by Stephan Foley / 18 November 2011

The ascension of Mario Monti to the Italian prime ministership is remarkable for more reasons than it is possible to count. By replacing the scandal-surfing Silvio Berlusconi, Italy has dislodged the undislodgeable. By imposing rule by unelected technocrats, it has suspended the normal rules of democracy, and maybe democracy itself. And by putting a senior adviser at Goldman Sachs in charge of a Western nation, it has taken to new heights the political power of an investment bank that you might have thought was prohibitively politically toxic. This is the most remarkable thing of all: a giant leap forward for, or perhaps even the successful culmination of, the Goldman Sachs Project.

It is not just Mr Monti. The European Central Bank, another crucial player in the sovereign debt drama, is under ex-Goldman management, and the investment bank’s alumni hold sway in the corridors of power in almost every European nation, as they have done in the US throughout the financial crisis. Until Wednesday, the International Monetary Fund’s European division was also run by a Goldman man, Antonio Borges, who just resigned for personal reasons. Even before the upheaval in Italy, there was no sign of Goldman Sachs living down its nickname as “the Vampire Squid”, and now that its tentacles reach to the top of the eurozone, sceptical voices are raising questions over its influence. The political decisions taken in the coming weeks will determine if the eurozone can and will pay its debts – and Goldman’s interests are intricately tied up with the answer to that question.

Simon Johnson, the former International Monetary Fund economist, in his book 13 Bankers, argued that Goldman Sachs and the other large banks had become so close to government in the run-up to the financial crisis that the US was effectively an oligarchy. At least European politicians aren’t “bought and paid for” by corporations, as in the US, he says. “Instead what you have in Europe is a shared world-view among the policy elite and the bankers, a shared set of goals and mutual reinforcement of illusions.”

This is The Goldman Sachs Project. Put simply, it is to hug governments close. Every business wants to advance its interests with the regulators that can stymie them and the politicians who can give them a tax break, but this is no mere lobbying effort. Goldman is there to provide advice for governments and to provide financing, to send its people into public service and to dangle lucrative jobs in front of people coming out of government. The Project is to create such a deep exchange of people and ideas and money that it is impossible to tell the difference between the public interest and the Goldman Sachs interest.

Mr Monti is one of Italy’s most eminent economists, and he spent most of his career in academia and thinktankery, but it was when Mr Berlusconi appointed him to the European Commission in 1995 that Goldman Sachs started to get interested in him. First as commissioner for the internal market, and then especially as commissioner for competition, he has made decisions that could make or break the takeover and merger deals that Goldman’s bankers were working on or providing the funding for. Mr Monti also later chaired the Italian Treasury’s committee on the banking and financial system, which set the country’s financial policies. With these connections, it was natural for Goldman to invite him to join its board of international advisers. The bank’s two dozen-strong international advisers act as informal lobbyists for its interests with the politicians that regulate its work. Other advisers include Otmar Issing who, as a board member of the German Bundesbank and then the European Central Bank, was one of the architects of the euro. Perhaps the most prominent ex-politician inside the bank is Peter Sutherland, Attorney General of Ireland in the 1980s and another former EU Competition Commissioner. He is now non-executive chairman of Goldman’s UK-based broker-dealer arm, Goldman Sachs International, and until its collapse and nationalisation he was also a non-executive director of Royal Bank of Scotland. He has been a prominent voice within Ireland on its bailout by the EU, arguing that the terms of emergency loans should be eased, so as not to exacerbate the country’s financial woes. The EU agreed to cut Ireland’s interest rate this summer.

Picking up well-connected policymakers on their way out of government is only one half of the Project, sending Goldman alumni into government is the other half. Like Mr Monti, Mario Draghi, who took over as President of the ECB on 1 November, has been in and out of government and in and out of Goldman. He was a member of the World Bank and managing director of the Italian Treasury before spending three years as managing director of Goldman Sachs International between 2002 and 2005 – only to return to government as president of the Italian central bank. Mr Draghi has been dogged by controversy over the accounting tricks conducted by Italy and other nations on the eurozone periphery as they tried to squeeze into the single currency a decade ago. By using complex derivatives, Italy and Greece were able to slim down the apparent size of their government debt, which euro rules mandated shouldn’t be above 60 per cent of the size of the economy. And the brains behind several of those derivatives were the men and women of Goldman Sachs.

The bank’s traders created a number of financial deals that allowed Greece to raise money to cut its budget deficit immediately, in return for repayments over time. In one deal, Goldman channelled $1bn of funding to the Greek government in 2002 in a transaction called a cross-currency swap. On the other side of the deal, working in the National Bank of Greece, was Petros Christodoulou, who had begun his career at Goldman, and who has been promoted now to head the office managing government Greek debt. Lucas Papademos, now installed as Prime Minister in Greece’s unity government, was a technocrat running the Central Bank of Greece at the time. Goldman says that the debt reduction achieved by the swaps was negligible in relation to euro rules, but it expressed some regrets over the deals. Gerald Corrigan, a Goldman partner who came to the bank after running the New York branch of the US Federal Reserve, told a UK parliamentary hearing last year: “It is clear with hindsight that the standards of transparency could have been and probably should have been higher.” When the issue was raised at confirmation hearings in the European Parliament for his job at the ECB, Mr Draghi says he wasn’t involved in the swaps deals either at the Treasury or at Goldman.

It has proved impossible to hold the line on Greece, which under the latest EU proposals is effectively going to default on its debt by asking creditors to take a “voluntary” haircut of 50 per cent on its bonds, but the current consensus in the eurozone is that the creditors of bigger nations like Italy and Spain must be paid in full. These creditors, of course, are the continent’s big banks, and it is their health that is the primary concern of policymakers. The combination of austerity measures imposed by the new technocratic governments in Athens and Rome and the leaders of other eurozone countries, such as Ireland, and rescue funds from the IMF and the largely German-backed European Financial Stability Facility, can all be traced to this consensus. “My former colleagues at the IMF are running around trying to justify bailouts of €1.5trn-€4trn, but what does that mean?” says Simon Johnson. “It means bailing out the creditors 100 per cent. It is another bank bailout, like in 2008: The mechanism is different, in that this is happening at the sovereign level not the bank level, but the rationale is the same.” So certain is the financial elite that the banks will be bailed out, that some are placing bet-the-company wagers on just such an outcome. Jon Corzine, a former chief executive of Goldman Sachs, returned to Wall Street last year after almost a decade in politics and took control of a historic firm called MF Global. He placed a $6bn bet with the firm’s money that Italian government bonds will not default. When the bet was revealed last month, clients and trading partners decided it was too risky to do business with MF Global and the firm collapsed within days. It was one of the ten biggest bankruptcies in US history.

The grave danger is that, if Italy stops paying its debts, creditor banks could be made insolvent. Goldman Sachs, which has written over $2trn of insurance, including an undisclosed amount on eurozone countries’ debt, would not escape unharmed, especially if some of the $2trn of insurance it has purchased on that insurance turns out to be with a bank that has gone under. No bank – and especially not the Vampire Squid – can easily untangle its tentacles from the tentacles of its peers. This is the rationale for the bailouts and the austerity, the reason we are getting more Goldman, not less. The alternative is a second financial crisis, a second economic collapse. Shared illusions, perhaps? Who would dare test it?

Mario Monti, Lucas Papademos and Mario Draghi have something in common: they have all worked for the American investment bank. This is not a coincidence, but evidence of a strategy to exert influence that has perhaps already reached its limits.

Our friends from Goldman Sachs…
by Marc Roche / 16 November 2011 / Le Monde

Serious and competent, they weigh up the pros and cons and study all of the documents before giving an opinion. They have a fondness for economics, but these luminaries who enter into the temple only after a long and meticulous recruitment process prefer to remain discreet. Collectively they form an entity that is part pressure group, part fraternal association for the collection of information, and part mutual aid network. They are the craftsmen, masters and grandmasters whose mission is “to spread the truth acquired in the lodge to the rest of the world.” According to its detractors, the European network of influence woven by American bank Goldman Sachs (GS) functions like a freemasonry. To diverse degrees, the new European Central Bank President, Mario Draghi, the newly designated Prime Minister of Italy, Mario Monti, and the freshly appointed Greek Prime Minister Lucas Papademos are totemic figures in this carefully constructed web.

Heavyweight members figure large in the euro crisis
Draghi was Goldman Sachs International’s vice-chairman for Europe between 2002 and 2005, a position that put him in charge of the the “companies and sovereign” department, which shortly before his arrival, helped Greece to disguise the real nature of its books with a swap on its sovereign debt. Monti was an international adviser to Goldman Sachs from 2005 until his nomination to lead the Italian government. According to the bank, his mission was to provide advice “on European business and major public policy initiatives worldwide”. As such, he was a “door opener” with a brief to defend Goldman’s interest in the corridors of power in Europe. The third man, Lucas Papademos, was the governor of the Greek central bank from 1994 to 2002. In this capacity, he played a role that has yet to be elucidated in the operation to mask debt on his country’s books, perpetrated with assistance from Goldman Sachs. And perhaps more importantly, the current chairman of Greece’s Public Debt Management Agency, Petros Christodoulos, also worked as a trader for the bank in London. Two other heavyweight members of Goldman’s European network have also figured large in the euro crisis: Otmar Issing, a former member of the Bundesbank board of directors and a one-time chief economist of the European Central Bank, and Ireland’s Peter Sutherland, an administrator for Goldman Sachs International, who played a behind the scenes role in the Irish bailout.

Relay exclusive information to the bank’s trading rooms
How was this loyal network of intermediaries created? The US version of this magic circle is composed of former highly placed executives of the bank who effortlessly enter the highest level of the civil service. In Europe, on the other hand, Goldman Sachs has worked to accumulate a capital of relationships. But unlike its competitors, the bank has no interest in retired diplomats, highly placed national and international civil servants, or even former prime ministers and ministers of finance. Goldman’s priority has been to target central bankers and former European commissioners. Its main goal is to legally collect information on initiatives in the near future and on the interest rates set by central banks. At the same time, Goldman likes its agents to remain discreet. That is why its loyal subjects prefer not to mention their filiation in interviews or in the course of official missions. These well-connected former employees simply have to talk about this and that secure in the knowledge that their prestige will inevitably be rewarded with outspoken frankness on the part of those in powerful positions. Put simply they are there to see “which way the wind is blowing,” and thereafter to relay exclusive information to the bank’s trading rooms.

Bid for global dominance
Now that it has a former director at the head of the ECB, a former intermediary leading the Italian government, and another in charge in Greece, the bank’s antagonists are eager to highlight the extraordinary power of its network in in Frankfurt, Rome and Athens, which could prove extremely useful in these turbulent times. But looking beyond these details, the power of Goldman’s European government before and during the financial ordeal of 2008 may well prove to be an obstacle. The relationships maintained by experienced former central bankers are less likely to be useful now that politicians are aware of the unpopularity of finance professionals who are seen to be responsible for the present crisis. Where Goldman Sachs used to be able to exercise its talents, it now has to contend with opposition from public authorities raising questions about a series of scandals. A well stocked address book is no longer sufficient in a complex and highly technical financial world, where a new generation of industry leaders are less likely to be imbued with an unquestioning respect for the establishment. In their bid for global dominance, they no longer need to rely on high finance crusaders in the Goldman mould, while the quest to protect shareholder’s rights, demands for more transparency and active opposition from the media, NGOs, and institutional investors continue to erode the potency of “the network effect.”

{Translated from the French by Mark McGovern}

The giant American investment bank which is accused of helping the Greek state to conceal the real nature of its financial situation while speculating on its debts can count on a remarkable network of advisers with very close links to European leaders, reports Le Monde.

Goldman Sachs, the international web
by Marc Roche / 3 March 2010 / Le Monde

Petros Christodoulou affects not to care about compliments or their source. Ever since he was a teenager, this top-of-the-class student has grown used to hearing his praises sung. Appointed on 19 February to the head of the organization for the management of Greek public debt, he has arrived at the top of the tree. However, the trouble is that the former manager of global markets at the National Bank of Greece (NBG) is at the centre of an inquiry, announced on 25 February by the United States Federal Reserve, on contracts relating to Greek national debt, which link Goldman Sachs and other companies to the government in Athens. The New York based investment bank was paid as a banking advisor to the Greek government while speculating on the Hellenic nation’s sovereign debt. In particular, the American regulator is interested in the role played by Petros Christodoulou, who, in collaboration with Goldman, supervised the creation of the London company Titlos to transfer debt from Greece’s national accounts to the NBG. Before joining the NBG in 1998, Mr Christodoulou had worked as a banker for – you guessed it – Goldman Sachs.

“Government Sachs”
The affair has highlighted the powerful network of influence that Goldman Sachs has maintained in Europe since 1985 – a tightly woven group of underground and high-profile go-betweens and loyal supporters, whose address books open the doors of ministries of finance. These carefully recruited and extraordinarily well-paid advisors understand all the subtleties of the corridors of power within the European Union, and have a direct line to decision makers that they can call during moments of crisis. But who are the members of the European arm of the institution which is so powerful in Washington that it is referred to as “government Sachs”? The key figure is Peter Sutherland, chairman of Goldman Sachs International, the bank’s London-based European subsidiary. The former European commissioner for competition and ex-chairman of BP, is an essential link between the investment bank and the 27 EU member states and Russia. In France, Goldman Sachs benefits from the support of Charles de Croisset, a former chairman of Crédit Commercial de France (CCF), who took over from Jacques Mayoux, a government inspector of finances and former chairman of Société Générale. In the United Kingdom, it can count on Lord Griffiths, who advised former prime minister Margaret Thatcher, and in Germany, on Otmar Issing, a one-time board member of the Bundesbank and ex-chief economist of the European Central Bank (ECB).

Discreetly advances its interests
And that is not to mention the many Goldman alumni who go onto hold positions of power, which the bank can count on to advance its position. The best known of these is Mario Draghi, Goldman’s vice-president for Europe between 2001 and 2006, who is the current governor of the Bank of Italy and Chairman of international regulator, the Financial Stability Board. But do not expect to come across former diplomats in the austere corridors of Goldman Sachs International. As an institution with real world interests, the bank prefers to recruit financiers, economists, central bankers, and former highly placed civil servants from international economic organizations, but considers retired ambassadors to be jovial status symbols without any real high-level contacts or business sense. For Goldman Sachs, this network has the advantage of enabling it to discreetly advance its interests. In the Financial Times of 15 February, Otmar Issing published an article voicing his hostility to any attempt by the European Union to rescue Greece. However, he omitted to mention the fact that he has been an international advisor to Goldman Sachs since 2006. Nor did he say that the bank’s traders, who have been speculating against the single European currency, might well lose their shirts if the EU does intervene.

Max Keiser & Catherine Austin Fitts on Goldman Sachs (2009)

The government and the big banks deceived the public about their $7 trillion secret loan program. They should be punished
by Eliot Spitzer  /   Nov. 30, 2011

Imagine you walked into a bank, applied for a personal line of credit, and filled out all the paperwork claiming to have no debts and an income of $200,000 per year. The bank, based on these representations, extended you the line of credit. Then, three years later, after fighting disclosure all the way, you were forced by a court to tell the truth: At the time you made the statements to the bank, you actually were unemployed, you had a $1 million mortgage on your house on which you had failed to make payments for six months, and you hadn’t paid even the minimum on your credit-card bills for three months. Do you think the bank would just say: Never mind, don’t worry about it? Of course not. Whether or not you had paid back the personal line of credit, three FBI agents would be at your door within hours. Yet this is exactly what the major American banks have done to the public. During the deepest, darkest period of the financial cataclysm, the CEOs of major banks maintained in statements to the public, to the market at large, and to their own shareholders that the banks were in good financial shape, didn’t want to take TARP funds, and that the regulatory framework governing our banking system should not be altered. Trust us, they said. Yet, unknown to the public and the Congress, these same banks had been borrowing massive amounts from the government to remain afloat. The total numbers are staggering: $7.7 trillion of credit—one-half of the GDP of the entire nation. $460 billion was lent to J.P. Morgan, Bank of America, Citibank, Wells Fargo, Goldman Sachs, and Morgan Stanley alone—without anybody other than a few select officials at the Fed and the Treasury knowing. This was perhaps the single most massive allocation of capital from public to private hands in our history, and nobody was told. This was not TARP: This was secret Fed lending. And although it has since been repaid, it is clear why the banks didn’t want us to know about it: They didn’t want to admit the magnitude of their financial distress.

The banks’ claims of financial stability and solvency appear at a minimum to have been misleading—and may have been worse. Misleading statements and deception of this sort would ordinarily put a small-market player or borrower on the wrong end of a criminal investigation. So where are the inquiries into the false statements made by the bank CEOs? And where are the inquiries about the Fed and Treasury officials who stood by silently as bank representatives made claims that were false, misleading, or worse? Only now, because of superb analysis done by Bloomberg reporters—who litigated against the Fed and the banks for years to get the information—are we getting a full picture of the Fed and Treasury lending. The reporters also calculated that recipient banks and other borrowers benefited by approximately $13 billion simply by taking advantage of the “spread” between their cost of capital in these almost interest-free loans and their ability to lend the capital.

In addition to the secrecy, what is appalling is that these loans were made with no strings attached, no conditions, and no negotiation to achieve any broader public purpose. Even if one accepts the notion that the stability of the financial system could not be sacrificed, those who dispensed trillions of dollars to private parties made no apparent effort to impose even minimal obligations to condition the loans on the structural reforms needed to prevent another crisis, made no effort to require that those responsible for creating the crisis be relieved of their jobs, took zero steps towards the genuine mortgage-reform that is so necessary to begin a process of economic renewal. The dollars lent were simply a free bridge loan so the banks could push onto others the responsibility for the banks’ own risk-taking. If ever there was an event to justify the darkest, most conspiratorial view held by many that the alliance of big money on Wall Street and big government produces nothing but secret deals that profit insiders—this is it.

So what to do? The revelations of the secret loan program may provide the opportunity for Occupy Wall Street to suggest a few concrete steps that would be difficult to oppose.

First: Demand a hearing where the bank executives have to answer questions—under oath—about the actual negotiations, or lack thereof, that led to these loans; about the actual condition of each of the borrowing banks and whether that condition differed from the public statements made by the banks at the time.

Second: Require the recipient banks to use this previously undisclosed gift—the profit they made by investing this almost interest-free money—to write down the value of mortgages of those who are underwater. The loans to the banks were meant to solve a short-term liquidity problem, not be a source of profits to fund bonuses. Take back the profits and put them to apublic use.

Third: Require the government officials responsible for authorizing these loans to explain why there was no effort made to condition these loans on changes in policy that would protect the public going forward.

Fourth: Ask congress to examine every filing and statement made to Congress by the banks about their financial condition and their indebtedness to see if any misrepresentations were made in an effort to hide these trillions of dollars of loans. Misleading Congress can be a felony, and willful deception of the Congress to hide the magnitude of the public bailouts should not go unprosecuted.

Finally: Demand that politicians return all contributions made by the institutions that got hidden loans. Pressure the politicians who continue to feed from the trough of Wall Street, even as they know all too well how the banks and others have gamed the system and the public.

The Fed’s European “Rescue”: Another back-door US Bank / Goldman bailout?
by Nomi Prins /  November 30, 2011

In the wake of chopping its Central Bank swap rates today, the Fed has been called a bunch of names: a hero for slugging the big bailout bat in the ninth inning, and a villain for printing money to help Europe at the expense of the US. Neither depiction is right. The Fed is merely continuing its unfettered brand of bailout-economics, promoted with heightened intensity recently by President Obama and Treasury Secretary, Tim Geithner in the wake of Germany not playing bailout-ball.  Recall, a couple years ago, it was a uniquely American brand of BIG bailouts that the Fed adopted in creating $7.7 trillion of bank subsidies that ran the gamut from back-door AIG bailouts (some of which went to US / some to European banks that deal with those same US banks), to the purchasing of mortgage-backed–securities, to near zero-rate loans (for banks). Similarly, today’s move was also about protecting US banks from losses – self inflicted by dangerous derivatives-chain trades, again with each other, and with European banks. Before getting into the timing of the Fed’s god-father actions, let’s discuss its two kinds of swaps (jargon alert – a swap is a trade between two parties for some time period – you swap me a sweater for a hat because I’m cold, when I’m warmer, we’ll swap back). The Fed had both of these kinds of swaps set up and ready-to-go in the form of : dollar liquidity swap lines and foreign currency liquidity swap lines. Both are administered through Wall Street’s staunchest ally, and Tim Geithner’s old stomping ground, the New York Fed.

The dollar swap lines give foreign central banks the ability to borrow dollars against their currency, use them for whatever they want – like to shore up bets made by European banks that went wrong, and at a later date, return them. A ‘temporary dollar liquidity swap arrangement” with 14 foreign central banks was available between December 12, 2007 (several months before Bear Stearn’s collapse and 9 months before the Lehman Brothers’ bankruptcy that scared Goldman Sachs and Morgan Stanley into getting the Fed’s instant permission to become bank holding companies, and thus gain access to any Feds subsidies.) Those dollar-swap lines ended on February 1, 2010. BUT – three months later, they were back on, but this time the FOMC re-authorized dollar liquidity swap lines with only 5 central banks through January 2011. BUT – on December 21, 2010 – the FOMC extended the lines through August 1, 2011. THEN– on June 29th, 2011, these lines were extended through August 1, 2012.  AND NOW – though already available, they were announced with save-the-day fanfare as if they were just considered.

Then, there are the sneakily-dubbed “foreign currency liquidity swap” lines, which, as per the Fed’s own words, provide “foreign currency-denominated liquidity to US banks.” (Italics mine.) In other words, let US banks play with foreign bonds. These were originally used with 4 foreign banks on April, 2009  and expired on February 1, 2010. Until they were resurrected today, November 30, 2011, with foreign currency swap arrangements between the Fed, Bank of Canada, Bank of England, Bank of Japan. Swiss National Bank and the European Central Bank. They are to remain in place until February 1, 2013, longer than the original time period for which they were available during phase one of the global bank-led meltdown, the US phase. (For those following my work, we are in phase two of four, the European phase.) That’s a lot  of jargon, but keep these two things in mind: 1) these lines, by the Fed’s own words, are to provide help to US banks. and 2) they are open ended.

There are other reasons that have been thrown up as to why the Fed acted now – like, a European bank was about to fail. But, that rumor was around in the summer and nothing happened. Also, dozens of European banks have been downgraded, and several failed stress tests. Nothing. The Fed didn’t step in when it was just Greece –or Ireland  – or when there were rampant ‘contagion’ fears, and Italian bonds started trading above 7%, rising unabated despite the trick of former Goldman Sachs International advisor Mario Monti replacing former Prime Minister, Silvio Berlusconi’s with his promises of fiscally conservative actions (read: austerity measures) to come. Perhaps at that point, Goldman thought they had it all under control, but Germany’s bailout-resistence was still a thorn, which is why its bonds got hammered in the last auction, proving that big Finance will get what it wants, no matter how dirty it needs to play.  Nothing from the Fed, except a small increase in funding to the IMF. Rating agency Moody’s  announced it was looking at possibly downgrading 87 European banks. Still the Fed waited with open lines. And then, S&P downgraded the US banks again, including Goldman ,making their own financing costs more expensive and the funding of their seismic derivatives positions more tenuous. The Fed found the right moment. Bingo.

Now, consider this: the top four US banks (JPM Chase, Citibank, Bank of America and Goldman Sachs) control nearly 95% of the US derivatives market, which has grown by 20% since last year to  $235 trillion. That figure is a third of all global derivatives of $707 trillion (up from $601 trillion in December, 2010 and $583 trillion mid-year 2010. )

Breaking that down:  JPM Chase holds 11% of the world’s derivative exposure, Citibank, Bank of America, and Goldman comprise about 7% each. But, Goldman has something the others don’t – a lot fewer assets beneath its derivatives stockpile. It has 537 times as many (from 440 times last year) derivatives as assets. Think of a 537 story skyscraper on a one story see-saw. Goldman has $88 billon in assets, and $48 trillion in notional derivatives exposure. This is by FAR the highest ratio of derivatives to assets of any so-called bank backed by a government. The next highest ratio belongs to Citibank with $1.2 trillion in assets and $56 trillion in derivative exposure, or 46 to 1. JPM Chase’s ratio is 44 to 1. Bank of America’s ratio is 36 to 1. Separately Goldman happened to have lost a lot of money in Foreign Exchange derivative positions last quarter. (See Table 7.) Goldman’s loss was about equal to the total gains of the other banks, indicative of some very contrarian trade going on. In addition, Goldman has the most credit risk with respect to the capital  it holds, by a factor of 3 or 4 to 1 relative to the other big banks. So did the Fed’s timing have something to do with its star bank? We don’t really know for sure.

Sadly, until there’s another FED audit, or FOIA request, we’re not going to know which banks are the beneficiaries of the Fed’s most recent international largesse either, nor will we know what their specific exposures are to each other, or to various European banks, or which trades are going super-badly. But we do know from the US bailouts in phase one of the global meltdown, that providing ‘liquidity’ or ‘greasing the wheels of ‘ banks in times of ‘emergency’ does absolute nothing for the Main Street Economy. Not in the US. And not in Europe. It also doesn’t fix anything, it just funds bad trades with impunity.

As the World Crumbles: the ECB spins, FED smirks, and US Banks Pillage
by Nomi Prins / November 21, 2011

Often, when I troll around websites of entities like the ECB and IMF, I uncover little of startling note. They design it that way. Plus, the pace at which the global financial system can leverage bets, eviscerate capital, and cry for bank bailouts financed through austerity measures far exceeds the reporting timeliness of these bodies. That’s why, on the center of the ECB’s homepage, there’s a series of last week’s rates – and this relic – an interactive Inflation Game (I kid you not)  where in 22 different languages you can play the game of what happens when inflation goes up and down. If you’re feeling more adventurous, there’s also a game called Economia, where you can make up unemployment rates, growth rates and interest rates and see what happens. What you can’t do is see what happens if you bet trillions of dollars against various countries to see how much you can break them, before the ECB, IMF, or Fed (yes, it’ll happen) swoops in to provide “emergency” loans in return for cuts to pension funds, social programs, and national ownership of public assets. You also can’t input real world scenarios, where monetary policy doesn’t mean a thing in the face of  tidal waves of derivatives’ flow. You can’t gauge say, what happens if Goldman Sachs bets $20 billion in leveraged credit default swaps against Greece, and offsets them (partially) with JPM Chase which bets $20 billion, and offsets that with Bank of America, and then MF Global (oops) and then… see where I’m going with this.

We’re doomed if even their board games don’t come close to mimicking the real situation in Europe, or in the US, yet they supply funds to banks torpedoing local populations with impunity. These central entities also don’t bother to examine (or notice) the intermingled effect of leveraged derivatives and debt transactions per country; which is why no amount of funding from the ECB, or any other body, will be able to stay ahead of the hot money racing in and out of various countries.  It’s not about inflation – it’s about the speed, leverage, and daring of capital flow, that has its own power to select winners and losers. It’s not the ‘inherent’ weakness of national economies that a few years ago were doing fine, that’s hurting the euro. It’s the external bets on their success, failure, or economic capitulation running the show. Similarly, the US economy was doing much better before banks starting leveraging the hell out of our subprime market through a series of toxic, fraudulent, assets.

Elsewhere in my trolling, I came across a gem of a working paper on the IMF website, written by Ashoka Mody and Damiano Sandri,  entitled ‘The Eurozone Crisis; How Banks and Sovereigns Came to be Joined at the Hip” (The paper does not ‘necessarily represent the views of the IMF or IMF policy’.) The paper is full of mathematical formulas and statistical jargon, which may be why the media didn’t pick up on it, but hey, I got a couple of degrees in Mathematics and Statistics, so I went all out.  And it’s fascinating stuff. Basically, it shows that between the advent of the euro in 1999, and 2007, spreads between the bonds of peripheral countries and core ones in Europe were pretty stable. In other words, the risk of any country defaulting on its debt was fairly equal, and small. But after the 2007 US subprime asset crisis, and more specifically, the advent of  Federal Reserve / Treasury Department construed bailout-economics, all hell broke loose – international capital went AWOL daring default scenarios, targeting them for future bailouts, and when money leaves a country faster than it entered, the country tends to falter economically. The cycle is set.

The US subprime crisis wasn’t so much about people defaulting on loans, but the mega-magnified effects of those defaults on a $14 trillion asset pyramid created by the banks. (Those assets were subsequently sold, and used as collateral for other borrowing and esoteric derivatives combinations, to create a global $140 trillion debt binge.) As I detail in It Takes Pillage, the biggest US banks manufactured more than 75% of those $14 trillion of assets. A significant portion was sold in Europe – to local banks, municipalities, and pension funds – as lovely AAA morsels against which more debt, or leverage, could be incurred. And even thought the assets died, the debts remained.

Greek banks bought US-minted AAA assets and leveraged them. Norway did too (through the course of working on a Norwegian documentary, I discovered that 8 tiny towns in Norway bought $200 million of junk assets from Citigroup, borrowed money from local banks to pay for them, and pledged 10 years of power receipts from hydroelectric plants in return. The AAA assets are now worth zero, the power has been curtailed for residents, and the Norwegian banks want their money back–blood from a stone.) The same kind of thing happend in Italy, Spain, Portugal, Ireland, Holland, France, and even Germany – in different degrees and with specific national issues mixed in.  Problem is – when you’ve already used worthless collateral to borrow tons of money you won’t ever be able to repay, and international capital slams you in other ways, and your funding costs rise, and your internal development and lending seize up, you’re screwed – or rather the people in your country are screwed.

In the IMF paper, the authors convincingly make the case that it wasn’t just the US subprime asset meltdown itself that initiated Europe’s implosion, but the fact that our Federal Reserve and Treasury Department adopted a reckless don’t-let-em-fail doctrine. Even though Bear Stearns and Lehman Brothers failed, their investors, the huge ones anyway, were protected. The Fed subsidized, and still subsidizes, $29 billion of risk for JPM Chase’s acquisition of Bear. The philosophy of saving banks and their practices poisoned Europe, as those same financial firms played euro-roulette in the global derivatives markets, once the subprime betting train slowed down.

The first fatal stop of the US bailout mentaility was the ECB’s 2010 bailout of Anglo Irish bank, which got the lion’s share of the ECB’s Irish-bailout: $51 billion euro of ELA (Emergency Loan Assistance) and $100 billion euro of regular lending at the time. After the international financial community saw the pace and volume of Irish bank bailouts, the game of euro-roulette went turbo, country by country.  More ‘fiscally conservative’ governments are replacing any semblance of population-supportive ones. The practice of  extracting ‘fiscal prudency’ from people and providing bank subsidies for bets gone wrong has infected all of Europe. It will continue to do so, because anything less will threathen the entire Euro experiement, plus otherwise, the US banks might be on the hook again for losses, and the Fed and Treasury won’t let that happen. They’ve already demonstrated that. It’d be just sooo catastrophic.

In the wings, the smugness of Treasury Secretary Tim Geithner and Fed Chairman, Ben Bernanke is palpable – ‘hey, we acted heroically and “decisively” to provide a multi-trillion dollar smorgasbord  of subsidies for our biggest banks and look how great we  (er, they) are doing now? Seriously, Europe – get your act together already, don’t do the trickle-bailout game – just dump a boatload of money into the same banks – and a few of your own before they go under  – do it for the sake of global economic stability. It’ll really work. Trust us.’ Most of the media goes along with the notion that US banks exposed to the ‘euro-contagion’ will hurt our (nonexistent) recovery. US Banks assure us, they don’t have much exposure – it’s all hedged. (Like it was all AAA.) The press doesn’t tend to question the global harm caused by never having smacked US banks into place, cutting off their money supply, splitting them into commercial and speculative parts ala Glass-Steagall and letting the speculative parts that should have died, die, rather than enjoy public subsidization and the ability to go globe-hopping for more destructive opportunity, alongside some of the mega-global bank partners.

Today, the stock prices of the largest US banks are about as low as they were in the early part of 2009, not because of euro-contagion or Super-committee super-incompetence (a useless distraction anyway) but because of the ongoing transparency void surrouding the biggest banks amidst their central-bank-covered risks, and the political hot potato of how many emergency loans are required to keep them afloat at any given moment.  Because investors don’t know their true exposures, any more than in early 2009. Because US banks catalyzed the global crisis that is currently manifesting itself in Europe. Because there never was a separate US housing crisis and European debt crisis. Instead, there is a worldwide, systemic, unregulated, uncontained,  rapacious need for the most powerful banks and financial institutions to leverage whatever could be leveraged in whatever forms it could be leveraged in. So, now we’re just barely in the second quarter of the game of thrones, where the big banks are the kings, the ECB, IMF and the Fed are the money supply, and the populations are the powerless serfs. Yeah, let’s play the ECB inflation game, while the world crumbles.

Secret Fed Loans Gave Banks $13 Billion Undisclosed to Congress
by Bob Ivry, Bradley Keoun and Phil Kuntz   /  Nov 27, 2011

The Federal Reserve and the big banks fought for more than two years to keep details of the largest bailout in U.S. history a secret. Now, the rest of the world can see what it was missing. The Fed didn’t tell anyone which banks were in trouble so deep they required a combined $1.2 trillion on Dec. 5, 2008, their single neediest day. Bankers didn’t mention that they took tens of billions of dollars in emergency loans at the same time they were assuring investors their firms were healthy. And no one calculated until now that banks reaped an estimated $13 billion of income by taking advantage of the Fed’s below-market rates, Bloomberg Markets magazine reports in its January issue. Saved by the bailout, bankers lobbied against government regulations, a job made easier by the Fed, which never disclosed the details of the rescue to lawmakers even as Congress doled out more money and debated new rules aimed at preventing the next collapse. A fresh narrative of the financial crisis of 2007 to 2009 emerges from 29,000 pages of Fed documents obtained under the Freedom of Information Act and central bank records of more than 21,000 transactions. While Fed officials say that almost all of the loans were repaid and there have been no losses, details suggest taxpayers paid a price beyond dollars as the secret funding helped preserve a broken status quo and enabled the biggest banks to grow even bigger.

‘Change Their Votes’
“When you see the dollars the banks got, it’s hard to make the case these were successful institutions,” says Sherrod Brown, a Democratic Senator from Ohio who in 2010 introduced an unsuccessful bill to limit bank size. “This is an issue that can unite the Tea Party and Occupy Wall Street. There are lawmakers in both parties who would change their votes now.” The size of the bailout came to light after Bloomberg LP, the parent of Bloomberg News, won a court case against the Fed and a group of the biggest U.S. banks called Clearing House Association LLC to force lending details into the open. The Fed, headed by Chairman Ben S. Bernanke, argued that revealing borrower details would create a stigma — investors and counterparties would shun firms that used the central bank as lender of last resort — and that needy institutions would be reluctant to borrow in the next crisis. Clearing House Association fought Bloomberg’s lawsuit up to the U.S. Supreme Court, which declined to hear the banks’ appeal in March 2011.

$7.77 Trillion
The amount of money the central bank parceled out was surprising even to Gary H. Stern, president of the Federal Reserve Bank of Minneapolis from 1985 to 2009, who says he “wasn’t aware of the magnitude.” It dwarfed the Treasury Department’s better-known $700 billion Troubled Asset Relief Program, or TARP. Add up guarantees and lending limits, and the Fed had committed $7.77 trillion as of March 2009 to rescuing the financial system, more than half the value of everything produced in the U.S. that year. “TARP at least had some strings attached,” says Brad Miller, a North Carolina Democrat on the House Financial Services Committee, referring to the program’s executive-pay ceiling. “With the Fed programs, there was nothing.” Bankers didn’t disclose the extent of their borrowing. On Nov. 26, 2008, then-Bank of America (BAC) Corp. Chief Executive Officer Kenneth D. Lewis wrote to shareholders that he headed “one of the strongest and most stable major banks in the world.” He didn’t say that his Charlotte, North Carolina-based firm owed the central bank $86 billion that day.

‘Motivate Others’
JPMorgan Chase & Co. CEO Jamie Dimon told shareholders in a March 26, 2010, letter that his bank used the Fed’s Term Auction Facility “at the request of the Federal Reserve to help motivate others to use the system.” He didn’t say that the New York-based bank’s total TAF borrowings were almost twice its cash holdings or that its peak borrowing of $48 billion on Feb. 26, 2009, came more than a year after the program’s creation. Howard Opinsky, a spokesman for JPMorgan (JPM), declined to comment about Dimon’s statement or the company’s Fed borrowings. Jerry Dubrowski, a spokesman for Bank of America, also declined to comment. The Fed has been lending money to banks through its so- called discount window since just after its founding in 1913. Starting in August 2007, when confidence in banks began to wane, it created a variety of ways to bolster the financial system with cash or easily traded securities. By the end of 2008, the central bank had established or expanded 11 lending facilities catering to banks, securities firms and corporations that couldn’t get short-term loans from their usual sources.

‘Core Function’
“Supporting financial-market stability in times of extreme market stress is a core function of central banks,” says William B. English, director of the Fed’s Division of Monetary Affairs. “Our lending programs served to prevent a collapse of the financial system and to keep credit flowing to American families and businesses.” The Fed has said that all loans were backed by appropriate collateral. That the central bank didn’t lose money should “lead to praise of the Fed, that they took this extraordinary step and they got it right,” says Phillip Swagel, a former assistant Treasury secretary under Henry M. Paulson and now a professor of international economic policy at the University of Maryland. The Fed initially released lending data in aggregate form only. Information on which banks borrowed, when, how much and at what interest rate was kept from public view. The secrecy extended even to members of President George W. Bush’s administration who managed TARP. Top aides to Paulson weren’t privy to Fed lending details during the creation of the program that provided crisis funding to more than 700 banks, say two former senior Treasury officials who requested anonymity because they weren’t authorized to speak.

Big Six
The Treasury Department relied on the recommendations of the Fed to decide which banks were healthy enough to get TARP money and how much, the former officials say. The six biggest U.S. banks, which received $160 billion of TARP funds, borrowed as much as $460 billion from the Fed, measured by peak daily debt calculated by Bloomberg using data obtained from the central bank. Paulson didn’t respond to a request for comment. The six — JPMorgan, Bank of America, Citigroup Inc. (C)Wells Fargo & Co. (WFC)Goldman Sachs Group Inc. (GS) and Morgan Stanley — accounted for 63 percent of the average daily debt to the Fed by all publicly traded U.S. banks, money managers and investment- services firms, the data show. By comparison, they had about half of the industry’s assets before the bailout, which lasted from August 2007 through April 2010. The daily debt figure excludes cash that banks passed along to money-market funds.

Bank Supervision
While the emergency response prevented financial collapse, the Fed shouldn’t have allowed conditions to get to that point, says Joshua Rosner, a banking analyst with Graham Fisher & Co. in New York who predicted problems from lax mortgage underwriting as far back as 2001. The Fed, the primary supervisor for large financial companies, should have been more vigilant as the housing bubble formed, and the scale of its lending shows the “supervision of the banks prior to the crisis was far worse than we had imagined,” Rosner says. Bernanke in an April 2009 speech said that the Fed provided emergency loans only to “sound institutions,” even though its internal assessments described at least one of the biggest borrowers, Citigroup, as “marginal.” On Jan. 14, 2009, six days before the company’s central bank loans peaked, the New York Fed gave CEO Vikram Pandit a report declaring Citigroup’s financial strength to be “superficial,” bolstered largely by its $45 billion of Treasury funds. The document was released in early 2011 by the Financial Crisis Inquiry Commission, a panel empowered by Congress to probe the causes of the crisis.

‘Need Transparency’
Andrea Priest, a spokeswoman for the New York Fed, declined to comment, as did Jon Diat, a spokesman for Citigroup. “I believe that the Fed should have independence in conducting highly technical monetary policy, but when they are putting taxpayer resources at risk, we need transparency and accountability,” says Alabama Senator Richard Shelby, the top Republican on the Senate Banking Committee. Judd Gregg, a former New Hampshire senator who was a lead Republican negotiator on TARP, and Barney Frank, a Massachusetts Democrat who chaired the House Financial Services Committee, both say they were kept in the dark. “We didn’t know the specifics,” says Gregg, who’s now an adviser to Goldman Sachs. “We were aware emergency efforts were going on,” Frank says. “We didn’t know the specifics.”

Disclose Lending
Frank co-sponsored the Dodd-Frank Wall Street Reform and Consumer Protection Act, billed as a fix for financial-industry excesses. Congress debated that legislation in 2010 without a full understanding of how deeply the banks had depended on the Fed for survival. It would have been “totally appropriate” to disclose the lending data by mid-2009, says David Jones, a former economist at the Federal Reserve Bank of New York who has written four books about the central bank. “The Fed is the second-most-important appointed body in the U.S., next to the Supreme Court, and we’re dealing with a democracy,” Jones says. “Our representatives in Congress deserve to have this kind of information so they can oversee the Fed.” The Dodd-Frank law required the Fed to release details of some emergency-lending programs in December 2010. It also mandated disclosure of discount-window borrowers after a two- year lag.

Protecting TARP
TARP and the Fed lending programs went “hand in hand,” says Sherrill Shaffer, a banking professor at the University of Wyoming in Laramie and a former chief economist at the New York Fed. While the TARP money helped insulate the central bank from losses, the Fed’s willingness to supply seemingly unlimited financing to the banks assured they wouldn’t collapse, protecting the Treasury’s TARP investments, he says. “Even though the Treasury was in the headlines, the Fed was really behind the scenes engineering it,” Shaffer says. Congress, at the urging of Bernanke and Paulson, created TARP in October 2008 after the bankruptcy of Lehman Brothers Holdings Inc. made it difficult for financial institutions to get loans. Bank of America and New York-based Citigroup each received $45 billion from TARP. At the time, both were tapping the Fed. Citigroup hit its peak borrowing of $99.5 billion in January 2009, while Bank of America topped out in February 2009 at $91.4 billion.

No Clue
Lawmakers knew none of this. They had no clue that one bank, New York-based Morgan Stanley (MS), took $107 billion in Fed loans in September 2008, enough to pay off one-tenth of the country’s delinquent mortgages. The firm’s peak borrowing occurred the same day Congress rejected the proposed TARP bill, triggering the biggest point drop ever in the Dow Jones Industrial Average. (INDU) The bill later passed, and Morgan Stanley got $10 billion of TARP funds, though Paulson said only “healthy institutions” were eligible. Mark Lake, a spokesman for Morgan Stanley, declined to comment, as did spokesmen for Citigroup and Goldman Sachs. Had lawmakers known, it “could have changed the whole approach to reform legislation,” says Ted Kaufman, a former Democratic Senator from Delaware who, with Brown, introduced the bill to limit bank size.

Moral Hazard
Kaufman says some banks are so big that their failure could trigger a chain reaction in the financial system. The cost of borrowing for so-called too-big-to-fail banks is lower than that of smaller firms because lenders believe the government won’t let them go under. The perceived safety net creates what economists call moral hazard — the belief that bankers will take greater risks because they’ll enjoy any profits while shifting losses to taxpayers. If Congress had been aware of the extent of the Fed rescue, Kaufman says, he would have been able to line up more support for breaking up the biggest banks. Byron L. Dorgan, a former Democratic senator from North Dakota, says the knowledge might have helped pass legislation to reinstate the Glass-Steagall Act, which for most of the last century separated customer deposits from the riskier practices of investment banking. “Had people known about the hundreds of billions in loans to the biggest financial institutions, they would have demanded Congress take much more courageous actions to stop the practices that caused this near financial collapse,” says Dorgan, who retired in January.

Getting Bigger
Instead, the Fed and its secret financing helped America’s biggest financial firms get bigger and go on to pay employees as much as they did at the height of the housing bubble. Total assets held by the six biggest U.S. banks increased 39 percent to $9.5 trillion on Sept. 30, 2011, from $6.8 trillion on the same day in 2006, according to Fed data. For so few banks to hold so many assets is “un-American,” says Richard W. Fisher, president of the Federal Reserve Bank of Dallas. “All of these gargantuan institutions are too big to regulate. I’m in favor of breaking them up and slimming them down.” Employees at the six biggest banks made twice the average for all U.S. workers in 2010, based on Bureau of Labor Statistics hourly compensation cost data. The banks spent $146.3 billion on compensation in 2010, or an average of $126,342 per worker, according to data compiled by Bloomberg. That’s up almost 20 percent from five years earlier compared with less than 15 percent for the average worker. Average pay at the banks in 2010 was about the same as in 2007, before the bailouts.

‘Wanted to Pretend’
“The pay levels came back so fast at some of these firms that it appeared they really wanted to pretend they hadn’t been bailed out,” says Anil Kashyap, a former Fed economist who’s now a professor of economics at the University of Chicago Booth School of Business. “They shouldn’t be surprised that a lot of people find some of the stuff that happened totally outrageous.” Bank of America took over Merrill Lynch & Co. at the urging of then-Treasury Secretary Paulson after buying the biggest U.S. home lender, Countrywide Financial Corp. When the Merrill Lynch purchase was announced on Sept. 15, 2008, Bank of America had $14.4 billion in emergency Fed loans and Merrill Lynch had $8.1 billion. By the end of the month, Bank of America’s loans had reached $25 billion and Merrill Lynch’s had exceeded $60 billion, helping both firms keep the deal on track.

Prevent Collapse
Wells Fargo bought Wachovia Corp., the fourth-largest U.S. bank by deposits before the 2008 acquisition. Because depositors were pulling their money from Wachovia, the Fed channeled $50 billion in secret loans to the Charlotte, North Carolina-based bank through two emergency-financing programs to prevent collapse before Wells Fargo could complete the purchase. “These programs proved to be very successful at providing financial markets the additional liquidity and confidence they needed at a time of unprecedented uncertainty,” says Ancel Martinez, a spokesman for Wells Fargo. JPMorgan absorbed the country’s largest savings and loan, Seattle-based Washington Mutual Inc., and investment bank Bear Stearns Cos. The New York Fed, then headed by Timothy F. Geithner, who’s now Treasury secretary, helped JPMorgan complete the Bear Stearns deal by providing $29 billion of financing, which was disclosed at the time. The Fed also supplied Bear Stearns with $30 billion of secret loans to keep the company from failing before the acquisition closed, central bank data show. The loans were made through a program set up to provide emergency funding to brokerage firms.

‘Regulatory Discretion’
“Some might claim that the Fed was picking winners and losers, but what the Fed was doing was exercising its professional regulatory discretion,” says John Dearie, a former speechwriter at the New York Fed who’s now executive vice president for policy at the Financial Services Forum, a Washington-based group consisting of the CEOs of 20 of the world’s biggest financial firms. “The Fed clearly felt it had what it needed within the requirements of the law to continue to lend to Bear and Wachovia.” The bill introduced by Brown and Kaufman in April 2010 would have mandated shrinking the six largest firms. “When a few banks have advantages, the little guys get squeezed,” Brown says. “That, to me, is not what capitalism should be.” Kaufman says he’s passionate about curbing too-big-to-fail banks because he fears another crisis.

‘Can We Survive?’
“The amount of pain that people, through no fault of their own, had to endure — and the prospect of putting them through it again — is appalling,” Kaufman says. “The public has no more appetite for bailouts. What would happen tomorrow if one of these big banks got in trouble? Can we survive that?” Lobbying expenditures by the six banks that would have been affected by the legislation rose to $29.4 million in 2010 compared with $22.1 million in 2006, the last full year before credit markets seized up — a gain of 33 percent, according to, a research group that tracks money in U.S. politics. Lobbying by the American Bankers Association, a trade organization, increased at about the same rate, reported. Lobbyists argued the virtues of bigger banks. They’re more stable, better able to serve large companies and more competitive internationally, and breaking them up would cost jobs and cause “long-term damage to the U.S. economy,” according to a Nov. 13, 2009, letter to members of Congress from the FSF. The group’s website cites Nobel Prize-winning economist Oliver E. Williamson, a professor emeritus at the University of California, Berkeley, for demonstrating the greater efficiency of large companies.

‘Serious Burden’
In an interview, Williamson says that the organization took his research out of context and that efficiency is only one factor in deciding whether to preserve too-big-to-fail banks.  “The banks that were too big got even bigger, and the problems that we had to begin with are magnified in the process,” Williamson says. “The big banks have incentives to take risks they wouldn’t take if they didn’t have government support. It’s a serious burden on the rest of the economy.” Dearie says his group didn’t mean to imply that Williamson endorsed big banks. Top officials in President Barack Obama’s administration sided with the FSF in arguing against legislative curbs on the size of banks.

Geithner, Kaufman
On May 4, 2010, Geithner visited Kaufman in his Capitol Hill office. As president of the New York Fed in 2007 and 2008, Geithner helped design and run the central bank’s lending programs. The New York Fed supervised four of the six biggest U.S. banks and, during the credit crunch, put together a daily confidential report on Wall Street’s financial condition. Geithner was copied on these reports, based on a sampling of e- mails released by the Financial Crisis Inquiry Commission. At the meeting with Kaufman, Geithner argued that the issue of limiting bank size was too complex for Congress and that people who know the markets should handle these decisions, Kaufman says. According to Kaufman, Geithner said he preferred that bank supervisors from around the world, meeting in Basel, Switzerland, make rules increasing the amount of money banks need to hold in reserve. Passing laws in the U.S. would undercut his efforts in Basel, Geithner said, according to Kaufman. Anthony Coley, a spokesman for Geithner, declined to comment.

‘Punishing Success’
Lobbyists for the big banks made the winning case that forcing them to break up was “punishing success,” Brown says. Now that they can see how much the banks were borrowing from the Fed, senators might think differently, he says. The Fed supported curbing too-big-to-fail banks, including giving regulators the power to close large financial firms and implementing tougher supervision for big banks, says Fed General Counsel Scott G. Alvarez. The Fed didn’t take a position on whether large banks should be dismantled before they get into trouble. Dodd-Frank does provide a mechanism for regulators to break up the biggest banks. It established the Financial Stability Oversight Council that could order teetering banks to shut down in an orderly way. The council is headed by Geithner. “Dodd-Frank does not solve the problem of too big to fail,” says Shelby, the Alabama Republican. “Moral hazard and taxpayer exposure still very much exist.”

Below Market
Dean Baker, co-director of the Center for Economic and Policy Research in Washington, says banks “were either in bad shape or taking advantage of the Fed giving them a good deal. The former contradicts their public statements. The latter — getting loans at below-market rates during a financial crisis — is quite a gift.” The Fed says it typically makes emergency loans more expensive than those available in the marketplace to discourage banks from abusing the privilege. During the crisis, Fed loans were among the cheapest around, with funding available for as low as 0.01 percent in December 2008, according to data from the central bank and money-market rates tracked by Bloomberg. The Fed funds also benefited firms by allowing them to avoid selling assets to pay investors and depositors who pulled their money. So the assets stayed on the banks’ books, earning interest. Banks report the difference between what they earn on loans and investments and their borrowing expenses. The figure, known as net interest margin, provides a clue to how much profit the firms turned on their Fed loans, the costs of which were included in those expenses. To calculate how much banks stood to make, Bloomberg multiplied their tax-adjusted net interest margins by their average Fed debt during reporting periods in which they took emergency loans.

Added Income
The 190 firms for which data were available would have produced income of $13 billion, assuming all of the bailout funds were invested at the margins reported, the data show. The six biggest U.S. banks’ share of the estimated subsidy was $4.8 billion, or 23 percent of their combined net income during the time they were borrowing from the Fed. Citigroup would have taken in the most, with $1.8 billion. “The net interest margin is an effective way of getting at the benefits that these large banks received from the Fed,” says Gerald A. Hanweck, a former Fed economist who’s now a finance professor at George Mason University in Fairfax, Virginia. While the method isn’t perfect, it’s impossible to state the banks’ exact profits or savings from their Fed loans because the numbers aren’t disclosed and there isn’t enough publicly available data to figure it out. Opinsky, the JPMorgan spokesman, says he doesn’t think the calculation is fair because “in all likelihood, such funds were likely invested in very short-term investments,” which typically bring lower returns.

Standing Access
Even without tapping the Fed, the banks get a subsidy by having standing access to the central bank’s money, says Viral Acharya, a New York University economics professor who has worked as an academic adviser to the New York Fed. “Banks don’t give lines of credit to corporations for free,” he says. “Why should all these government guarantees and liquidity facilities be for free?” In the September 2008 meeting at which Paulson and Bernanke briefed lawmakers on the need for TARP, Bernanke said that if nothing was done, “unemployment would rise — to 8 or 9 percent from the prevailing 6.1 percent,” Paulson wrote in “On the Brink” (Business Plus, 2010).

Occupy Wall Street
The U.S. jobless rate hasn’t dipped below 8.8 percent since March 2009, 3.6 million homes have been foreclosed since August 2007, according to data provider RealtyTrac Inc., and police have clashed with Occupy Wall Street protesters, who say government policies favor the wealthiest citizens, in New York, Boston, Seattle and Oakland, California. The Tea Party, which supports a more limited role for government, has its roots in anger over the Wall Street bailouts, says Neil M. Barofsky, former TARP special inspector general and a Bloomberg Television contributing editor. “The lack of transparency is not just frustrating; it really blocked accountability,” Barofsky says. “When people don’t know the details, they fill in the blanks. They believe in conspiracies.”

In the end, Geithner had his way. The Brown-Kaufman proposal to limit the size of banks was defeated, 60 to 31. Bank supervisors meeting in Switzerland did mandate minimum reserves that institutions will have to hold, with higher levels for the world’s largest banks, including the six biggest in the U.S. Those rules can be changed by individual countries. They take full effect in 2019. Meanwhile, Kaufman says, “we’re absolutely, totally, 100 percent not prepared for another financial crisis.”


“The NYPD began taking pictures of suspects’ irises on Monday. The new program, which started in Manhattan and will expand to other boroughs by next month, is designed to prevent suspects from disguising their identities. The technology allows police to match a prisoner to his or her iris in as little as 5 seconds. Police said the move was prompted by a recent case in which a felon passed himself as a lesser offender and walked out of the courthouse. Police said the eye shots will not be kept on file if the charges are dismissed or if the case is sealed. “They’re being treated as other cases would be,” said Deputy Commissioner Paul Browne, the NYPD’s top spokesman.”–108321624.html

“Along with fingerprints and mug shots, the New York City Police Department is now taking photographs of the irises of crime suspects. The NYPD says the images will be used to help avoid cases of mistaken identity. The process takes about five minutes. Every suspect will be scanned again using a handheld device shortly before they are arraigned to make sure the irises match. Police say the software, handheld device and cameras cost about $23,800 each, and 21 systems will be used around the city. Central booking in Manhattan started taking photos Monday. The devices will be in use in Brooklyn and the Bronx in the upcoming weeks, and later in Staten Island and Queens.”

We’ve all seen and obsessively referenced Minority Report, Steven Spielberg’s adaptation of Philip K. Dick’s dystopian future, where the public is tracked everywhere they go, from shopping malls to work to mass transit to the privacy of their own homes. The technology is here. I’ve seen it myself. It’s seen me, too, and scanned my irises.

Biometrics R&D firm Global Rainmakers Inc. (GRI) announced today that it is rolling out its iris scanning technology to create what it calls “the most secure city in the world.” In a partnership with Leon — one of the largest cities in Mexico, with a population of more than a million — GRI will fill the city with eye-scanners. That will help law enforcement revolutionize the way we live — not to mention marketers.

“In the future, whether it’s entering your home, opening your car, entering your workspace, getting a pharmacy prescription refilled, or having your medical records pulled up, everything will come off that unique key that is your iris,” says Jeff Carter, CDO of Global Rainmakers. Before coming to GRI, Carter headed a think tank partnership between Bank of America, Harvard, and MIT. “Every person, place, and thing on this planet will be connected [to the iris system] within the next 10 years,” he says.

Leon is the first step. To implement the system, the city is creating a database of irises. Criminals will automatically be enrolled, their irises scanned once convicted. Law-abiding citizens will have the option to opt-in.

When these residents catch a train or bus, or take out money from an ATM, they will scan their irises, rather than swiping a metro or bank card. Police officers will monitor these scans and track the movements of watch-listed individuals. “Fraud, which is a $50 billion problem, will be completely eradicated,” says Carter. Not even the “dead eyeballs” seen in Minority Report could trick the system, he says. “If you’ve been convicted of a crime, in essence, this will act as a digital scarlet letter. If you’re a known shoplifter, for example, you won’t be able to go into a store without being flagged. For others, boarding a plane will be impossible.”

GRI’s scanning devices are currently shipping to the city, where integration will begin with law enforcement facilities, security check-points, police stations, and detention areas. This first phase will cost less than $5 million. Phase II, which will roll out in the next three years, will focus more on commercial enterprises. Scanners will be placed in mass transit, medical centers and banks, among other public and private locations.

The devices range from large-scale scanners like the Hbox (shown in the airport-security prototype above), which can snap up to 50 people per minute in motion, to smaller scanners like the EyeSwipe and EyeSwipe Mini, which can capture the irises of between 15 to 30 people per minute.

I tested these devices at GRI’s R&D facilities in New York City last week. It took less than a second for my irises to be scanned and registered in the company’s database. Every time I went through the scanners after that–even when running through (because everybody runs, right, Tom Cruise?) my eyes were scanned and identified correctly. (You can see me getting scanned on the Hbox in the video below. “Welcome Austin,” the robotic voice chimes.)

For such a Big Brother-esque system, why would any law-abiding resident ever volunteer to scan their irises into a public database, and sacrifice their privacy? GRI hopes that the immediate value the system creates will alleviate any concern. “There’s a lot of convenience to this–you’ll have nothing to carry except your eyes,” says Carter, claiming that consumers will no longer be carded at bars and liquor stores. And he has a warning for those thinking of opting out: “When you get masses of people opting-in, opting out does not help. Opting out actually puts more of a flag on you than just being part of the system. We believe everyone will opt-in.”

This vision of the future eerily matches Minority Report, and GRI knows it. “Minority Report is one possible outcome,” admits Carter. “I don’t think that’s our company’s aim, but I think what we’re going to see is an enviroment well beyond what you see in that movie–minus the precogs, of course.”

When I asked Carter whether he felt the film was intended as a dystopian view of the future of privacy, he pointed out that much of our private life is already tracked by telecoms and banks, not to mention Facebook. “The banks already know more about what we do in our daily life–they know what we eat, where we go, what we purchase–our deepest secrets,” he says. “We’re not talking about anything different here–just a system that’s good for all of us.”

One potential benefit? Carter believes the system could be used to intermittently scan truck drivers on highways to make sure they haven’t been on the road for too long.

GRI also predicts that iris scanners will help marketers. “Digital signage,” for example, could enable advertisers to track behavior and emotion. “In ten years, you may just have one sensor that is literally able to identify hundreds of people in motion at a distance and determine their geo-location and their intent–you’ll be able to see how many eyeballs looked at a billboard,” Carter says. “You can start to track from the point a person is browsing on Google and finds something they want to purchase, to the point they cross the threshold in a Target or Walmart and actually make the purchase. You start to see the entire life cycle of marketing.”

So will we live the future under iris scanners and constant Big Brother monitoring? According to Carter, eye scanners will soon be so cost-effective–between $50-$100 each–that in the not-too-distant future we’ll have “billions and billions of sensors” across the globe.

Goodbye 2010. Hello 1984.
by Mr. Y

On Friday, April 8, as members of the U.S. Congress engaged in a last-minute game of chicken over the federal budget, the Pentagon quietly issued a report that received little initial attention: “A National Strategic Narrative.” The report was issued under the pseudonym of “Mr. Y,” a takeoff on George Kennan’s 1946 “Long Telegram” from Moscow (published under the name “X” the following year in Foreign Affairs) that helped set containment as the cornerstone of U.S. strategy for dealing with the Soviet Union. The piece was written by two senior members of the Joint Chiefs of Staff in a “personal” capacity, but it is clear that it would not have seen the light of day without a measure of official approval. Its findings are revelatory, and they deserve to be read and appreciated not only by every lawmaker in Congress, but by every American citizen.

The narrative argues that the United States is fundamentally getting it wrong when it comes to setting its priorities, particularly with regard to the budget and how Americans as a nation use their resources more broadly. The report says Americans are overreacting to Islamic extremism, underinvesting in their youth, and failing to embrace the sense of competition and opportunity that made America a world power. The United States has been increasingly consumed by seeing the world through the lens of threat, while failing to understand that influence, competitiveness, and innovation are the key to advancing American interests in the modern world.

Courageously, the authors make the case that America continues to rely far too heavily on its military as the primary tool for how it engages the world. Instead of simply pumping more and more dollars into defense, the narrative argues:

By investing energy, talent, and dollars now in the education and training of young Americans — the scientists, statesmen, industrialists, farmers, inventors, educators, clergy, artists, service members, and parents, of tomorrow — we are truly investing in our ability to successfully compete in, and influence, the strategic environment of the future. Our first investment priority, then, is intellectual capital and a sustainable infrastructure of education, health and social services to provide for the continuing development and growth of America’s youth.

Yet, it is investments in America’s long-term human resources that have come under the fiercest attack in the current budget environment. As the United States tries to compete with China, India, and the European Union, does it make sense to have almost doubled the Pentagon budget in the last decade while slashing education budgets across the country?

by HANS-INGE LANGØ / April 15th, 2011

Foreign Policy‘s John Norris has picked up on an article written by two U.S. military officers that seems to have gone largely unnoticed by the press. The article, titled “A National Strategic Narrative,” is being compared to George F. Kennan’s famous article “The Sources of Soviet Conduct” for laying out a new direction in U.S. foreign policy (Kennan used the pseudonym “X” for the article which was published inForeign Affairs in July 1947). The authors, U.S. Navy Captain Wayne Porter and U.S. Marine Corps Colonel Mark Mykleby, invite this comparison by signing it “Mr. Y” and making several references to Kennan’s important note. Whereas Kennan laid the intellectual foundation for a strategy of containtment vis-à-vis the Soviet Union, Porter and Mykleby are calling for a strategy of sustainment: “It is time for America to re-focus our national interests and principles through a long lens on the global environment of tomorrow. It is time to move beyond a strategy of containment to a strategy of sustainment (sustainability); from an emphasis on power and control to an emphasis on strength and influence; from a defensive posture of exclusion, to a proactive posture of engagement. We must recognize that security means more than defense, and sustaining security requires adaptation and evolution, the leverage of converging interests and interdependencies.”

The authors lay out three priorities as part of this new national strategy: investing in education to build the economy; relying less on military force and utilizing other parts of the foreign policy tool box, such as development and aid, to ensure long-term security; and developing sustainable access to, cultivation and use of natural resources. These are not ideas one would normally associate with the military, but something seems to be changing at the Pentagon. Secretary of Defense Robert Gates has warned that the civilian side of U.S. foreign policy (e.g. the State Department and USAID) is underfunded. In a 2007 speech, he called cuts to ‘soft power’ tools during the 1990s “short-sighted,” saying it was a “gutting of America’s ability to engage, assist, and communicate with other parts of the world.” The message has not changed since then. In fact, both Gates and Admiral Michael Mullen, the Chairman of the Joint Chiefs of Staff, have vigorously opposed cuts to the State Department budget on repeated occasions. The Y article seems to be a continuation of this emphasis of ‘soft power’, and John Norris rightfully concludes that though the article was written in a personal capacity, “it would not have seen the light of day without a measure of official approval.”

It is a fundamentally optimistic proposition, confident in the capability of the United States to achieve positive influence in the world and the willingness of others to cooperate, rather than compete. Both these assertions are debatable. Should the United States move away from interventionism, it could find it has more influence through soft power than blunt coercion, yet there is no guarantee for that. As others countries rise, like the United States once did, they too will seek their place in the world, testing the boundaries of cooperation and accommodation. In the next couple of decades, Asia will be ripe for conflicts as China and India assert themselves, with Japan, South Korea and a host of other countries seeking physical and economic security. That is not to say that Asia is doomed to repeat the mistakes of Europe. One could make the case that economic and cultural developments, with their accompanying interdependencies, lessen the incentives for war. While China is asserting itself through territorial claims in the South China Sea and elaborate navy exercises, Beijing is primarily concerned with keeping the economy running at a brisk pace. War is bad for business, and China’s military remains inferior to that of the United States – let alone a coalition of U.S. and other regional forces. In addition, nuclear proliferation serves as a deterrent of total war that was woefully lacking in Europe during the 19th century and the first half of the 20th century. Yet despite these disincentives, all the major players in Asia are building up their military capabilities, and some are even making significant changes to their national security strategies in anticipation of a more threatening China. This development is taking place largely independently of U.S. actions in the region and despite security guarantees given to South Korea and Japan. The United States is even encouraging Japan to take a larger share of its own security burden, which basically means more defense spending and a more offensive posture. Perhaps this is due to fiscal concerns, as the United States can ill afford to subsidize its allies’ security forever, but it might also come from a realization that there are limits to U.S. influence in the region. The Asian powers have their own national interests irrespective of U.S. concerns. This means that even if the United States adopts a more cooperative approach to foreign policy, others might not follow.

Direct confrontation is not the only challenge facing the United States. One could even make the case that war is not even at the top of the list. Competition for natural resources and access to markets is likelier to result in lawfare, economic sanctions and other soft power confrontations than kinetic actions. To solve these issues, the United States needs a large toolbox, so Porter and Mykleby are right in this respect to focus on ‘smart power’. The danger is that a normative approach to foreign policy might crash into a real world of realpolitik and hard power. Speaking softly will only get you so far, unless you carry a big stick. Looking beyond the emphasis on ‘soft power’, there is a more fundamental message coming out of the Y article. Though a cliché it may be, one is reminded of John Winthrop and his famous sermon “City Upon A Hill” from 1630 when reading the article. The authors urge policymakers, and Americans in general, to examine the role of the United States in an increasingly interdependent world: “This Narrative advocates for America to pursue her enduring interests of prosperity and security through a strategy of sustainability that is built upon the solid foundation of our national values. As Americans we needn’t seek the world’s friendship or to proselytize the virtues of our society. Neither do we seek to bully, intimidate, cajole, or persuade others to accept our unique values or to share our national objectives. Rather, we will let others draw their own conclusions based upon our actions.”

As Jonathan Monten describes it in his excellent article “The Roots of the Bush Doctrine,” American exceptionalism in foreign policy has historically taken on two distinct characters: exemplarism and vindicationism. We last saw the former during the presidency of George W. Bush, when foreign policy thinking was dominated by the belief that the United States had to take active measure to promote American values of liberty abroad. Merely being an example was not enough to cause change. The latter, which is on display in the Y article, is the idea that the United States should sort out its own house first and act as a beacon of light to the world, instead of forcing its ideals on others. The practical implication of this would likely be a policy of offshore balancing, and here is the real potential of Porter and Mykleby’s proposition. This would not be isolationism – as noninterventionism is often, and mistakenly, called. It would be a policy based on the genuine belief that the United States cannot, and should not, run the world. There are limits to U.S. power, and nationbuilding schemes like the ones Iraq and Afghanistan come with huge opportunity costs both abroad and at home.

Facts and Figures: U.S. Human Rights Situation

BEIJING, April 10 (Xinhua) — China’s Information Office of the State Council, or cabinet, published a report titled “The Human Rights Record of the United States in 2010” here Sunday. Following is the full text:

Human Rights Record of the United States in 2010

The State Department of the United States released its Country Reports on Human Rights Practices for 2010 on April 8, 2011. As in previous years, the reports are full of distortions and accusations of the human rights situation in more than 190 countries and regions including China. However, the United States turned a blind eye to its own terrible human rights situation and seldom mentioned it. The Human Rights Record of the United States in 2010 is prepared to urge the United States to face up to its own human rights issues.

I. On Life, Property and Personal Security

The United States reports the world’s highest incidence of violent crimes, and its people’s lives, properties and personal security are not duly protected.

Every year, one out of every five people is a victim of a crime in the United States. No other nation on earth has a rate that is higher. In 2009, an estimated 4.3 million violent crimes, 15.6 million property crimes and 133,000 personal thefts were committed against U.S. residents aged 12 or older, and the violent crime rate was 17.1 victimizations per 1,000 persons, according to a report published by the U.S. Department of Justice on October 13, 2010 (Criminal Victimization 2009, U.S. Department of Justice, The crime rate surged in many cities in the United States. St. Louis in Missouri reported more than 2,070 violent crimes per 100,000 residents, making it the nation’s most dangerous city (The Associated Press, November 22, 2010). Detroit residents experienced more than 15,000 violent crimes each year, which means the city has 1,600 violent crimes per 100,000 residents. The United States’ four big cities – Philadelphia, Chicago, Los Angeles and New York – reported increases in murders in 2010 from the previous year (USA Today, December 5, 2010). Twenty-five murder cases occurred in Los Angeles County in a week from March 29 to April 4, 2010; and in the first half of 2010, 373 people were killed in murders in Los Angeles County ( As of November 11, New York City saw 464 homicide cases, up 16 percent from the 400 reported at the same time last year (The Washington Post, November 12, 2010).

The United States exercised lax control on the already rampant gun ownership. Reuters reported on November 10, 2010 that the United States ranks first in the world in terms of the number of privately-owned guns. Some 90 million people own an estimated 200 million guns in the United States, which has a population of about 300 million. The Supreme Court of the United States ruled on June 28, 2010 that the second amendment of the U.S. Constitution gives Americans the right to bear arms that can not be violated by state and local governments, thus extending the Americans’ rights to own a gun for self-defense purposes to the entire country (The Washington Post, June 29, 2010). Four U.S. states – Tennessee, Arizona, Georgia and Virginia – allow loaded guns in bars. And 18 other states allow weapons in restaurants that serve alcohol (The New York Times, October 3, 2010). Tennessee has nearly 300,000 handgun permit holders. The Washington Times reported on June 7, 2010 that in November 2008, a total of 450,000 more people in the United States purchased firearms than had bought them in November 2007. This was a more than 10-fold increase, compared with the change in sales from November 2007 over November 2006. From November 2008 to October 2009, almost 2.5 million more people bought guns than had done so in the preceding 12 months (The Washington Times, June 7, 2010). The frequent campus shootings in colleges in the United States came to the spotlight in recent years. The United Kingdom’s Daily Telegraph reported on February 21, 2011 that a new law that looks certain to pass through the legislature in Texas, the United States, would allow half a million students and teachers in its 38 public colleges to carry guns on campus. It would become only the second state, after Utah, to enforce such a rule.

The United States had high incidence of gun-related blood-shed crimes. Statistics showed there were 12,000 gun murders a year in the United States (The New York Times, September 26, 2010). Figures released by the U.S. Department of Justice on October 13, 2010 showed weapons were used in 22 percent of all violent crimes in the United States in 2009, and about 47 percent of robberies were committed with arms (, October 13, 2010). On March 30, 2010, five men killed four people and seriously injured five others in a deadly drive-by shooting (The Washington Post, April 27, 2010). In April, six separate shootings occurred overnight, leaving 16 total people shot, two fatally ( On April 3, a deadly shooting at a restaurant in North Hollywood, Los Angeles, left four people dead and two others wounded (, April 4, 2010). One person was killed and 21 others wounded in separate shootings around Chicago roughly between May 29 and 30 (, May 30, 2010). In June, 52 people were shot at a weekend in Chicago (, June 21, 2010). Three police officers were shot dead by assailants in the three months from May to July (Chicago Tribune, July 19, 2010). A total of 303 people were shot and 33 of them were killed in Chicago in the 31 days of July in 2010. Between November 5 and 8, four people were killed and at least five others injured in separate shootings in Oakland (World Journal, November 11, 2010). On November 30, a 15-year-old boy in Marinette County, Wisconsin, took his teacher and 24 classmates hostage at gunpoint (abcNews, November 30, 2010). On January 8, 2011, a deadly rampage critically wounded U.S. Rep. Gabrielle Giffords. Six people were killed and 12 others injured in the attack (Los Angeles Times, January 9, 2011).

II. On Civil and Political Rights

In the United States, the violation of citizens’ civil and political rights by the government is severe.

Citizen’ s privacy has been undermined. According to figures released by the American Civil Liberties Union (ACLU) in September 2010, more than 6,600 travelers had been subject to electronic device searches between October 1, 2008 and June 2, 2010, nearly half of them American citizens. A report on The Wall Street Journal on September 7, 2010, said the Department of Homeland Security (DHS) was sued over its policies that allegedly authorize the search and seizure of laptops, cellphones and other electronic devices without a reasonable suspicion of wrongdoing. The policies were claimed to leave no limit on how long the DHS can keep a traveler’ s devices or on the scope of private information that can be searched, copied or detained. There is no provision for judicial approval or supervision. When Colombian journalist Hollman Morris sought a U.S. student visa so he could take a fellowship for journalists at Harvard University, his application was denied on July 17, 2010, as he was ineligible under the “terrorist activities” section of the U.S.A. Patriot Act. An Arab American named Yasir Afifi, living in California, found the FBI attached an electronic GPS tracking device near the right rear wheel of his car. In August, ACLU, joined by the Asian Law Caucus and the San Francisco Bay Guardian weekly, had filed a lawsuit to expedite the release of FBI records on the investigation and surveillance of Muslim communities in the Bay Area. The San Francisco FBI office has declined to comment on the matter “because it’ s still an ongoing investigation.” (The Washington Post, October 13, 2010). In October 2010, the Transportation Security Administration raised the security level at U.S. airports requiring passengers to go through a full-body scanner machine or pat-downs. It also claimed that passengers can not refuse the security check based on their religious beliefs. Civil rights groups contended the more intensive screening violates civil liberties including freedom of religion, the right to privacy and the constitutional protection against unreasonable searches (AP, November 16, 2010). The ACLU and the U.S. Travel Association have been getting thousands of complaints about airport security measures (The Christian Science Monitor, November 20, 2010).

Abuse of violence and torturing suspects to get confession is serious in the U. S. law enforcement. According to a report of Associated Press on October 14, 2010, the New York Police Department (NYPD) paid about 964 million U.S. dollars to resolve claims against its officers over the past decade. Among them was a case that an unarmed man was killed in a 50-bullet police shooting on his wedding day. The three police officers were acquitted of manslaughter and the NYDP simply settled the case with money (China Press, October 15, 2010). In a country that boasts “judicial justice,” what justice did the above-mentioned victims get? In June 2010, a federal jury found former Chicago police lieutenant Jon Burge guilty of perjury and obstruction of justice. Burge and officers under his command shocked, suffocated and burned suspects into giving confessions in the 1970s and 1980s (The Boston Globe, November 5, 2010). According to a report on Chicago Tribune on May 12, 2010, Chicago Police was charged with arresting people without warrants, shackling them to the wall or metal benches, feeding them infrequently and holding them without bathroom breaks and giving them no bedding, which were deemed consistent with tactics of “soft torture” used to extract involuntary confessions. On March 22, a distraught homeless man was shot dead in Potland, Oregon, by four shots from a police officer (China Press, April 1, 2010). An off-duty Westminster police officer was arrested on suspicion of kidnapping and raping a woman on April 3 while a corrections officer was accused of being an accessory (Los Angeles Times, April 6, 2010). On April 17 in Seattle, Washington, a gang detective and patrol officer kicked a suspect and verbally assaulted him (Seattle Post-Intelligencer, May 10, 2010). On March 24, Chad Holley, 15, was brutally beaten by eight police officers in Houston. The teen claimed he was face down on the ground while officers punched him in the face and kneed him in the back. After a two-month-long investigation, four officers were indicted and fired (Houston Chronicle, May 4, June 23, 2010). On August 11, three people were injured by police shooting when police officers chased a stolen van in Prince George’ s County. Family members of the three injured argued why the police fired into the van when nobody on the van fired at them (The Washington Post, August 14, 2010). On September 5, 2010, a Los Angeles police officer killed a Guatemalan immigrant by two shots and triggered a large scale protest. Police clashed with protesters and arrested 22 of them (The New York Times, September 8, 2010). On November 5, 2010, a large demonstration took place in Oakland against a Los Angeles court verdict which put Johannes Mehserle, a police officer, to two years in prison as he shot and killed unarmed African American Oscar Grant two years ago. Police arrested more than 150 people in the protest (San Francisco Chronicle, November 9, 2010).

The United States has always called itself “land of freedom,” but the number of inmates in the country is the world’ s largest. According to a report released by the Pew Center on the States’ Public Safety Performance Project in 2008, one in every 100 adults in the U.S. are in jail and the figure was one in every 400 in 1970. By 2011, America will have more than 1.7 million men and women in prison, an increase of 13 percent over that of 2006. The sharp increase will lead to overcrowding prisons. California prisons now hold 164,000 inmates, double their intended capacity (The Wall Street Journal, December 1, 2010). In a New Beginnings facility for the worst juvenile offenders in Washington DC, only 60 beds are for 550 youths who in 2009 were charged with the most violent crimes. Many of them would violate the laws again without proper care or be subject to violent crimes (The Washington Post, August 28, 2010). Due to poor management and conditions, unrest frequently occurred in prisons. According to a report on Chicago Tribune on July 18, 2010, more than 20 former Cook County inmates filed suit saying they were handcuffed or shackled during labor while in the custody, leaving serious physical and psychological damage. On October 19, 2010, at least 129 inmates took part in a riot at Calipatria State Prison, leaving two dead and a dozen injured (China Press, October 20, 2010). In November, AP released a video showing an inmate, being beaten by a fellow inmate in an Idaho prison, managed to plead for help through a prison guard station window but officers looked on and no one intervened until he was knocked unconscious. The prison was dubbed “gladiator school” (China Press, December 2, 2010).

Wrongful conviction occurred quite often in the United States. In the past two decades, a total of 266 people were exonerated through DNA tests, among them 17 were on death row (Chicago Tribune, July 11, 2010). A report from The Washington Post on April 23, 2010, said Washington DC Police admitted 41 charges they raised against a 14-year-old boy, including four first-degree murders, were false and the teen never confessed to any charge. Police of Will County, Illinois, had tortured Kevin Fox to confess the killing of his three-year-old daughter and he had served eight months in prison before a DNA test exonerated him. Similar case happened in Zion, Illinois, that Jerry Hobbs were forced by the police to confess the killing of his eight-year-old daughter and had been in prison for five years before DNA tests proved his innocence. Barry Gibbs had served 19 years in prison when his conviction of killing a prostitute in 1986 was overturned in 2005 and received 9.9 million U.S. dollars from New York City government in June 2010 (The New York Times, June 4, 2010).

The U.S. regards itself as “the beacon of democracy.” However, its democracy is largely based on money. According to a report from The Washington Post on October 26, 2010, U.S. House and Senate candidates shattered fundraising records for a midterm election, taking in more than 1.5 billion U.S. dollars as of October 24. The midterm election, held in November 2010, finally cost 3.98 billion U.S. dollars, the most expensive in the U.S. history. Interest groups have actively spent on the election. As of October 6, 2010, the 80 million U.S. dollars spent by groups outside the Democratic and Republican parties dwarfed the 16 million U.S. dollars for the 2006 midterms. One of the biggest spenders nationwide was the American Future Fund from Iowa, which spent 7 million U.S. dollars on behalf of Republicans in more than two dozen House and Senate races. One major player the 60 Plus Association spent 7 million dollars on election related ads. The American Federation of States, County and Municipal Employees spent 103.9 million U.S. dollars on the campaigns from October 22 to 27 (The New York Times, November 1, 2010). U.S. citizens have expressed discontent at the huge cost in the elections. A New York Times/CBS poll showed nearly 8 in 10 U.S. citizens said it was important to limit the campaign expense (The New York Times, October 22, 2010).

While advocating Internet freedom, the U.S. in fact imposes fairly strict restriction on cyberspace. On June 24, 2010, the U.S. Senate Committee on Homeland Security and Governmental Affairs approved the Protecting Cyberspace as a National Asset Act, which will give the federal government “absolute power” to shut down the Internet under a declared national emergency. Handing government the power to control the Internet will only be the first step towards a greatly restricted Internet system, whereby individual IDs and government permission would be required to operate a website. The United States applies double standards on Internet freedom by requesting unrestricted “Internet freedom” in other countries, which becomes an important diplomatic tool for the United States to impose pressure and seek hegemony, and imposing strict restriction within its territory. An article on BBC on February 16, 2011 noted the U.S. government wants to boost Internet freedom to give voices to citizens living in societies regarded as “closed” and questions those governments’ control over information flow, although within its borders the U.S. government tries to create a legal frame to fight the challenge posed by Wikileaks. The U.S. government might be sensitive to the impact of the free flow of electronic information on its territory for which it advocates, but it wants to practice diplomacy by other means, including the Internet, particularly the social networks.

An article on the U.S.-based Foreign Policy Magazine admitted that the U.S government’s approach to the Internet remains “full of problems and contradictions” (Foreign Policy Magazine website, February 17, 2011).

III. On Economic, Social and Cultural Rights

The United States is the world’s richest country, but Americans’ economic, social and cultural rights protection is going from bad to worse.

Unemployment rate in the United States has been stubbornly high. From December 2007 to October 2010, a total of 7.5 million jobs were lost in the country (The New York Times, November 19, 2010). According to statistics released by the U.S. Department of Labor on December 3, 2010, the U.S. unemployment rate edged up to 9.8 percent in November 2010, and the number of unemployed persons was 15 million in November, among whom, 41.9 percent were jobless for 27 weeks and more ( The jobless rate of California in January 2010 was 12.5 percent, its worst on record. Unemployment topped 20 percent in eight California counties (The Los Angeles Times, March 11, 2010). Unemployment rate of New York State was 8.3 percent in October 2010. There were nearly 800,000 people unemployed statewide, and about 527,000 people were collecting unemployment benefits from the state (The New York Times, November 19, 2010). Employment situation for the disabled was worse. According to statistics released by the U.S. Department of Labor on August 25, 2010, the average unemployment rate for disabled workers was 14.5 percent in 2009, and nearly a third of workers with disabilities worked only part-time. The jobless rate for workers with disabilities who had at least a bachelor’s degree was 8.3 percent, which was higher than the 4.5 percent rate for college-educated workers without disabilities (The Wall Street Journal, August 26, 2010). The unemployment rate for those with disabilities had risen to 16.4 percent as of July 2010 (The Wall Street Journal, August 26, 2010). In 2009, more than 21,000 disabled people complained to Equal Employment Opportunity Commission (EEOC) about their experience of employment discrimination, an increase of 10 percent and 20 percent over the numbers of 2008 and 2007 (The World Journal, September 25, 2010).

Proportion of American people living in poverty has risen to a record high. The U.S. Census Bureau reported on September 16, 2010 that a total of 44 million Americans found themselves in poverty in 2009, four million more than that of 2008. The share of residents in poverty climbed to 14.3 percent in 2009, the highest level recorded since 1994 (The New York Times, September 17, 2010). In 2009, Mississippi’s poverty rate was 23.1 percent ( Florida had a total of 2.7 million people living in poverty (The Washington Post, September 19, 2010). In New York City, 18.7 percent of the population lived in poverty in 2009, as an additional 45,000 people fell below the poverty line that year (New York Daily News, September 29, 2010).

People in hunger increased sharply. A report issued by the U.S. Department of Agriculture in November 2010 showed that 14.7 percent of U.S. households were food insecure in 2009 (, an increase of almost 30 percent since 2006 (The Washington Post, November 21, 2010). About 50 million Americans experienced food shortage that year. The number of households collecting emergency food aid had increased from 3.9 million in 2007 to 5.6 million in 2009 (The China Press, November 16, 2010). The number of Americans participating in the food-stamp program increased from 26 million in May 2007 to 42 million in September 2010, approximately one in eight people was using food stamps (The Associated Press, October 22, 2010). In the past four years, 31.6 percent of American families tasted poverty for at least a couple of months (The Globe and Mail, September 17, 2010).

Number of homeless Americans increased sharply. According to a report by USA Today on June 16, 2010, the number of families in homeless shelters increased 7 percent to 170,129 from fiscal year 2008 through fiscal year 2009. Homeless families also were staying longer in shelters, from 30 days in 2008 to 36 in 2009, and about 800,000 American families were living with extended family, friends, or other people because of the economy. The number of homeless students in the U.S. increased 41 percent over that in the previous two years to one million (The Washington Post, September 23, 2010; USA Today, July 31, 2010). In New York City, 30 percent of homeless families in 2009 were first-time homeless ( The city’s homeless people increased to 3,111, with another 38,000 people living in shelters (The New York Times, March 19, 2010). New Orleans had 12,000 homeless people (News Week, August 23, 2010). An estimated 254,000 men, women and children experienced homelessness in Los Angeles County during some part of the year. Approximately 82,000 people were homeless on any given night. African Americans made up approximately half of the Los Angeles County homeless population, 33 percent were Latino, and a high percentage, as high as 20 percent, were veterans ( American veterans served in the Iraq and Afghanistan wars could become homeless one year and a half after they retired, and about 130,000 retired veterans become homeless each year in the US ( Statistics from the National Coalition for the Homeless showed that more than 1,000 violent offences against homeless people have occurred in the U.S. which caused 291 deaths since 1999. (The New York Times, August 18, 2010)

The number of American people without health insurance increased progressively every year. According to a report by USA Today on September 17, 2010, the number of Americans without health insurance increased from 46.3 million in 2008 to 50.7 million in 2009, the ninth consecutive annual rise, which accounted for 16.7 percent of the total U.S. population. Sixty-eight adults under 65 years old died due to lack of health insurance each day on average in the US. A report from the Centers for Disease Control and Prevention (CDC) in November 2010 showed that 22 percent of American adults between 16 and 64 had no health insurance (Reuters, November 10, 2010). A report issued by the Center for Health Policy Research, University of California, Los Angeles indicated that 24.3 percent of adults under 65 in California State in 2009 had no health insurance, representing a population of 8.2 million, up from the 6.4 million in 2007. Proportion of children without health insurance in the state rose from 10.2 percent in 2007 to 13.4 percent in 2009 (The China Press, March 17, 2010, citing the Los Angeles Times).

IV. On Racial Discrimination

Racial discrimination, deep-seated in the United States, has permeated every aspect of social life.

An Associated Press-Univision Poll, reported by the Associated Press on May 20, 2010, found that 61 percent of people overall said Hispanics face significant discrimination, compared with 52 percent who said blacks do. The New York Times reported on October 28, 2010 that more than 6 in 10 Latinos in the United States say discrimination is a “major problem” for them, a significant increase in the last three years.

Minorities do not enjoy the same political status as white people. The New York city’s non-Hispanic white population is 35 percent, while more than 70 percent of the senior jobs are held by whites. Since winning a third term in November 2009, Mayor Michael R. Bloomberg has announced a parade of major appointments: bringing aboard three new deputy mayors and six commissioners. All nine are white. Of the 80 current city officials identified by the Bloomberg administration as “key members” on its Website, 79 percent are white. Of 321 people who advise the mayor or hold one of three top titles at agencies that report directly to him – commissioners, deputy commissioners and general counsels, and their equivalents – 78 percent are white. And of the 1,114 employees who must live in the city, under an executive order, because they wield the most influence over policies and day-to-day operations, 74 percent are white (The New York Times, June 29, 2010).

Minority groups confront discrimination in their employment and occupation. The black people are treated unfairly or excluded in promotion, welfare and employment (Chicago Tribune, March 12, 2010). It is reported that one-third of black people confronted discrimination at work, against which only one-sixteenth of the black people would lodge a complaint. The Washington Post reported on October 15, 2010 that about 30 black firefighters alleged systematic racial discrimination within the D.C. Department of Fire and Emergency Medical Services, claiming that black employees faced harsher discipline. Shirley Sherrod, who was black, was fired by the Agricultural Department after a blogger posted her truncated comments that 24 years ago, she did not help a white farmer when she was working for a nonprofit agency established to help black farmers. The U.S. Agriculture Department in February, 2010 reached a 1.25-billion-dollar settlement in a decades-long struggle by African-American farmers who had suffered from discrimination within farm loans (The Washington Post, July 23, 2010). The New York Times reported on September 23, 2010 that by September 30, 2009, Muslim workers had filed a record 803 claims of complaints over employment discrimination, up 20 percent from the previous year.

Minority groups have high unemployment rate. According to the U.S. Bureau of Labor Statistics, in July 2010, among the population 16 to 24 years of age, 2,987,000 unemployed people were white, with unemployment rate reaching 16.2 percent; 992,000 were black or African American people, with unemployment rate of 33.4 percent; 165,000 were Asians, with unemployment rate of 21.6 percent; 884,000 belonged to Hispanic or Latino ethnicity, with unemployment rate of 22.1 percent ( According to a report of the working group of experts on people of African descent to the Human Rights Council of the United Nations in August 2010, unemployment was a very serious issue for the Afro-descendant community in the United States, with levels of unemployment being, proportionately, four times higher among this population than in the white community. Reference was made to a case where the New York City Fire Department was found to have discriminated against people of African descent who had applied for employment as firemen. Of the 11,000 firemen employed by the New York City Fire Department, only about 300 were of African descent, despite their being about 27 percent of the population of New York (UN document A/HRC/15/18). Nearly one-sixth of black residents in the city were unemployed in the third quarter of 2010. About 140,000 of the city’s 384,000 unemployed residents, or 36 percent, were black (The New York Times, October 28, 2010).

Poverty proportion for minorities is also high in the United States. The U.S. Census Bureau announced in September, 2010 that the poverty proportion of the black was 25.8 percent in 2009, and those of Hispanic origin and Asian were 25.3 percent and 12.5 percent respectively, much higher than that of the non-Hispanic white at 9.4 percent. The median household income for the black, Hispanic origin and non-Hispanic white were 32,584, 38,039 and 54,461 U.S. dollars respectively (The USA Today, September 17, 2010). A survey released by the America Association of Retired Persons on February 23, 2010 found that over the previous 12 months, a third (33 percent) of African Americans age 45+ had problems paying rent or mortgage, 44 percent had problems paying for essential items, such as food and utilities, almost one in four (23 percent) lost their employer-sponsored health insurance, more than three in ten (31 percent) had cut back on their medications, and a quarter (26 percent) prematurely withdrew funds from their retirement nest eggs to pay for living expenses. Even in the tough employment environment, 12 percent of African Americans age 65+ returned to the workforce from retirement, while nearly 20 percent of African Americans age 45 to 64 increased the number of hours worked and 12 percent took a second job (The Los Angeles Times, February 23, 2010). In 2009, there were more than 30,000 black children living in poverty in the nation’s capital, almost 7,000 more than two years before. Among black children in the city, childhood poverty shot up to 43 percent, from 36 percent in 2008. In contrast, the poverty rate for Hispanic children was 13 percent, and the rate for white children was 3 percent (The Washington Post, September 29, 2010).

The U.S. minority groups face obvious inequality in education. A latest report released by America’s Promise Alliance, Civic Enterprises, and the Everyone Graduates Center at Johns Hopkins University showed that 81 percent of white, 64 percent of Hispanic, and 62 percent of African-American students graduated from high schools in 2008 (The World Journal, December 2, 2010). As of 2008, among white men aged 55 to 64, the college completion rate was 43 percent, while 19 percent of Hispanics. Among white men aged 25 to 34, the completion rate was 39 percent, compared with 14 percent of Hispanics (The Washington Post, October 20, 2010). In New York City, the number of white adults with a master degree were three times more than Hispanics. According to a report released by the Sacramento State University, only 22 percent of Latino students and 26 percent African American students completed their two-year studies in the university, compared with 37 percent of white students (The San Jose Mercury News, October 20, 2010). A report released from New York City’ s Department of Education in January 2010 found that 6,207 or 4.7 percent-out of a total of 130,837 disciplinary incidents reported in the City’s public schools during the 2008-09 school year were bias-related with gender, race/color, gender identity, gender expression, or sexual orientation (The China Press, January 18, 2010). The USA Today on October 14, 2010 reported that African American boys who were suspended at double and triple the rates of their white male peers. At the Christina School District in Delaware, 71 percent of black male students were suspended in a recent school year, compared to 22 percent of their white male counterparts. African-American students without disabilities were more than three times as likely to be expelled as their white peers. African-American students with disabilities were over twice as likely to be expelled or suspended as their white counterparts (USA Today, March 8, 2010).

The health care for African-American people is worrisome. Studies showed that nearly a third of ethnic minority families in the United States did not have health insurance. Life expectancy was lower and infant mortality higher than average (BBC, the social and economic position of minorities). Mortality of African American children was two to three times higher than that of their white counterparts. African American children represented 71 percent of all pediatric HIV/AIDS cases. African American women and men were 17 times and 7 times, respectively, more likely to contract HIV/AIDS than white people, and twice more likely to develop cancer.

Racial discrimination is evident in the law enforcement and judicial systems. The New York Times reported on May 13, 2010, that in 2009, African Americans and Latinos were 9 times more likely to be stopped by the police to receive stop-and-frisk searches than white people. Overall, 41 percent of the prison population was estimated to be African American. The rate of African Americans serving a life sentence was more than 10 times higher than that of whites. Males of African descent who dropped out of school had a 66 percent chance of ending up in jail or being processed by the criminal justice system (UN document A/HRC/15/18). A report said 85 percent of the people stopped in New York to receive stop-and-frisk searches over the past six years had been black or Latino (The Washington Post, November 4, 2010). According to a report of the Law School of the Michigan State University, among the 159 death row inmates in North Carolina, 86 were black, 61 were white and 12 were from other ethnic groups. During the trial process of the 159 capital cases, the number of black members taken out from the jury by prosecutors more than doubled that of non-black members. According to statistics from the Chicago Police Department, the proportion of black people being the criminals and the victims of all murder cases is the highest, reaching 76.3 and 77.6 percent respectively ( The Homicide Report of the Los Angeles Times showed 2,329 homicides in Los Angeles County from January 1, 2007 to November 14, 2010, with victims of 1,600 Latinos and 997 black people (

Racial hate crimes are frequent. The FBI said in an annual report that out of 6,604 hate crimes committed in the United States in 2009, some 4,000 were racially motivated and nearly 1,600 were driven by hatred for a particular religion. Overall, some 8,300 people fell victim to hate crimes in 2009. Blacks made up around three-quarters of victims of the racially motivated hate crimes and Jews made up the same percentage of victims of anti-religious hate crimes. Two-thirds of the 6,225 known perpetrators of all U.S. hate crimes were white (AFP, November 22, 2010).

Immigrants’ rights and interests are not guaranteed. Lawmakers in the Arizona Senate in April 2010 passed a bill to curb illegal immigration. The law requires state and local police to determine the status of people if there is “reasonable suspicion” that they are illegal immigrants and to arrest people who are unable to provide documentation proving they are in the country legally (The Los Angeles Times, April 13, 2010). Another proposed Arizona law, supported by Republicans of the state, would deny birth certificates to children born in the United States to illegal immigrant parents (CNN U.S., June 15, 2010). A group of UN human rights experts on migrants, racism, minorities, indigenous people, education and cultural rights expressed serious concern over the laws enacted by the state of Arizona, saying that “a disturbing pattern of legislative activity hostile to ethnic minorities and immigrants has been established”. The Arizona immigration law requires state law enforcement officers to arrest a person, without a warrant. It also makes it a crime to be in the country illegally, and specifically targets day laborers, making it a crime for an undocumented migrant to solicit work, and for any person to hire or seek to hire an undocumented migrant. The law may lead to detaining and subjecting to interrogation persons primarily on the basis of their perceived ethnic characteristics. In Arizona, persons who appear to be of Mexican, Latin American, or indigenous origin are especially at risk of being targeted under the law. The Atlanta Journal-Constitution reported on November 19, 2010 that a large group of human rights organizations prepared to hold a vigil in South Georgia in support of suspected illegal immigrants being held in a prison in Lumpkin. As of September 17, 2010, the prison was holding 1,890 inmates. Court cases for inmates at the prison were pending for 63 days on average. With regard to immigration detainees, the Special Rapporteur on the human rights of migrants said, in a report to the Human Rights Council in April 2010, that he received reports of detainees being willfully and maliciously denied proper medical treatment, to which they are entitled by legislation, while they are in the custody of the national authorities. The Special Rapporteur observed during his country missions that irregular migrant workers are often homeless or living in crowded, unsafe and unsanitary conditions (UN document A/HRC/14/30).

V. On the rights of women and children

The situation regarding the rights of women and children in the United States is bothering.

Gender discrimination against women widely exists in the United States. According to a report released on August 11, 2010 by the Daily Mail, 90 percent of women have suffered some form of sexual discrimination in the workplace. Just 3 percent of Fortune 500 CEOs are women. A report by the American Association of University Women released on March 22, 2010 showed that women earned only 21 percent of doctorate degrees in computer science, around one-third of the doctorates in earth, atmospheric, and ocean sciences, chemistry, and math. Women doing the same work as men often get less payment in the United States. According to a report on September 17, 2010 by the Washington Post, in nearly 50 years, the wage gap has narrowed by only 18 cents. The census report released on September 16, 2010 showed that working women are paid only 77 cents for every dollar earned by a man. The New York Times reported on April 26, 2010 that Wal-Mart was accused of systematically paying women less than men, giving them smaller raises and offering women fewer opportunities for promotion in the biggest employment discrimination case in the nation’s history. The plaintiffs stressed that while 65 percent of Wal-Mart’s hourly employees were women, only 33 percent of the company’s managers were (The New York Times, April 26, 2010).

Women in the United States often experience sexual assault and violence. Statistics released in October 2010 by the National Institute of Justice show that some 20 million women are rape victims in the country ( About 60,000 female prisoners fall victims to sexual assault or violence every year. Some one fifth female students on campus are victims of sexual assault, and 60 percent of campus rape cases occurred in female students’ dorms (World Journal, August 26, 2010).

According to the Human Rights Watch report released in August last year, 50 detainees in the Immigration and Customs Enforcement detention centers have been alleged victims of sexual assault since 2003. Most of these victims were women, and some of the alleged assailants, including prison guards, were not prosecuted. In one case, a guard in a Texas detention center pretended to be a doctor and sexually assaulted five women in the center’s infirmary (World Journal, August 26, 2010). According to figures from Pentagon, cited by the Time magazine on March 8, 2010, nearly 3,000 female soldiers were sexually assaulted in fiscal year 2008, up 9 percent from the year before. Close to one third of the retired female soldiers said they were victims of rape or assault while they were serving.

Women are also victims of domestic violence. In the United States, some 1.3 million people fall victim to domestic violence every year, and women account for 92 percent. One in four women is a victim of domestic violence at some point during her life, and the violence kills three women each day in the United States by a current or former intimate partner (CNN, October 21, 2010). In 2008, police in the New York City received reports of more than 230,000 domestic violence cases, which equals to 600 cases per day (China Press, April 3, 2010). In all homicide cases in 2009, of the female murder victims for whom their relationships to the offenders were known, 34.6 percent were murdered by their husbands or boyfriends ( In the Santa Clara County in California, police receive more than 4,500 domestic violence related calls every year, and more than 700 women and children live in shelters to avoid domestic violence (World Journal, October 15, 2010; China Press, October 9, 2010).

Women’s health rights are not properly protected in the United States. According to the Amnesty International, more than two women die every day in the United States from complications of pregnancy and childbirth. African-American women are nearly four times more likely to die of pregnancy-related complications than white women in the past 20 years. Native American and Alaska Native women are 3.6 times, African-American women 2.6 times and Latina women 2.5 times more likely than white women to receive no or late pre-natal care (UN document A/HRC/14/NGO/13).

Children in the U.S. live in poverty. The Washington Post reported on November 21, 2010, that nearly one in four children struggles with hunger, citing the U.S. Department of Agriculture. More than 60 percent of public school teachers identify hunger as a problem in the classroom. Roughly the same percentage go into their own pockets to buy food for their hungry students (The Washington Post, November 21, 2010). According to figures released on Sept. 16, 2010 by the U.S. Census Bureau, the poverty rate increased for children younger than 18 to 20.7 percent in 2009, up 1.7 percentage points from that in 2008 ( Poverty among black children in the Washington D.C. is as high as 43 percent (The Washington Post, September 29, 2010), and some 2.7 million children in California live in impoverished families. The number of poor children in six counties in the San Francisco Bay Area has increased by 15 to 16 percent. Statistics show that at least 17 million children in the United States lived in food insecure households in 2009 (World Journal, May 8, 2010).

Violence against children is very severe. Figures from the official website of Love Our Children USA show that every year over 3 million children are victims of violence reportedly and the actual number is 3 times greater. Almost 1.8 million are abducted and nearly 600,000 children live in foster care. Every day one out of seven kids and teens are approached online by predators, and one out of four kids are bullied and 43 percent of teens and 97 percent of middle schoolers are cyberbullied. Nine out of 10 LGBT students experienced harassment at school. As many as 160,000 students stay home on any given day because they’ re afraid of being bullied ( According to a report released on October 20, 2010 by the Washington Post, 17 percent of American students report being bullied two to three times a month or more within a school semester. Bullying is most prevalent in third grade, when almost 25 percent of students reported being bullied two, three or more times a month. According to a UN report of the Special Rapporteur on the right to education, 20 states and hundreds of school districts in the United States still permit schools to administer corporal punishment in some form, and students with mental or physical disabilities are more likely to suffer physical punishment (UN document A/HRC/14/25/ADD.1).

Children’ s physical and mental health is not ensured. More than 93,000 children are currently incarcerated in the United States, and between 75 and 93 percent of children have experienced at least one traumatic experience, including sexual abuse and neglect (The Washington Post, July 9, 2010). According to a report made by the Child Fatality Review Team from the New York City Department of Health and Mental Hygiene, between 2001 and 2008, injury-related deaths among children aged one to 12 years old in the United States was 8.9 deaths per 100,000. The figure for those in the New York City was 4.2 deaths per 100,000 (China Press, July 3, 2010). Thirteen children and young adults have died at a Chicago care facility for children with severe disabilities since 2000 due to failure to take basic steps to care for them (Chicago Tribune, October 10, 2010). According to a study published on October 14, 2010 in the Journal of the American Academy of Child and Adolescent Psychiatry, about half of American teens aged between 13 and 19 met the criteria for a mental disorder. Fifty-one percent of boys and 49 percent of girls aged 13 to 19 had a mood, behavior, anxiety or substance use disorder, and the disorder in 22.2 percent of teens was so severe it impaired their daily activities (World Journal, October 15, 2010). Pornographic content is rampant on the Internet and severely harms American children. Statistics show that seven in 10 children have accidentally accessed pornography on the Internet and one in three has done so intentionally. And the average age of exposure is 11 years old – some start at eight years old (The Washington Times, June 16, 2010). According to a survey commissioned by the National Campaign to Prevent Teen and Unplanned Pregnancy, 20 percent of American teens have sent or posted nude or seminude pictures or videos of themselves. (, March 23, 2010). At least 500 profit-oriented nude chat websites were set up by teens in the United States, involving tens of thousands of pornographic pictures.

VI. On U.S. Violations of Human Rights against Other Nations

The United States has a notorious record of international human rights violations.

The U.S.-led wars in Iraq and Afghanistan have caused huge civilian casualties. A trove, released by the WikiLeaks website on October 22, 2010, reported up to 285,000 war casualties in Iraq from March 2003 through the end of 2009. The documents revealed that at least 109,000 people were killed in the Iraq war, and 63 percent of them were civilians (World Journal, October 23, 2010). In an attack in Baghdad in July 2007, an American helicopter shot and killed 12 people, among whom were a Reuters photographer and his driver (The New York Times, April 5, 2010). On February 20, 2011, a U.S. military operation in northeastern Afghanistan killed 65 innocent people, including 22 women and more than 30 children, causing the most serious civilian casualties in months (The Washington Post, February 20, 2011). According to a report in the Washington Post on October 15, 2010, Iraq’ s Human Rights Ministry reported in 2009 that 85,694 Iraqis were killed from January 2004 to October 31, 2008. Iraq Body Count, an organization based in Britain, said that a total of 122,000 civilians had been killed since the U.S. invasion of Iraq (Newsday, October 24, 2010).

The U.S. military actions in Afghanistan and other regions have also brought tremendous casualties to local people. According to a report by McClatchy Newspapers on March 2, 2010, the U.S.-led North Atlantic Treaty Organization (NATO) troops had caused 535 Afghan civilian deaths and injuries in 2009. Among them 113 civilians were shot and killed, an increase of 43 percent over 2008. Since June 2009, air strikes by the U.S. military had killed at least 35 Afghan civilians. On January 8, 2010, an American missile strike in the northwestern region of Pakistan killed four people and injured three others (The San Francisco Chronicle, January 9, 2010). During an American Special Operation in Afghanistan on February 12, five innocent civilians were shot to death, and two of them were pregnant mothers (The New York Times, April 5, 2010, page A4). On April 12, American troops raked a passenger bus near Kandahar, killing five civilians and wounding 18 others (The New York Times, April 13, 2010). The Washington Post reported on September 18, 2010, that from January 2010, a “kill team” formed by five soldiers from the 5th Stryker Combat Brigade, 2nd Infantry Division of the U.S. forces in Afghanistan, had committed at least three murders, where they randomly targeted and killed Afghan civilians, and dismembered the corpses and hoarded the human bones (The Washington Post, September 18, 2010).

The U.S. counter-terrorism missions have been haunted by prisoner abuse scandals. The United States held individuals captured during its “war on terror” indefinitely without charge or trial, according to a joint study report submitted to the United Nations Human Rights Council in May 2010 by the UN’s Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism, the Special Rapporteur on torture and other cruel, inhuman or degrading treatment or punishment, and the Working Group on Arbitrary Detention. The report said the United States established detention centers in Guantanamo Bay and many other places in the world, keeping detainees secretly. The U.S. Central Intelligence Agency (CIA) established secret detention facilities to interrogate so-called “high-value detainees”. The study said the U.S. Principal Deputy Assistant Attorney General Stephen G. Bradbury had stated that the CIA had taken custody of 94 detainees, and had employed “enhanced techniques” to varying degrees, including stress positions, extreme temperature changes, sleep deprivation, and “waterboarding,” in the interrogation of 28 of those detainees (UN document A/HRC/13/42). The United States makes arrests outside its border under the pretext of the “war on terror.” According to a report of the Associated Press on December 9, 2010, documents released by the WikiLeaks website indicated that in 2003, some U.S. agents were involved in an abduction of a German citizen mistakenly believed to be a terrorist. The U.S. agents abducted him in Macedonia, and secretly detained him in a CIA-run prison in Afghanistan for five months. However, a top diplomat at the U.S. Embassy in Berlin warned the German government not to issue international arrest warrants against the involved CIA agents.

The United States has seriously violated the right of subsistence and right of development of Cuban residents. On October 26, 2010, the 65th session of the UN General Assembly overwhelmingly adopted a resolution entitled “Necessity of ending the economic, commercial and financial embargo imposed by the United States of America against Cuba,” the 19th such resolution in a row. Only two countries, including the United States, voted against the resolution. The blockade imposed by the United States against Cuba qualifies as an act of genocide under Article II of the Convention on the Prevention and Punishment of the Crime of Genocide, which was adopted in 1948.

The United States refuses to join several key international human rights conventions, failing to fulfill its international obligations. To date, the United States has ratified neither the International Covenant on Economic, Social and Cultural Rights, nor the Convention on the Elimination of All Forms of Discrimination against Women. In 2006, the UN General Assembly adopted the Convention on the Rights of Persons with Disabilities. Up to now 96 countries have ratified the Convention. The United States, however, has not ratified it. So far, a total of 193 countries have joined the Convention on the Rights of the Child as states parties, but the United States is among the very few countries that have not ratified it.

On August 20, 2010, the U.S. government submitted its first report on domestic human rights situation to the UN Human Rights Council. During the UN Universal Periodic Review (UPR) of the record on November 5, the United States received a record 228 recommendations by about 60 country delegations for improving its human rights situation. These recommendations referred to, inter alia, ratifying key international human rights conventions, rights of ethnic minorities and indigenous peoples, racial discriminations and Guantanamo prison. The United States, however, only accepted some 40 of them. On March 18, 2011, the UN Human Rights Council adopted the outcome of the UPR on the United States, and many countries condemned the United States for rejecting most of the recommendations. In the discussion on the United States, speakers from some country delegations expressed their regret and disappointment over the United States’ refusal of a large number of the recommendations. They noted that the United States’ commitment to the human rights area was far from satisfying, and they urged the United States to face up to its own human rights record and take concrete actions to tackle the existing human rights problems.

The above-mentioned facts illustrate that the United States has a dismal record on its own human rights and could not be justified to pose as the world’s “human rights justice.” However, it released the Country Reports on Human Rights Practices year after year to accuse and blame other countries for their human rights practices. The United States ignores its own serious human rights problems, but has been keen on advocating the so-called “human rights diplomacy,” to take human rights as a political instrument to defame other nations’ image and seek its own strategic interests. These facts fully expose its hypocrisy by exercising double standards on human rights and its malicious design to pursue hegemony under the pretext of human rights.

We hereby advise the U.S. government to take concrete actions to improve its own human rights conditions, check and rectify its acts in the human rights field, and stop the hegemonistic deeds of using human rights issues to interfere in other countries’ internal affairs.

A passenger passes a covered ticket machine with a plastic bag during a protest by PAME, a Communist Party-backed labor union, at the Syntagma Metro station in Athens.

‘I won’t pay’ movement spreads across Greece
by Elena Becatoros / 2.22.2011

In light of austerity measures, citizens ignore tolls, transit ticket costs, even bills for healthcare

ATHENS, Greece— They blockade highway toll booths to give drivers free passage. They cover subway ticket machines with plastic bags so commuters can’t pay. Even doctors are joining in, preventing patients from paying fees at state hospitals. Some call it civil disobedience. Others a freeloading spirit. Either way, Greece’s “I Won’t Pay” movement has sparked heated debate in a nation reeling from a debt crisis that’s forced the government to take drastic austerity measures — including higher taxes, wage and pension cuts, and price spikes in public services. What started as a small pressure group of residents outside Athens angered by higher highway tolls has grown into a movement affecting ever more sectors of society — one that many say is being hijacked by left-wing parties keen to ride popular discontent. A rash of political scandals in recent years, including a dubious land swap deal with a rich monastery and alleged bribes in state contracts — has fueled the rebellious mood. At dawn last Friday, about 100 bleary-eyed activists from a Communist Party-backed labor union covered ticket machines with plastic bags at Athens metro stations, preventing passengers from paying their fares, to protest public transport ticket price hikes. Other activists have taped up ticket machines on buses and trams. And thousands of people simply don’t bother validating their public transport tickets when they take the subway or the bus. “The people have paid already through their taxes, so they should be able to travel for free,” said Konstantinos Thimianos, 36, an activist standing at the metro picket line in central Syntagma Square. In one of their frequent occupations of the toll booths on the northern outskirts of Athens recently, protesters wore brightly colored vests with “total disobedience” emblazoned across their backs, and chanted: “We won’t pay for their crisis!”

The tactic has cropped up in the health sector, with some state hospital doctors staging a blockade in front of pay counters to prevent patients from paying their €5 flat fee for consultations. Critics deride the protests as yet another example of a freeloading mentality that helped lead the country into its financial mess. “The course from initial lawlessness to final wanton irresponsibility is like a spreading cancer,” Dionysis Gousetis said in a recent column in the respected daily broadsheet Kathimerini. “Now, with the crisis as an alibi … the freeloaders don’t hide. They appear publicly and proudly and act like heroes of civil disobedience. Something like Rosa Parks or Mahatma Gandhi,” Gousetis wrote. “They’re not satisfied with not paying themselves. They are forcing others to follow them.” Many accuse left-wing parties and labor unions of usurping a grassroots movement with legitimate grievances for their own political ends. “You think that lawlessness is something revolutionary, which helps the Greek people,” Prime Minister George Papandreou said recently, lashing out in Parliament at Coalition of the Left party head Alexis Tsipras. “It is the lawlessness which we have in our country that the Greek people are paying for today.”

But there is something about the “I Won’t Pay” movement that speaks to something deeper within Greek society: a propensity to bend the rules, to rebel against authority, particularly that of the state. It is so ingrained that many Greeks barely notice the myriad small, daily transgressions — the motorcycle driving on the sidewalk, the car running the red light, the blatant disregard of yet another government attempt to ban smoking in restaurants and bars. Less innocuous is persistent and widespread tax avoidance despite increasingly desperate government measures. “There is a general culture of lawlessness, starting from the most basic thing, tax evasion or tax avoidance, which is something that Greeks have been exercising since their state was created,” said social commentator Nikos Dimou. But many see the “I Won’t Pay” movement as something much simpler: the people’s refusal to pay for the mistakes of a series of governments accused of squandering the nation’s future through corruption and cronyism. “I don’t think it’s part of the Greek character. Greeks, when they see that the law is being applied in general, they will implement it too,” said Nikos Louvros, the 55-year-old chain-smoking owner of an Athens bar that openly flouts the smoking ban. “But when it isn’t being applied to some, such as when there are ministers who have been stealing, … Well, if the laws aren’t implemented at the top, others won’t implement them.”
Greek police clash with anti-austerity protesters
by Renee Maltezou / Feb 23 2011

Greek police clashed with protesters on Wednesday as around 100,000 workers, pensioners and students marched to parliament to protest austerity policies aimed at helping Greece cope with a huge debt crisis. Riot police fired scores of rounds of teargas and flash bombs at protesters hurling petrol bombs, choking the main Syndagma Square with smoke and sending crowds of striking protesters running for cover. The 24-hour strike by public and private sector employees grounded flights, closed schools and paralyzed public transport in the first nationwide walkout against cost cuts this year. In the biggest march since December 2008 riots brought the country to a standstill for weeks according to police sources and eyewitness, 100,000 Greeks marched through the streets of Athens chanting “We are not paying” and “No sacrifice for plutocracy.” Police officially put the figure at 32,000. Riot police fired teargas in several places to disperse demonstrators hurling stones and plastic bottles. Shops boarded up their windows and central Athens hotels locked their doors. Fifteen policemen and 10 civilians were injured, including one journalist slightly hurt by a petrol bomb, police officials said, while 26 protesters were detained. Protesters broke up marble paving stones for rocks to throw at police, set garbage cans on fire and damaged bus stops. Others unfolded a black banner reading “We are dying” in front of parliament. “Enough is enough! All these tax hikes are killing our businesses and we have to fire people,” said bar owner Costas Loras, 42.

Despite many strikes, the Socialist government cut pay and pensions and raised taxes last year in return for a 110 billion euro ($150 billion) bailout by the European Union and the International Monetary Fund that saved Greece from bankruptcy. Greece’s international lenders approved a new 15 billion euro tranche of the aid this month, but set a tougher target for privatization proceeds and called for more structural reforms. “This medicine is worse than the disease. It makes the rich richer and the poor poorer,” said Yannis Panagopoulos, president of Greece’s largest union GSEE. “We will continue fighting, we won’t stop.” Markets are watching for any derailment of Greece’s fiscal efforts. Analysts say strikes are unlikely to shake the government, which has a comfortable majority in parliament. “People once again expressed their opposition to the austerity measures. But no matter how big these protests are they can’t change the government’s policies,” said Costas Panagopoulos, head of ALCO pollsters. Private sector union GSEE and its public sector sister ADEDY, which together represent about 2.5 million workers or half the Greek workforce, have vowed to resist austerity measures, saying they are killing the economy.

Police in Greece clashed with protesters yesterday as 100,000 workers, pensioners and students marched to parliament to protest against the austerity measures aimed at coping with the country’s huge debt crisis. Riot officers fired tear gas and flash bombs as demonstrators returned fire with petrol bombs, choking the main Syndagma Square with smoke and sending crowds of striking people running for cover. Five police officers and 10 civilians were injured. At least 25 protesters were detained. One police officer was hit by a petrol bomb which set his uniform and motorcycle on fire. He was forced to remove his crash hemet and colleagues had to help extinguish the flames. The rally had been calm before the clashes. Protesters chanting “Don’t obey the rich — Fight back!” marched to parliament as the city centre was heavily policed. A brass band, tractors and cyclists joined in. The 24-hour strike by public and private sector employees grounded flights, closed schools and paralysed public transport in the first nationwide walkout against cuts this year.

Tens of thousands of people marched through the streets of Athens chanting: “We won’t pay” and “No sacrifice for plutocracy” in the biggest march since riots in December 2008 brought the country to a standstill for weeks. State hospital doctors, ambulance drivers, pharmacists, lawyers and tax collectors joined school teachers, journalists and thousands of small businesses as more middle-class groups took part in the protest than have in the past. Athens’ main shopping |district was mostly empty, as many small business owners shuttered their stores. Police fired tear gas to disperse demonstrators hurling stones and plastic bottles. Shops boarded up their windows and hotels in the |centre of Athens locked their doors. At least two people were injured and another three arrested. One group of rioting youths smashed paving stones in front of the central Bank of Greece, but there were no immediate reports of any serious damage. Despite the many strikes, the socialist government cut pay and pensions and raised taxes last year in return for a €110bn bailout by the European Union and the International Monetary Fund that saved the country from bankruptcy. Stathis Anestis, deputy leader of Greece’s largest union, the GSEE, said workers should not be asked to make more sacrifices during a third straight year of recession. “The measures forced on us by the agreement with our lenders are harsh and unfair… we are facing long-term austerity with high unemployment and destabilising our social structure,” Anestis said. “What is increasing is the level of anger and desperation… if these harsh policies continue, so will we.”


Freedom Box is the name we give to a free software system built to keep your communications free and private whether chatting with friends or protesting in the street. Freedom Box software is particularly tailored to run in “plug servers,” which are compact computers that are no larger than the power adapters for electronic appliances. Located in people’s homes or offices such inexpensive servers can provide privacy in normal life, and safe communications for people seeking to preserve their freedom in oppressive regimes.

Why Freedom Box?
Because social networking and digital communications technologies are now critical to people fighting to make freedom in their societies or simply trying to preserve their privacy where the Web and other parts of the Net are intensively surveilled by profit-seekers and government agencies. Yet, instead of technology supporting these new modes of communications, smartphones, mobile tablets, and other common forms of consumer electronics are being built as “platforms” to control their users and monitor their activity. Freedom Box exists to provide people with privacy-respecting technology alternatives that enable normal communication in normal times, and that offer ways to collaborate safely and securely with others in building social networks of protest, demonstration, and mobilization for political change in the not-so-normal times. Imagine if your next wireless router, or settop box, or other small computing device came with extra features. It knew how to securely contact your friends and business associates, it stored your personal data, securely backing it up and generally maintaining your presence in the various networks you have come to rely on for communicating with people in society. Such a box would not only make your participation in network communication easier in your daily life, increasing your privacy and the security of computers in your life, it would have many unique advantages during times of crisis.

Such a box could help in disasters by creating a mesh network with your neighbors to replace the centralized internet connections that go out with the lights or are cut by hostile governments. Such a box would make it harder for governments and invasive corporate interests to reach your data and casually profile you for their own uses. Such a box would also let you lend aid to friends in need by sharing your unfettered internet access with those trapped behind government firewalls that prevent them from learning about the world or speaking plainly to it. Such boxes exist in the form of plug computers and mesh routers, tiny, inexpensive machines that can take the place of other electronics in your life, that draw so little power (often as little as 5W) that they can be run off of batteries or solar panels. We even have free software, software meant to empower and support individuals, to do all of the things mentioned above.

What we need is the glue to hold all of that together, the architecture of which pieces stack together in which way to turn a collection of possibilities into an appliance so easy to use that you forget you even have one, at least until that moment when you really need it. The FreedomBox Foundation was built to put this all together. It was started by community leaders with long track leaders and lives as a community project. But the past few months have shown us all that there are millions of people around the world who need such a device now and we need to pick up the pace and get them made so that next time, our friends have some help. That is why we are asking for your help.

In Need of Community Angels
There are many people out there, in many different communities, who feel the same way we do about profiling, internet kill switches, and the need to give people greater independence in their network communications, but turning all that interest and the offers of help into a real software suite is going to take coordination, organization, and bringing people together in focused groups to get this system built. That is why the FreedomBox Foundation was created, but it requires real work and a real demonstration of community size and support to keep everything moving. If we can meet our funding goal now, we can start doing that work full time, build road maps for the core components, and put together a series of conferences/hack days to pull the community together. The Freedom Box is a community based endeavor from the ground up. That includes everything from architecture and engineering through to administration and funding. It’s the reason why we’re seeking the first round of investment from our own community. We want it to be clear that this project begins and remains in the hands of the people who give it life at every stage and in every part of the project. Almost all the software we need to make this work is already out there in the free software world, but if we are going to pull it all together, first we need to get up to speed. Please join us and help keep the momentum going from 0 to 60!

When will we get the software?
The release timeline for this software depends a good deal on how much support we can gather this month, which is why we are reaching out now. If we can reach our goal, we hope to release a first version of the software six months later. This is our best working etimate but we will know a lot more in the next 30 days and will continue to update everyone here and on the Foundation’s website. If you are pledging enough for any of the software rewards ($50 and up), know that we hope to have everything shipped out within in week of the 0.1 release, if not on the release day itself, and please keep your eye here and on the Foundation site for updates.

What will Freedom Boxes do?

A plug server or other digital appliance in your home running the Freedom Box software can provide many services to you and your friends, automatically and securely. The following is a short list of the services we think are important:

  • Safe social networking, in which, without losing touch with any of your friends, you replace Facebook, Flickr, Twitter and other centralized services with privacy-respecting federated services;
  • Secure backup: Your data automatically stored in encrypted format on the Freedom Boxes of your friends or associates, thus protecting your personal data against seizure or loss;
  • Network neutrality protection: If your ISP starts limiting or interfering with your access to services in the Net, your Freedom Box can communicate with your friends to detect and route traffic around the limitations. Network censorship is automatically routed around, for your friends in societies with oppressive national firewalls, or for you;
  • Safe anonymous publication: Friends or associates outside zones of network censorship can automatically forward information from people within them, enabling safe, anonymous publication;
  • Home network security, with real protection against intrusion and the security threats aimed at Microsoft Windows or other risky computers your network;
  • Encrypted email, with seamless encryption and decryption;
  • Private voice communications: Freedom Box users can make voice-over-Internet phone calls to one another or to any phone. Calls between Freedom Box users will be encrypted securely;

Freedom Boxes can do anything that computers running the Debian GNU/Linux free operating system can do, which means they have full access to thousands of applications packages. Freedom Boxes are Debian server systems specially configured to provide users with privacy-protection and safe communications services. Freedom Boxes will become more capable with time, because they can upgrade themselves safely and securely using well-tested and stable automatic upgrade mechanisms already deployed in hundreds of thousands of Debian and Debian-descended installations around the world.

Freeing the Internet one Server at a time
by Steven J. Vaughan-Nichols / February 16, 2011

Free software isn’t about free services or beer, it’s about intellectual freedom. As recent episodes such as censorship in China, the Egyptian government turning off the Internet, andFacebook’s constant spying, have shown, freedom and privacy on the Internet are under constant assault. Now Eben Moglen, law professor at Columbia University and renowned free software legal expert, has proposed a way to combine free software with the original peer-to-peer (P2P) design of the Internet to liberate users from the control of governments and big brother-like companies: Freedom Box.

In a recent Freedom in the Clouds speech in NYC, Moglen explained what he sees as the Internet’s current problems and his proposed solution. First, here’s the trouble with the Internet today as Moglen sees it:

[6:13] “It begins of course with the Internet. Designed as a network of peers without any intrinsic need for hierarchical or structural control and assuming that every switch in the net is an independent free standing entity who’s volition is equivalent to the human beings who control it … But it never really worked out that way.”

The Software Problem [7:18]: “It was a simple software problem and it has a simple three syllable name. Its name was ‘Microsoft’. Conceptually there was a network which was designed as a system of peer nodes, but the operating software … that came to occupy the network over the course of a decade-and-a-half was built around a very clear idea that had nothing to do with peers. It was called ’server/client architecture’.”

The Great Idea Behind Windows [9:22]: “It was the great idea of Windows, in an odd way, to create a political archetype in the net that reduced the human being to the client, and created a big centralized computer, which we might refer to as the server, that provided things to the human being on ‘take or it leave it’ terms. And unfortunately everyone took it because they didn’t know how to leave once they got in. Now, the net was made up of servers in the center and clients at the edge. Clients had quite a little power and servers had quite a lot … As storage gets cheaper, as processing gets cheaper, as complex services that scale in ways that are hard to use small computers for … the hierarchical nature of net came to seem like it was meant to be there.”

Logs [10:44]: “One more thing happened about that time … Servers began to keep logs. That’s good decision … But if you have a system which centralizes servers, and the servers centralize their logs, then you are creating vast repositories of hierarchically organized data about people at the edges of the network that they do not control, and unless they are experienced in the operation of servers, will not understand the comprehensiveness of [server-collected user data.].”

The Recipe for Disaster [12:01]: “So we built a network out of a communications architecture designed for peering, which we defined in client server style, which we then defined to be the dis-empowered client at the edge and the server in the middle. We aggregated processing and storage increasingly in the middle and we kept the logs — that is information about the flows of information in the net — in centralized places far from the human beings who controlled or at any rate thought they controlled

This ended up creating “an architecture that was very subject to misuse, indeed it was begging to be misused. Now we are getting the misuse we set up…There are a lot of reasons for making clients dis-empowered … There are many overlapping rights owners, as they see themselves, each of whom has a stake in dis-empowering a client at the edge of the network. To prevent particular hardware from being moved from one network to another, to prevent particular hardware from playing music not bought at the monopoly of music in the sky.”

In particular, Moglen has no love at all for Facebook. “The human race has susceptibility to harm but Mr. Zuckerberg has attained an unenviable record. He has done more harm to the human race than anybody else his age. Because he harnessed Friday night, that is, ‘Everybody needs to get laid,’ and turned into a structure for degenerating the integrity of human personality and he has to remarkable extent succeeded with a very poor deal, namely ‘I will give you free web-hosting and some PHP doodads and you get spying for free all the time.’ And it works.

How could that have happened? There was no architectural reason. Facebook is the web with, ‘I keep all the logs, how do you feel about that?’ It’s a terrarium for what it feels like to live in a Panopticon built out of web parts. And it shouldn’t be allowed. That’s a very poor way to deliver those services. They are grossly overpriced at ’spying all the time’, they are not technically innovative. They depend on an architecture subject to misuse and the business model that supports them is misuse. There isn’t any other business model for them. This is bad. I’m not suggesting it should be illegal. It should be obsolete. We’re technologists we should fix it.”

So, what’s the solution to this client/server architecture and all the abuses against freedom and privacy it enables? Moglen turns to inexpensive server hardware. He told the New York Times that “cheap, small, low-power plug servers,” are the start. These are small devices “the size of a cellphone charger, running on a low-power chip. You plug it into the wall and forget about it.” Almost anyone could have one of these tiny servers, which are now produced for limited purposes but could be adapted to a full range of Internet applications, he said. “They will get very cheap, very quick,” he continued, “They’re $99; they will go to $69. Once everyone is getting them, they will cost $29.”

Such plug-in servers are already shipping. They include the TonidoPlug, theSheevaPlug, and GuruPlug.

The point of these Freedom servers is to address the privacy and control issues of “social networking and digital communications technologies, [which] are now critical to people fighting to make freedom in their societies or simply trying to preserve their privacy where the Web and other parts of the Net are intensively surveilled by profit-seekers and government agencies.” This needs to be done “Because smartphones, mobile tablets, and other common forms of consumer electronics are being built as ‘platforms’ to control their users and monitor their activity.”

What runs on these plug servers is where Linux and open-source software comes in. The one firm software decision that’s been made so far is that the base operating system will be the latest release of Debian Linux This version of Debian is the one that, for better or worse, contains no proprietary hardware drivers or software.
You say you want a revolution?
by Dan Goodin / 17th February 2011

Concerned about Facebook, Google, and other companies that make billions brokering sensitive information, free-software champion Eben Moglen has unveiled a plan to populate the internet with tiny, low-cost boxes that are designed to preserve individuals’ personal privacy. The Freedom Box, as the chairman of the Software Freedom Law Center has christened it, would be no bigger than power adapters for electronic appliances. The inexpensive devices would be deployed in a peer-to-peer fashion in homes and offices to process email, voice-over-IP communications, and the sharing of pictures, among other things. The decentralized structure of the devices is in stark contrast to today’s biggest internet providers, which offer the same services in exchange for users turning over some of their most trusted secrets. Public enemy No. 1 is Facebook founder Mark Zuckerberg, who in Moglen’s eyes, “has done more harm to the human race than anybody else his age.”

“He has to remarkable extent succeeded with a very poor deal, namely ‘I will give you free web-hosting and some PHP doodads and you get spying for free all the time,’” Moglen said during a meeting last year of the Internet Society’s New York branch. “And it works.” As Moglen envisions them, Freedom Boxes would be used to perform a wealth of services that most of the world has been brainwashed into believing are better performed in the cloud. Secure backups that automatically store data in encrypted form would be performed on the Freedom Boxes of our friends, just as their encrypted data would be stored on ours. The boxes would also be used to send and receive encrypted email, VoIP calls, and to act as a safer alternative to social-networking sites such as Facebook and LinkedIn. The guts of the boxes would be the Debian distribution of Linux, along with countless free applications that would presumably be developed under the same model as most of today’s open source software.

The Freedom Box website gives no timeline for delivery, but Moglen told The New York Times that he could build version 1.0 in one year if he could raise “slightly north of $500,000.” The cost of plug-in devices is about $99 right now, but Moglen said they’ll eventually sell for about $29. They’ll run on a low-power chip. “You plug it into the wall and forget about it,” he told the NYT.

With Facebook and Twitter getting credit for fomenting protests and revolutions in the Middle East, Moglen says the ability to connect online carries immeasurable promise. But right now, most of the organizing is taking place on centralized, for-profit websites with ethics that can easily be compromised. “As a result of which, we are watching political movements of enormous value, capable of transforming the lives of hundreds of millions of people, resting on a fragile basis, like, for example, the courage of Mr. Zuckerberg, or the willingness of Google to resist the state, where the state is a powerful business partner and a party Google cannot afford frequently to insult.”

Eben Moglen
email : moglen [at] columbia [dot] edu

Software Freedom, Privacy, and Security for Web 2.0 and Cloud Computing
A Speech given by Eben Moglen at a meeting of the Internet Society’s New York branch on Feb 5, 2010

It’s a pleasure to be here. I would love to think that the reason that we’re all here on a Friday night is that my speeches are so good. I actually have no idea why we’re all here on a Friday night but I’m very grateful for the invitation. I am the person who had no date tonight so it was particularly convenient that I was invited for now.

So, of course, I didn’t have any date tonight. Everybody knows that. My calendar’s on the web.

The problem is that problem. Our calendar is on the web. Our location is on the web. You have a cell phone and you have a cell phone network provider and if your cell phone network provider is Sprint then we can tell you that several million times last year, somebody who has a law enforcement ID card in his pocket somewhere went to the Sprint website and asked for the realtime location of somebody with a telephone number and was given it. Several million times. Just like that. We know that because Sprint admits that they have a website where anybody with a law enforcement ID can go and find the realtime location of anybody with a Sprint cellphone. We don’t know that about ATT and Verizon because they haven’t told us.

But that’s the only reason we don’t know, because they haven’t told us. That’s a service that you think of as a traditional service – telephony. But the deal that you get with the traditional service called telephony contains a thing you didn’t know, like spying. That’s not a service to you but it’s a service and you get it for free with your service contract for telephony. You get for free the service of advertising with your gmail which means of course there’s another service behind which is untouched by human hands, semantic analysis of your email. I still don’t understand why anybody wants that. I still don’t understand why anybody uses it but people do, including the very sophisticated and thoughtful people in this room.

And you get free email service and some storage which is worth exactly a penny and a half at the current price of storage and you get spying all the time.

And for free, too.

And your calendar is on the Web and everybody can see whether you have a date Friday night and you have a status – “looking” – and you get a service for free, of advertising “single: looking”. Spying with it for free. And it all sort of just grew up that way in a blink of an eye and here we are. What’s that got to do with open source? Well, in fact it doesn’t have anything to do with open source but it has a whole lot to do with free software. Yet, another reason why Stallman was right. It’s the freedom right?

So we need to back up a little bit and figure out where we actually are and how we actually got here and probably even more important, whether we can get out and if so, how? And it isn’t a pretty story, at all. David’s right. I can hardly begin by saying that we won given that spying comes free with everything now. But, we haven’t lost. We’ve just really bamboozled ourselves and we’re going to have to un-bamboozle ourselves really quickly or we’re going to bamboozle other innocent people who didn’t know that we were throwing away their privacy for them forever.

It begins of course with the Internet, which is why it’s really nice to be here talking to the Internet society – a society dedicated to the health, expansion, and theoretical elaboration of a peer-to-peer network called “the Internet” designed as a network of peers without any intrinsic need for hierarchical or structural control and assuming that every switch in the Net is an independent, free-standing entity whose volition is equivalent to the volition of the human beings who want to control it.

That’s the design of the NET, which, whether you’re thinking about it as glued together with IPv4 or that wonderful improvement IPv6 which we will never use apparently, still assumes peer communications.

OF course, it never really really really worked out that way. There was nothing in the technical design to prevent it. Not at any rate in the technical design interconnection of nodes and their communication. There was a software problem. It’s a simple software problem and it has a simple three syllable name. It’s name is Microsoft. Conceptually, there was a network which was designed as a system of peer nodes but the OS which occupied the network in an increasingly – I’ll use the word, they use it about us why can’t I use it back? – viral way over the course of a decade and a half. The software that came to occupy the network was built around a very clear idea that had nothing to do with peers. It was called “server client architecture”.

The idea that the network was a network of peers was hard to perceive after awhile, particularly if you were a, let us say, ordinary human being. That is, not a computer engineer, scientist, or researcher. Not a hacker, not a geek. If you were an ordinary human, it was hard to perceive that the underlying architecture of the Net was meant to be peerage because the OS software with which you interacted very strongly instantiated the idea of the server and client architecture.

In fact, of course, if you think about it, it was even worse than that. The thing called “Windows” was a degenerate version of a thing called “X Windows”. It, too, thought about the world in a server client architecture, but what we would now think of as now backwards. The server was the thing at the human being’s end. That was the basic X Windows conception of the world. it’s served communications with human beings at the end points of the Net to processes located at arbitrary places near the center in the middle, or at the edge of the NET. It was the great idea of Windows in an odd way to create a political archetype in the Net which reduced the human being to the client and produced a big, centralized computer, which we might have called a server, which now provided things to the human being on take-it-or-leave-it terms.

They were, of course, quite take-it or leave-it terms and unfortunately, everybody took it because they didn’t know how to leave once they got in. Now the Net was made of servers in the center and clients at the edge. Clients had rather little power and servers had quite a lot. As storage gets cheaper, as processing gets cheaper, and as complex services that scale in ways that are hard to use small computers for – or at any rate, these aggregated collections of small computers for – the most important of which is search. As services began to populate that net, the hierarchical nature of the Net came to seem like it was meant to be there. The Net was made of servers and clients and the clients were the guys at the edge representing humans and servers were the things in the middle with lots of power and lots of data.

Now, one more thing happened about that time. It didn’t happen in Microsoft Windows computers although it happened in Microsoft Windows servers and it happened more in sensible OSs like Unix and BSD and other ones. Namely, servers kept logs. That’s a good thing to do. Computers ought to keep logs. It’s a very wise decision when creating computer OS software to keep logs. It helps with debugging, makes efficiencies attainable, makes it possible to study the actual operations of computers in the real world. It’s a very good idea.

But if you have a system which centralizes servers and the servers centralize their logs, then you are creating vast repositories of hierarchically organized data about people at the edges of the network that they do not control and, unless they are experienced in the operation of servers, will not understand the comprehensiveness of, the meaningfulness of, will not understand the aggregatability of.

So we built a network out of a communications architecture design for peering which we defined in client-server style, which we then defined to be the dis-empowered client at the edge and the server in the middle. We aggregated processing and storage increasingly in the middle and we kept the logs – that is, info about the flows of info in the Net – in centralized places far from the human beings who controlled or thought they controlled the operation of the computers that increasingly dominated their lives. This was a recipe for disaster.

This was a recipe for disaster. Now, I haven’t mentioned yet the word “cloud” which I was dealt on the top of the deck when I received the news that I was talking here tonight about privacy and the cloud.

I haven’t mentioned the word “cloud” because the word “cloud” doesn’t really mean anything very much. In other words, the disaster we are having is not the catastrophe of the cloud. The disaster we are having is the catastrophe of the way we misunderstood the Net under the assistance of the un-free software that helped us to understand it. What “cloud” means is that servers have ceased to be made of iron. “Cloud” means virtualization of servers has occurred.

So, out here in the dusty edges of the galaxy where we live in dis-empowered clienthood, nothing very much has changed. As you walk inward towards the center of the galaxy, it gets more fuzzy than it used to. We resolve now halo where we used to see actual stars. Servers with switches and buttons you can push and such. Instead, what has happened is that iron no longer represents a single server. Iron is merely a place where servers could be. So “cloud” means servers have gained freedom, freedom to move, freedom to dance, freedom to combine and separate and re-aggregate and do all kinds of tricks. Servers have gained freedom. Clients have gained nothing. Welcome to the cloud.

It’s a minor modification of the recipe for disaster. It improves the operability for systems that control the clients out there who were meant to be peers in a Net made of equal things.

So that’s the architecture of the catastrophe. If you think about it, each step in that architectural revolution: from a network made of peers, to servers that serve the communication with humans, to clients which are programs running on heavy iron, to clients which are the computers that people actually use in a fairly dis-empowered state and servers with a high concentration of power in the Net, to servers as virtual processes running in clouds of iron at the center of an increasingly hot galaxy and the clients are out there in the dusty spiral arms.

All of those decisions architecturally were made without any discussion of the social consequences long-term, part of our general difficulty in talking about the social consequences of technology during the great period of invention of the Internet done by computer scientists who weren’t terribly interested in Sociology, Social Psychology, or, with a few shining exceptions – freedom. So we got an architecture which was very subject to misuse. Indeed, it was in a way begging to be misused and now we are getting the misuse that we set up. Because we have thinned the clients out further and further and further. In fact, we made them mobile. We put them in our pockets and we started strolling around with them.

There are a lot of reasons for making clients dis-empowered and there are even more reasons for dis-empowering the people who own the clients and who might quaintly be thought of the people who ought to control them. If you think for just a moment how many people have an interest in dis-empowering the clients that are the mobile telephones you will see what I mean. There are many overlapping rights owners as they think of themselves each of whom has a stake in dis-empowering a client at the edge of the network to prevent particular hardware from being moved from one network to another. To prevent particular hardware from playing music not bought at the great monopoly of music in the sky. To disable competing video delivery services in new chips I founded myself that won’t run popular video standards, good or bad. There are a lot of business models that are based around mucking with the control over client hardware and software at the edge to deprive the human that has quaintly thought that she purchased it from actually occupying the position that capitalism says owners are always in – that is, of total control.

In fact, what we have as I said a couple of years ago in between appearances here at another NYU function. In fact, what we have are things we call platforms. The word “platform” like the word “cloud” doesn’t inherently mean anything. It’s thrown around a lot in business talk. But, basically what platform means is places you can’t leave. Stuff you’re stuck to. Things that don’t let you off. That’s platforms. And the Net, once it became a hierarchically architected zone with servers in the center and increasingly dis-empowered clients at the edge, becomes the zone of platforms and platform making becomes the order of the day.

Some years ago a very shrewd lawyer who works in the industry said to me “Microsoft was never really a software company. Microsoft was a platform management company”. And I thought Yes, shot through the heart.

So we had a lot of platform managers in a hierarchically organized network and we began to evolve services. “Services” is a complicated word. It’s not meaningless by any means but it’s very tricky to describe it. We use it for a lot of different things. We badly need an analytical taxonomy of “services” as my friend and colleague Philippe Aigrain in Paris pointed out some 2 or 3 years ago. Taxonomies of “services” involve questions of simplicity, complexity, scale, and control.

To take an example, we might define a dichotomy between complex and simple services in which simple services are things that any computer can perform for any other computer if it wants to and complex services are things you can’t do with a computer. You must do with clusters or structures of some computational or administrative complexity. SEARCH is a complex service. Indeed, search is the archetypal complex service. Given the one way nature of links in the Web and other elements in the data architecture we are now living with (that’s another talk, another time) search is not a thing that we can easily distribute. The power in the market of our friends at Google depends entirely on the fact that search is not easily distributed. It is a complex service that must be centrally organized and centrally delivered. It must crawl the web in a unilateral direction, link by link, figuring out where everything is in order to help you find it when you need it. In order to do that, at least so far, we have not evolved good algorithmic and delivery structures for doing it in a decentralized way. So, search becomes an archetypal complex service and it draws onto itself a business model for its monetiztion.

Advertising in the 20th century was a random activity. You threw things out and hoped they worked. Advertising in the 21st century is an exquisitely precise activity. You wait for a guy to want something and then you send him advertisements about what he wants and bingo it works like magic. So of course on the underside of a complex service called search there is a theoretically simple service called advertising which, when unified to a complex service, increases its efficiency by orders of magnitude and the increase of the efficiency of the simple service when combined with the complex one produces an enormous surplus revenue flow which can be used to strengthen search even more.

But that’s the innocent part of the story and we don’t remain in the innocent part of the story for a variety of uses. I won’t be tedious on a Friday night and say it’s because the bourgeoisie is constantly engaged in destructively reinventing and improving its own activities and I won’t be moralistic on a Friday night that you can’t do that and say because sin is in-eradicable and human beings are fallen creatures and greed is one of the sins we cannot avoid committing. I will just say that as a sort of ordinary social process we don’t stop at innocent. We go on, which surely is the thing you should say on a Friday night. And so we went on.

Now, where we went on is really towards the discovery that all of this would be even better if you had all the logs of everything because once you have the logs of everything then every simple service is suddenly a goldmine waiting to happen and we blew it because the architecture of the Net put the logs in the wrong place. They put the logs where innocence would be tempted. They put the logs where the failed state of human beings implies eventually bad trouble and we got it.

The cloud means that we can’t even point in the direction of the server anymore and because we can’t even point in the direction of the server anymore we don’t have extra technical or non-technical means of reliable control over this disaster in slow motion. You can make a rule about logs or data flow or preservation or control or access or disclosure but your laws are human laws and they occupy particular territory and the server is in the cloud and that means the server is always one step ahead of any rule you make or two or three or six or poof! I just realized I’m subject to regulation, I think I’ll move to Oceana now.

Which means that in effect, we lost the ability to use either legal regulation or anything about the physical architecture of the network to interfere with the process of falling away from innocence that was now inevitable in the stage I’m talking about, what we might call late Google stage 1.

It is here, of course, that Mr. Zuckerberg enters.

The human race has susceptibility to harm but Mr. Zuckerberg has attained an unenviable record: he has done more harm to the human race than anybody else his age.

Because he harnessed Friday night. That is, everybody needs to get laid and he turned it into a structure for degenerating the integrity of human personality and he has to a remarkable extent succeeded with a very poor deal. Namely, “I will give you free web hosting and some PHP doodads and you get spying for free all the time”. And it works.

That’s the sad part, it works.

How could that have happened?

There was no architectural reason, really. There was no architectural reason really. Facebook is the Web with “I keep all the logs, how do you feel about that?” It’s a terrarium for what it feels like to live in a panopticon built out of web parts.

And it shouldn’t be allowed. It comes to that. It shouldn’t be allowed. That’s a very poor way to deliver those services. They are grossly overpriced at “spying all the time”. They are not technically innovative. They depend upon an architecture subject to misuse and the business model that supports them is misuse. There isn’t any other business model for them. This is bad.

I’m not suggesting it should be illegal. It should be obsolete. We’re technologists, we should fix it.

I’m glad I’m with you so far. When I come to how we should fix it later I hope you will still be with me because then we could get it done.

But let’s say, for now, that that’s a really good example of where we went wrong and what happened to us because. It’s trickier with gmail because of that magical untouched by human hands-iness. When I say to my students, “why do you let people read your email”, they say “but nobody is reading my email, no human being ever touched it. That would freak me out, I’d be creeped out if guys at Google were reading my email. But that’s not happening so I don’t have a problem.”

Now, this they cannot say about Facebook. Indeed, they know way too much about Facebook if they let themselves really know it. You have read the stuff and you know. Facebook workers know who’s about to have a love affair before the people do because they can see X obsessively checking the Facebook page of Y. There’s some very nice research done a couple of years ago at an MIT I shouldn’t name by students I’m not going to describe because they were a little denting to the Facebook terms of service in the course of their research. They were just scraping but the purpose of their scraping was the demonstrate that you could find closeted homosexuals on Facebook.

They don’t say anything about their sexual orientation. Their friends are out, their interests are the interests of their friends who are out. Their photos are tagged with their friends who are out and they’re out except they’re not out. They’re just out in Facebook if anybody looks, which is not what they had in mind surely and not what we had in mind for them, surely. In fact, the degree of potential information inequality and disruption and difficulty that arises from a misunderstanding, a heuristic error, in the minds of human beings about what is and what’s not discoverable about them is not our biggest privacy problem.

My students, and I suspect many of the students of teachers in this room too, show constantly in our dialog the difficulty. They still think of privacy as “the one secret I don’t want revealed” and that’s not the problem. Their problem is all the stuff that’s the cruft, the data dandruff of life, that they don’t think of as secret in any way but which aggregates to stuff that they don’t want anybody to know. Which aggregates, in fact, not just to stuff they don’t want people to know but to predictive models about them that they would be very creeped out could exist at all. The simplicity with which you can de-anonymize theoretically anonymized data, the ease with which, for multiple sources available to you through third and fourth party transactions, information you can assemble, data maps of people’s lives. The ease with which you begin constraining, with the few things you know about people, the data available to you, you can quickly infer immense amounts more.

My friend and colleague Bradly Kuhn who works at the Software Freedom Law Center is one of those archaic human beings who believes that a social security number is a private thing. And he goes to great lengths to make sure that his Social Security is not disclosed which is his right under our law, oddly enough. Though, try and get health insurance or get a safe deposit box, or in fact, operate the business at all. We bend over backwards sometimes in the operation of our business because Bradly’s Social Security number is a secret. I said to him one day “You know, it’s over now because Google knows your Social Security number”. He said “No they don’t, I never told it to anybody”. I said, “Yeah but they know the Social Security number of everybody else born in Baltimore that year. Yours is the other one”.

And as you know, that’s true. The data that we infer is the data in the holes between the data we already know if we know enough things.

So, where we live has become a place in which it would be very unwise to say about anything that it isn’t known. If you are pretty widely known in the Net and all of us for one reason or another are pretty widely known in the Net. We want to live there. It is our neighborhood. We just don’t want to live with a video camera on every tree and a mic on every bush and the data miner beneath our feet everywhere we walk and the NET is like that now. I’m not objecting to the presence of AOL newbies in Usenet news. This is not an aesthetic judgment from 1995 about how the neighborhood is now full of people who don’t share our ethnocentric techno geekery. I’m not lamenting progress of a sort of democratizing kind. On the contrary, I’m lamenting progress of a totalizing kind. I’m lamenting progress hostile to human freedom. We all know that it’s hostile to human freedom. We all understand it’s despotic possibilities because the distopias of which it is fertile were the stuff of the science fiction that we read when we were children. The Cold War was fertile in the fantastic invention of where we live now and it’s hard for us to accept that but it’s true. Fortunately, of course, it’s not owned by the government. Well, it is. It’s fortunate. It’s true. It’s fortunate that it’s owned by people that you can bribe to get the thing no matter who you are. If you’re the government you have easy ways of doing it. You fill out a subpoena blank and you mail it.

I spent two hours yesterday with a law school class explaining in detail why the 4th Amendment doesn’t exist anymore because that’s Thursday night and who would do that on a Friday night? But the 4th Amendment doesn’t exist anymore. I’ll put the audio on the Net and the FBI and you can listen to it anytime you want.

We have to fess up if we’re the people who care about freedom, it’s late in the game and we’re behind. We did a lot of good stuff and we have a lot of tools lying around that we built over the last 25 years. I helped people build those tools. I helped people keep those tools safe, I helped people prevent the monopoly from putting all those tools in its bag and walking off with them and I’m glad the tools are around but we do have to admit that we have not used them to protect freedom because freedom is decaying and that’s what David meant in his very kind introduction.

In fact, people who are investing in the new enterprises of unfreedom are also the people you will hear if you hang out in Silicon Valley these days that open source has become irrelevant. What’s their logic? Their logic is that software as a service is becoming the way of the world. Since nobody ever gets any software anymore, the licenses that say “if you give people software you have to give them freedom” don’t matter because you’re not giving anybody software. You’re only giving them services.

Well, that’s right. Open source doesn’t matter anymore. Free software matters a lot because of course, free software is open source software with freedom. Stallman was right. It’s the freedom that matters. The rest of it is just source code. Freedom still matters and what we need to do is to make free software matter to the problem that we have which is unfree services delivered in unfree ways really beginning to deteriorate the structure of human freedom.

Like a lot of unfreedom, the real underlying social process that forces this unfreedom along is nothing more than perceived convenience.

All sorts of freedom goes over perceived convenience. You know this. You’ve stopped paying for things with cash. You use a card that you can wave at an RFID reader.

Convenience is said to dictate that you need free web hosting and PHP doodads in return for spying all the time because web servers are so terrible to run. Who could run a web server of his own and keep the logs? It would be brutal. Well, it would if it were IIS. It was self-fulfilling, it was intended to be. It was designed to say “you’re a client, I’m a server. I invented Windows 7, It was my idea. I’ll keep the logs thank you very much.” That was the industry. We built another industry. It’s in here. But it’s not in. Well, yeah it is kind of in here. So where isn’t it? Well it’s not in the personal web server I don’t have that would prevent me from falling…well, why don’t we do something about that.

What do we need? We need a really good webserver you can put in your pocket and plug in any place. In other words, it shouldn’t be any larger than the charger for your cell phone and you should be able to plug it in to any power jack in the world and any wire near it or sync it up to any wifi router that happens to be in its neighborhood. It should have a couple of USB ports that attach it to things. It should know how to bring itself up. It should know how to start its web server, how to collect all your stuff out of the social networking places where you’ve got it. It should know how to send an encrypted backup of everything to your friends’ servers. It should know how to microblog. It should know how to make some noise that’s like tweet but not going to infringe anybody’s trademark. In other words, it should know how to be you …oh excuse me I need to use a dangerous word – avatar – in a free net that works for you and keeps the logs. You can always tell what’s happening in your server and if anybody wants to know what’s happening in your server they can get a search warrant.

And if you feel like moving your server to Oceana or Sealand or New Zealand or the North Pole, well buy a plane ticket and put it in your pocket. Take it there. Leave it behind. Now there’s a little more we need to do. It’s all trivial. We need some dynamic DNS and all stuff we’ve already invented. It’s all there, nobody needs anything special. Do we have the server you can put in your pocket? Indeed, we do. Off the shelf hardware now. Beautiful little wall warts made with ARM chips. Exactly what I specked for you. Plug them in, wire them up. How’s the software stack in there? Gee, I don’t know it’s any software stack you want to put in there.

In fact, they’ll send it to you with somebody’s top of the charts current distro in it, you just have to name which one you want. Which one do you want? Well you ought to want the Debian Gnu Linux social networking stack delivered to you free, free as in freedom I mean. Which does all the things I name – brings itself up, runs it’s little Apache or lighttpd or it’s tiny httpd, does all the things we need it to do – syncs up, gets your social network data from the places, slurps it down, does your backup searches, finds your friends, registers your dynamic DNS. All is trivial. All this is stuff we’ve got. We need to put this together. I’m not talking about a thing that’s hard for us. We need to make a free software distribution device. How many of those do we do?

We need to give a bunch to all our friends and we need to say, here fool around with this and make it better. We need to do the one thing we are really really really good at because all the rest of it is done, in the bag, cheap ready. Those wall wart servers are $99 now going to $79 when they’re five million of them they’ll be $29.99.

Then we go to people and we say $29.99 once for a lifetime, great social networking, updates automatically, software so strong you couldn’t knock it over it you kicked it, used in hundreds of millions of servers all over the planet doing a wonderful job. You know what? You get “no spying” for free. They want to know what’s going on in there? Let them get a search warrant for your home, your castle, the place where the 4th Amendment still sort of exists every other Tuesday or Thursday when the Supreme Court isn’t in session. We can do that. We can do that. That requires us to do only the stuff we’re really really good at. The rest of it we get for free. Mr. Zuckerberg? Not so much.

Because of course, when there is a competitor to “all spying all the time whether you like it or not”, the competition is going to do real well. Don’t expect Google to be the competitor. That’s our platform. What we need is to make a thing that’s so greasy there will never be a social network platform again. Can we do it? Yeah, absolutely. In fact, if you don’t have a date on Friday night, let’s just have a hackfest and get it done. It’s well within our reach.

We’re going to do it before the Facebook IPO? Or are we going to wait till after? Really? Honestly? Seriously. The problem that the law has very often in the world where we live and practice and work, the problem that the law has very often, the problem that technology can solve. And the problem that technology can solve is the place where we go to the law. That’s the free software movement. There’s software hacking over here and there’s legal hacking over there and you put them both together and the whole is bigger than the sum of the parts. So, it’s not like we have to live in the catastrophe. We don’t have to live in the catastrophe. It’s not like what we have to do to begin to reverse the catastrophe is hard for us. We need to re-architect services in the Net. We need to re-distribute services back towards the edge. We need to de-virtualize the servers where your life is stored and we need to restore some autonomy to you as the owner of the server.

The measures for taking those steps are technical. As usual, the box builders are ahead of us. The hardware isn’t the constraint. As usual, nowadays, the software isn’t really that deep a constraint either because we’ve made so much wonderful software which is in fact being used by all the guys on the bad architecture. They don’t want to do without our stuff. The bad architecture is enabled, powered by us. The re-architecture is too. And we have our usual magic benefit. If we had one copy of what I’m talking about, we’d have all the copies we need. We have no manufacturing or transport or logistics constraint. If we do the job, it’s done. We scale.

This is technical challenge for social reason. It’s a frontier for technical people to explore. There is enormous social pay-off for exploring it.

The payoff is plain because the harm being ameliorated is current and people you know are suffering from it. Everything we know about why we make free software says that’s when we come into our own. It’s a technical challenge incrementally attainable by extension from where we already are that makes the lives of the people around us and whom we care about immediately better. I have never in 25 years of doing this work, I have never seen us fail to rise to a challenge that could be defined in those terms. So I don’t think we’re going to fail this one either.

Mr. Zuckerberg richly deserves bankruptcy.

Let’s give it to him. For Free.

And I promise, and you should promise too, not to spy on the bankruptcy proceeding. It’s not any of our business. It’s private.

This is actually a story potentially happy. It is a story potentially happy and if we do it then we will have quelled one more rumor about the irrelevance of us and everybody in the Valley will have to go find another buzz word and all the guys who think that Sandhill Road is going to rise into new power and glory by spying on everybody and monetizing it will have to find another line of work too, all of which is purely on the side of the angels. Purely on the side of the angels.

We will not be rid of all our problems by any means, but just moving the logs from them to you is the single biggest step that we can take in resolving a whole range of social problems that I feel badly about what remains of my American constitution and that I would feel badly about if I were watching the failure of European data protection law from inside instead of outside and that I would feel kind of hopeful about if I were, oh say, a friend of mine in China. Because you know of course we really ought to put a VPN in that wall wart.

And probably we ought to put a Tor router in there.

And of course, we’ve got bittorrent, and by the time you get done with all of that, we have a freedom box. We have a box that not merely climbs us out of the hole we’re in, we have a box that actually puts a ladder up for people who are deeper in the hole than we are, which is another thing we love to do.

I do believe the US State Department will go slanging away at the Chinese communist party for a year or two about internet freedom and I believe the Chinese communist party is going to go slanging back and what they’re going to say is “You think you’ve got real good privacy and autonomy in the internet voyear in your neighborhood?” And every time they do that now as they have been doing that in the last 2 weeks, I would say ouch if I was Hilary Clinton and I knew anything about it because we don’t. Because we don’t. It’s true. We have a capitalist kind and they have a centralist vanguard of the party sort of Marxist kind or maybe Marxist or maybe just totalitarian kind but we’re not going to win the freedom of the net discussion carrying Facebook on our backs. We’re not.

But you screw those wall wart servers around pretty thickly in American society and start taking back the logs and you want to know who I talked to on a Friday night? Get a search warrant and stop reading my email. By the way there’s my GPG key in there and now we really are encrypting for a change and so on and so on and so on and it begins to look like something we might really want to go on a national crusade about. We really are making freedom here for other people too. For people who live in places where the web don’t work.

So there’s not a challenge we don’t want to rise to. It’s one we want to rise to plenty. In fact, we’re in a happy state in which all the benefits we can get are way bigger than the technical intricacy of doing what needs to be done, which isn’t much.

That’s where we came from. We came from our technology was more free than we understood and we gave away a bunch of the freedom before we really knew it was gone. We came from unfree software had bad social consequences further down the road than even the freedom agitators knew. We came from unfreedom’s metaphors tend to produce bad technology.

In other words, we came from the stuff that our movement was designed to confront from the beginning but we came from there. And we’re still living with the consequences of we didn’t do it quite right the first time, though we caught up thanks to Richard Stallman and moving on.

Where we live now is no place we’re going to have to see our grandchildren live. Where we live now is no place we would like to conduct guided tours of. I used to say to my students how many video cameras are there between where you live and the Law school? Count them. I now say to my students how many video cameras are there between the front door to the law school and this classroom? Count them.

I now say to my students “can you find a place where there are no video cameras?” Now, what happened in that process was that we created immense cognitive auxiliaries for the state – enormous engines of listening. You know how it is if you live in an American university thanks to the movie and music companies which keep reminding you of living in the midst of an enormous surveillance network. We’re surrounded by stuff listening to and watching us. We’re surrounded by mine-able data.

Not all of that’s going to go away because we took Facebook and split it up and carried away our little shards of it. It’s not going to go away cause we won’t take free webhosting with spying inside anymore. We’ll have other work to do. And some of that work is lawyers work. I will admit that. Some of that work is law drafting and litigating and making trouble and doing lawyer stuff. That’s fine. I’m ready.

My friends an I will do the lawyers part. It would be way simpler to do the lawyer’s work if we were living in a society which had come to understand it’s privacy better. It would be way simpler to do the lawyer’s work if young people realize that when they grow up and start voting or start voting now that they’re grown up, this is an issue. That they need to get the rest of it done the way we fixed the big stuff when we were kids. We’ll have a much easier time with the enormous confusions of international interlocking of regimes when we have deteriorated the immense force of American capitalism forcing us to be less free and more surveilled for other people’s profit all the time. It isn’t that this gets all the problems solved but the easy work is very rich and rewarding right now.

The problems are really bad. Getting the easy ones out will improve the politics for solving the hard ones and it’s right up our alley. The solution is made of our parts. We’ve got to do it. That’s my message. It’s Friday night. Some people don’t want to go right back to coding I’m sure. We could put it off until Tuesday but how long do you really want to wait? You know everyday that goes by there’s more data we’ll never get back. Everyday that goes by there’s more data inferences we can’t undo. Everyday that goes by we pile up more stuff in the hands of the people who got too much. So it’s not like we should say “one of these days I’ll get around to that”. It’s not like we should say “I think I’d rather sort of spend my time browsing news about iPad”.

It’s way more urgent than that.

It’s that we haven’t given ourselves the direction in which to go so let’s give ourselves the direction in which to go. The direction in which to go is freedom using free software to make social justice.

But, you know this. That’s the problem with talking on a Friday night. You talk for an hour and all you tell people is what they know already.

So thanks a lot. I’m happy to take your questions.
How Egypt shut down the internet
by Christopher Williams / 28 Jan 2011

Organisations that track global internet access detected a collapse in traffic in to and out of Egypt at around 10.30GMT on Thursday night. The shut down involved the withdrawal of more than 3,500 Border Gateway Protocol (BGP) routes by Egyptian ISPs, according to Renesys, a networking firm. Only one ISP out of 10, Noor Data Networks, appeared largely unaffected. It connects to the outside world via an undersea cable operated by Telecom Italia. According to BGPMon, another networking firm, 88 per cent of Egyptian internet access was successfully shut down, however. Renesys speculated that the apparent anomaly of Noor Data Networks may be a result of the fact it provides services to the Egyptian stock exchange. BGP routes are one of the most vital parts of the internet. They are mostly used by ISPs so their networks can exchange information about how to best route the packets of data that make up all internet communications.

If an ISP withdraws its BGP routes, its customers effectively disappear from the internet, unable to access websites and services, send and receive email, or use voice services such as Skype. The Egyptian government’s action is unprecedented in the history of the internet. Countries such as China, Iran, Thailand and Tunisia have cut off access to news websites and social networking services during periods of unrest, as Egypt did when it cut off Facebook and Twitter earlier this week. The ongoing attempt by the Egyptian government to shut down all online communication is, however, a new phenomenon. It not only prevents ordinary Egyptian internet users from accessing any websites, it cripples Tor, an anti-censorship tool that technical experts and activists were using to circumvent the Facebook and Twitter blocks. The action puts Egypt, temporarily at least, in the company of North Korea, which has never allowed its citizens access to the internet.
Egypt Leaves the Internet
by James Cowie / January 27, 2011

Confirming what a few have reported this evening: in an action unprecedented in Internet history, the Egyptian government appears to have ordered service providers to shut down all international connections to the Internet. Critical European-Asian fiber-optic routes through Egypt appear to be unaffected for now. But every Egyptian provider, every business, bank, Internet cafe, website, school, embassy, and government office that relied on the big four Egyptian ISPs for their Internet connectivity is now cut off from the rest of the world. Link Egypt, Vodafone/Raya, Telecom Egypt, Etisalat Misr, and all their customers and partners are, for the moment, off the air. At 22:34 UTC (00:34am local time), Renesys observed the virtually simultaneous withdrawal of all routes to Egyptian networks in the Internet’s global routing table. Approximately 3,500 individual BGP routes were withdrawn, leaving no valid paths by which the rest of the world could continue to exchange Internet traffic with Egypt’s service providers. Virtually all of Egypt’s Internet addresses are now unreachable, worldwide.

This is a completely different situation from the modest Internet manipulation that took place in Tunisia, where specific routes were blocked, or Iran, where the Internet stayed up in a rate-limited form designed to make Internet connectivity painfully slow. The Egyptian government’s actions tonight have essentially wiped their country from the global map. What happens when you disconnect a modern economy and 80,000,000 people from the Internet? What will happen tomorrow, on the streets and in the credit markets? This has never happened before, and the unknowns are piling up. We will continue to dig into the event, and will update this story as we learn more. As Friday dawns in Cairo under this unprecedented communications blackout, keep the Egyptian people in your thoughts.

Update (3:06 UTC)
One of the very few exceptions to this block has been Noor Group (AS20928), which still has 83 out of 83 live routes to its Egyptian customers, with inbound transit from Telecom Italia as usual. Why was Noor Group apparently unaffected by the countrywide takedown order? Unknown at this point, but we observe that the Egyptian Stock Exchange ( is still alive at a Noor address. Its DNS A records indicate that it’s normally reachable at 4 different IP addresses, only one of which belongs to Noor. Internet transit path diversity is a sign of good planning by the Stock Exchange IT staff, and it appears to have paid off in this case. Did the Egyptian government leave Noor standing so that the markets could open next week?

Tor use in Egypt graph
Tor Use Skyrocketing as Users Route-Around Internet Blocks
by Klint Finley / January 28, 2011

As we reported yesterday, the Egyptian government appears to be locking down Intrernet access in Egypt. Access in or out of the country seems to be blocked. GigaOm provides some analysis on how this might work. However, some Egyptian Internet users are still able to access the outside Internet. The Washington Post lists some ways that Egyptians are still accessing the Internet. Meanwhile, use of Tor, a free Internet anonymizer, is skyrocketing.

According to the Post:

  • Noor Data Networks, the provider used by the Egyptian Stock Excahnge, is unaffected by the Internet blackout.
  • Some are using dial-up access routed through other countries, though there are reports that some landlines are down.
  • Some are using virtual private networks.

It’s being widely retweeted that a French ISP called French Data Network is offering free dial-up to Egyptians: “Free dialup internet access for egypt : on +33172890150 login toto password toto #jan25 #egypt MASS RT PLZ”

Many people on Twitter are calling for people in other countries to setup Tor relays.

It’s probably worth revisiting the failure of Haystack, an interesting but badly flawed attempt at anonymizing Internet traffic. Perhaps this will also rekindle interest in projects like Freenet and Netsukuku.

Get Internet Access When Your Government Shuts It Down
by Patrick Miller & David Daw / Jan 28, 2011

These days, no popular movement goes without an Internet presence of some kind, whether it’s organizing on Facebook or spreading the word through Twitter. And as we’ve seen in Egypt, that means that your Internet connection can be the first to go. Whether you’re trying to check in with your family, contact your friends, or simply spread the word, here are a few ways to build some basic network connectivity when you can’t rely on your cellular or landline Internet connections.

Do-It-Yourself Internet With Ad-Hoc Wi-Fi
Even if you’ve managed to find an Internet connection for yourself, it won’t be that helpful in reaching out to your fellow locals if they can’t get online to find you. If you’re trying to coordinate a group of people in your area and can’t rely on an Internet connection, cell phones, or SMS, your best bet could be a wireless mesh network of sorts–essentially, a distributed network of wireless networking devices that can all find each other and communicate with each other. Even if none of those devices have a working Internet connection, they can still find each other, which, if your network covers the city you’re in, might be all you need. At the moment, wireless mesh networking isn’t really anywhere close to market-ready, though we have seen an implementation of the 802.11s draft standard, which extends the 802.11 Wi-Fi standard to include wireless mesh networking, in the One Laptop Per Child (OLPC) XO laptop. However, a prepared guerrilla networker with a handful of PCs could make good use of Daihinia ($25, 30-day free trial), an app that piggybacks on your Wi-Fi adapter driver to turn your normal ad-hoc Wi-Fi network into a multihop ad-hoc network (disclaimer: we haven’t tried this ourselves yet), meaning that instead of requiring each device on the network to be within range of the original access point, you simply need to be within range of a device on the network that has Daihinia installed, effectively allowing you to add a wireless mesh layer to your ad-hoc network. Advanced freedom fighters can set up a portal Web page on their network that explains the way the setup works, with Daihinia instructions and a local download link so they can spread the network even further. Lastly, just add a Bonjour-compatible chat client like Pidgin or iChat, and you’ll be able to talk to your neighbors across the city without needing an Internet connection.

Back to Basics
Remember when you stashed your old modems in the closet because you thought you might need them some day? In the event of a total communications blackout–as we’re seeing in Egypt, for example–you’ll be glad you did. Older and simpler tools, like dial-up Internet or even ham radio, could still work, since these “abandoned” tech avenues aren’t being policed nearly as hard. In order to get around the total shutdown of all of the ISPs within Egypt, several international ISPs are offering dial-up access to the Internet to get protesters online, since phone service is still operational. It’s slow, but it still works–the hard part is getting the access numbers without an Internet connection to find them. Unfortunately, such dial-up numbers can also be fairly easily shut down by the Egyptian government, so you could also try returning to FidoNet–a distributed networking system for BBSes that was popular in the 1980s. FidoNet is limited to sending only simple text messages, and it’s slow, but it has two virtues: Users connect asynchronously, so the network traffic is harder to track, and any user can act as the server, which means that even if the government shuts down one number in the network, another one can quickly pop up to take its place. You could also take inspiration from groups that are working to create an ad-hoc communications network into and out of Egypt using Ham Radio, since the signals are rarely tracked and extremely hard to shut down or block. Most of these efforts are still getting off the ground, but hackers are already cobbling together ways to make it a viable form of communication into and out of the country.

Always Be Prepared
In the land of no Internet connection, the man with dial-up is king. Here are a few gadgets that you could use to prepare for the day they cut the lines. Given enough time and preparation, your ham radio networks could even be adapted into your own ad-hoc network using Packet Radio, a radio communications protocol that you can use to create simple long-distance wireless networks to transfer text and other messages between computers. Packet Radio is rather slow and not particularly popular (don’t try to stream any videos with this, now), but it’s exactly the kind of networking device that would fly under the radar. In response to the crisis in Egypt, nerds everywhere have risen to call for new and exciting tools for use in the next government-mandated shutdown. Bre Pettis, founder of the hackerspace NYC Resistor and creator of the Makerbot 3D printer, has called for “Apps for the Appocalypse,” including a quick and easy way to set up chats on a local network so you can talk with your friends and neighbors in an emergency even without access to the Internet. If his comments are any indication, Appocalypse apps may be headed your way soon. Tons of cool tech are also just waiting to be retrofitted for these purposes. David Dart’s Pirate Box is a one-step local network in a box originally conceived for file sharing and local P2P purposes, but it wouldn’t take much work to adapt the Pirate Box as a local networking tool able to communicate with other pirate boxes to form a compact, mobile set of local networks in the event of an Internet shutdown.

How Egypt Switched Off the Internet
by Bobbie Johnson / Jan 28, 2011

Amid spreading protests, the Egyptian government has taken the incredible step of shutting down all communications late Thursday. Only a handful of web connections, including those to the nation’s stock exchange, remain up and running. It’s an astonishing move, and one that seems almost unimaginable for a nation that not only has a relatively strong Internet economy but also relies on its connections to the rest of the world. But how did the government actually do it? Is there a big kill switch inside Egyptian President Hosni Mubarak’s office? Do physical cables have to be destroyed? Can a lockdown like this work?

Plenty of nations place limitations on communications, sometimes very severe ones. But there are only a few examples of regimes shutting down communications entirely — Burma’s military leaders notably cut connectivity during the protests of 2007, and Nepal did a similar thing after the king took control of the government in 2005 as part of his battle against insurgents. Local Chinese authorities have also conducted similar, short-lived blockades. The OpenNet Initiative has outlined two methods by which most nations could enact such shutdowns. Essentially, officials can either close down the routers which direct traffic over the border — hermetically sealing the country from outsiders — or go further down the chain and switch off routers at individual ISPs to prevent access for most users inside.

In its report on the Burmese crackdown, ONI suggests the junta used the second option, something made easier because it owns the only two Internet service providers in the country.

The Burmese Autonomous System (AS), which, like any other AS, is composed of several hierarchies of routers and provides the Internet infrastructure in-country. A switch off could therefore be conducted at the top by shutting off the border router(s), or a bottom up approach could be followed by first shutting down routers located a few hops deeper inside the AS.

A high-level traffic analysis of the logs of NTP (Network Time Protocol) servers indicates that the border routers corresponding to the two ISPs were not turned off suddenly. Rather, our analysis indicates that this was a gradual process.

While things aren’t clear yet, this doesn’t look like the pattern seen in Egypt, where the first indications of Internet censorship came earlier this week with the blockades against Twitter and Facebook, but when access disappeared, it disappeared fast, with 90 percent of connections dropping in an instant.

Analysis by Renesys, an Internet monitoring body, indicates the shutdown across the nation’s major Internet service providers was at precisely the same time, 12:34 a.m. EET (22:34 UTC):

Renesys observed the virtually simultaneous withdrawal of all routes to Egyptian networks in the Internet’s global routing table … The Egyptian government’s actions tonight have essentially wiped their country from the global map.

Instead, the signs are that the Egyptian authorities have taken a very careful and well-planned method to screen off Internet addresses at every level, from users inside the country trying to get out and from the rest of the world trying to get in.

“It looks like they’re taking action at two levels,” Rik Ferguson of Trend Micro told me. “First at the DNS level, so any attempt to resolve any address in .eg will fail — but also, in case you’re trying to get directly to an address, they are also using the Border Gateway Protocol, the system through which ISPs advertise their Internet protocol addresses to the network. Many ISPs have basically stopped advertising any internet addresses at all.”

Essentially, we’re talking about a system that no longer knows where anything is. Outsiders can’t find Egyptian websites, and insiders can’t find anything at all. It’s as if the postal system suddenly erased every address inside America — and forgot that it was even called America in the first place. A complete border shutdown might have been easier, but Egypt has made sure that there should be no downstream impact, no loss of traffic in countries further down the cables. That will ease the diplomatic and economic pressure from other nations, and make it harder for protesters inside the country to get information in and out.

Ferguson suggests that, if nothing else, the methods used by the Egyptian government prove how fragile digital communication really is. “What struck me most is that we’ve been extolling the virtues of the Internet for democracy and free speech, but an incident like this demonstrates how easy it is — particularly in a country where there’s a high level of governmental control — to just switch this access off.”

Controversial tear gas canisters made in the USA
by Emily Smith / January 28, 2011

A thick pall of chemical smoke hung over a crowd in Cairo on Friday afternoon. People ran, covering their noses and mouths to escape yet another volley of tear gas. The same scene was being played out elsewhere in Cairo, in Alexandria and Suez. And several weeks back, Tunisian police used tear gas to try to quell protests there. It is one of the most common ways to used to disperse protests — but not everyone runs.

In both Tunisia and Egypt, some protesters stopped to pick up canisters, and posted photographs online. A few inches long, blue and silver, they include warning labels and then a set of initials: CSI, followed by “Made in the U.S.A.” The photograph posted in Tunisia was of a 40 mm riot CS smoke projectile, made by a company called Combined Systems Inc., which describes itself as a “tactical weapons company” and is based in Jamestown, Pennsylvania. CSI’s website describes the projectile as “a launched burning extended-range single projectile round that dispenses smoke or chemical agents via rapid burning. Used effectively during riots at safe stand-off distances to disperse groups or deny areas.” Its warning label reads: “Danger: Do not fire directly at person(s). Severe injury or death may result.”

That warning is apparently not always followed. Lucas Mebrouk Dolega died in Tunisia on January 17, three days after being hit by a tear gas grenade at close range. The 32-year-old was a photographer for the European PressPhoto Agency. On Thursday, a similar picture was posted on Twitter by a someone in Egypt, only this time it was of a grenade, not a canister. It, too, was made by CSI. The grenade appears to be an “Outdoor 52 Series Large Grenade” that “discharges a high volume of smoke and chemical agent through multiple emission ports. Specifically for outdoor use,” the website says.

CSI’s website ( bills the company as the “premier engineering, manufacturing and supply company of tactical munitions and crowd control devices globally to armed forces, law enforcement, corrections and homeland security agencies.” Clients include the U.S. Army, U.S. Customs and Border Patrol, and the U.S. Department of State, as well as Rafael Advanced Defense Systems and Israeli Military Industries — both of which are weapons companies based in Israel. On January 1, Jawaher Abu Rahmah died in the West Bank during a weekly protest against a security barrier being built in Bilin. Israel considers the protests violent and illegal. Rahmah died of severe asphyxiation and cardiac arrest after Israeli soldiers fired tear gas canisters into the crowd. In April 2009, Rahmah’s brother was killed participating in the same weekly protest when a tear gas canister struck him directly in the chest.

A spokesman for CSI says the company is operating well within the law by selling tear gas to countries like Tunisia and Egypt. According to the Chemical Weapons Convention, riot control agents are not considered chemical weapons unless used during a time of war. This means that it’s perfectly legal to manufacture and sell tear gas, so long as countries don’t stockpile a large amount of the chemical compounds. The spokesman declined to say how much tear gas CSI had sold to countries in northern Africa, but said it is a small company. He also said CSI could not control how its products are used once sold. Social media reaction to the “Made in the U.S.A.” label on the canisters was scathing, with some suggesting it meant the U.S. government itself was somehow involved in suppressing the protests. Some Twitter users demanded to know “why so many weapons used against Egyptian protesters read ‘made in the USA’.” Others advised “Maybe U.S. weapons manufacturers should stop printing “made in USA” on their weapons especially the ones we send to brutal autocrats.”

Whether CSI is operating within the law hasn’t stopped protestors from voicing their dissatisfaction with the company. After Rahmah died in Israel, demonstrators gathered outside Point Lookout Capital Partners’ Manhattan offices. Point Lookout owns a majority interest in CSI. The protesting group — the New York Campaign for the Boycott of Israel — demanded that CSI stop providing tear gas that could be used on Palestinians by Israeli forces. Israeli authorities are still investigating Jawaher Abu Rahmah’s death. According to the Centers for Disease Control and Prevention, there are several compounds that are considered to be riot-control agents. Two of the most common are chloroacetophenone (CN) and chlorobenzylidene malononitrile (CS). Others include chloropicrin (PS), bromobenzylcyanide (CA), and dibenzoxazepine (CR). Riot control agents temporarily disable those affected by causing irritation to the eyes, mouth, throat, lungs, and skin. Long-lasting exposure to these compounds can cause blindness and chemical burning of the throat and lungs resulting in death, as well as respiratory failure, which can also result in death.

How the U.S. Chamber of Commerce’s Egyptian Affiliate Went to Bat for the Egyptian Dictatorship
by Zaid Jilani / Jan 27th, 2011

As Egyptian protests continue to rage and thousands of people in that country continue to demand democratic reforms, manycommentators are rightly calling upon the international community to show solidarity with the demonstrators and join them in battling the Mubarak regime. However, there is at least one powerful, multinational entity that has continually stood by Mubarak and the Egyptian elite and has continually fought efforts to democratize the country. As ThinkProgress previously reported, the U.S. Chamber of Commerce maintains a network of foreign affiliates known as Amchams, “which are foreign chambers of the Chamber composed of American and foreign companies.” In Egypt, this foreign affiliate is known as the American Chamber of Commerce in Egypt, known in short as AmCham Egypt.

AmCham Egypt’s relation to the Mubarak dictatorship stretches back decades. In fact, the Egyptian dictator even personally intervened to create the organization. In 1981, Mubarak issued an order to allow for the creation of the AmCham by giving it an exemption from Egypt’s strict NGO laws — which help limit the influence human rights and democracy promotion organizations. Since then, the chamber has grown to have hundreds of members. While roughly 75 percent of the organization’s members are Egyptian businesses, many of them are also large Western multinational corporations, like Coca Cola and BP. The Chamber’s member companies account for nearly 20 percent of Egypt’s GDP.

When a powerful corporate-backed entity like the AmCham Egypt gains favorable treatment, it is natural for it to try to protect its patron. So last year, when a group of U.S. Senators — lead by Russ Feingold (D-WI) — introduced legislation that called on the government of Egypt to end crackdowns on pro-democracy activists and hold free and fair elections, AmCham Egypt, at the behest of the Egyptian dictatorship, sprung into action. As Al Masra Al Youm, a major Egyptian paper, reports, the Mubarak regime tapped AmCham Egypt President Shafik Gabr to do its bidding. Gabr was “dispatched expressly” for the purpose of scuttling the bill:

American Chamber of Commerce (AmCham) in Egypt President Shafik Gabr arrived in Washington on Wednesday to meet with members of US Congress in an effort to persuade them to refrain from issuing a resolution demanding that Egypt “hold fair elections, allow international monitoring of elections, and respect democracy and human rights.”

Informed sources told Al-Masry Al-Youm that Gabr, who is also a leading member of the ruling National Democratic Party of President Hosni Mubarak, had been dispatched expressly for this purpose by the Egyptian government.

By asking a non-American who technically worked for a nongovernmental organization to do their advocacy for them, the Mubarak regime successfully skirted numerous laws dealing with lobbying disclosure, making it easier to hide its role. But thanks to the intervention of AmCham Egypt as well as a multi-million dollar official lobbying campaign by Mubarak, the bill died a quiet death as it wasn’t brought to the floor before the Senate’s recess.

And stunningly, just days before massive protests erupted all over Egypt demanding democracy — protests which were widely expected given events in neighboring Tunisia and the upcoming anniversary of a police massacre at the hands of British colonizers — AmCham Egypt hosted former U.S. Deputy Secretary of State John Negroponte, who blamed the media for its “sensational coverage” of the Tunisian revolution and said it was in American interests to “continue to support ‘our friends’ in the region, such as Egypt, Jordan and Gulf countries.” “Chaos is in no one’s interest,” he concluded, disparaging the protests:

Negroponte said it will be crucial for US interests to continue to support “our friends” in the region, such as Egypt, Jordan and Gulf countries. […] During a brief question-and-answer session at the conclusion of his address, Negroponte said he was surprised by the unrest in Tunisia that ended the 23-year presidency of Zine El Abidine Ben Ali. He said that what happened in Tunisia is “not necessarily transferable” to other countries. He blamed the news media for sensational coverage of self-immolation protests in Egypt, Algeria and Mauritania, and urged “a little bit of patience.” “Let’s hope the country doesn’t descend into chaos,” he said. “Chaos is in no one’s interest.”

While backing dictatorships is nothing new for Negroponte, it should be noted that he has financial interests at stake in Egypt as well. He is on the board of Agility DGS, a defense company that has major operations in Egypt.

In 2006, AmCham Egypt, in a particularly outlandish move, put out a statement in its Business Monthly that bragged that President Mubarak “became Egypt’s first president to be directly elected in a multiparty contest” in 2005 — a reference to an election where almost all the independent opposition was banned and Mubarak won 88 percent of the vote. For years, the U.S. Chamber of Commerce has been using its massive amounts of corporate money to distort American democracy. Let the record show that its foreign affiliates appear to be dead set on doing much worse in foreign countries, even if it means backing a brutal dictator like Mubarak.

As Egypt Tightens Its Internet Grip, Tunisia Looks to Open Up
by Mike Elkin / January 28, 2011

When Zine El Abidine Ben Ali’s dictatorship began unravelling here last month amid violent street protests, the Tunisia’s Internet administrators saw a massive spike in the number of sites placed on government block lists. But, in contrast to the embattled Egyptian government, the Ali regime never ordered Internet and cellphone communications shut off or slowed down, the head of the Tunisian Internet Agency says. “I think Ben Ali did not realize where the situation was going or that he could be taken down,” Tunisian Internet Agency (ATI in its French initials) director Kamel Saadaoui tells “Maybe if he had known that he would have cut the Internet. But the number of blocked sites did grow drastically when the revolution started. They were trying desperately to block any site that spoke about Sidi Bouzid. In a few weeks the number doubled.”

Egypt’s blackout, confirmed Thursday by Internet monitoring company Renesys, shut down four out of five of the country’s ISPs, with one connection left open to Noor Group, which hosts the Egyptian stock exchange, Rensys reported. The move signals an unprecedented clampdown on communications interference as activists, apparently inspired by Tunisia’s successful uprising, are taking to the streets in massive numbers. During its 15-year existence, the ATI had a reputation for censoring the Internet and hacking into people’s personal email accounts. All Tunisian ISPs and email flowed through its offices before being released on the Internet, and anything that the dictatorship of Ben Ali didn’t like didn’t see the light of day.

Saadaoui, its director of three years, complains that the perception of the ATI as an oppressive cyber-nanny is undeserved. He was just following the regime’s orders, he insists. Now that the government has changed, he’s following those new policies, helping open up Tunisian Internet access as never before. “We are computer and electronic engineers, not policemen,” Saadaoui says at his office in the ATI headquarters, a handsome, white bungalow near Pasteur Square in a high-end neighborhood of Tunis. “We don’t check email and we don’t filter websites, even though we have filtering engines on our network. We run the engines technically, but we don’t decide to block your blog. We don’t even know you have a blog. But,” he adds, “we give access to these engines to other institutions that have been mandated by the government to choose which websites should be blocked. They have the gateway that has all the mail to be read.” In other words: don’t blame us. We just work here.

Saadaoui described the governmental oversight of the Internet as an encrypted interface built and maintained by the ATI. Only the government can manipulate it. “We gave them an interface where they can go in and add anything they want to block,” he says. “We don’t even know what they were banning because the list is encrypted. We can only see the number of blocked sites and some other technical aspects, such as CPO load, how much traffic… things like this. Sometimes we learn about the blocked sites when people call in and ask why their blog has been blocked. Then we know.” At first, the regime banned around 300 websites, but as Internet use grew throughout the country – from 1 percent of the population in 2000 to 37 percent as of last November – the blacklist bloated to more than 2,000. When the government started going after proxies, Saadaoui said, the number jumped to many thousands. He estimated that around 1,000 of the blocked sites were political, and the rest were proxies.

The revolution began on December 17, when a 26-year-old fruit vendor named Mohammed Bouazizi in the central Tunisian town of Sidi Bouzid set himself on fire to protest the humiliating tactics of local officials. The suicide jolted Tunisians; they began to protest in the streets — and clash with police. Around 100 people died throughout the country. The media, controlled by Ben Ali’s advisers, reported only that criminals were looting. But videos of the protests, riot police and their victims appeared on Facebook and bloggers began reporting the daily events with first-hand accounts, photographs and videos. This information helped drive the uprising, and the government responded by allegedly hijakcing Tunisian Facebook passwords. At the same time, hackers began to attack the Tunisian government’s control over the Internet. They bombed the ATI’s DNS and website, and tried to bomb the email centipede gateway. The National Computer Security Agency, which fights hacking, phishing, viruses and fraud, took on the activists who tried to overload government websites with Distributed Denial of Service attacks. “When the hackers did DDOS they did a good job, and Anonymous did a good job,” Saadaoui says, smiling. “But not on everything. They weren’t able to take down the DNS, they weren’t able to take down the main servers or the network, but they were able to DDOS websites. They were able to bomb Ben Ali’s website.”

Open, But Uncertain Future
Since Ben Ali fled the country on January 14, the transitional government has removed several restrictions on Internet use while the 60-person ATI aims to focus on tasks more befitting an Internet regulator: providing bandwidth and IP numbers, DNS management, IP addresses, research and development, electronic commerce, and web hosting. The agency is also the ISP for all public institutions. How the dictator-less Tunisia will rebuild its Internet architecture is still being discussed, Saadaoui says. But one optimistic sign is that 33-year-old blogger and activist Slim Amamou, who was arrested during the revolt, is now the secretary of state for youth and sports. The Ministry of Communications and Technology has announced that anyone who has a SMTP server can have direct access to the Internet without going through the governmental post office.

The interface that allows the government to block sites, however, still exists. Saadaoui promises that it will be used only to block pornography, child pornography, nudity and “hate,” using URL classifiers. “The new government told us to keep the filtering engines where they are and to allow them to add categories that they don’t like,” Saadaoui says. “The difference now is that they will ask a judge to approve the filtering. The problem is not filtering, the problem is who filters and based on what law. Before, people would filter without applying the law, and now we will filter with a judicial mandate. And the current mandate is to block pornography, pedophilia, nudity, and hate.” Many Tunisians, such as Amamou and the hackers who fought the ATI during the revolution, prefer a completely open Internet. Saadaoui disagrees. He says the current filters are necessary on a political level: “The limits are symbolic. It’s a message from the government that we are a Muslim and conservative society and that we would appreciate if you didn’t go to these [filtered] sites. Besides, Saadaoui says, everyone knows how to sidestep the restrictions, anyway. “Tunisia has a lot of young, open people who know how to go around filters via hotspot proxies,” he says. “So really it’s useless to block. Whatever we do, there are ways to get around it.”

Tunisia, Egypt, Miami: The Importance of Internet Choke Points
by Andrew Blum / Jan 28 2011

The news yesterday evening that Egypt had severed itself from the global Internet came at the same time as an ostensibly far less inflammatory announcement closer to home. Verizon, the telecom giant, would acquire “cloud computing company” Terremark for $1.4 billion. The purchase would “accelerate Verizon’s ‘everything-as-a-service’ cloud strategy,” the press release said. The trouble is that Terremark isn’t merely a cloud computing company. Or, more to the point, the cloud isn’t really a cloud.

Among its portfolio of data centers in the US, Europe and Latin America, Terremark owns one of the single most important buildings on the global Internet, a giant fortress on the edge of Miami’s downtown known as the NAP of the Americas. The Internet is a network of networks. But what’s often forgotten is that those networks actually have to physically connect — one router to another — often through something as simple and tangible as a yellow-jacketed fiber-optic cable. It’s safe to suspect a network engineer in Egypt had a few of them dangling in his hands last night. Terremark’s building in Miami is the physical meeting point for more than 160 networks from around the world. They meet there because of the building’s excellent security, its redundant power systems, and its thick concrete walls, designed to survive a category 5 hurricane. But above all, they meet there because the building is “carrier-neutral.” It’s a Switzerland of the Internet, an unallied territory where competing networks can connect to each other. Terremark doesn’t have a dog in the fight. Or at least it didn’t. Verizon insists there’s nothing to worry about. Terremark will be set up as a wholly owned subsidiary. Its carrier-neutral status will remain. “We’re not going to try to cramp their style at all,” said Lowell McAdam, President and COO of Verizon. “There will be no moves to take certain customers out of play.”

I can’t help but think of it in the context of another recent purchase. Earlier this month, Google bought its New York office building, 111 8th Avenue, for a reported $1.9 billion. As the Wall Street Journal described, “about one third of the space is occupied by telecommunications companies.” But that’s severely understating the situation: 111 8th is another of the most important buildings on the Internet, on a short list of fewer than a dozen worldwide. Like the NAP of the Americas, it houses hundreds of independent networks, scattered across the office spaces of multiple independently owned sub-landlords. And now Google owns the whole thing. One assumes that they’re not going to cramp their style either. “It’s not about the ‘carrier hotel’ space,” said Google Senior Vice President Jonathan Rosenberg. “We have 2,000 employees on site. It’s a big sales center, but also a big engineering center. With the pace at which we’re growing, it’s very difficult to find space in New York. There are very few buildings in New York that can accommodate our needs. This gives us a lot of control over growing into the space.” But on a day when a government to 80,000,000 managed to find the Internet’s “kill switch,” it’s worth remembering that the Internet is a physical network. It matters who controls the nodes. With these two deals, Google and Verizon may have chipped away at the foundation walls of an open, competitive–and therefore free — Internet.

Senators propose granting president emergency Internet power
by Declan McCullagh / June 10, 2010

A new U.S. Senate bill would grant the president far-reaching emergency powers to seize control of or even shut down portions of the Internet. The legislation announced Thursday says that companies such as broadband providers, search engines, or software firms that the government selects “shall immediately comply with any emergency measure or action developed” by the Department of Homeland Security. Anyone failing to comply would be fined. That emergency authority would allow the federal government to “preserve those networks and assets and our country and protect our people,” Joe Lieberman, the primary sponsor of the measure and the chairman of the Homeland Security committee, told reporters on Thursday. Lieberman is an independent senator from Connecticut who caucuses with the Democrats. Because there are few limits on the president’s emergency power, which can be renewed indefinitely, the densely worded 197-page bill (PDF) is likely to encounter stiff opposition.

TechAmerica, probably the largest U.S. technology lobby group, said it was concerned about “unintended consequences that would result from the legislation’s regulatory approach” and “the potential for absolute power.” And the Center for Democracy and Technology publicly worried that the Lieberman bill’s emergency powers “include authority to shut down or limit Internet traffic on private systems.” The idea of an Internet “kill switch” that the president could flip is not new. A draft Senate proposal that CNET obtained in August allowed the White House to “declare a cybersecurity emergency,” and another from Sens. Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) would have explicitly given the government the power to “order the disconnection” of certain networks or Web sites.

On Thursday, both senators lauded Lieberman’s bill, which is formally titled the Protecting Cyberspace as a National Asset Act, or PCNAA. Rockefeller said “I commend” the drafters of the PCNAA. Collins went further, signing up at a co-sponsor and saying at a press conference that “we cannot afford to wait for a cyber 9/11 before our government realizes the importance of protecting our cyber resources.” Under PCNAA, the federal government’s power to force private companies to comply with emergency decrees would become unusually broad. Any company on a list created by Homeland Security that also “relies on” the Internet, the telephone system, or any other component of the U.S. “information infrastructure” would be subject to command by a new National Center for Cybersecurity and Communications (NCCC) that would be created inside Homeland Security. The only obvious limitation on the NCCC’s emergency power is one paragraph in the Lieberman bill that appears to have grown out of the Bush-era flap over warrantless wiretapping. That limitation says that the NCCC cannot order broadband providers or other companies to “conduct surveillance” of Americans unless it’s otherwise legally authorized. Lieberman said Thursday that enactment of his bill needed to be a top congressional priority. “For all of its ‘user-friendly’ allure, the Internet can also be a dangerous place with electronic pipelines that run directly into everything from our personal bank accounts to key infrastructure to government and industrial secrets,” he said. “Our economic security, national security and public safety are now all at risk from new kinds of enemies–cyber-warriors, cyber-spies, cyber-terrorists and cyber-criminals.”

A new cybersecurity bureaucracy
Lieberman’s proposal would form a powerful and extensive new Homeland Security bureaucracy around the NCCC, including “no less” than two deputy directors, and liaison officers to the Defense Department, Justice Department, Commerce Department, and the Director of National Intelligence. (How much the NCCC director’s duties would overlap with those of the existing assistant secretary for infrastructure protection is not clear.) The NCCC also would be granted the power to monitor the “security status” of private sector Web sites, broadband providers, and other Internet components. Lieberman’s legislation requires the NCCC to provide “situational awareness of the security status” of the portions of the Internet that are inside the United States — and also those portions in other countries that, if disrupted, could cause significant harm. Selected private companies would be required to participate in “information sharing” with the Feds. They must “certify in writing to the director” of the NCCC whether they have “developed and implemented” federally approved security measures, which could be anything from encryption to physical security mechanisms, or programming techniques that have been “approved by the director.” The NCCC director can “issue an order” in cases of noncompliance.

The prospect of a vast new cybersecurity bureaucracy with power to command the private sector worries some privacy advocates. “This is a plan for an auto-immune reaction,” says Jim Harper, director of information studies at the libertarian Cato Institute. “When something goes wrong, the government will attack our infrastructure and make society weaker.” To sweeten the deal for industry groups, Lieberman has included a tantalizing offer absent from earlier drafts: immunity from civil lawsuits. If a software company’s programming error costs customers billions, or a broadband provider intentionally cuts off its customers in response to a federal command, neither would be liable. If there’s an “incident related to a cyber vulnerability” after the president has declared an emergency and the affected company has followed federal standards, plaintiffs’ lawyers cannot collect damages for economic harm. And if the harm is caused by an emergency order from the Feds, not only does the possibility of damages virtually disappear, but the U.S. Treasury will even pick up the private company’s tab.

Another sweetener: A new White House office would be charged with forcing federal agencies to take cybersecurity more seriously, with the power to jeopardize their budgets if they fail to comply. The likely effect would be to increase government agencies’ demand for security products. Tom Gann, McAfee’s vice president for government relations, stopped short of criticizing the Lieberman bill, calling it a “very important piece of legislation.” McAfee is paying attention to “a number of provisions of the bill that could use work,” Gann said, and “we’ve certainly put some focus on the emergency provisions.”

The FBI has been accused of planting backdoor in OpenBSD IPSEC stack, ten years ago.

The code is a publicly available Open Source project, the full history of commits is available for public review.  After a week of worldwide code audits by various institutions, no evidence to this effect has yet to be produced.

Whose logo do you trust more?  (OpenBSD on the left, FBI on the right)
Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session.


The implication in this situation is that the FBI could have then maintained a capability to eavesdrop on a majority of the world’s most secret digital communications.  The OpenBSD IPSEC stack sits at the lowest levels of most Open Source and Proprietary network software and hardware, Free and Commercial alike.  IPSEC, being born of the IPv6 protocol suite, is completely requisite in any standards-compliant IPv6 implementation- yet optional for IPv4, (the protocol of the current internet).

The OpenBSD IPSEC stack is possibly the most widely used and most trusted pieces of cryptographic network software.

Anyone who wants to may download the source code, (including all historical commits), and contemplate this reality for yourself:

Not sure you trust the official sources?  Find a mirror which suits you:

Where is this code?  It is widely assumed parts or all of the OpenBSD IPSEC stack can be found in:

– OpenBSD, with its own code derived from a BSD/OS implementation written by John Ioannidis and Angelos D. Keromytis in 1996.
– The KAME stack, that is included in Mac OS X, NetBSD and FreeBSD.
– “IPsec” in Cisco IOS Software
– “IPsec” in Microsoft Windows, including Windows XP, Windows 2000, Windows 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Vista and later
– Authentec QuickSec toolkits
– IPsec in Solaris
– IBM AIX operating system
– IBM z/OS
– IPsec and IKE in HP-UX (HP-UX IPsec)
– The Linux IPsec stack written by Alexey Kuznetsov and David S. Miller.
– Openswan on Linux, FreeBSD and Mac OS X using the native Linux IPsec stack, or its own KLIPS stack.
– strongSwan on Linux, FreeBSD, Mac OS X, and Android using the native IPsec stack.

(cryptographers and people with secrets were quite grumpy)

The cryptography and info-sec communities were reeling after several high-profile US faux-paus:

1994, CALEA, Communications Assistance for Law Enforcement Act
“To amend title 18, United States Code, to make clear a telecommunications carrier’s duty to cooperate in the interception of communications for Law Enforcement purposes, and for other purposes.”

1993 to 1996: The Clipper Chip initiative, a move to put hardware-chip backdoors in every electronic device, a Presidential directive from US President President Bill Clinton:

US Cryptography Export Issues:
Long story short, in cryptography, it’s best to have as many eyes in the world auditing cryptographic code and algorithms.  US Crypto Export restrictions became especially contentious/silly in the late 1990’s:

Tempest operations, Eaves-Dropping via electrical emissions, (particularly a hot topic in the 1990’s, as declassified NSA work in the late 80’s was focused on using computer monitors emissions to eavesdrop on communications):

Echelon, Cold-War onward, European Parliment moved to publicly investigate during 2001:

circa 1997-2005, Carnivore, Software system implemented by the FBI to monitor email and electronic communications:

Backdoor allegations

On 11 December 2010, Gregory Perry sent an email to Theo de Raadt alleging that FBI had paid some OpenBSD ex-developers 10 years previously to insert backdoors into the OpenBSD Cryptographic Framework. Theo de Raadt made the email public on 14 December by forwarding it to the openbsd-tech mailing list and suggested an audit of the IPsec codebase.[55][56] Theo’s response was skeptical of the report and he invited all developers to independently review the relevant code. In the week that has followed, no patches to that area of the code have appeared. As time and code reviews go on without backdoors found, this seems more and more likely to be a hoax on Perry’s part.

(OpenBSD Project Leader)

List:       openbsd-tech
Subject:    Allegations regarding OpenBSD IPSEC
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2010-12-14 22:24:39
Message-ID: 201012142224.oBEMOdWM031222 () cvs ! openbsd ! org

I have received a mail regarding the early development of the OpenBSD
IPSEC stack.  It is alleged that some ex-developers (and the company
they worked for) accepted US government money to put backdoors into
our network stack, in particular the IPSEC stack.  Around 2000-2001.

Since we had the first IPSEC stack available for free, large parts of
the code are now found in many other projects/products.  Over 10
years, the IPSEC code has gone through many changes and fixes, so it
is unclear what the true impact of these allegations are.

The mail came in privately from a person I have not talked to for
nearly 10 years.  I refuse to become part of such a conspiracy, and
will not be talking to Gregory Perry about this.  Therefore I am
making it public so that
(a) those who use the code can audit it for these problems,
(b) those that are angry at the story can take other actions,
(c) if it is not true, those who are being accused can defend themselves.

Of course I don’t like it when my private mail is forwarded.  However
the “little ethic” of a private mail being forwarded is much smaller
than the “big ethic” of government paying companies to pay open source
developers (a member of a community-of-friends) to insert
privacy-invading holes in software.


From: Gregory Perry <>
To: “” <>
Subject: OpenBSD Crypto Framework
Thread-Topic: OpenBSD Crypto Framework
Thread-Index: AcuZjuF6cT4gcSmqQv+Fo3/+2m80eg==
Date: Sat, 11 Dec 2010 23:55:25 +0000
Message-ID: <8D3222F9EB68474DA381831A120B1023019AC034@mbx021-e2-nj-5.exch021.domain.local>
Accept-Language: en-US
Content-Language: en-US
Content-Type: text/plain; charset=”iso-8859-1″
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Status: RO

Hello Theo,

Long time no talk.  If you will recall, a while back I was the CTO at
NETSEC and arranged funding and donations for the OpenBSD Crypto
Framework.  At that same time I also did some consulting for the FBI,
for their GSA Technical Support Center, which was a cryptologic
reverse engineering project aimed at backdooring and implementing key
escrow mechanisms for smart card and other hardware-based computing

My NDA with the FBI has recently expired, and I wanted to make you
aware of the fact that the FBI implemented a number of backdoors and
side channel key leaking mechanisms into the OCF, for the express
purpose of monitoring the site to site VPN encryption system
implemented by EOUSA, the parent organization to the FBI.  Jason
Wright and several other developers were responsible for those
backdoors, and you would be well advised to review any and all code
commits by Wright as well as the other developers he worked with
originating from NETSEC.

This is also probably the reason why you lost your DARPA funding, they
more than likely caught wind of the fact that those backdoors were
present and didn’t want to create any derivative products based upon
the same.

This is also why several inside FBI folks have been recently
advocating the use of OpenBSD for VPN and firewalling implementations
in virtualized environments, for example Scott Lowe is a well
respected author in virtualization circles who also happens top be on
the FBI payroll, and who has also recently published several tutorials
for the use of OpenBSD VMs in enterprise VMware vSphere deployments.

Merry Christmas…

Gregory Perry
Chief Executive Officer
GoVirtual Education

“VMware Training Products & Services”

540-645-6955 x111 (local)
866-354-7369 x111 (toll free)
540-931-9099 (mobile)
877-648-0555 (fax)

Jason Wright

List:       openbsd-tech
Subject:    Re: Allegations regarding OpenBSD IPSEC
From:       “Jason L. Wright” <jason () thought ! net>
Date:       2010-12-15 18:27:31
Message-ID: 20101215182710.GA6897 () jason-wright ! cust ! arpnetworks ! com

Subject: Allegations regarding OpenBSD IPSEC

Every urban lengend is made more real by the inclusion of real names,
dates, and times. Gregory Perry’s email falls into this category.  I
cannot fathom his motivation for writing such falsehood (delusions
of grandeur or a self-promotion attempt perhaps?)

I will state clearly that I did not add backdoors to the OpenBSD
operating system or the OpenBSD crypto framework (OCF). The code I
touched during that work relates mostly to device drivers to support
the framework. I don’t believe I ever touched isakmpd or photurisd
(userland key management programs), and I rarely touched the ipsec
internals (cryptodev and cryptosoft, yes).  However, I welcome an
audit of everything I committed to OpenBSD’s tree.

I demand an apology from Greg Perry (cc’d) for this accusation.  Do
not use my name to add credibility to your cloak and dagger fairy

I will point out that Greg did not even work at NETSEC while the OCF
development was going on.  Before January of 2000 Greg had left NETSEC.
The timeline for my involvement with IPSec can be clearly demonstrated
by looking at the revision history of:
src/sys/dev/pci/hifn7751.c (Dec 15, 1999)
src/sys/crypto/cryptosoft.c (March 2000)
The real work on OCF did not begin in earnest until February 2000.

Theo, a bit of warning would have been nice (an hour even… especially
since you had the allegations on Dec 11, 2010 and did not post them
until Dec 14, 2010).  The first notice I got was an email from a
friend at 6pm (MST) on Dec 14, 2010 with a link to the already posted

So, keep my name out of the rumor mill.  It is a baseless accusation
the reason for which I cannot understand.

–Jason L. Wright


Jason Wright, “Regarding Greg Perry’s baseless accusations”

I have posted a message to tech@. I do not intend to add any more fuel to his baseless accusations. [posting]


“Neural Network Architecture Selection Analysis With Application to Cryptography Location”
Jason L. Wright and Milos Manic. In Proceedings International Joint Conference on Neural Networks (IJCNN), July 2010, Barcelona, Spain.doi:10.1109/IJCNN.2010.5596315

“The Analysis of Dimensionality Reduction Techniques in Cryptographic Object Code Classification”
Jason L. Wright and Milos Manic. In Proceedings Conference on Human Systems Interaction (HSI), pp. 157-162, May 2010, Rzeszow, Poland.doi:10.1109/HSI.2010.5514572

“Neural Network Approach to Locating Cryptography in Object Code”
Jason L. Wright and Milos Manic. In Proceedings International Conference on Emerging Technologies and Factory Automation (ETFA), September 2009, Palma de Mallorca, Spain. doi:10.1109/ETFA.2009.5347226

“Time Synchronization in Heirarchical TESLA Wireless Sensor Networks”
Jason L. Wright and Milos Manic. In Proceedings International Symposium on Resilient Control Systems (ISRCS), pp. 36-39, August 2009, Idaho Falls, ID, USA. doi:10.1109/ISRCS.2009.5251365

“Finding Cryptography in Object Code”
Jason L. Wright. In Proceedings Security Education Conference: Toronoto (SECTOR). October 2008, Toronto, ON, Canada. (slides)

“Recommended Practice for Security Control System Modems”
James R. Davidson and Jason L. Wright. U.S. Department of Homeland Security National Cyber Security Division, Control Systems Security Program. January 2008.

“Cryptography As An Operating System Service: A Case Study”
Angelos D. Keromytis, Theo de Raadt, Jason L. Wright, and Matthew Burnside. In ACM Transactions on Computer Systems (ToCS), vol. 24, no. 1, pp. 1 – 38, February 2006. (Extended version of USENIX Technical 2003 paper). doi:10.1145/1124153.1124154

“The Design of the OpenBSD Cryptographic Framework”
Angelos D. Keromytis, Jason L. Wright, and Theo de Raadt. In Proceedings of the USENIX Annual Technical Conference, pp. 181 – 196. June 2003, San Antonio, TX. (Acceptance rate: 23.3%)

“Experiences Enhancing Open Source Security in the POSSE Project”
Jonathan M. Smith, Michael B. Greenwald, Sotiris Ioannidis, Angelos D. Keromytis, Ben Laurie, Douglas Maughan, Dale Rahn, and Jason L. Wright. In Free/Open Source Development, Stefan Koch (editor), pp. 242 – 257. Idea Group Publishing, 2004. Also re-published in Global Information Technologies: Concepts, Methodologies, Tools, and Applications, Felix B. Tan (editor), pp. 1587- 1598. Idea Group Publishing, 2007.

“Transparent Network Security Policy Enforcement”
Angelos Keromytis and Jason Wright. In Proceedings of the USENIX Annual Technical Conference, Freenix Track, pp. 215 – 226. June 2000, San Diego, CA. (Acceptance rate: 30%)


“When Hardware is Wrong, or ‘They Can Fix it in Software'”
NYC BSD Conference, October 2008.

NYC BSD Conference, October 2006.


21 December 2010. A sends:

Just to point out that one of the ex-developers involved in that period has posted some background info. You can contact Mickey yourself for more information:how i stopped worrying and loved the backdoor

By the way, anybody want to elaborate how Theo de Raadt has been hiding 2 donations accounts from Canadian Tax Revenue Services for years now?

(Paypal and the German account  IBAN: DE91 7007 0024 0338 1779 00
Name: Theo de Raadt
Address: Deutsche Bank, Marienplatz 21
80331 München, Germany

Inside Germany, instead use:

Name: Theo de Raadt
Bank: Deutsche Bank München
BLZ: 70070024
Konto: 338177900

From outside Europe:

Account: 7007 0024 0338 1779 00
Name: Theo de Raadt
Address: Deutsche Bank, Marienplatz 21
80331 München, Germany


20 December 2010. Gregory Perry further responds with the truth about the FBI:

From: Gregory Perry <Gregory.Perry[at]>
To: John Young <jya[at]>
Subject: RE: OpenBSD Crypto Framework
Date: Mon, 20 Dec 2010 14:33:54 +0000

The issue of retribution has been ongoing on for over a decade at this point, the FBI is a lawless and corrupt organization with little hope for rehabilitation.  Maybe one day the Congress will issue a subpoena into their domestic ops and related skullduggery.


From: John Young <jya[at]>
Sent: Monday, December 20, 2010 9:06 AM
To: Gregory Perry
Subject: RE: OpenBSD Crypto Framework

Thanks very much for responding. If you care to do so, we would like to hear of any retribution for dislosing the hole. Wikileaks we’re not but quieter. Anonymous is our best source.

20 December 2010. Gregory Perry responds:

From: Gregory Perry <Gregory.Perry[at]>
To: John Young <jya[at]>
Subject: RE: OpenBSD Crypto Framework
Date: Mon, 20 Dec 2010 02:17:23 +0000

I really wish Theo hadn’t made that email public, it’s really stirred up things quite a bit in the mainstream media.

To put things into perspective, the salient points to consider are:

1)  I sent a private letter to Theo Deraadt, urging him to perform a source code audit of the OpenBSD Project based upon the allegations contained within the original email you referenced;

2)  Theo then sent, without my permission and against my wishes, the entire contents of that email with my contact particulars to a public listserver, which ignited this firestorm of controversy that I am now seemingly embroiled in;

3)  If I had this to do over again, I would have sent an anonymous postcard to Wikileaks probably;

4)  I have absolutely, positively nothing to gain from making those statements to Theo, and only did so to encourage a source code audit of the OpenBSD Project based upon the expiry of my NDA with the FBI; and,

5)  Being in any limelight is not my bag at all.

I personally hired and managed Jason Wright as well as several other developers that were involved with the OpenBSD Project, I am intimately familiar with OpenBSD having used it for a variety of commercial products over the years, and I arranged the initial funding for the cryptographic hardware accelerated OCF and gigabit Ethernet drivers by way of a series of disbursements of equipment and development monies made available via NETSEC (as well as my own personal donations) to the OpenBSD Project.

Although I don’t agree with what Theo did last week, I will say that he is a brilliant and very respected individual in the computer security community and he would have in no way agreed to intentionally weaken the security of his project.  Theo is an iron-fisted fascist when it comes to secure systems architecture, design, and development, and there is no better person than him and his team to get to the bottom of any purported issues with the OpenBSD security controls and its various internal cryptographic frameworks.

Many, many commercial security products and real time embedded systems are derived from the OpenBSD Project, due to Theo’s liberal BSD licensing approach contrasted with other Linux-based operating systems licensed under the GPL.  Many, many commercial security products and embedded systems are directly and proximately affected by any lapse in security unintentional or otherwise by the OpenBSD Project.  Almost every operating system on the planet uses the OpenSSH server suite, which Theo and his team created with almost zero remuneration from the many operating systems and commercial products that use it without credit to the OpenBSD Project.  Given the many thousands of lines of code that the IPSEC stack, OCF, and OpenSSL libraries consist of, it will be several months before the dust settles and the true impact of any vulnerabilities can be accurately determined; it’s only been about 96 hours since their source code audit commenced and your recent article points to at least two vulnerabilities discovered so far.

I wish Theo and his team the best of success with their project and endeavors.

Kind regards

Gregory Perry
Chief Executive Officer
GoVirtual® Education
P: 540-645-6955 x111
F: 877-648-0555
C: 540-931-9099
E: Gregory.Perry[at]

GoVirtual® Education
10400 Courthouse Rd. #280
Spotsylvania, Virginia 22553

“VMware Training Products and Services”

Subscribe to the GoVirtual® Newsletter

15 December 2010. A3 sends a link to a refutation of Perry’s claims by Jason Wright, one accused by Perry:

15 December 2010. A sends a link to a report on Perry’s affirmation of his claims and new ones’s well:

15 December 2010. A1 and A2 send an account of denials by named participants and a fruitless effort to contact Perry:

A pointer to any response from Perry would be appreciated. Send to: cryptome[at]

15 December 2010. A sent the same URL. Cryptome response:

Thanks for the pointer. Strong stuff, naming names, very unusual, likely to lead to professional suicide. Smells like a hoax or a competitor smear. We wrote last night the alleged author of the allegations for confirmation but have not received an answer. This is not to doubt that the TLAs do this regularly but to admit complicity is exceptional, and if genuine, an admirable public service. If the attribution is a hoax or a smear we’d like to make that known. Have you seen his confirmation or denial anywhere?

He may be in hiding or a sweat hole.

14 December 2010

Michael Shalayeff, (former OpenBSD Developer)
how i stopped worrying and loved the backdoor
A lie gets halfway around the world before the truth has a chance to get its pants on.
winston churchill

first of all i have to mention that netsec involvement was indirectly one of the first financial successes of theo de raadt (later mr.t for short) as the sale of 2500 cds through the EOUSA project (one for each us-ins office in the country) brought openbsd to profitable state and allowed mr.t to finance his living by means of the openbsd project.

but let us get back to our sheep (so to speak). as “the disclosure” from herr gregory perry mentioned the parts involved were ipsec(4)) and crypto(4)) framework and the “gigabit ethernet stack.” but see? there is no such thing as “gigabit ethernet stack.” moreover back then all the gigabit ethernet drivers came from freebsd. they were written almost exclusively by bill paul who worked at he himself does not always disclose where he gets the docs or other tech info for the driver development. drivers were ported to openbsd by jason@ (later mr.j). angelos@ (later mr.a) (who was contracted by netsec to work on the crypto framework in openbsd) was a post-grad student at at the time had contacts at columbia such as his friend and fellow countryman ji@ who worked there. ji@ wrote the ipsec stack initially (for bsd/os 2.0) in 1995. mr.a was porting it to openbsd. if memory serves me right it was during the summer of 2002 that a micro-hacking-session was held at for less than one week participating all the well known to us already mr.t and mr.j and mr.a with an addition of drahn@ and yours truly. primary goal was to hack on the OCF (crypto framework in openbsd). this does not affect crypto algorithms you’d say right? but why try to plant subtle and enormously complicated to develop side channels into math (encryption and hashing) when it’s way easier to just make the surrounding framework misbehave and leak bits elsewhere? why not just semioccasionally send an ipsec(4)) packet with a plain text key appended to it? the receiver will drop it as broken (check your ipsec stats!) and the sniffer in the middle has the key! how would one do it? a little mbuf(9)) underflow combined with a little integer overflow. not that easy to spot if more than just one line of code is involved. but this is just a really crude example. leaking by just tiny bits over longer time period would be even more subtle.

here are just some observations i had made during ipsec hacking years later… some parts of ipsec code were to say at least strange looking. in some places tiny loops were used where normally one would use a function (such as memcpy(3)) or a bulk random data fetch instead of fetching byte by byte. one has to know that to generate 16 bytes of randomness by the random(4) driver (not the arc4 bit) it would take an md5 algorithm run over 4096 bytes of the entropy pool. of course to generate only one byte 15 bytes would have to be wasted. and thus fetching N bytes one-by-one instead of filling a chunk would introduce a measurable time delay. ain’t these look like pieces of timing weaknesses introduced in ipsec processing in order to make encrypted data analysis easier? some code pieces created buffer underflows leaving uninitialised data or in other words leaking information as well. a common technique to hide changes was (and still is sometimes) to shuffle the code around the file or betweeen different files and directories making actual code review a nightmare. but to be just lots of those things had been since fixed (even by meself).

as the great ones teach us an essential part of any cryptographical system is the random numbers generator. your humble servant was involved in it too and right there in yer olde brooklyn. one breezy spring night i wrote the openbsd random(4) driver that was based on the linux driver written by theodore tso. and of course the output has never been statistically analysed since the day i wrote it. no doubt i ran some basic tests with help of mamasita (she’s keen on math and blintzi). later the arc4 part was added by david maziers (dm@) who was also a friend of mr.a at the time and an openbsd developer. since then a number of vulnerabilities were discovered in the arc4 algorithm and subsequently the driver. most notably this potential key leak.

meanwhile in calgary… wasting no time netsec was secretly funnelling “security fixes” through mr.t that he was committing “stealth” into openbsd tree. (this i only knew years later when i was telling mr.t over a beer about the funny people i met on a west-coast trip (see later)). “stealth” means that purpose of the diffs was not disclosed in the commit messages or the private openbsd development forums except with a few “trusted” developers. it was a custom to hide important development in the openbsd project at that time due to a large netbsd-hate attitude (which also existed from the other side in form of openbsd-hate attitude; just check out this netbsd diff and an openbsd fix later; or a more recent “rewrite for clarity” commit that in fact changes functionality). which was a result of bulk updates of the openbsd sources from netbsd that we were doing back then due to the lack of own developers in many parts of the tree). in this massive code flow it was easy to sneak in a few lines here and there and make sure the “others” will not notice the importance of the change. of course this “stealth” attitude did not stop once openbsd got more developers and continued also in the ipsec areas (see for example). after all “security” was one of the main important keywords that were separating openbsd from netbsd back then. as we can see holding this funnel for netsec is putting mr.t on the payroll also.

actually it would be all too easy to spot the malicious code if it all be in the publicly-available sources. this leads us to believe that bits of the solution were in the hardware. unsurprisingly netsec was producing their own version of hifn(4) crypto accelerator. unfortunately hifn was refusing to disclose full docs for their their hifn7751 chip and that prevented the driver from being included in the openbsd base system. ( in the beginning the driver was called aeon since at that development was done on pre-netsec cards and the driver was renamed (see mv(1)) manually in the cvs repository files later on ). as a bit-chewing disasm-pervert i was asked to reverse engineer their “unlocking” program. that was some magic sequence (since then it’s in the driver) that would initialise the hifn7751 after power-on and allow it to work. they had provided a sample program and challenged us. mr.t set up a machine for me in his house and i logged in remotely from my home in brooklyn to debug the c-code i devised from the disassembly of the unlocking proggy (see they did not even strip(1) it! ;). it was without any help from anybody else except for mr.t who was playing a role of my reset-monkey and yeah mamasita who was bitching at me for being late for dinner… and that worked. this was to show hifn that their “protection” is crap on the stack. the driver for the devices was written by mr.j who had access to public docs that lacked the “unlocking” sequence. this allowed netsec to start deploying their hifn(4)-based cards which by no doubt were a part of the side-channel scheme. about the same time at the bazaar show in nyc i was contacted by a representative of us-ins and a ukrainian millitary attache at un. both investigating my involvement with openbsd. a few months later i was offered an interview for a position at the fbi office for cyber-warfare in nyc who as well offered to fix my immigration status (or none thereof at the time ;) with a greencard. nonetheless for the lack of credibility from the future employer i refused to talk to them as for me deportation did not sound like an acceptable worst-case scenario.

soon enough due to professional contacts of mr.a the darpa grant for the openbsd was materialised. this was for two years work on various crypto technologies to be integrated in openbsd.

alot of the code resulting from the work sponsored by the grant still is in the repository except for parts that were done just for the noise and uncommitted later. of course no wander that darpa grant was spent primarily on mr.t and mr.j. i would expect mr.a was on benefit indirectly. three other developers on the payroll i suppose had to be there such it would not look completely obvious as a payment to mr.t and mr.j. initially mr.t offered me a position on it too but due to restrictions i could not be involved legally (as you can remember i had an expired immigrant status in the country of u.s. of a.). this was slightely disappointing as i had to spend money for coming all the way to philly for the meeting and as it seems for nothing. at least my trip to the following usenix anu-tech in monterey was payed by the moneys from the grant. at the time it only looked kinda funny to travel on the enemy capitalist government’s budget ;) monterey by itself has not much of excitement but for the beach scenery and the cia agents for eastern-europe training camp. that would explain body search at the grayhound bus boarding (this was before the post-2001 scare) which ignored the knife and a whisky bottle i had in my pockets. before going to monterey and while exploring the beauty of san francisco i was contacted once by a us navy intelligence officer who seemingly unintentionally appeared next to me at the bar. later on my way back during a short stay in chicago also randomly appearing fbi agent. fellow was ordering food and beer for me and just like his navy pal gave me a warning to keep my mouth shut!


paranoic mickey       (my employers have changed but, the name has remained)

OpenBSD IPSec “Backdoor”

Published: 2010-12-15,
Last Updated: 2010-12-15 16:21:23 UTC
by Johannes Ullrich (Version: 1)

We received plenty of e-mail alerting us of a mailing list post [1] alleging a backdoor in the Open BSD IPSec code. The story is too good to pass up and repeated on twitter and other media. However, aside from the mailing list post, there is little if any hard evidence of such a backdoor. The code in question is 10 years old. Since then, it has been changed, extended, patched and copied many times. I personally do not have the time nor the skill to audit code of the complexity found in modern crypto implementations. But my gut feeling is that this is FUD if not an outright fraud.

Keep using VPNs, if you are worried, limit the crypto algorithms used to more modern once. It is always a good idea to build additional defensive layers and review configurations from time to time. But at some point, you have to decide who you trust in this game and how paranoid you can afford to be.

Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Keywords: backdoor FBI openbsd
1 comment(s)

FBI accused of planting backdoor in OpenBSD IPSEC stack
By Ryan Paul

In an e-mail sent to BSD project leader Theo de Raadt, former NETSEC CTO Gregory Perry has claimed that NETSEC developers helped the FBI plant “a number of backdoors” in the OpenBSD cryptographic framework approximately a decade ago.

Perry says that his nondisclosure agreement with the FBI has expired, allowing him to finally bring the issue to the attention of OpenBSD developers. Perry also suggests that knowledge of the FBI’s backdoors played a role in DARPA’s decision to withdraw millions of dollars of grant funding from OpenBSD in 2003.

“I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI,” wrote Perry. “This is also probably the reason why you lost your DARPA funding, they more than likely caught wind of the fact that those backdoors were present and didn’t want to create any derivative products based upon the same.”

The e-mail became public when de Raadt forwarded it to the OpenBSD mailing list on Tuesday, with the intention of encouraging concerned parties to conduct code audits. To avoid entanglement in the alleged conspiracy, de Raadt says that he won’t be pursuing the matter himself. Several developers have begun the process of auditing the OpenBSD IPSEC stack in order to determine if Perry’s claims are true.

“It is alleged that some ex-developers (and the company they worked for) accepted US government money to put backdoors into our network stack,” de Raadt wrote. “Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products. Over 10 years, the IPSEC code has gone through many changes and fixes, so it is unclear what the true impact of these allegations are.”

OpenBSD developers often characterize security as one of the project’s highest priorities, citing their thorough code review practices and proactive auditing process as key factors that contribute to the platform’s reputedly superior security. If Perry’s allegations prove true, the presence of FBI backdoors that have gone undetected for a decade would be a major embarrassment for OpenBSD.

The prospect of a federal government agency paying open source developers to inject surveillance-friendly holes in operating systems is also deeply troubling. It’s possible that similar backdoors could potentially exist on other software platforms. It’s still too early to know if the claims are true, but the OpenBSD community is determined to find out if they are.

Deconstructing the OpenBSD IPsec Rumors
2010-12-14 21:58:01 by Jason Dixon

Theo de Raadt posted an email to the openbsd-tech mailing list Tuesday evening which contained details of alleged backdoors added to the OpenBSD IPsec code by government contractors some ten years ago. Subsequent posts from Bob Beck and Damien Miller add further commentary, but neither confirm nor deny the allegations. Damien goes so far as to propose a number of possible avenues as the most likely places to begin a new audit.

One of the purported conspirators is Jason Wright, a cryptology expert at the Idaho National Laboratory, who committed a significant amount of crypto and sparc64 code to the OpenBSD project. Although I haven’t seen Jason in years, I consider”Wookie” a good friend and hope these accusations are false. If Damien’s hypothesis is correct, it seems highly unlikely that Jason (or any US developers) introduced backdoors directly into the crypto code. A more likely scenario would be the malicious reuse of mbufs in the network stack.

As Brian T. Merritt suggests, it seems even more likely that Linux would be similarly “exploited”. Lest we forget that while these claims against OpenBSD revolve around FBI involvement, Linux has had significant portions of its security code infiltrated by the NSA. Between these two code bases you’re talking about an enormous portion of the networking infrastructure that powers the Internet.

As a former OpenBSD committer, this saddens me. Not just because of the possibility that this might be true, but that regardless of whether or not this could be true, it means that developer and community resources will be swallowed into the rumor vacuum for untold weeks and possibly months. This results in less innovation, fewer bugfixes, and worst of all, a growing distrust among everyone involved.

This story has all the characteristics of being newsworthy for a long while. It has already made major headlines across Twitter, Slashdot, Reddit and OSNews. Most articles and tweets imply that the claims are fact, without any investigation of the source claim or the actual code in question. I hope that all parties involved are cleared of any wrongdoing. Either way, the cat is out of the proverbial bag. These claims will undermine a significant portion of goodwill and trust among all Free Software / Open Source projects. In the end, nobody wins.

The OpenBSD IPSec kerfuffle
Michael W Lucas, December 15th, 2010

By now you’ve probably heard of the allegations Theo forwarded to the OpenBSD-tech mailing list about the FBI introducing back doors in early versions of the OpenBSD IPSec code.  I’d like to offer my opinion, in the spirit of the Christmas season:

“Bah, humbug!”

It’s possible, but unlikely.  Like me winning the lottery is unlikely.  I’d need to buy a ticket, and that isn’t going to happen any time soon.

The OpenBSD group examines every line of code that goes into their tree.  Any obvious back door would be caught.  Any  subtle back door would be fragile — so subtle that it probably wouldn’t survive the intervening ten years of code churn and IPSec improvements.  Maybe someone has an appliance based on, say, OpenBSD 2.8 or 3.2, which could have contained the back door.  If true, we need to know about it.  But those users need to upgrade anyway.

And the FBI?  Nope, don’t believe it.  Ten years ago, the FBI was having lots of trouble understanding the Internet.  The NSA, maybe.

Bugs?  Sure, there’s probably bugs.  I expect we’ll find some, now that many eyes have turned to the code.  Exploitable bugs?  Maybe.  But that’s not the same as a back door.

OpenBSD has claimed to be the best for many years.  That claim motivates people to take them down.  The claims have hopefully inspired many people to examine the current and historical IPSec stack.  Theo and company have done nothing to discourage such audits: they’ve even offered pointers on where to look.  If you’re a programmer looking to make a splash, you could do worse than to join in on auditing the code.  Finding the alleged back door would make your reputation.  And we can always use more IPSec hackers.

The real impact might be, as Jason Dixon points out, the cost in OpenBSD developer time.  You know that some of their committers are examining the IPSec code today, trying to find potential back doors.

Schneier on Security
A blog covering security and security technology.
December 17, 2010
Did the FBI Plant Backdoors in OpenBSD?
It has been accused of it.
I doubt this is true. One, it’s a very risky thing to do. And two, there are more than enough exploitable security vulnerabilities in a piece of code that large. Finding and exploiting them is a much better strategy than planting them. But maybe someone at the FBI is that dumb.
EDITED TO ADD (12/17): Further information is here. And a denial from an FBI agent.
Posted on December 17, 2010 at 10:49 AM

Dag-Erling Smørgrav (aka DES)

OpenBSD IPSec backdoor allegations: triple $100 bounty
In case you hadn’t heard: Gregory Perry alleges that the FBI paid OpenBSD contributors to insert backdoors into OpenBSD’s IPSec stack, with his (Perry’s) knowledge and collaboration.

If that were true, it would also be a concern for FreeBSD, since some of our IPSec code comes from OpenBSD.

I’m having a hard time swallowing this story, though. In fact, I think it’s preposterous. Rather than go into further detail, I’ll refer you to Jason Dixon’s summary, which links to other opinions, and add only one additional objection: if this were true, there would be no “recently expired NDA”; it would be a matter of national security.

I’ll put my money where my mouth is, and post a triple bounty:

1) I pledge USD 100 to the first person to present convincing evidence showing:
– that the OpenBSD Crypto Framework contains vulnerabilities which can be exploited by an eavesdropper to recover plaintext from an IPSec stream,
– that these vulnerabilities can be traced directly to code submitted by Jason Wright and / or other developers linked to Perry, and
– that the nature of these vulnerabilities is such that there is reason to suspect, independently of Perry’s allegations, that they were inserted intentionally—for instance, if the surrounding code is unnecessarily awkward or obfuscated and the obvious and straightforward alternative would either not be vulnerable or be immediately recognizable as vulnerable.
– I pledge an additional USD 100 to the first person to present convincing evidence showing that the same vulnerability exists in FreeBSD.
– Finally, I pledge USD 100 to the first person to present convincing evidence showing that a government agency successfully planted a backdoor in a security-critical portion of the Linux kernel.

Additional conditions:
– In all three cases, the vulnerability must still be present and exploitable when the evidence is assembled and presented to the affected parties. Allowances will be made for the responsible disclosure process.
– Exploitability must be demonstrated, not theorized.
– I will not evaluate the evidence myself, but rely on the consensus of the OpenBSD, FreeBSD, Linux and / or infosec communities.
– Primacy will be determined in a similar manner.
– The evidence must be presented, and the bounty claimed, no later than 2012-12-31 23:59:59 UTC—a little more than two years from today.
– The bounty will, at the claimant’s discretion, either be transferred to the claimant by PayPal—no cash, checks, direct deposits or wire transfers—or donated directly to a non-profit of his or her choice.

Dag-Erling Smørgrav can be reached at:

OpenBSD/FBI allegations denied by named participants
Update: Government shilling accusations refuted by both similarly named persons
Tags: backdoors, EOUSA, FBI, OpenBSD
Brian Proffitt, December 14, 2010, 10:32 PM —

Update: This story was updated at 0920 on Dec. 15 to include comments from the second Scott Lowe, and expand on additional questions now sent to Gregory Perry.

Amidst startling accusations revealed by OpenBSD founder and lead developer Theo de Raadt today that 10 years ago the US Federal Bureau of Investigations paid developers to insert security holes into OpenBSD code, some confusion about the accusations has already emerged, with one named party strongly denying any involvement.

According to a post by de Raadt on the [openbsd-tech] mailing list, he received an email from Gregory Perry, CEO of GoVirtual Education, a Florida-based VMWare training firm, in which Perry told de Raadt he was “aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA [an acronym for the US Dept. of Justice], the parent organization to the FBI.”

In his message to de Raadt, Perry stated that while Perry was the CTO at NETSEC, “Jason Wright and several other developers were responsible for those backdoors.” Perry said that he was now able to share this information with de Raadt because his non-disclosure agreement with the FBI had “recently expired.”

If true, this type of government involvement would enhance the already present concerns free and open source developers tend to have about government policies concerning privacy.

But there are already challenges about the accuracy of Perry’s statements.

For instance, at the close of his message to de Raadt, Perry stated that the presence of these backdoors were why “several inside FBI folks have been recently advocating the use of OpenBSD for VPN and firewalling implementations in virtualized environments.”

“For example,” Perry concluded, “Scott Lowe is a well respected author in virtualization circles who also happens top [sic] be on the FBI payroll, and who has also recently published several tutorials for the use of OpenBSD VMs in enterprise VMWare vSphere deployments.”

I contacted Scott Lowe, VMWare-Cisco Solutions Principal at EMC this evening to ask if he had a comment about Perry’s statement to de Raadt. Lowe quickly responded via e-mail his denial:

“Mr. Perry is mistaken. I am not, nor have I ever been, affiliated with or employed by the FBI or any other government agency. Likewise, I have not ever contributed a single line of code to OpenBSD; my advocacy is strictly due to appreciation of the project and nothing more,” Lowe replied.

When I followed up with the question of why Perry might want to implicate Lowe for assisting the FBI in promoting OpenBSD, Lowe replied, “I do not know why Mr. Perry mentioned my name. I do know that there is another Scott Lowe, who also writes about virtualization, to whom Mr. Perry might be referring; I don’t have any information as to whether that individual is or is not involved.”

Mr. Lowe from North Carolina has been confused with the other Scott Lowe, Vice President and Chief Information Officer at Westminster College in Missouri, before.

Update:Mr. Lowe of Missouri was contacted for comment late last night, and did reply to my questions via e-mail early this morning.

“I am not, nor have I ever been, on the FBI’s payroll, nor do I use or advocate the use of OpenBSD either personally or in my writing,” Lowe of Missouri replied.

Perry may have gotten his Scott Lowes confused; stranger things have happened. Earlier in my own career, I was often confused with Brian Proffit, a prolific and excellent writer about OS/2 who is also a Baptist minister (trust me, I’m the evil twin).

The North Carolina Lowe has published articles and books on VMWare, while the Missouri Lowe has published his work primarily on TechRepublic, with more of a focus on Microsoft technologies, rather than VMware.

With the response of both Lowes on record, the question of mistaken identity becomes moot. It now becomes Perry’s word against two Scott Lowes’ that one of these gentlemen was promoting of OpenBSD happening on behalf of the FBI. It makes me wonder if Perry was speculating about Lowe’s alleged involvement with the FBI.

I have reached out to Perry for comment; specifically to elaborate the evidence he has regarding the involvement of a Scott Lowe, and to identify the Scott Lowe to which he was referring. As of 0920 EST on December 15, no reply from Perry has been received.

An FBI backdoor in OpenBSD?
by Robert McMillan, Security Blanket
Wed, 2010-12-15 09:06
Topic(s): Data Protection

You have to give Theo de Raadt credit: he’s into openness. What other software product would take serious, but questionable allegations about an FBI-planted back door in its code and just go public with them?

That’s what OpenBSD’s de Raadt did Tuesday after a former government contractor named Gregory Perry came forward and told him that the FBI had put a number of back doors in OpenBSD’s IPsec stack, used by VPNs to do cryptographically secure communications over the Internet.

The allegations could make many people think twice about the security of OpenBSD, but the way de Raadt handled the matter will probably have the opposite effect — giving them another reason to trust the software.

Here’s what de Raadt said:

I refuse to become part of such a conspiracy, and
will not be talking to Gregory Perry about this.  Therefore I am
making it public so that
(a) those who use the code can audit it for these problems,
(b) those that are angry at the story can take other actions,
(c) if it is not true, those who are being accused can defend themselves.

I contacted Perry about his email, and while I couldn’t get him on the telephone, he confirmed that his letter to de Raadt was published without his consent. He gave a few more details on his involvement with the FBI (which, by the way, has no immediate comment on this).

Hello Robert,

I did not really intend for Theo to cross post that message to the rest of the Internet, but I stand by my original email message to him in those regards.

The OCF was a target for side channel key leaking mechanisms, as well as pf (the stateful inspection packet filter), in addition to the gigabit Ethernet driver stack for the OpenBSD operating system; all of those projects NETSEC donated engineers and equipment for, including the first revision of the OCF hardware acceleration framework based on the HiFN line of crypto accelerators.

The project involved was the GSA Technical Support Center, a circa 1999 joint research and development project between the FBI and the NSA; the technologies we developed were Multi Level Security controls for case collaboration between the NSA and the FBI due to the Posse Commitatus Act, although in reality those controls were only there for show as the intended facility did in fact host both FBI and NSA in the same building.

We were tasked with proposing various methods used to reverse engineer smart card technologies, including Piranha techniques for stripping organic materials from smart cards and other embedded systems used for key material storage, so that the gates could be analyzed with Scanning Electron and Scanning Tunneling Microscopy.  We also developed proposals for distributed brute force key cracking systems used for DES/3DES cryptanalysis, in addition to other methods for side channel leaking and covert backdoors in firmware-based systems.  Some of these projects were spun off into other sub projects, JTAG analysis components etc.  I left NETSEC in 2000 to start another venture, I had some fairly significant concerns with many aspects of these projects, and I was the lead architect for the site-to-site VPN project developed for Executive Office for United States Attorneys, which was a statically keyed VPN system used at 235+ US Attorney locations and which later proved to have been backdoored by the FBI so that they could recover (potentially) grand jury information from various US Attorney sites across the United States and abroad.  The person I reported to at EOSUA was Zal Azmi, who was later appointed to Chief Information Officer of the FBI by George W. Bush, and who was chosen to lead portions of the EOUSA VPN project based upon his previous experience with the Marines (prior to that, Zal was a mujadeen for Usama bin Laden in their fight against the Soviets, he speaks fluent Farsi and worked on various incursions with the CIA as a linguist both pre and post 911, prior to his tenure at the FBI as CIO and head of the FBI’s Sentinel case management system with Lockheed).  After I left NETSEC, I ended up becoming the recipient of a FISA-sanctioned investigation, presumably so that I would not talk about those various projects; my NDA recently expired so I am free to talk about whatever I wish.

Here is one of the articles I was quoted in from the NY Times that touches on the encryption export issue:

In reality, the Clinton administration was very quietly working behind the scenes to embed backdoors in many areas of technology as a counter to their supposed relaxation of the Department of Commerce encryption export regulations – and this was all pre-911 stuff as well, where the walls between the FBI and DoD were very well established, at least in theory.

Some people have decided that Perry’s claims are not credible, and at least one person named in his email has come forward to say it’s not true.  But at this point, it seems that nobody but Perry really knows what’s going on.

It’s hard to really know what to say at this point. We’re talking about backdoors that probably just look like regular old bugs in code that was written 10 years ago.

CNET’s Declan McCullagh spotted the following tweet from former FBI agent E.J. Hilbert:

I was one of the few FBI cyber agents when the coding supposedly happened. Experiment yes. Success No.
7:57 PM Dec 14th via ÜberTwitter from Las Flores, CA
E.J. Hilbert
https:// /ejhilbert/status/14891845825863680


@vze2p5 I commented to spark a discussion. Many take social media as truth rather than question & discuss. Its the former teacher in me
12:25 AM Dec 18th via TweetDeck in reply to vze2p5

https:// /ejhilbert


Report of FBI back door roils OpenBSD community
by Declan McCullagh, December 15, 2010 11:08 AM PST

Allegations that the FBI surreptitiously placed a back door into the OpenBSD operating system have alarmed the computer security community, prompting calls for an audit of the source code and claims that the charges must be a hoax.

The report surfaced in e-mail made public yesterday from a former government contractor, who alleged that he worked with the FBI to implement “a number of back doors” in OpenBSD, which has a reputation for high security and is used in some commercial products.

Gregory Perry, the former chief technologist at the now-defunct contractor Network Security Technology, or NETSEC, said he’s disclosing this information now because his 10-year confidentiality agreement with the FBI has expired. The e-mail was sent to OpenBSD founder Theo de Raadt, who posted it publicly.

“I cashed out of the company shortly after the FBI project,” Perry told CNET today. “At that time there were significant legal barriers between domestic law enforcement and [the Department of Defense], and [this project] was in clear violation of that.” He said the project was a “circa 1999 joint research and development project between the FBI and the NSA,” which is part of the Defense Department.

The OpenBSD project, which was once funded by DARPA but had its funding yanked in 2003 for unspecified reasons, says that it takes an “uncompromising view toward increased security.” The code is used in Microsoft’s Windows Services for Unix and firewalls including ones sold by Calyptix Security, Germany’s, and Switzerland’s Apsis GmbH.

In national security circles, it’s an open secret that the U.S. government likes to implant back doors in encryption products.
That’s what the FBI proposed in September, although it also claimed that the crypto-back doors would be used only through a legal process. So did the Clinton administration, in what was its first technology initiative in the early 1990s, which became known as the Clipper Chip.

If implemented correctly using a strong algorithm, modern encryption tools are believed to be so secure that even the NSA’s phalanxes of supercomputers are unable to decrypt messages or stored data. One report noted that, even in the 1990s, the FBI was unable to successfully decrypt communications from some wiretaps, and a report this year said it could not decrypt hard drives using the AES algorithm with a 256-bit key.

E.J. Hilbert, a former FBI agent, indicated in a note on Twitter last night that the OpenBSD “experiment” happened but was unsuccessful.

The Justice Department did not respond to a request from CNET yesterday for comment.

NETSEC, the now-defunct contractor, boasted at the time that it was a top provider of computer security services to the Justice Department, the Treasury Department, the National Science Foundation, and unnamed intelligence agencies. A 2002 NSF document (PDF) says NETSEC was “a contractor that NSF utilizes for computer forensics” that performed an investigation of whether data “deleted from an internal NSF server” amounted to a malicious act or not.

A snapshot of the NETSEC Web page from August 2000 from shows that the company touted its close ties with the NSA. The founders created the company to build “upon practices developed while employed at the National Security Agency (NSA) and Department of Defense (DoD), the methodologies utilized at NETSEC today are widely regarded as the best anywhere,” it says.

On the OpenBSD technical mailing list, reaction was concerned but skeptical. One post suggested that the best way to insert a back door would be to leak information about the cryptographic key through the network, perhaps through what’s known as a side channel attack. (A 2000 paper describes that technique as using information about the specific implementation of the algorithm to break a cipher, in much the same way that radiation from a computer monitor can leak information about what’s on the screen. Secure environments use TEMPEST shielding to block that particular side channel.)

A 1999 New York Times article written by Peter Wayner about the Clinton administration’s encryption policies, which quoted Perry about OpenBSD, noted that the “the Naval Research Lab in Virginia is using OpenBSD as a foundation of its new IPv6 project.”
Perry told CNET that he hired Jason Wright “at NETSEC as a security researcher, he was basically paid to develop full time for the OpenBSD platform.” In the e-mail to de Raadt, Perry added that “Jason Wright and several other developers were responsible for those back doors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC.”
Wright’s LinkedIn profile lists him as a “senior developer” at the OpenBSD project and a cybersecurity engineer at the Idaho National Laboratory, and previously a software engineer at NETSEC. He did not respond to a request for comment.

A decades-long push for back doors
While the OpenBSD allegations may never be fully proved or disproved, it’s clear that the federal government has a long history of pressing for back doors into products or networks for eavesdropping purposes. The Bush administration-era controversy over pressuring AT&T to open its network–in apparent violation of federal law–is a recent example.
Louis Tordella, the longest-serving deputy director of the NSA, acknowledged overseeing a similar project to intercept telegrams as recently as the 1970s. It relied on the major telegraph companies, including Western Union, secretly turning over copies of all messages sent to or from the United States.

“All of the big international carriers were involved, but none of ’em ever got a nickel for what they did,” Tordella said before his death in 1996, according to a history written by L. Britt Snider, a Senate aide who became the CIA’s inspector general.

The telegraph interception operation was called Project Shamrock. It involved a courier making daily trips from the NSA’s headquarters in Fort Meade, Md., to New York to retrieve digital copies of the telegrams on magnetic tape.

Like the eavesdropping system authorized by President Bush, Project Shamrock had a “watch list” of people in the U.S. whose conversations would be identified and plucked out of the ether by NSA computers. It was intended to be used for foreign intelligence purposes.

Then-President Richard Nixon, plagued by anti-Vietnam protests and worried about foreign influence, ordered that Project Shamrock’s electronic ear be turned inward to eavesdrop on American citizens. In 1969, Nixon met with the heads of the NSA, CIA and FBI and authorized a program to intercept “the communications of U.S. citizens using international facilities,” meaning international calls, according to James Bamford’s 2001 book titled “Body of Secrets.”

Nixon later withdrew the formal authorization, but informally, police and intelligence agencies kept adding names to the watch list. At its peak, 600 American citizens appeared on the list, including singer Joan Baez, pediatrician Benjamin Spock, actress Jane Fonda, and the Rev. Martin Luther King Jr.

Another apparent example of NSA and industry cooperation became public in 1995. The Baltimore Sun reported that for decades NSA had rigged the encryption products of Crypto AG, a Swiss firm, so U.S. eavesdroppers could easily break their codes.

The six-part story, based on interviews with former employees and company documents, said Crypto AG sold its compromised security products to some 120 countries, in;txt;txt;txt
https:// /ejhilbert/status/14891845825863680;txt

(contemplate until someone comes up with the actual FBI-compromised code)

Reflections on Trusting Trust
Ken Thompson

Reprinted from Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763. Copyright © 1984, Association for Computing Machinery, Inc. Also appears in ACM Turing Award Lectures: The First Twenty Years 1965-1985 Copyright © 1987 by the ACM press and Computers Under Attack: Intruders, Worms, and Viruses Copyright © 1990 by the ACM press.
I copied this page from the ACM, in fear that it would someday turn stale.


I thank the ACM for this award. I can’t help but feel that I am receiving this honor for timing and serendipity as much as technical merit. UNIX swept into popularity with an industry-wide change from central main frames to autonomous minis. I suspect that Daniel Bobrow (1) would be here instead of me if he could not afford a PDP-10 and and had to “settle” for a PDP-11. Moreover, the current state of UNIX is the result of the labors of a large number of people.

There is an old adage, “Dance with the one that brought you,” which means that I should talk about UNIX. I have not worked on mainstream UNIX in many years, yet I continue to get undeserved credit for the work of others. Therefore, I am not going to talk about UNIX, but I want to thank everyone who has contributed.

That brings me to Dennis Ritchie. Our collaboration has been a thing of beauty. In the ten years that we have worked together, I can recall only one case of miscoordination of work. On that occasion, I discovered that we both had written the same 20-line assembly language program. I compared the sources and was astounded to find that they matched character-for-character. The result of our work together has been far greater than the work that we each contributed.

I am a programmer. On my 1040 form, that is what I put down as my occupation. As a programmer, I write programs. I would like to present to you the cutest program I ever wrote. I will do this in three stages and try to bring it together at the end.

Stage I

In college, before video games, we would amuse ourselves by posing programming exercises. One of the favorites was to write the shortest self-reproducing program. Since this is an exercise divorced from reality, the usual vehicle was FORTRAN. Actually, FORTRAN was the language of choice for the same reason that three-legged races are popular.

More precisely stated, the problem is to write a source program that, when compiled and executed, will produce as output an exact copy of its source. If you have never done this, I urge you to try it on your own. The discovery of how to do it is a revelation that far surpasses any benefit obtained by being told how to do it. The part about “shortest” was just an incentive to demonstrate skill and determine a winner.


Figure I shows a self-reproducing program in the C programming language. (The purist will note that the program is not precisely a self-reproducing program, but will produce a self-reproducing program.) This entry is much too large to win a prize, but it demonstrates the technique and has two important properties that I need to complete my story: (1) This program can be easily written by another program. (2) This program can contain an arbitrary amount of excess baggage that will be reproduced along with the main algorithm. In the example, even the comment is reproduced.

Stage II

The C compiler is written in C. What I am about to describe is one of many “chicken and egg” problems that arise when compilers are written in their own language. In this ease, I will use a specific example from the C compiler.

C allows a string construct to specify an initialized character array. The individual characters in the string can be escaped to represent unprintable characters. For example,

“Hello world\n”
represents a string with the character “\n,” representing the new line character.


Suppose we wish to alter the C compiler to include the sequence “\v” to represent the vertical tab character. The extension to Figure 2 is obvious and is presented in Figure 3. We then recompile the C compiler, but we get a diagnostic. Obviously, since the binary version of the compiler does not know about “\v,” the source is not legal C. We must “train” the compiler. After it “knows” what “\v” means, then our new change will become legal C. We look up on an ASCII chart that a vertical tab is decimal 11. We alter our source to look like Figure 4. Now the old compiler accepts the new source. We install the resulting binary as the new official C compiler and now we can write the portable version the way we had it in Figure 3.


This is a deep concept. It is as close to a “learning” program as I have seen. You simply tell it once, then you can use this self-referencing definition.

Stage III

Again, in the C compiler, Figure 5 represents the high-level control of the C compiler where the routine “compile” is called to compile the next line of source. Figure 6 shows a simple modification to the compiler that will deliberately miscompile source whenever a particular pattern is matched. If this were not deliberate, it would be called a compiler “bug.” Since it is deliberate, it should be called a “Trojan horse.”


The actual bug I planted in the compiler would match code in the UNIX “login” command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user.

Such blatant code would not go undetected for long. Even the most casual perusal of the source of the C compiler would raise suspicions.


The final step is represented in Figure 7. This simply adds a second Trojan horse to the one that already exists. The second pattern is aimed at the C compiler. The replacement code is a Stage I self-reproducing program that inserts both Trojan horses into the compiler. This requires a learning phase as in the Stage II example. First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere.


The moral is obvious. You can’t trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.

After trying to convince you that I cannot be trusted, I wish to moralize. I would like to criticize the press in its handling of the “hackers,” the 414 gang, the Dalton gang, etc. The acts performed by these kids are vandalism at best and probably trespass and theft at worst. It is only the inadequacy of the criminal code that saves the hackers from very serious prosecution. The companies that are vulnerable to this activity (and most large companies are very vulnerable) are pressing hard to update the criminal code. Unauthorized access to computer systems is already a serious crime in a few states and is currently being addressed in many more state legislatures as well as Congress.

There is an explosive situation brewing. On the one hand, the press, television, and movies make heroes of vandals by calling them whiz kids. On the other hand, the acts performed by these kids will soon be punishable by years in prison.

I have watched kids testifying before Congress. It is clear that they are completely unaware of the seriousness of their acts. There is obviously a cultural gap. The act of breaking into a computer system has to have the same social stigma as breaking into a neighbor’s house. It should not matter that the neighbor’s door is unlocked. The press must learn that misguided use of a computer is no more amazing than drunk driving of an automobile.


I first read of the possibility of such a Trojan horse in an Air Force critique (4) of the security of an early implementation of Multics.


• Bobrow, D.G., Burchfiel, J.D., Murphy, D.L., and Tomlinson, R.S. TENEX, a paged time-sharing system for the PDP-10. Commun. ACM 15, 3 (Mar. 1972), 135-143.
• Kernighan, B.W., and Ritchie, D.M. The C Programming Language. Prentice-Hall, Englewood Cliffs, N.J., 1978.
• Ritchie, D.M., and Thompson, K. The UNIX time-sharing system. Commun. ACM 17, 7(July 1974), 365-375.
• Karger, P.A., and Schell, R.R. Multics Security Evaluation: Vulnerability Analysis. ESD-TR-74-193, Vol II, June 1974, p 52.