Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged NSA-disclosures

Rss Feed Group items tagged

Paul Merrell

Top-Secret Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit 'Radi... - 0 views

  • WASHINGTON -- The National Security Agency has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches, according to a top-secret NSA document. The document, provided by NSA whistleblower Edward Snowden, identifies six targets, all Muslims, as “exemplars” of how “personal vulnerabilities” can be learned through electronic surveillance, and then exploited to undermine a target's credibility, reputation and authority. The NSA document, dated Oct. 3, 2012, repeatedly refers to the power of charges of hypocrisy to undermine such a messenger. “A previous SIGINT" -- or signals intelligence, the interception of communications -- "assessment report on radicalization indicated that radicalizers appear to be particularly vulnerable in the area of authority when their private and public behaviors are not consistent,” the document argues. Among the vulnerabilities listed by the NSA that can be effectively exploited are “viewing sexually explicit material online” and “using sexually explicit persuasive language when communicating with inexperienced young girls.”
  • The Director of the National Security Agency -- described as "DIRNSA" -- is listed as the "originator" of the document. Beyond the NSA itself, the listed recipients include officials with the Departments of Justice and Commerce and the Drug Enforcement Administration. "Without discussing specific individuals, it should not be surprising that the US Government uses all of the lawful tools at our disposal to impede the efforts of valid terrorist targets who seek to harm the nation and radicalize others to violence," Shawn Turner, director of public affairs for National Intelligence, told The Huffington Post in an email Tuesday. Yet Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said these revelations give rise to serious concerns about abuse. "It's important to remember that the NSA’s surveillance activities are anything but narrowly focused -- the agency is collecting massive amounts of sensitive information about virtually everyone," he said. "Wherever you are, the NSA's databases store information about your political views, your medical history, your intimate relationships and your activities online," he added. "The NSA says this personal information won't be abused, but these documents show that the NSA probably defines 'abuse' very narrowly."
  • None of the six individuals targeted by the NSA is accused in the document of being involved in terror plots. The agency believes they all currently reside outside the United States. It identifies one of them, however, as a "U.S. person," which means he is either a U.S. citizen or a permanent resident. A U.S. person is entitled to greater legal protections against NSA surveillance than foreigners are. Stewart Baker, a one-time general counsel for the NSA and a top Homeland Security official in the Bush administration, said that the idea of using potentially embarrassing information to undermine targets is a sound one. "If people are engaged in trying to recruit folks to kill Americans and we can discredit them, we ought to," said Baker. "On the whole, it's fairer and maybe more humane" than bombing a target, he said, describing the tactic as "dropping the truth on them." Any system can be abused, Baker allowed, but he said fears of the policy drifting to domestic political opponents don't justify rejecting it. "On that ground you could question almost any tactic we use in a war, and at some point you have to say we're counting on our officials to know the difference," he said.
  • ...6 more annotations...
  • In addition to analyzing the content of their internet activities, the NSA also examined the targets' contact lists. The NSA accuses two of the targets of promoting al Qaeda propaganda, but states that surveillance of the three English-speakers’ communications revealed that they have "minimal terrorist contacts." In particular, “only seven (1 percent) of the contacts in the study of the three English-speaking radicalizers were characterized in SIGINT as affiliated with an extremist group or a Pakistani militant group. An earlier communications profile of [one of the targets] reveals that 3 of the 213 distinct individuals he was in contact with between 4 August and 2 November 2010 were known or suspected of being associated with terrorism," the document reads. The document contends that the three Arabic-speaking targets have more contacts with affiliates of extremist groups, but does not suggest they themselves are involved in any terror plots. Instead, the NSA believes the targeted individuals radicalize people through the expression of controversial ideas via YouTube, Facebook and other social media websites. Their audience, both English and Arabic speakers, "includes individuals who do not yet hold extremist views but who are susceptible to the extremist message,” the document states. The NSA says the speeches and writings of the six individuals resonate most in countries including the United Kingdom, Germany, Sweden, Kenya, Pakistan, India and Saudi Arabia.
  • The NSA possesses embarrassing sexually explicit information about at least two of the targets by virtue of electronic surveillance of their online activity. The report states that some of the data was gleaned through FBI surveillance programs carried out under the Foreign Intelligence and Surveillance Act. The document adds, "Information herein is based largely on Sunni extremist communications." It further states that "the SIGINT information is from primary sources with direct access and is generally considered reliable." According to the document, the NSA believes that exploiting electronic surveillance to publicly reveal online sexual activities can make it harder for these “radicalizers” to maintain their credibility. "Focusing on access reveals potential vulnerabilities that could be even more effectively exploited when used in combination with vulnerabilities of character or credibility, or both, of the message in order to shape the perception of the messenger as well as that of his followers," the document argues. An attached appendix lists the "argument" each surveillance target has made that the NSA says constitutes radicalism, as well the personal "vulnerabilities" the agency believes would leave the targets "open to credibility challenges" if exposed.
  • One target's offending argument is that "Non-Muslims are a threat to Islam," and a vulnerability listed against him is "online promiscuity." Another target, a foreign citizen the NSA describes as a "respected academic," holds the offending view that "offensive jihad is justified," and his vulnerabilities are listed as "online promiscuity" and "publishes articles without checking facts." A third targeted radical is described as a "well-known media celebrity" based in the Middle East who argues that "the U.S perpetrated the 9/11 attack." Under vulnerabilities, he is said to lead "a glamorous lifestyle." A fourth target, who argues that "the U.S. brought the 9/11 attacks on itself" is said to be vulnerable to accusations of “deceitful use of funds." The document expresses the hope that revealing damaging information about the individuals could undermine their perceived "devotion to the jihadist cause." The Huffington Post is withholding the names and locations of the six targeted individuals; the allegations made by the NSA about their online activities in this document cannot be verified. The document does not indicate whether the NSA carried out its plan to discredit these six individuals, either by communicating with them privately about the acquired information or leaking it publicly. There is also no discussion in the document of any legal or ethical constraints on exploiting electronic surveillance in this manner.
  • While Baker and others support using surveillance to tarnish the reputation of people the NSA considers "radicalizers," U.S. officials have in the past used similar tactics against civil rights leaders, labor movement activists and others. Under J. Edgar Hoover, the FBI harassed activists and compiled secret files on political leaders, most notably Martin Luther King, Jr. The extent of the FBI's surveillance of political figures is still being revealed to this day, as the bureau releases the long dossiers it compiled on certain people in response to Freedom of Information Act requests following their deaths. The information collected by the FBI often centered on sex -- homosexuality was an ongoing obsession on Hoover's watch -- and information about extramarital affairs was reportedly used to blackmail politicians into fulfilling the bureau's needs. Current FBI Director James Comey recently ordered new FBI agents to visit the Martin Luther King, Jr. Memorial in Washington to understand "the dangers in becoming untethered to oversight and accountability."
  • James Bamford, a journalist who has been covering the NSA since the early 1980s, said the use of surveillance to exploit embarrassing private behavior is precisely what led to past U.S. surveillance scandals. "The NSA's operation is eerily similar to the FBI's operations under J. Edgar Hoover in the 1960s where the bureau used wiretapping to discover vulnerabilities, such as sexual activity, to 'neutralize' their targets," he said. "Back then, the idea was developed by the longest serving FBI chief in U.S. history, today it was suggested by the longest serving NSA chief in U.S. history." That controversy, Bamford said, also involved the NSA. "And back then, the NSA was also used to do the eavesdropping on King and others through its Operation Minaret. A later review declared the NSA’s program 'disreputable if not outright illegal,'" he said. Baker said that until there is evidence the tactic is being abused, the NSA should be trusted to use its discretion. "The abuses that involved Martin Luther King occurred before Edward Snowden was born," he said. "I think we can describe them as historical rather than current scandals. Before I say, 'Yeah, we've gotta worry about that,' I'd like to see evidence of that happening, or is even contemplated today, and I don't see it."
  • Jaffer, however, warned that the lessons of history ought to compel serious concern that a "president will ask the NSA to use the fruits of surveillance to discredit a political opponent, journalist or human rights activist." "The NSA has used its power that way in the past and it would be naïve to think it couldn't use its power that way in the future," he said.
  •  
    By Glenn Greenwald, Ryan Gallagher, and Ryan Grim, 26 November 2013. I will annotate later. But this is by far the most important NSA disclosure from Edward Snowden's leaked documents thus far. A report originated by Gen. Alexander himself revealing COINTELPRO like activities aimed at destroying the reputations of non-terrorist "radicalizers," including one "U.S. person." This is exactly the kind of repressive activity that the civil libertarians among us warn about. 
  •  
    By Glenn Greenwald, Ryan Gallagher, and Ryan Grim, 26 November 2013. I will annotate later. But this is by far the most important NSA disclosure from Edward Snowden's leaked documents thus far. A report originated by Gen. Alexander himself revealing COINTELPRO like activities aimed at destroying the reputations of non-terrorist "radicalizers," including one "U.S. person." This is exactly the kind of repressive activity that the civil libertarians among us warn about. 
Paul Merrell

Lawmaker Says There More To NSA Spying - Business Insider - 0 views

  • A House Democrat said information revealed about the National Security Agency's secret surveillance programs are "the tip of the iceberg," Daniel Strauss of The Hill reports. "I think it's just broader than most people even realize, and I think that's, in one way, what astounded most of us, too," Rep. Loretta Sanchez (D-Calif.) told C-SPAN's "Washington Journal" after a classified briefing with national security officials. Rep. Joe Barton (R-Texas), who also attended the meeting, said that the NSA "violated the spirit of the law when it started collecting data from everyone in the country just because technology now makes that possible.” Barton added that "in America ... You don’t target everyone and violate their 4th Amendment rights just because of a handful of threats. But that is exactly what is happening at the NSA ... it is wrong and it needs to stop now.” More from Sanchez: "I don't know if there are other leaks, if there's more information somewhere, if somebody else is going to step up, but I will tell you that I believe it's the tip of the iceberg."
  • A House Democrat said information revealed about the National Security Agency's secret surveillance programs are "the tip of the iceberg," Daniel Strauss of The Hill reports. "I think it's just broader than most people even realize, and I think that's, in one way, what astounded most of us, too," Rep. Loretta Sanchez (D-Calif.) told C-SPAN's "Washington Journal" after a classified briefing with national security officials. Rep. Joe Barton (R-Texas), who also attended the meeting, said that the NSA "violated the spirit of the law when it started collecting data from everyone in the country just because technology now makes that possible.” Barton added that "in America ... You don’t target everyone and violate their 4th Amendment rights just because of a handful of threats. But that is exactly what is happening at the NSA ... it is wrong and it needs to stop now.”
  • Glenn Greenwald of the Guardian, who has served as a conduit for Snowden's leaks, recently said that there will me many more "significant revelations that have not yet been heard." Greenwald told The New York Times that he received “thousands” of classified documents — “dozens” of which are newsworthy — from the the 29-year-old ex-Booz Allen employee who was contracted by the NSA. Sanchez said that what lawmakers learned "is significantly more than what is out in the media today," which is interesting when considering previous reports by journalists and whistleblowers.
  • ...2 more annotations...
  • Here's a rundown of the reports and the allegations: In 2006 NSA insiders told Leslie Cauley of USA Today that the NSA has been collecting almost all U.S. phone records since shortly after 9/11. In 2010 Dana Priest and William Arkin of The Washington Post reported that "collection systems at the [NSA] intercept and store 1.7 billion emails, phone calls, and other types of communications" every day. According to a 2007 lawsuit, Verizon built a fiber optic cable to give the "access to all communications flowing through the carrier’s operations center." In April 2012 Wired's James Bamford reported how the U.S. government hired two secretive Israeli companies to wiretap AT&T. AT&T engineer Mark Klein discovered the "secret room" at AT&T central office in San Francisco, through which the NSA actively "vacuumed up Internet and phone-call data from ordinary Americans with the cooperation of AT&T" through the wiretapping rooms, emphasizing that "much of the data sent through AT&T to the NSA was purely domestic." Former NSA executive and whistleblower Thomas Drake testified that the NSA is using Israeli-made hardware to "seize and save all personal electronic communications."
  • A classified program called Prism, leaked by Snowden, appears to acquire information from the servers of nine of the biggest internet companies. The Washington Post reported that the government's orders "serve as one-time blanket approvals for data acquisition and surveillance on selected foreign targets for periods of as long as a year." NSA Whistleblower William Binney that the NSA began using the program he built (i.e. ThinThread) to use communications data for creating, in real time, profiles of nearly all Americans so that the government is "able to monitor what people are doing" and who they are doing it with. In July the Foreign Intelligence Surveillance Court (FISC), established to "hear applications for and grant orders approving electronic surveillance," found that the NSA violated the Fourth Amendment's restriction against unreasonable searches and seizures "on at least one occasion." BONUS: In March CIA Chief Technology Officer Ira "Gus" Hunt said: "It is really very nearly within our grasp to be able to compute on all human generated information." If there is "significantly more" to the NSA's domestic snooping, then we're all ears and eyes.
Paul Merrell

NSA shares raw intelligence including Americans' data with Israel | World news | The Gu... - 0 views

  • The National Security Agency routinely shares raw intelligence data with Israel without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals.Details of the intelligence-sharing agreement are laid out in a memorandum of understanding between the NSA and its Israeli counterpart that shows the US government handed over intercepted communications likely to contain phone calls and emails of American citizens. The agreement places no legally binding limits on the use of the data by the Israelis.The disclosure that the NSA agreed to provide raw intelligence data to a foreign country contrasts with assurances from the Obama administration that there are rigorous safeguards to protect the privacy of US citizens caught in the dragnet. The intelligence community calls this process "minimization", but the memorandum makes clear that the information shared with the Israelis would be in its pre-minimized state.
  • The deal was reached in principle in March 2009, according to the undated memorandum, which lays out the ground rules for the intelligence sharing.The five-page memorandum, termed an agreement between the US and Israeli intelligence agencies "pertaining to the protection of US persons", repeatedly stresses the constitutional rights of Americans to privacy and the need for Israeli intelligence staff to respect these rights.But this is undermined by the disclosure that Israel is allowed to receive "raw Sigint" – signal intelligence. The memorandum says: "Raw Sigint includes, but is not limited to, unevaluated and unminimized transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadata and content."According to the agreement, the intelligence being shared would not be filtered in advance by NSA analysts to remove US communications. "NSA routinely sends ISNU [the Israeli Sigint National Unit] minimized and unminimized raw collection", it says.
  • In a statement to the Guardian, an NSA spokesperson did not deny that personal data about Americans was included in raw intelligence data shared with the Israelis. But the agency insisted that the shared intelligence complied with all rules governing privacy."Any US person information that is acquired as a result of NSA's surveillance activities is handled under procedures that are designed to protect privacy rights," the spokesperson said.The NSA declined to answer specific questions about the agreement, including whether permission had been sought from the Foreign Intelligence Surveillance (Fisa) court for handing over such material.
  • ...3 more annotations...
  • While NSA documents tout the mutually beneficial relationship of Sigint sharing, another report, marked top secret and dated September 2007, states that the relationship, while central to US strategy, has become overwhelmingly one-sided in favor of Israel."Balancing the Sigint exchange equally between US and Israeli needs has been a constant challenge," states the report, titled 'History of the US – Israel Sigint Relationship, Post-1992'. "In the last decade, it arguably tilted heavily in favor of Israeli security concerns. 9/11 came, and went, with NSA's only true Third Party [counter-terrorism] relationship being driven almost totally by the needs of the partner."
  • In another top-secret document seen by the Guardian, dated 2008, a senior NSA official points out that Israel aggressively spies on the US. "On the one hand, the Israelis are extraordinarily good Sigint partners for us, but on the other, they target us to learn our positions on Middle East problems," the official says. "A NIE [National Intelligence Estimate] ranked them as the third most aggressive intelligence service against the US."Later in the document, the official is quoted as saying: "One of NSA's biggest threats is actually from friendly intelligence services, like Israel. There are parameters on what NSA shares with them, but the exchange is so robust, we sometimes share more than we intended."
  • The Guardian asked the Obama administration how many times US data had been found in the raw intelligence, either by the Israelis or when the NSA reviewed a sample of the files, but officials declined to provide this information. Nor would they disclose how many other countries the NSA shared raw data with, or whether the Fisa court, which is meant to oversee NSA surveillance programs and the procedures to handle US information, had signed off the agreement with Israel.In its statement, the NSA said: "We are not going to comment on any specific information sharing arrangements, or the authority under which any such information is collected. The fact that intelligence services work together under specific and regulated conditions mutually strengthens the security of both nations."NSA cannot, however, use these relationships to circumvent US legal restrictions. Whenever we share intelligence information, we comply with all applicable rules, including the rules to protect US person information."
Paul Merrell

Operation AURORAGOLD: How the NSA Hacks Cellphone Networks Worldwide - 0 views

  • In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages. For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks. The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.
  • According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance. The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.
  • Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.
  • ...11 more annotations...
  • “Collecting an inventory [like this] on world networks has big ramifications,” Nohl said, because it allows the NSA to track and circumvent upgrades in encryption technology used by cellphone companies to shield calls and texts from eavesdropping. Evidence that the agency has deliberately plotted to weaken the security of communication infrastructure, he added, was particularly alarming. “Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Nohl said, “because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”
  • The AURORAGOLD operation is carried out by specialist NSA surveillance units whose existence has not been publicly disclosed: the Wireless Portfolio Management Office, which defines and carries out the NSA’s strategy for exploiting wireless communications, and the Target Technology Trends Center, which monitors the development of new communication technology to ensure that the NSA isn’t blindsided by innovations that could evade its surveillance reach. The center’s logo is a picture of the Earth overshadowed by a large telescope; its motto is “Predict – Plan – Prevent.”
  • The NSA documents reveal that, as of May 2012, the agency had collected technical information on about 70 percent of cellphone networks worldwide—701 of an estimated 985—and was maintaining a list of 1,201 email “selectors” used to intercept internal company details from employees. (“Selector” is an agency term for a unique identifier like an email address or phone number.) From November 2011 to April 2012, between 363 and 1,354 selectors were “tasked” by the NSA for surveillance each month as part of AURORAGOLD, according to the documents. The secret operation appears to have been active since at least 2010.
  • By covertly monitoring GSMA working groups in a bid to identify and exploit security vulnerabilities, the NSA has placed itself into direct conflict with the mission of the National Institute for Standards and Technology, or NIST, the U.S. government agency responsible for recommending cybersecurity standards in the United States. NIST recently handed out a grant of more than $800,000 to GSMA so that the organization could research ways to address “security and privacy challenges” faced by users of mobile devices. The revelation that the trade group has been targeted for surveillance may reignite deep-seated tensions between NIST and NSA that came to the fore following earlier Snowden disclosures. Last year, NIST was forced to urge people not to use an encryption standard it had previously approved after it emerged NSA had apparently covertly worked to deliberately weaken it.
  • The NSA focuses on intercepting obscure but important technical documents circulated among the GSMA’s members known as “IR.21s.” Most cellphone network operators share IR.21 documents among each other as part of agreements that allow their customers to connect to foreign networks when they are “roaming” overseas on a vacation or a business trip. An IR.21, according to the NSA documents, contains information “necessary for targeting and exploitation.” The details in the IR.21s serve as a “warning mechanism” that flag new technology used by network operators, the NSA’s documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities “where they do not yet exist.” The IR.21s also contain details about the encryption used by cellphone companies to protect the privacy of their customers’ communications as they are transmitted across networks. These details are highly sought after by the NSA, as they can aid its efforts to crack the encryption and eavesdrop on conversations.
  • One of the prime targets monitored under the AURORAGOLD program is the London-headquartered trade group, the GSM Association, or the GSMA, which represents the interests of more than 800 major cellphone, software, and internet companies from 220 countries. The GSMA’s members include U.S.-based companies such as Verizon, AT&T, Sprint, Microsoft, Facebook, Intel, Cisco, and Oracle, as well as large international firms including Sony, Nokia, Samsung, Ericsson, and Vodafone. The trade organization brings together its members for regular meetings at which new technologies and policies are discussed among various “working groups.” The Snowden files reveal that the NSA specifically targeted the GSMA’s working groups for surveillance.
  • Last year, the Washington Post reported that the NSA had already managed to break the most commonly used cellphone encryption algorithm in the world, known as A5/1. But the information collected under AURORAGOLD allows the agency to focus on circumventing newer and stronger versions of A5 cellphone encryption, such as A5/3. The documents note that the agency intercepts information from cellphone operators about “the type of A5 cipher algorithm version” they use, and monitors the development of new algorithms in order to find ways to bypass the encryption. In 2009, the British surveillance agency Government Communications Headquarters conducted a similar effort to subvert phone encryption under a project called OPULENT PUP, using powerful computers to perform a “crypt attack” to penetrate the A5/3 algorithm, secret memos reveal. By 2011, GCHQ was collaborating with the NSA on another operation, called WOLFRAMITE, to attack A5/3 encryption. (GCHQ declined to comment for this story, other than to say that it operates within legal parameters.)
  • The extensive attempts to attack cellphone encryption have been replicated across the Five Eyes surveillance alliance. Australia’s top spy agency, for instance, infiltrated an Indonesian cellphone company and stole nearly 1.8 million encryption keys used to protect communications, the New York Times reported in February.
  • The NSA’s documents show that it focuses on collecting details about virtually all technical standards used by cellphone operators, and the agency’s efforts to stay ahead of the technology curve occasionally yield significant results. In early 2010, for instance, its operatives had already found ways to penetrate a variant of the newest “fourth generation” smartphone-era technology for surveillance, years before it became widely adopted by millions of people in dozens of countries. The NSA says that its efforts are targeted at terrorists, weapons proliferators, and other foreign targets, not “ordinary people.” But the methods used by the agency and its partners to gain access to cellphone communications risk significant blowback. According to Mikko Hypponen, a security expert at Finland-based F-Secure, criminal hackers and foreign government adversaries could be among the inadvertent beneficiaries of any security vulnerabilities or encryption weaknesses inserted by the NSA into communication systems using data collected by the AURORAGOLD project.
  • Vines, the NSA spokeswoman, told The Intercept that the agency was committed to ensuring an “open, interoperable, and secure global internet.” “NSA deeply values these principles and takes great care to honor them in the performance of its lawful foreign-intelligence mission,” Vines said.
  • Documents published with this article: AURORAGOLD – Project Overview AURORAGOLD Working Group IR.21 – A Technology Warning Mechanism AURORAGOLD – Target Technology Trends Center support to WPMO NSA First-Ever Collect of High-Interest 4G Cellular Signal AURORAGOLD Working Aid WOLFRAMITE Encryption Attack OPULENT PUP Encryption Attack NSA/GCHQ/CSEC Network Tradecraft Advancement Team
  •  
    Notice that they've cracked even 4G.
Paul Merrell

Fisa court oversight: a look inside a secret and empty process | Glenn Greenwald | Comm... - 0 views

  • Since we began began publishing stories about the NSA's massive domestic spying apparatus, various NSA defenders – beginning with President Obama - have sought to assure the public that this is all done under robust judicial oversight. "When it comes to telephone calls, nobody is listening to your telephone calls," he proclaimed on June 7 when responding to our story about the bulk collection of telephone records, adding that the program is "fully overseen" by "the Fisa court, a court specially put together to evaluate classified programs to make sure that the executive branch, or government generally, is not abusing them". Obama told Charlie Rose last night:"What I can say unequivocally is that if you are a US person, the NSA cannot listen to your telephone calls … by law and by rule, and unless they … go to a court, and obtain a warrant, and seek probable cause, the same way it's always been, the same way when we were growing up and we were watching movies, you want to go set up a wiretap, you got to go to a judge, show probable cause."The GOP chairman of the House Intelligence Committee, Mike Rogers, told CNN that the NSA "is not listening to Americans' phone calls. If it did, it is illegal. It is breaking the law." Talking points issued by the House GOP in defense of the NSA claimed that surveillance law only "allows the Government to acquire foreign intelligence information concerning non-U.S.-persons (foreign, non-Americans) located outside the United States."
  • The decisions about who has their emails and telephone calls intercepted by the NSA is made by the NSA itself, not by the Fisa court, except where the NSA itself concludes the person is a US citizen and/or the communication is exclusively domestic. But even in such cases, the NSA often ends up intercepting those communications of Americans without individualized warrants, and all of this is left to the discretion of the NSA analysts with no real judicial oversight.
  • The NSA's media defenders have similarly stressed that the NSA's eavesdropping and internet snooping requires warrants when it involves Americans. The Washington Post's Charles Lane told his readers: "the government needs a court-issued warrant, based on probable cause, to listen in on phone calls." The Post's David Ignatius told Post readers that NSA internet surveillance "is overseen by judges who sit on the Foreign Intelligence Surveillance Court" and is "lawful and controlled". Tom Friedman told New York Times readers that before NSA analysts can invade the content of calls and emails, they "have to go to a judge to get a warrant to actually look at the content under guidelines set by Congress."This has become the most common theme for those defending NSA surveillance. But these claim are highly misleading, and in some cases outright false.
  • ...1 more annotation...
  • What is vital to recognize is that the NSA is collecting and storing staggering sums of communications every day. Back in 2010, the Washington Post reported that "every day, collection systems at the National Security Agency intercept and store 1.7 billion e-mails, phone calls and other types of communications." Documents published by the Guardian last week detail that, in March 2013, the NSA collected three billions of pieces of intelligence just from US communications networks alone.In sum, the NSA is vacuuming up enormous amounts of communications involving ordinary Americans and people around the world who are guilty of nothing. There are some legal constraints governing their power to examine the content of those communications, but there are no technical limits on the ability either of the agency or its analysts to do so. The fact that there is so little external oversight is what makes this sweeping, suspicion-less surveillance system so dangerous. It's also what makes the assurances from government officials and their media allies so dubious.
  •  
    Glenn Greenwald strikes again with hard proof from NSA documents, dissecting procedures used throughout the intelligence establishment from the NSA to the President to Congress, casting severe doubt on what we have been told by those defending the NSA surveillance program. I have highlighted only a few points from this lengthy article. As to Greenwald's discussion of the FISA Court's weaknesses, he omitted one that I believe is incredibly, the lack of an adversarial system with a lawyer opposing what the government asks the Court to authorize. True, search warrants are normally issued in the U.S. with only the government represented in the process. But there is a crucial difference: once someone is charged with a crime, the warrant must be disclosed to the defendant who can ask the court to suppress all evidence unlawfully obtained not only through the warrant but also the fruits of any unlawfully obtained evidence, meaning subsequently discovered evidence that would not have been found absent the unlawfully obtained evidence. The same result can happen if the warrant is found to be invalid for any of a variety of reasons, or the officers exceeded the scope of the search authorized.  So in the normal search warrant process, the participation of an adversary attorney is only delayed; it is not virtually eliminated as it is in the FISA Court. Thus far, only those ordered to disclose records to the NSA have been granted standing to oppose disclosure, not those who have been surveilled. The entire U.S. judicial system is built around the principle of an adversarial process. Judges are expected to be neutral arbiters between two or more sides to a dispute. We do not have an inquisitorial system, as is used for example in some European nations, where the judge is also the investigator. The FISA court is presently composed of 11 federal district court judges who also preside over normal cases in their individual districts. Steeped in the adversarial system and th
Paul Merrell

Disclosing Classified Info to the Press - With Permission | - 0 views

  • Intelligence officials disclosed classified information to members of the press on at least three occasions in 2013, according to a National Security Agency report to Congress that was released last week under the Freedom of Information Act. See Congressional Notification — Authorized Disclosures of Classified Information to Media Personnel, NSA memorandum to the staff director, House Permanent Select Committee on Intelligence, December 13, 2013. The specific information that NSA gave to the unnamed reporters was not declassified. But the disclosures were not “leaks,” or unauthorized disclosures. They were, instead, authorized disclosures. For their part, the reporters agreed not to disseminate the information further. “Noteworthy among the classified topics disclosed were NSA’s use of metadata to locate terrorists, the techniques we use and the processes we follow to assist in locating hostages, [several words deleted] overseas support to the warfighter and U.S. allies in war zones, and NSA support to overall USG efforts to mitigate cyber threats. The [deleted] personnel executed non-disclosure agreements that covered all classified discussions.” In one case, “classified information was disclosed in order to correct inaccurate understandings held by the reporter about the nature and circumstances of [deleted].” On another occasion, “classified information was disclosed in an effort to limit or avoid reporting that could lead to the loss of the capability [deleted].”
  • In all three cases, “the decision to disclose classified information was made in consultation with the Director of National Intelligence pursuant to Executive Order 13526, and in each case the information disclosed remains properly classified.” This seems like a generous interpretation of the Executive Order, which does not mention disclosures to the press at all. It does say, in section 4.2(b) that “In an emergency, when necessary to respond to an imminent threat to life or in defense of the homeland, the agency head or any designee may authorize the disclosure of classified information […] to an individual or individuals who are otherwise not eligible for access.” In an emergency, then, but not just “to correct inaccurate understandings.” Still, the report accurately reflects the true instrumental nature of the classification system. That is, the protection of classified information under all circumstances is not a paramount goal. National security secrecy is a tool to be used if it advances the national interest (and is consistent with law and policy) and to be set aside when it does not. So hypocrisy in the handling of classified information is not an issue here. The concern, rather, is that the power of selective disclosure of classified material can be easily abused to manage and to manipulate public perceptions. The congressional requirement to report on authorized disclosures of classified information to the press may help to mitigate that danger.
  •  
    This would set up an interesting Freedom of Information Act case aimed at resolving the issue whether the "authorized" disclosures established a waiver of the FOIA exemption for national security information. A waiver, viewed most simplistically, is any conduct that is inconsistent with later assertion of a right. Deliberate disclosure to anyone who lacks a national security clearance would seem to be inconsistent with later assertion of the exemption. That the purpose of the disclosures was to adjust the attitudes of press members seems a very poor justification in that it establishes particular reporters as a class of persons entitled to more disclosure than other members of the public. Yet the Supreme Court has held time and again that journalists have no more right to access government information than any other member of the public. So there is a strong argument that everyone should be entitled to the same disclosures.
Paul Merrell

Forget Metadata ... The NSA Is Spying On EVERYTHING Washington's Blog - 0 views

  • The NSA’s spying on everyone’s metadata can tell them just about everything about us … and it violates our Constitutional right to freedom of association. But people are getting distracted from the big picture by focusing on metadata. As security expert Bruce Schneier wrote yesterday: What frustrates me about all of this — [the Privacy and Civil Liberties Oversight Board] report, the president’s speech, and so many other things — is that they focus on the bulk collection of cell phone call records. There’s so much more bulk collection going on — phone calls, e-mails, address books, buddy lists, text messages, cell phone location data, financial documents, calendars, [smartphone apps] etc. — and we really need legislation and court opinions on it all. But because cell phone call records were the first disclosure, they’re what gets the attention. Indeed, Schneier confirmed last October what we’ve been saying for years … don’t get too distracted by the details, because the government is spying on everything:
  • Honestly, I think the details matter less and less. We have to assume that the NSA has EVERYONE who uses electronic communications under CONSTANT surveillance. New details about hows and whys will continue to emerge …but the big picture will remain the same. He’s right. As just one example, there is substantial evidence from top NSA and FBI whistleblowers that the government is recording the content of our calls and emails … word-for-word. So what should we make of the government’s denials that it records content? Given that the government has been caught lying about spying again and again, I’m not sure how much weight we should give to such denials. NSA whistleblower Russ Tice notes: They’re collecting content … word-for-word. *** You can’t trust these people. They lie, and they lie a lot.
  •  
    Personally, I don't think the focus is on metadata because it was the first target exposed. I see it more as a propaganda weapon to divert attention from the other NSA targets.  In any event, this page offers a very comprehensive list of the types of data the NSA is collecting, with links to further information on each type.
Paul Merrell

NSA can eavesdrop on Americans' phone calls, documents show | Politics and Law - CNET News - 0 views

  • The National Security Agency has been secretly granted legal authority to operate a massive domestic eavesdropping system that vacuums up Americans' phone calls and Internet communications, newly leaked documents show. A pair of classified government documents (No. 1 and No. 2) signed by Attorney General Eric Holder and posted by the Guardian on Thursday show that NSA analysts are able to listen to Americans' intercepted phone calls without asking a judge for a warrant first. That appears to be at odds with what President Obama said earlier this week in defense of the NSA's surveillance efforts. "I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls and the NSA cannot target your e-mails," Obama said. The new documents indicate, however, that NSA, CIA, and FBI analysts are granted broad access to data vacuumed up by the world's most powerful intelligence agency -- but are supposed to follow certain "targeting" and "minimization" procedures to limit the number of Americans who become individual targets of warrantless surveillance.
  • Analysts are expected to exercise "reasonable judgment" in determining which data to use, according to the documents, and "inadvertently acquired communications of or concerning a United States person may be retained no longer than five years." The documents also refer to "content repositories" that contain records of devices' "previous Internet activity," and say the NSA keeps records of Americans' "electronic communications accounts/addresses/identifiers" in an apparent effort to avoid targeting them in future eavesdropping efforts. The Holder procedures were blessed in advance by the secret Foreign Intelligence Surveillance Court, the Guardian reported, meaning that the judges would have issued a general order that authorizes the NSA to engage in warrantless surveillance as long as it's primarily aimed at foreign targets, subject to some limited judicial oversight. Today's disclosure jibes with what Edward Snowden, the former NSA contractor who leaked top-secret documents, alleged in an online chat earlier this week. Snowden said, referring to the contents of e-mail and phone calls, that "Americans' communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant."
  • On Sunday, Director of National Intelligence James Clapper released a carefully-worded statement in response to a CNET article and other reports questioning when intelligence analysts can listen to domestic phone calls. Clapper said: "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress." Clapper's statement was viewed as a denial, but it wasn't. Today's disclosures reveal why: Because the Justice Department granted intelligence analysts "proper legal authorization" in advance through the Holder regulations. "The DNI has a history of playing games with wording, using terms with carefully obscured meanings to leave an impression different from the truth," Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation who has litigated domestic surveillance cases, told CNET earlier this week.
  • ...3 more annotations...
  • Jameel Jaffer, the American Civil Liberties Union's deputy legal director, said in a statement today that: After Congress enacted the FISA Amendments Act in 2008, we worried that the NSA would use the new authority to conduct warrantless surveillance of Americans' telephone calls and emails. These documents confirm many of our worst fears. The "targeting" procedures indicate that the NSA is engaged in broad surveillance of Americans' international communications. The "minimization" procedures that supposedly protect Americans' constitutional rights turn out to be far weaker than we imagined they could be. For example, the NSA claims the authority to collect and disseminate attorney-client communications -- and even, in some circumstances, to turn them over to Justice Department prosecutors. The government also claims the authority to retain Americans' purely domestic communications in certain situations.
  • The documents suggest there are some significant loopholes in domestic surveillance: if an NSA analyst reviews an intercepted communication and finds "evidence of a crime that has been, is being, or is about to be committed," it can be forwarded to the FBI or other federal law enforcement agencies. Another loophole is "a serious harm to life or property" -- which could sweep in intellectual property -- and "enciphered" data. Communications that contain "enciphered" data, which would likely include PGP but also could mean encrypted Web connections using SSL, may be kept indefinitely. Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications.
  • Section 702 of the FAA says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court, as long as minimization requirements and general procedures blessed by the court are followed.
Paul Merrell

Snowden document shows Canada set up spy posts for NSA - Politics - CBC News - 0 views

  • A top secret document retrieved by American whistleblower Edward Snowden reveals Canada has set up covert spying posts around the world and conducted espionage against trading partners at the request of the U.S. National Security Agency. The leaked NSA document being reported exclusively by CBC News reveals Canada is involved with the huge American intelligence agency in clandestine surveillance activities in “approximately 20 high-priority countries."
  • Sections of the document with the highest classification make it clear in some instances why American spymasters are particularly keen about enlisting their Canadian counterparts, the Communications Security Establishment Canada. "CSEC shares with the NSA their unique geographic access to areas unavailable to the U.S," the document says. The briefing paper describes a "close co-operative relationship" between the NSA and its Canadian counterpart, the Communications Security Establishment Canada, or CSEC — a relationship "both sides would like to see expanded and strengthened. "The intelligence exchange with CSEC covers worldwide national and transnational targets."
  • The briefing notes make it clear that Canada plays a very robust role in intelligence-gathering around the world in a way that has won respect from its American equivalents.
  • ...5 more annotations...
  • The intimate Canada-U.S. electronic intelligence relationship dates back more than 60 years. Most recently, another Snowden document reported by CBC News showed the two agencies co-operated to allow the NSA to spy on the G20 summit of international leaders in Toronto in 2010. But what the latest secret document reveals for the first time is just how expansive Canada's international espionage activities have become.
  • The NSA document depicts CSEC as a sophisticated, capable and highly respected intelligence partner involved in all manner of joint spying missions, including setting up listening posts at the request of the Americans. "CSEC offers resources for advanced collection, processing and analysis, and has opened covert sites at the request of NSA," the document states.
  • Aside from compromising the actual intelligence operation, Wark says, an exposed spy mission can imperil Canada's other diplomatic operations — "the political contacts, the trade contacts, the generation of goodwill between the countries and any sense of co-operation." Wark says if a country feels targeted by a Canadian embassy, it can put everyone working there under a cloud of suspicion: “Are they really diplomats or are they spies?” As a result of those risks, Wark says, approval for CSEC to establish a covert spying post at the request of the NSA would have to come from the ministerial level of the Canadian government — or even from the prime minister himself.
  • Canada and the U.S. have long shared security intelligence with sister agencies in the U.K., Australia and New Zealand – the so-called "Five Eyes" partnership. But the latest secret Snowden missive shows CSEC and the NSA becoming physically intertwined. "Co-operative efforts include the exchange of liaison officers and integrees," the document reveals, a reference to CSEC operatives working inside the NSA, and vice-versa. It notes the NSA also supplies much of the computer hardware and software CSEC uses for encryption, decoding and other state-of-the-art essentials of electronic spying needed for "collection, processing and analytic efforts."
  • CSEC employs about 2,000 people, has an annual budget of roughly $450 million and will soon move into an architecturally spectacular new Ottawa headquarters costing Canadian taxpayers almost $1.2 billion. By comparison, the NSA employs an estimated 40,000 people plus thousands of private contractors, and spends over $40 billion a year NSA whistleblower Drake says the problem is that both CSEC and the NSA lack proper oversight, and without it, they have morphed into runaway surveillance. "There is a clear and compelling danger to democracy in Canada by virtue of how far these secret surveillance operations have gone."
  •  
    "'Co-operative efforts include the exchange of liaison officers and integrees,'the document reveals, a reference to CSEC operatives working inside the NSA, and vice-versa." And that fact raises potential U.S. Privacy Act issues. Under the Privacy Act, all U.S. agencies are prohibited from sharing information containing personal identifiers of U.S. citizens with any foreign government and requires that agencies make full disclosure to all persons  whose rights are thus violated. The Act also creates a cause of action for redress by the federal courts, with a minimum $1,500 damages plus attorney's fees and litigation expenses. Note that the other NSA documents show that NSA is sharing U.S. citizens' information that includes personal identifiers with Israeli intelligence. The NSA has been by another statute excused from compliance with some portions of the Privacy Act but not those discussed above.
Paul Merrell

U.S. spy chiefs face Congress amid spying rift with Europe | Reuters - 0 views

  • When top U.S. intelligence officials testified at a congressional hearing weeks ago, the public uproar was over the National Security Agency collecting the phone and email records of Americans. But when the NSA director and other spy chiefs appear at a House Intelligence Committee hearing on Tuesday it will be against a backdrop of angry European allies accusing the United States of spying on their leaders and citizens.
  • The most prominent target appears to have been German Chancellor Angela Merkel, whose mobile phone was allegedly tapped by the NSA.More than any previous disclosures from material given to journalists by former NSA contractor Edward Snowden, the reports of spying on close U.S. allies have forced the White House to promise reforms and even acknowledge that America's electronic surveillance may have gone too far."We recognize there needs to be additional constraints on how we gather and use intelligence," White House spokesman Jay Carney said on Monday.U.S. Senator Dianne Feinstein, who chairs the Senate's intelligence committee, joined the ranks of critics on Monday, expressing outrage at U.S. intelligence collection on allies, and pique that her committee was not informed."With respect to NSA collection of intelligence on leaders of U.S. allies - including France, Spain, Mexico and Germany -let me state unequivocally: I am totally opposed," said Feinstein, who appeared to confirm U.S. spying on Merkel's communications since 2002.
  • NSA Director General Keith Alexander, NSA Deputy Director Chris Inglis, Director of National Intelligence James Clapper and Deputy Attorney General James Cole will testify at an open hearing of the House Intelligence Committee at 1:30 p.m. (1730 GMT) on Tuesday.Their testimony will cover NSA programs and potential changes to the Foreign Intelligence Surveillance Act, which regulates electronic eavesdropping.
  •  
    Two major developments, likely not isolated from each other: [i] Sen. Feinstein says the Senate oversight committee was not informed of spying on world leaders and moves into the NSA reform camp; [ii] the WhiteHouse falls back to a position calling for additional restraints on NSA. These two events are likely akin to that of rats escaping a sinking ship. Meanwhile, both the head of the NSA and his top deputy are to resign in the next few months, supposedly voluntarily. http://www.upi.com/Top_News/US/2013/10/17/NSA-chief-Gen-Keith-Alexander-to-retire/UPI-91531381982460/ (The "voluntarily" part ignores that high officials who embarrass their superiors are often given their choice between resigning or being fired.) The retirement announcement (notably unattributed) followed only a week after a report in Foreign Affairs that the NSA leaders felt that they had been left hung out to dry by the Obama Administration. http://www.foreignpolicy.com/articles/2013/10/10/nsa_veterans_the_white_house_is_hanging_us_out_to_dry  So there is reason to suspect that the resignations were the direct result of their criticism of Obama, sourced only two four unidentified high NSA officials. The bottom line: we have finally passed the tipping point: NSA spying will be curbed. The only remaining issues: in what manner and to what extent?      
Paul Merrell

Boundless Informant: the NSA's secret tool to track global surveillance data | World ne... - 0 views

  • The National Security Agency has developed a powerful tool for recording and analysing where its intelligence comes from, raising questions about its repeated assurances to Congress that it cannot keep track of all the surveillance it performs on American communications. The Guardian has acquired top-secret documents about the NSA datamining tool, called Boundless Informant, that details and even maps by country the voluminous amount of information it collects from computer and telephone networks.
  • The focus of the internal NSA tool is on counting and categorizing the records of communications, known as metadata, rather than the content of an email or instant message. The Boundless Informant documents show the agency collecting almost 3 billion pieces of intelligence from US computer networks over a 30-day period ending in March 2013. One document says it is designed to give NSA officials answers to questions like, "What type of coverage do we have on country X" in "near real-time by asking the SIGINT [signals intelligence] infrastructure."An NSA factsheet about the program, acquired by the Guardian, says: "The tool allows users to select a country on a map and view the metadata volume and select details about the collections against that country."
  • A snapshot of the Boundless Informant data, contained in a top secret NSA "global heat map" seen by the Guardian, shows that in March 2013 the agency collected 97bn pieces of intelligence from computer networks worldwide.
  • ...4 more annotations...
  • The heatmap gives each nation a color code based on how extensively it is subjected to NSA surveillance. The color scheme ranges from green (least subjected to surveillance) through yellow and orange to red (most surveillance).The disclosure of the internal Boundless Informant system comes amid a struggle between the NSA and its overseers in the Senate over whether it can track the intelligence it collects on American communications. The NSA's position is that it is not technologically feasible to do so.
  • At a hearing of the Senate intelligence committee In March this year, Democratic senator Ron Wyden asked James Clapper, the director of national intelligence: "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" "No sir," replied Clapper.
  • Other documents seen by the Guardian further demonstrate that the NSA does in fact break down its surveillance intercepts which could allow the agency to determine how many of them are from the US. The level of detail includes individual IP addresses.
  • Senators have expressed their frustration at the NSA's refusal to supply statistics. In a letter to NSA director General Keith Alexander in October last year, senator Wyden and his Democratic colleague on the Senate intelligence committee, Mark Udall, noted that "the intelligence community has stated repeatedly that it is not possible to provide even a rough estimate of how many American communications have been collected under the Fisa Amendments Act, and has even declined to estimate the scale of this collection."At a congressional hearing in March last year, Alexander denied point-blank that the agency had the figures on how many Americans had their electronic communications collected or reviewed. Asked if he had the capability to get them, Alexander said: "No. No. We do not have the technical insights in the United States." He added that "nor do we do have the equipment in the United States to actually collect that kind of information".
  •  
    Have NSA and other Administration officials perjured themselves in testimony to Congress? It look that way. Next question: will they be prosecuted?  See also related article at and the leaked FAQ on BoundlessInformant itself at . 
Paul Merrell

The Latest Rules on How Long NSA Can Keep Americans' Encrypted Data Look Too Familiar |... - 0 views

  • Does the National Security Agency (NSA) have the authority to collect and keep all encrypted Internet traffic for as long as is necessary to decrypt that traffic? That was a question first raised in June 2013, after the minimization procedures governing telephone and Internet records collected under Section 702 of the Foreign Intelligence Surveillance Act were disclosed by Edward Snowden. The issue quickly receded into the background, however, as the world struggled to keep up with the deluge of surveillance disclosures. The Intelligence Authorization Act of 2015, which passed Congress this last December, should bring the question back to the fore. It established retention guidelines for communications collected under Executive Order 12333 and included an exception that allows NSA to keep ‘incidentally’ collected encrypted communications for an indefinite period of time. This creates a massive loophole in the guidelines. NSA’s retention of encrypted communications deserves further consideration today, now that these retention guidelines have been written into law. It has become increasingly clear over the last year that surveillance reform will be driven by technological change—specifically by the growing use of encryption technologies. Therefore, any legislation touching on encryption should receive close scrutiny.
  • Section 309 of the intel authorization bill describes “procedures for the retention of incidentally acquired communications.” It establishes retention guidelines for surveillance programs that are “reasonably anticipated to result in the acquisition of [telephone or electronic communications] to or from a United States person.” Communications to or from a United States person are ‘incidentally’ collected because the U.S. person is not the actual target of the collection. Section 309 states that these incidentally collected communications must be deleted after five years unless they meet a number of exceptions. One of these exceptions is that “the communication is enciphered or reasonably believed to have a secret meaning.” This exception appears to be directly lifted from NSA’s minimization procedures for data collected under Section 702 of FISA, which were declassified in 2013. 
  • While Section 309 specifically applies to collection taking place under E.O. 12333, not FISA, several of the exceptions described in Section 309 closely match exceptions in the FISA minimization procedures. That includes the exception for “enciphered” communications. Those minimization procedures almost certainly served as a model for these retention guidelines and will likely shape how this new language is interpreted by the Executive Branch. Section 309 also asks the heads of each relevant member of the intelligence community to develop procedures to ensure compliance with new retention requirements. I expect those procedures to look a lot like the FISA minimization guidelines.
  • ...6 more annotations...
  • This language is broad, circular, and technically incoherent, so it takes some effort to parse appropriately. When the minimization procedures were disclosed in 2013, this language was interpreted by outside commentators to mean that NSA may keep all encrypted data that has been incidentally collected under Section 702 for at least as long as is necessary to decrypt that data. Is this the correct interpretation? I think so. It is important to realize that the language above isn’t just broad. It seems purposefully broad. The part regarding relevance seems to mirror the rationale NSA has used to justify its bulk phone records collection program. Under that program, all phone records were relevant because some of those records could be valuable to terrorism investigations and (allegedly) it isn’t possible to collect only those valuable records. This is the “to find a needle a haystack, you first have to have the haystack” argument. The same argument could be applied to encrypted data and might be at play here.
  • This exception doesn’t just apply to encrypted data that might be relevant to a current foreign intelligence investigation. It also applies to cases in which the encrypted data is likely to become relevant to a future intelligence requirement. This is some remarkably generous language. It seems one could justify keeping any type of encrypted data under this exception. Upon close reading, it is difficult to avoid the conclusion that these procedures were written carefully to allow NSA to collect and keep a broad category of encrypted data under the rationale that this data might contain the communications of NSA targets and that it might be decrypted in the future. If NSA isn’t doing this today, then whoever wrote these minimization procedures wanted to at least ensure that NSA has the authority to do this tomorrow.
  • There are a few additional observations that are worth making regarding these nominally new retention guidelines and Section 702 collection. First, the concept of incidental collection as it has typically been used makes very little sense when applied to encrypted data. The way that NSA’s Section 702 upstream “about” collection is understood to work is that technology installed on the network does some sort of pattern match on Internet traffic; say that an NSA target uses example@gmail.com to communicate. NSA would then search content of emails for references to example@gmail.com. This could notionally result in a lot of incidental collection of U.S. persons’ communications whenever the email that references example@gmail.com is somehow mixed together with emails that have nothing to do with the target. This type of incidental collection isn’t possible when the data is encrypted because it won’t be possible to search and find example@gmail.com in the body of an email. Instead, example@gmail.com will have been turned into some alternative, indecipherable string of bits on the network. Incidental collection shouldn’t occur because the pattern match can’t occur in the first place. This demonstrates that, when communications are encrypted, it will be much harder for NSA to search Internet traffic for a unique ID associated with a specific target.
  • This lends further credence to the conclusion above: rather than doing targeted collection against specific individuals, NSA is collecting, or plans to collect, a broad class of data that is encrypted. For example, NSA might collect all PGP encrypted emails or all Tor traffic. In those cases, NSA could search Internet traffic for patterns associated with specific types of communications, rather than specific individuals’ communications. This would technically meet the definition of incidental collection because such activity would result in the collection of communications of U.S. persons who aren’t the actual targets of surveillance. Collection of all Tor traffic would entail a lot of this “incidental” collection because the communications of NSA targets would be mixed with the communications of a large number of non-target U.S. persons. However, this “incidental” collection is inconsistent with how the term is typically used, which is to refer to over-collection resulting from targeted surveillance programs. If NSA were collecting all Tor traffic, that activity wouldn’t actually be targeted, and so any resulting over-collection wouldn’t actually be incidental. Moreover, greater use of encryption by the general public would result in an ever-growing amount of this type of incidental collection.
  • This type of collection would also be inconsistent with representations of Section 702 upstream collection that have been made to the public and to Congress. Intelligence officials have repeatedly suggested that search terms used as part of this program have a high degree of specificity. They have also argued that the program is an example of targeted rather than bulk collection. ODNI General Counsel Robert Litt, in a March 2014 meeting before the Privacy and Civil Liberties Oversight Board, stated that “there is either a misconception or a mischaracterization commonly repeated that Section 702 is a form of bulk collection. It is not bulk collection. It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.” The collection of Internet traffic based on patterns associated with types of communications would be bulk collection; more akin to NSA’s collection of phone records en mass than it is to targeted collection focused on specific individuals. Moreover, this type of collection would certainly fall within the definition of bulk collection provided just last week by the National Academy of Sciences: “collection in which a significant portion of the retained data pertains to identifiers that are not targets at the time of collection.”
  • The Section 702 minimization procedures, which will serve as a template for any new retention guidelines established for E.O. 12333 collection, create a large loophole for encrypted communications. With everything from email to Internet browsing to real-time communications moving to encrypted formats, an ever-growing amount of Internet traffic will fall within this loophole.
  •  
    Tucked into a budget authorization act in December without press notice. Section 309 (the Act is linked from the article) appears to be very broad authority for the NSA to intercept any form of telephone or other electronic information in bulk. There are far more exceptions from the five-year retention limitation than the encrypted information exception. When reading this, keep in mind that the U.S. intelligence community plays semantic games to obfuscate what it does. One of its word plays is that communications are not "collected" until an analyst looks at or listens to partiuclar data, even though the data will be searched to find information countless times before it becomes "collected." That searching was the major basis for a decision by the U.S. District Court in Washington, D.C. that bulk collection of telephone communications was unconstitutional: Under the Fourth Amendment, a "search" or "seizure" requiring a judicial warrant occurs no later than when the information is intercepted. That case is on appeal, has been briefed and argued, and a decision could come any time now. Similar cases are pending in two other courts of appeals. Also, an important definition from the new Intelligence Authorization Act: "(a) DEFINITIONS.-In this section: (1) COVERED COMMUNICATION.-The term ''covered communication'' means any nonpublic telephone or electronic communication acquired without the consent of a person who is a party to the communication, including communications in electronic storage."       
Paul Merrell

Edward Snowden, a year on: reformers frustrated as NSA preserves its power | World news... - 1 views

  • For two weeks in May, it looked as though privacy advocates had scored a tenuous victory against the widespread surveillance practices exposed by Edward Snowden a year ago. Then came a resurgent intelligence community, armed with pens, and dry, legislative language.During several protracted sessions in secure rooms in the Capitol, intelligence veterans, often backed by the congressional leadership, sparred with House aides to abridge privacy and transparency provisions contained in the first bill rolling back National Security Agency spying powers in more than three decades. The revisions took place in secret after two congressional committees had passed the bill. The NSA and its allies took creative advantage of a twilight legislative period permitting technical or cosmetic language changes.The episode shows the lengths to which the architects and advocates of bulk surveillance have gone to preserve their authorities in the time since the Guardian, 12 months ago today, began disclosing the scope of NSA data collection. That resistance to change, aided by the power and trust enjoyed by the NSA on Capitol Hill, helps explain why most NSA powers remain intact a year after the largest leak in the agency's histo
  • But exactly one year on, the NSA’s greatest wound so far has been its PR difficulties. The agency, under public pressure, has divested itself of exactly one activity, the bulk collection of US phone data. Yet while the NSA will not itself continue to gather the data directly, the major post-Snowden legislative fix grants the agency wide berth in accessing and searching large volumes of phone records, and even wider latitude in collecting other kinds of data.There are no other mandated reforms.
  • Some NSA critics look to the courts for a fuller tally of their victories in the wake of the Snowden disclosures. Judges have begun to permit defendants to see evidence gathered against them that had its origins in NSA email or call intercepts, which could disrupt prosecutions or invalidate convictions. At least one such defendant, in Colorado, is seeking the exclusion of such evidence, arguing that its use in court is illegal.Still other cases challenging the surveillance efforts have gotten beyond the government’s longtime insistence that accusers cannot prove they were spied upon, as the Snowden trove demonstrated a dragnet that presumptively touched every American’s phone records. This week, an Idaho federal judge implored the supreme court to settle the question of the bulk surveillance's constitutionality."The litigation now is about the merits. It’s about the lawfulness of the surveillance program," said Jameel Jaffer, the ACLU’s deputy legal director.
  • ...4 more annotations...
  • The Freedom Act ultimately sped to passage in the House on May 22 by a bipartisan 303-121 vote. NSA advocates who had blasted its earlier version as hazardous to national security dropped their objections – largely because they had no more reason.Accordingly, the compromise language caused civil libertarians and technology groups not just to abandon the Freedom Act that they had long championed, but to question whether it actually banned bulk data collection. The government could acquire call-records data up to two degrees of separation from any "reasonable articulable suspicion" of wrongdoing, potentially representing hundreds or thousands of people on a single judicial order." That was not all.
  • "As the bill stands today, it could still permit the collection of email records from everyone who uses a particular email service," warned a Google legislative action alert after the bill passed the House. In a recent statement, cloud-storage firm Tresorit lamented that "there still has been no real progress in achieving truly effective security for consumer and corporate information."No one familiar with the negotiations alleges the NSA or its allies broke the law by amending the bill during the technical-fix period. But it is unusual for substantive changes to be introduced secretly after a bill has cleared committee and before its open debate by the full Senate or House."It is not out of order, but major changes in substance are rare, and appropriately so," said Norman Ornstein, an expert on congressional procedure at the American Enterprise Institute.Steve Aftergood, an intelligence policy analyst at the Federation of American Scientists, said the rewrites to the bill were an "invitation to cynicism."
  • "There does seem to be a sort of gamesmanship to it. Why go through all the troubling of crafting legislation, enlisting support and co-sponsorship, and adopting compromises if the bill is just going to be rewritten behind closed doors anyway?" Aftergood said.
  • Civil libertarians and activists now hope to strengthen the bill in the Senate. Its chief sponsor, Patrick Leahy of Vermont, vowed to take it up this month, and to push for "meaningful reforms" he said he was "disappointed" the House excluded. Obama administration officials will testify in the Senate intelligence committee about the bill on Thursday afternoon, the first anniversary of the Guardian's disclosure of bulk domestic phone records collection. That same day, Reddit, Imgur and other large websites will stage an online "Reset The Net" protest of NSA bulk surveillance.But the way the bill "morphed behind the scenes," as Lofgren put it, points to the obstacles such efforts face. It also points to a continuing opportunity for the NSA to say that Congress has actually blessed widespread data collection – a claim made after the Snowden leaks, despite most members of Congress and the public not knowing that NSA and the Fisa court secretly reinterpreted the Patriot Act in order to collect all US phone records.
  •  
    Good Guardian article on how the American Freedom Act as reported out of House committees was gutted in secret meetings between key representatives and NSA (and other Executive Branch) officials. The House of Representatives kisses the feet of Dark Government. 
Paul Merrell

NSA phone surveillance program likely unconstitutional, federal judge rules | World new... - 0 views

  • A federal judge in Washington ruled on Monday that the bulk collection of Americans’ telephone records by the National Security Agency is likely to violate the US constitution, in the most significant legal setback for the agency since the publication of the first surveillance disclosures by the whistleblower Edward Snowden. Judge Richard Leon declared that the mass collection of metadata probably violates the fourth amendment, which prohibits unreasonable searches and seizures, and was "almost Orwellian" in its scope. In a judgment replete with literary swipes against the NSA, he said James Madison, the architect of the US constitution, would be "aghast" at the scope of the agency’s collection of Americans' communications data. The ruling, by the US district court for the District of Columbia, is a blow to the Obama administration, and sets up a legal battle that will drag on for months, almost certainly destined to end up in the supreme court. It was welcomed by campaigners pressing to rein in the NSA, and by Snowden, who issued a rare public statement saying it had vindicated his disclosures. It is also likely to influence other legal challenges to the NSA, currently working their way through federal courts.
  • In Monday’s ruling, the judge concluded that the pair's constitutional challenge was likely to be successful. In what was the only comfort to the NSA in a stinging judgment, Leon put the ruling on hold, pending an appeal by the government. Leon expressed doubt about the central rationale for the program cited by the NSA: that it is necessary for preventing terrorist attacks. “The government does not cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack,” he wrote.
  • Leon’s opinion contained stern and repeated warnings that he was inclined to rule that the metadata collection performed by the NSA – and defended vigorously by the NSA director Keith Alexander on CBS on Sunday night – was unconstitutional. “Plaintiffs have a substantial likelihood of showing that their privacy interests outweigh the government’s interest in collecting and analysing bulk telephony metadata and therefore the NSA’s bulk collection program is indeed an unreasonable search under the fourth amendment,” he wrote. Leon said that the mass collection of phone metadata, revealed by the Guardian in June, was "indiscriminatory" and "arbitrary" in its scope. "The almost-Orwellian technology that enables the government to store and analyze the phone metadata of every telephone user in the United States is unlike anything that could have been conceived in 1979," he wrote, referring to the year in which the US supreme court ruled on a fourth amendment case upon which the NSA now relies to justify the bulk records program.
  • ...5 more annotations...
  • In a statement, Snowden said the ruling justified his disclosures. “I acted on my belief that the NSA's mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts," he said in comments released through Glenn Greenwald, the former Guardian journalist who received leaked documents from Snowden. "Today, a secret program authorised by a secret court was, when exposed to the light of day, found to violate Americans’ rights. It is the first of many.”
  • In his ruling, Judge Leon expressly rejected the government’s claim that the 1979 supreme court case, Smith v Maryland, which the NSA and the Obama administration often cite to argue that there is no reasonable expectation of privacy over metadata, applies in the NSA’s bulk-metadata collection. The mass surveillance program differs so much from the one-time request dealt with by the 1979 case that it was of “little value” in assessing whether the metadata dragnet constitutes a fourth amendment search.
  • In a decision likely to influence other federal courts hearing similar arguments from the ACLU, Leon wrote that the Guardian’s disclosure of the NSA’s bulk telephone records collection means that citizens now have standing to challenge it in court, since they can demonstrate for the first time that the government is collecting their phone data.
  • Leon also struck a blow for judicial review of government surveillance practices even when Congress explicitly restricts the ability of citizens to sue for relief. “While Congress has great latitude to create statutory schemes like Fisa,” he wrote, referring to the seminal 1978 surveillance law, “it may not hang a cloak of secrecy over the constitution.”
  • In his ruling on Monday, Judge Leon predicted the process would take six months. He urged the government to take that time to prepare for an eventual defeat. “I fully expect that during the appellate process, which will consume at least the next six months, the government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld,” wrote Leon in his opinion. “Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions.”
  •  
    This is the case I thought was the weakest because of poor drafting in the complaint. The judge noted those issues in dismissing the plaintiffs' claims under the Administrative Procedures Act, but picked his way through what remained to find sufficient allegations to support the 4th Amendment challenge. Because he ruled for the plaintiffs on the 4th Amendment count, the judge did not reach the plaintiffs' arguments under the First and Fifth Amendments. This case is about cellphone call metadata, which the FISA Court has been ordering cell phone companies to provide every day, with the orders updated every 90 days. The judge's 68-page opinion is at https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2013cv0881-40 (cleaner copy than the Guardian's, which was apparently faxed). Notably, the judge, Richard Leon, is a Bush II appointee and one of the plaintiffs is a prominent conservative civil libertarian lawyer. The other plaintiff is the father of an NSA cryptologist who worked closely with SEAL Team 6 and was killed along with members of that team when their helicopter crashed in Afghanistan. I'll add some more in a comment. But digital privacy is not yet dead.
  •  
    Unfortunately, DRM is not dead yet either and the court's PDF file is locked. No easy copying of its content. If you want to jump directly to the discussion of 4th Amendment issues, go to page 35. That way, you can skip past all the dreary discussion of the Administrative Procedures Act claim and you won't miss much that's memorable. In ruling on the plaintiffs' standing to raise the 4th Amendment claim, Judge Leon postulated two possible search issues: [i] the bulk daily collection of metadata and its retention in the database for five years; and [ii] the analysis of that data through the NSA's querying process. The judge had no difficulty with the first issue; it definitely qualifies as a search. But the judge rejected the plaintiffs' argument on the second type (which was lame), demonstrating that at least one federal judge understands how computers work. The government's filings indicated that a "seed" telephone number or other identifier is used as the query string. Judge Leon figured out for himself from this fact that the NSA of necessity had to compare that number or identifier to every number or identifier in its database looking for a match. The judge concluded that the plaintiffs' metadata --- indeed everyone's metadata --- had to be searched for comparison purposes *every* time the NSA analysts ran any query against the database. See his incisive discussion at pp. 39-41. So having established that two searches were involved, one every time the NSA queried the database, the judge moved on to the next question, whether "the plaintiffs had a reasonable expectation of privacy that is violated when the Government indiscriminately collects their telephony metadata along with the metadata of hundreds of millions of other citizens without any particularized suspicion of wrongdoing, retains that metadata for five years, and then queries, analyzes, and investigates that data without prior judicial approval of the investigative targets." pg. 43. More later
Paul Merrell

Inside TAO: The NSA's Shadow Network - SPIEGEL ONLINE - 0 views

  • The insert method and other variants of QUANTUM are closely linked to a shadow network operated by the NSA alongside the Internet, with its own, well-hidden infrastructure comprised of "covert" routers and servers. It appears the NSA also incorporates routers and servers from non-NSA networks into its covert network by infecting these networks with "implants" that then allow the government hackers to control the computers remotely. (Click here to read a related article on the NSA's "implants".) In this way, the intelligence service seeks to identify and track its targets based on their digital footprints. These identifiers could include certain email addresses or website cookies set on a person's computer. Of course, a cookie doesn't automatically identify a person, but it can if it includes additional information like an email address. In that case, a cookie becomes something like the web equivalent of a fingerprint.
  • Once TAO teams have gathered sufficient data on their targets' habits, they can shift into attack mode, programming the QUANTUM systems to perform this work in a largely automated way. If a data packet featuring the email address or cookie of a target passes through a cable or router monitored by the NSA, the system sounds the alarm. It determines what website the target person is trying to access and then activates one of the intelligence service's covert servers, known by the codename FOXACID. This NSA server coerces the user into connecting to NSA covert systems rather than the intended sites. In the case of Belgacom engineers, instead of reaching the LinkedIn page they were actually trying to visit, they were also directed to FOXACID servers housed on NSA networks. Undetected by the user, the manipulated page transferred malware already custom tailored to match security holes on the target person's computer. The technique can literally be a race between servers, one that is described in internal intelligence agency jargon with phrases like: "Wait for client to initiate new connection," "Shoot!" and "Hope to beat server-to-client response." Like any competition, at times the covert network's surveillance tools are "too slow to win the race." Often enough, though, they are effective. Implants with QUANTUMINSERT, especially when used in conjunction with LinkedIn, now have a success rate of over 50 percent, according to one internal document.
  • At the same time, it is in no way true to say that the NSA has its sights set exclusively on select individuals. Of even greater interest are entire networks and network providers, such as the fiber optic cables that direct a large share of global Internet traffic along the world's ocean floors. One document labeled "top secret" and "not for foreigners" describes the NSA's success in spying on the "SEA-ME-WE-4" cable system. This massive underwater cable bundle connects Europe with North Africa and the Gulf states and then continues on through Pakistan and India, all the way to Malaysia and Thailand. The cable system originates in southern France, near Marseille. Among the companies that hold ownership stakes in it are France Telecom, now known as Orange and still partly government-owned, and Telecom Italia Sparkle. The document proudly announces that, on Feb. 13, 2013, TAO "successfully collected network management information for the SEA-Me-We Undersea Cable Systems (SMW-4)." With the help of a "website masquerade operation," the agency was able to "gain access to the consortium's management website and collected Layer 2 network information that shows the circuit mapping for significant portions of the network."
  • ...3 more annotations...
  • It appears the government hackers succeeded here once again using the QUANTUMINSERT method. The document states that the TAO team hacked an internal website of the operator consortium and copied documents stored there pertaining to technical infrastructure. But that was only the first step. "More operations are planned in the future to collect more information about this and other cable systems," it continues. But numerous internal announcements of successful attacks like the one against the undersea cable operator aren't the exclusive factors that make TAO stand out at the NSA. In contrast to most NSA operations, TAO's ventures often require physical access to their targets. After all, you might have to directly access a mobile network transmission station before you can begin tapping the digital information it provides.
  • To conduct those types of operations, the NSA works together with other intelligence agencies such as the CIA and FBI, which in turn maintain informants on location who are available to help with sensitive missions. This enables TAO to attack even isolated networks that aren't connected to the Internet. If necessary, the FBI can even make an agency-owned jet available to ferry the high-tech plumbers to their target. This gets them to their destination at the right time and can help them to disappear again undetected after as little as a half hour's work.
  • Sometimes it appears that the world's most modern spies are just as reliant on conventional methods of reconnaissance as their predecessors. Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer. These minor disruptions in the parcel shipping business rank among the "most productive operations" conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks "around the world."
  •  
    From page 3 of a 3-page article. The entire article is well worth reading. I chose this page to bookmark because of its disclosure that NSA is intercepting new computers before they are delivered and installing hardware and software backdoors, then reshipping them to their intended recipients. Although not mentioned, this implies the complicity of package shipment companies and conceivably government mail systems and original equipment manufacturers ("OEMs").  
Paul Merrell

Edward Snowden: NSA whistleblower answers reader questions | World news | guardian.co.uk - 0 views

  • The 29-year-old former NSA contractor and source of the Guardian's NSA files coverage will – with the help of Glenn Greenwald – take your questions today on why he revealed the NSA's top-secret surveillance of US citizens, the international storm that has ensued, and the uncertain future he now faces. Ask him anything.
  • I did not reveal any US operations against legitimate military targets. I pointed out where the NSA has hacked civilian infrastructure such as universities, hospitals, and private businesses because it is dangerous. These nakedly, aggressively criminal acts are wrong no matter the target. Not only that, when NSA makes a technical mistake during an exploitation operation, critical systems crash. Congress hasn't declared war on the countries - the majority of them are our allies - but without asking for public permission, NSA is running network operations against them that affect millions of innocent people. And for what? So we can have secret access to a computer in a country we're not even fighting? So we can potentially reveal a potential terrorist with the potential to kill fewer Americans than our own Police? No, the public needs to know the kinds of things a government does in its name, or the "consent of the governed" is meaningless.
  • I was debriefed by Glenn and his peers over a number of days, and not all of those conversations were recorded. The statement I made about earnings was that $200,000 was my "career high" salary. I had to take pay cuts in the course of pursuing specific work. Booz was not the most I've been paid.
  • ...17 more annotations...
  • 1) More detail on how direct NSA's accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on - it's all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed.
  • Obama's campaign promises and election gave me faith that he would lead us toward fixing the problems he outlined in his quest for votes. Many Americans felt similarly. Unfortunately, shortly after assuming power, he closed the door on investigating systemic violations of law, deepened and expanded several abusive programs, and refused to spend the political capital to end the kind of human rights violations like we see in Guantanamo, where men still sit without charge.
  • All I can say right now is the US Government is not going to be able to cover this up by jailing or murdering me. Truth is coming, and it cannot be stopped
  • NSA likes to use "domestic" as a weasel word here for a number of reasons. The reality is that due to the FISA Amendments Act and its section 702 authorities, Americans’ communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant. They excuse this as "incidental" collection, but at the end of the day, someone at NSA still has the content of your communications. Even in the event of "warranted" intercept, it's important to understand the intelligence community doesn't always deal with what you would consider a "real" warrant like a Police department would have to, the "warrant" is more of a templated form they fill out and send to a reliable judge with a rubber stamp.
  • Glenn Greenwald follow up: When you say "someone at NSA still has the content of your communications" - what do you mean? Do you mean they have a record of it, or the actual content? Both. If I target for example an email address, for example under FAA 702, and that email address sent something to you, Joe America, the analyst gets it. All of it. IPs, raw data, content, headers, attachments, everything. And it gets saved for a very long time - and can be extended further with waivers rather than warrants.
  • What are your thoughts on Google's and Facebook's denials? Do you think that they're honestly in the dark about PRISM, or do you think they're compelled to lie? Perhaps this is a better question to a lawyer like Greenwald, but: If you're presented with a secret order that you're forbidding to reveal the existence of, what will they actually do if you simply refuse to comply (without revealing the order)? Answer: Their denials went through several revisions as it become more and more clear they were misleading and included identical, specific language across companies. As a result of these disclosures and the clout of these companies, we're finally beginning to see more transparency and better details about these programs for the first time since their inception. They are legally compelled to comply and maintain their silence in regard to specifics of the program, but that does not comply them from ethical obligation. If for example Facebook, Google, Microsoft, and Apple refused to provide this cooperation with the Intelligence Community, what do you think the government would do? Shut them down?
  • Some skepticism exists about certain of your claims, including this: I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email. Do you stand by that, and if so, could you elaborate? Answer: Yes, I stand by it. US Persons do enjoy limited policy protections (and again, it's important to understand that policy protection is no protection - policy is a one-way ratchet that only loosens) and one very weak technical protection - a near-the-front-end filter at our ingestion points. The filter is constantly out of date, is set at what is euphemistically referred to as the "widest allowable aperture," and can be stripped out at any time. Even with the filter, US comms get ingested, and even more so as soon as they leave the border. Your protected communications shouldn't stop being protected communications just because of the IP they're tagged with. More fundamentally, the "US Persons" protection in general is a distraction from the power and danger of this system. Suspicionless surveillance does not become okay simply because it's only victimizing 95% of the world instead of 100%. Our founders did not write that "We hold these Truths to be self-evident, that all US Persons are created equal."
  • Edward, there is rampant speculation, outpacing facts, that you have or will provide classified US information to the Chinese or other governments in exchange for asylum. Have/will you? Answer: This is a predictable smear that I anticipated before going public, as the US media has a knee-jerk "RED CHINA!" reaction to anything involving HK or the PRC, and is intended to distract from the issue of US government misconduct. Ask yourself: if I were a Chinese spy, why wouldn't I have flown directly into Beijing? I could be living in a palace petting a phoenix by now.
  • US officials say this every time there's a public discussion that could limit their authority. US officials also provide misleading or directly false assertions about the value of these programs, as they did just recently with the Zazi case, which court documents clearly show was not unveiled by PRISM. Journalists should ask a specific question: since these programs began operation shortly after September 11th, how many terrorist attacks were prevented SOLELY by information derived from this suspicionless surveillance that could not be gained via any other source? Then ask how many individual communications were ingested to acheive that, and ask yourself if it was worth it. Bathtub falls and police officers kill more Americans than terrorism, yet we've been asked to sacrifice our most sacred rights for fear of falling victim to it. Further, it's important to bear in mind I'm being called a traitor by men like former Vice President Dick Cheney. This is a man who gave us the warrantless wiretapping scheme as a kind of atrocity warm-up on the way to deceitfully engineering a conflict that has killed over 4,400 and maimed nearly 32,000 Americans, as well as leaving over 100,000 Iraqis dead. Being called a traitor by Dick Cheney is the highest honor you can give an American, and the more panicked talk we hear from people like him, Feinstein, and King, the better off we all are. If they had taught a class on how to be the kind of citizen Dick Cheney worries about, I would have finished high school.
  • Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption? Answer: Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. 
  • Binney, Drake, Kiriakou, and Manning are all examples of how overly-harsh responses to public-interest whistle-blowing only escalate the scale, scope, and skill involved in future disclosures. Citizens with a conscience are not going to ignore wrong-doing simply because they'll be destroyed for it: the conscience forbids it. Instead, these draconian responses simply build better whistleblowers. If the Obama administration responds with an even harsher hand against me, they can be assured that they'll soon find themselves facing an equally harsh public response. This disclosure provides Obama an opportunity to appeal for a return to sanity, constitutional policy, and the rule of law rather than men. He still has plenty of time to go down in history as the President who looked into the abyss and stepped back, rather than leaping forward into it. I would advise he personally call for a special committee to review these interception programs, repudiate the dangerous "State Secrets" privilege, and, upon preparing to leave office, begin a tradition for all Presidents forthwith to demonstrate their respect for the law by appointing a special investigator to review the policies of their years in office for any wrongdoing. There can be no faith in government if our highest offices are excused from scrutiny - they should be setting the example of transparency. 
  • What would you say to others who are in a position to leak classified information that could improve public understanding of the intelligence apparatus of the USA and its effect on civil liberties?
  • This country is worth dying for.
  • My question: given the enormity of what you are facing now in terms of repercussions, can you describe the exact moment when you knew you absolutely were going to do this, no matter the fallout, and what it now feels like to be living in a post-revelation world? Or was it a series of moments that culminated in action? I think it might help other people contemplating becoming whistleblowers if they knew what the ah-ha moment was like. Again, thanks for your courage and heroism. Answer: I imagine everyone's experience is different, but for me, there was no single moment. It was seeing a continuing litany of lies from senior officials to Congress - and therefore the American people - and the realization that that Congress, specifically the Gang of Eight, wholly supported the lies that compelled me to act. Seeing someone in the position of James Clapper - the Director of National Intelligence - baldly lying to the public without repercussion is the evidence of a subverted democracy. The consent of the governed is not consent if it is not informed.
  • Regarding whether you have secretly given classified information to the Chinese government, some are saying you didn't answer clearly - can you give a flat no? Answer: No. I have had no contact with the Chinese government. Just like with the Guardian and the Washington Post, I only work with journalists.
  • So far are things going the way you thought they would regarding a public debate? – tikkamasala Answer: Initially I was very encouraged. Unfortunately, the mainstream media now seems far more interested in what I said when I was 17 or what my girlfriend looks like rather than, say, the largest program of suspicionless surveillance in human history.
  • Thanks to everyone for their support, and remember that just because you are not the target of a surveillance program does not make it okay. The US Person / foreigner distinction is not a reasonable substitute for individualized suspicion, and is only applied to improve support for the program. This is the precise reason that NSA provides Congress with a special immunity to its surveillance.
  •  
    I particularly liked this Snowden observation as an idea for a constitutional amendment: "This disclosure provides Obama an opportunity to appeal for a return to sanity, constitutional policy, and the rule of law rather than men. He still has plenty of time to go down in history as the President who looked into the abyss and stepped back, rather than leaping forward into it. I would advise he personally call for a special committee to review these interception programs, repudiate the dangerous "State Secrets" privilege, and, upon preparing to leave office, begin a tradition for all Presidents forthwith to demonstrate their respect for the law by appointing a special investigator to review the policies of their years in office for any wrongdoing. There can be no faith in government if our highest offices are excused from scrutiny - they should be setting the example of transparency. " Repeal of the State Secrets privilege would require a constitutional amendment because the Supreme Court decided back when that it is inherent in the President's power as commander in chief of the military forces. In other words, neither Congress nor the courts can second-guess such claims, a huge contributing factor in the over-classification of government records when the real reason is to protect bureaucrats from embarrassment, civil rights suits, and criminal prosecution. It is no accident that we have an Executive Branch that is out-of-control, waging dictatorial powers under the protection of the State Secrets privilege. 
Paul Merrell

FindLaw | Cases and Codes - 0 views

  • SMITH v. MARYLAND, 442 U.S. 735 (1979)
  • The telephone company, at police request, installed at its central offices a pen register to record the numbers dialed from the telephone at petitioner's home. Prior to his robbery trial, petitioner moved to suppress "all fruits derived from" the pen register. The Maryland trial court denied this motion, holding that the warrantless installation of the pen register did not violate the Fourth Amendment. Petitioner was convicted, and the Maryland Court of Appeals affirmed. Held: The installation and use of the pen register was not a "search" within the meaning of the Fourth Amendment, and hence no warrant was required. Pp. 739-746. (a) Application of the Fourth Amendment depends on whether the person invoking its protection can claim a "legitimate expectation of privacy" that has been invaded by government action. This inquiry normally embraces two questions: first, whether the individual has exhibited an actual (subjective) expectation of privacy; and second, whether his expectation is one that society is prepared to recognize as "reasonable." Katz v. United States, 389 U.S. 347 . Pp. 739-741.
  • (b) Petitioner in all probability entertained no actual expectation of privacy in the phone numbers he dialed, and even if he did, his expectation was not "legitimate." First, it is doubtful that telephone users in general have any expectation of privacy regarding the numbers they dial, since they typically know that they must convey phone numbers to the telephone company and that the company has facilities for recording this information and does in fact record it for various legitimate business purposes. And petitioner did not demonstrate an expectation of privacy merely by using his home phone rather than some other phone, since his conduct, although perhaps calculated to keep the contents of his conversation private, was not calculated to preserve the privacy of the number he dialed. Second, even if petitioner did harbor some subjective expectation of privacy, this expectation was not one that society is prepared to recognize as "reasonable." When petitioner voluntarily conveyed numerical information to the phone company and "exposed" that information to its equipment in the normal course of business, he assumed the risk that the company would reveal the information [442 U.S. 735, 736]   to the police, cf. United States v. Miller, 425 U.S. 435 . Pp. 741-746. 283 Md. 156, 389 A. 2d 858, affirmed.
  •  
    The Washington Post has reported that "on July 15 [2001], the secret surveillance court allowed the NSA to resume bulk collection under the court's own authority. The opinion, which remains highly classified, was based on a provision of electronic surveillance law, known as "pen register, trap and trace," that was written to allow law enforcement officers to obtain the phone numbers of incoming and outgoing calls from a single telephone line." .  The seminal case on pen registers is the Supreme Court's 1979 Smith v. Maryland decision, bookmarked here and the Clerk's syllabus highlighted, with the Court's discussion on the same web page. We will be hearing a lot about this case decision in the weeks and months to come.  Let it suffice for now to record a few points of what my antenna are telling me:  -- Both technology and the law have moved on since then. We are 34 years down the line from the Smith decision. Its pronouncements have been sliced and diced by subsequent decisions. Not a single Justice who sat on the Smith case is still on the High Bench.   -- In Smith, a single pen register was used to obtain calling information from a single telephone number by law enforcement officials. In the present circumstance, we face an Orwellian situation of a secret intelligence agency with no law enforcement authority forbidden by law from conducting domestic surveillance perusing and all digital communications of the entire citizenry. -- The NSA has been gathering not only information analogous to pen register results but also the communications of American citizens themselves. The communications themselves --- the contents --- are subject to the 4th Amendment warrant requirement. Consider the circuitous route of the records ordered to be disclosed in the Verizon FISA order. Verizon was ordered to disclose them to the FBI, not to the NSA. But then the FBI apparently forwards the records to the NSA, who has both the "pen register
Gary Edwards

Take A Break From The Snowden Drama For A Reminder Of What He's Revealed So Far - Forbes - 0 views

  • Here’s a recap of Snowden’s leaked documents published so far, in my own highly subjective order of importance.
  • The publication of Snowden’s leaks began with a top secret order from the Foreign Intelligence Surveillance Court (FISC) sent to Verizon on behalf of the NSA, demanding the cell phone records of all of Verizon Business Network Services’ American customers for the three month period ending in July. The order, obtained by the Guardian, sought only the metadata of those millions of users’ calls–who called whom when and from what locations–but specifically requested Americans’ records, disregarding foreigners despite the NSA’s legal restrictions that it may only surveil non-U.S. persons. Senators Saxby Chambliss and Diane Feinstein defended the program and said it was in fact a three-month renewal of surveillance practices that had gone for seven years.
  • A leaked executive order from President Obama shows the administration asked intelligence agencies to draw up a list of potential offensive cyberattack targets around the world. The order, which suggests targeting “systems, processes and infrastructure” states that such offensive hacking operations “can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.” The order followed repeated accusations by the U.S. government that China has engaged in state-sponsored hacking operations, and was timed just a day before President Obama’s summit with Chinese President Xi Jinping.
  • ...6 more annotations...
  • Another leaked slide deck revealed a software tool called Boundless Informant, which the NSA appears to use for tracking the origin of data it collects. The leaked materials included a map produced by the program showing the frequency of data collection in countries around the world. While Iran, Pakistan and Jordan appeared to be the most surveilled countries according to the map, it also pointed to significant data collection from the United States.
  • In a congressional hearing, NSA director Keith Alexander argued that the kind of surveillance of Americans’ data revealed in that Verizon order was necessary to for archiving purposes, but was rarely accessed and only with strict oversight from Foreign Intelligence Surveillance Court judges. But another secret document published by the Guardian revealed the NSA’s own rules for when it makes broad exceptions to its foreign vs. U.S. persons distinction, accessing Americans’ data and holding onto it indefinitely. Those exceptions include anytime Americans’ data is judged to be “significant foreign intelligence” information or information about a crime that has been or is about to be committed, any data “involved in the unauthorized disclosure of national security information,” or necessary to “assess a communications security vulnerability.” Any encrypted data that the NSA wants to crack can also be held indefinitely, regardless of whether its American or foreign origin.
  • Documents leaked to the Guardian revealed a five-year-old British intelligence scheme to tap transatlantic fiberoptic cables to gather data. A program known as Tempora, created by the U.K.’s NSA equivalent Government Communications Headquarters (GCHQ) has for the last 18 months been able to store huge amounts of that raw data for up to 30 days. Much of the data is shared with the NSA, which had assigned 250 analysts to sift through it as of May of last year.
  • Another GCHQ project revealed to the Guardian through leaked documents intercepted the communications of delegates to the G20 summit of world leaders in London in 2009. The scheme included monitoring the attendees’ phone calls and emails by accessing their Blackberrys, and even setting up fake Internet cafes that used keylogging software to surveil them.
  • Snowden showed the Hong Kong newspaper the South China Morning Post documents that it said outlined extensive hacking of Chinese and Hong Kong targets by the NSA since 2009, with 61,000 targets globally and “hundreds” in China. Other SCMP stories based on Snowden’s revelations stated that the NSA had gained access to the Chinese fiberoptic network operator Pacnet as well as Chinese mobile phone carriers, and had gathered large quantities of Chinese SMS messages.
  • The Guardian’s Glenn Greenwald has said that Snowden provided him “thousands” of documents, of which “dozens” are newsworthy. And Snowden himself has said he’d like to expose his trove of leaks to the global media so that each country’s reporters can decide whether “U.S. network operations against their people should be published.” So regardless of where Snowden ends up, expect more of his revelations to follow.
  •  
    Nice tight summary
Paul Merrell

Obama concedes NSA bulk collection of phone data may be unnecessary | World news | theg... - 0 views

  • President Barack Obama has conceded that mass collection of private data by the US government may be unnecessary and said there were different ways of “skinning the cat”, which could allow intelligence agencies to keep the country safe without compromising privacy. In an apparent endorsement of a recommendation by a review panel to shift responsibility for the bulk collection of telephone records away from the National Security Agency and on to the phone companies, the president said change was necessary to restore public confidence. “In light of the disclosures, it is clear that whatever benefits the configuration of this particular programme may have, may be outweighed by the concerns that people have on its potential abuse,” Obama told an end-of-year White House press conference. “If it that’s the case, there may be a better way of skinning the cat.”
  • Though insisting he will not make a final decision until January, this is the furthest the president has gone in backing calls to dismantle the programme to collect telephone data, a practice the NSA claims has legal foundation under section 215 of the Patriot Act. This week, a federal judge said the program “very likely” violates the US constitution. “There are ways we can do this potentially that give people greater assurance that there are checks and balances, sufficient oversight and transparency,” Obama added. “Programmes like 215 could be redesigned in ways that give you the same information when you need it without creating these potentials for abuse. That’s exactly what we should be doing: to evaluate things in a very clear specific way and moving forward on changes. And that’s what I intend to do.”
  • The president would not comment on a suggestion last weekend by Richard Ledgett, the NSA official investigating the Snowden leaks, that an amnesty might be appropriate in exchange for the return of the data Snowden took from the agency. Obama said he could not comment specifically because Snowden was “under indictment”, something not previously disclosed. While the Justice Department filed a criminal complaint against Snowden on espionage-related charges in June, there has been no public subsequent indictment, although it is possible one exists under gag order. The Justice Department referred comment on a Snowden indictment to the White House. Caitlin Hayden, the chief spokeswoman for the White House National Security Council, clarified that Obama was referring to the criminal complaint against Snowden. It remains unclear if there is an indictment under seal. 
  • ...4 more annotations...
  • The president also went further than his review panel in suggesting the US needed to rein in its overseas surveillance activities. “We have got to provide more confidence to the international community. In a virtual world, some of these boundaries don’t matter any more,” he said. “The values that we have got as Americans are ones that we have to be willing to apply beyond our borders, perhaps more systematically than we have done in the past.”
  • Conspicuously, Obama declined to rebut one assessment from his surveillance review group – that the bulk collection of US call data was not essential to stopping a terrorist attack. Instead, he contended that there had been “no abuse” of the bulk phone data collection. But in 2009, a judge on the secret surveillance court prevented the NSA from searching through its databases of US phone information after discovering “daily violations” resulting from NSA searches of Americans’ phone records without reasonable suspicion of connections to terrorism. That data was inaccessible to the NSA for almost all of 2009, before the Fisa court was convinced the NSA had sufficient safeguards in place for preventing similar violations
  • In another indication of the shifting landscape on surveillance, the telecoms giant AT&T announced on Friday that it will begin publishing a semi-annual report about its complicity with government surveillance requests. AT&T followed its competitor Verizon, which announced a similar move on Thursday.
  • The first such report is expected for early 2014, Watts said. While technology firms like Yahoo and Google have pushed for greater transparency about providing their customer data to the government, the telecommunications firms – which have cooperated with the NSA since the agency’s 1952 inception – did not join them before the events of the past week.
  •  
    Movement on the NSA. Obama hints that the NSA's section 215 metadata collection will end, fesses up that Snowden has been criminally indicted, but declines to discuss whether Snowden might be pardoned in exchange for turning over his NSA document collection, notably not ruling it out. And finally, two of the giant telcos, AT&T and Verizon, have announced intent to do semi-annual public reports on their collaboration with government spy agencies. Amazing what a federal court decision can do, particularly when immediately followed by the president's own blue-ribbon panel report, both holding that the section 215 program has resulted in no terrorist attacks being prevented and that the program in unconstitutional. Obama finally reaches his tipping point. A good week for civil libertarians.   
Paul Merrell

NSA 'secret backdoor' paved way to U.S. phone, e-mail snooping | Politics and Law - CNE... - 0 views

  • The National Security Agency created a "secret backdoor" so its massive databases could be searched for the contents of U.S. citizens' confidential phone calls and e-mail messages without a warrant, according to the latest classified documents leaked by Edward Snowden. A report in the Guardian on Friday quoted Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence Committee, as saying the secret rule offers a loophole allowing "warrantless searches for the phone calls or emails of law-abiding Americans." That appears to confirm what Rep. Jerrold Nadler, a New York Democrat, said in June after receiving a classified briefing from administration officials a few days earlier on the extent of the NSA's domestic surveillance operations. If the NSA wants "to listen to the phone," an analyst's decision is sufficient, without any other legal authorization required, Nadler said he had been told during the briefing. "I was rather startled," said Nadler, an attorney who serves on the House Judiciary Committee.
  • FBI Director Robert Mueller responded by assuring Nadler, according to a transcript of the hearing, that to "listen to the phone," the government would need "a particularized order" from the Foreign Intelligence Surveillance Court -- a claim that is contradicted by today's Guardian report and other documents. Mueller has been succeeded by James Comey, who was confirmed last month by the Senate. In response to a CNET article at the time, Director of National Intelligence James Clapper released a statement saying: "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress." Clapper never elaborated, however, on what "proper" authorization would be. Today's top-secret document leaked by Snowden reveals that "procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data."
  • FAA 702 is a reference to section 702 of a 2008 law that amended the Foreign Intelligence Surveillance Act. Those amendments created a warrantless surveillance process that could be employed by NSA analysts, but Congress never intended it to be used domestically against American citizens: A congressional report accompanying the law claimed it allows electronic surveillance only of "persons located outside the United States in order to acquire foreign intelligence information." In reality, though, the Obama Justice Department has devised secret interpretations of FAA 702 carving out loopholes in what were intended to be strict privacy safeguards. One loophole revealed in June shows that NSA, CIA, and FBI analysts are granted broad access to data vacuumed up by the world's most powerful intelligence agency -- but are supposed to follow certain "targeting" and "minimization" procedures to limit the number of Americans who become individual targets of warrantless surveillance.
  • ...2 more annotations...
  • Today's disclosures appear to be at odds with what President Obama has said over the last two months in defense of NSA surveillance. "What I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls and the NSA cannot target your e-mails," Obama has said. Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications.
  • AT&T and other telecommunications companies that allow the NSA to tap into their fiber links receive absolute immunity from civil liability or criminal prosecution, thanks to Section 702 of the FISA Amendments Act, which Congress renewed in 2012. It says that any civil lawsuit "against any person for providing assistance to an element of the intelligence community...shall be promptly dismissed." Section 702 of the law says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court -- in practice, this means analysts at the NSA and other agencies with intelligence functions -- as long as minimization requirements and general procedures blessed by the court are followed. It's unclear whether the court has approved the "secret backdoor" allowing Americans' e-mail and phone messages to be targeted for domestic surveillance.
1 - 20 of 163 Next › Last »
Showing 20 items per page