Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged NSA-queries

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Gary Edwards

XKeyscore: NSA tool collects 'nearly everything a user does on the internet' | World ne... - 1 views

www.theguardian.com/...top-secret-program-online-data

Edward-Snowden Glenn-Greenwald NSA NSA-Patriot-Act-NDAA NSA-Whistleblower

shared by Gary Edwards on 01 Aug 13 - No Cached
  • The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight.
  • The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10
  • "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email".
  • ...23 more annotations...
  • US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do."
  • But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed.
  • XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata.
  • Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity.
  • Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets.
  • But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.
  • One training slide illustrates the digital activity constantly being collected by XKeyscore and the analyst's ability to query the databases at any time.
  • The purpose of XKeyscore is to allow analysts to search the metadata as well as the content of emails and other internet activity, such as browser history, even when there is no known email account (a "selector" in NSA parlance) associated with the individual being targeted.
  • Analysts can also search by name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.
  • One document notes that this is because "strong selection [search by email address] itself gives us only a very limited capability" because "a large amount of time spent on the web is performing actions that are anonymous."
  • Email monitoring
  • One top-secret document describes how the program "searches within bodies of emails, webpages and documents", including the "To, From, CC, BCC lines" and the 'Contact Us' pages on websites".
  • To search for emails, an analyst using XKS enters the individual's email address into a simple online search form, along with the "justification" for the search and the time period for which the emails are sought.
  • One document, a top secret 2010 guide describing the training received by NSA analysts for general surveillance under the Fisa Amendments Act of 2008, explains that analysts can begin surveillance on anyone by clicking a few simple pull-down menus designed to provide both legal and targeting justifications.
  • Once options on the pull-down menus are selected, their target is marked for electronic surveillance and the analyst is able to review the content of their communications:
  • Chats, browsing history and other internet activity
  • Beyond emails, the XKeyscore system allows analysts to monitor a virtually unlimited array of other internet activities, including those within social media.
  • An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using XKeyscore to read the content of Facebook chats or private messages.
  • The XKeyscore program also allows an analyst to learn the IP addresses of every person who visits any website the analyst specifies.
  • The quantity of communications accessible through programs such as XKeyscore is staggeringly large. One NSA report from 2007 estimated that there were 850bn "call events" collected and stored in the NSA databases, and close to 150bn internet records. Each day, the document says, 1-2bn records were added.
  • William Binney, a former NSA mathematician, said last year that the agency had "assembled on the order of 20tn transactions about US citizens with other US citizens", an estimate, he said, that "only was involving phone calls and emails". A 2010 Washington Post article reported that "every day, collection systems at the [NSA] intercept and store 1.7bn emails, phone calls and other type of communications."
  • The ACLU's deputy legal director, Jameel Jaffer, told the Guardian last month that national security officials expressly said that a primary purpose of the new law was to enable them to collect large amounts of Americans' communications without individualized warrants.
  • "The government doesn't need to 'target' Americans in order to collect huge volumes of their communications," said Jaffer. "The government inevitably sweeps up the communications of many Americans" when targeting foreign nationals for surveillance.
  • Gary Edwards on 01 Aug 13
     
    "One presentation claims the XKeyscore program covers 'nearly everything a typical user does on the internet' ................................................................. A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden. The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet. The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight. The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10. "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email". US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do." But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks - what the agency calls Digital Network Intelligence (DNI). One
  • Paul Merrell on 02 Aug 13
     
    "But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. " Note in that regard that Snowden said in an earlier interview that use of this system rarely was audited and that when audited, the most common request if changes were requested was to beef up the justification for the search. The XScore system puts the lie to just about everything the Administration has claimed about intense oversight by all three branches of federal government and about not reading emails or listening to (Skype) phone calls. The lies keep stacking up in an ever-deepening pile.
Paul Merrell

How the NSA is still harvesting your online data | World news | guardian.co.uk - 0 views

www.guardian.co.uk/...nsa-online-metadata-collection

surveillance state NSA Obama lies EvilOlive ShellTrumpet MoonLightPath Spinneret xKeyScore Deep Dive Transient Thurible

shared by Paul Merrell on 30 Jun 13 - No Cached
  • A review of top-secret NSA documents suggests that the surveillance agency still collects and sifts through large quantities of Americans' online data – despite the Obama administration's insistence that the program that began under Bush ended in 2011.Shawn Turner, the Obama administration's director of communications for National Intelligence, told the Guardian that "the internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted."But the documents indicate that the amount of internet metadata harvested, viewed, processed and overseen by the Special Source Operations (SSO) directorate inside the NSA is extensive.While there is no reference to any specific program currently collecting purely domestic internet metadata in bulk, it is clear that the agency collects and analyzes significant amounts of data from US communications systems in the course of monitoring foreign targets.
  • On December 26 2012, SSO announced what it described as a new capability to allow it to collect far more internet traffic and data than ever before. With this new system, the NSA is able to direct more than half of the internet traffic it intercepts from its collection points into its own repositories. One end of the communications collected are inside the United States.The NSA called it the "One-End Foreign (1EF) solution". It intended the program, codenamed EvilOlive, for "broadening the scope" of what it is able to collect. It relied, legally, on "FAA Authority", a reference to the 2008 Fisa Amendments Act that relaxed surveillance restrictions.This new system, SSO stated in December, enables vastly increased collection by the NSA of internet traffic. "The 1EF solution is allowing more than 75% of the traffic to pass through the filter," the SSO December document reads. "This milestone not only opened the aperture of the access but allowed the possibility for more traffic to be identified, selected and forwarded to NSA repositories."
  • It continued: "After the EvilOlive deployment, traffic has literally doubled."The scale of the NSA's metadata collection is highlighted by references in the documents to another NSA program, codenamed ShellTrumpet.On December 31, 2012, an SSO official wrote that ShellTrumpet had just "processed its One Trillionth metadata record".
  • ...4 more annotations...
  • An SSO entry dated September 21, 2012, announced that "Transient Thurible, a new Government Communications Head Quarters (GCHQ) managed XKeyScore (XKS) Deep Dive was declared operational." The entry states that GCHQ "modified" an existing program so the NSA could "benefit" from what GCHQ harvested."Transient Thurible metadata [has been] flowing into NSA repositories since 13 August 2012," the entry states.
  • Another SSO entry, dated February 6, 2013, described ongoing plans to expand metadata collection. A joint surveillance collection operation with an unnamed partner agency yielded a new program "to query metadata" that was "turned on in the Fall 2012". Two others, called MoonLightPath and Spinneret, "are planned to be added by September 2013."A substantial portion of the internet metadata still collected and analyzed by the NSA comes from allied governments, including its British counterpart, GCHQ.
  • Explaining that the five-year old program "began as a near-real-time metadata analyzer … for a classic collection system", the SSO official noted: "In its five year history, numerous other systems from across the Agency have come to use ShellTrumpet's processing capabilities for performance monitoring" and other tasks, such as "direct email tip alerting."Almost half of those trillion pieces of internet metadata were processed in 2012, the document detailed: "though it took five years to get to the one trillion mark, almost half of this volume was processed in this calendar year".
  • A review of top-secret NSA documents suggests that the surveillance agency still collects and sifts through large quantities of Americans' online data – despite the Obama administration's insistence that the program that began under Bush ended in 2011.Shawn Turner, the Obama administration's director of communications for National Intelligence, told the Guardian that "the internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted."But the documents indicate that the amount of internet metadata harvested, viewed, processed and overseen by the Special Source Operations (SSO) directorate inside the NSA is extensive.While there is no reference to any specific program currently collecting purely domestic internet metadata in bulk, it is clear that the agency collects and analyzes significant amounts of data from US communications systems in the course of monitoring foreign targets.
Paul Merrell

FBI, CIA Use Backdoor Searches To Warrentlessly Spy On Americans' Communications | Tech... - 0 views

www.techdirt.com/...ications-without-warrant.shtml

surveillance state NSA CIA FBI Wyden NSA-backdoors PCLOB

shared by Paul Merrell on 01 Jul 14 - No Cached
  • The other shoe just dropped when it comes to how the federal government illegally spies on Americans. Last summer, the details of the NSA's "backdoor searches" were revealed. This involved big collections of content and metadata (so, no, not "just metadata" as meaningless as that phrase is) that were collected under Section 702 of the FISA Amendments Act (FAA). This is part of the program that the infamous PRISM effort operates under, and which allows the NSA to collect all sorts of content, including communications to, from or about a "target" -- where a "target" can be incredibly loosely defined (i.e., it can include groups or machines or just about anything). The "backdoor searches" were a special loophole added in 2011 allowing the NSA to make use of "US person names and identifiers as query terms." In the past, it had been limited (as per the NSA's mandate) to only non-US persons.
  • This morning, James Clapper finally responded to a request from Senator Ron Wyden concerning the number of such backdoor searches using US identifiers that were done by various government agencies. And, surprisingly, it's redaction free. The big reveal is... that it's not just the NSA doing these searches, but the CIA and FBI as well. This is especially concerning with regards to the FBI. This means that the FBI, who does surveillance on Americans, is spying on Americans communications that were collected by the NSA and that they're doing so without anything resembling a warrant. Oh, and let's make this even worse: the FBI isn't even tracking how often it does this. It's just doing it willy nilly:
  • Got that? Basically, the FBI often asks the NSA for a big chunk of data that the NSA probably shouldn't have in the first place -- including tons of Americans' communications, and the FBI gets to dump it into the same database that it is free to query. And the FBI tracks none of this, other than to say that it believes that there are a "substantial" number of such queries. This would seem to be a pretty blatant attempt to end run around the 4th Amendment, giving the FBI broad access to searching through the communications of Americans with what appears to be almost no oversight. Yikes! Oh, and it's not just the NSA, but the CIA as well. Remember, the CIA is not supposed to be doing any surveillance on US persons (like the NSA), but that's not what's happening at all. At least the CIA tracks some (but not all) of its abuse of backdoor searches:
  • ...5 more annotations...
  • The FBI does not track how many queries it conducts using U.S. person identifiers. The FBI is responsible for identifying and countering threats to the homeland, such as terrorism pilots and espionage, inside the U.S. Unlike other IC agencies, because of its domestic mission, the FBI routinely deals with information about US persons and is expected to look for domestic connections to threats emanating from abroad, including threats involving Section 702 non-US. person targets. To fulfill its mission and avoid missing connections within the information lawfully in its possession, the FBI does not distinguish between U.S. and non- U.S. persons for purposes of querying Section 702 collection. It should be noted that the FBI does not receive all of Section 702 collection; rather, the FBI only requests and receives a small percentage of total Section 702 collection and only for those selectors in which the FBI has an investigative interest. Moreover, because the FBI stores Section 702 collection in the same database as its "traditional" FISA collection, a query of "traditional" FISA collection will also query Section 702 collection. In addition, the FBI routinely conducts queries across its databases in an effort to locate relevant information that is already in its possession when it opens new national security investigations and assessments. Therefore, the FBI believes the number of queries is substantial. However, only FBI personnel trained in the Section 702 minimization procedures are able to View any Section 702 collection that is responsive to any query.
  • In calendar year 2013, CIA conducted fewer than 1900 queries of Section 702-acquired communications using specific U.S. person identifiers as query terms or other more general query terms if they are intended to return information about a particular U.S. person. Of that total number approximately 40% were conducted as a result of requests for counterterrorism-related information from other U.S. intelligence agencies. Approximately 27% of the total number are duplicative or recurring queries conducted at different times using the same identifiers but that CIA nonetheless counts as separate queries. CIA also uses U.S. person identifiers to conduct metadata-only queries against metadata derived from the FISA Section 702 collection. However, the CIA does not track the number of metadata-only queries using U.S. person identifiers.
  • So, the CIA is doing these kinds of warrantless fishing expeditions into the communications of Americans as well, but at least the CIA tracks how often it's doing so. Of course, when it comes to metadata searches, the CIA doesn't bother. It's also a bit bizarre that the CIA is apparently carrying out a bunch of those searches for "other U.S. intelligence agencies," when the CIA should be especially limited in its ability to do these searches in the first place. Senator Wyden has responded to these revelations by pointing out how "flawed" the oversight system is that these have been allowed:
  • When the FBI says it conducts a substantial number of searches and it has no idea of what the number is, it shows how flawed this system is and the consequences of inadequate oversight. This huge gap in oversight is a problem now, and will only grow as global communications systems become more interconnected. The findings transmitted to me raise questions about whether the FBI is exercising any internal controls over the use of backdoor searches including who and how many government employees can access the personal data of individual Americans. I intend to follow this up until it is fixed.
  • Hopefully, now you are starting to recognize what a big deal it was last week when the House of Representatives recently voted to defund the ability to do these kinds of backdoor searches. Still, much more needs to be done. Oh, and in case you're wondering why Clapper finally 'fessed up to the FBI and CIA making use of these data to warrantlessly spy on Americans, it's worth noting that the Privacy and Civil Liberties Oversight Board (PCLOB) is expected to come out with its report on the Section 702 surveillance program on July 2nd (7/02, get it?). It seems likely that the report will discuss these backdoor searches on Americans and how other agencies besides the NSA has been involved in the practice.
  • Paul Merrell on 01 Jul 14
     
    Note to self: Look for the new PCLOB report in the morning. 
Paul Merrell

NSA loophole allows warrantless search for US citizens' emails and phone calls | World ... - 0 views

www.theguardian.com/...rrantless-searches-email-calls

surveillance state NSA Wyden FISA-loophole must-read

shared by Paul Merrell on 17 Aug 13 - No Cached
  • The National Security Agency has a secret backdoor into its vast databases under a legal authority enabling it to search for US citizens' email and phone calls without a warrant, according to a top-secret document passed to the Guardian by Edward Snowden.The previously undisclosed rule change allows NSA operatives to hunt for individual Americans' communications using their name or other identifying information. Senator Ron Wyden told the Guardian that the law provides the NSA with a loophole potentially allowing "warrantless searches for the phone calls or emails of law-abiding Americans".The authority, approved in 2011, appears to contrast with repeated assurances from Barack Obama and senior intelligence officials to both Congress and the American public that the privacy of US citizens is protected from the NSA's dragnet surveillance programs.
  • The intelligence data is being gathered under Section 702 of the of the Fisa Amendments Act (FAA), which gives the NSA authority to target without warrant the communications of foreign targets, who must be non-US citizens and outside the US at the point of collection.The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as "incidental collection" in surveillance parlance.But this is the first evidence that the NSA has permission to search those databases for specific US individuals' communications.
  • Wyden, an Oregon Democrat on the Senate intelligence committee, has obliquely warned for months that the NSA's retention of Americans' communications incidentally collected and its ability to search through it has been far more extensive than intelligence officials have stated publicly. Speaking this week, Wyden told the Guardian it amounts to a "backdoor search" through Americans' communications data."Section 702 was intended to give the government new authorities to collect the communications of individuals believed to be foreigners outside the US, but the intelligence community has been unable to tell Congress how many Americans have had their communications swept up in that collection," he said."Once Americans' communications are collected, a gap in the law that I call the 'back-door searches loophole' allows the government to potentially go through these communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans."
  • ...2 more annotations...
  • A secret glossary document provided to operatives in the NSA's Special Source Operations division – which runs the Prism program and large-scale cable intercepts through corporate partnerships with technology companies – details an update to the "minimization" procedures that govern how the agency must handle the communications of US persons. That group is defined as both American citizens and foreigners located in the US."While the FAA 702 minimization procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data," the glossary states, "analysts may NOT/NOT [not repeat not] implement any USP [US persons] queries until an effective oversight process has been developed by NSA and agreed to by DOJ/ODNI [Office of the Director of National Intelligence]."The term "identifiers" is NSA jargon for information relating to an individual, such as telephone number, email address, IP address and username as well as their name.The document – which is undated, though metadata suggests this version was last updated in June 2012 – does not say whether the oversight process it mentions has been established or whether any searches against US person names have taken place.
  • Exclusive: Spy agency has secret backdoor permission to search databases for individual Americans' communications
Paul Merrell

The NSA Reveals That It Does 20 Million Database Queries Per Month | Techdirt - 0 views

www.techdirt.com/...tabase-queries-per-month.shtml

surveillance state NSA lies NSA-queries

shared by Paul Merrell on 16 Sep 13 - No Cached
  • As we noted earlier today, the NSA's two key "defenses" of the thousands of abuses and violations of the law that recently came out thanks to a leaked document are that there wasn't "intent" to abuse the system (we had no idea that made illegal things legal...) and, second, that it was such a small percentage of the activity that it's really no big deal. Glenn Greenwald quickly noted that the NSA is actually saying "we collect billion of emails and calls every day, so what's a few thousand privacy violations?" hoping that everyone focuses on the second half of the sentence. But the key point is actually the first half of that sentence. In fact, as we noted in that last post, the NSA's top compliance guy actually revealed a startling fact in his attempt to push the meaningless "ratio" of violations to queries: The official, John DeLong, the N.S.A. director of compliance, said that the number of mistakes by the agency was extremely low compared with its overall activities. The report showed about 100 errors by analysts in making queries of databases of already-collected communications data; by comparison, he said, the agency performs about 20 million such queries each month.
  • Again, the ratio is a meaningless number. You're not declared innocent of murder because you didn't happen to murder someone every other day of your life. But, perhaps more important in this is the revelation of the 20 million queries every single month. Or, approximately 600,000 queries every day. How about 25,000 queries every hour? Or 417 queries every minute? Seven queries every single second. Holy crap, that's a lot of queries. Remember, too, that the NSA has insisted that it doesn't datamine its data collection, which is clearly hogwash. That many queries means they're trolling through that database all the time. Remember how the NSA was trying to play down how often it did queries by saying that only 300 phone numbers had been used to "initiate" a query? Yeah, well, once again, it would appear that the NSA was not being fully forthcoming about these sorts of things. Shocking, I know, but I'd imagine they'd claim it was the "least untruthful" answer they could come up with after having a good week or so to answer the question.
  • Paul Merrell on 16 Sep 13
     
    Edward Snowden already told us that the query "audits" were only seldom-experienced spot checks. The ratio of problems found to the number of queries is totally meaningless. 
Paul Merrell

NSA phone surveillance program likely unconstitutional, federal judge rules | World new... - 0 views

www.theguardian.com/...-likely-unconstitutional-judge

surveillance state NSA call-metadata litigation 4th Amendment constitutional law NSA-blowback

shared by Paul Merrell on 17 Dec 13 - No Cached
  • A federal judge in Washington ruled on Monday that the bulk collection of Americans’ telephone records by the National Security Agency is likely to violate the US constitution, in the most significant legal setback for the agency since the publication of the first surveillance disclosures by the whistleblower Edward Snowden. Judge Richard Leon declared that the mass collection of metadata probably violates the fourth amendment, which prohibits unreasonable searches and seizures, and was "almost Orwellian" in its scope. In a judgment replete with literary swipes against the NSA, he said James Madison, the architect of the US constitution, would be "aghast" at the scope of the agency’s collection of Americans' communications data. The ruling, by the US district court for the District of Columbia, is a blow to the Obama administration, and sets up a legal battle that will drag on for months, almost certainly destined to end up in the supreme court. It was welcomed by campaigners pressing to rein in the NSA, and by Snowden, who issued a rare public statement saying it had vindicated his disclosures. It is also likely to influence other legal challenges to the NSA, currently working their way through federal courts.
  • In Monday’s ruling, the judge concluded that the pair's constitutional challenge was likely to be successful. In what was the only comfort to the NSA in a stinging judgment, Leon put the ruling on hold, pending an appeal by the government. Leon expressed doubt about the central rationale for the program cited by the NSA: that it is necessary for preventing terrorist attacks. “The government does not cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack,” he wrote.
  • Leon’s opinion contained stern and repeated warnings that he was inclined to rule that the metadata collection performed by the NSA – and defended vigorously by the NSA director Keith Alexander on CBS on Sunday night – was unconstitutional. “Plaintiffs have a substantial likelihood of showing that their privacy interests outweigh the government’s interest in collecting and analysing bulk telephony metadata and therefore the NSA’s bulk collection program is indeed an unreasonable search under the fourth amendment,” he wrote. Leon said that the mass collection of phone metadata, revealed by the Guardian in June, was "indiscriminatory" and "arbitrary" in its scope. "The almost-Orwellian technology that enables the government to store and analyze the phone metadata of every telephone user in the United States is unlike anything that could have been conceived in 1979," he wrote, referring to the year in which the US supreme court ruled on a fourth amendment case upon which the NSA now relies to justify the bulk records program.
  • ...5 more annotations...
  • In a statement, Snowden said the ruling justified his disclosures. “I acted on my belief that the NSA's mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts," he said in comments released through Glenn Greenwald, the former Guardian journalist who received leaked documents from Snowden. "Today, a secret program authorised by a secret court was, when exposed to the light of day, found to violate Americans’ rights. It is the first of many.”
  • In his ruling, Judge Leon expressly rejected the government’s claim that the 1979 supreme court case, Smith v Maryland, which the NSA and the Obama administration often cite to argue that there is no reasonable expectation of privacy over metadata, applies in the NSA’s bulk-metadata collection. The mass surveillance program differs so much from the one-time request dealt with by the 1979 case that it was of “little value” in assessing whether the metadata dragnet constitutes a fourth amendment search.
  • In a decision likely to influence other federal courts hearing similar arguments from the ACLU, Leon wrote that the Guardian’s disclosure of the NSA’s bulk telephone records collection means that citizens now have standing to challenge it in court, since they can demonstrate for the first time that the government is collecting their phone data.
  • Leon also struck a blow for judicial review of government surveillance practices even when Congress explicitly restricts the ability of citizens to sue for relief. “While Congress has great latitude to create statutory schemes like Fisa,” he wrote, referring to the seminal 1978 surveillance law, “it may not hang a cloak of secrecy over the constitution.”
  • In his ruling on Monday, Judge Leon predicted the process would take six months. He urged the government to take that time to prepare for an eventual defeat. “I fully expect that during the appellate process, which will consume at least the next six months, the government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld,” wrote Leon in his opinion. “Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions.”
  • Paul Merrell on 17 Dec 13
     
    This is the case I thought was the weakest because of poor drafting in the complaint. The judge noted those issues in dismissing the plaintiffs' claims under the Administrative Procedures Act, but picked his way through what remained to find sufficient allegations to support the 4th Amendment challenge. Because he ruled for the plaintiffs on the 4th Amendment count, the judge did not reach the plaintiffs' arguments under the First and Fifth Amendments. This case is about cellphone call metadata, which the FISA Court has been ordering cell phone companies to provide every day, with the orders updated every 90 days. The judge's 68-page opinion is at https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2013cv0881-40 (cleaner copy than the Guardian's, which was apparently faxed). Notably, the judge, Richard Leon, is a Bush II appointee and one of the plaintiffs is a prominent conservative civil libertarian lawyer. The other plaintiff is the father of an NSA cryptologist who worked closely with SEAL Team 6 and was killed along with members of that team when their helicopter crashed in Afghanistan. I'll add some more in a comment. But digital privacy is not yet dead.
  • Paul Merrell on 17 Dec 13
     
    Unfortunately, DRM is not dead yet either and the court's PDF file is locked. No easy copying of its content. If you want to jump directly to the discussion of 4th Amendment issues, go to page 35. That way, you can skip past all the dreary discussion of the Administrative Procedures Act claim and you won't miss much that's memorable. In ruling on the plaintiffs' standing to raise the 4th Amendment claim, Judge Leon postulated two possible search issues: [i] the bulk daily collection of metadata and its retention in the database for five years; and [ii] the analysis of that data through the NSA's querying process. The judge had no difficulty with the first issue; it definitely qualifies as a search. But the judge rejected the plaintiffs' argument on the second type (which was lame), demonstrating that at least one federal judge understands how computers work. The government's filings indicated that a "seed" telephone number or other identifier is used as the query string. Judge Leon figured out for himself from this fact that the NSA of necessity had to compare that number or identifier to every number or identifier in its database looking for a match. The judge concluded that the plaintiffs' metadata --- indeed everyone's metadata --- had to be searched for comparison purposes *every* time the NSA analysts ran any query against the database. See his incisive discussion at pp. 39-41. So having established that two searches were involved, one every time the NSA queried the database, the judge moved on to the next question, whether "the plaintiffs had a reasonable expectation of privacy that is violated when the Government indiscriminately collects their telephony metadata along with the metadata of hundreds of millions of other citizens without any particularized suspicion of wrongdoing, retains that metadata for five years, and then queries, analyzes, and investigates that data without prior judicial approval of the investigative targets." pg. 43. More later
Paul Merrell

NSA 'secret backdoor' paved way to U.S. phone, e-mail snooping | Politics and Law - CNE... - 0 views

news.cnet.com/...y-to-u.s-phone-e-mail-snooping

surveillance state NSA Obama lies must-read

shared by Paul Merrell on 17 Aug 13 - No Cached
  • The National Security Agency created a "secret backdoor" so its massive databases could be searched for the contents of U.S. citizens' confidential phone calls and e-mail messages without a warrant, according to the latest classified documents leaked by Edward Snowden. A report in the Guardian on Friday quoted Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence Committee, as saying the secret rule offers a loophole allowing "warrantless searches for the phone calls or emails of law-abiding Americans." That appears to confirm what Rep. Jerrold Nadler, a New York Democrat, said in June after receiving a classified briefing from administration officials a few days earlier on the extent of the NSA's domestic surveillance operations. If the NSA wants "to listen to the phone," an analyst's decision is sufficient, without any other legal authorization required, Nadler said he had been told during the briefing. "I was rather startled," said Nadler, an attorney who serves on the House Judiciary Committee.
  • FBI Director Robert Mueller responded by assuring Nadler, according to a transcript of the hearing, that to "listen to the phone," the government would need "a particularized order" from the Foreign Intelligence Surveillance Court -- a claim that is contradicted by today's Guardian report and other documents. Mueller has been succeeded by James Comey, who was confirmed last month by the Senate. In response to a CNET article at the time, Director of National Intelligence James Clapper released a statement saying: "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress." Clapper never elaborated, however, on what "proper" authorization would be. Today's top-secret document leaked by Snowden reveals that "procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data."
  • FAA 702 is a reference to section 702 of a 2008 law that amended the Foreign Intelligence Surveillance Act. Those amendments created a warrantless surveillance process that could be employed by NSA analysts, but Congress never intended it to be used domestically against American citizens: A congressional report accompanying the law claimed it allows electronic surveillance only of "persons located outside the United States in order to acquire foreign intelligence information." In reality, though, the Obama Justice Department has devised secret interpretations of FAA 702 carving out loopholes in what were intended to be strict privacy safeguards. One loophole revealed in June shows that NSA, CIA, and FBI analysts are granted broad access to data vacuumed up by the world's most powerful intelligence agency -- but are supposed to follow certain "targeting" and "minimization" procedures to limit the number of Americans who become individual targets of warrantless surveillance.
  • ...2 more annotations...
  • Today's disclosures appear to be at odds with what President Obama has said over the last two months in defense of NSA surveillance. "What I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls and the NSA cannot target your e-mails," Obama has said. Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications.
  • AT&T and other telecommunications companies that allow the NSA to tap into their fiber links receive absolute immunity from civil liability or criminal prosecution, thanks to Section 702 of the FISA Amendments Act, which Congress renewed in 2012. It says that any civil lawsuit "against any person for providing assistance to an element of the intelligence community...shall be promptly dismissed." Section 702 of the law says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court -- in practice, this means analysts at the NSA and other agencies with intelligence functions -- as long as minimization requirements and general procedures blessed by the court are followed. It's unclear whether the court has approved the "secret backdoor" allowing Americans' e-mail and phone messages to be targeted for domestic surveillance.
Paul Merrell

Edward Snowden: NSA whistleblower answers reader questions | World news | guardian.co.uk - 0 views

www.guardian.co.uk/...nowden-nsa-files-whistleblower

surveillance state NSA Snowden Obama state-secrets must-read

shared by Paul Merrell on 18 Jun 13 - No Cached
  • The 29-year-old former NSA contractor and source of the Guardian's NSA files coverage will – with the help of Glenn Greenwald – take your questions today on why he revealed the NSA's top-secret surveillance of US citizens, the international storm that has ensued, and the uncertain future he now faces. Ask him anything.
  • I did not reveal any US operations against legitimate military targets. I pointed out where the NSA has hacked civilian infrastructure such as universities, hospitals, and private businesses because it is dangerous. These nakedly, aggressively criminal acts are wrong no matter the target. Not only that, when NSA makes a technical mistake during an exploitation operation, critical systems crash. Congress hasn't declared war on the countries - the majority of them are our allies - but without asking for public permission, NSA is running network operations against them that affect millions of innocent people. And for what? So we can have secret access to a computer in a country we're not even fighting? So we can potentially reveal a potential terrorist with the potential to kill fewer Americans than our own Police? No, the public needs to know the kinds of things a government does in its name, or the "consent of the governed" is meaningless.
  • I was debriefed by Glenn and his peers over a number of days, and not all of those conversations were recorded. The statement I made about earnings was that $200,000 was my "career high" salary. I had to take pay cuts in the course of pursuing specific work. Booz was not the most I've been paid.
  • ...17 more annotations...
  • 1) More detail on how direct NSA's accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on - it's all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed.
  • Obama's campaign promises and election gave me faith that he would lead us toward fixing the problems he outlined in his quest for votes. Many Americans felt similarly. Unfortunately, shortly after assuming power, he closed the door on investigating systemic violations of law, deepened and expanded several abusive programs, and refused to spend the political capital to end the kind of human rights violations like we see in Guantanamo, where men still sit without charge.
  • All I can say right now is the US Government is not going to be able to cover this up by jailing or murdering me. Truth is coming, and it cannot be stopped
  • NSA likes to use "domestic" as a weasel word here for a number of reasons. The reality is that due to the FISA Amendments Act and its section 702 authorities, Americans’ communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant. They excuse this as "incidental" collection, but at the end of the day, someone at NSA still has the content of your communications. Even in the event of "warranted" intercept, it's important to understand the intelligence community doesn't always deal with what you would consider a "real" warrant like a Police department would have to, the "warrant" is more of a templated form they fill out and send to a reliable judge with a rubber stamp.
  • Glenn Greenwald follow up: When you say "someone at NSA still has the content of your communications" - what do you mean? Do you mean they have a record of it, or the actual content? Both. If I target for example an email address, for example under FAA 702, and that email address sent something to you, Joe America, the analyst gets it. All of it. IPs, raw data, content, headers, attachments, everything. And it gets saved for a very long time - and can be extended further with waivers rather than warrants.
  • What are your thoughts on Google's and Facebook's denials? Do you think that they're honestly in the dark about PRISM, or do you think they're compelled to lie? Perhaps this is a better question to a lawyer like Greenwald, but: If you're presented with a secret order that you're forbidding to reveal the existence of, what will they actually do if you simply refuse to comply (without revealing the order)? Answer: Their denials went through several revisions as it become more and more clear they were misleading and included identical, specific language across companies. As a result of these disclosures and the clout of these companies, we're finally beginning to see more transparency and better details about these programs for the first time since their inception. They are legally compelled to comply and maintain their silence in regard to specifics of the program, but that does not comply them from ethical obligation. If for example Facebook, Google, Microsoft, and Apple refused to provide this cooperation with the Intelligence Community, what do you think the government would do? Shut them down?
  • Some skepticism exists about certain of your claims, including this: I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email. Do you stand by that, and if so, could you elaborate? Answer: Yes, I stand by it. US Persons do enjoy limited policy protections (and again, it's important to understand that policy protection is no protection - policy is a one-way ratchet that only loosens) and one very weak technical protection - a near-the-front-end filter at our ingestion points. The filter is constantly out of date, is set at what is euphemistically referred to as the "widest allowable aperture," and can be stripped out at any time. Even with the filter, US comms get ingested, and even more so as soon as they leave the border. Your protected communications shouldn't stop being protected communications just because of the IP they're tagged with. More fundamentally, the "US Persons" protection in general is a distraction from the power and danger of this system. Suspicionless surveillance does not become okay simply because it's only victimizing 95% of the world instead of 100%. Our founders did not write that "We hold these Truths to be self-evident, that all US Persons are created equal."
  • Edward, there is rampant speculation, outpacing facts, that you have or will provide classified US information to the Chinese or other governments in exchange for asylum. Have/will you? Answer: This is a predictable smear that I anticipated before going public, as the US media has a knee-jerk "RED CHINA!" reaction to anything involving HK or the PRC, and is intended to distract from the issue of US government misconduct. Ask yourself: if I were a Chinese spy, why wouldn't I have flown directly into Beijing? I could be living in a palace petting a phoenix by now.
  • US officials say this every time there's a public discussion that could limit their authority. US officials also provide misleading or directly false assertions about the value of these programs, as they did just recently with the Zazi case, which court documents clearly show was not unveiled by PRISM. Journalists should ask a specific question: since these programs began operation shortly after September 11th, how many terrorist attacks were prevented SOLELY by information derived from this suspicionless surveillance that could not be gained via any other source? Then ask how many individual communications were ingested to acheive that, and ask yourself if it was worth it. Bathtub falls and police officers kill more Americans than terrorism, yet we've been asked to sacrifice our most sacred rights for fear of falling victim to it. Further, it's important to bear in mind I'm being called a traitor by men like former Vice President Dick Cheney. This is a man who gave us the warrantless wiretapping scheme as a kind of atrocity warm-up on the way to deceitfully engineering a conflict that has killed over 4,400 and maimed nearly 32,000 Americans, as well as leaving over 100,000 Iraqis dead. Being called a traitor by Dick Cheney is the highest honor you can give an American, and the more panicked talk we hear from people like him, Feinstein, and King, the better off we all are. If they had taught a class on how to be the kind of citizen Dick Cheney worries about, I would have finished high school.
  • Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption? Answer: Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. 
  • Binney, Drake, Kiriakou, and Manning are all examples of how overly-harsh responses to public-interest whistle-blowing only escalate the scale, scope, and skill involved in future disclosures. Citizens with a conscience are not going to ignore wrong-doing simply because they'll be destroyed for it: the conscience forbids it. Instead, these draconian responses simply build better whistleblowers. If the Obama administration responds with an even harsher hand against me, they can be assured that they'll soon find themselves facing an equally harsh public response. This disclosure provides Obama an opportunity to appeal for a return to sanity, constitutional policy, and the rule of law rather than men. He still has plenty of time to go down in history as the President who looked into the abyss and stepped back, rather than leaping forward into it. I would advise he personally call for a special committee to review these interception programs, repudiate the dangerous "State Secrets" privilege, and, upon preparing to leave office, begin a tradition for all Presidents forthwith to demonstrate their respect for the law by appointing a special investigator to review the policies of their years in office for any wrongdoing. There can be no faith in government if our highest offices are excused from scrutiny - they should be setting the example of transparency. 
  • What would you say to others who are in a position to leak classified information that could improve public understanding of the intelligence apparatus of the USA and its effect on civil liberties?
  • This country is worth dying for.
  • My question: given the enormity of what you are facing now in terms of repercussions, can you describe the exact moment when you knew you absolutely were going to do this, no matter the fallout, and what it now feels like to be living in a post-revelation world? Or was it a series of moments that culminated in action? I think it might help other people contemplating becoming whistleblowers if they knew what the ah-ha moment was like. Again, thanks for your courage and heroism. Answer: I imagine everyone's experience is different, but for me, there was no single moment. It was seeing a continuing litany of lies from senior officials to Congress - and therefore the American people - and the realization that that Congress, specifically the Gang of Eight, wholly supported the lies that compelled me to act. Seeing someone in the position of James Clapper - the Director of National Intelligence - baldly lying to the public without repercussion is the evidence of a subverted democracy. The consent of the governed is not consent if it is not informed.
  • Regarding whether you have secretly given classified information to the Chinese government, some are saying you didn't answer clearly - can you give a flat no? Answer: No. I have had no contact with the Chinese government. Just like with the Guardian and the Washington Post, I only work with journalists.
  • So far are things going the way you thought they would regarding a public debate? – tikkamasala Answer: Initially I was very encouraged. Unfortunately, the mainstream media now seems far more interested in what I said when I was 17 or what my girlfriend looks like rather than, say, the largest program of suspicionless surveillance in human history.
  • Thanks to everyone for their support, and remember that just because you are not the target of a surveillance program does not make it okay. The US Person / foreigner distinction is not a reasonable substitute for individualized suspicion, and is only applied to improve support for the program. This is the precise reason that NSA provides Congress with a special immunity to its surveillance.
  • Paul Merrell on 18 Jun 13
     
    I particularly liked this Snowden observation as an idea for a constitutional amendment: "This disclosure provides Obama an opportunity to appeal for a return to sanity, constitutional policy, and the rule of law rather than men. He still has plenty of time to go down in history as the President who looked into the abyss and stepped back, rather than leaping forward into it. I would advise he personally call for a special committee to review these interception programs, repudiate the dangerous "State Secrets" privilege, and, upon preparing to leave office, begin a tradition for all Presidents forthwith to demonstrate their respect for the law by appointing a special investigator to review the policies of their years in office for any wrongdoing. There can be no faith in government if our highest offices are excused from scrutiny - they should be setting the example of transparency. " Repeal of the State Secrets privilege would require a constitutional amendment because the Supreme Court decided back when that it is inherent in the President's power as commander in chief of the military forces. In other words, neither Congress nor the courts can second-guess such claims, a huge contributing factor in the over-classification of government records when the real reason is to protect bureaucrats from embarrassment, civil rights suits, and criminal prosecution. It is no accident that we have an Executive Branch that is out-of-control, waging dictatorial powers under the protection of the State Secrets privilege. 
Paul Merrell

ACLU accuses NSA of using holiday lull to 'minimise impact' of documents | US news | Th... - 0 views

www.theguardian.com/...s-christmas-eve-lessens-impact

surveillance state NSA internal-reports FOIA litigation ACLU

shared by Paul Merrell on 29 Dec 14 - No Cached
  • The National Security Agency used the holiday lull to “minimise the impact” of a tranche of documents by releasing them on Christmas Eve, the American Civil Liberties Union (ACLU) said on Friday. The documents, which were released in response to a legal challenge by the ACLU under the Freedom of Information Act, are heavily – in some places totally –redacted versions of reports by the NSA to the President’s Intelligence Oversight Board dating back to 2007. A court ordered the documents released this past summer, and a 22 December deadline for that release was agreed upon, according to Patrick Toomey, a staff attorney at the ACLU’s national security project, because the NSA said it needed “six or seven months” to complete its review and redaction process. A spokesperson for the NSA said that the 22 December deadline, “which was agreed to by all parties,” was met.
  • But according to Toomey, the ACLU didn’t receive the documents until “late in the day on the 23rd” – the NSA sent them by FedEx late on the 22nd – and the NSA didn’t publicly release them until Christmas Eve. “I certainly think the NSA would prefer to have the documents released right ahead of the holidays in order to have less public attention on what they contain,” Toomey said. The redactions on the document are extreme, and their omissions tantalising. One entry, from the 4th quarter of 2008, reads: “On [redacted] [redacted] used the US SIGINT System (USSS) to locate [redacted] believed to be kidnapped [redacted] The selectors were tasked before authorization was obtained from NSA. After the NSA Office of General Counsel (OGC) denied the authorization request, [redacted] was found. He had not been kidnapped.” Another reads: “On [redacted] during an experimental collection and processing effort, NSA analysts collected [several lines of text redacted.] The messages were deleted [redacted] when the error was identified.”
  • Many entries are erased entirely, which means the documents reveal very little about how individuals who misuse the data were disciplined by the NSA, or how quickly errors were resolved. But, according to Toomey, they speak to a total picture of a “large number of different compliance violations. We don’t know how many.” He said the documents deepen the picture of the nature and extent of compliance violations by analysts working for the NSA.
  • ...1 more annotation...
  • “There are certain portions of the documents that really vindicate some of the things [Edward] Snowden said when he first described the NSA surveillance in terms of the ability of analysts to conduct queries – without authorisation – of raw internet traffic,” Toomey said. Among the items redacted are sections detailing the total number of violations reported, with many ending up like this entry from 2013 “On [redacted] occasions during the fourth quarter, selectors were incorrectly tasked because of typographical errors.” This makes the scale of the problem difficult to gauge. Toomey said the ACLU would continue to sue for the release of those numbers. “More generally,” Toomey said, “just the range of different compliance violations makes it clear that at every step of the NSA’s collection of information there are vulnerabilities that leave the privacy of Americans at risk.”
Paul Merrell

Lack of Due Diligence: The NSA's "the Analyst Didn't Give a Fuck" Violation | emptywheel - 0 views

www.emptywheel.net/...st-didnt-give-a-fuck-violation

surveillance state NSA privacy-violations stats lies

shared by Paul Merrell on 17 Aug 13 - No Cached
  • The NSA claims there have been no willful violations the law relating to the NSA databases. For example, NSA’s Director of Compliance John DeLong just said ”NSA has a zero tolerance policy for willful misconduct. None of the incidents were willful.” House Intelligence Chair Mike Rogers just said the documents show “no intentional or willful violations.” Which is why I want to look more closely at the user error categories included in the May 3, 2012 audit. The report doesn’t actually break down the root cause of errors across all violations. But it does for 3 different types of overlapping incident types (the 195 FISA authority incidents, the 115 database query ones, and the 772 S2 Directorate violations).
  • What I’m interested in are the three main types of operator error: human error, resources, and lack of due diligence.
  • But then there’s a third category: lack of due diligence. The report defines lack of due diligence as “a failure to follow standard operating procedures.” But some failure to follow standard operating procedure is accounted for in other categories, like training, the misapplied query techniques, and the apparent inadequate research violations. This category appears to be something different than the “honest mistake” errors categorized under human error. In fact, by the very exclusion of these violations from the “human error” category, NSA seems to be admitting these violations aren’t errors. These violations of standard operating procedures, it seems, are intentional. Not errors. Willful violations. At the very least, this category seems to count the violations on behalf of analysts who just don’t give a fuck what he rules are, they’re going to ignore the rules. This category, what consider the “Analyst didn’t give a fuck” category, accounts for 9% to 20% of all the violations broken out by root cause.
  • ...1 more annotation...
  • In aggregate, these violations may not amount to all that many given the thousands of queries run every year — they make up just 68 of the violations in S2, for example. Those 68 due diligence violations make up almost 8% of the violations in the quarter, not counting due diligence violations that may have happened in other Directorates. John DeLong, who is in charge of compliance at NSA, says the Agency has zero tolerance for willful misconduct. But the NSA appears to have a good deal more tolerance for a lack of due diligence.
  • Paul Merrell on 17 Aug 13
     
    Marcy at EmptyWheel digs into the leaked NSA audit reports and exposes what appears to be another Obama Administration lie: that none of the violations of surveillance law by NSA staff were willful. NSA appears to be hiding the willful violations under the misleadingly titled "lack of due diligence" category. Who says numbers can't lie, if they're miscategorized?   
Paul Merrell

NSA performed warrantless searches on Americans' calls and emails - Clapper |... - 0 views

www.theguardian.com/...llance-loophole-americans-data

surveillance state NSA FISA-Court FISA-loophole lies Obama

shared by Paul Merrell on 02 Apr 14 - No Cached
  • US intelligence chiefs have confirmed that the National Security Agency has used a "back door" in surveillance law to perform warrantless searches on Americans’ communications.The NSA's collection programs are ostensibly targeted at foreigners, but in August the Guardian revealed a secret rule change allowing NSA analysts to search for Americans' details within the databases.Now, in a letter to Senator Ron Wyden, an Oregon Democrat on the intelligence committee, the director of national intelligence, James Clapper, has confirmed the use of this legal authority to search for data related to “US persons”.
  • “There have been queries, using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States,” Clapper wrote in the letter, which has been obtained by the Guardian.“These queries were performed pursuant to minimization procedures approved by the Fisa court and consistent with the statute and the fourth amendment.” The legal authority to perform the searches, revealed in top-secret NSA documents provided to the Guardian by Edward Snowden, was denounced by Wyden as a “backdoor search loophole.”Many of the NSA's most controversial programs collect information under the law affected by the so-called loophole. These include Prism, which allows the agency to collect data from Google, Apple, Facebook, Yahoo and other tech companies, and the agency's Upstream program – a huge network of internet cable taps.
  • Clapper did not say how many warrantless searches had been performed by the NSA. It was not the first time the searches had been confirmed: after the Snowden leaks, the office of the director of national intelligence declassified documents that discussed the rule change. But Clapper's letter drew greater attention to the issue.Confirmation that the NSA has searched for Americans’ communications in its phone call and email databases complicates President Barack Obama’s initial defenses of the broad surveillance in June.“When it comes to telephone calls, nobody is listening to your telephone calls. That’s not what this program’s about,” Obama said. “As was indicated, what the intelligence community is doing is looking at phone numbers and durations of calls. They are not looking at people’s names, and they’re not looking at content.”Obama was referring specifically to the bulk collection of US phone records, but his answer misleadingly suggested that the NSA could not examine Americans’ phone calls and emails.
  • ...4 more annotations...
  • At a recent hearing of the Privacy and Civil Liberties Oversight Board, administration lawyers defended their latitude to perform such searches. The board is scheduled to deliver a report on the legal authority under which the communications are collected, Section 702 of the Foreign Intelligence Surveillance Act (Fisa), passed in 2008. Wyden and Colorado Democrat Mark Udall failed in 2012 to persuade their fellow Senate intelligence committee members to prevent such warrantless searches during the re-authorisation of the 2008 Fisa Amendments Act, which wrote Section 702 into law. Dianne Feinstein, the California Democrat who chairs the committee, defended the practice, and argued that it did not violate the act’s “reverse targeting” prohibition on using NSA’s vast powers to collect content on Americans.
  • Much of the NSA's bulk data collection is covered by section 702 of the Fisa Amendments Act. This allows for the collection of communications – content and metadata alike – without individual warrants, so long as there is a reasonable belief the communications are both foreign and overseas.The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as "incidental collection".Initially, NSA rules on such data prevented the databases being searched for any details relating to "US persons" – that is, citizens or residents of the US. However, in October 2011 the Fisa court approved new procedures which allowed the agency to search for US person data, a revelation contained in documents revealed by Snowden.
  • The ruling appears to give the agency free access to search for information relating to US people within its vast databases, though not to specifically collect information against US citizens in the first place. However, until the DNI's disclosure to Wyden, it was not clear whether the NSA had ever actually used these powers.On Tuesday, Wyden and Udall said the NSA’s warrantless searches of Americans’ emails and phone calls “should be concerning to all.” “This is unacceptable. It raises serious constitutional questions, and poses a real threat to the privacy rights of law-abiding Americans. If a government agency thinks that a particular American is engaged in terrorism or espionage, the fourth amendment requires that the government secure a warrant or emergency authorisation before monitoring his or her communications. This fact should be beyond dispute,” the two senators said in a joint statement.
  • They continued: “Today’s admission by the Director of National Intelligence is further proof that meaningful surveillance reform must include closing the back-door searches loophole and requiring the intelligence community to show probable cause before deliberately searching through data collected under section 702 to find the communications of individual Americans."
Paul Merrell

Lawmakers vow to constrain NSA from collecting U.S. phone records - latimes.com - 0 views

www.latimes.com/...cords-20131222,0,6798521.story

surveillance state NSA NSA-blowback NSA-reform legislation

shared by Paul Merrell on 24 Dec 13 - No Cached
  • The drive to end the bulk collection of phone records by the National Security Agency is gaining strength, as Senate Democrats said Sunday that Congress will change the law to ban the practice if President Obama does not do it first. “It’s time to have real reform, not a veneer of reform,” said Sen. Mark Udall (D-Colo.), a longtime critic of the NSA. “We have got to rebuild the American people’s trust in our intelligence community so we can be safe,” he said on ABC’s "This Week." “But we don’t do that by bulk data collection that violates the privacy of Americans. That’s unconstitutional, and has shown to not be effective.” Last week, a federal judge said the routine collection of the dialing records is probably unconstitutional, and a panel appointed by President Obama recommended a major change. “We believe the government shouldn’t hold this data any longer,” Michael Morrell, a former acting director of the CIA and a panel member, said on CBS’ "Face the Nation." He said the phone records could be held by the phone companies or by another private group. Then, the government would “need a court order every time they wanted to query that data,” he said. Despite the need for reforms, Morrell said the original purpose of the program still makes sense. He said it is crucial the NSA and the FBI can move quickly if there is reason to believe that a “terrorist overseas is talking to someone in the United States.”
  • But the government does not need to collect and store all of these dialing records, he said, so long as they are held in private hands. Senate Judiciary Committee Chairman Patrick J. Leahy (D-Vt.) said he will press ahead in January to pass a bill that forbids the NSA from collecting phone records. He is sponsoring the USA Freedom Act with former House Judiciary Committee Chairman F. James Sensenbrenner (R-Wis.) to close what they now see as a loophole in the law.
  • Paul Merrell on 24 Dec 13
     
    Wrong approach, in my opinion. None of the NSA reform measures so far take aim at the problem's roots. Those are unwarranted government secrecy, lack of reviewability by the courts at the request of the affected public, and no clear definition of digital privacy rights. Make something illegal for the NSA to do and DoD will just transfer those responsibilities to another of its agencies or farm it out to one of the other 5 Eyes nations to perform for them.   
Paul Merrell

Obama administration had restrictions on NSA reversed in 2011 - The Washington Post - 0 views

www.washingtonpost.com/...3-85b6-d27422650fd5_story.html

surveillance state NSA NSA-targets Americans email-content phone-content lies

shared by Paul Merrell on 24 Dec 13 - No Cached
  • The Obama administration secretly won permission from a surveillance court in 2011 to reverse restrictions on the National Security Agency’s use of intercepted phone calls and e-mails, permitting the agency to search deliberately for Americans’ communications in its massive databases, according to interviews with government officials and recently declassified material. In addition, the court extended the length of time that the NSA is allowed to retain intercepted U.S. communications from five years to six years — and more under special circumstances, according to the documents, which include a recently released 2011 opinion by U.S. District Judge John D. Bates, then chief judge of the Foreign Intelligence Surveillance Court.
  • What had not been previously acknowledged is that the court in 2008 imposed an explicit ban — at the government’s request — on those kinds of searches, that officials in 2011 got the court to lift the bar and that the search authority has been used. Together the permission to search and to keep data longer expanded the NSA’s authority in significant ways without public debate or any specific authority from Congress. The administration’s assurances rely on legalistic definitions of the term “target” that can be at odds with ordinary English usage. The enlarged authority is part of a fundamental shift in the government’s approach to surveillance: collecting first, and protecting Americans’ privacy later.
  • “The government says, ‘We’re not targeting U.S. persons,’ ” said Gregory T. Nojeim, senior counsel at the Center for Democracy and Technology. “But then they never say, ‘We turn around and deliberately search for Americans’ records in what we took from the wire.’ That, to me, is not so different from targeting Americans at the outset.”
  • ...7 more annotations...
  • The court decision allowed the NSA “to query the vast majority” of its e-mail and phone call databases using the e-mail addresses and phone numbers of Americans and legal residents without a warrant, according to Bates’s opinion. The queries must be “reasonably likely to yield foreign intelligence information.” And the results are subject to the NSA’s privacy rules.
  • But in 2011, to more rapidly and effectively identify relevant foreign intelligence communications, “we did ask the court” to lift the ban, ODNI general counsel Robert S. Litt said in an interview. “We wanted to be able to do it,” he said, referring to the searching of Americans’ communications without a warrant.
  • But — and this was the nub of the criticism — a warrant for each target would no longer be required. That means that communications with Americans could be picked up without a court first determining that there is probable cause that the people they were talking to were terrorists, spies or “foreign powers.”That is why it is important to require a warrant before searching for Americans’ data, Udall said. “Our founders laid out a roadmap where Americans’ privacy rights are protected before their communications are seized or searched — not after the fact,” he said in a statement to The Post.
  • The [surveillance] Court documents declassified recently show that in late 2011 the court authorized the NSA to conduct warrantless searches of individual Americans’ communications using an authority intended to target only foreigners,” Wyden said in a statement to The Washington Post. “Our intelligence agencies need the authority to target the communications of foreigners, but for government agencies to deliberately read the e-mails or listen to the phone calls of individual Americans, the Constitution requires a warrant.”
  • Senior administration officials disagree. “If we’re validly targeting foreigners and we happen to collect communications of Americans, we don’t have to close our eyes to that,” Litt said. “I’m not aware of other situations where once we have lawfully collected information, we have to go back and get a warrant to look at the information we’ve already collected.” The searches take place under a surveillance program Congress authorized in 2008 under Section 702 of the Foreign Intelligence Surveillance Act. Under that law, the target must be a foreigner “reasonably believed” to be outside the United States, and the court must approve the targeting procedures in an order good for one year.
  • The court’s expansion of authority went largely unnoticed when the opinion was released, but it formed the basis for cryptic warnings last year by a pair of Democratic senators, Ron Wyden (Ore.) and Mark Udall (Colo.), that the administration had a “back-door search loophole” that enabled the NSA to scour intercepted communications for those of Americans. They introduced legislation to require a warrant, but they were barred by classification rules from disclosing the court’s authorization or whether the NSA was already conducting such searches.
  • The NSA intercepts more than 250 million Internet communications each year under Section 702. Ninety-one percent are from U.S. Internet companies such as Google and Yahoo. The rest come from “upstream” companies that route Internet traffic to, from and within the United States. The expanded search authority applies only to the downstream collection.
  • Paul Merrell on 24 Dec 13
     
    An important article I missed, from last September. Searching the content of American citizens' calls and emails without a search warrant. Straight-up violation of the Fourth and Fifth amendments (warrantless search and deprivation of due process).  And directly contrary to what Obama, Clapper, and Alexander told the public over and over again.
Paul Merrell

Officials: NSA programs broke plots in 20 nations - Times Union - 0 views

www.timesunion.com/...lots-in-20-nations-4602987.php

surveillance state NSA propaganda

shared by Paul Merrell on 16 Jun 13 - No Cached
  • Top U.S. intelligence officials said Saturday that information gleaned from two controversial data-collection programs run by the National Security Agency thwarted potential terrorist plots in the U.S. and more than 20 other countries — and that gathered data is destroyed every five years.Last year, fewer than 300 phone numbers were checked against the database of millions of U.S. phone records gathered daily by the NSA in one of the programs, the intelligence officials said in arguing that the programs are far less sweeping than their detractors allege.
  • No other new details about the plots or the countries involved were part of the newly declassified information released to Congress on Saturday and made public by the Senate Intelligence Committee. Intelligence officials said they are working to declassify the dozens of plots NSA chief Gen. Keith Alexander said were disrupted, to show Americans the value of the programs, but that they want to make sure they don't inadvertently reveal parts of the U.S. counterterrorism playbook in the process.
  • The officials offered more detail on how the phone records program helped the NSA stop a 2009 al-Qaida plot to blow up New York City subways. They say the program helped them track a co-conspirator of al-Qaida operative Najibullah Zazi — though it's not clear why the FBI needed the NSA to investigate Zazi's phone records because the FBI would have had the authority to gather records of Zazi's phone calls after identifying him as a suspect, rather than relying on the sweeping collection program.
  • Paul Merrell on 16 Jun 13
     
    Fewer than 300 phone numbers checked in 2012 *in one of the programs?*  How many in your other programs, please? Oops! Please don't answer yet; the polygraph isn't properly fastened. Perhaps time to remember that the Director of the NSA has already been caught lying to Congress. Let's also remember that nearly every FBI bust for terrorism has been a case where the FBI had to entice someone with no known "terrorist" organization connections into committing the crime.  Are these the dozens of plots referred to? If not, why no busts of real "terrorists?" This bit of propaganda doesn't pass the smell test. C'mon AP; you can do better than this. 
Paul Merrell

Feinstein promotes bill to strengthen NSA's hand on warrantless searches | World news |... - 0 views

www.theguardian.com/...rantless-searches-surveillance

surveillance state legislation Feinstein NSA law enforcement

shared by Paul Merrell on 17 Nov 13 - No Cached
  • A Senate bill promoted as a surveillance reform would codify the ability of the National Security Agency to search its troves of foreign phone and email communications for Americans’ information, and permit law enforcement agencies to search the vast databases as well. The Fisa Improvements Act, promoted by Dianne Feinstein, the California Democrat who chairs the Senate intelligence committee, would both make permanent a loophole permitting the NSA to search for Americans’ identifying information without a warrant – and, civil libertarians fear, contains an ambiguity that might allow the FBI, the DEA and other law enforcement agencies to do the same thing. “For the first time, the statute would explicitly allow the government to proactively search through the NSA data troves of information without a warrant,” said Michelle Richardson, the surveillance lobbyist for the ACLU.
  • “It may also expand current practices by allowing law enforcement to directly access US person information that was nominally collected for foreign intelligence purposes. This fourth amendment back door needs to be closed, not written into stone.” Feinstein’s bill passed the committee on an 11 to 4 vote on 31 October. An expanded report on its provisions released by the committee this week added details about the ability of both intelligence and law enforcement to sift through foreign communications databases that it accumulates under section 702 of the Fisa Amendments Act of 2008. Section 6 of Feinstein’s bill blesses what her committee colleague Ron Wyden, the Oregon Democrat and civil libertarian, has called the “backdoor search provision,” which the Guardian revealed thanks to a leak by Edward Snowden.  The section permits intelligence agencies to search “the contents of communications” collected primarily overseas for identifying information on US citizens, resident aliens and people inside the US, provided that the “purpose of the query is to obtain foreign intelligence information or information necessary to understand foreign intelligence information or to assess its importance.”
  • Section 6 bills itself as a “restriction,” but it would not stop the NSA from performing the warrantless search, merely requiring intelligence agencies to log their queries and make them “available for review” to Congress, the Fisa court, the Justice Department and inspectors general inside the executive branch. Additionally, the report on Section 6 explicitly states that the provision “does not limit the authority of law enforcement agencies to conduct queries of data acquired pursuant to Section 702 of Fisa for law enforcement purposes.” There is ambiguity surrounding whether the FBI can currently search through the NSA’s foreign communications databases, or is reliant on the NSA to pass on information from the databases relevant to the bureau. A declassified Fisa court document from 2011 refers to “FBI minimization procedures,” but it is unclear what those procedures are. A copy of the FBI minimization procedures from 2009, acquired by the ACLU under the Freedom of Information Act is almost completely redacted. So is the section in the government’s most recent report on its Section 702 collection dealing with the FBI’s role, though it contains references to how the FBI “receive[s] … unminimized Section 70 acquired communications” from the NSA. 
  • ...1 more annotation...
  • Feinstein’s bill “seems to imply there is currently some authority for law enforcement to query the database, which [intelligence community] officials have not mentioned in any of their remarks on Section 702,” said Alan Butler, an attorney with the Electronic Privacy Information Center. The provision is also unclear about whether law enforcement agencies can search through the foreign communications databases for information on US persons. Feinstein’s office did not respond to a request for clarification by deadline. The ambiguity concerns civil libertarians, as it opens a door for law enforcement agencies to sidestep warrant requirements. “If Senator Feinstein or other congressional supporters of this bill believe that it would in fact expand law enforcement access to the database, that would be an unjustified expansion of surveillance over Americans,” Butler said.
Paul Merrell

NSA Critics, Right All Along | National Review Online - 1 views

www.nationalreview.com/...ht-all-along-charles-c-w-cooke

surveillance state NSA Obama lies

shared by Paul Merrell on 06 Sep 13 - No Cached
  • Barton Gellman’s explosive story in last Thursday’s Washington Post revealed an unnerving audit of the National Security Agency that showed, among other things, that the federal government “broke privacy rules thousands of times per year” in conducting extensive and “unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by statute and executive order.” Thus was put convincingly to bed the now-obselete notion that the NSA’s claim on the privacy of the righteous was merely declaratory.
  • Contrary to the self-satisfied insistence of America’s national-security apologists, none of the excuses made on behalf of the NSA are reassuring. To both their credit and discredit, people in the United States continue to exhibit a definite fear of accusing public servants of mendacity. It is therefore apparently beyond the pale to suggest that President Obama was “lying” when he promised that the “transparent” NSA has not been “actually abusing” its power and that “we don’t have a domestic spying program.” For the sake of this column, I shall defer to the tradition.
  • Nevertheless, if Obama was in fact not lying, then there remain only two reasonable options as to why his explanations and the truth are so far removed from one another: Either the president of the United States is so genuinely and worryingly out of touch with his own NSA that he has no idea what is going on, or his conception of what constitutes “abuse” is appreciably different enough from everyone else’s that he is unsuited to the high office he holds. As The Atlantic’s Conor Friedersdorf helpfully clarifies: “The 2,776 incidents of illegal surveillance” that the audit revealed “don’t mean that just 2,766 people had their rights violated — in just a single one of those 2,776 incidents, 3,000 people had their rights violated,” sometimes because operators inadvertently started tracking all calls into Washington, D.C. If this is not “abuse,” what is?
  • Paul Merrell on 06 Sep 13
     
    Let's always keep in mind that the NSA audits are only spot checks and that far more database queries are never audited. 
Paul Merrell

Angry Birds and 'leaky' phone apps targeted by NSA and GCHQ for user data | World news ... - 0 views

www.theguardian.com/...-app-angry-birds-personal-data

surveillance state NSA mobile-app-data-intercept must-read NSA-targets

shared by Paul Merrell on 29 Jan 14 - No Cached
  • The National Security Agency and its UK counterpart GCHQ have been developing capabilities to take advantage of "leaky" smartphone apps, such as the wildly popular Angry Birds game, that transmit users' private information across the internet, according to top secret documents.The data pouring onto communication networks from the new generation of iPhone and Android apps ranges from phone model and screen size to personal details such as age, gender and location. Some apps, the documents state, can share users' most sensitive information such as sexual orientation – and one app recorded in the material even sends specific sexual preferences such as whether or not the user may be a swinger.Many smartphone owners will be unaware of the full extent this information is being shared across the internet, and even the most sophisticated would be unlikely to realise that all of it is available for the spy agencies to collect
  • Dozens of classified documents, provided to the Guardian by whistleblower Edward Snowden and reported in partnership with the New York Times and ProPublica, detail the NSA and GCHQ efforts to piggyback on this commercial data collection for their own purposes.Scooping up information the apps are sending about their users allows the agencies to collect large quantities of mobile phone data from their existing mass surveillance tools – such as cable taps, or from international mobile networks – rather than solely from hacking into individual mobile handsets. Exploiting phone information and location is a high-priority effort for the intelligence agencies, as terrorists and other intelligence targets make substantial use of phones in planning and carrying out their activities, for example by using phones as triggering devices in conflict zones. The NSA has cumulatively spent more than $1bn in its phone targeting efforts.The disclosures also reveal how much the shift towards smartphone browsing could benefit spy agencies' collection efforts.
  • Depending on what profile information a user had supplied, the documents suggested, the agency would be able to collect almost every key detail of a user's life: including home country, current location (through geolocation), age, gender, zip code, marital status – options included "single", "married", "divorced", "swinger" and more – income, ethnicity, sexual orientation, education level, and number of children.The agencies also made use of their mobile interception capabilities to collect location information in bulk, from Google and other mapping apps. One basic effort by GCHQ and the NSA was to build a database geolocating every mobile phone mast in the world – meaning that just by taking tower ID from a handset, location information could be gleaned.A more sophisticated effort, though, relied on intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information.So successful was this effort that one 2008 document noted that "[i]t effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system."
  • ...3 more annotations...
  • One slide from a May 2010 NSA presentation on getting data from smartphones – breathlessly titled "Golden Nugget!" – sets out the agency's "perfect scenario": "Target uploading photo to a social media site taken with a mobile device. What can we get?"The question is answered in the notes to the slide: from that event alone, the agency said it could obtain a "possible image", email selector, phone, buddy lists, and "a host of other social working data as well as location".
  • The latest disclosures could also add to mounting public concern about how the technology sector collects and uses information, especially for those outside the US, who enjoy fewer privacy protections than Americans. A January poll for the Washington Post showed 69% of US adults were already concerned about how tech companies such as Google used and stored their information.The documents do not make it clear how much of the information that can be taken from apps is routinely collected, stored or searched, nor how many users may be affected. The NSA says it does not target Americans and its capabilities are deployed only against "valid foreign intelligence targets".The documents do set out in great detail exactly how much information can be collected from widely popular apps. One document held on GCHQ's internal Wikipedia-style guide for staff details what can be collected from different apps. Though it uses Android apps for most of its examples, it suggests much of the same data could be taken from equivalent apps on iPhone or other platforms.The GCHQ documents set out examples of what information can be extracted from different ad platforms, using perhaps the most popular mobile phone game of all time, Angry Birds – which has reportedly been downloaded more than 1.7bn times – as a case study.
  • Other apps choose to transmit much more data, meaning the agency could potentially net far more. One mobile ad platform, Millennial Media, appeared to offer particularly rich information. Millennial Media's website states it has partnered with Rovio on a special edition of Angry Birds; with Farmville maker Zynga; with Call of Duty developer Activision, and many other major franchises.
  • Paul Merrell on 29 Jan 14
     
    Don't miss the linked companion articles at New York Times and ProPublica. 
Paul Merrell

Wikimedia v. NSA | American Civil Liberties Union - 0 views

www.aclu.org/...wikimedia-v-nsa

surveillance state NSA ACLU Wikimedia-case litigation 4th-Amendment

shared by Paul Merrell on 11 Mar 15 - No Cached
  • The ACLU has filed a lawsuit challenging the constitutionality of the NSA’s mass interception and searching of Americans’ international communications. At issue is the NSA's “upstream” surveillance, through which the U.S. government monitors almost all international – and many domestic – text-based communications. The ACLU’s lawsuit, filed in March 2015 in the U.S. District Court for the District of Maryland, is brought on behalf of nearly a dozen educational, legal, human rights, and media organizations that collectively engage in hundreds of billions of sensitive Internet communications and have been harmed by NSA surveillance.
  • The plaintiffs in the lawsuit are: Wikimedia Foundation, The National Association of Criminal Defense Lawyers, Human Rights Watch, Amnesty International USA, PEN American Center, Global Fund for Women, The Nation Magazine, The Rutherford Institute, and The Washington Office on Latin America. These plaintiffs’ sensitive communications have been copied, searched, and likely retained by the NSA. Upstream surveillance hinders the plaintiffs’ ability to ensure the basic confidentiality of their communications with crucial contacts abroad – among them journalists, colleagues, clients, victims of human rights abuses, and the tens of millions of people who read and edit Wikipedia pages. Read the complaint » Upstream surveillance, which the government claims is authorized by the FISA Amendments Act of 2008, is designed to ensnare all of Americans’ international communications, including emails, web-browsing content, and search engine queries. It is facilitated by devices installed, with the help of companies like Verizon and AT&T, directly on the internet “backbone” – the network of high-capacity cables, switches, and routers across which Internet traffic travels.
  • The NSA intercepts and copies private communications in bulk while they are in transit, and then searches their contents using tens of thousands of keywords associated with NSA targets. These targets, chosen by intelligence analysts, are never approved by any court, and the limitations that do exist are weak and riddled with exceptions. Under the FAA, the NSA may target any foreigner outside the United States believed likely to communicate “foreign intelligence information” – a pool of potential targets so broad that it encompasses journalists, academic researchers, corporations, aid workers, business persons, and others who are not suspected of any wrongdoing.
  • ...1 more annotation...
  • Through its general, indiscriminate searches and seizures of the plaintiffs’ communications, upstream surveillance invades their Fourth Amendment right to privacy, infringes on their First Amendment rights to free expression and association, and exceeds the statutory limits of the FAA itself. The nature of plaintiffs' work and the law’s permissive guidelines for targeting make it likely that the NSA is also retaining and reading their communications, from email exchanges between Amnesty staff and activists, to Wikipedia browsing by readers abroad. The ACLU litigated an earlier challenge to surveillance conducted under the FAA – Clapper v. Amnesty – which was filed less than an hour after President Bush signed the FAA into law in 2008. In a 5-4 vote, the Supreme Court dismissed the case in February 2013 on the grounds that the plaintiffs could not prove they had been spied on. Edward Snowden has said that the ruling contributed to his decision to expose the full scope of NSA surveillance a few months later. Among his disclosures was upstream surveillance, the existence of which was later confirmed by the government.
Paul Merrell

Shady Companies With Ties to Israel Wiretap the U.S. for the NSA | Threat Level | Wired... - 0 views

www.wired.com/...2

surveillance state NSA Israel Narus Verint espionage

shared by Paul Merrell on 15 Jun 13 - No Cached
  • In addition to constructing the Stellar Wind center, and then running the operation, secretive contractors with questionable histories and little oversight were also used to do the actual bugging of the entire U.S. telecommunications network. According to a former Verizon employee briefed on the program, Verint, owned by Comverse Technology, taps the communication lines at Verizon, which I first reported in my book The Shadow Factory in 2008. Verint did not return a call seeking comment, while Verizon said it does not comment on such matters. At AT&T the wiretapping rooms are powered by software and hardware from Narus, now owned by Boeing, a discovery made by AT&T whistleblower Mark Klein in 2004. Narus did not return a call seeking comment. What is especially troubling is that both companies have had extensive ties to Israel, as well as links to that country’s intelligence service, a country with a long and aggressive history of spying on the U.S.
  • In fact, according to Binney, the advanced analytical and data mining software the NSA had developed for both its worldwide and international eavesdropping operations was secretly passed to Israel by a mid-level employee, apparently with close connections to the country. The employee, a technical director in the Operations Directorate, “who was a very strong supporter of Israel,” said Binney, “gave, unbeknownst to us, he gave the software that we had, doing these fast rates, to the Israelis.” Because of his position, it was something Binney should have been alerted to, but wasn’t. “In addition to being the technical director,” he said, “I was the chair of the TAP, it’s the Technical Advisory Panel, the foreign relations council. We’re supposed to know what all these foreign countries, technically what they’re doing…. They didn’t do this that way, it was under the table.” After discovering the secret transfer of the technology, Binney argued that the agency simply pass it to them officially, and in that way get something in return, such as access to communications terminals. “So we gave it to them for switches,” he said. “For access.”
  • But Binney now suspects that Israeli intelligence in turn passed the technology on to Israeli companies who operate in countries around the world, including the U.S. In return, the companies could act as extensions of Israeli intelligence and pass critical military, economic and diplomatic information back to them. “And then five years later, four or five years later, you see a Narus device,” he said. “I think there’s a connection there, we don’t know for sure.” Narus was formed in Israel in November 1997 by six Israelis with much of its money coming from Walden Israel, an Israeli venture capital company. Its founder and former chairman, Ori Cohen, once told Israel’s Fortune Magazine that his partners have done technology work for Israeli intelligence. And among the five founders was Stanislav Khirman, a husky, bearded Russian who had previously worked for Elta Systems, Inc. A division of Israel Aerospace Industries, Ltd., Elta specializes in developing advanced eavesdropping systems for Israeli defense and intelligence organizations. At Narus, Khirman became the chief technology officer.
  • ...4 more annotations...
  • A few years ago, Narus boasted that it is “known for its ability to capture and collect data from the largest networks around the world.” The company says its equipment is capable of “providing unparalleled monitoring and intercept capabilities to service providers and government organizations around the world” and that “Anything that comes through [an Internet protocol network], we can record. We can reconstruct all of their e-mails, along with attachments, see what Web pages they clicked on, we can reconstruct their [Voice over Internet Protocol] calls.” Like Narus, Verint was founded by in Israel by Israelis, including Jacob “Kobi” Alexander, a former Israeli intelligence officer. Some 800 employees work for Verint, including 350 who are based in Israel, primarily working in research and development and operations, according to the Jerusalem Post. Among its products is STAR-GATE, which according to the company’s sales literature, lets “service providers … access communications on virtually any type of network, retain communication data for as long as required, and query and deliver content and data …” and was “[d]esigned to manage vast numbers of targets, concurrent sessions, call data records, and communications.”
  • In a rare and candid admission to Forbes, Retired Brig. Gen. Hanan Gefen, a former commander of the highly secret Unit 8200, Israel’s NSA, noted his former organization’s influence on Comverse, which owns Verint, as well as other Israeli companies that dominate the U.S. eavesdropping and surveillance market. “Take NICE, Comverse and Check Point for example, three of the largest high-tech companies, which were all directly influenced by 8200 technology,” said Gefen. “Check Point was founded by Unit alumni. Comverse’s main product, the Logger, is based on the Unit’s technology.”
  • According to a former chief of Unit 8200, both the veterans of the group and much of the high-tech intelligence equipment they developed are now employed in high-tech firms around the world. “Cautious estimates indicate that in the past few years,” he told a reporter for the Israeli newspaper Ha’artez in 2000, “Unit 8200 veterans have set up some 30 to 40 high-tech companies, including 5 to 10 that were floated on Wall Street.” Referred to only as “Brigadier General B,” he added, “This correlation between serving in the intelligence Unit 8200 and starting successful high-tech companies is not coincidental: Many of the technologies in use around the world and developed in Israel were originally military technologies and were developed and improved by Unit veterans.
  • Equally troubling is the issue of corruption. Kobi Alexander, the founder and former chairman of Verint, is now a fugitive, wanted by the FBI on nearly three dozen charges of fraud, theft, lying, bribery, money laundering and other crimes. And two of his top associates at Comverse, Chief Financial Officer David Kreinberg and former General Counsel William F. Sorin, were also indicted in the scheme and later pleaded guilty, with both serving time in prison and paying millions of dollars in fines and penalties. When asked about these contractors, the NSA declined to “verify the allegations made.”
  • Paul Merrell on 15 Jun 13
     
    So, allegedly a Zionist working in NSA passed NSA's telecommunications data mining software to Israel, was identified, but was never prosecuted. And the Verint CEO is now a fugitive from justice on charges of "fraud, theft, lying, money laundering, and other crimes." What's not to like in having this company processing all of our telephone metadata?
Paul Merrell

Google Says Website Encryption Will Now Influence Search Rankings - 0 views

techcrunch.com/...-now-influence-search-rankings

surveillance state NSA-reform NSA-blowback Google

shared by Paul Merrell on 08 Aug 14 - No Cached
  • Google will begin using website encryption, or HTTPS, as a ranking signal – a move which should prompt website developers who have dragged their heels on increased security measures, or who debated whether their website was “important” enough to require encryption, to make a change. Initially, HTTPS will only be a lightweight signal, affecting fewer than 1% of global queries, says Google. That means that the new signal won’t carry as much weight as other factors, including the quality of the content, the search giant noted, as Google means to give webmasters time to make the switch to HTTPS. Over time, however, encryption’s effect on search ranking make strengthen, as the company places more importance on website security. Google also promises to publish a series of best practices around TLS (HTTPS, is also known as HTTP over TLS, or Transport Layer Security) so website developers can better understand what they need to do in order to implement the technology and what mistakes they should avoid. These tips will include things like what certificate type is needed, how to use relative URLs for resources on the same secure domain, best practices around allowing for site indexing, and more.
  • In addition, website developers can test their current HTTPS-enabled website using the Qualys Lab tool, says Google, and can direct further questions to Google’s Webmaster Help Forums where the company is already in active discussions with the broader community. The announcement has drawn a lot of feedback from website developers and those in the SEO industry – for instance, Google’s own blog post on the matter, shared in the early morning hours on Thursday, is already nearing 1,000 comments. For the most part, the community seems to support the change, or at least acknowledge that they felt that something like this was in the works and are not surprised. Google itself has been making moves to better securing its own traffic in recent months, which have included encrypting traffic between its own servers. Gmail now always uses an encrypted HTTPS connection which keeps mail from being snooped on as it moves from a consumer’s machine to Google’s data centers.
  • While HTTPS and site encryption have been a best practice in the security community for years, the revelation that the NSA has been tapping the cables, so to speak, to mine user information directly has prompted many technology companies to consider increasing their own security measures, too. Yahoo, for example, also announced in November its plans to encrypt its data center traffic. Now Google is helping to push the rest of the web to do the same.
  • Paul Merrell on 08 Aug 14
     
    The Internet continues to harden in the wake of the NSA revelations. This is a nice nudge by Google.
1 - 20 of 35 Next ›
Showing 20 items per page