Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged NSA-targets-Americans

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Top-Secret Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit 'Radi... - 0 views

www.huffingtonpost.com/...sa-porn-muslims_n_4346128.html

surveillance state NSA NSA-porn COINTELPRO FBI must-read

shared by Paul Merrell on 28 Nov 13 - No Cached
  • WASHINGTON -- The National Security Agency has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches, according to a top-secret NSA document. The document, provided by NSA whistleblower Edward Snowden, identifies six targets, all Muslims, as “exemplars” of how “personal vulnerabilities” can be learned through electronic surveillance, and then exploited to undermine a target's credibility, reputation and authority. The NSA document, dated Oct. 3, 2012, repeatedly refers to the power of charges of hypocrisy to undermine such a messenger. “A previous SIGINT" -- or signals intelligence, the interception of communications -- "assessment report on radicalization indicated that radicalizers appear to be particularly vulnerable in the area of authority when their private and public behaviors are not consistent,” the document argues. Among the vulnerabilities listed by the NSA that can be effectively exploited are “viewing sexually explicit material online” and “using sexually explicit persuasive language when communicating with inexperienced young girls.”
  • The Director of the National Security Agency -- described as "DIRNSA" -- is listed as the "originator" of the document. Beyond the NSA itself, the listed recipients include officials with the Departments of Justice and Commerce and the Drug Enforcement Administration. "Without discussing specific individuals, it should not be surprising that the US Government uses all of the lawful tools at our disposal to impede the efforts of valid terrorist targets who seek to harm the nation and radicalize others to violence," Shawn Turner, director of public affairs for National Intelligence, told The Huffington Post in an email Tuesday. Yet Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said these revelations give rise to serious concerns about abuse. "It's important to remember that the NSA’s surveillance activities are anything but narrowly focused -- the agency is collecting massive amounts of sensitive information about virtually everyone," he said. "Wherever you are, the NSA's databases store information about your political views, your medical history, your intimate relationships and your activities online," he added. "The NSA says this personal information won't be abused, but these documents show that the NSA probably defines 'abuse' very narrowly."
  • None of the six individuals targeted by the NSA is accused in the document of being involved in terror plots. The agency believes they all currently reside outside the United States. It identifies one of them, however, as a "U.S. person," which means he is either a U.S. citizen or a permanent resident. A U.S. person is entitled to greater legal protections against NSA surveillance than foreigners are. Stewart Baker, a one-time general counsel for the NSA and a top Homeland Security official in the Bush administration, said that the idea of using potentially embarrassing information to undermine targets is a sound one. "If people are engaged in trying to recruit folks to kill Americans and we can discredit them, we ought to," said Baker. "On the whole, it's fairer and maybe more humane" than bombing a target, he said, describing the tactic as "dropping the truth on them." Any system can be abused, Baker allowed, but he said fears of the policy drifting to domestic political opponents don't justify rejecting it. "On that ground you could question almost any tactic we use in a war, and at some point you have to say we're counting on our officials to know the difference," he said.
  • ...6 more annotations...
  • In addition to analyzing the content of their internet activities, the NSA also examined the targets' contact lists. The NSA accuses two of the targets of promoting al Qaeda propaganda, but states that surveillance of the three English-speakers’ communications revealed that they have "minimal terrorist contacts." In particular, “only seven (1 percent) of the contacts in the study of the three English-speaking radicalizers were characterized in SIGINT as affiliated with an extremist group or a Pakistani militant group. An earlier communications profile of [one of the targets] reveals that 3 of the 213 distinct individuals he was in contact with between 4 August and 2 November 2010 were known or suspected of being associated with terrorism," the document reads. The document contends that the three Arabic-speaking targets have more contacts with affiliates of extremist groups, but does not suggest they themselves are involved in any terror plots. Instead, the NSA believes the targeted individuals radicalize people through the expression of controversial ideas via YouTube, Facebook and other social media websites. Their audience, both English and Arabic speakers, "includes individuals who do not yet hold extremist views but who are susceptible to the extremist message,” the document states. The NSA says the speeches and writings of the six individuals resonate most in countries including the United Kingdom, Germany, Sweden, Kenya, Pakistan, India and Saudi Arabia.
  • The NSA possesses embarrassing sexually explicit information about at least two of the targets by virtue of electronic surveillance of their online activity. The report states that some of the data was gleaned through FBI surveillance programs carried out under the Foreign Intelligence and Surveillance Act. The document adds, "Information herein is based largely on Sunni extremist communications." It further states that "the SIGINT information is from primary sources with direct access and is generally considered reliable." According to the document, the NSA believes that exploiting electronic surveillance to publicly reveal online sexual activities can make it harder for these “radicalizers” to maintain their credibility. "Focusing on access reveals potential vulnerabilities that could be even more effectively exploited when used in combination with vulnerabilities of character or credibility, or both, of the message in order to shape the perception of the messenger as well as that of his followers," the document argues. An attached appendix lists the "argument" each surveillance target has made that the NSA says constitutes radicalism, as well the personal "vulnerabilities" the agency believes would leave the targets "open to credibility challenges" if exposed.
  • One target's offending argument is that "Non-Muslims are a threat to Islam," and a vulnerability listed against him is "online promiscuity." Another target, a foreign citizen the NSA describes as a "respected academic," holds the offending view that "offensive jihad is justified," and his vulnerabilities are listed as "online promiscuity" and "publishes articles without checking facts." A third targeted radical is described as a "well-known media celebrity" based in the Middle East who argues that "the U.S perpetrated the 9/11 attack." Under vulnerabilities, he is said to lead "a glamorous lifestyle." A fourth target, who argues that "the U.S. brought the 9/11 attacks on itself" is said to be vulnerable to accusations of “deceitful use of funds." The document expresses the hope that revealing damaging information about the individuals could undermine their perceived "devotion to the jihadist cause." The Huffington Post is withholding the names and locations of the six targeted individuals; the allegations made by the NSA about their online activities in this document cannot be verified. The document does not indicate whether the NSA carried out its plan to discredit these six individuals, either by communicating with them privately about the acquired information or leaking it publicly. There is also no discussion in the document of any legal or ethical constraints on exploiting electronic surveillance in this manner.
  • While Baker and others support using surveillance to tarnish the reputation of people the NSA considers "radicalizers," U.S. officials have in the past used similar tactics against civil rights leaders, labor movement activists and others. Under J. Edgar Hoover, the FBI harassed activists and compiled secret files on political leaders, most notably Martin Luther King, Jr. The extent of the FBI's surveillance of political figures is still being revealed to this day, as the bureau releases the long dossiers it compiled on certain people in response to Freedom of Information Act requests following their deaths. The information collected by the FBI often centered on sex -- homosexuality was an ongoing obsession on Hoover's watch -- and information about extramarital affairs was reportedly used to blackmail politicians into fulfilling the bureau's needs. Current FBI Director James Comey recently ordered new FBI agents to visit the Martin Luther King, Jr. Memorial in Washington to understand "the dangers in becoming untethered to oversight and accountability."
  • James Bamford, a journalist who has been covering the NSA since the early 1980s, said the use of surveillance to exploit embarrassing private behavior is precisely what led to past U.S. surveillance scandals. "The NSA's operation is eerily similar to the FBI's operations under J. Edgar Hoover in the 1960s where the bureau used wiretapping to discover vulnerabilities, such as sexual activity, to 'neutralize' their targets," he said. "Back then, the idea was developed by the longest serving FBI chief in U.S. history, today it was suggested by the longest serving NSA chief in U.S. history." That controversy, Bamford said, also involved the NSA. "And back then, the NSA was also used to do the eavesdropping on King and others through its Operation Minaret. A later review declared the NSA’s program 'disreputable if not outright illegal,'" he said. Baker said that until there is evidence the tactic is being abused, the NSA should be trusted to use its discretion. "The abuses that involved Martin Luther King occurred before Edward Snowden was born," he said. "I think we can describe them as historical rather than current scandals. Before I say, 'Yeah, we've gotta worry about that,' I'd like to see evidence of that happening, or is even contemplated today, and I don't see it."
  • Jaffer, however, warned that the lessons of history ought to compel serious concern that a "president will ask the NSA to use the fruits of surveillance to discredit a political opponent, journalist or human rights activist." "The NSA has used its power that way in the past and it would be naïve to think it couldn't use its power that way in the future," he said.
  • Paul Merrell on 28 Nov 13
     
    By Glenn Greenwald, Ryan Gallagher, and Ryan Grim, 26 November 2013. I will annotate later. But this is by far the most important NSA disclosure from Edward Snowden's leaked documents thus far. A report originated by Gen. Alexander himself revealing COINTELPRO like activities aimed at destroying the reputations of non-terrorist "radicalizers," including one "U.S. person." This is exactly the kind of repressive activity that the civil libertarians among us warn about. 
  • Paul Merrell on 28 Nov 13
     
    By Glenn Greenwald, Ryan Gallagher, and Ryan Grim, 26 November 2013. I will annotate later. But this is by far the most important NSA disclosure from Edward Snowden's leaked documents thus far. A report originated by Gen. Alexander himself revealing COINTELPRO like activities aimed at destroying the reputations of non-terrorist "radicalizers," including one "U.S. person." This is exactly the kind of repressive activity that the civil libertarians among us warn about. 
Paul Merrell

NSA Whistleblower: Snowden Never Had Access to the "Juiciest" Intelligence Documents | ... - 0 views

www.globalresearch.ca/...5386231

surveillance state NSA Snowden-documents NSA-domestic-surveillance Tice must-read

shared by Paul Merrell on 11 Jun 14 - No Cached
  • NSA whistleblower Russel Tice was a key source in the 2005 New York Times report that blew the lid off the Bush administration’s use of warrantless wiretapping. Tice told PBS and other media that the NSA is spying on – and blackmailing – top government officials and military officers, including Supreme Court Justices, highly-ranked generals, Colin Powell and other State Department personnel, and many other top officials:
  • He says the NSA started spying on President Obama when he was a candidate for Senate:
  • Many of Tice’s allegations have been confirmed by other government whistleblowers. And see this. Washington’s Blog called Tice to find out more about what he saw when he was at NSA.
  • ...8 more annotations...
  • NSA Has Hidden Its Most Radical Surveillance Operations … Even from People Like Snowden Who Had General “Code Word” Clearance WASHINGTON’S BLOG: Glenn Greenwald – supposedly, in the next couple of days or weeks – is going to disclose, based on NSA documents leaked by Snowden, that the NSA is spying on all sorts of normal Americans … and that the spying is really to crush dissent.  [Background here, here and here.] Does Snowden even have documents which contain the information which you’ve seen? RUSSELL TICE:  The answer is no. WASHINGTON’S BLOG: So you saw handwritten notes. And what Snowden was seeing were electronic files …?
  • RUSSELL TICE: Think of it this way.  Remember I told you about the NSA doing everything they could to make sure that the information from 40 years ago – from spying on Frank Church and Lord knows how many other Congressman that they were spying on – was hidden? Now do you think they’re going to put that information into Powerpoint slides that are easy to explain to everybody what they’re doing? They would not even put their own NSA designators on the reports [so that no one would know that] it came from the NSA.  They made the reports look like they were Humint (human intelligence) reports.  They did it to hide the fact that they were NSA and they were doing the collection. That’s 40 years ago.  [The NSA and other agencies are still doing "parallel construction", "laundering" information to hide the fact that the information is actually from mass NSA surveillance.] Now, what NSA is doing right now is that they’re taking the information and they’re putting it in a much higher security level.  It’s called “ECI” - Exceptionally Controlled Information  – and it’s called the black program … which I was a specialist in, by the way. I specialized in black world – DOD and IC (Intelligence Community) – programs, operations and missions … in “VRKs”, “ECIs”, and “SAPs”, “STOs”. SAP equals Special Access Program. It’s highly unlikely Mr. Snowden had any access to these. STO equals Special Technical Operations  It’s highly unlikely Mr. Snowden had any access to these.
  • Now in that world – the ECI/VRK world – everything in that system is classified at a higher level and it has its own computer systems that house it.  It’s totally separate than the system which Mr. Snowden was privy to, which was called the “JWICS”: Joint Worldwide Intelligence Communications System.  The JWICS system is what everybody at NSA has access to.  Mr Snowden had Sys Admin [systems administrator] authority for the JWICS. And you still have to have TS/SCI clearance [i.e. Top Secret/ Sensitive Compartmented Information - also known as “code word” - clearance] to get on the JWICS. But the ECI/VRK systems are much higher [levels of special compartmentalized clearance] than the JWICS. And you have to be in the black world to get that [clearance]. ECI = Exceptionally Controlled Information. I do not believe Mr. Snowden had any access to these ECI controlled networks). VRK = Very Restricted Knowledge. I do not believe Mr. Snowden had any access to these VRK controlled networks. These programs typically have, at the least, a requirement of 100 year or until death, ’till the person first being “read in” [i.e. sworn to secrecy as part of access to the higher classification program] can talk about them.  [As an interesting sidenote, the Washington Times reported in 2006 that – when Tice offered to testify to Congress about this illegal spying – he was informed by the NSA that the Senate and House intelligence committees were not cleared to hear such information.]
  • It’s very compartmentalized and – even with stuff that they had – you might have something at NSA, that there’s literally 40 people at NSA that know that it’s going on in the entire agency. When the stuff came out in the New York Times [the first big spying story, which broke in 2005] – and I was a source of information for the New York Times –   that’s when President Bush made up that nonsense about the “terrorist surveillance program.” By the way, that never existed. That was made up. There was no such thing beforehand. It was made up … to try to placate the American people. The NSA IG (Inspector General) – who was not cleared for this – all of a sudden is told he has to do an investigation on this; something he has no information or knowledge of. So what they did, is they took a few documents and they downgraded [he classification level of the documents] – just a few – and gave them to them to placate this basic whitewash investigation.
  • Snowden’s Failure To Understand the Most Important Documents RUSSELL TICE: Now, if Mr. Snowden were to find the crossover, it would be those documents that were downgraded to the NSA’s IG. The stuff that I saw looked like a bunch of alphanumeric gobbledygook.  Unless you have an analyst to know what to look for – and believe me, I think that what Snowden’s done is great – he’s not an intelligence analyst.  So he would see something like that, and he wouldn’t know what he’s looking at. But that would be “the jewels”. And the key is, you wouldn’t know it’s the jewels unless you were a diamond miner and you knew what to look for. Because otherwise, there’s a big lump of rock and you don’t know there’s a diamond in there. I worked special programs. And the way I found out is that I was working on a special operation, and I needed information from NSA … from another unit. And when I went to that unit and I said “I need this information”, and I dealt with [satellite spy operations], and I did that in the black world. I was a special operations officer. I would literally go do special missions that were in the black world where I would travel overseas and do spooky stuff.
  • Cheney Was Running the Show WASHINGTON’S BLOG: You said in one of your interviews that Dick Cheney ordered the intercepts that you found in the burn bags [the bags of documents which were slated to be destroyed because they were so sensitive]. Is that right … and if so, how do you know that? RUSSELL TICE: I did not know one way or the other until I talked to a very senior person at NSA who – much later – wanted to have a meeting with me. And we had a covert, clandestine style meeting. And that’s when this individual told me that the whole thing was being directed and was coming from the vice president’s office … Cheney, through his lawyer David Addington. WASHINGTON’S BLOG:  It sounds like it wasn’t going through normal routes?  It’s not like Cheney or Addington made formal requests to the NSA … through normal means? RUSSELL TICE: No, not normal at all. All on the sly … all “sneaky pete” under the table, in the evening when most NSA employees are gone for the day. This is all being done in the evenings … between like 7 [at night] and midnight.
  • NSA Is Spying On CONTENT as Well as Metadata WASHINGTON’S BLOG: And from what you and others have said, it’s content as well as metadata? RUSSELL TICE: Of course it is. Of course. [Background. But see this.] NSA Spying On Journalists, Congress, Admirals, Lawyers … RUSSELL TICE: In 2009, I told [reporters] that they were going after journalists and news organizations and reporters and such. I never read text of Congressman’s conversations. What I had was information – sometimes hand-written – of phone numbers of Congressmen, their wives, their children, their staffers, their home numbers, their cellphone numbers, their phone numbers of their residence back in Oregon or whatever state they’re from, and their little offices back in their state. Or an Admiral and his wife, and his kids and his staffers …
  • The main thing I saw more than anything else were lawyers and law firms. I saw more lawyers or law firms being wiretapped than anything else. These are the phone numbers I saw written. And then I would see those numbers incorporated into those lists with the columns of information about the phone number, and the serial number and the banks of recorders and digital converters and the data storage devices. I could see handwritten phone numbers and notes, sometimes with names, sometimes not.
  • Paul Merrell on 11 Jun 14
     
    Whistleblower Russell Tice says that there are super-classified domestic surveillance records that Edward Snowden, Congressional oversight committees, and the NSA Inspector-General did not have access to. Must-read.
Paul Merrell

Lawmaker Says There More To NSA Spying - Business Insider - 0 views

www.businessinsider.com/here-more-to-nsa-spying-2013-6

surveillance state NSA future-disclosures

shared by Paul Merrell on 04 Jul 13 - No Cached
  • A House Democrat said information revealed about the National Security Agency's secret surveillance programs are "the tip of the iceberg," Daniel Strauss of The Hill reports. "I think it's just broader than most people even realize, and I think that's, in one way, what astounded most of us, too," Rep. Loretta Sanchez (D-Calif.) told C-SPAN's "Washington Journal" after a classified briefing with national security officials. Rep. Joe Barton (R-Texas), who also attended the meeting, said that the NSA "violated the spirit of the law when it started collecting data from everyone in the country just because technology now makes that possible.” Barton added that "in America ... You don’t target everyone and violate their 4th Amendment rights just because of a handful of threats. But that is exactly what is happening at the NSA ... it is wrong and it needs to stop now.” More from Sanchez: "I don't know if there are other leaks, if there's more information somewhere, if somebody else is going to step up, but I will tell you that I believe it's the tip of the iceberg."
  • A House Democrat said information revealed about the National Security Agency's secret surveillance programs are "the tip of the iceberg," Daniel Strauss of The Hill reports. "I think it's just broader than most people even realize, and I think that's, in one way, what astounded most of us, too," Rep. Loretta Sanchez (D-Calif.) told C-SPAN's "Washington Journal" after a classified briefing with national security officials. Rep. Joe Barton (R-Texas), who also attended the meeting, said that the NSA "violated the spirit of the law when it started collecting data from everyone in the country just because technology now makes that possible.” Barton added that "in America ... You don’t target everyone and violate their 4th Amendment rights just because of a handful of threats. But that is exactly what is happening at the NSA ... it is wrong and it needs to stop now.”
  • Glenn Greenwald of the Guardian, who has served as a conduit for Snowden's leaks, recently said that there will me many more "significant revelations that have not yet been heard." Greenwald told The New York Times that he received “thousands” of classified documents — “dozens” of which are newsworthy — from the the 29-year-old ex-Booz Allen employee who was contracted by the NSA. Sanchez said that what lawmakers learned "is significantly more than what is out in the media today," which is interesting when considering previous reports by journalists and whistleblowers.
  • ...2 more annotations...
  • Here's a rundown of the reports and the allegations: In 2006 NSA insiders told Leslie Cauley of USA Today that the NSA has been collecting almost all U.S. phone records since shortly after 9/11. In 2010 Dana Priest and William Arkin of The Washington Post reported that "collection systems at the [NSA] intercept and store 1.7 billion emails, phone calls, and other types of communications" every day. According to a 2007 lawsuit, Verizon built a fiber optic cable to give the "access to all communications flowing through the carrier’s operations center." In April 2012 Wired's James Bamford reported how the U.S. government hired two secretive Israeli companies to wiretap AT&T. AT&T engineer Mark Klein discovered the "secret room" at AT&T central office in San Francisco, through which the NSA actively "vacuumed up Internet and phone-call data from ordinary Americans with the cooperation of AT&T" through the wiretapping rooms, emphasizing that "much of the data sent through AT&T to the NSA was purely domestic." Former NSA executive and whistleblower Thomas Drake testified that the NSA is using Israeli-made hardware to "seize and save all personal electronic communications."
  • A classified program called Prism, leaked by Snowden, appears to acquire information from the servers of nine of the biggest internet companies. The Washington Post reported that the government's orders "serve as one-time blanket approvals for data acquisition and surveillance on selected foreign targets for periods of as long as a year." NSA Whistleblower William Binney that the NSA began using the program he built (i.e. ThinThread) to use communications data for creating, in real time, profiles of nearly all Americans so that the government is "able to monitor what people are doing" and who they are doing it with. In July the Foreign Intelligence Surveillance Court (FISC), established to "hear applications for and grant orders approving electronic surveillance," found that the NSA violated the Fourth Amendment's restriction against unreasonable searches and seizures "on at least one occasion." BONUS: In March CIA Chief Technology Officer Ira "Gus" Hunt said: "It is really very nearly within our grasp to be able to compute on all human generated information." If there is "significantly more" to the NSA's domestic snooping, then we're all ears and eyes.
Gary Edwards

XKeyscore: NSA tool collects 'nearly everything a user does on the internet' | World ne... - 1 views

www.theguardian.com/...top-secret-program-online-data

Edward-Snowden Glenn-Greenwald NSA NSA-Patriot-Act-NDAA NSA-Whistleblower

shared by Gary Edwards on 01 Aug 13 - No Cached
  • The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight.
  • The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10
  • "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email".
  • ...23 more annotations...
  • US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do."
  • But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed.
  • XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata.
  • Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity.
  • Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets.
  • But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.
  • One training slide illustrates the digital activity constantly being collected by XKeyscore and the analyst's ability to query the databases at any time.
  • The purpose of XKeyscore is to allow analysts to search the metadata as well as the content of emails and other internet activity, such as browser history, even when there is no known email account (a "selector" in NSA parlance) associated with the individual being targeted.
  • Analysts can also search by name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.
  • One document notes that this is because "strong selection [search by email address] itself gives us only a very limited capability" because "a large amount of time spent on the web is performing actions that are anonymous."
  • Email monitoring
  • One top-secret document describes how the program "searches within bodies of emails, webpages and documents", including the "To, From, CC, BCC lines" and the 'Contact Us' pages on websites".
  • To search for emails, an analyst using XKS enters the individual's email address into a simple online search form, along with the "justification" for the search and the time period for which the emails are sought.
  • One document, a top secret 2010 guide describing the training received by NSA analysts for general surveillance under the Fisa Amendments Act of 2008, explains that analysts can begin surveillance on anyone by clicking a few simple pull-down menus designed to provide both legal and targeting justifications.
  • Once options on the pull-down menus are selected, their target is marked for electronic surveillance and the analyst is able to review the content of their communications:
  • Chats, browsing history and other internet activity
  • Beyond emails, the XKeyscore system allows analysts to monitor a virtually unlimited array of other internet activities, including those within social media.
  • An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using XKeyscore to read the content of Facebook chats or private messages.
  • The XKeyscore program also allows an analyst to learn the IP addresses of every person who visits any website the analyst specifies.
  • The quantity of communications accessible through programs such as XKeyscore is staggeringly large. One NSA report from 2007 estimated that there were 850bn "call events" collected and stored in the NSA databases, and close to 150bn internet records. Each day, the document says, 1-2bn records were added.
  • William Binney, a former NSA mathematician, said last year that the agency had "assembled on the order of 20tn transactions about US citizens with other US citizens", an estimate, he said, that "only was involving phone calls and emails". A 2010 Washington Post article reported that "every day, collection systems at the [NSA] intercept and store 1.7bn emails, phone calls and other type of communications."
  • The ACLU's deputy legal director, Jameel Jaffer, told the Guardian last month that national security officials expressly said that a primary purpose of the new law was to enable them to collect large amounts of Americans' communications without individualized warrants.
  • "The government doesn't need to 'target' Americans in order to collect huge volumes of their communications," said Jaffer. "The government inevitably sweeps up the communications of many Americans" when targeting foreign nationals for surveillance.
  • Gary Edwards on 01 Aug 13
     
    "One presentation claims the XKeyscore program covers 'nearly everything a typical user does on the internet' ................................................................. A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden. The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet. The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight. The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10. "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email". US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do." But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks - what the agency calls Digital Network Intelligence (DNI). One
  • Paul Merrell on 02 Aug 13
     
    "But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. " Note in that regard that Snowden said in an earlier interview that use of this system rarely was audited and that when audited, the most common request if changes were requested was to beef up the justification for the search. The XScore system puts the lie to just about everything the Administration has claimed about intense oversight by all three branches of federal government and about not reading emails or listening to (Skype) phone calls. The lies keep stacking up in an ever-deepening pile.
Paul Merrell

Tomgram: Alfred McCoy, It's About Blackmail, Not National Security | TomDispatch - 0 views

www.tomdispatch.com/...kmail%2C_not_national_security

surveillance state blackmail power-projection empire Obama BushII

shared by Paul Merrell on 29 Jan 14 - No Cached
  • For more than six months, Edward Snowden’s revelations about the National Security Agency (NSA) have been pouring out from the Washington Post, the New York Times, the Guardian, Germany’s Der Spiegel, and Brazil’s O Globo, among other places.  Yet no one has pointed out the combination of factors that made the NSA’s expanding programs to monitor the world seem like such a slam-dunk development in Washington.  The answer is remarkably simple.  For an imperial power losing its economic grip on the planet and heading into more austere times, the NSA’s latest technological breakthroughs look like a bargain basement deal when it comes to projecting power and keeping subordinate allies in line -- like, in fact, the steal of the century.  Even when disaster turned out to be attached to them, the NSA’s surveillance programs have come with such a discounted price tag that no Washington elite was going to reject them.
  • What exactly was the aim of such an unprecedented program of massive domestic and planetary spying, which clearly carried the risk of controversy at home and abroad? Here, an awareness of the more than century-long history of U.S. surveillance can guide us through the billions of bytes swept up by the NSA to the strategic significance of such a program for the planet’s last superpower. What the past reveals is a long-term relationship between American state surveillance and political scandal that helps illuminate the unacknowledged reason why the NSA monitors America’s closest allies. Not only does such surveillance help gain intelligence advantageous to U.S. diplomacy, trade relations, and war-making, but it also scoops up intimate information that can provide leverage -- akin to blackmail -- in sensitive global dealings and negotiations of every sort. The NSA’s global panopticon thus fulfills an ancient dream of empire. With a few computer key strokes, the agency has solved the problem that has bedeviled world powers since at least the time of Caesar Augustus: how to control unruly local leaders, who are the foundation for imperial rule, by ferreting out crucial, often scurrilous, information to make them more malleable.
  • Once upon a time, such surveillance was both expensive and labor intensive. Today, however, unlike the U.S. Army’s shoe-leather surveillance during World War I or the FBI’s break-ins and phone bugs in the Cold War years, the NSA can monitor the entire world and its leaders with only 100-plus probes into the Internet’s fiber optic cables. This new technology is both omniscient and omnipresent beyond anything those lacking top-secret clearance could have imagined before the Edward Snowden revelations began.  Not only is it unimaginably pervasive, but NSA surveillance is also a particularly cost-effective strategy compared to just about any other form of global power projection. And better yet, it fulfills the greatest imperial dream of all: to be omniscient not just for a few islands, as in the Philippines a century ago, or a couple of countries, as in the Cold War era, but on a truly global scale. In a time of increasing imperial austerity and exceptional technological capability, everything about the NSA’s surveillance told Washington to just “go for it.”  This cut-rate mechanism for both projecting force and preserving U.S. global power surely looked like a no-brainer, a must-have bargain for any American president in the twenty-first century -- before new NSA documents started hitting front pages weekly, thanks to Snowden, and the whole world began returning the favor.
  • ...12 more annotations...
  • As the gap has grown between Washington’s global reach and its shrinking mailed fist, as it struggles to maintain 40% of world armaments (the 2012 figure) with only 23% of global gross economic output, the U.S. will need to find new ways to exercise its power far more economically. As the Cold War took off, a heavy-metal U.S. military -- with 500 bases worldwide circa 1950 -- was sustainable because the country controlled some 50% of the global gross product. But as its share of world output falls -- to an estimated 17% by 2016 -- and its social welfare costs climb relentlessly from 4% of gross domestic product in 2010 to a projected 18% by 2050, cost-cutting becomes imperative if Washington is to survive as anything like the planet’s “sole superpower.” Compared to the $3 trillion cost of the U.S. invasion and occupation of Iraq, the NSA’s 2012 budget of just $11 billion for worldwide surveillance and cyberwarfare looks like cost saving the Pentagon can ill-afford to forego. Yet this seeming “bargain” comes at what turns out to be an almost incalculable cost. The sheer scale of such surveillance leaves it open to countless points of penetration, whether by a handful of anti-war activists breaking into an FBI field office in Media, Pennsylvania, back in 1971 or Edward Snowden downloading NSA documents at a Hawaiian outpost in 2012.
  • In October 2001, not satisfied with the sweeping and extraordinary powers of the newly passed Patriot Act, President Bush ordered the National Security Agency to commence covert monitoring of private communications through the nation's telephone companies without the requisite FISA warrants. Somewhat later, the agency began sweeping the Internet for emails, financial data, and voice messaging on the tenuous theory that such “metadata” was “not constitutionally protected.” In effect, by penetrating the Internet for text and the parallel Public Switched Telephone Network (PSTN) for voice, the NSA had gained access to much of the world’s telecommunications. By the end of Bush’s term in 2008, Congress had enacted laws that not only retrospectively legalized these illegal programs, but also prepared the way for NSA surveillance to grow unchecked. Rather than restrain the agency, President Obama oversaw the expansion of its operations in ways remarkable for both the sheer scale of the billions of messages collected globally and for the selective monitoring of world leaders.
  • By 2012, the centralization via digitization of all voice, video, textual, and financial communications into a worldwide network of fiber optic cables allowed the NSA to monitor the globe by penetrating just 190 data hubs -- an extraordinary economy of force for both political surveillance and cyberwarfare.
  • With a few hundred cable probes and computerized decryption, the NSA can now capture the kind of gritty details of private life that J. Edgar Hoover so treasured and provide the sort of comprehensive coverage of populations once epitomized by secret police like East Germany’s Stasi. And yet, such comparisons only go so far. After all, once FBI agents had tapped thousands of phones, stenographers had typed up countless transcripts, and clerks had stored this salacious paper harvest in floor-to-ceiling filing cabinets, J. Edgar Hoover still only knew about the inner-workings of the elite in one city: Washington, D.C.  To gain the same intimate detail for an entire country, the Stasi had to employ one police informer for every six East Germans -- an unsustainable allocation of human resources. By contrast, the marriage of the NSA’s technology to the Internet’s data hubs now allows the agency’s 37,000 employees a similarly close coverage of the entire globe with just one operative for every 200,000 people on the planet
  • Through the expenditure of $250 million annually under its Sigint Enabling Project, the NSA has stealthily penetrated all encryption designed to protect privacy. “In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,” reads a 2007 NSA document. “It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.” By collecting knowledge -- routine, intimate, or scandalous -- about foreign leaders, imperial proconsuls from ancient Rome to modern America have gained both the intelligence and aura of authority necessary for dominion over alien societies. The importance, and challenge, of controlling these local elites cannot be overstated. During its pacification of the Philippines after 1898, for instance, the U.S. colonial regime subdued contentious Filipino leaders via pervasive policing that swept up both political intelligence and personal scandal. And that, of course, was just what J. Edgar Hoover was doing in Washington during the 1950s and 1960s.
  • Indeed, the mighty British Empire, like all empires, was a global tapestry woven out of political ties to local leaders or “subordinate elites” -- from Malay sultans and Indian maharajas to Gulf sheiks and West African tribal chiefs. As historian Ronald Robinson once observed, the British Empire spread around the globe for two centuries through the collaboration of these local leaders and then unraveled, in just two decades, when that collaboration turned to “non-cooperation.” After rapid decolonization during the 1960s transformed half-a-dozen European empires into 100 new nations, their national leaders soon found themselves the subordinate elites of a spreading American global imperium. Washington suddenly needed the sort of private information that could keep such figures in line. Surveillance of foreign leaders provides world powers -- Britain then, America now -- with critical information for the exercise of global hegemony. Such spying gave special penetrating power to the imperial gaze, to that sense of superiority necessary for dominion over others.  It also provided operational information on dissidents who might need to be countered with covert action or military force; political and economic intelligence so useful for getting the jump on allies in negotiations of all sorts; and, perhaps most important of all, scurrilous information about the derelictions of leaders useful in coercing their compliance.
  • In late 2013, the New York Times reported that, when it came to spying on global elites, there were “more than 1,000 targets of American and British surveillance in recent years,” reaching down to mid-level political actors in the international arena. Revelations from Edward Snowden’s cache of leaked documents indicate that the NSA has monitored leaders in some 35 nations worldwide -- including Brazilian president Dilma Rousseff, Mexican presidents Felipe Calderón and Enrique Peña Nieto, German Chancellor Angela Merkel, and Indonesia’s president Susilo Bambang Yudhoyono.  Count in as well, among so many other operations, the monitoring of “French diplomatic interests” during the June 2010 U.N. vote on Iran sanctions and “widespread surveillance” of world leaders during the Group 20 summit meeting at Ottawa in June 2010. Apparently, only members of the historic “Five Eyes” signals-intelligence alliance (Australia, Canada, New Zealand, and Great Britain) remain exempt -- at least theoretically -- from NSA surveillance. Such secret intelligence about allies can obviously give Washington a significant diplomatic advantage. During U.N. wrangling over the U.S. invasion of Iraq in 2002-2003, for example, the NSA intercepted Secretary-General Kofi Anan’s conversations and monitored the “Middle Six” -- Third World nations on the Security Council -- offering what were, in essence, well-timed bribes to win votes. The NSA’s deputy chief for regional targets sent a memo to the agency’s Five Eyes allies asking “for insights as to how membership is reacting to on-going debate regarding Iraq, plans to vote on any related resolutions [..., and] the whole gamut of information that could give U.S. policymakers an edge in obtaining results favorable to U.S. goals.”
  • Indicating Washington’s need for incriminating information in bilateral negotiations, the State Department pressed its Bahrain embassy in 2009 for details, damaging in an Islamic society, on the crown princes, asking: “Is there any derogatory information on either prince? Does either prince drink alcohol? Does either one use drugs?” Indeed, in October 2012, an NSA official identified as “DIRNSA,” or Director General Keith Alexander, proposed the following for countering Muslim radicals: “[Their] vulnerabilities, if exposed, would likely call into question a radicalizer’s devotion to the jihadist cause, leading to the degradation or loss of his authority.” The agency suggested that such vulnerabilities could include “viewing sexually explicit material online” or “using a portion of the donations they are receiving… to defray personal expenses.” The NSA document identified one potential target as a “respected academic” whose “vulnerabilities” are “online promiscuity.”
  • Just as the Internet has centralized communications, so it has moved most commercial sex into cyberspace. With an estimated 25 million salacious sites worldwide and a combined 10.6 billion page views per month in 2013 at the five top sex sites, online pornography has become a global business; by 2006, in fact, it generated $97 billion in revenue. With countless Internet viewers visiting porn sites and almost nobody admitting it, the NSA has easy access to the embarrassing habits of targets worldwide, whether Muslim militants or European leaders. According to James Bamford, author of two authoritative books on the agency, “The NSA's operation is eerily similar to the FBI's operations under J. Edgar Hoover in the 1960s where the bureau used wiretapping to discover vulnerabilities, such as sexual activity, to ‘neutralize’ their targets.”
  • Indeed, whistleblower Edward Snowden has accused the NSA of actually conducting such surveillance.  In a December 2013 letter to the Brazilian people, he wrote, “They even keep track of who is having an affair or looking at pornography, in case they need to damage their target's reputation.” If Snowden is right, then one key goal of NSA surveillance of world leaders is not U.S. national security but political blackmail -- as it has been since 1898. Such digital surveillance has tremendous potential for scandal, as anyone who remembers New York Governor Eliot Spitzer’s forced resignation in 2008 after routine phone taps revealed his use of escort services; or, to take another obvious example, the ouster of France’s budget minister Jérôme Cahuzac in 2013 following wire taps that exposed his secret Swiss bank account. As always, the source of political scandal remains sex or money, both of which the NSA can track with remarkable ease.
  • By starting a swelling river of NSA documents flowing into public view, Edward Snowden has given us a glimpse of the changing architecture of U.S. global power. At the broadest level, Obama’s digital “pivot” complements his overall defense strategy, announced in 2012, of reducing conventional forces while expanding into the new, cost-effective domains of space and cyberspace. While cutting back modestly on costly armaments and the size of the military, President Obama has invested billions in the building of a new architecture for global information control. If we add the $791 billion expended to build the Department of Homeland Security bureaucracy to the $500 billion spent on an increasingly para-militarized version of global intelligence in the dozen years since 9/11, then Washington has made a $1.2 trillion investment in a new apparatus of world power.
  • So formidable is this security bureaucracy that Obama’s recent executive review recommended the regularization, not reform, of current NSA practices, allowing the agency to continue collecting American phone calls and monitoring foreign leaders into the foreseeable future. Cyberspace offers Washington an austerity-linked arena for the exercise of global power, albeit at the cost of trust by its closest allies -- a contradiction that will bedevil America’s global leadership for years to come. To update Henry Stimson: in the age of the Internet, gentlemen don't just read each other’s mail, they watch each other’s porn. Even if we think we have nothing to hide, all of us, whether world leaders or ordinary citizens, have good reason to be concerned.
Paul Merrell

NSA Director Finally Admits Encryption Is Needed to Protect Public's Privacy - 0 views

www.mintpressnews.com/...213028

surveillance state encryption NSA Comey

shared by Paul Merrell on 25 Jan 16 - No Cached
  • NSA Director Finally Admits Encryption Is Needed to Protect Public’s Privacy The new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. By Carey Wedler | AntiMedia | January 22, 2016 Share this article! https://mail.google.com/mail/?view=cm&fs=1&to&su=NSA%20Director%20Finally%20Admits%20Encryption%20Is%20Needed%20to%20Protect%20Public%E2%80%99s%20Privacy&body=http%3A%2F%2Fwww.mintpress
  • Rogers cited the recent Office of Personnel Management hack of over 20 million users as a reason to increase encryption rather than scale it back. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack that compromised the personal data about 20 million people who obtained background checks. Rogers’ comments, while forward-thinking, signify an about face in his stance on encryption. In February 2015, he said he “shares [FBI] Director [James] Comey’s concern” about cell phone companies’ decision to add encryption features to their products. Comey has been one loudest critics of encryption. However, Rogers’ comments on Thursday now directly conflict with Comey’s stated position. The FBI director has publicly chastised encryption, as well as the companies that provide it. In 2014, he claimed Apple’s then-new encryption feature could lead the world to “a very dark place.” At a Department of Justice hearing in November, Comey testified that “Increasingly, the shadow that is ‘going dark’ is falling across more and more of our work.” Though he claimed, “We support encryption,” he insisted “we have a problem that encryption is crashing into public safety and we have to figure out, as people who care about both, to resolve it. So, I think the conversation’s in a healthier place.”
  • At the same hearing, Comey and Attorney General Loretta Lynch declined to comment on whether they had proof the Paris attackers used encryption. Even so, Comey recently lobbied for tech companies to do away with end-to-end encryption. However, his crusade has fallen on unsympathetic ears, both from the private companies he seeks to control — and from the NSA. Prior to Rogers’ statements in support of encryption Thursday, former NSA chief Michael Hayden said, “I disagree with Jim Comey. I actually think end-to-end encryption is good for America.” Still another former NSA chair has criticized calls for backdoor access to information. In October, Mike McConnell told a panel at an encryption summit that the United States is “better served by stronger encryption, rather than baking in weaker encryption.” Former Department of Homeland Security chief, Michael Chertoff, has also spoken out against government being able to bypass encryption.
  • ...2 more annotations...
  • Regardless of these individual defenses of encryption, the Intercept explained why these statements may be irrelevant: “Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.”
  • Rogers statements, of course, are not a full-fledged endorsement of privacy, nor can the NSA be expected to make it a priority. Even so, his new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. “So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” Rogers said Thursday. “So what we’ve got to ask ourselves is, with that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”
Gary Edwards

» 21 Facts About NSA Snooping That Every American Should Know Alex Jones' Inf... - 0 views

www.infowars.com/hat-every-american-should-know

NSA-Patriot-Act-NDAA NSA-Whistleblower PRISM Echelon-SIGINT

shared by Gary Edwards on 18 Jun 13 - No Cached
  • Gary Edwards on 18 Jun 13
     
    NSA-PRISM-Echelon in a nutshell.  The list below is a short sample.  Each fact is documented, and well worth the time reading. "The following are 21 facts about NSA snooping that every American should know…" #1 According to CNET, the NSA told Congress during a recent classified briefing that it does not need court authorization to listen to domestic phone calls… #2 According to U.S. Representative Loretta Sanchez, members of Congress learned "significantly more than what is out in the media today" about NSA snooping during that classified briefing. #3 The content of all of our phone calls is being recorded and stored.  The following is a from a transcript of an exchange between Erin Burnett of CNN and former FBI counterterrorism agent Tim Clemente which took place just last month… #4 The chief technology officer at the CIA, Gus Hunt, made the following statement back in March… "We fundamentally try to collect everything and hang onto it forever." #5 During a Senate Judiciary Oversight Committee hearing in March 2011, FBI Director Robert Mueller admitted that the intelligence community has the ability to access emails "as they come in"… #6 Back in 2007, Director of National Intelligence Michael McConnell told Congress that the president has the "constitutional authority" to authorize domestic spying without warrants no matter when the law says. #7 The Director Of National Intelligence James Clapper recently told Congress that the NSA was not collecting any information about American citizens.  When the media confronted him about his lie, he explained that he "responded in what I thought was the most truthful, or least untruthful manner". #8 The Washington Post is reporting that the NSA has four primary data collection systems… MAINWAY, MARINA, METADATA, PRISM #9 The NSA knows pretty much everything that you are doing on the Internet.  The following is a short excerpt from a recent Yahoo article… #10 The NSA is suppose
Paul Merrell

NSA shares raw intelligence including Americans' data with Israel | World news | The Gu... - 0 views

www.theguardian.com/...personal-data-israel-documents

security state NSA FISA Court Israel Unit-8200 NSA-records Obama lies

shared by Paul Merrell on 19 Sep 13 - No Cached
  • The National Security Agency routinely shares raw intelligence data with Israel without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals.Details of the intelligence-sharing agreement are laid out in a memorandum of understanding between the NSA and its Israeli counterpart that shows the US government handed over intercepted communications likely to contain phone calls and emails of American citizens. The agreement places no legally binding limits on the use of the data by the Israelis.The disclosure that the NSA agreed to provide raw intelligence data to a foreign country contrasts with assurances from the Obama administration that there are rigorous safeguards to protect the privacy of US citizens caught in the dragnet. The intelligence community calls this process "minimization", but the memorandum makes clear that the information shared with the Israelis would be in its pre-minimized state.
  • The deal was reached in principle in March 2009, according to the undated memorandum, which lays out the ground rules for the intelligence sharing.The five-page memorandum, termed an agreement between the US and Israeli intelligence agencies "pertaining to the protection of US persons", repeatedly stresses the constitutional rights of Americans to privacy and the need for Israeli intelligence staff to respect these rights.But this is undermined by the disclosure that Israel is allowed to receive "raw Sigint" – signal intelligence. The memorandum says: "Raw Sigint includes, but is not limited to, unevaluated and unminimized transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadata and content."According to the agreement, the intelligence being shared would not be filtered in advance by NSA analysts to remove US communications. "NSA routinely sends ISNU [the Israeli Sigint National Unit] minimized and unminimized raw collection", it says.
  • In a statement to the Guardian, an NSA spokesperson did not deny that personal data about Americans was included in raw intelligence data shared with the Israelis. But the agency insisted that the shared intelligence complied with all rules governing privacy."Any US person information that is acquired as a result of NSA's surveillance activities is handled under procedures that are designed to protect privacy rights," the spokesperson said.The NSA declined to answer specific questions about the agreement, including whether permission had been sought from the Foreign Intelligence Surveillance (Fisa) court for handing over such material.
  • ...3 more annotations...
  • While NSA documents tout the mutually beneficial relationship of Sigint sharing, another report, marked top secret and dated September 2007, states that the relationship, while central to US strategy, has become overwhelmingly one-sided in favor of Israel."Balancing the Sigint exchange equally between US and Israeli needs has been a constant challenge," states the report, titled 'History of the US – Israel Sigint Relationship, Post-1992'. "In the last decade, it arguably tilted heavily in favor of Israeli security concerns. 9/11 came, and went, with NSA's only true Third Party [counter-terrorism] relationship being driven almost totally by the needs of the partner."
  • In another top-secret document seen by the Guardian, dated 2008, a senior NSA official points out that Israel aggressively spies on the US. "On the one hand, the Israelis are extraordinarily good Sigint partners for us, but on the other, they target us to learn our positions on Middle East problems," the official says. "A NIE [National Intelligence Estimate] ranked them as the third most aggressive intelligence service against the US."Later in the document, the official is quoted as saying: "One of NSA's biggest threats is actually from friendly intelligence services, like Israel. There are parameters on what NSA shares with them, but the exchange is so robust, we sometimes share more than we intended."
  • The Guardian asked the Obama administration how many times US data had been found in the raw intelligence, either by the Israelis or when the NSA reviewed a sample of the files, but officials declined to provide this information. Nor would they disclose how many other countries the NSA shared raw data with, or whether the Fisa court, which is meant to oversee NSA surveillance programs and the procedures to handle US information, had signed off the agreement with Israel.In its statement, the NSA said: "We are not going to comment on any specific information sharing arrangements, or the authority under which any such information is collected. The fact that intelligence services work together under specific and regulated conditions mutually strengthens the security of both nations."NSA cannot, however, use these relationships to circumvent US legal restrictions. Whenever we share intelligence information, we comply with all applicable rules, including the rules to protect US person information."
Paul Merrell

Operation AURORAGOLD: How the NSA Hacks Cellphone Networks Worldwide - 0 views

firstlook.org/...nsa-auroragold-hack-cellphones

surveillance state NSA NSA-methods cell-network-penetration AURORAGOLD

shared by Paul Merrell on 06 Dec 14 - No Cached
  • In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages. For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks. The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.
  • According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance. The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.
  • Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.
  • ...11 more annotations...
  • “Collecting an inventory [like this] on world networks has big ramifications,” Nohl said, because it allows the NSA to track and circumvent upgrades in encryption technology used by cellphone companies to shield calls and texts from eavesdropping. Evidence that the agency has deliberately plotted to weaken the security of communication infrastructure, he added, was particularly alarming. “Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Nohl said, “because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”
  • The AURORAGOLD operation is carried out by specialist NSA surveillance units whose existence has not been publicly disclosed: the Wireless Portfolio Management Office, which defines and carries out the NSA’s strategy for exploiting wireless communications, and the Target Technology Trends Center, which monitors the development of new communication technology to ensure that the NSA isn’t blindsided by innovations that could evade its surveillance reach. The center’s logo is a picture of the Earth overshadowed by a large telescope; its motto is “Predict – Plan – Prevent.”
  • The NSA documents reveal that, as of May 2012, the agency had collected technical information on about 70 percent of cellphone networks worldwide—701 of an estimated 985—and was maintaining a list of 1,201 email “selectors” used to intercept internal company details from employees. (“Selector” is an agency term for a unique identifier like an email address or phone number.) From November 2011 to April 2012, between 363 and 1,354 selectors were “tasked” by the NSA for surveillance each month as part of AURORAGOLD, according to the documents. The secret operation appears to have been active since at least 2010.
  • By covertly monitoring GSMA working groups in a bid to identify and exploit security vulnerabilities, the NSA has placed itself into direct conflict with the mission of the National Institute for Standards and Technology, or NIST, the U.S. government agency responsible for recommending cybersecurity standards in the United States. NIST recently handed out a grant of more than $800,000 to GSMA so that the organization could research ways to address “security and privacy challenges” faced by users of mobile devices. The revelation that the trade group has been targeted for surveillance may reignite deep-seated tensions between NIST and NSA that came to the fore following earlier Snowden disclosures. Last year, NIST was forced to urge people not to use an encryption standard it had previously approved after it emerged NSA had apparently covertly worked to deliberately weaken it.
  • The NSA focuses on intercepting obscure but important technical documents circulated among the GSMA’s members known as “IR.21s.” Most cellphone network operators share IR.21 documents among each other as part of agreements that allow their customers to connect to foreign networks when they are “roaming” overseas on a vacation or a business trip. An IR.21, according to the NSA documents, contains information “necessary for targeting and exploitation.” The details in the IR.21s serve as a “warning mechanism” that flag new technology used by network operators, the NSA’s documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities “where they do not yet exist.” The IR.21s also contain details about the encryption used by cellphone companies to protect the privacy of their customers’ communications as they are transmitted across networks. These details are highly sought after by the NSA, as they can aid its efforts to crack the encryption and eavesdrop on conversations.
  • One of the prime targets monitored under the AURORAGOLD program is the London-headquartered trade group, the GSM Association, or the GSMA, which represents the interests of more than 800 major cellphone, software, and internet companies from 220 countries. The GSMA’s members include U.S.-based companies such as Verizon, AT&T, Sprint, Microsoft, Facebook, Intel, Cisco, and Oracle, as well as large international firms including Sony, Nokia, Samsung, Ericsson, and Vodafone. The trade organization brings together its members for regular meetings at which new technologies and policies are discussed among various “working groups.” The Snowden files reveal that the NSA specifically targeted the GSMA’s working groups for surveillance.
  • Last year, the Washington Post reported that the NSA had already managed to break the most commonly used cellphone encryption algorithm in the world, known as A5/1. But the information collected under AURORAGOLD allows the agency to focus on circumventing newer and stronger versions of A5 cellphone encryption, such as A5/3. The documents note that the agency intercepts information from cellphone operators about “the type of A5 cipher algorithm version” they use, and monitors the development of new algorithms in order to find ways to bypass the encryption. In 2009, the British surveillance agency Government Communications Headquarters conducted a similar effort to subvert phone encryption under a project called OPULENT PUP, using powerful computers to perform a “crypt attack” to penetrate the A5/3 algorithm, secret memos reveal. By 2011, GCHQ was collaborating with the NSA on another operation, called WOLFRAMITE, to attack A5/3 encryption. (GCHQ declined to comment for this story, other than to say that it operates within legal parameters.)
  • The extensive attempts to attack cellphone encryption have been replicated across the Five Eyes surveillance alliance. Australia’s top spy agency, for instance, infiltrated an Indonesian cellphone company and stole nearly 1.8 million encryption keys used to protect communications, the New York Times reported in February.
  • The NSA’s documents show that it focuses on collecting details about virtually all technical standards used by cellphone operators, and the agency’s efforts to stay ahead of the technology curve occasionally yield significant results. In early 2010, for instance, its operatives had already found ways to penetrate a variant of the newest “fourth generation” smartphone-era technology for surveillance, years before it became widely adopted by millions of people in dozens of countries. The NSA says that its efforts are targeted at terrorists, weapons proliferators, and other foreign targets, not “ordinary people.” But the methods used by the agency and its partners to gain access to cellphone communications risk significant blowback. According to Mikko Hypponen, a security expert at Finland-based F-Secure, criminal hackers and foreign government adversaries could be among the inadvertent beneficiaries of any security vulnerabilities or encryption weaknesses inserted by the NSA into communication systems using data collected by the AURORAGOLD project.
  • Vines, the NSA spokeswoman, told The Intercept that the agency was committed to ensuring an “open, interoperable, and secure global internet.” “NSA deeply values these principles and takes great care to honor them in the performance of its lawful foreign-intelligence mission,” Vines said.
  • Documents published with this article: AURORAGOLD – Project Overview AURORAGOLD Working Group IR.21 – A Technology Warning Mechanism AURORAGOLD – Target Technology Trends Center support to WPMO NSA First-Ever Collect of High-Interest 4G Cellular Signal AURORAGOLD Working Aid WOLFRAMITE Encryption Attack OPULENT PUP Encryption Attack NSA/GCHQ/CSEC Network Tradecraft Advancement Team
  • Paul Merrell on 06 Dec 14
     
    Notice that they've cracked even 4G.
Paul Merrell

Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahama... - 0 views

firstlook.org/...-every-cell-phone-call-bahamas

surveillance state NSA DEA cell-phone-dragnet-recording

shared by Paul Merrell on 20 May 14 - No Cached
  • The National Security Agency is secretly intercepting, recording, and archiving the audio of virtually every cell phone conversation on the island nation of the Bahamas. According to documents provided by NSA whistleblower Edward Snowden, the surveillance is part of a top-secret system – code-named SOMALGET – that was implemented without the knowledge or consent of the Bahamian government. Instead, the agency appears to have used access legally obtained in cooperation with the U.S. Drug Enforcement Administration to open a backdoor to the country’s cellular telephone network, enabling it to covertly record and store the “full-take audio” of every mobile call made to, from and within the Bahamas – and to replay those calls for up to a month. SOMALGET is part of a broader NSA program called MYSTIC, which The Intercept has learned is being used to secretly monitor the telecommunications systems of the Bahamas and several other countries, including Mexico, the Philippines, and Kenya. But while MYSTIC scrapes mobile networks for so-called “metadata” – information that reveals the time, source, and destination of calls – SOMALGET is a cutting-edge tool that enables the NSA to vacuum up and store the actual content of every conversation in an entire country.
  • All told, the NSA is using MYSTIC to gather personal data on mobile calls placed in countries with a combined population of more than 250 million people. And according to classified documents, the agency is seeking funding to export the sweeping surveillance capability elsewhere. The program raises profound questions about the nature and extent of American surveillance abroad. The U.S. intelligence community routinely justifies its massive spying efforts by citing the threats to national security posed by global terrorism and unpredictable rival nations like Russia and Iran. But the NSA documents indicate that SOMALGET has been deployed in the Bahamas to locate “international narcotics traffickers and special-interest alien smugglers” – traditional law-enforcement concerns, but a far cry from derailing terror plots or intercepting weapons of mass destruction.
  • By targeting the Bahamas’ entire mobile network, the NSA is intentionally collecting and retaining intelligence on millions of people who have not been accused of any crime or terrorist activity. Nearly five million Americans visit the country each year, and many prominent U.S. citizens keep homes there, including Sen. Tom Harkin (D-Iowa), Bill Gates, and Oprah Winfrey.
  • ...12 more annotations...
  • The Intercept has confirmed that as of 2013, the NSA was actively using MYSTIC to gather cell-phone metadata in five countries, and was intercepting voice data in two of them. Documents show that the NSA has been generating intelligence reports from MYSTIC surveillance in the Bahamas, Mexico, Kenya, the Philippines, and one other country, which The Intercept is not naming in response to specific, credible concerns that doing so could lead to increased violence. The more expansive full-take recording capability has been deployed in both the Bahamas and the unnamed country. MYSTIC was established in 2009 by the NSA’s Special Source Operations division, which works with corporate partners to conduct surveillance. Documents in the Snowden archive describe it as a “program for embedded collection systems overtly installed on target networks, predominantly for the collection and processing of wireless/mobile communications networks.”
  • If an entire nation’s cell-phone calls were a menu of TV shows, MYSTIC would be a cable programming guide showing which channels offer which shows, and when. SOMALGET would be the DVR that automatically records every show on every channel and stores them for a month. MYSTIC provides the access; SOMALGET provides the massive amounts of storage needed to archive all those calls so that analysts can listen to them at will after the fact. According to one NSA document, SOMALGET is “deployed against entire networks” in the Bahamas and the second country, and processes “over 100 million call events per day.”
  • When U.S. drug agents need to tap a phone of a suspected drug kingpin in another country, they call up their counterparts and ask them set up an intercept. To facilitate those taps, many nations – including the Bahamas – have hired contractors who install and maintain so-called lawful intercept equipment on their telecommunications. With SOMALGET, it appears that the NSA has used the access those contractors developed to secretly mine the country’s entire phone system for “signals intelligence” –recording every mobile call in the country. “Host countries,” the document notes, “are not aware of NSA’s SIGINT collection.” “Lawful intercept systems engineer communications vulnerabilities into networks, forcing the carriers to weaken,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “Host governments really should be thinking twice before they accept one of these Trojan horses.”
  • The DEA has long been in a unique position to help the NSA gain backdoor access to foreign phone networks. “DEA has close relationships with foreign government counterparts and vetted foreign partners,” the manager of the NSA’s drug-war efforts reported in a 2004 memo. Indeed, with more than 80 international offices, the DEA is one of the most widely deployed U.S. agencies around the globe. But what many foreign governments fail to realize is that U.S. drug agents don’t confine themselves to simply fighting narcotics traffickers. “DEA is actually one of the biggest spy operations there is,” says Finn Selander, a former DEA special agent who works with the drug-reform advocacy group Law Enforcement Against Prohibition. “Our mandate is not just drugs. We collect intelligence.” What’s more, Selander adds, the NSA has aided the DEA for years on surveillance operations. “On our reports, there’s drug information and then there’s non-drug information,” he says. “So countries let us in because they don’t view us, really, as a spy organization.”
  • When U.S. drug agents wiretap a country’s phone networks, they must comply with the host country’s laws and work alongside their law enforcement counterparts. “The way DEA works with our allies – it could be Bahamas or Jamaica or anywhere – the host country has to invite us,” says Margolis. “We come in and provide the support, but they do the intercept themselves.” The Bahamas’ Listening Devices Act requires all wiretaps to be authorized in writing either by the minister of national security or the police commissioner in consultation with the attorney general. The individuals to be targeted must be named. Under the nation’s Data Protection Act, personal data may only be “collected by means which are both lawful and fair in the circumstances of the case.” The office of the Bahamian data protection commissioner, which administers the act, said in a statement that it “was not aware of the matter you raise.” Countries like the Bahamas don’t install lawful intercepts on their own. With the adoption of international standards, a thriving market has emerged for private firms that are contracted by foreign governments to install and maintain lawful intercept equipment. Currently valued at more than $128 million, the global market for private interception services is expected to skyrocket to more than $970 million within the next four years, according to a 2013 report from the research firm Markets and Markets.
  • The proliferation of private contractors has apparently provided the NSA with direct access to foreign phone networks. According to the documents, MYSTIC draws its data from “collection systems” that were overtly installed on the telecommunications systems of targeted countries, apparently by corporate “partners” cooperating with the NSA. One NSA document spells out that “the overt purpose” given for accessing foreign telecommunications systems is “for legitimate commercial service for the Telco’s themselves.” But the same document adds: “Our covert mission is the provision of SIGINT,” or signals intelligence.
  • According to the NSA documents, MYSTIC targets calls and other data transmitted on  Global System for Mobile Communications networks – the primary framework used for cell phone calls worldwide. In the Philippines, MYSTIC collects “GSM, Short Message Service (SMS) and Call Detail Records” via access provided by a “DSD asset in a Philippine provider site.” (The DSD refers to the Defence Signals Directorate, an arm of Australian intelligence. The Australian consulate in New York declined to comment.) The operation in Kenya is “sponsored” by the CIA, according to the documents, and collects “GSM metadata with the potential for content at a later date.” The Mexican operation is likewise sponsored by the CIA. The documents don’t say how or under what pretenses the agency is gathering call data in those countries. In the Bahamas, the documents say, the NSA intercepts GSM data that is transmitted over what is known as the “A link”–or “A interface”–a core component of many mobile networks. The A link transfers data between two crucial parts of GSM networks – the base station subsystem, where phones in the field communicate with cell towers, and the network subsystem, which routes calls and text messages to the appropriate destination. “It’s where all of the telephone traffic goes,” says the former engineer.
  • “I seriously don’t think that would be your run-of-the-mill legal interception equipment,” says the former engineer, who worked with hardware and software that typically maxed out at 1,000 intercepts. The NSA, by contrast, is recording and storing tens of millions of calls – “mass surveillance,” he observes, that goes far beyond the standard practices for lawful interception recognized around the world. The Bahamas Telecommunications Company did not respond to repeated phone calls and emails.
  • If the U.S. government wanted to make a case for surveillance in the Bahamas, it could point to the country’s status as a leading haven for tax cheats, corporate shell games, and a wide array of black-market traffickers. The State Department considers the Bahamas both a “major drug-transit country” and a “major money laundering country” (a designation it shares with more than 60 other nations, including the U.S.). According to the International Monetary Fund, as of 2011 the Bahamas was home to 271 banks and trust companies with active licenses. At the time, the Bahamian banks held $595 billion in U.S. assets. But the NSA documents don’t reflect a concerted focus on the money launderers and powerful financial institutions – including numerous Western banks – that underpin the black market for narcotics in the Bahamas. Instead, an internal NSA presentation from 2013 recounts with pride how analysts used SOMALGET to locate an individual who “arranged Mexico-to-United States marijuana shipments” through the U.S. Postal Service.
  • The presentation doesn’t say whether the NSA shared the information with the DEA. But the drug agency’s Special Operations Divison has come under fire for improperly using classified information obtained by the NSA to launch criminal investigations – and then creating false narratives to mislead courts about how the investigations began. The tactic – known as parallel construction – was first reported by Reuters last year, and is now under investigation by the Justice Department’s inspector general. So: Beyond a desire to bust island pot dealers, why would the NSA choose to apply a powerful collection tool such as SOMALGET against the Bahamas, which poses virtually no threat to the United States? The answer may lie in a document that characterizes the Bahamas operation as a “test bed for system deployments, capabilities, and improvements” to SOMALGET. The country’s small population – fewer than 400,000 residents – provides a manageable sample to try out the surveillance system’s features. Since SOMALGET is also operational in one other country, the Bahamas may be used as a sort of guinea pig to beta-test improvements and alterations without impacting the system’s operations elsewhere. “From an engineering point of view it makes perfect sense,” says the former engineer. “Absolutely.”
  • SOMALGET operates under Executive Order 12333, a Reagan-era rule establishing wide latitude for the NSA and other intelligence agencies to spy on other countries, as long as the attorney general is convinced the efforts are aimed at gathering foreign intelligence. In 2000, the NSA assured Congress that all electronic surveillance performed under 12333 “must be conducted in a manner that minimizes the acquisition, retention, and dissemination of information about unconsenting U.S. persons.” In reality, many legal experts point out, the lack of judicial oversight or criminal penalties for violating the order render the guidelines meaningless. “I think it would be open, whether it was legal or not,” says German, the former FBI agent. “Because we don’t have all the facts about how they’re doing it. For a long time, the NSA has been interpreting their authority in the broadest possible way, even beyond what an objective observer would say was reasonable.” “An American citizen has Fourth Amendment rights wherever they are,” adds Kurt Opsahl, an attorney with the Electronic Frontier Foundation. “Nevertheless, there have certainly been a number of things published over the last year which suggest that there are broad, sweeping programs that the NSA and other government agencies are doing abroad that sweep up the communications of Americans.”
  • Legal or not, the NSA’s covert surveillance of an entire nation suggests that it will take more than the president’s tepid “limits” to rein in the ambitions of the intelligence community. “It’s almost like they have this mentality – if we can, we will,” says German. “There’s no analysis of the long-term risks of doing it, no analysis of whether it’s actually worth the effort, no analysis of whether we couldn’t take those resources and actually put them on real threats and do more good.” It’s not surprising, German adds, that the government’s covert program in the Bahamas didn’t remain covert. “The undermining of international law and international cooperation is such a long-term negative result of these programs that they had to know would eventually be exposed, whether through a leak, whether through a spy, whether through an accident,” he says. “Nothing stays secret forever. It really shows the arrogance of these agencies – they were just going to do what they were going to do, and they weren’t really going to consider any other important aspects of how our long-term security needs to be addressed.”
  • Paul Merrell on 20 May 14
     
    Words fail me.
Paul Merrell

GCHQ taps fibre-optic cables for secret access to world's communications | UK news | gu... - 0 views

www.guardian.co.uk/...ecret-world-communications-nsa

surveillance state NSA GCHQ UK Snowden must-read

shared by Paul Merrell on 22 Jun 13 - No Cached
  • Britain's spy agency GCHQ has secretly gained access to the network of cables which carry the world's phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).The sheer scale of the agency's ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.One key innovation has been GCHQ's ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.
  • GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user's access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called "the largest programme of suspicionless surveillance in human history"."It's not just a US problem. The UK has a huge dog in this fight," Snowden told the Guardian. "They [GCHQ] are worse than the US."
  • However, on Friday a source with knowledge of intelligence argued that the data was collected legally under a system of safeguards, and had provided material that had led to significant breakthroughs in detecting and preventing serious crime.Britain's technical capacity to tap into the cables that carry the world's communications – referred to in the documents as special source exploitation – has made GCHQ an intelligence superpower.By 2010, two years after the project was first trialled, it was able to boast it had the "biggest internet access" of any member of the Five Eyes electronic eavesdropping alliance, comprising the US, UK, Canada, Australia and New Zealand.UK officials could also claim GCHQ "produces larger amounts of metadata than NSA". (Metadata describes basic information on who has been contacting whom, without detailing the content.)By May last year 300 analysts from GCHQ, and 250 from the NSA, had been assigned to sift through the flood of data.The Americans were given guidelines for its use, but were told in legal briefings by GCHQ lawyers: "We have a light oversight regime compared with the US".
  • ...8 more annotations...
  • When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was "your call".The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.
  • For the 2 billion users of the world wide web, Tempora represents a window on to their everyday lives, sucking up every form of communication from the fibre-optic cables that ring the world.The NSA has meanwhile opened a second window, in the form of the Prism operation, revealed earlier this month by the Guardian, from which it secured access to the internal systems of global companies that service the internet.The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.This was done under secret agreements with commercial companies, described in one document as "intercept partners".The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned "sensitive relationship teams" and staff were urged in one internal guidance paper to disguise the origin of "special source" material in their reports for fear that the role of the companies as intercept partners would cause "high-level political fallout".
  • The GCHQ documents that the Guardian has seen illustrate a constant effort to build up storage capacity at the stations at Cheltenham, Bude and at one overseas location, as well a search for ways to maintain the agency's comparative advantage as the world's leading communications companies increasingly route their cables through Asia to cut costs. Meanwhile, technical work is ongoing to expand GCHQ's capacity to ingest data from new super cables carrying data at 100 gigabits a second. As one training slide told new users: "You are in an enviable position – have fun and make the most of it."
  • The categories of material have included fraud, drug trafficking and terrorism, but the criteria at any one time are secret and are not subject to any public debate. GCHQ's compliance with the certificates is audited by the agency itself, but the results of those audits are also secret.An indication of how broad the dragnet can be was laid bare in advice from GCHQ's lawyers, who said it would be impossible to list the total number of people targeted because "this would be an infinite list which we couldn't manage".There is an investigatory powers tribunal to look into complaints that the data gathered by GCHQ has been improperly used, but the agency reassured NSA analysts in the early days of the programme, in 2009: "So far they have always found in our favour".
  • Historically, the spy agencies have intercepted international communications by focusing on microwave towers and satellites. The NSA's intercept station at Menwith Hill in North Yorkshire played a leading role in this. One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: "Why can't we collect all the signals all the time? Sounds like a good summer project for Menwith."By then, however, satellite interception accounted for only a small part of the network traffic. Most of it now travels on fibre-optic cables, and the UK's position on the western edge of Europe gave it natural access to cables emerging from the Atlantic.
  • The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to "selectors" – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is "content", such as recordings of phone calls or the substance of email messages. The rest is metadata.
  • "The criteria are security, terror, organised crime. And economic well-being. There's an auditing process to go back through the logs and see if it was justified or not. The vast majority of the data is discarded without being looked at … we simply don't have the resources."However, the legitimacy of the operation is in doubt. According to GCHQ's legal advice, it was given the go-ahead by applying old law to new technology. The 2000 Regulation of Investigatory Powers Act (Ripa) requires the tapping of defined targets to be authorised by a warrant signed by the home secretary or foreign secretary.However, an obscure clause allows the foreign secretary to sign a certificate for the interception of broad categories of material, as long as one end of the monitored communications is abroad. But the nature of modern fibre-optic communications means that a proportion of internal UK traffic is relayed abroad and then returns through the cables.
  • British spy agency collects and stores vast quantities of global email messages, Facebook posts, internet histories and calls, and shares them with NSA, latest documents from Edward Snowden reveal
  • Paul Merrell on 22 Jun 13
     
    Note particularly that the Brit criteria adds economic data to the list of categories categories the NSA trawls for and shares its data with the U.S. NSA. Both agencies claim to be targeting foreigners, so now we're into the "we surveil your citizens; you surveil our citizens, then we'll share the results" scenario that leaves both sides of the pond with a superficial excuse to say "we don't surveil our own citizens, just foreigners." But it's just ring-around-the-rosy. 850,000 NSA employees and U.S. private contractors with access to GCHQ surveillance databases.  Lots more in the article that I didn't highlight.
Paul Merrell

How the NSA is still harvesting your online data | World news | guardian.co.uk - 0 views

www.guardian.co.uk/...nsa-online-metadata-collection

surveillance state NSA Obama lies EvilOlive ShellTrumpet MoonLightPath Spinneret xKeyScore Deep Dive Transient Thurible

shared by Paul Merrell on 30 Jun 13 - No Cached
  • A review of top-secret NSA documents suggests that the surveillance agency still collects and sifts through large quantities of Americans' online data – despite the Obama administration's insistence that the program that began under Bush ended in 2011.Shawn Turner, the Obama administration's director of communications for National Intelligence, told the Guardian that "the internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted."But the documents indicate that the amount of internet metadata harvested, viewed, processed and overseen by the Special Source Operations (SSO) directorate inside the NSA is extensive.While there is no reference to any specific program currently collecting purely domestic internet metadata in bulk, it is clear that the agency collects and analyzes significant amounts of data from US communications systems in the course of monitoring foreign targets.
  • On December 26 2012, SSO announced what it described as a new capability to allow it to collect far more internet traffic and data than ever before. With this new system, the NSA is able to direct more than half of the internet traffic it intercepts from its collection points into its own repositories. One end of the communications collected are inside the United States.The NSA called it the "One-End Foreign (1EF) solution". It intended the program, codenamed EvilOlive, for "broadening the scope" of what it is able to collect. It relied, legally, on "FAA Authority", a reference to the 2008 Fisa Amendments Act that relaxed surveillance restrictions.This new system, SSO stated in December, enables vastly increased collection by the NSA of internet traffic. "The 1EF solution is allowing more than 75% of the traffic to pass through the filter," the SSO December document reads. "This milestone not only opened the aperture of the access but allowed the possibility for more traffic to be identified, selected and forwarded to NSA repositories."
  • It continued: "After the EvilOlive deployment, traffic has literally doubled."The scale of the NSA's metadata collection is highlighted by references in the documents to another NSA program, codenamed ShellTrumpet.On December 31, 2012, an SSO official wrote that ShellTrumpet had just "processed its One Trillionth metadata record".
  • ...4 more annotations...
  • Explaining that the five-year old program "began as a near-real-time metadata analyzer … for a classic collection system", the SSO official noted: "In its five year history, numerous other systems from across the Agency have come to use ShellTrumpet's processing capabilities for performance monitoring" and other tasks, such as "direct email tip alerting."Almost half of those trillion pieces of internet metadata were processed in 2012, the document detailed: "though it took five years to get to the one trillion mark, almost half of this volume was processed in this calendar year".
  • Another SSO entry, dated February 6, 2013, described ongoing plans to expand metadata collection. A joint surveillance collection operation with an unnamed partner agency yielded a new program "to query metadata" that was "turned on in the Fall 2012". Two others, called MoonLightPath and Spinneret, "are planned to be added by September 2013."A substantial portion of the internet metadata still collected and analyzed by the NSA comes from allied governments, including its British counterpart, GCHQ.
  • An SSO entry dated September 21, 2012, announced that "Transient Thurible, a new Government Communications Head Quarters (GCHQ) managed XKeyScore (XKS) Deep Dive was declared operational." The entry states that GCHQ "modified" an existing program so the NSA could "benefit" from what GCHQ harvested."Transient Thurible metadata [has been] flowing into NSA repositories since 13 August 2012," the entry states.
  • A review of top-secret NSA documents suggests that the surveillance agency still collects and sifts through large quantities of Americans' online data – despite the Obama administration's insistence that the program that began under Bush ended in 2011.Shawn Turner, the Obama administration's director of communications for National Intelligence, told the Guardian that "the internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted."But the documents indicate that the amount of internet metadata harvested, viewed, processed and overseen by the Special Source Operations (SSO) directorate inside the NSA is extensive.While there is no reference to any specific program currently collecting purely domestic internet metadata in bulk, it is clear that the agency collects and analyzes significant amounts of data from US communications systems in the course of monitoring foreign targets.
Paul Merrell

NSA can eavesdrop on Americans' phone calls, documents show | Politics and Law - CNET News - 0 views

news.cnet.com/...ans-phone-calls-documents-show

surveillance state NSA Clapper lies must-read

shared by Paul Merrell on 17 Aug 13 - No Cached
  • The National Security Agency has been secretly granted legal authority to operate a massive domestic eavesdropping system that vacuums up Americans' phone calls and Internet communications, newly leaked documents show. A pair of classified government documents (No. 1 and No. 2) signed by Attorney General Eric Holder and posted by the Guardian on Thursday show that NSA analysts are able to listen to Americans' intercepted phone calls without asking a judge for a warrant first. That appears to be at odds with what President Obama said earlier this week in defense of the NSA's surveillance efforts. "I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls and the NSA cannot target your e-mails," Obama said. The new documents indicate, however, that NSA, CIA, and FBI analysts are granted broad access to data vacuumed up by the world's most powerful intelligence agency -- but are supposed to follow certain "targeting" and "minimization" procedures to limit the number of Americans who become individual targets of warrantless surveillance.
  • Analysts are expected to exercise "reasonable judgment" in determining which data to use, according to the documents, and "inadvertently acquired communications of or concerning a United States person may be retained no longer than five years." The documents also refer to "content repositories" that contain records of devices' "previous Internet activity," and say the NSA keeps records of Americans' "electronic communications accounts/addresses/identifiers" in an apparent effort to avoid targeting them in future eavesdropping efforts. The Holder procedures were blessed in advance by the secret Foreign Intelligence Surveillance Court, the Guardian reported, meaning that the judges would have issued a general order that authorizes the NSA to engage in warrantless surveillance as long as it's primarily aimed at foreign targets, subject to some limited judicial oversight. Today's disclosure jibes with what Edward Snowden, the former NSA contractor who leaked top-secret documents, alleged in an online chat earlier this week. Snowden said, referring to the contents of e-mail and phone calls, that "Americans' communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant."
  • On Sunday, Director of National Intelligence James Clapper released a carefully-worded statement in response to a CNET article and other reports questioning when intelligence analysts can listen to domestic phone calls. Clapper said: "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress." Clapper's statement was viewed as a denial, but it wasn't. Today's disclosures reveal why: Because the Justice Department granted intelligence analysts "proper legal authorization" in advance through the Holder regulations. "The DNI has a history of playing games with wording, using terms with carefully obscured meanings to leave an impression different from the truth," Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation who has litigated domestic surveillance cases, told CNET earlier this week.
  • ...3 more annotations...
  • Jameel Jaffer, the American Civil Liberties Union's deputy legal director, said in a statement today that: After Congress enacted the FISA Amendments Act in 2008, we worried that the NSA would use the new authority to conduct warrantless surveillance of Americans' telephone calls and emails. These documents confirm many of our worst fears. The "targeting" procedures indicate that the NSA is engaged in broad surveillance of Americans' international communications. The "minimization" procedures that supposedly protect Americans' constitutional rights turn out to be far weaker than we imagined they could be. For example, the NSA claims the authority to collect and disseminate attorney-client communications -- and even, in some circumstances, to turn them over to Justice Department prosecutors. The government also claims the authority to retain Americans' purely domestic communications in certain situations.
  • The documents suggest there are some significant loopholes in domestic surveillance: if an NSA analyst reviews an intercepted communication and finds "evidence of a crime that has been, is being, or is about to be committed," it can be forwarded to the FBI or other federal law enforcement agencies. Another loophole is "a serious harm to life or property" -- which could sweep in intellectual property -- and "enciphered" data. Communications that contain "enciphered" data, which would likely include PGP but also could mean encrypted Web connections using SSL, may be kept indefinitely. Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications.
  • Section 702 of the FAA says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court, as long as minimization requirements and general procedures blessed by the court are followed.
Paul Merrell

The New Snowden? NSA Contractor Arrested Over Alleged Theft Of Classified Data - 0 views

www.mintpressnews.com/...221187

surveillance state NSA zero-day-exploits leak arrest prosecution Martin

shared by Paul Merrell on 07 Oct 16 - No Cached
  • A contractor working for the National Security Agency (NSA) was arrested by the FBI following his alleged theft of “state secrets.” More specifically, the contractor, Harold Thomas Martin, is charged with stealing highly classified source codes developed to covertly hack the networks of foreign governments, according to several senior law enforcement and intelligence officials. The Justice Department has said that these stolen materials were “critical to national security.” Martin was employed by Booz Allen Hamilton, the company responsible for most of the NSA’s most sensitive cyber-operations. Edward Snowden, the most well-known NSA whistleblower, also worked for Booz Allen Hamilton until he fled to Hong Kong in 2013 where he revealed a trove of documents exposing the massive scope of the NSA dragnet surveillance. That surveillance system was shown to have targeted untold numbers of innocent Americans. According to the New York Times, the theft “raises the embarrassing prospect” that an NSA insider managed to steal highly damaging secret information from the NSA for the second time in three years, not to mention the “Shadow Broker” hack this past August, which made classified NSA hacking tools available to the public.
  • Snowden himself took to Twitter to comment on the arrest. In a tweet, he said the news of Martin’s arrest “is huge” and asked, “Did the FBI secretly arrest the person behind the reports [that the] NSA sat on huge flaws in US products?” It is currently unknown if Martin was connected to those reports as well.
  • It also remains to be seen what Martin’s motivations were in removing classified data from the NSA. Though many suspect that he planned to follow in Snowden’s footsteps, the government will more likely argue that he had planned to commit espionage by selling state secrets to “adversaries.” According to the New York Times article on the arrest, Russia, China, Iran, and North Korea are named as examples of the “adversaries” who would have been targeted by the NSA codes that Martin is accused of stealing. However, Snowden revealed widespread US spying on foreign governments including several US allies such as France and Germany. This suggests that the stolen “source codes” were likely utilized on a much broader scale.
Paul Merrell

NSA oversight dismissed as 'illusory' as anger intensifies in Europe and beyond | World... - 0 views

www.theguardian.com/...veillance-anger-deepens-europe

surveillance state NSA NSA-oversight NSA-blowback IAHCR U.N. legislation Sensenbrenner Leahy

shared by Paul Merrell on 30 Oct 13 - No Cached
  • The Obama administration's international surveillance crisis deepened on Monday as representatives from a Latin American human rights panel told US diplomats that oversight of the programs was "illusory".Members of the Inter-American Commission on Human Rights, an arm of the Organization of American States, expressed frustration and dissatisfaction with the National Security Agency's mass surveillance of foreign nationals – something the agency argues is both central to its existence and necessary to prevent terrorism. "With a program of this scope, it's obvious that any form of control becomes illusory when there's hundreds of millions of communications that become monitored and surveilled," said Felipe Gonzales, a commissioner and Chilean national."This is of concern to us because maybe the Inter-American Committee on Human Rights may become a target as well of surveillance," said Rodrigo Escobar Gil, a commissioner and Colombian citizen.
  • Frank La Rue, the United Nations special rapporteur on the right to freedom of opinion and expression, told the commission that the right to privacy was "inextricably linked" to free expression. "What is not permissible from a human rights point of view is that those that hold political power or those that are in security agencies or, even less, those in intelligence agencies decide by themselves, for themselves, what the scope of these surveillance activities are, or who will be targeted, or who will be blank surveilled," La Rue said.While the US sent four representatives to the hearing, they offered no defence, rebuttal or elaboration about bulk surveillance, saying the October government shutdown prevented them from adequate preparation. "We are here to listen," said deputy permanent representative Lawrence Gumbiner, who pledged to submit written responses within 30 days.All 35 North, Central and South American nations are members of the commission. La Rue, originally from Guatemala and an independent expert appointed by the Human Rights Council, travels the world reporting on human rights concerns – often in countries with poor democratic standards.
  • The Obama administration has been fielding a week's worth of European outrage following media reports that the NSA had collected a similarly large volume of phone calls from France – which director of national intelligence James Clapper, who recently apologised for misleading the Senate about domestic spying, called "false" – and spying on German chancellor Angela Merkel's own cellphone, which US officials have effectively confessed to. Brazil and Mexico are also demanding answers from US intelligence officials, following reports about intrusive acts of espionage in their territory revealed by documents provided to journalists by former NSA contractor Edward Snowden. The White House has said it will provide some answers after the completion of an external review of its surveillance programs, scheduled to be completed before the end of the year. The Guardian reported on Thursday that the NSA has intercepted the communications of 35 world leaders.
  • ...3 more annotations...
  • Spying on foreigners is the core mission of the NSA, one that it vigorously defends as appropriate, legal and unexceptional given the nature of global threats and widespread spycraft. Monday's hearing suggested that there are diplomatic consequences to bulk surveillance even if there may not be legal redress for non-Americans. Brazil has already shown a willingness to challenge Washington over bulk surveillance. President Dilma Rousseff postponed a September meeting with President Obama in protest, and denounced the spying during the UN general assembly shortly thereafter. Brazil is also teaming up with Germany at the UN on a general assembly resolution demanding an end to the mass surveillance. The commission's examination of the NSA's bulk surveillance activities suggested a potential southern front could open in the spy crisis just as the administration is attempting to calm down Europe.
  • International discomfort with NSA bulk surveillance is not the only spy challenge the Obama administration now confronts. Congressman James Sensenbrenner, the Wisconsin Republican and key author of the 2001 Patriot Act, is poised to introduce a bill this week that would prevent the NSA from collecting phone records on American citizens in bulk and without an individual warrant. The National Journal reported that Sensenbrenner's bill, which has a companion in the Senate, has attracted eight co-sponsors who either voted against or abstained on a July amendment in the House that would have defunded the domestic phone records bulk collection, a legislative gambit that came within seven votes of passage.Sensenbrenner's bill, like its Senate counterpart sponsored by Vermont Democrat Patrick Leahy, would not substantially restrict the NSA's foreign-focused surveillance, which is a traditional NSA activity. There is practically no congressional appetite, and no viable legislation, to limit the NSA from intercepting the communications of foreigners. An early sign about the course of potential surveillance reforms in the House of Representatives may come as early as Tuesday. The House intelligence committee, a hotbed of support for the NSA, will hold its first public hearing of the fall legislative calendar on proposed surveillance legislation. Its chairman, Mike Rogers of Michigan, has proposed requiring greater transparency on the NSA and the surveillance court that oversees it, but would largely leave the actual surveillance activities of the NSA, inside and outside the United States, untouched.
  • Alex Abdo, a lawyer with the ACLU, which requested the hearing at the Inter-American Commission on Human Rights, warned the human rights panel that the NSA could "target the foreign members of this commission when they travel abroad", as well as foreign dissidents of US-aligned governments; foreign lawyers for Guantánamo detainees; and other foreigners."If every country were to engage in surveillance as pervasive as the NSA, we would soon live in a state … with no refuge for the world's dissidents, journalists and human rights defenders," Abdo said.
Paul Merrell

Snowden document shows Canada set up spy posts for NSA - Politics - CBC News - 0 views

www.cbc.ca/...up-spy-posts-for-nsa-1.2456886

surveillance state Canada CSEC NSA Privacy-Act

shared by Paul Merrell on 11 Dec 13 - No Cached
  • A top secret document retrieved by American whistleblower Edward Snowden reveals Canada has set up covert spying posts around the world and conducted espionage against trading partners at the request of the U.S. National Security Agency. The leaked NSA document being reported exclusively by CBC News reveals Canada is involved with the huge American intelligence agency in clandestine surveillance activities in “approximately 20 high-priority countries."
  • Sections of the document with the highest classification make it clear in some instances why American spymasters are particularly keen about enlisting their Canadian counterparts, the Communications Security Establishment Canada. "CSEC shares with the NSA their unique geographic access to areas unavailable to the U.S," the document says. The briefing paper describes a "close co-operative relationship" between the NSA and its Canadian counterpart, the Communications Security Establishment Canada, or CSEC — a relationship "both sides would like to see expanded and strengthened. "The intelligence exchange with CSEC covers worldwide national and transnational targets."
  • The briefing notes make it clear that Canada plays a very robust role in intelligence-gathering around the world in a way that has won respect from its American equivalents.
  • ...5 more annotations...
  • The intimate Canada-U.S. electronic intelligence relationship dates back more than 60 years. Most recently, another Snowden document reported by CBC News showed the two agencies co-operated to allow the NSA to spy on the G20 summit of international leaders in Toronto in 2010. But what the latest secret document reveals for the first time is just how expansive Canada's international espionage activities have become.
  • The NSA document depicts CSEC as a sophisticated, capable and highly respected intelligence partner involved in all manner of joint spying missions, including setting up listening posts at the request of the Americans. "CSEC offers resources for advanced collection, processing and analysis, and has opened covert sites at the request of NSA," the document states.
  • Aside from compromising the actual intelligence operation, Wark says, an exposed spy mission can imperil Canada's other diplomatic operations — "the political contacts, the trade contacts, the generation of goodwill between the countries and any sense of co-operation." Wark says if a country feels targeted by a Canadian embassy, it can put everyone working there under a cloud of suspicion: “Are they really diplomats or are they spies?” As a result of those risks, Wark says, approval for CSEC to establish a covert spying post at the request of the NSA would have to come from the ministerial level of the Canadian government — or even from the prime minister himself.
  • Canada and the U.S. have long shared security intelligence with sister agencies in the U.K., Australia and New Zealand – the so-called "Five Eyes" partnership. But the latest secret Snowden missive shows CSEC and the NSA becoming physically intertwined. "Co-operative efforts include the exchange of liaison officers and integrees," the document reveals, a reference to CSEC operatives working inside the NSA, and vice-versa. It notes the NSA also supplies much of the computer hardware and software CSEC uses for encryption, decoding and other state-of-the-art essentials of electronic spying needed for "collection, processing and analytic efforts."
  • CSEC employs about 2,000 people, has an annual budget of roughly $450 million and will soon move into an architecturally spectacular new Ottawa headquarters costing Canadian taxpayers almost $1.2 billion. By comparison, the NSA employs an estimated 40,000 people plus thousands of private contractors, and spends over $40 billion a year NSA whistleblower Drake says the problem is that both CSEC and the NSA lack proper oversight, and without it, they have morphed into runaway surveillance. "There is a clear and compelling danger to democracy in Canada by virtue of how far these secret surveillance operations have gone."
  • Paul Merrell on 11 Dec 13
     
    "'Co-operative efforts include the exchange of liaison officers and integrees,'the document reveals, a reference to CSEC operatives working inside the NSA, and vice-versa." And that fact raises potential U.S. Privacy Act issues. Under the Privacy Act, all U.S. agencies are prohibited from sharing information containing personal identifiers of U.S. citizens with any foreign government and requires that agencies make full disclosure to all persons  whose rights are thus violated. The Act also creates a cause of action for redress by the federal courts, with a minimum $1,500 damages plus attorney's fees and litigation expenses. Note that the other NSA documents show that NSA is sharing U.S. citizens' information that includes personal identifiers with Israeli intelligence. The NSA has been by another statute excused from compliance with some portions of the Privacy Act but not those discussed above.
Gary Edwards

We Call a Top NSA Whistleblower … And Get the REAL SCOOP on Spying | Washingt... - 0 views

www.washingtonsblog.com/...ope-of-the-spying-program.html

William-Binney NSA-Whistleblower NSA-Patriot-Act NARUS Verint

shared by Gary Edwards on 10 Jun 13 - No Cached
  • Gary Edwards on 10 Jun 13
     
    "NSA whistleblower Thomas Drake corroborated Klein's assertions, testifying that while the NSA is using Israeli-made NARUS hardware to "seize and save all personal electronic communications." ..................... I then asked the NSA veteran Binney if the government's claim that it is only spying on metadata - and not content - was correct. We have extensively documented that the government is likely recording content as well. (And the government has previously admitted to "accidentally" collecting more information on Americans than was legal, and then gagged the judges so they couldn't disclose the nature or extent of the violations.) Binney said that was not true; the government is gathering everything, including content. Binney explained - as he has many times before - that the government is storing everything, and creating a searchable database … to be used whenever it wants, for any purpose it wants (even just going after someone it doesn't like). ..................... Binney said that former FBI counter-terrorism agent Tim Clemente is correct when he says that no digital data is safe (Clemente says that all digital communications are being recorded). Both Verint and Narus were founded in Israel in the 1990s. *** Binney next confirmed the statement of the author of the Patriot Act - Congressman Jim Sensenbrenner - that the NSA spying programs violate the Patriot Act. After all, the Patriot Act is focused on spying on external threats … not on Americans. Binney asked rhetorically: "How can an American court [FISA or otherwise] tell telecoms to cough up all domestic data?!" Update: Binney sent the following clarifying email about content collection: It's clear to me that they are collecting most e-mail in full plus other text type data on the web. As for phone calls, I don't think they would record/transcribe the approximately 3 billion US-to-US calls every day. It's more likely that they are reco
Paul Merrell

The Latest Rules on How Long NSA Can Keep Americans' Encrypted Data Look Too Familiar |... - 0 views

justsecurity.org/...s-hold-encrypted-data-familiar

surveillance state NSA IAA-2015 Sect-309 legislation

shared by Paul Merrell on 26 Jan 15 - No Cached
  • Does the National Security Agency (NSA) have the authority to collect and keep all encrypted Internet traffic for as long as is necessary to decrypt that traffic? That was a question first raised in June 2013, after the minimization procedures governing telephone and Internet records collected under Section 702 of the Foreign Intelligence Surveillance Act were disclosed by Edward Snowden. The issue quickly receded into the background, however, as the world struggled to keep up with the deluge of surveillance disclosures. The Intelligence Authorization Act of 2015, which passed Congress this last December, should bring the question back to the fore. It established retention guidelines for communications collected under Executive Order 12333 and included an exception that allows NSA to keep ‘incidentally’ collected encrypted communications for an indefinite period of time. This creates a massive loophole in the guidelines. NSA’s retention of encrypted communications deserves further consideration today, now that these retention guidelines have been written into law. It has become increasingly clear over the last year that surveillance reform will be driven by technological change—specifically by the growing use of encryption technologies. Therefore, any legislation touching on encryption should receive close scrutiny.
  • Section 309 of the intel authorization bill describes “procedures for the retention of incidentally acquired communications.” It establishes retention guidelines for surveillance programs that are “reasonably anticipated to result in the acquisition of [telephone or electronic communications] to or from a United States person.” Communications to or from a United States person are ‘incidentally’ collected because the U.S. person is not the actual target of the collection. Section 309 states that these incidentally collected communications must be deleted after five years unless they meet a number of exceptions. One of these exceptions is that “the communication is enciphered or reasonably believed to have a secret meaning.” This exception appears to be directly lifted from NSA’s minimization procedures for data collected under Section 702 of FISA, which were declassified in 2013. 
  • While Section 309 specifically applies to collection taking place under E.O. 12333, not FISA, several of the exceptions described in Section 309 closely match exceptions in the FISA minimization procedures. That includes the exception for “enciphered” communications. Those minimization procedures almost certainly served as a model for these retention guidelines and will likely shape how this new language is interpreted by the Executive Branch. Section 309 also asks the heads of each relevant member of the intelligence community to develop procedures to ensure compliance with new retention requirements. I expect those procedures to look a lot like the FISA minimization guidelines.
  • ...6 more annotations...
  • This language is broad, circular, and technically incoherent, so it takes some effort to parse appropriately. When the minimization procedures were disclosed in 2013, this language was interpreted by outside commentators to mean that NSA may keep all encrypted data that has been incidentally collected under Section 702 for at least as long as is necessary to decrypt that data. Is this the correct interpretation? I think so. It is important to realize that the language above isn’t just broad. It seems purposefully broad. The part regarding relevance seems to mirror the rationale NSA has used to justify its bulk phone records collection program. Under that program, all phone records were relevant because some of those records could be valuable to terrorism investigations and (allegedly) it isn’t possible to collect only those valuable records. This is the “to find a needle a haystack, you first have to have the haystack” argument. The same argument could be applied to encrypted data and might be at play here.
  • This exception doesn’t just apply to encrypted data that might be relevant to a current foreign intelligence investigation. It also applies to cases in which the encrypted data is likely to become relevant to a future intelligence requirement. This is some remarkably generous language. It seems one could justify keeping any type of encrypted data under this exception. Upon close reading, it is difficult to avoid the conclusion that these procedures were written carefully to allow NSA to collect and keep a broad category of encrypted data under the rationale that this data might contain the communications of NSA targets and that it might be decrypted in the future. If NSA isn’t doing this today, then whoever wrote these minimization procedures wanted to at least ensure that NSA has the authority to do this tomorrow.
  • There are a few additional observations that are worth making regarding these nominally new retention guidelines and Section 702 collection. First, the concept of incidental collection as it has typically been used makes very little sense when applied to encrypted data. The way that NSA’s Section 702 upstream “about” collection is understood to work is that technology installed on the network does some sort of pattern match on Internet traffic; say that an NSA target uses example@gmail.com to communicate. NSA would then search content of emails for references to example@gmail.com. This could notionally result in a lot of incidental collection of U.S. persons’ communications whenever the email that references example@gmail.com is somehow mixed together with emails that have nothing to do with the target. This type of incidental collection isn’t possible when the data is encrypted because it won’t be possible to search and find example@gmail.com in the body of an email. Instead, example@gmail.com will have been turned into some alternative, indecipherable string of bits on the network. Incidental collection shouldn’t occur because the pattern match can’t occur in the first place. This demonstrates that, when communications are encrypted, it will be much harder for NSA to search Internet traffic for a unique ID associated with a specific target.
  • This lends further credence to the conclusion above: rather than doing targeted collection against specific individuals, NSA is collecting, or plans to collect, a broad class of data that is encrypted. For example, NSA might collect all PGP encrypted emails or all Tor traffic. In those cases, NSA could search Internet traffic for patterns associated with specific types of communications, rather than specific individuals’ communications. This would technically meet the definition of incidental collection because such activity would result in the collection of communications of U.S. persons who aren’t the actual targets of surveillance. Collection of all Tor traffic would entail a lot of this “incidental” collection because the communications of NSA targets would be mixed with the communications of a large number of non-target U.S. persons. However, this “incidental” collection is inconsistent with how the term is typically used, which is to refer to over-collection resulting from targeted surveillance programs. If NSA were collecting all Tor traffic, that activity wouldn’t actually be targeted, and so any resulting over-collection wouldn’t actually be incidental. Moreover, greater use of encryption by the general public would result in an ever-growing amount of this type of incidental collection.
  • This type of collection would also be inconsistent with representations of Section 702 upstream collection that have been made to the public and to Congress. Intelligence officials have repeatedly suggested that search terms used as part of this program have a high degree of specificity. They have also argued that the program is an example of targeted rather than bulk collection. ODNI General Counsel Robert Litt, in a March 2014 meeting before the Privacy and Civil Liberties Oversight Board, stated that “there is either a misconception or a mischaracterization commonly repeated that Section 702 is a form of bulk collection. It is not bulk collection. It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.” The collection of Internet traffic based on patterns associated with types of communications would be bulk collection; more akin to NSA’s collection of phone records en mass than it is to targeted collection focused on specific individuals. Moreover, this type of collection would certainly fall within the definition of bulk collection provided just last week by the National Academy of Sciences: “collection in which a significant portion of the retained data pertains to identifiers that are not targets at the time of collection.”
  • The Section 702 minimization procedures, which will serve as a template for any new retention guidelines established for E.O. 12333 collection, create a large loophole for encrypted communications. With everything from email to Internet browsing to real-time communications moving to encrypted formats, an ever-growing amount of Internet traffic will fall within this loophole.
  • Paul Merrell on 26 Jan 15
     
    Tucked into a budget authorization act in December without press notice. Section 309 (the Act is linked from the article) appears to be very broad authority for the NSA to intercept any form of telephone or other electronic information in bulk. There are far more exceptions from the five-year retention limitation than the encrypted information exception. When reading this, keep in mind that the U.S. intelligence community plays semantic games to obfuscate what it does. One of its word plays is that communications are not "collected" until an analyst looks at or listens to partiuclar data, even though the data will be searched to find information countless times before it becomes "collected." That searching was the major basis for a decision by the U.S. District Court in Washington, D.C. that bulk collection of telephone communications was unconstitutional: Under the Fourth Amendment, a "search" or "seizure" requiring a judicial warrant occurs no later than when the information is intercepted. That case is on appeal, has been briefed and argued, and a decision could come any time now. Similar cases are pending in two other courts of appeals. Also, an important definition from the new Intelligence Authorization Act: "(a) DEFINITIONS.-In this section: (1) COVERED COMMUNICATION.-The term ''covered communication'' means any nonpublic telephone or electronic communication acquired without the consent of a person who is a party to the communication, including communications in electronic storage."       
Paul Merrell

NSA loophole allows warrantless search for US citizens' emails and phone calls | World ... - 0 views

www.theguardian.com/...rrantless-searches-email-calls

surveillance state NSA Wyden FISA-loophole must-read

shared by Paul Merrell on 17 Aug 13 - No Cached
  • The National Security Agency has a secret backdoor into its vast databases under a legal authority enabling it to search for US citizens' email and phone calls without a warrant, according to a top-secret document passed to the Guardian by Edward Snowden.The previously undisclosed rule change allows NSA operatives to hunt for individual Americans' communications using their name or other identifying information. Senator Ron Wyden told the Guardian that the law provides the NSA with a loophole potentially allowing "warrantless searches for the phone calls or emails of law-abiding Americans".The authority, approved in 2011, appears to contrast with repeated assurances from Barack Obama and senior intelligence officials to both Congress and the American public that the privacy of US citizens is protected from the NSA's dragnet surveillance programs.
  • The intelligence data is being gathered under Section 702 of the of the Fisa Amendments Act (FAA), which gives the NSA authority to target without warrant the communications of foreign targets, who must be non-US citizens and outside the US at the point of collection.The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as "incidental collection" in surveillance parlance.But this is the first evidence that the NSA has permission to search those databases for specific US individuals' communications.
  • Wyden, an Oregon Democrat on the Senate intelligence committee, has obliquely warned for months that the NSA's retention of Americans' communications incidentally collected and its ability to search through it has been far more extensive than intelligence officials have stated publicly. Speaking this week, Wyden told the Guardian it amounts to a "backdoor search" through Americans' communications data."Section 702 was intended to give the government new authorities to collect the communications of individuals believed to be foreigners outside the US, but the intelligence community has been unable to tell Congress how many Americans have had their communications swept up in that collection," he said."Once Americans' communications are collected, a gap in the law that I call the 'back-door searches loophole' allows the government to potentially go through these communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans."
  • ...2 more annotations...
  • A secret glossary document provided to operatives in the NSA's Special Source Operations division – which runs the Prism program and large-scale cable intercepts through corporate partnerships with technology companies – details an update to the "minimization" procedures that govern how the agency must handle the communications of US persons. That group is defined as both American citizens and foreigners located in the US."While the FAA 702 minimization procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data," the glossary states, "analysts may NOT/NOT [not repeat not] implement any USP [US persons] queries until an effective oversight process has been developed by NSA and agreed to by DOJ/ODNI [Office of the Director of National Intelligence]."The term "identifiers" is NSA jargon for information relating to an individual, such as telephone number, email address, IP address and username as well as their name.The document – which is undated, though metadata suggests this version was last updated in June 2012 – does not say whether the oversight process it mentions has been established or whether any searches against US person names have taken place.
  • Exclusive: Spy agency has secret backdoor permission to search databases for individual Americans' communications
Paul Merrell

NSA targets the privacy-conscious (Seite 1)| Das Erste - Panorama - Meldungen - 0 views

daserste.ndr.de/...nsa230_page-1.html

surveillance state NSA XKeyscore Tor Tails

shared by Paul Merrell on 04 Jul 14 - No Cached
  • The investigation discloses the following: Two servers in Germany - in Berlin and Nuremberg - are under surveillance by the NSA. Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.  The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".
  • Three authors of this investigation have personal and professional ties to the Tor Project, an American company mentioned within the following investigation.
  • Teil 1: NSA targets the privacy-conscious Teil 2: The Tor Project - anathema to the NSA Teil 3: Servers in Germany targeted Teil 4: Simple web searches are suspicious Teil 5: NSA: In strict accordance with the rule of law
  • ...3 more annotations...
  • von J. Appelbaum, A. Gibson, J. Goetz, V. Kabisch, L. Kampf, L. Ryge The investigation discloses the following: Two servers in Germany - in Berlin and Nuremberg - are under surveillance by the NSA. Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.  The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".
  • Downloads XKeyscore rules Read/download the XKeyscore rules here  | download
  • Yet despite these efforts, one of the servers is targeted by the NSA. The IP address 212.212.245.170 is explicitly specified in the rules of the powerful and invasive spy software program XKeyscore. The code is published here exclusively for the first time. After a year of NSA revelations based on documents that focus on program names and high-level Powerpoint presentations, NDR and WDR are revealing NSA source code that shows how these programs function and how they are implemented in Germany and around the world. Months of investigation by the German public television broadcasters NDR and WDR, drawing on exclusive access to top secret NSA source code, interviews with former NSA employees, and the review of secret documents of the German government reveal that not only is the server in Nuremberg under observation by the NSA, but so is virtually anyone who has taken an interest in several well-known privacy software systems.
1 - 20 of 246 Next › Last »
Showing 20 items per page