Group items tagged

When the Senate Intelligence Committee passed the Cybersecurity Information Sharing Act by a vote of 14 to 1, committee chairman Senator Richard Burr argued that it successfully balanced security and privacy. Fifteen new amendments to the bill, he said, were designed to protect internet users’ personal information while enabling new ways for companies and federal agencies to coordinate responses to cyberattacks. But critics within the security and privacy communities still have two fundamental problems with the legislation: First, they say, the proposed cybersecurity act won’t actually boost security. And second, the “information sharing” it describes sounds more than ever like a backchannel for surveillance.

On Tuesday the bill’s authors released the full, updated text of the CISA legislation passed last week, and critics say the changes have done little to assuage their fears about wanton sharing of Americans’ private data. In fact, legal analysts say the changes actually widen the backdoor leading from private firms to intelligence agencies. “It’s a complete failure to strengthen the privacy protections of the bill,” says Robyn Greene, a policy lawyer for the Open Technology Institute, which joined a coalition of dozens of non-profits and cybersecurity experts criticizing the bill in an open letter earlier this month. “None of the [privacy-related] points we raised in our coalition letter to the committee was effectively addressed.” The central concern of that letter was how the same data sharing meant to bolster cybersecurity for companies and the government opens massive surveillance loopholes. The bill, as worded, lets a private company share with the Department of Homeland Security any information construed as a cybersecurity threat “notwithstanding any other provision of law.” That means CISA trumps privacy laws like the Electronic Communication Privacy Act of 1986 and the Privacy Act of 1974, which restrict eavesdropping and sharing of users’ communications. And once the DHS obtains the information, it would automatically be shared with the NSA, the Department of Defense (including Cyber Command), and the Office of the Director of National Intelligence.

In a statement posted to his website yesterday, Senator Burr wrote that “Information sharing is purely voluntary and companies can only share cyber-threat information and the government may only use shared data for cybersecurity purposes.” But in fact, the bill’s data sharing isn’t limited to cybersecurity “threat indicators”—warnings of incoming hacker attacks, which is the central data CISA is meant to disseminate among companies and three-letter agencies. OTI’s Greene says it also gives companies a mandate to share with the government any data related to imminent terrorist attacks, weapons of mass destruction, or even other information related to violent crimes like robbery and carjacking. 

When the 193-member General Assembly adopts a resolution next month censuring the illegal electronic surveillance of governments and world leaders by the U.S. National Security Agency (NSA), the U.N.’s highest policy-making body will spare the United States from public condemnation despite its culpability in widespread wiretapping. A draft resolution currently in limited circulation – a copy of which was obtained by IPS – criticises “the conduct of extra-territorial surveillance” and the “interception of communications in foreign jurisdictions”. But it refuses to single out the NSA or the United States, which stands accused of spying on foreign governments, including political leaders in Germany, France, Brazil, Spain and Mexico, among some 30 others.

The draft says that while the gathering and protection of certain sensitive information may be justified on grounds of national security and criminal activity, member states must still ensure full compliance with international human rights. The resolution will also emphasise “that illegal surveillance of private communications and the indiscriminate interception of personal data of citizens constitutes a highly intrusive act that violates the rights to freedom of expression and privacy, and threatens the foundations of a democratic society.” Additionally, it will call for the establishment of independent oversight mechanisms capable of ensuring transparency and accountability of state surveillance of communications. And the resolution will request the U.N. High Commissioner for Human Rights, Navi PIllay, to present an interim report on the issue of human rights and “indiscriminate surveillance, including on extra-territorial surveillance.” This report is to be presented to the 69th session of the General Assembly next September, and a final report to its 70th session in 2015.

Chakravarthi Raghavan, a veteran Indian journalist who has been reporting on the U.N. and its activities since the 1960s, both in New York and later in Geneva, told IPS the resolution may help start a process under which the national security interests of every state, international security and right to privacy and human rights of people can be discussed and a balance found in some universal forum. “Otherwise, the U.N. world order will break down, and no one will benefit or emerge unscathed,” he said. Much will depend on the follow-up action that the General Assembly resolution calls for, and with what tenacity members pursue it. “Frankly, I am not at all clear that some of the nations raising the issue now are really serious,” said Raghavan, editor-emeritus of the Geneva-based South-North Development Monitor SUNS. “If they were, any one of them in Europe would have granted asylum to Edward Snowden, and not play footsie with U.S. in its attempts to have him jailed in the U.S. on espionage charges.” The revelations of U.S. spying have come mostly from documents released by Snowden, a former NSA contractor, who sought political asylum in Russia after he was accused of espionage by the United States.

Vodafone, one of the world's largest mobile phone groups, has revealed the existence of secret wires that allow government agencies to listen to all conversations on its networks, saying they are widely used in some of the 29 countries in which it operates in Europe and beyond.The company has broken its silence on government surveillance in order to push back against the increasingly widespread use of phone and broadband networks to spy on citizens, and will publish its first Law Enforcement Disclosure Report on Friday. At 40,000 words, it is the most comprehensive survey yet of how governments monitor the conversations and whereabouts of their people.The company said wires had been connected directly to its network and those of other telecoms groups, allowing agencies to listen to or record live conversations and, in certain cases, track the whereabouts of a customer. Privacy campaigners said the revelations were a "nightmare scenario" that confirmed their worst fears on the extent of snooping.

Vodafone's group privacy officer, Stephen Deadman, said: "These pipes exist, the direct access model exists."We are making a call to end direct access as a means of government agencies obtaining people's communication data. Without an official warrant, there is no external visibility. If we receive a demand we can push back against the agency. The fact that a government has to issue a piece of paper is an important constraint on how powers are used."Vodafone is calling for all direct-access pipes to be disconnected, and for the laws that make them legal to be amended. It says governments should "discourage agencies and authorities from seeking direct access to an operator's communications infrastructure without a lawful mandate".

In America, Verizon and AT&T have published data, but only on their domestic operations. Deutsche Telekom in Germany and Telstra in Australia have also broken ground at home. Vodafone is the first to produce a global survey.

The United States and its key intelligence allies are quietly working behind the scenes to kneecap a mounting movement in the United Nations to promote a universal human right to online privacy, according to diplomatic sources and an internal American government document obtained by The Cable. The diplomatic battle is playing out in an obscure U.N. General Assembly committee that is considering a proposal by Brazil and Germany to place constraints on unchecked internet surveillance by the National Security Agency and other foreign intelligence services. American representatives have made it clear that they won't tolerate such checks on their global surveillance network. The stakes are high, particularly in Washington -- which is seeking to contain an international backlash against NSA spying -- and in Brasilia, where Brazilian President Dilma Roussef is personally involved in monitoring the U.N. negotiations.

The Brazilian and German initiative seeks to apply the right to privacy, which is enshrined in the International Covenant on Civil and Political Rights (ICCPR), to online communications. Their proposal, first revealed by The Cable, affirms a "right to privacy that is not to be subjected to arbitrary or unlawful interference with their privacy, family, home, or correspondence." It notes that while public safety may "justify the gathering and protection of certain sensitive information," nations "must ensure full compliance" with international human rights laws. A final version the text is scheduled to be presented to U.N. members on Wednesday evening and the resolution is expected to be adopted next week. A draft of the resolution, which was obtained by The Cable, calls on states to "to respect and protect the right to privacy," asserting that the "same rights that people have offline must also be protected online, including the right to privacy." It also requests the U.N. high commissioner for human rights, Navi Pillay, present the U.N. General Assembly next year with a report on the protection and promotion of the right to privacy, a provision that will ensure the issue remains on the front burner.

Publicly, U.S. representatives say they're open to an affirmation of privacy rights. "The United States takes very seriously our international legal obligations, including those under the International Covenant on Civil and Political Rights," Kurtis Cooper, a spokesman for the U.S. mission to the United Nations, said in an email. "We have been actively and constructively negotiating to ensure that the resolution promotes human rights and is consistent with those obligations." But privately, American diplomats are pushing hard to kill a provision of the Brazilian and German draft which states that "extraterritorial surveillance" and mass interception of communications, personal information, and metadata may constitute a violation of human rights. The United States and its allies, according to diplomats, outside observers, and documents, contend that the Covenant on Civil and Political Rights does not apply to foreign espionage.

#news_entries #ad_sharebox_260x60 img {padding:0px;margin:0px} Russ Tice, a former intelligence analyst who in 2005 blew the whistle on what he alleged was massive unconstitutional domestic spying across multiple agencies, claimed Wednesday that the NSA had ordered wiretaps on phones connected to then-Senate candidate Barack Obama in 2004. Speaking on "The Boiling Frogs Show," Tice claimed the intelligence community had ordered surveillance on a wide range of groups and individuals, including high-ranking military officials, lawmakers and diplomats. "Here's the big one ... this was in summer of 2004, one of the papers that I held in my hand was to wiretap a bunch of numbers associated with a 40-something-year-old wannabe senator for Illinois," he said. "You wouldn't happen to know where that guy lives right now would you? It's a big white house in Washington, D.C. That's who they went after, and that's the president of the United States now."

Host Sibel Edmonds and Tice both raised concerns that such alleged monitoring of subjects, unbeknownst to them, could provide the intelligence agencies with huge power to blackmail their targets. "I was worried that the intelligence community now has sway over what is going on," Tice said.

After going public with his allegations in 2005, Tice later admitted that he had been a key source in a bombshell New York Times report that blew the lid off the Bush administration's use of warrantless wiretapping of international communications in the U.S. The article forced Bush to admit that the practice was indeed used on a small number of Americans, but Tice maintained that the NSA practice was likely being used the gather records for millions of Americans. The NSA denied Tice's allegations. In the wake of recent reports detailing the extent of the NSA's data surveillance programs, Tice has again come out as a skeptic of the administration's response. While defenders of the program have insisted that there is nothing to suggest the government has the authority -- or desire -- to listen in on people's phone calls without a warrant, Tice told The Guardian that he believes the NSA has developed the capability "to collect all digital communications word for word."

This week, the Associated Press exposed a secret program run by the U.S. Agency for International Development to create “a Twitter-like Cuban communications network” run through “secret shell companies” in order to create the false appearance of being a privately owned operation. Unbeknownst to the service’s Cuban users was the fact that “American contractors were gathering their private data in the hope that it might be used for political purposes”–specifically, to manipulate those users in order to foment dissent in Cuba and subvert its government. According to top-secret documents published today by The Intercept, this sort of operation is frequently discussed at western intelligence agencies, which have plotted ways to covertly use social media for ”propaganda,” “deception,” “mass messaging,” and “pushing stories.” These ideas–discussions of how to exploit the internet, specifically social media, to surreptitiously disseminate viewpoints friendly to western interests and spread false or damaging information about targets–appear repeatedly throughout the archive of materials provided by NSA whistleblower Edward Snowden. Documents prepared by NSA and its British counterpart GCHQ–and previously published by The Intercept as well as some by NBC News–detailed several of those programs, including a unit devoted in part to “discrediting” the agency’s enemies with false information spread online.

he documents in the archive show that the British are particularly aggressive and eager in this regard, and formally shared their methods with their U.S. counterparts. One previously undisclosed top-secret document–prepared by GCHQ for the 2010 annual “SIGDEV” gathering of the “Five Eyes” surveillance alliance comprising the UK, Canada, New Zealand, Australia, and the U.S.–explicitly discusses ways to exploit Twitter, Facebook, YouTube, and other social media as secret platforms for propaganda.

The document was presented by GCHQ’s Joint Threat Research Intelligence Group (JTRIG). The unit’s self-described purpose is “using online techniques to make something happen in the real or cyber world,” including “information ops (influence or disruption).” The British agency describes its JTRIG and Computer Network Exploitation operations as a “major part of business” at GCHQ, conducting “5% of Operations.” The annual SIGDEV conference, according to one NSA document published today by The Intercept, “enables unprecedented visibility of SIGINT Development activities from across the Extended Enterprise, Second Party and US Intelligence communities.” The 2009 Conference, held at Fort Meade, included “eighty-six representatives from the wider US Intelligence Community, covering agencies as diverse as CIA (a record 50 participants), the Air Force Research Laboratory and the National Air and Space Intelligence Center.” Defenders of surveillance agencies have often insinuated that such proposals are nothing more than pipe dreams and wishful thinking on the part of intelligence agents. But these documents are not merely proposals or hypothetical scenarios. As described by the NSA document published today, the purpose of SIGDEV presentations is “to synchronize discovery efforts, share breakthroughs, and swap knowledge on the art of analysis.”

One system builds profiles showing people’s web browsing histories. Another analyzes instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on “suspicious” Google searches and usage of Google Maps. The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens  all without a court order or judicial warrant.

The power of KARMA POLICE was illustrated in 2009, when GCHQ launched a top-secret operation to collect intelligence about people using the Internet to listen to radio shows. The agency used a sample of nearly 7 million metadata records, gathered over a period of three months, to observe the listening habits of more than 200,000 people across 185 countries, including the U.S., the U.K., Ireland, Canada, Mexico, Spain, the Netherlands, France, and Germany.

GCHQ’s documents indicate that the plans for KARMA POLICE were drawn up between 2007 and 2008. The system was designed to provide the agency with “either (a) a web browsing profile for every visible user on the Internet, or (b) a user profile for every visible website on the Internet.” The origin of the surveillance system’s name is not discussed in the documents. But KARMA POLICE is also the name of a popular song released in 1997 by the Grammy Award-winning British band Radiohead, suggesting the spies may have been fans. A verse repeated throughout the hit song includes the lyric, “This is what you’ll get, when you mess with us.”

Almost 15 years ago, as I was just finishing a book about the relationship between the Net (we called it “cyberspace” then) and civil liberties, a few ideas seemed so obvious as to be banal: First, life would move to the Net. Second, the Net would change as it did so. Gone would be simple privacy, the relatively anonymous default infrastructure for unmonitored communication; in its place would be a perpetually monitored, perfectly traceable system supporting both commerce and the government. That, at least, was the future that then seemed most likely, as business raced to make commerce possible and government scrambled to protect us (or our kids) from pornographers, and then pirates, and now terrorists. But another future was also possible, and this was my third, and only important point: Recognizing these obvious trends, we just might get smart about how code (my shorthand for the technology of the Internet) regulates us, and just possibly might begin thinking smartly about how we could embed in that code the protections that the Constitution guarantees us. Because—and here was the punchline, the single slogan that all 724 people who read that book remember—code is law. And if code is law, then we need to be as smart about how code regulates us as we are about how the law does so.

There is, after all, something hopeful about a future that was smart about encoding our civil liberties. It could, in theory at least, be better. Better at protecting us from future Nixons, better at securing privacy, and better at identifying those keen to commit crime.

But what astonishes me is that today, more than a decade into the 21st century, the world has remained mostly oblivious to these obvious points about the relationship between law and code. That’s the bit in the Edward Snowden interview that is, to me, the most shocking. As he explained to Glenn Greenwald: The NSA specially targets the communications of everyone. It ingests them by default. It collects them in its system, and it filters them and it analyzes them and it measures them and it stores them for periods of time simply because that’s the easiest and the most efficient and most valuable way to achieve these ends ... Not all analysts have the ability to target everything. But I sitting at my desk certainly had the authority to wiretap anyone—from you [the reporter, Glenn Greenwald], to your accountant, to a federal judge, to even the president if I had a personal email. We don’t know yet whether Snowden is telling the truth. Lots of people have denied specifics, and though his interview is compelling, just now, we literally don’t know. But what we do know are the questions that ought to be asked in response to his claims. And specifically, this: Is it really the case that the government has entrusted our privacy to the good judgment of private analysts? Are there really no code-based controls for assuring that specific surveillance is specifically justified? And what is the technology for assuring that rogues paid by our government can’t use data collected by our government for purposes that none within our government would openly and publicly defend?

We have a problem when it comes to stopping mass surveillance.  The entity that’s conducting the most extreme and far-reaching surveillance against most of the world’s communications—the National Security Agency—is bound by United States law.  That’s good news for Americans. U.S. law and the Constitution protect American citizens and legal residents from warrantless surveillance. That means we have a very strong legal case to challenge mass surveillance conducted domestically or that sweeps in Americans’ communications.  Similarly, the United States Congress is elected by American voters. That means Congressional representatives are beholden to the American people for their jobs, so public pressure from constituents can help influence future laws that might check some of the NSA’s most egregious practices. But what about everyone else? What about the 96% of the world’s population who are citizens of other countries, living outside U.S. borders. They don't get a vote in Congress. And current American legal protections generally only protect citizens, legal residents, or those physically located within the United States. So what can EFF do to protect the billions of people outside the United States who are victims of the NSA’s spying?

For years, we’ve been working on a strategy to end mass surveillance of digital communications of innocent people worldwide. Today we’re laying out the plan, so you can understand how all the pieces fit together—that is, how U.S. advocacy and policy efforts connect to the international fight and vice versa. Decide for yourself where you can get involved to make the biggest difference. This plan isn’t for the next two weeks or three months. It’s a multi-year battle that may need to be revised many times as we better understand the tools and authorities of entities engaged in mass surveillance and as more disclosures by whistleblowers help shine light on surveillance abuses.

“Is this related to what we talked about before?” Bencsáth said, referring to a previous discussion they’d had about testing new services the company planned to offer customers. “No, something else,” Bartos said. “Can you come now? It’s important. But don’t tell anyone where you’re going.” Bencsáth wolfed down the rest of his lunch and told his colleagues in the lab that he had a “red alert” and had to go. “Don’t ask,” he said as he ran out the door. A while later, he was at Bartos’ office, where a triage team had been assembled to address the problem they wanted to discuss. “We think we’ve been hacked,” Bartos said.

They found a suspicious file on a developer’s machine that had been created late at night when no one was working. The file was encrypted and compressed so they had no idea what was inside, but they suspected it was data the attackers had copied from the machine and planned to retrieve later. A search of the company’s network found a few more machines that had been infected as well. The triage team felt confident they had contained the attack but wanted Bencsáth’s help determining how the intruders had broken in and what they were after. The company had all the right protections in place—firewalls, antivirus, intrusion-detection and -prevention systems—and still the attackers got in.

Bencsáth was a teacher, not a malware hunter, and had never done such forensic work before. At the CrySyS Lab, where he was one of four advisers working with a handful of grad students, he did academic research for the European Union and occasional hands-on consulting work for other clients, but the latter was mostly run-of-the-mill cleanup work—mopping up and restoring systems after random virus infections. He’d never investigated a targeted hack before, let alone one that was still live, and was thrilled to have the chance. The only catch was, he couldn’t tell anyone what he was doing. Bartos’ company depended on the trust of customers, and if word got out that the company had been hacked, they could lose clients. The triage team had taken mirror images of the infected hard drives, so they and Bencsáth spent the rest of the afternoon poring over the copies in search of anything suspicious. By the end of the day, they’d found what they were looking for—an “infostealer” string of code that was designed to record passwords and other keystrokes on infected machines, as well as steal documents and take screenshots. It also catalogued any devices or systems that were connected to the machines so the attackers could build a blueprint of the company’s network architecture. The malware didn’t immediately siphon the stolen data from infected machines but instead stored it in a temporary file, like the one the triage team had found. The file grew fatter each time the infostealer sucked up data, until at some point the attackers would reach out to the machine to retrieve it from a server in India that served as a command-and-control node for the malware.

PARIS (AP) — A leading French newspaper says France's intelligence services have put in place a giant electronic surveillance gathering network.Citing no sources, the Le Monde daily says France's Direction Generale de la Securite Exterieure, the country's foreign intelligence agency, systematically collects information about all electronic data sent by computers and telephones in France, as well as communications between France and abroad.

According to Le Monde, data on "all e-mails, SMSs, telephone calls, Facebook and Twitter posts" are collected and stored in a massive three-floor underground bunker at the DGSE's headquarters in Paris. The paper specified that it is the communications' metadata — such as when was call was made and where an author was when she sent an email — that is being archived, not their content.Officials at the DGSE did not answer phone calls or emails seeking comment Thursday.The vast archive, which Le Monde says amounts to tens of millions of gigabytes, is accessible to France's other spy agencies, including military intelligence, domestic intelligence, Paris police and a special financial crimes task force.

Le Monde compared the French digital dragnet to PRISM, the U.S. National Security Agency program which has most caught the imagination of Internet users. But PRISM appears aimed at allowing U.S. spies to peel data off the servers of Silicon Valley firms — whereas the program described in Le Monde appears to be fed through the mass interception of electronic data bouncing across the world.Also, PRISM can apparently be used to collect content, not just metadata.Le Monde said the French surveillance program relies on spy satellites, listening stations in French overseas territories or former colonies such as Mayotte or Djibouti, and information harvested from undersea cables — all three of which are methods long familiar to the NSA.A French lawmaker played down the report, saying France's surveillance gathering system is not comparable with the NSA's.Patricia Adam, a lawmaker who until last year headed parliament's intelligence committee, said French spies "are line fishing, not trawling" the vast oceans of data thrown up by mobile phones, emails and Internet communication.

Glenn Greenwald, the Guardian journalist who Snowden first contacted in February, told The Daily Beast on Tuesday that Snowden “has taken extreme precautions to make sure many different people around the world have these archives to insure the stories will inevitably be published.” Greenwald added that the people in possession of these files “cannot access them yet because they are highly encrypted and they do not have the passwords.” But, Greenwald said, “if anything happens at all to Edward Snowden, he told me he has arranged for them to get access to the full archives.” The fact that Snowden has made digital copies of the documents he accessed while working at the NSA poses a new challenge to the U.S. intelligence community that has scrambled in recent days to recover them and assess the full damage of the breach. Even if U.S. authorities catch up with Snowden and the four classified laptops the Guardian reported he brought with him to Hong Kong the secrets Snowden hopes to expose will still likely be published.

A former U.S. counterintelligence officer following the Snowden saga closely said his contacts inside the U.S. intelligence community “think Snowden has been planning this for years and has stashed files all over the Internet.” This source added, “At this point there is very little anyone can do about this.” The arrangement to entrust encrypted archives of his files with others also sheds light on a cryptic statement Snowden made on June 17 during a live chat with The Guardian. In the online session he said, “All I can say right now is the U.S. government is not going to be able to cover this up by jailing or murdering me. Truth is coming, and it cannot be stopped.”

However, Greenwald said that in his dealings with Snowden the 30-year-old systems administrator was adamant that he and his newspaper go through the document and only publish what served the public’s right to know. “Snowden himself was vehement from the start that we do engage in that journalistic process and we not gratuitously publish things,” Greenwald said. “I do know he was vehement about that. He was not trying to harm the U.S. government; he was trying to shine light on it.” Greenwald said Snowden for example did not wish to publicize information that gave the technical specifications or blueprints for how the NSA constructed its eavesdropping network. “He is worried that would enable other states to enhance their security systems and monitor their own citizens.” Greenwald also said Snowden did not wish to repeat the kinds of disclosures made famous a generation ago by former CIA spy, Philip Agee—who published information after defecting to Cuba that outed undercover CIA officers. “He was very insistent he does not want to publish documents to harm individuals or blow anyone’s undercover status,” Greenwald said. He added that Snowden told him, “Leaking CIA documents can actually harm people, whereas leaking NSA documents can harm systems.”

The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.

The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.

The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.

Recent revelations about the extent of surveillance by the U.S. National Security Agency come as no surprise to those with a technical background in the workings of digital communications. The leaked documents show how the NSA has taken advantage of the increased use of digital communications and cloud services, coupled with outdated privacy laws, to expand and streamline their surveillance programs. This is a predictable response to the shrinking cost and growing efficiency of surveillance brought about by new technology. The extent to which technology has reduced the time and cost necessary to conduct surveillance should play an important role in our national discussion of this issue.

What we have learned about the NSA’s capabilities suggests a move toward programmatic, automated surveillance previously unfathomable due to limitations of computing speed, scale, and cost. Technical advances have both reduced the barriers to surveillance and increased the NSA’s capacity for it. We need to remember that this is a trend with a firm lower bound. Once the cost of surveillance reaches zero we will be left with our outdated laws as the only protection. Whatever policy actions are taken as a result of the recent leaks should address the fact that technical barriers such as cost and speed offer dwindling protection from unwarranted government surveillance domestically and abroad.

The Senate intelligence committee voted Tuesday to adopt a major cybersecurity bill that critics fear will give the National Security Agency even wider access to American data than it already has.Observers said the bill, approved by a 12 to 3 vote in a meeting closed to the public, would face a difficult time passing the full Senate, considering both the shortened legislative calendar in an election year and the controversy surrounding surveillance.But the bill is a priority of current and former NSA directors, who warn that private companies’ vulnerability to digital sabotage and economic data exfiltration will get worse without it.Pushed by Dianne Feinstein and Saxby Chambliss, the California Democrat and Georgia Republican who lead the committee, the bill would remove legal obstacles that block firms from sharing information "in real time" about cyber-attacks and prevention or mitigation measures with one another and with the US government.

Worrying civil libertarians is that the NSA and its twin military command, US Cyber Command, would receive access to vast amounts of data, and privacy guidelines for the handling of that data are yet to be developed.A draft of the bill released in mid-June would permit government agencies to share, retain and use the information for "a cybersecurity purpose" – defined as "the purpose of protecting an information system or information that is stored on, processed by or transiting an information system from a cybersecurity threat or security vulnerability" – raising the prospect of the NSA stockpiling a catalogue of weaknesses in digital security, as a recent White House data-assurance policy permits.It would also prevent participating companies from being sued for sharing data with each other and the government, even though many companies offer contract terms of service prohibiting the sharing of client or customer information without explicit consent.

But digital rights advocates warn that the measure will give the government, including the NSA, access to more information than just that relating to cyberthreats, potentially creating a new avenue for broad governmental access to US data even as Congress and the Obama administration contemplate restricting the NSA's domestic collection.The bill contains "catch-all provisions that would allow for the inclusion of a lot more than malicious code. It could include the content of communications. That's one of the biggest concerns," said Gabriel Rottman, an attorney with the American Civil Liberties Union.Provisions in the bill are intended to protect American privacy on the front end by having participating companies strike "indicators … known to be personal information of or identifying a United States person" before the government sees it, but the draft version leaves specific guidelines for privacy protection up to the attorney general."Nobody knows whether the flow from the private sector will be a trickle or a river or an ocean. The bill contemplates an ocean, and that's what worries us," said Greg Nojeim of the Center for Democracy and Technology.

The National Security Agency routinely shares raw intelligence data with Israel without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals.Details of the intelligence-sharing agreement are laid out in a memorandum of understanding between the NSA and its Israeli counterpart that shows the US government handed over intercepted communications likely to contain phone calls and emails of American citizens. The agreement places no legally binding limits on the use of the data by the Israelis.The disclosure that the NSA agreed to provide raw intelligence data to a foreign country contrasts with assurances from the Obama administration that there are rigorous safeguards to protect the privacy of US citizens caught in the dragnet. The intelligence community calls this process "minimization", but the memorandum makes clear that the information shared with the Israelis would be in its pre-minimized state.

The deal was reached in principle in March 2009, according to the undated memorandum, which lays out the ground rules for the intelligence sharing.The five-page memorandum, termed an agreement between the US and Israeli intelligence agencies "pertaining to the protection of US persons", repeatedly stresses the constitutional rights of Americans to privacy and the need for Israeli intelligence staff to respect these rights.But this is undermined by the disclosure that Israel is allowed to receive "raw Sigint" – signal intelligence. The memorandum says: "Raw Sigint includes, but is not limited to, unevaluated and unminimized transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadata and content."According to the agreement, the intelligence being shared would not be filtered in advance by NSA analysts to remove US communications. "NSA routinely sends ISNU [the Israeli Sigint National Unit] minimized and unminimized raw collection", it says.

In a statement to the Guardian, an NSA spokesperson did not deny that personal data about Americans was included in raw intelligence data shared with the Israelis. But the agency insisted that the shared intelligence complied with all rules governing privacy."Any US person information that is acquired as a result of NSA's surveillance activities is handled under procedures that are designed to protect privacy rights," the spokesperson said.The NSA declined to answer specific questions about the agreement, including whether permission had been sought from the Foreign Intelligence Surveillance (Fisa) court for handing over such material.

Today, the US House of Representatives passed an amendment to the Defense Appropriations bill designed to cut funding for NSA backdoors. The amendment passed overwhelmingly with strong bipartisan support: 293 ayes, 123 nays, and 1 present. Currently, the NSA collects emails, browsing and chat history under Section 702 of the FISA Amendments Act, and searches this information without a warrant for the communications of Americans—a practice known as "backdoor searches." The amendment would block the NSA from using any of its funding from this Defense Appropriations Bill to conduct such warrantless searches. In addition, the amendment would prohibit the NSA from using its budget to mandate or request that private companies and organizations add backdoors to the encryption standards that are meant to keep you safe on the web. Mark Rumold, staff attorney for the Electronic Frontier Foundation, stated:

Tonight, the House of Representatives took an important first step in reining in the NSA. The House voted overwhelmingly to cut funding for two of the NSA's invasive surveillance practices: the warrantless searching of Americans' international communications, and the practice of requiring companies to install vulnerabilities in communications products or services. We applaud the House for taking this important first step, and we look forward to other elected officials standing up for our right to privacy. Digital rights organizations, including EFF, strongly supported the amendment. We and other organizations—including Free Press, Fight for the Future, Demand Progress, and Taskforce.is—helped to organize a grassroots campaign to promote the amendment. The day before the vote, we urged friends and members to call their members of Congress through the website ShuttheBackDoor.net. Thousands responded to the call to action. We extend our heartfelt thanks to everyone who spoke out on this issue. This is a great day in the fight to rein in NSA surveillance abuses, and we hope Congress will work to ensure this amendment is in the final version of the appropriations bill that is enacted.

William Binney is one of the highest-level whistleblowers to ever emerge from the NSA. He was a leading code-breaker against the Soviet Union during the Cold War but resigned soon after September 11, disgusted by Washington’s move towards mass surveillance.On 5 July he spoke at a conference in London organised by the Centre for Investigative Journalism and revealed the extent of the surveillance programs unleashed by the Bush and Obama administrations.

“At least 80% of fibre-optic cables globally go via the US”, Binney said. “This is no accident and allows the US to view all communication coming in. At least 80% of all audio calls, not just metadata, are recorded and stored in the US. The NSA lies about what it stores.”The NSA will soon be able to collect 966 exabytes a year, the total of internet traffic annually. Former Google head Eric Schmidt once argued that the entire amount of knowledge from the beginning of humankind until 2003 amount to only five exabytes.Binney, who featured in a 2012 short film by Oscar-nominated US film-maker Laura Poitras, described a future where surveillance is ubiquitous and government intrusion unlimited.“The ultimate goal of the NSA is total population control”, Binney said, “but I’m a little optimistic with some recent Supreme Court decisions, such as law enforcement mostly now needing a warrant before searching a smartphone.”

It shows that the NSA is not just pursuing terrorism, as it claims, but ordinary citizens going about their daily communications. “The NSA is mass-collecting on everyone”, Binney said, “and it’s said to be about terrorism but inside the US it has stopped zero attacks.”The lack of official oversight is one of Binney’s key concerns, particularly of the secret Foreign Intelligence Surveillance Court (Fisa), which is held out by NSA defenders as a sign of the surveillance scheme's constitutionality.“The Fisa court has only the government’s point of view”, he argued. “There are no other views for the judges to consider. There have been at least 15-20 trillion constitutional violations for US domestic audiences and you can double that globally.”