Group items tagged

Nearly 60 percent believe the revelations will not force the government to curtail the surveillance program. But 76 percent of Americans believe there will soon be additional disclosures that the spying programs are bigger and more widespread than currently known. Americans are largely split on partisan grounds as to whether Obama is more careful about respecting privacy than President George W. Bush. Twenty-eight percent said Bush was more careful, one-quarter sided with Obama, and 42 percent say there has been little difference between the two.

Because the fact is that there is technology that could be deployed that would give many the confidence that none of us now have. “Trust us” does not compute. But trust and verify, with high-quality encryption, could. And there are companies, such as Palantir, developing technologies that could give us, and more importantly, reviewing courts, a very high level of confidence that data collected or surveilled was not collected or used in an improper way. Think of it as a massive audit log, recording how and who used what data for what purpose. We could code the Net in a string of obvious ways to give us even better privacy, while also enabling better security. But we don’t, or haven’t, obviously. Maybe because of stupidity. How many congressmen could even describe how encryption works? Maybe because of cupidity. Who within our system can resist large and lucrative contracts to private companies, especially when bundled with generous campaign funding packages? Or maybe because the “permanent war” that Obama told us we were not in has actually convinced all within government that old ideas are dead and we just need to “get over it”—ideas like privacy, and due process, and fundamental proportionality. These ideas may be dead, for now. And they will stay dead, in the future. At least until we finally learn how liberty can live in the digital age. And here’s the hint: not through law alone, but through law that demands code that even the Electronic Frontier Foundation could trust.

As the Center on Democracy and Technology has noted, there are approximately 500 million computers that fall under this rule. The public doesn’t know nearly enough about how law enforcement executes these hacks, and what risks these types of searches will pose. By compromising the computer’s system, the search might leave it open to other attackers or damage the computer they are searching.Don’t take it from me that this will impact your security, read more from security researchers Steven Bellovin, Matt Blaze and Susan Landau.Finally, these changes to Rule 41 would also give some types of electronic searches different, weaker notification requirements than physical searches. Under this new Rule, they are only required to make “reasonable efforts” to notify people that their computers were searched. This raises the possibility of the FBI hacking into a cyber attack victim’s computer and not telling them about it until afterward, if at all.

Perhaps the strongest evidence that the attack was a law enforcement or intelligence operation was the limited functionality of the malware. The heart of the malicious Javascript was a tiny Windows executable hidden in a variable named “Magneto.” A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box. But the Magneto code didn’t download anything. It looked up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sent it to a server in Northern Virginia server, bypassing Tor, to expose the user’s real IP address, coding the transmission as a standard HTTP web request.

The official IP allocation records maintained by the American Registry for Internet Numbers show the two Magneto-related IP addresses were part of a ghost block of eight addresses that have no organization listed. Those addresses trace no further than the Verizon Business data center in Ashburn, Virginia, 20 miles northwest of the Capital Beltway. The code’s behavior, and the command-and-control server’s Virginia placement, is also consistent with what’s known about the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007. Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor. Prior to the Freedom Hosting attack, the code had been used sparingly, which kept it from leaking out and being analyzed.

The Senate Intelligence Committee is expected to vote Thursday to send an executive summary of the report to Obama for declassification. U.S. officials said it could be months before that section, which contains roughly 20 conclusions and spans about 400 pages, is released to the public. The report’s release also could resurrect a long-standing feud between the CIA and the FBI, where many officials were dismayed by the agency’s use of methods that Obama and others later labeled torture. CIA veterans have expressed concern that the report reflects FBI biases. One of its principal authors is a former FBI analyst,

“The CIA conflated what was gotten when, which led them to misrepresent the effectiveness of the program,” said a second U.S. official who has reviewed the report. The official described the persistence of such misstatements as among “the most damaging” of the committee’s conclusions.Detainees’ credentials also were exaggerated, officials said. Agency officials described Abu Zubaida as a senior al-Qaeda operative — and, therefore, someone who warranted coercive techniques — although experts later determined that he was essentially a facilitator who helped guide recruits to al-Qaeda training camps.The CIA also oversold the role of Abd al-Rahim al-Nashiri in the 2000 bombing of the USS Cole in Yemen, which killed 17 U.S. sailors. CIA officials claimed he was the “mastermind.” The committee described a similar sequence in the interrogation of Hassan Ghul, an al-Qaeda operative who provided a critical lead in the search for bin Laden: the fact that the al-Qaeda leader’s most trusted courier used the moniker “al-Kuwaiti.” But Ghul disclosed that detail while being interrogated by Kurdish authorities in northern Iraq who posed questions scripted by CIA analysts. The information from that period was subsequently conflated with lesser intelligence gathered from Ghul at a secret CIA prison in Romania, officials said. Ghul was later turned over to authorities in Pakistan, where he was subsequently released. He was killed by a CIA drone strike in 2012.

Sen. Dianne Feinstein (D-Calif.), chairman of the Senate Intelligence Committee, has previously indicated that harsh CIA interrogation measures were of little value in the bin Laden hunt. “The CIA detainee who provided the most significant information about the courier provided the information prior to being subjected to coercive interrogation techniques,” Feinstein said in a 2013 statement, responding in part to scenes in the movie “Zero Dark Thirty” that depict a detainee’s slip under duress as a breakthrough moment.

As with Abu Zubaida and even Nashiri, officials said, CIA interrogators continued the harsh treatment even after it appeared that Baluchi was cooperating. On Sept. 22, 2003, he was flown from Kabul to a CIA black site in Romania. In 2006, he was taken to the U.S. military prison at Guantanamo Bay, Cuba. His attorneys contend that he suffered head trauma while in CIA custody. Last year, the Senate Intelligence Committee asked Baluchi’s attorneys for information about his medical condition, but military prosecutors opposed the request. A U.S. official said the request was not based solely on the committee’s investigation of the CIA program.

Officials said a former CIA interrogator named Charlie Wise was forced to retire in 2003 after being suspected of abusing Abu Zubaida using a broomstick as a ballast while he was forced to kneel in a stress position. Wise was also implicated in the abuse at Salt Pit. He died of a heart attack shortly after retiring from the CIA, former U.S. intelligence officials said.

Before the Sept. 11 attacks, the N.S.A. normally eavesdropped on a small number of American citizens or resident aliens, often a dozen or less, while the F.B.I., whose low-tech wiretapping was far less intrusive, requested most of the warrants from FISA. Despite the low odds of having a request turned down, President Bush established a secret program in which the N.S.A. would bypass the FISA court and begin eavesdropping without warrant on Americans. This decision seems to have been based on a new concept of monitoring by the agency, a way, according to the administration, to effectively handle all the data and new information. At the time, the buzzword in national security circles was data mining: digging deep into piles of information to come up with some pattern or clue to what might happen next. Rather than monitoring a dozen or so people for months at a time, as had been the practice, the decision was made to begin secretly eavesdropping on hundreds, perhaps thousands, of people for just a few days or a week at a time in order to determine who posed potential threats. Those deemed innocent would quickly be eliminated from the watch list, while those thought suspicious would be submitted to the FISA court for a warrant. In essence, N.S.A. seemed to be on a classic fishing expedition, precisely the type of abuse the FISA court was put in place to stop.At a news conference, President Bush himself seemed to acknowledge this new tactic. "FISA is for long-term monitoring," he said. "There's a difference between detecting so we can prevent, and monitoring.

In 2002, it was revealed that the Pentagon had launched Total Information Awareness, a data mining program led by John Poindexter, a retired rear admiral who had served as national security adviser under Ronald Reagan and helped devise the plan to sell arms to Iran and illegally divert the proceeds to rebels in Nicaragua. Total Information Awareness, known as T.I.A., was intended to search through vast data bases, promising to "increase the information coverage by an order-of-magnitude." According to a 2002 article in The New York Times, the program "would permit intelligence analysts and law enforcement officials to mount a vast dragnet through electronic transaction data ranging from credit card information to veterinary records, in the United States and internationally, to hunt for terrorists." After press reports, the Pentagon shut it down, and Mr. Poindexter eventually left the government. But according to a 2004 General Accounting Office report, the Bush administration and the Pentagon continued to rely heavily on data-mining techniques. "Our survey of 128 federal departments and agencies on their use of data mining," the report said, "shows that 52 agencies are using or are planning to use data mining. These departments and agencies reported 199 data-mining efforts, of which 68 are planned and 131 are operational." Of these uses, the report continued, "the Department of Defense reported the largest number of efforts."

"I don't want to see this country ever go across the bridge," Senator Church said. "I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision, so that we never cross over that abyss. That is the abyss from which there is no return." James Bamford is the author of "Puzzle Palace" and"Body of Secrets: Anatomy of the Ultra-Secret National Security Agency."

Three sources familiar with informal discussions of Snowden’s case told Yahoo News that one top U.S. intelligence official, Robert Litt, the chief counsel to Director of National Intelligence James Clapper, recently privately floated the idea that the government might be open to a plea bargain in which Snowden returns to the United States, pleads guilty to one felony count and receives a prison sentence of three to five years in exchange for full cooperation with the government.

Overall, we desperately need to nurture and propagate a steadfast culture of outspoken whistleblowing. A central motto of the AIDS activist movement dating back to the 1980s – Silence = Death – remains urgently relevant in a vast array of realms. Whether the problems involve perpetual war, corporate malfeasance, climate change, institutionalized racism, patterns of sexual assault, toxic pollution or countless other ills, none can be alleviated without bringing grim realities into the light. “All governments lie,” Ellsberg says in a video statement released for the launch of ExposeFacts, “and they all like to work in the dark as far as the public is concerned, in terms of their own decision-making, their planning — and to be able to allege, falsely, unanimity in addressing their problems, as if no one who had knowledge of the full facts inside could disagree with the policy the president or the leader of the state is announcing.” Ellsberg adds: “A country that wants to be a democracy has to be able to penetrate that secrecy, with the help of conscientious individuals who understand in this country that their duty to the Constitution and to the civil liberties and to the welfare of this country definitely surmount their obligation to their bosses, to a given administration, or in some cases to their promise of secrecy.”

Right now, our potential for democracy owes a lot to people like NSA whistleblowers William Binney and Kirk Wiebe, and EPA whistleblower Marsha Coleman-Adebayo. When they spoke at the June 4 news conference in Washington that launched ExposeFacts, their brave clarity was inspiring. Antidotes to the poisons of cynicism and passive despair can emerge from organizing to help create a better world. The process requires applying a single standard to the real actions of institutions and individuals, no matter how big their budgets or grand their power. What cannot withstand the light of day should not be suffered in silence. If you see something, say something.

As intelligence professionals we are embarrassed by the unprofessional use of partial intelligence information. As Americans, we find ourselves hoping that, if you indeed have more conclusive evidence, you will find a way to make it public without further delay. In charging Russia with being directly or indirectly responsible, Secretary of State John Kerry has been particularly definitive. Not so the evidence. His statements seem premature and bear earmarks of an attempt to “poison the jury pool.”

Regarding the Malaysia Airlines shoot-down of July 17, we believe Kerry has typically rushed to judgment and that his incredible record for credibility poses a huge disadvantage in the diplomatic and propaganda maneuvering vis-a-vis Russia. We suggest you call a halt to this misbegotten “public diplomacy” offensive. If, however, you decide to press on anyway, we suggest you try to find a less tarnished statesman or woman.

If the U.S. has more convincing evidence than what has so far been adduced concerning responsibility for shooting down Flight 17, we believe it would be best to find a way to make that intelligence public – even at the risk of compromising “sources and methods.” Moreover, we suggest you instruct your subordinates not to cheapen U.S. credibility by releasing key information via social media like Twitter and Facebook. The reputation of the messenger for credibility is also key in this area of “public diplomacy.” As is by now clear to you, in our view Secretary Kerry is more liability than asset in this regard. Similarly, with regard to Director of National Intelligence James Clapper, his March 12, 2013 Congressional testimony under oath to what he later admitted were “clearly erroneous” things regarding NSA collection should disqualify him. Clapper should be kept at far remove from the Flight 17 affair. What is needed, if you’ve got the goods, is an Interagency Intelligence Assessment – the genre used in the past to lay out the intelligence. We are hearing indirectly from some of our former colleagues that what Secretary Kerry is peddling does not square with the real intelligence. Such was the case late last August, when Kerry created a unique vehicle he called a “Government (not Intelligence) Assessment” blaming, with no verifiable evidence, Bashar al-Assad for the chemical attacks near Damascus, as honest intelligence analysts refused to go along and, instead, held their noses.

We believe you need to seek out honest intelligence analysts now and hear them out. Then, you may be persuaded to take steps to curb the risk that relations with Russia might escalate from “Cold War II” into an armed confrontation. In all candor, we see little reason to believe that Secretary Kerry and your other advisers appreciate the enormity of that danger. In our most recent (May 4) memorandum to you, Mr. President, we cautioned that if the U.S. wished “to stop a bloody civil war between east and west Ukraine and avert Russian military intervention in eastern Ukraine, you may be able to do so before the violence hurtles completely out of control.” On July 18, you joined the top leaders of Germany, France, and Russia in calling for an immediate ceasefire. Most informed observers believe you have it in your power to get Ukrainian leaders to agree. The longer Kiev continues its offensive against separatists in eastern Ukraine, the more such U.S. statements appear hypocritical. We reiterate our recommendations of May 4, that you remove the seeds of this confrontation by publicly disavowing any wish to incorporate Ukraine into NATO and that you make it clear that you are prepared to meet personally with Russian President Putin without delay to discuss ways to defuse the crisis and recognize the legitimate interests of the various parties. The suggestion of an early summit got extraordinary resonance in controlled and independent Russian media. Not so in “mainstream” media in the U.S. Nor did we hear back from you. The courtesy of a reply is requested.

“We’ve seen a trend in the years since 9/11 to bring sophisticated surveillance technologies that were originally designed for military use — like Stingrays or drones or biometrics — back home to the United States,” said Jennifer Lynch, a senior staff attorney at the Electronic Frontier Foundation, which has waged a legal battle challenging the use of cellphone surveillance devices domestically. “But using these technologies for domestic law enforcement purposes raises a host of issues that are different from a military context.”

But domestically the devices have been used in a way that violates the constitutional rights of citizens, including the Fourth Amendment prohibition on illegal search and seizure, critics like Lynch say. They have regularly been used without warrants, or with warrants that critics call overly broad. Judges and civil liberties groups alike have complained that the devices are used without full disclosure of how they work, even within court proceedings.