Group items tagged

Senior Obama administration officials have secretly authorized the interception of communications carried on portions of networks operated by AT&T and other Internet service providers, a practice that might otherwise be illegal under federal wiretapping laws. The secret legal authorization from the Justice Department originally applied to a cybersecurity pilot project in which the military monitored defense contractors' Internet links. Since then, however, the program has been expanded by President Obama to cover all critical infrastructure sectors including energy, healthcare, and finance starting June 12. "The Justice Department is helping private companies evade federal wiretap laws," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which obtained over 1,000 pages of internal government documents and provided them to CNET this week. "Alarm bells should be going off." Those documents show the National Security Agency and the Defense Department were deeply involved in pressing for the secret legal authorization, with NSA director Keith Alexander participating in some of the discussions personally. Despite initial reservations, including from industry participants, Justice Department attorneys eventually signed off on the project.

The Justice Department agreed to grant legal immunity to the participating network providers in the form of what participants in the confidential discussions refer to as "2511 letters," a reference to the Wiretap Act codified at 18 USC 2511 in the federal statute books. The Wiretap Act limits the ability of Internet providers to eavesdrop on network traffic except when monitoring is a "necessary incident" to providing the service or it takes place with a user's "lawful consent." An industry representative told CNET the 2511 letters provided legal immunity to the providers by agreeing not to prosecute for criminal violations of the Wiretap Act. It's not clear how many 2511 letters were issued by the Justice Department. In 2011, Deputy Secretary of Defense William Lynn publicly disclosed the existence of the original project, called the DIB Cyber Pilot, which used login banners to inform network users that monitoring was taking place. In May 2012, the pilot was turned into an ongoing program -- broader but still voluntary -- by the name of Joint Cybersecurity Services Pilot, with the Department of Homeland Security becoming involved for the first time. It was renamed again to Enhanced Cybersecurity Services program in January, and is currently being expanded to all types of companies operating critical infrastructure.

Another e-mail message from a Justice Department attorney wondered: "Will the program cover all parts of the company network -- including say day care centers (as mentioned as a question in a [deputies committee meeting]) and what are the policy implications of this?" The deputies committee includes the deputy secretary of defense, the deputy director of national intelligence, the deputy attorney general, and the vice chairman of the Joint Chiefs of Staff. "These agencies are clearly seeking authority to receive a large amount of information, including personal information, from private Internet networks," says EPIC staff attorney Amie Stepanovich, who filed a lawsuit against Homeland Security in March 2012 seeking documents relating to the program under the Freedom of Information Act. "If this program was broadly deployed, it would raise serious questions about government cybersecurity practices." In January, the Department of Homeland Security's privacy office published a privacy analysis (PDF) of the program saying that users of the networks of companies participating in the program will see "an electronic login banner [saying] information and data on the network may be monitored or disclosed to third parties, and/or that the network users' communications on the network are not private."

Were Israeli companies Verint and Narus the ones that collected information from the U.S. communications network for the National Security Agency? The question arises amid controversy over revelations that the NSA has been collecting the phone records of hundreds of millions of Americans every day, creating a database through which it can learn whether terror suspects have been in contact with people in the United States. It also was disclosed this week that the NSA has been gathering all Internet usage - audio, video, photographs, emails and searches - from nine major U.S. Internet providers, including Microsoft and Google, in hopes of detecting suspicious behavior that begins overseas.

According to an article in the American technology magazine "Wired" from April 2012, two Israeli companies – which the magazine describes as having close connections to the Israeli security community – conduct bugging and wiretapping for the NSA. Verint, which took over its parent company Comverse Technology earlier this year, is responsible for tapping the communication lines of the American telephone giant Verizon, according to a past Verizon employee sited by James Bamford in Wired. Neither Verint nor Verizon commented on the matter.

Natus, which was acquired in 2010 by the American company Boeing, supplied the software and hardware used at AT&T wiretapping rooms, according to whistleblower Mark Klein, who revealed the information in 2004. Klein, a past technician at AT&T who filed a suit against the company for spying on its customers, revealed a "secret room" in the company's San Fransisco office, where the NSA collected data on American citizens' telephone calls and Internet surfing. Klein's claims were reinforced by former NSA employee Thomas Drake who testified that the agency uses a program produced by Narus to save the personal electrical communications of AT&T customers.  Both Verint and Narus have ties to the Israeli intelligence agency and the Israel Defense Forces intelligence-gathering unit 8200. Hanan Gefen, a former commander of the 8200 unit, told Forbes magazine in 2007 that Comverse's technology, which was formerly the parent company of Verint and merged with it this year, was directly influenced by the technology of 8200. Ori Cohen, one of the founders of Narus, told Fortune magazine in 2001 that his partners had done technology work for the Israeli intelligence.