Group items tagged

The regime that governs the sharing between Britain and the US of electronic communications intercepted in bulk was unlawful until last year, a secretive UK tribunal has ruled. The Investigatory Powers Tribunal (IPT) declared on Friday that regulations covering access by Britain’s GCHQ to emails and phone records intercepted by the US National Security Agency (NSA) breached human rights law.

Advocacy groups said the decision raised questions about the legality of intelligence-sharing operations between the UK and the US. The ruling appears to suggest that aspects of the operations were illegal for at least seven years – between 2007, when the Prism intercept programme was introduced, and 2014. The critical judgment marks the first time since the IPT was established in 2000 that it has upheld a complaint relating to any of the UK’s intelligence agencies. It said that the government’s regulations were illegal because the public were unaware of safeguards that were in place. Details of those safeguards were only revealed during the legal challenge at the IPT. An “order” posted on the IPT’s website early on Friday declared: “The regime governing the soliciting, receiving, storing and transmitting by UK authorities of private communications of individuals located in the UK, which have been obtained by US authorities … contravened Articles 8 or 10” of the European convention on human rights.

Article 8 relates to the right to private and family life; article 10 refers to freedom of expression. The decision, in effect, refines an earlier judgment issued by the tribunal in December, when it ruled that Britain’s current legal regime governing data collection through the internet by intelligence agencies – which has been recently updated to ensure compliance – did not violate the human rights of people in the UK.

Faced with mounting international pressure over the Falkland Islands territorial dispute, the British government enlisted its spy service, including a highly secretive unit known for using “dirty tricks,” to covertly launch offensive cyberoperations to prevent Argentina from taking the islands. A shadowy unit of the British spy agency Government Communications Headquarters (GCHQ) had been preparing a bold, covert plan called “Operation QUITO” since at least 2009. Documents provided to The Intercept by National Security Agency whistleblower Edward Snowden, published in partnership with Argentine news site Todo Notícias, refer to the mission as a “long-running, large scale, pioneering effects operation.” At the heart of this operation was the Joint Threat Research and Intelligence Group, known by the acronym JTRIG, a secretive unit that has been involved in spreading misinformation.

The British government, which has continuously administered the Falkland Islands — also known as the Malvinas — since 1833, has rejected Argentine and international calls to open negotiations on territorial sovereignty. Worried that Argentina, emboldened by international opinion, may attempt to retake the islands diplomatically or militarily, JTRIG and other GCHQ divisions were tasked “to support FCO’s [Foreign and Commonwealth Office’s] goals relating to Argentina and the Falkland Islands.” A subsequent document suggests the main FCO goal was to “[prevent] Argentina from taking over the Falkland Islands” and that new offensive cyberoperations were underway in 2011 to further that end. Tensions between the two nations, which fought a war over the small archipelago in the South Atlantic Ocean in 1982, reached a boil in 2010 with the British discovery of large, offshore oil and gas reserves potentially worth billions of dollars.

While the full extent of JTRIG’s tactics used in the Falklands mission is unclear, the scope of JTRIG’s approved capabilities offers an idea of what may have been done. The group, first revealed last year by NBC News and The Intercept, has developed various techniques — including “false flag” operations, sexual “honey traps,” and implanting computer viruses — to collect intelligence, plant propaganda and diminish or discredit opponents. As reported in The Intercept last year, JTRIG “has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, ‘amplif[y]’ sanctioned messages on YouTube,” and plant false Facebook wall posts for “entire countries.” According to a study of the group by the U.K.’s Defence Science and Technology Laboratory (DSTL), “the language of JTRIG’s operations is characterized by terms such as ‘discredit,’ promote ‘distrust,’ ‘dissuade,’ ‘deceive,’ ‘disrupt,’ ‘delay,’ ‘deny,’ ‘denigrate/degrade,’ and ‘deter.’” The unit’s activities generally break down into two symbiotic categories: online Human Intelligence, or HUMINT, and “effects operations.” Online HUMINT is the collection of information on human targets through passive tracking or overt interaction with a target through an alias. These operations may sometimes be in support of, or in conjunction with, covert MI-6 agents on the ground.

Now we can see what moves legislators to take swift action against domestic surveillance. It all depends on who's being targeted. A long-held "gentleman's agreement" that GCHQ would not spy on members of Parliament (with an exigent circumstances exception, naturally) was found to be not legally-binding by the UK's surveillance oversight tribunal. Today, a panel, headed by Mr Justice Burton, made declarations that the Wilson Doctrine applies only to targeted, and not incidental, interception of Parliamentary communications, but that it has no legal effect, save that in practice the Security and Intelligence Agencies must comply with their own guidance. The Wilson doctrine, implemented by prime minister Harold Wilson in November 1966, lay down the policy of no tapping of the phones of MPs or members of the House of Lords, unless there is a major national emergency, and that any changes to the policy will be reported by the prime minister to Parliament.

Once the Parliament members discovered they too could be subjected to GCHQ's "blanket surveillance," they moved quickly. MPs are to hold an emergency debate on the Wilson doctrine, amid fears the convention designed to prevent politicians' communications being spied upon is "dead". [...] Shadow Commons leader Chris Bryant led a successful application in the Commons for an emergency debate in response to Wednesday's judgment. The debate has been allocated up to three hours on Monday, October 19. When it's just the general public and foreign citizens of dozens of nations, politicians generally agree there's a "debate" to be had over dragnet surveillance. The debate then takes place with minimal input from those affected and tends to include large amounts of terrorist fear-mongering and quibbling over how much exactly national security agencies should be allowed to get away with. (As much as possible, usually. Especially when the fear-mongering side has the floor.)

When it's those up top discovering they, too, might be subject to the same surveillance they've inflicted on the rest of the nation (and foreigners who have been granted no rights whatsoever), they step all over themselves in their haste to "debate" the side of the issue that states they should continue to be excepted from the laws that apply to everyone else.

Spy agencies in Britain will be given the explicit right to hack into smartphones and computers as part of a new law being introduced by the Conservative government. Security services MI5, MI6 and GCHQ can already access electronic devices by exploiting software security vulnerabilities, but the legal foundation for the practice is under scrutiny.New powers laid out in the Investigatory Powers Bill, due to be introduced in Parliament next month, will give spies a solid legal basis for hacking into computer systems, according to the Times.The revelation has sparked criticism from human rights group Liberty, which accuses the government of giving spy agencies “unlimited potential” to act against citizens.The bill, which was announced in the Queens’ Speech following the general election, is likely to include the new Snooper’s Charter, according to privacy campaigners at the Open Rights Group.

British spies will be able to hack into a person’s “property” through backdoors in the software. Once inside, intelligence agents can install software that allows them operate microphones to eavesdrop on conversations and even control the camera to take photographs of targets.The government admitted in February that MI5, MI6 and GCHQ were hacking into computers, servers, routers and mobile phones using the Intelligence Services Act 1994, which does not give explicit authorization for such practices.Independent reviewer of terrorism legislation Dave Anderson QC recommended in June that new legislation be introduced to clarify give intrusive hacking a firm legal basis.Anderson said that hacking presents a “dizzying array of possibilities to the security and intelligence agencies.”While some methods are appropriate, “many are of the view that there are others which are so intrusive that they would require exceptional safeguards for their use to be legal … A debate is clearly needed,” he said.

The investigatory powers bill will give agents explicit powers to interfere with “property” once they have obtained a warrant from the home secretary.Digital evidence expert Peter Sommer said the powers circumvented encryption technology.“Increasingly, [intelligence agents] can’t read communications sent over the internet because of encryption, so their ability to get information from interception is rapidly diminishing. The best way around this is to get inside someone’s computer. This is an increasingly important avenue for them,” he told the Times.

Here’s a recap of Snowden’s leaked documents published so far, in my own highly subjective order of importance.

A leaked executive order from President Obama shows the administration asked intelligence agencies to draw up a list of potential offensive cyberattack targets around the world. The order, which suggests targeting “systems, processes and infrastructure” states that such offensive hacking operations “can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.” The order followed repeated accusations by the U.S. government that China has engaged in state-sponsored hacking operations, and was timed just a day before President Obama’s summit with Chinese President Xi Jinping.

According to leaked documents released by Edward Snowden, British intelligence spied on Israeli diplomats and military officials in 2008 and 2009, the French newspaper Le Monde and Israel’s Haaretz reported on Wednesday. One of the files from 2009 said that “Britain’s GCHQ intelligence-gathering apparatus defined Israel as ‘a true threat’ to the Middle East”. “The Israelis constitute a true threat to regional security, notably because of the country’s position on the Iran issue,” the file said. The UK spy agency gathered data on the “second-highest ranking official in the Israeli foreign ministry”, who went unidentified by Le Monde and Haaretz. The two outlets also said that the UK gathered surveillance on the Palestinian Authority. GCHQ tapped the phone of Palestinian Authority President Mahmoud Abbas in December 2008, weeks before Israel launched an offensive the following month. GCHQ also monitored emails between Israel’s ambassadors to Kenya and Nigeria and the private Israel defence company Ophir Optronics. During those two years, the UK spied on the Palestinian Liberation Organisation’s secretary general and several Palestinian diplomatic delegations, including former Palestinian prime minister Ahmed Qurei and Israeli-Palestinian parliamentarian Dr Ahmad Tibi.

The National Security Agency (NSA) widely monitors international payments, banking and credit card transactions, according to documents seen by SPIEGEL. The information from the American foreign intelligence agency, acquired by former NSA contractor and whistleblower Edward Snowden, show that the spying is conducted by a branch called "Follow the Money" (FTM). The collected information then flows into the NSA's own financial databank, called "Tracfin," which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions. Further NSA documents from 2010 show that the NSA also targets the transactions of customers of large credit card companies like VISA for surveillance. NSA analysts at an internal conference that year described in detail how they had apparently successfully searched through the US company's complex transaction network for tapping possibilities.

Their aim was to gain access to transactions by VISA customers in Europe, the Middle East and Africa, according to one presentation. The goal was to "collect, parse and ingest transactional data for priority credit card associations, focusing on priority geographic regions." In response to a SPIEGEL inquiry, however, VISA issued a statement in which it said, "We are not aware of any unauthorized access to our network. Visa takes data security seriously and, in response to any attempted intrusion, we would pursue all available remedies to the fullest extent of the law. Further, its Visa's policy to only provide transaction information in response to a subpoena or other valid legal process." The NSA's Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a "target," according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency's "tailored access operations" division. One of the ways the agency accessed the data included reading "SWIFT printer traffic from numerous banks," the documents show.

But even intelligence agency employees are somewhat concerned about spying on the world finance system, according to one document from the UK's intelligence agency GCHQ concerning the legal perspectives on "financial data" and the agency's own cooperations with the NSA in this area. The collection, storage and sharing of politically sensitive data is a deep invasion of privacy, and involved "bulk data" full of "rich personal information," much of which "is not about our targets," the document says.

Secret documents reveal more than 1,000 targets of American and British surveillance in recent years, including the office of an Israeli prime minister, heads of international aid organizations, foreign energy companies and a European Union official involved in antitrust battles with American technology businesses.

While the names of some political and diplomatic leaders have previously emerged as targets, the newly disclosed intelligence documents provide a much fuller portrait of the spies’ sweeping interests in more than 60 countries. Britain’s Government Communications Headquarters, working closely with the National Security Agency, monitored the communications of senior European Union officials, foreign leaders including African heads of state and sometimes their family members, directors of United Nations and other relief programs, and officials overseeing oil and finance ministries, according to the documents. In addition to Israel, some targets involved close allies like France and Germany, where tensions have already erupted over recent revelations about spying by the N.S.A.

Details of the surveillance are described in documents from the N.S.A. and Britain’s eavesdropping agency, known as GCHQ, dating from 2008 to 2011. The target lists appear in a set of GCHQ reports that sometimes identify which agency requested the surveillance, but more often do not. The documents were leaked by the former N.S.A. contractor Edward J. Snowden and shared by The New York Times, The Guardian and Der Spiegel. The reports are spare, technical bulletins produced as the spies, typically working out of British intelligence sites, systematically tapped one international communications link after another, focusing especially on satellite transmissions. The value of each link is gauged, in part, by the number of surveillance targets found to be using it for emails, text messages or phone calls. More than 1,000 targets, which also include people suspected of being terrorists or militants, are in the reports. It is unclear what the eavesdroppers gleaned. The documents include a few fragmentary transcripts of conversations and messages, but otherwise contain only hints that further information was available elsewhere, possibly in a larger database.

37      It must be stated that the interference caused by Directive 2006/24 with the fundamental rights laid down in Articles 7 and 8 of the Charter is, as the Advocate General has also pointed out, in particular, in paragraphs 77 and 80 of his Opinion, wide-ranging, and it must be considered to be particularly serious. Furthermore, as the Advocate General has pointed out in paragraphs 52 and 72 of his Opinion, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the minds of the persons concerned the feeling that their private lives are the subject of constant surveillance.

43      In this respect, it is apparent from recital 7 in the preamble to Directive 2006/24 that, because of the significant growth in the possibilities afforded by electronic communications, the Justice and Home Affairs Council of 19 December 2002 concluded that data relating to the use of electronic communications are particularly important and therefore a valuable tool in the prevention of offences and the fight against crime, in particular organised crime. 44      It must therefore be held that the retention of data for the purpose of allowing the competent national authorities to have possible access to those data, as required by Directive 2006/24, genuinely satisfies an objective of general interest.45      In those circumstances, it is necessary to verify the proportionality of the interference found to exist.46      In that regard, according to the settled case-law of the Court, the principle of proportionality requires that acts of the EU institutions be appropriate for attaining the legitimate objectives pursued by the legislation at issue and do not exceed the limits of what is appropriate and necessary in order to achieve those objectives (see, to that effect, Case C‑343/09 Afton Chemical EU:C:2010:419, paragraph 45; Volker und Markus Schecke and Eifert EU:C:2010:662, paragraph 74; Cases C‑581/10 and C‑629/10 Nelson and Others EU:C:2012:657, paragraph 71; Case C‑283/11 Sky Österreich EU:C:2013:28, paragraph 50; and Case C‑101/12 Schaible EU:C:2013:661, paragraph 29).

67      Article 7 of Directive 2006/24, read in conjunction with Article 4(1) of Directive 2002/58 and the second subparagraph of Article 17(1) of Directive 95/46, does not ensure that a particularly high level of protection and security is applied by those providers by means of technical and organisational measures, but permits those providers in particular to have regard to economic considerations when determining the level of security which they apply, as regards the costs of implementing security measures. In particular, Directive 2006/24 does not ensure the irreversible destruction of the data at the end of the data retention period.68      In the second place, it should be added that that directive does not require the data in question to be retained within the European Union, with the result that it cannot be held that the control, explicitly required by Article 8(3) of the Charter, by an independent authority of compliance with the requirements of protection and security, as referred to in the two previous paragraphs, is fully ensured. Such a control, carried out on the basis of EU law, is an essential component of the protection of individuals with regard to the processing of personal data (see, to that effect, Case C‑614/10 Commission v Austria EU:C:2012:631, paragraph 37).69      Having regard to all the foregoing considerations, it must be held that, by adopting Directive 2006/24, the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter.

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages. For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks. The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.

According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance. The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.

Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.

European officials are demanding answers and investigations into a joint U.S. and U.K. hack of the world’s largest manufacturer of mobile SIM cards, following a report published by The Intercept Thursday. The report, based on leaked documents provided by NSA whistleblower Edward Snowden, revealed the U.S. spy agency and its British counterpart Government Communications Headquarters, GCHQ, hacked the Franco-Dutch digital security giant Gemalto in a sophisticated heist of encrypted cell-phone keys. The European Parliament’s chief negotiator on the European Union’s data protection law, Jan Philipp Albrecht, said the hack was “obviously based on some illegal activities.” “Member states like the U.K. are frankly not respecting the [law of the] Netherlands and partner states,” Albrecht told the Wall Street Journal. Sophie in ’t Veld, an EU parliamentarian with D66, the Netherlands’ largest opposition party, added, “Year after year we have heard about cowboy practices of secret services, but governments did nothing and kept quiet […] In fact, those very same governments push for ever-more surveillance capabilities, while it remains unclear how effective these practices are.”

“If the average IT whizzkid breaks into a company system, he’ll end up behind bars,” In ’t Veld added in a tweet Friday. The EU itself is barred from undertaking such investigations, leaving individual countries responsible for looking into cases that impact their national security matters. “We even get letters from the U.K. government saying we shouldn’t deal with these issues because it’s their own issue of national security,” Albrecht said. Still, lawmakers in the Netherlands are seeking investigations. Gerard Schouw, a Dutch member of parliament, also with the D66 party, has called on Ronald Plasterk, the Dutch minister of the interior, to answer questions before parliament. On Tuesday, the Dutch parliament will debate Schouw’s request. Additionally, European legal experts tell The Intercept, public prosecutors in EU member states that are both party to the Cybercrime Convention, which prohibits computer hacking, and home to Gemalto subsidiaries could pursue investigations into the breach of the company’s systems.

According to secret documents from 2010 and 2011, a joint NSA-GCHQ unit penetrated Gemalto’s internal networks and infiltrated the private communications of its employees in order to steal encryption keys, embedded on tiny SIM cards, which are used to protect the privacy of cellphone communications across the world. Gemalto produces some 2 billion SIM cards a year. The company’s clients include AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers. “[We] believe we have their entire network,” GCHQ boasted in a leaked slide, referring to the Gemalto heist.

Just as the Bush administration and the U.S. media re-labelled “torture” with the Orwellian euphemism “enhanced interrogation techniques” to make it more palatable, the governments and media of the Five Eyes surveillance alliance are now attempting to re-brand “mass surveillance” as “bulk collection” in order to make it less menacing (and less illegal). In the past several weeks, this is the clearly coordinated theme that has arisen in the U.S., UK, Canada, Australia and New Zealand as the last defense against the Snowden revelations, as those governments seek to further enhance their surveillance and detention powers under the guise of terrorism.

This manipulative language distortion can be seen perfectly in yesterday’s white-washing report of GCHQ mass surveillance from the servile rubber-stamp calling itself “The Intelligence and Security Committee of the UK Parliament (ISC)”(see this great Guardian Editorial this morning on what a “slumbering” joke that “oversight” body is). As Committee Member MP Hazel Blears explained yesterday (photo above), the Parliamentary Committee officially invoked this euphemism to justify the collection of billions of electronic communications events every day. The Committee actually acknowledged for the first time (which Snowden documents long ago proved) that GCHQ maintains what it calls “Bulk Personal Datasets” that contain “millions of records,” and even said about pro-privacy witnesses who testified before it: “we recognise their concerns as to the intrusive nature of bulk collection.” That is the very definition of “mass surveillance,” yet the Committee simply re-labelled it “bulk collection,” purported to distinguish it from “mass surveillance,” and thus insist that it was all perfectly legal.

This re-definition game goes as follows: yes, we vacuum up and store literally as much of the internet as we possibly can. Then we analyze all the data about what you’re doing, with whom you’re speaking, and who your network of associates is. Based on that analysis of all of you and your activities, we then read the communications that we want (with virtually no checks and concealing from you what percentage of it we’re reading), and store as much of the rest of it as technology permits for future trolling. But don’t worry: we’re only reading the Bad People’s emails. So run along then: no mass surveillance here. Just bulk collection! It’s not mass surveillance, but “enhanced collection techniques.”  One of the many facts that made the re-defining of “torture” so corrupt and indisputably invalid was that there was long-standing law making clear that exactly these interrogation techniques used by the U.S. government were torture and thus illegal. The same is true of this obscene attempt to re-define “mass surveillance” as nothing more than mere innocent “bulk collection.”

The Bureau of Investigative Journalism is asking a European court to rule on whether UK legislation properly protects journalists’ sources and communications from government scrutiny and mass surveillance. The Bureau’s application was filed with the European Court of Human Rights on Friday. If the court rules in favour of the application it will force the UK government to review regulation around the mass collection of communications data. The action follows concerns about the implications to journalists of some of the revelations that have come out of material leaked by Edward Snowden. These have made it clear that by using mass surveillance techniques and programs such as Tempora government agencies can not only collect, store and scrutinise the content of electronic communications but also analyse masses of metadata – the details about where digital communications such as emails originate and the subject area of those communications. Gavin Millar QC, who is working on the case with the Bureau, believes UK authorities are routinely carrying out such data collection and analysis and says this enables a sophisticated picture to be developed of a journalist’s or organisation’s network of contacts, sources and lines of enquiry as well as materials, subjects and persons of interest to them.

The Bureau’s Christopher Hird says: “We understand why the government feels the need to have the power of interception. “But our concern is that the existing regulatory regime to control the interception of communications data – such as phone calls and emails – by organisations such as GCHQ does not provide sufficient safeguards to ensure the protection of journalists’ sources, and as a result is a restriction on the operation of a free press.” The collection of data by authorities is governed in the UK by the Regulation of Investigatory Powers Act, known as RIPA. This is primarily focused on internal communications. Many of the investigations undertaken by Bureau journalists involve foreign sources and stories, which are more vulnerable to interception as RIPA does not provide the same safeguards as it does for internal communications. The Bureau is working with lawyers from Doughty Street chambers and law firm Leigh Day, who have advised that there is little protection or rigorous scrutiny provided by current UK legislation for these “external” communications.

It's 2016 going on 1984. The UK has just passed a massive expansion in surveillance powers, which critics have called "terrifying" and "dangerous".

The new law, dubbed the "snoopers' charter", was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government. Four years and a general election later -- May is now prime minister -- the bill was finalized and passed on Wednesday by both parliamentary houses. But civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government "document everything we do online". It's no wonder, because it basically does. The law will force internet providers to record every internet customer's top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand -- though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch.

Not only that, the law also gives the intelligence agencies the power to hack into computers and devices of citizens (known as equipment interference), although some protected professions -- such as journalists and medical staff -- are layered with marginally better protections. In other words, it's the "most extreme surveillance law ever passed in a democracy," according to Jim Killock, director of the Open Rights Group. The bill was opposed by representatives of the United Nations, all major UK and many leading global privacy and rights groups, and a host of Silicon Valley tech companies alike. Even the parliamentary committee tasked with scrutinizing the bill called some of its provisions "vague".

the EU Parliament's Civil Liberties Committee published the draft of their report on the impact of dragnet surveillance by the NSA on EU citizens (PDF).

Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands. To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices. In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations. But the NSA recognized that managing a massive network of implants is too big a job for humans alone.

“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).” The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”

The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials. By tapping those links, the agency has positioned itself to collect at will from hundreds of millions of user accounts, many of them belonging to Americans. The NSA does not keep everything it collects, but it keeps a lot.

According to a top-secret accounting dated Jan. 9, 2013, the NSA’s acquisitions directorate sends millions of records every day from internal Yahoo and Google networks to data warehouses at the agency’s headquarters at Fort Meade, Md. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — including “metadata,” which would indicate who sent or received e-mails and when, as well as content such as text, audio and video.The NSA’s principal tool to exploit the data links is a project called MUSCULAR, operated jointly with the agency’s British counterpart, the Government Communications Headquarters . From undisclosed interception points, the NSA and the GCHQ are copying entire data flows across fiber-optic cables that carry information among the data centers of the Silicon Valley giants.

The infiltration is especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process. The MUSCULAR project appears to be an unusually aggressive use of NSA tradecraft against flagship American companies. The agency is built for high-tech spying, with a wide range of digital tools, but it has not been known to use them routinely against U.S. companies.

The editor of the New York Times, Jill Abramson, has confirmed that senior British officials attempted to persuade her to hand over secret documents leaked by the former National Security Agency contractor Edward Snowden.Giving the newspaper's first official comments on the incident, Abramson said that she was approached by the UK embassy in Washington after it was announced that the New York Times was collaborating with the Guardian to explore some of the files disclosed by Snowden. Among the files are several relating to the activities of GCHQ, the agency responsible for signals interception in the UK."They were hopeful that we would relinquish any material that we might be reporting on, relating to Edward Snowden. Needless to say I considered what they told me, and said no," Abramson told the Guardian in an interview to mark the International Herald Tribune's relaunch as the International New York Times.The incident shows the lengths to which the UK government has gone to try to discourage press coverage of the Snowden leaks. In July, the government threatened to take legal action against the Guardian that could have prevented publication, culminating in the destruction of computer hard drives containing some of Snowden's files.

Abramson said the spectacle of angle grinders and drills being used to destroy evidence in a newspaper basement was hard to conceive in the US, where the First Amendment offers free speech guarantees. "I can't imagine that. The only equivalent I can think of is years ago when the New York Times was enjoined by a lower court from publishing the Pentagon papers, but the supreme court came in and overruled that decision. Prior restraint is pretty much unthinkable to me in this country."Abramson has been executive editor of the New York Times, America's largest and most influential newspaper, since 2011. She said that the conversation with the UK's Washington embassy was the extent so far of British attempts to influence the paper's editorial decisions in relation to Snowden.

On Tuesday, news site The Register published a story containing explosive "above top secret" information about Britain's surveillance programs, including details of a "clandestine British base tapping undersea cables in the Middle East." Reporter Duncan Campbell, who wrote the story, said it was based on documents "leaked by fugitive NSA sysadmin Edward Snowden" that other news outlets had declined to publish.  However, it's not necessarily clear how Campbell got his hands on Snowden's document stash.  Glenn Greenwald, who published the first stories based on Snowden's documents in The Guardian, told Business Insider on Tuesday that Snowden has "no source relationship" with Campbell. "Snowden has no source relationship with Duncan (who is a great journalist), and never provided documents to him directly or indirectly, as Snowden has made clear," Greenwald said in an email. "I can engage in informed speculation about how Duncan got this document — it's certainly a document that several people in the Guardian UK possessed — but how he got it is something only he can answer."

For his part, Campbell is not interested in discussing how he got the documents used for his story. "Journalists in the UK — just as in the US — do not reveal their sources, or respond to questions as to confidential sources. We protect them. That is our obligation and our duty," Campbell wrote in an email to Business Insider. This isn't the first story Campbell has published allegedly based on Snowden documents. Last August, Campbell wrote a piece for The Independent about the secret British surveillance base. In that article, Campbell suggested The Guardian "agreed to the Government’s request not to publish any material contained in the Snowden documents that could damage national security," including the existence of the surveillance base.

Greenwald responded with a column that included a statement from Snowden saying he had not worked with Campbell and speculating the documents were actually by the British government as part of an attempt to make the case his leaks were "harmful." In addition to Snowden's theory that Campbell may have obtained documents from a government source, it also seems possible he was leaked information by a Guardian staffer with access to the documents. Business Insider asked Guardian editor Alan Rusbridger about this possibility on Tuesday and received a response from a representative for the paper who said they have no idea how Campbell obtained any of Snowden's documents.  "We don't know who Mr Campbell's source is. We have always been open and transparent about all of our reporting partners," the representative  said.

The United Nations’ top official for counter-terrorism and human rights (known as the “Special Rapporteur”) issued a formal report to the U.N. General Assembly today that condemns mass electronic surveillance as a clear violation of core privacy rights guaranteed by multiple treaties and conventions. “The hard truth is that the use of mass surveillance technology effectively does away with the right to privacy of communications on the Internet altogether,” the report concluded. Central to the Rapporteur’s findings is the distinction between “targeted surveillance” — which “depend[s] upon the existence of prior suspicion of the targeted individual or organization” — and “mass surveillance,” whereby “states with high levels of Internet penetration can [] gain access to the telephone and e-mail content of an effectively unlimited number of users and maintain an overview of Internet activity associated with particular websites.” In a system of “mass surveillance,” the report explained, “all of this is possible without any prior suspicion related to a specific individual or organization. The communications of literally every Internet user are potentially open for inspection by intelligence and law enforcement agencies in the States concerned.”

Mass surveillance thus “amounts to a systematic interference with the right to respect for the privacy of communications,” it declared. As a result, “it is incompatible with existing concepts of privacy for States to collect all communications or metadata all the time indiscriminately.” In concluding that mass surveillance impinges core privacy rights, the report was primarily focused on the International Covenant on Civil and Political Rights, a treaty enacted by the General Assembly in 1966, to which all of the members of the “Five Eyes” alliance are signatories. The U.S. ratified the treaty in 1992, albeit with various reservations that allowed for the continuation of the death penalty and which rendered its domestic law supreme. With the exception of the U.S.’s Persian Gulf allies (Saudi Arabia, UAE and Qatar), virtually every major country has signed the treaty. Article 17 of the Covenant guarantees the right of privacy, the defining protection of which, the report explained, is “that individuals have the right to share information and ideas with one another without interference by the State, secure in the knowledge that their communication will reach and be read by the intended recipients alone.”

The report’s key conclusion is that this core right is impinged by mass surveillance programs: “Bulk access technology is indiscriminately corrosive of online privacy and impinges on the very essence of the right guaranteed by article 17. In the absence of a formal derogation from States’ obligations under the Covenant, these programs pose a direct and ongoing challenge to an established norm of international law.” The report recognized that protecting citizens from terrorism attacks is a vital duty of every state, and that the right of privacy is not absolute, as it can be compromised when doing so is “necessary” to serve “compelling” purposes. It noted: “There may be a compelling counter-terrorism justification for the radical re-evaluation of Internet privacy rights that these practices necessitate. ” But the report was adamant that no such justifications have ever been demonstrated by any member state using mass surveillance: “The States engaging in mass surveillance have so far failed to provide a detailed and evidence-based public justification for its necessity, and almost no States have enacted explicit domestic legislation to authorize its use.”