Group items tagged

Earlier today, FBI Director James Comey implied that a broad coalition of technology companies, trade associations, civil society groups, and security experts were either uninformed or were not “fair-minded” in a letter they sent to the President yesterday urging him to reject any legislative proposals that would undermine the adoption of strong encryption by US companies. The letter was signed by dozens of organizations and companies in the latest part of the debate over whether the government should be given built-in access to encrypted data (see, for example, here, here, here, and here for previous iterations). The comments were made at the Third Annual Cybersecurity Law Institute held at Georgetown University Law Center. The transcript of his encryption-related discussion is below (emphasis added).

Increasingly, communications at rest sitting on a device or in motion are encrypted. The device is encrypted or the communication is encrypted and therefore unavailable to us even with a court order. So I make a showing of probable cause to a judge in a criminal case or in an intelligence case to the Foreign Intelligence Surveillance Court judge that the content of a particular defense or a particular communication stream should be collected to our statutory authority, and the judge approves, increasingly we are finding ourselves unable to read what we find or we’re unable to open a device. And that is a serious concern. I am actually — I think encryption is a good thing. I think there are tremendous societal benefits to encryption. That’s one of the reasons the FBI tells people not only lock your cars, but you should encrypt things that are important to you to make it harder for thieves to take them.

A group of tech companies and some prominent folks wrote a letter to the President yesterday that I frankly found depressing. Because their letter contains no acknowledgment that there are societal costs to universal encryption. Look, I recognize the challenges facing our tech companies. Competitive challenges, regulatory challenges overseas, all kinds of challenges. I recognize the benefits of encryption, but I think fair-minded people also have to recognize the costs associated with that. And I read this letter and I think, “Either these folks don’t see what I see or they’re not fair-minded.” And either one of those things is depressing to me. So I’ve just got to continue to have the conversation. I don’t know the answer, but I don’t think a democracy should drift to a place where suddenly law enforcement people say, “Well, actually we — the Fourth Amendment is an awesome thing, but we actually can’t access any information.”

And so another historic scandal involving the manipulation and rigging of one of the most important global markets, that of Libor which is the reference security for several hundred trillion in derivatives, goes in the history books. Moments ago the NY Department for Financial Services announced that Deutsche Bank would pay $2.5 billion "in connection with the manipulation of the benchmark interest rates, including the London Interbank Offered Bank ("LIBOR"), the Euro Interbank Offered Rate ("EURIBOR") and Euroyen Tokyo Interbank Offered Rate ("TIBOR") (collectively, "IBOR")." According to FT calculations, "this is the largest fine to date in the sprawling worldwide Libor investigation" and beneficiaries of DB's criminal generosity include New York State Department of Financial Services (NYDFS) which will get $600 million, $775 million go to the U.S. Department of Justice (DOJ), and 227 million GBP (approximately $340 million) to the United Kingdom’s Financial Conduct Authority (FCA). Best of all $800 million will end up in the bank accounts oi the Commodities Futures Trading Commission (CFTC), the same CFTC which can now afford to upgrade from ticker tape and actually have some sense of the pervasive manipulation taking place in the S&P on a daily basis.

Most importantly for DB's 98,138 employees is that while DB will "terminate and ban individual employees who engaged in misconduct" nobody will go to jail. Again. In other words it just cost DB's about $25,474 per employee to keep its Libor-manipulating employees (and thus, senior level management because the stench always goes to the very top) out of prison. Considering it has cost JPMorgan $150,000 per employee to achieve the same result, here again we see that famous German efficiency in action.

To view a copy of the NYDFS order regarding Deutsche Bank, please visit, link.

As Washington weighs new cybersecurity steps amid a public backlash over mass surveillance, U.S. tech companies warned President Barack Obama not to weaken increasingly sophisticated encryption systems designed to protect consumers' privacy.In a strongly worded letter to Obama on Monday, two industry associations for major software and hardware companies said, "We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool."The Information Technology Industry Council and the Software and Information Industry Association, representing tech giants, including Apple Inc, Google Inc, Facebook Inc, IBM and Microsoft Corp, fired the latest salvo in what is shaping up to be a long fight over government access into smart phones and other digital devices.

A new study says that the U.S. tech industry is likely to lose more than $35 billion from foreign customers by 2016 because of concerns over government surveillance.“In short, foreign customers are shunning U.S. companies,” the authors of a new study from the Information Technology and Innovation Foundation write.ADVERTISEMENT“The U.S. government’s failure to reform many of the NSA’s surveillance programs has damaged the competitiveness of the U.S. tech sector and cost it a portion of the global market share,” they said.The think tank’s report found that the cost to the tech sector associated with ongoing concerns over surveillance programs run out of the U.S. was likely to “far exceed” $35 billion by 2016, an earlier estimate set by the group.

The group said that lawmakers must enact additional reforms to surveillance policy if they wish to help the tech sector regain the trust of foreign customers. That includes opposing “backdoors,” which allow law enforcement to access otherwise encrypted data, and signing off on trade agreements, including the controversial Trans-Pacific Partnership, that “ban digital protectionism.”The study’s authors found that the revelations about broad U.S. surveillance programs acted as a justification for foreign policymakers to enact protectionist policies aimed at aiding their own domestic technology sectors.Foreign companies have also used the information about U.S. surveillance programs to their advantage.“Some European companies have begun to highlight where their digital services are hosted as an alternative to U.S. companies,” the authors write.

American companies, they found, have lost contracts to foreign competitors over fears about mass surveillance.Earlier this month, President Obama signed the USA Freedom Act, a bill that reformed the three Patriot Act provisions that authorized the bulk, warrantless collection of Americans’ phone records. The bill was widely supported by technology companies, including giants like Apple and Google.

John Kerry, the US secretary of state, conceded on Thursday that some of the country's surveillance activities had gone too far, saying that certain practices had occurred "on autopilot" without the knowledge of senior officials in the Obama administration.In the most stark comments yet by a senior administration official, Kerry promised that a previously announced review of surveillance practices would be thorough and that some activities would end altogether."The president and I have learned of some things that have been happening in many ways on an automatic pilot, because the technology is there and the ability is there," he told a conference in London via video link."In some cases, some of these actions have reached too far and we are going to try to make sure it doesn't happen in the future."

In recent days, the Obama administration has put some distance between it and the National Security Agency (NSA). Kerry's comments are a reflection in particular of a concern about the diplomatic fallout from the revelation that the US monitored the cellphone of the German chancellor, Angela Merkel.The tactic has irritated senior intelligence officials. On Thursday evening, the director of the NSA, General Keith Alexander, blamed US diplomats for requests to place foreign leaders under surveillance.During a pointed exchange with a former US ambassador to Romania, James Carew Rosapepe, Alexander said: "We, the intelligence agencies, don't come up with the requirements. The policy-makers come up with the requirements."He added: "One of those groups would have been, let me think, hold on, oh: ambassadors."

Alexander said that the NSA collected information when it was asked by policy officials to discover the "leadership intentions" of foreign countries. "If you want to know leadership intentions, these are the issues," he said at a discussion hosted by the Baltimore Council on Foreign Relations.Earlier in Washington, the debate continued about whether further legal constraints should be placed on the NSA. The Senate intelligence committee approved a bill that placed largely cosmetic restrictions on the National Security Agency's domestic surveillance programme.The bill, sponsored by committee chairwoman Dianne Feinstein, a California Democrat, allows the NSA continue to collect phone metadata of millions of Americans for renewable 90-day periods, but orders it to be more transparent about the practice.

The Irish High Court has ordered a review of the decision by the Office of the Data Protection Commissioner (ODPC) not to investigate Facebook’s links To PRISM and the US National Security Agency (NSA), after it was contested by a group of law students from Austria. The group calling itself ‘Europe-v-Facebook’ had previously demanded a full investigation into the relationship between Internet companies and the US intelligence agency as it accuses Facebook of breaking the law in supplying NSA with personal information about its European users.

The Irish High Court has ordered a review of the decision by the Office of the Data Protection Commissioner (ODPC) not to investigate Facebook’s links To PRISM and the US National Security Agency (NSA), after it was contested by a group of law students from Austria. The group calling itself ‘Europe-v-Facebook’ had previously demanded a full investigation into the relationship between Internet companies and the US intelligence agency as it accuses Facebook of breaking the law in supplying NSA with personal information about its European users.

The Irish High Court has ordered a review of the decision by the Office of the Data Protection Commissioner (ODPC) not to investigate Facebook’s links To PRISM and the US National Security Agency (NSA), after it was contested by a group of law students from Austria. The group calling itself ‘Europe-v-Facebook’ had previously demanded a full investigation into the relationship between Internet companies and the US intelligence agency as it accuses Facebook of breaking the law in supplying NSA with personal information about its European users.

In the last few months, several government officials, led by the FBI’s Director James Comey, have been complaining that the rise of encryption technologies would lead to a “very dark place” where cops and feds can’t fight and stop criminals. But new numbers released by the US government seem to contradict this doomsday scenario. In 2014, encryption thwarted four wiretaps out of 3,554, according to an annual report published on Wednesday by the US agency that oversees federal courts. The report reveals that state law enforcement agencies encountered encryption in 22 wiretaps last year. Out of those, cops were foiled on only two occasions. As for the feds, they encountered encryption in just three wiretaps, and could not decipher the intercepted communications in two of them.

In fact, cops found less encryption last year than in the year prior. In 2013, state authorities encountered encryption in 41 cases, versus 22 in 2014. At the federal level, there were three cases of encryption in 2014, against none in 2013. (The report also refers to five federal wiretaps conducted in “previous years” but only reported in 2014. Of those, the feds were able to crack the communications in four of the five.)

So far, the FBI has yet to put forth a valid example where encryption really thwarted an investigation. In fact, some of the examples cited by Comey have been debunked in media reports.

Behind the public admonishment of the National Security Agency’s spying techniques, Germany has been secretly in cahoots with the intelligence agency. The country’s national intelligence agency, Office for the Protection of the Constitution, arranged to share surveillance data with the NSA in exchange for high-powered spyware that excavated citizens’ chat and browser histories, and webcam photos, according to a German media report. Some German officials have claimed ignorance of the arrangement. Former data protection commissioner Peter Schaar told Die Zeit, the German newspaper that broke the story, he “knew nothing about such an exchange deal” during his 10-year tenure heading the agency — a deal that gave the spy agencies the ability to siphon data on every move a user makes online.

The Court of Justice of the European Union heard arguments in March for a case against Apple, Facebook, Microsoft, and Yahoo, which accused the companies of violating Europeans privacy by sending private data to the NSA. The case could determine whether and under what conditions American tech companies can operate overseas — by adhering to strict privacy laws, which companies such as Facebook previously indicated as an untenable option. The court admitted in opening arguments that current law regarding transatlantic data transfers didn’t protect citizens from foreign spying. In response, the European Commission’s lead attorney Bernhard Schima said, “You might consider closing your Facebook account if you have one.”

An elite group of security technologists has concluded that the American and British governments cannot demand special access to encrypted communications without putting the world’s most confidential data and critical infrastructure in danger.A new paper from the group, made up of 14 of the world’s pre-eminent cryptographers and computer scientists, is a formidable salvo in a skirmish between intelligence and law enforcement leaders, and technologists and privacy advocates. After Edward J. Snowden’s revelations — with security breaches and awareness of nation-state surveillance at a record high and data moving online at breakneck speeds — encryption has emerged as a major issue in the debate over privacy rights.

That has put Silicon Valley at the center of a tug of war. Technology companies including Apple, Microsoft and Google have been moving to encrypt more of their corporate and customer data after learning that the National Security Agency and its counterparts were siphoning off digital communications and hacking into corporate data centers.

Yet law enforcement and intelligence agency leaders argue that such efforts thwart their ability to monitor kidnappers, terrorists and other adversaries. In Britain, Prime Minister David Cameron threatened to ban encrypted messages altogether. In the United States, Michael S. Rogers, the director of the N.S.A., proposed that technology companies be required to create a digital key to unlock encrypted data, but to divide the key into pieces and secure it so that no one person or government agency could use it alone.The encryption debate has left both sides bitterly divided and in fighting mode. The group of cryptographers deliberately issued its report a day before James B. Comey Jr., the director of the Federal Bureau of Investigation, and Sally Quillian Yates, the deputy attorney general at the Justice Department, are scheduled to testify before the Senate Judiciary Committee on the concerns that they and other government agencies have that encryption technologies will prevent them from effectively doing their jobs.

Just as it seems the White House is close to finally announcing its policy on encryption - the FBI has been pushing for tech companies like Apple and Google to insert backdoors into their phones so the US government can always access users’ data - new Snowden revelations and an investigation by a legendary journalist show exactly why the FBI’s plans are so dangerous. One of the biggest arguments against mandating backdoors in encryption is the fact that, even if you trust the United States government never to abuse that power (and who does?), other criminal hackers and foreign governments will be able to exploit the backdoor to use it themselves. A backdoor is an inherent vulnerability that other actors will attempt to find and try to use it for their own nefarious purposes as soon as they know it exists, putting all of our cybersecurity at risk. In a meticulous investigation, longtime NSA reporter James Bamford reported at the Intercept Tuesday that the NSA was behind the notorious “Athens Affair”. In surveillance circles, the Athens Affair is stuff of legend: after the 2004 Olympics, the Greek government discovered that an unknown attacker had hacked into Vodafone’s “lawful intercept” system, the phone company’s mechanism of wiretapping phone calls. The attacker spied on phone calls of the president, other Greek politicians and journalists before it was discovered. According to Bamford’s story, all this happened after the US spy agency cooperated with Greek law enforcement to keep an eye on potential terrorist attacks for the Olympics. Instead of packing up their surveillance gear, they covertly pointed it towards the Greek government and its people. But that’s not all: according to Snowden documents that Bamford cited, this is a common tactic of the NSA. They often attack the “lawful intercept” systems in other countries to spy on government and citizens without their knowledge:

Exploiting the weaknesses associated with lawful intercept programs was a common trick for NSA. According to a previously unreleased top-secret PowerPoint presentation from 2012, titled “Exploiting Foreign Lawful Intercept Roundtable”, the agency’s “countries of interest” for this work included, at that time, Mexico, Indonesia, Egypt and others. The presentation also notes that NSA had about 60 “Fingerprints” — ways to identify data — from telecom companies and industry groups that develop lawful intercept systems, including Ericsson, as well as Motorola, Nokia and Siemens. It’s the exact nightmare scenario security experts have warned about when it comes to backdoors: they are not only available to those that operate them “legally”, but also to those who can hack into them to spy without anyone’s knowledge. If the NSA can do it, so can China, Russia and a host of other malicious actors.

Europe’s highest court on Tuesday struck down an international agreement that allowed companies to move digital information like people’s web search histories and social media updates between the European Union and the United States. The decision left the international operations of companies like Google and Facebook in a sort of legal limbo even as their services continued working as usual.The ruling, by the European Court of Justice, said the so-called safe harbor agreement was flawed because it allowed American government authorities to gain routine access to Europeans’ online information. The court said leaks from Edward J. Snowden, the former contractor for the National Security Agency, made it clear that American intelligence agencies had almost unfettered access to the data, infringing on Europeans’ rights to privacy. The court said data protection regulators in each of the European Union’s 28 countries should have oversight over how companies collect and use online information of their countries’ citizens. European countries have widely varying stances towards privacy.

Data protection advocates hailed the ruling. Industry executives and trade groups, though, said the decision left a huge amount of uncertainty for big companies, many of which rely on the easy flow of data for lucrative businesses like online advertising. They called on the European Commission to complete a new safe harbor agreement with the United States, a deal that has been negotiated for more than two years and could limit the fallout from the court’s decision.

Some European officials and many of the big technology companies, including Facebook and Microsoft, tried to play down the impact of the ruling. The companies kept their services running, saying that other agreements with the European Union should provide an adequate legal foundation.But those other agreements are now expected to be examined and questioned by some of Europe’s national privacy watchdogs. The potential inquiries could make it hard for companies to transfer Europeans’ information overseas under the current data arrangements. And the ruling appeared to leave smaller companies with fewer legal resources vulnerable to potential privacy violations.

Ahead of Thursday’s US House vote on a bill sold as reform of a major US government spying program, top technology firms like Google have joined civil liberties and privacy groups in calling the legislation inadequate in fighting mass surveillance. The Reform Government Surveillance coalition – AOL, Apple, Dropbox, Facebook, Google, LinkedIn, Microsoft, Twitter, and Yahoo – offered a statement on Wednesday denouncing the USA Freedom Act as a weak attempt at ending the government’s bulk storage of domestic phone metadata.

The USA Freedom Act would take the mass storage of phone records away from the government. Instead, telecommunications companies would be required to store the data. The bill would require the National Security Agency to get approval to search the telecoms’ cache of records from the often-compliant Foreign Intelligence Surveillance Court. Last-minute changes to the bill rankled privacy groups on Tuesday, leading many of them to decry the backdoor dealings as responsible for a “weakened,” “watered down” bill compared to what had previously passed the House Judiciary and Intelligence Committees earlier this month. On Wednesday, the tech coalition echoed these concerns, calling the amended legislation a move “in the wrong direction” of needed reform regarding mass surveillance. "The latest draft opens up an unacceptable loophole that could enable the bulk collection of Internet users' data," the coalition said. "While it makes important progress, we cannot support this bill as currently drafted and urge Congress to close this loophole to ensure meaningful reform." The loophole referred to by the coalition pertains to the USA Freedom Act’s definition for how and when government officials can search collected phone metadata records.

The new language – approved by House leaders and the Obama administration in recent days – modifies the prohibitions on bulk collection of domestic data to allow government officials to search for Americans’ phone records using a “a discrete term, such as a term specifically identifying a person, entity, account, address, or device, used by the Government to limit the scope of the information or tangible things sought.” This revised standard for the USA Freedom Act’s reform of surveillance is too broad and leaves privacy protections at risk, civil liberties groups said on Tuesday. In addition, the legislation’s new language also weakens the bill’s transparency provisions which outlined how much technology companies can disclose to customers about the extent of government requests of user data.

When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept. We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”

The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. Hacking Team’s efforts include a visible push into the U.S. Though Remote Control System is sold around the world — suspected clients include small governments in dozens of countries, from Ethiopia to Kazakhstan to Saudi Arabia to Mexico to Oman — the company keeps one of its three listed worldwide offices in Annapolis, Maryland, on the edge of the federal intelligence and law-enforcement cluster around the nation’s capital; has sent representatives to American homeland security trade shows and conferences, where it has led training seminars like “Cyber Intelligence Solutions to Data Encryption” for police; and has even taken an investment from a firm headed by America’s former ambassador to Italy. The United States is also, according to two separate research teams, far and away Hacking Team’s top nexus for servers, hosting upwards of 100 such systems, roughly a fifth of all its servers globally.

You may recall, from the dark days of Abu Ghraib, that there was a batch of photos that was never released—images the Pentagon deemed so inflammatory that they needed to stay under wraps. The ones we saw were disturbing enough: the piles of naked Iraqi prisoners, the soldier giving a thumbs up next to an ice-packed corpse, the prisoners being menaced by dogs. And who can forget that iconic shot of a hooded man (his name is Ali Shalil Qaissi), standing on a box in a shower with wires attached to his fingers—a mock execution. There are as many as 2,100 additional images, according to the ACLU, which sued the government in 2004 demanding their release. President Obama has resisted the legal efforts, noting in a statement that to make the photos public would "impact the safety of our troops." Newsweek's Lauren Walker nicely summarizes the developments so far, some of which my colleague Nick Baumann has also covered, so here's the upshot: In August, a federal judge gave the administration an ultimatum: either release the photos or provide evidence for each image explaining why publishing it would be detrimental to national security. On December 19, the administration indicated that it would take the latter course, and a hearing on the new evidence has been set for January 20.

Because the concealed images, the ACLU told Newsweek, aren't simply more examples of abuse: "One of the reasons we’ve been fighting for so long for these photographs is because the official narrative following the disclosure of the Abu Ghraib photos was that those abuses were the result of a few bad apples," says Alex Abdo, an ACLU staff attorney working on the case since 2005. "These photographs come from at least seven different detention facilities throughout Afghanistan and Iraq.... We think this would once and for all end the myth that the abuse that took place at Abu Ghraib was an aberration," he says. "It was essentially official policy. It was widespread at different facilities under different commanders."

Consider this exchange between Stanford psychologist Phil Zimbardo and former Staff Sgt. Ivan "Chip" Frederick, who got an eight-year prison sentence for his role in the Abu Ghraib horrorshow. (He was the guy who staged the mock execution.) The interview is from Zimbardo's 2007 book, The Lucifer Effect, which is about how good people placed in bad situations end up doing abhorrent things.

Britain’s domestic intelligence chief has demanded greater authority for spies to help fight the threat of Islamist extremism, a sign that the attack on a satirical newspaper in Paris is likely to sharpen the security-versus-privacy debate in Western countries.Andrew Parker, the director general of MI5, said militants were planning attacks in Britain similar to the one that killed 12 people at the newspaper, Charlie Hebdo.

Amid a backlash against digital surveillance after disclosures by the former National Security Agency contractor Edward J. Snowden in 2013, Mr. Parker said there was a growing imbalance between the number of terrorist plots against Britain and the ability of spies to track their communications. Continue reading the main story Related Coverage Charlie Hebdo Suspects Dead in Raid; Hostage Taker in Paris Is Also KilledJAN. 9, 2015 Why Reams of Intelligence Did Not Thwart the Paris AttacksJAN. 9, 2015 Speaking at MI5 headquarters late on Thursday, he warned against an atmosphere in which privacy was “so absolute and sacrosanct that terrorists and others who mean us harm can confidently operate from behind those walls without fear of detection.”

“If we are to do our job, MI5 will continue to need to be able to penetrate their communications as we have always done,” he said. “That means having the right tools, legal powers and the assistance of companies which hold relevant data.”“Currently,” he added, “this picture is patchy.”

All across the country, heavily armed SWAT teams are raiding people’s homes in the middle of the night, often just to search for drugs. It should enrage us that people have needlessly died during these raids, that pets have been shot, and that homes have been ravaged. Our neighborhoods are not warzones, and police officers should not be treating us like wartime enemies. Any yet, every year, billions of dollars’ worth of military equipment flows from the federal government to state and local police departments. Departments use these wartime weapons in everyday policing, especially to fight the wasteful and failed drug war, which has unfairly targeted people of color. As our new report makes clear, it’s time for American police to remember that they are supposed to protect and serve our communities, not wage war on the people who live in them.

t is widely known that policing tactics across the country often unfairly target communities of color. According to our investigation, the use of paramilitary weapons and tactics appears to be no different. These maps show the distribution of SWAT raids by racial composition of neighborhoods in two cities, but this trend is echoed nationwide. Read the complete report for more.

It’s not uncommon for SWAT teams to brutalize bystanders in their search for a suspect. One family in Atlanta was woken up in the middle of the night when officers burst into their home and threw a flashbang grenade into the playpen where a toddler was sleeping. This is their story.  

A secret US cybersecurity report warned that government and private computers were being left vulnerable to online attacks from Russia, China and criminal gangs because encryption technologies were not being implemented fast enough. The advice, in a newly uncovered five-year forecast written in 2009, contrasts with the pledge made by David Cameron this week to crack down on encryption use by technology companies.

In the wake of the Paris terror attacks, the prime minister said there should be no “safe spaces for terrorists to communicate” or that British authorites could not access. Cameron, who landed in the US on Thursday night, is expected to urge Barack Obama to apply more pressure to tech giants, such as Apple, Google and Facebook, which have been expanding encrypted messaging for their millions of users since the revelations of mass NSA surveillance by the whistleblower Edward Snowden.

Cameron said the companies “need to work with us. They need also to demonstrate, which they do, that they have a social responsibility to fight the battle against terrorism. We shouldn’t allow safe spaces for terrorists to communicate. That’s a huge challenge but that’s certainly the right principle”. But the document from the US National Intelligence Council, which reports directly to the US director of national intelligence, made clear that encryption was the “best defence” for computer users to protect private data. Part of the cache given to the Guardian by Snowden was published in 2009 and gives a five-year forecast on the “global cyber threat to the US information infrastructure”. It covers communications, commercial and financial networks, and government and critical infrastructure systems. It was shared with GCHQ and made available to the agency’s staff through its intranet.

The US intelligence community has delivered a limited list of tweaks to how long it can hold information on ordinary citizens and hide secret trawls for data, responding to Barack Obama’s call for reform of its surveillance practices in the wake of revelations about NSA practices. Published by the office of the director of national intelligence, James Clapper, just six days before a recently announced visit to Washington by the German chancellor, Angela Merkel, the report is the culmination of a year-long effort to respond to revelations by whistleblower Edward Snowden.

But the report does not appear to address the role of telecommunications companies in collecting metadata and the use of encryption to prevent hacking, and privacy critics were quick to pounce on a year of promises with little reform to show. “It’s hard to see much ‘there’ there,” Senator Ron Wyden said in a statement. “When it comes to reforming intelligence programs and protecting Americans’ privacy, there is much, much more work to be done.” The outline from the intelligence community also appears to fall short of the legislative changes attempted by campaigners in Congress, focusing instead on measures to tighten internal guidelines and provide foreigners with some of the protections allowed for US citizens. These measures include:

Limiting how long personal data gathered from non-US citizens can be held to five years, so long as it is deemed not relevant to ongoing intelligence investigations. Asking Congress to provide some foreign nationals access to legal redress if their private information has been wilfully disclosed by US intelligence agencies. Limiting to three years how long the FBI can prevent disclosure of its surveillance activities using so-called national security letters, unless a special agent deems otherwise.

Eight of the biggest U.S. technology companies added a combined $69 billion to their stockpiled offshore profits over the past year, even as some corporations in other industries felt pressure to bring cash back home. Microsoft Corp., Apple Inc., Google Inc. and five other tech firms now account for more than a fifth of the $2.10 trillion in profits that U.S. companies are holding overseas, according to a Bloomberg News review of the securities filings of 304 corporations. The total amount held outside the U.S. by the companies was up 8 percent from the previous year, though 58 companies reported smaller stockpiles. The money pileup, reflecting companies’ incentives to park profits in low-tax countries, has drawn the attention of President Barack Obama and U.S. lawmakers, who see a chance to tap the funds for spending programs and to revamp the tax code. That effort is stalled in Washington, and there are few signs that tech companies will bring the profits back to the U.S. until Congress gives them an incentive or a mandate.

The “USA Freedom Act”—the proponents of which were heralding as “NSA reform” despite its suffocatingly narrow scope—died in the august U.S. Senate last night when it attracted only 58 of the 60 votes needed to close debate and move on to an up-or-down vote. All Democratic and independent senators except one (Bill Nelson of Florida) voted in favor of the bill, as did three tea-party GOP Senators (Ted Cruz, Mike Lee, and Dean Heller). One GOP Senator, Rand Paul, voted against it on the ground that it did not go nearly far enough in reining in the NSA. On Monday, the White House had issued a statement “strongly supporting” the bill. The “debate” among the Senators that preceded the vote was darkly funny and deeply boring, in equal measure. The black humor was due to the way one GOP senator after the next—led by ranking intelligence committee member Saxby Chambliss of Georgia (pictured above)—stood up and literally screeched about 9/11 and ISIS over and over and over, and then sat down as though they had made a point.

So the pro-NSA Republican senators were actually arguing that if the NSA were no longer allowed to bulk-collect the communication records of Americans inside the U.S., then ISIS would kill you and your kids. But because they were speaking in an empty chamber and only to their warped and insulated D.C. circles and sycophantic aides, there was nobody there to cackle contemptuously or tell them how self-evidently moronic it all was. So they kept their Serious Faces on like they were doing The Nation’s Serious Business, even though what was coming out of their mouths sounded like the demented ramblings of a paranoid End is Nigh cult. The boredom of this spectacle was simply due to the fact that this has been seen so many times before—in fact, every time in the post-9/11 era that the U.S. Congress pretends publicly to debate some kind of foreign policy or civil liberties bill. Just enough members stand up to scream “9/11″ and “terrorism” over and over until the bill vesting new powers is passed or the bill protecting civil liberties is defeated.

Eight years ago, when this tawdry ritual was still a bit surprising to me, I live-blogged the 2006 debate over passage of the Military Commissions Act, which, with bipartisan support, literally abolished habeas corpus rights established by the Magna Carta by sanctioning detention without charges or trial. (My favorite episode there was when GOP Sen. Arlen Specter warned that “what the bill seeks to do is set back basic rights by some nine hundred years,” and then voted in favor of its enactment.) In my state of naive disbelief, as one senator after the next thundered about the “message we are sending” to “the terrorists,” I wrote: “The quality of the ‘debate’ on the Senate floor is so shockingly (though appropriately) low and devoid of substance that it is hard to watch.” So watching last night’s Senate debate was like watching a repeat of some hideously shallow TV show. The only new aspect was that the aging Al Qaeda villain has been rather ruthlessly replaced by the show’s producers with the younger, sleeker ISIS model. Showing no gratitude at all for the years of value it provided these senators, they ignored the veteran terror group almost completely in favor of its new replacement. And they proceeded to save a domestic surveillance program clearly unpopular among those they pretend to represent.