associated with the computer used by Kil.

Where did “Kil’s” opsec fail?

“Kil” viewed content of unknown origin on a networked computer.

“Kil” thought the content originated with Victim 2, but all remote content on the Internet should be treated as being of unknown origin.

No one knows if you are a dog on the Internet just as you don’t know if the FBI sent the video you are playing.

Content of unknown origin is examined and stays on non-networked computers. Copy text only to networked systems. If you need the original content, well, you have been warned.

You can see the full complaint at:

Best practice: Remote content, even if from known source, is of unknown origin. (A comrade may have made the document, video, image, but government agents intercepted and infected it.)

PS: I’m no fan of sextortionists but I am concerned about the use of “booby-trapped” videos against political activists. (Makes you wonder about “jihadist” videos on YouTube doesn’t it?)

Open Source Safe Cracking Robots

Wednesday, August 9th, 2017

Live, robotic, safe cracking demo. No pressure, no pressure!

One of the most entertaining and informative presentations you are likely to see this year! It includes an opening tip for those common digital safes found in hotel rooms.

From the description:

We’ve built a $200 open source robot that cracks combination safes using a mixture of measuring techniques and set testing to reduce crack times to under an hour. By using a motor with a high count encoder we can take measurements of the internal bits of a combination safe while it remains closed. These measurements expose one of the digits of the combination needed to open a standard fire safe. Additionally, ‘set testing’ is a new method we created to decrease the time between combination attempts. With some 3D printing, Arduino, and some strong magnets we can crack almost any fire safe. Come checkout the live cracking demo during the talk!

Don’t miss their highly informative website, SparkFun Electronics.

Open source, part of the Maker community!

This won’t work against quality safes in highly secure environments but most government safes are low-bidder/low-quality and outside highly secure environments. Use tool appropriate for the security environment.

Radio Navigation, Dodging Government GPS

Tuesday, August 8th, 2017

Radio navigation set to make global return as GPS backup, because cyber by Sean Gallagher.

From the post:

Way back in the 1980s, when I was a young naval officer, the Global Positioning System was still in its experimental stage. If you were in the middle of the ocean on a cloudy night, there was pretty much only one reliable way to know where you were: Loran-C, the hyperbolic low-frequency radio navigation system. Using a global network of terrestrial radio beacons, Loran-C gave navigators aboard ships and aircraft the ability to get a fix on their location within a few hundred feet by using the difference in the timing of two or more beacon signals.

An evolution of World War II technology (LORAN was an acronym for long-range navigation), Loran-C was considered obsolete by many once GPS was widely available. In 2010, after the US Coast Guard declared that it was no longer required, the US and Canada shut down their Loran-C beacons. Between 2010 and 2015, nearly everyone else shut down their radio beacons, too. The trial of an enhanced Loran service called eLoran that was accurate within 20 meters (65 feet) also wrapped up during this time.

But now there’s increasing concern about over-reliance in the navigational realm on GPS. Since GPS signals from satellites are relatively weak, they are prone to interference, accidental or deliberate. And GPS can be jammed or spoofed—portable equipment can easily drown them out or broadcast fake signals that can make GPS receivers give incorrect position data. The same is true of the Russian-built GLONASS system.

Sean focuses on the “national security” needs for a backup to GPS but it isn’t North Koreans, Chinese or Russians who are using Stingray devices against US citizens.

No, those are all in use by agents of the federal and/or state governments. Ditto for anyone spoofing your GPS in the United States.

You need a GPS backup, but your adversary is quite close to home.

The new protocol is call eLoran and Sean has a non-technical overview of it.

You would have unusual requirements to need a private eLoran but so you have an idea of what is possible:

eLoran technology has been available since the mid-1990s and is still available today. In fact, the state-of-the-art of eLoran continues to advance along with other 21st-century technology. eLoran system technology can be broken down into a few simple components: transmitting site, control and monitor site, differential reference station site and user equipment.

Modern transmitting site equipment consists of a high-power, modular, fully redundant, hot-swappable and software configurable transmitter, and sophisticated timing and control equipment. Standard transmitter configurations are available in power ranges from 125 kilowatts to 1.5 megawatts. The timing and control equipment includes a variety of external timing inputs to a remote time scale, and a local time scale consisting of three ensembled cesium-based primary reference standards. The local time scale is not directly coupled to the remote time scale. Having a robust local time scale while still monitoring many types of external time sources provides a unique ability to provide proof-of-position and proof-of-time. Modern eLoran transmitting site equipment is smaller, lighter, requires less input power, and generates significantly less waste heat than previously used Loran-C equipment.

The core technology at a differential eLoran reference station site consists of three differential eLoran reference station or integrity monitors (RSIMs) configurable as reference station (RS) or integrity monitor (IM) or hot standby (RS or IM). The site includes electric field (E-field) antennas for each of the three RSIMs.

Modern eLoran receivers are really software-defined radios, and are backward compatible with Loran-C and forward compatible, through firmware or software changes. ASF tables are included in the receivers, and can be updated via the Loran data channel. eLoran receivers can be standalone or integrated with GNSS, inertial navigation systems, chip-scale atomic clocks, barometric altimeters, sensors for signals-of-opportunity, and so on. Basically, any technology that can be integrated with GPS can also be integrated with eLoran.
Innovation: Enhanced Loran, GPS World (May, 2015)

Some people are happy with government controlled services. Other people, not so much.

Who is determining your location?

“This culture of leaking must stop.” Taking up Sessions’ Gage

Friday, August 4th, 2017

Jeff Sessions, the current (4 August 2017) Attorney General of the United States, wants to improve on Barack Obama‘s legacy as the most secretive presidency of the modern era.

Sessions has announced a tripling Justice Department probes into leaks and a review of guidelines for subpoenas for members of the news media. Attorney General says Justice Dept. has tripled the number of leak probes. (Media subpoenas are an effort to discover media sources and hence to plug the “leaks.”)

Sessions has thrown down his gage, declaring war on occasional transparency from government leakers. Indirectly, that war will include members of the media as casualties.

Shakespeare penned the best response for taking up Sessions’ gage:

Cry ‘Havoc,’ and let slip the dogs of war;

In case you don’t know the original sense of “Havoc:”

The military order Havoc! was a signal given to the English military forces in the Middle Ages to direct the soldiery (in Shakespeare’s parlance ‘the dogs of war’) to pillage and chaos. Cry havoc and let slip the dogs of war

It’s on all of us to create enough chaos to protect leakers and members of the media who publish their leaks.

Observations – Not Instructions

Data access: Phishing emails succeed 33% of the time. Do they punish would-be leakers who fall for phishing emails?

Exflitration: Tracing select documents to a leaker is commonplace. How do you trace an entire server disk? The larger and more systematic the data haul, the greater the difficulty in pinning the leak on particular documents. (Back to school specials often include multi-terabyte drives.)

Protect the Media: Full drive leaks posted a Torrent or Dark Web server means media can answer subpoenas with: go to: https://some-location. 😉

BTW, full drive leaks provide transparency for the relationship between the leaked data and media reports. Accountability is as important for the media as the government.

One or more of my observations may constitute crimes depending upon your jurisdiction.

Which I guess is why Nathan Hale is recorded as saying:

Gee, that sounds like a crime. You know, I could get arrested, even executed. None for me please!


Nathan Hale volunteered to be a spy, was caught and executed, having said:

I only regret, that I have but one life to lose for my country.

Question for you:

Are you a ‘dog of war’ making the government bleed data?

PS: As a security measure, don’t write that answer down or tell anyone. When you read about leaks, you can inwardly smile and know you played your part.

Foreign Intelligence Gathering Laws (and ethics)

Thursday, August 3rd, 2017

Foreign Intelligence Gathering Laws from the Law Library of the Library of Congress.

From the webpage:

This report offers a review of laws regulating the collection of intelligence in the European Union (EU) and Belgium, France, Germany, Netherlands, Portugal, Romania, Sweden, and the United Kingdom. This report updates a report on the same topic issued from 2014. Because issues of national security are under the jurisdiction of individual EU Member States and are regulated by domestic legislation, individual country surveys provide examples of how the European nations control activities of their intelligence agencies and what restrictions are imposed on information collection. All EU Member States follow EU legislation on personal data protection, which is a part of the common European Union responsibility.

If you are investigating or reporting on breaches of intelligence gathering laws in “the European Union (EU) and Belgium, France, Germany, Netherlands, Portugal, Romania, Sweden, and the United Kingdom,” this will be useful. Otherwise, for the other one hundred and eighty-eight (188), you are SOL.

Other than as a basis for outrage, it’s not clear how useful intelligence gathering laws are in fact. The secrecy of intelligence operations makes practical oversight impossible and if leaks are to be credited, no known intelligence agency obeys such laws other than accidentally.

Moreover, as the U.S. Senate report on torture demonstrates, even war criminals are protected from prosecution in the name of intelligence gathering.

I take my cue from the CIA‘s position, as captured by Bob Dylan in Tweeter and the Monkey Man:

“It was you to me who taught
In Jersey anything’s legal as long as you don’t get caught.”

Disarming yourself with law or ethics in any encounter with an intelligence agency, which honors neither, means you will lose.

Choose your strategies accordingly.

Security Leadership by the Uninformed

Wednesday, August 2nd, 2017

The first two paragraphs of Senators Want A Hack-Proof Internet Of Government Things are sufficient to establish the authors of the Internet of Things Cybersecurity Improvements Act as deeply uninformed:

Internet-connected smart devices purchased by the federal government would have to meet strict security standards under bipartisan legislation introduced Tuesday.

Those devices would have to accept software patches to remove vulnerabilities and allow users to change default passwords, according to the Internet of Things Cybersecurity Improvements Act.

Sigh, “…allow users to change default passwords….”

That’s section 3, (a)(1)(A)(i)(IV):

…does not include any fixed or hard-coded credentials used for remote administration, the delivery of updates, or communication.

Yeah! Getting users to change default passwords is a step towards …. 91% insecurity.

If you have the top 1,000 passwords by popularity, you are close to 91% of the “changed” passwords you will encounter. (That link leads to the top 10,000 passwords if you are looking for completeness.)

You could argue that improving the security of the Internet of Things by 9 percentage points (maybe) isn’t nothing.

True but it is so nearly nothing as to not be worth the effort.

PS: There are solutions to the IoT password issue but someone needs to pay money to spark that discussion.

Potential NSA Leak Stream

Wednesday, August 2nd, 2017

The Government Accounting Office (GAO) has publicly identified a potential source of NSA technology leaks. The cumbersome title: DOD’s Monitoring of Progress in Implementing Cyber Strategies Can Be Strengthened (GAO-17-512) begins with this summary:

Officials from Department of Defense (DOD) components identified advantages and disadvantages of the “dual-hat” leadership of the National Security Agency (NSA)/Central Security Service (CSS) and Cyber Command (CYBERCOM) (see table). Also, DOD and congressional committees have identified actions that could mitigate risks associated with ending the dual-hat leadership arrangement, such as formalizing agreements between NSA/CSS and CYBERCOM to ensure continued collaboration, and developing a persistent cyber training environment to provide a realistic, on-demand training capability. As of April 2017, DOD had not determined whether it would end the dual-hat leadership arrangement.

At first I thought it said “ass-hat” leadership and went back to check. 😉

You can read the recommendations if you are in charge of improving that situation (an unlikely outcome) or take the GAO at its word as a place to mine for leaks.

Are dual-hat arrangements “leak patterns” much like “design patterns” in programming languages?

I ask because identifying “leak patterns,” whether in software (buffer overflows) or recurrent organizational security failures, could be a real boon to hounds and hares alike.

“But it feels better when I sneak”

Wednesday, August 2nd, 2017

Email prankster tricks White House officials by Graham Cluley is ample evidence for why you should abandon FOIA requests in favor of phishing/hacking during the reign of Donald Trump.

People can and do obtain mountains of information using FOIA requests, but in the words of Parker Ray, “The Other Woman,”:

“Now I hate to have to cheat
But it feels better when I sneak”

In addition to feeling better, not using FOIA requests during the Trump regime results in:

  1. Access to competitor’s data deposited with the government
  2. Avoids the paperwork and delay of the FOIA process
  3. Bidding and contract data
  4. Develop long-term stealth access than spans presidencies
  5. Incompetence of staff gives broad and deep access across agencies
  6. Mine papers of extremely secretive prior presidents, like Obama
  7. Transparency when least expected and most inconvenient

If that sounds wishful, remember Cluley reports the “technique” used by the prankster was: 1) create an email account in the name of a White House staffer, 2) send an email from that account. This has to be a new low bar for “fake” emails.

Can you afford to be a goody two shoes?

If You Believe in Parliaments

Wednesday, July 19th, 2017

If you believe in parliaments, other than as examples of how governments don’t “get it,” then the The Law Library of Congress, Global Legal Research Center has a treat for you!

Fifty (50) countries and seventy websites surveyed in: Features of (70)Parliamentary Websites in Selected Jurisdictions.

From the summary:

In recent years, parliaments around the world have enhanced their websites in order to improve access to legislative information and other parliamentary resources. Innovative features allow constituents and researchers to locate and utilize detailed information on laws and lawmaking in various ways. These include tracking tools and alerts, apps, the use of open data technology, and different search functions. In order to demonstrate some of the developments in this area, staff from the Global Legal Research Directorate of the Law Library of Congress surveyed the official parliamentary websites of fifty countries from all regions of the world, plus the website of the European Parliament. In some cases, information on more than one website is provided where separate sites have been established for different chambers of the national parliament, bringing the total number of individual websites surveyed to seventy.

While the information on the parliamentary websites is primarily in the national language of the particular country, around forty of the individual websites surveyed were found to provide at least limited information in one or more other languages. The European Parliament website can be translated into any of the twenty-four official languages of the members of the European Union.

All of the parliamentary websites included in the survey have at least basic browse tools that allow users to view legislation in a list format, and that may allow for viewing in, for example, date or title order. All of the substantive websites also enable searching, often providing a general search box for the whole site at the top of each page as well as more advanced search options for different types of documents. Some sites provide various facets that can be used to further narrow searches.

Around thirty-nine of the individual websites surveyed provide users with some form of tracking or alert function to receive updates on certain documents (including proposed legislation), parliamentary news, committee activities, or other aspects of the website. This includes the ability to subscribe to different RSS feeds and/or email alerts.

The ability to watch live or recorded proceedings of different parliaments, including debates within the relevant chamber as well as committee hearings, is a common feature of the parliamentary websites surveyed. Fifty-eight of the websites surveyed featured some form of video, including links to dedicated YouTube channels, specific pages where users can browse and search for embedded videos, and separate video services or portals that are linked to or viewable from the main site. Some countries also make videos available on dedicated mobile-friendly sites or apps, including Denmark, Germany, Ireland, the Netherlands, and New Zealand.

In total, apps containing parliamentary information are provided in just fourteen of the countries surveyed. In comparison, the parliamentary websites of thirty countries are available in mobile-friendly formats, enabling easy access to information and different functionalities using smartphones and tablets.

The table also provides information on some of the additional special features available on the surveyed websites. Examples include dedicated sites or pages that provide educational information about the parliament for children (Argentina, El Salvador, Germany, Israel, Netherlands, Spain, Taiwan, Turkey); calendar functions, including those that allow users to save information to their personal calendars or otherwise view information about different types of proceedings or events (available on at least twenty websites); and open data portals or other features that allow information to be downloaded in bulk for reuse or analysis, including through the use of APIs (application programming interfaces) (at least six countries).

With differing legal vocabularies and local personification of multi-nationals, this is a starting point for transparency based upon topic maps.

I first saw this in a tweet by the Global Investigative Journalism Network (GIJN).