Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged Personal-Information

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

A Zombie Bill Comes Back to Life: A Look at The Senate's Cybersecurity Information Shar... - 0 views

www.eff.org/...y-information-sharing-act-2014

surveillance state NSA legislation Cybersecurity Bill Feinstein

shared by Paul Merrell on 12 Jul 14 - No Cached
  • The Senate Intelligence Committee recently introduced the Cybersecurity Information Sharing Act of 2014. It’s the fourth time in four years that Congress has tried to pass "cybersecurity" legislation. Unfortunately, the newest Senate bill is one of the worst yet. Cybersecurity bills aim to facilitate information sharing between companies and the government, but they always seem to come with broad immunity clauses for companies, vague definitions, and aggressive spying powers. Given such calculated violence to users' privacy rights, it’s no surprise that these bills fail every year. What is a surprise is that the bills keep coming back from the dead. Last year, President Obama signed Executive Order 13636 (EO 13636) directing the Department of Homeland Security (DHS) to expand current information sharing programs that are far more privacy protective than anything seen in recent cybersecurity bills. Despite this, members of Congress like Rep. Mike Rogers and Senator Dianne Feinstein keep on introducing bills that would destroy these privacy protections and grant new spying powers to companies.
  • Aside from its redundancy, the Senate's bill grants two new authorities to companies. First, the bill authorizes companies to launch countermeasures for a "cybersecurity purpose" against a "cybersecurity threat." "Cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of the information system. Combined, the two definitions could be read by companies to permit attacks on machines that unwittingly contribute to network congestion. The countermeasures clause will increasingly militarize the Internet—a prospect that may appeal to some "active defense" (aka offensive) cybersecurity companies, but does not favor the everyday user. Second, the bill adds a new authority for companies to monitor information systems to protect an entity's rights or property. Here again, the broad definitions could be used in conjunction with the monitoring clause to spy on users engaged in potentially innocuous activity. Once collected, companies can then share the information, which is also called “cyber threat indicators,” freely with government agencies like the NSA.
  • Such sharing will occur because under this bill, DHS would no longer be the lead agency making decisions about the cybersecurity information received, retained, or shared to companies or within the government. Its new role in the bill mandates DHS send information to agencies like the NSA—"in real-time and simultaneous[ly]." DHS is even barred from "delay[ing]" or "interfer[ing]" with the information, which ensures that DHS's current privacy protections won’t be applied to the information. The provision is ripe for improper and over-expansive information sharing. This leads to a question: What stops your sensitive personal information from being shared by companies to the government? Almost nothing. Companies must only remove personally identifiable information if the information is known to be US person information and not directly related to the threat. Such a willful blindness approach is inappropriate. Further, the bill does not even impose this weak minimization requirement on information shared by, and within, the government (including federal, state, local, and tribal governments) thereby allowing the government to share information containing personally identifiable information. The bill should require deletion of all information not directly related to a threat.
  • ...2 more annotations...
  • Once the information is sent to a government agency, it can use the information for reasons other than for cybersecurity purposes. One clause even allows the information to be used to prosecute violations of the Espionage Act—a World War I era law that was meant to prosecute spies but has been used in recent years primarily to go after journalists’ sources. The provisions grant the government far too much leeway in how to use the information for non-cybersecurity purposes. The public won’t even know what information is being collected, shared, or used because the bill will exempt all of it from disclosure under the Freedom of Information Act.
  • The bill also retains near-blanket immunity for companies to monitor information systems, to share information, and to use countermeasures. The high bar immunizes an incredible amount of activity, including negligent damage to property and may deprive private entities of legal recourse if a computer security contractor is at fault for destruction of property. Existing private rights of action for violations of the Wiretap Act, Stored Communications Act, and the Computer Fraud and Abuse Act would be precluded or at least sharply restricted by the clause. It remains to be seen why such immunity is needed when just a few months ago, the FTC and DOJ noted they would not prosecute companies for sharing such information. It's also unclear because we continue to see companies freely share information among each other and with the government both publicly via published reports and privately.
Paul Merrell

Top-Secret Document Reveals NSA Spied On Porn Habits As Part Of Plan To Discredit 'Radi... - 0 views

www.huffingtonpost.com/...sa-porn-muslims_n_4346128.html

surveillance state NSA NSA-porn COINTELPRO FBI must-read

shared by Paul Merrell on 28 Nov 13 - No Cached
  • WASHINGTON -- The National Security Agency has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches, according to a top-secret NSA document. The document, provided by NSA whistleblower Edward Snowden, identifies six targets, all Muslims, as “exemplars” of how “personal vulnerabilities” can be learned through electronic surveillance, and then exploited to undermine a target's credibility, reputation and authority. The NSA document, dated Oct. 3, 2012, repeatedly refers to the power of charges of hypocrisy to undermine such a messenger. “A previous SIGINT" -- or signals intelligence, the interception of communications -- "assessment report on radicalization indicated that radicalizers appear to be particularly vulnerable in the area of authority when their private and public behaviors are not consistent,” the document argues. Among the vulnerabilities listed by the NSA that can be effectively exploited are “viewing sexually explicit material online” and “using sexually explicit persuasive language when communicating with inexperienced young girls.”
  • The Director of the National Security Agency -- described as "DIRNSA" -- is listed as the "originator" of the document. Beyond the NSA itself, the listed recipients include officials with the Departments of Justice and Commerce and the Drug Enforcement Administration. "Without discussing specific individuals, it should not be surprising that the US Government uses all of the lawful tools at our disposal to impede the efforts of valid terrorist targets who seek to harm the nation and radicalize others to violence," Shawn Turner, director of public affairs for National Intelligence, told The Huffington Post in an email Tuesday. Yet Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said these revelations give rise to serious concerns about abuse. "It's important to remember that the NSA’s surveillance activities are anything but narrowly focused -- the agency is collecting massive amounts of sensitive information about virtually everyone," he said. "Wherever you are, the NSA's databases store information about your political views, your medical history, your intimate relationships and your activities online," he added. "The NSA says this personal information won't be abused, but these documents show that the NSA probably defines 'abuse' very narrowly."
  • None of the six individuals targeted by the NSA is accused in the document of being involved in terror plots. The agency believes they all currently reside outside the United States. It identifies one of them, however, as a "U.S. person," which means he is either a U.S. citizen or a permanent resident. A U.S. person is entitled to greater legal protections against NSA surveillance than foreigners are. Stewart Baker, a one-time general counsel for the NSA and a top Homeland Security official in the Bush administration, said that the idea of using potentially embarrassing information to undermine targets is a sound one. "If people are engaged in trying to recruit folks to kill Americans and we can discredit them, we ought to," said Baker. "On the whole, it's fairer and maybe more humane" than bombing a target, he said, describing the tactic as "dropping the truth on them." Any system can be abused, Baker allowed, but he said fears of the policy drifting to domestic political opponents don't justify rejecting it. "On that ground you could question almost any tactic we use in a war, and at some point you have to say we're counting on our officials to know the difference," he said.
  • ...6 more annotations...
  • In addition to analyzing the content of their internet activities, the NSA also examined the targets' contact lists. The NSA accuses two of the targets of promoting al Qaeda propaganda, but states that surveillance of the three English-speakers’ communications revealed that they have "minimal terrorist contacts." In particular, “only seven (1 percent) of the contacts in the study of the three English-speaking radicalizers were characterized in SIGINT as affiliated with an extremist group or a Pakistani militant group. An earlier communications profile of [one of the targets] reveals that 3 of the 213 distinct individuals he was in contact with between 4 August and 2 November 2010 were known or suspected of being associated with terrorism," the document reads. The document contends that the three Arabic-speaking targets have more contacts with affiliates of extremist groups, but does not suggest they themselves are involved in any terror plots. Instead, the NSA believes the targeted individuals radicalize people through the expression of controversial ideas via YouTube, Facebook and other social media websites. Their audience, both English and Arabic speakers, "includes individuals who do not yet hold extremist views but who are susceptible to the extremist message,” the document states. The NSA says the speeches and writings of the six individuals resonate most in countries including the United Kingdom, Germany, Sweden, Kenya, Pakistan, India and Saudi Arabia.
  • The NSA possesses embarrassing sexually explicit information about at least two of the targets by virtue of electronic surveillance of their online activity. The report states that some of the data was gleaned through FBI surveillance programs carried out under the Foreign Intelligence and Surveillance Act. The document adds, "Information herein is based largely on Sunni extremist communications." It further states that "the SIGINT information is from primary sources with direct access and is generally considered reliable." According to the document, the NSA believes that exploiting electronic surveillance to publicly reveal online sexual activities can make it harder for these “radicalizers” to maintain their credibility. "Focusing on access reveals potential vulnerabilities that could be even more effectively exploited when used in combination with vulnerabilities of character or credibility, or both, of the message in order to shape the perception of the messenger as well as that of his followers," the document argues. An attached appendix lists the "argument" each surveillance target has made that the NSA says constitutes radicalism, as well the personal "vulnerabilities" the agency believes would leave the targets "open to credibility challenges" if exposed.
  • One target's offending argument is that "Non-Muslims are a threat to Islam," and a vulnerability listed against him is "online promiscuity." Another target, a foreign citizen the NSA describes as a "respected academic," holds the offending view that "offensive jihad is justified," and his vulnerabilities are listed as "online promiscuity" and "publishes articles without checking facts." A third targeted radical is described as a "well-known media celebrity" based in the Middle East who argues that "the U.S perpetrated the 9/11 attack." Under vulnerabilities, he is said to lead "a glamorous lifestyle." A fourth target, who argues that "the U.S. brought the 9/11 attacks on itself" is said to be vulnerable to accusations of “deceitful use of funds." The document expresses the hope that revealing damaging information about the individuals could undermine their perceived "devotion to the jihadist cause." The Huffington Post is withholding the names and locations of the six targeted individuals; the allegations made by the NSA about their online activities in this document cannot be verified. The document does not indicate whether the NSA carried out its plan to discredit these six individuals, either by communicating with them privately about the acquired information or leaking it publicly. There is also no discussion in the document of any legal or ethical constraints on exploiting electronic surveillance in this manner.
  • While Baker and others support using surveillance to tarnish the reputation of people the NSA considers "radicalizers," U.S. officials have in the past used similar tactics against civil rights leaders, labor movement activists and others. Under J. Edgar Hoover, the FBI harassed activists and compiled secret files on political leaders, most notably Martin Luther King, Jr. The extent of the FBI's surveillance of political figures is still being revealed to this day, as the bureau releases the long dossiers it compiled on certain people in response to Freedom of Information Act requests following their deaths. The information collected by the FBI often centered on sex -- homosexuality was an ongoing obsession on Hoover's watch -- and information about extramarital affairs was reportedly used to blackmail politicians into fulfilling the bureau's needs. Current FBI Director James Comey recently ordered new FBI agents to visit the Martin Luther King, Jr. Memorial in Washington to understand "the dangers in becoming untethered to oversight and accountability."
  • James Bamford, a journalist who has been covering the NSA since the early 1980s, said the use of surveillance to exploit embarrassing private behavior is precisely what led to past U.S. surveillance scandals. "The NSA's operation is eerily similar to the FBI's operations under J. Edgar Hoover in the 1960s where the bureau used wiretapping to discover vulnerabilities, such as sexual activity, to 'neutralize' their targets," he said. "Back then, the idea was developed by the longest serving FBI chief in U.S. history, today it was suggested by the longest serving NSA chief in U.S. history." That controversy, Bamford said, also involved the NSA. "And back then, the NSA was also used to do the eavesdropping on King and others through its Operation Minaret. A later review declared the NSA’s program 'disreputable if not outright illegal,'" he said. Baker said that until there is evidence the tactic is being abused, the NSA should be trusted to use its discretion. "The abuses that involved Martin Luther King occurred before Edward Snowden was born," he said. "I think we can describe them as historical rather than current scandals. Before I say, 'Yeah, we've gotta worry about that,' I'd like to see evidence of that happening, or is even contemplated today, and I don't see it."
  • Jaffer, however, warned that the lessons of history ought to compel serious concern that a "president will ask the NSA to use the fruits of surveillance to discredit a political opponent, journalist or human rights activist." "The NSA has used its power that way in the past and it would be naïve to think it couldn't use its power that way in the future," he said.
  • Paul Merrell on 28 Nov 13
     
    By Glenn Greenwald, Ryan Gallagher, and Ryan Grim, 26 November 2013. I will annotate later. But this is by far the most important NSA disclosure from Edward Snowden's leaked documents thus far. A report originated by Gen. Alexander himself revealing COINTELPRO like activities aimed at destroying the reputations of non-terrorist "radicalizers," including one "U.S. person." This is exactly the kind of repressive activity that the civil libertarians among us warn about. 
  • Paul Merrell on 28 Nov 13
     
    By Glenn Greenwald, Ryan Gallagher, and Ryan Grim, 26 November 2013. I will annotate later. But this is by far the most important NSA disclosure from Edward Snowden's leaked documents thus far. A report originated by Gen. Alexander himself revealing COINTELPRO like activities aimed at destroying the reputations of non-terrorist "radicalizers," including one "U.S. person." This is exactly the kind of repressive activity that the civil libertarians among us warn about. 
Paul Merrell

CURIA - Documents - 0 views

curia.europa.eu/...document.jsf

surveillance state EU Court-of-Justice data-retention data privacy

shared by Paul Merrell on 19 Jul 14 - No Cached
  • 37      It must be stated that the interference caused by Directive 2006/24 with the fundamental rights laid down in Articles 7 and 8 of the Charter is, as the Advocate General has also pointed out, in particular, in paragraphs 77 and 80 of his Opinion, wide-ranging, and it must be considered to be particularly serious. Furthermore, as the Advocate General has pointed out in paragraphs 52 and 72 of his Opinion, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the minds of the persons concerned the feeling that their private lives are the subject of constant surveillance.
  • 43      In this respect, it is apparent from recital 7 in the preamble to Directive 2006/24 that, because of the significant growth in the possibilities afforded by electronic communications, the Justice and Home Affairs Council of 19 December 2002 concluded that data relating to the use of electronic communications are particularly important and therefore a valuable tool in the prevention of offences and the fight against crime, in particular organised crime. 44      It must therefore be held that the retention of data for the purpose of allowing the competent national authorities to have possible access to those data, as required by Directive 2006/24, genuinely satisfies an objective of general interest.45      In those circumstances, it is necessary to verify the proportionality of the interference found to exist.46      In that regard, according to the settled case-law of the Court, the principle of proportionality requires that acts of the EU institutions be appropriate for attaining the legitimate objectives pursued by the legislation at issue and do not exceed the limits of what is appropriate and necessary in order to achieve those objectives (see, to that effect, Case C‑343/09 Afton Chemical EU:C:2010:419, paragraph 45; Volker und Markus Schecke and Eifert EU:C:2010:662, paragraph 74; Cases C‑581/10 and C‑629/10 Nelson and Others EU:C:2012:657, paragraph 71; Case C‑283/11 Sky Österreich EU:C:2013:28, paragraph 50; and Case C‑101/12 Schaible EU:C:2013:661, paragraph 29).
  • 67      Article 7 of Directive 2006/24, read in conjunction with Article 4(1) of Directive 2002/58 and the second subparagraph of Article 17(1) of Directive 95/46, does not ensure that a particularly high level of protection and security is applied by those providers by means of technical and organisational measures, but permits those providers in particular to have regard to economic considerations when determining the level of security which they apply, as regards the costs of implementing security measures. In particular, Directive 2006/24 does not ensure the irreversible destruction of the data at the end of the data retention period.68      In the second place, it should be added that that directive does not require the data in question to be retained within the European Union, with the result that it cannot be held that the control, explicitly required by Article 8(3) of the Charter, by an independent authority of compliance with the requirements of protection and security, as referred to in the two previous paragraphs, is fully ensured. Such a control, carried out on the basis of EU law, is an essential component of the protection of individuals with regard to the processing of personal data (see, to that effect, Case C‑614/10 Commission v Austria EU:C:2012:631, paragraph 37).69      Having regard to all the foregoing considerations, it must be held that, by adopting Directive 2006/24, the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter.
  • ...13 more annotations...
  • 58      Directive 2006/24 affects, in a comprehensive manner, all persons using electronic communications services, but without the persons whose data are retained being, even indirectly, in a situation which is liable to give rise to criminal prosecutions. It therefore applies even to persons for whom there is no evidence capable of suggesting that their conduct might have a link, even an indirect or remote one, with serious crime. Furthermore, it does not provide for any exception, with the result that it applies even to persons whose communications are subject, according to rules of national law, to the obligation of professional secrecy. 59      Moreover, whilst seeking to contribute to the fight against serious crime, Directive 2006/24 does not require any relationship between the data whose retention is provided for and a threat to public security and, in particular, it is not restricted to a retention in relation (i) to data pertaining to a particular time period and/or a particular geographical zone and/or to a circle of particular persons likely to be involved, in one way or another, in a serious crime, or (ii) to persons who could, for other reasons, contribute, by the retention of their data, to the prevention, detection or prosecution of serious offences.
  • 1        These requests for a preliminary ruling concern the validity of Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (OJ 2006 L 105, p. 54).
  • Digital Rights Ireland Ltd (C‑293/12)vMinister for Communications, Marine and Natural Resources,Minister for Justice, Equality and Law Reform,Commissioner of the Garda Síochána,Ireland,The Attorney General,intervener:Irish Human Rights Commission, andKärntner Landesregierung (C‑594/12),Michael Seitlinger,Christof Tschohl and others,
  • JUDGMENT OF THE COURT (Grand Chamber)8 April 2014 (*)(Electronic communications — Directive 2006/24/EC — Publicly available electronic communications services or public communications networks services — Retention of data generated or processed in connection with the provision of such services — Validity — Articles 7, 8 and 11 of the Charter of Fundamental Rights of the European Union)In Joined Cases C‑293/12 and C‑594/12,
  • 34      As a result, the obligation imposed by Articles 3 and 6 of Directive 2006/24 on providers of publicly available electronic communications services or of public communications networks to retain, for a certain period, data relating to a person’s private life and to his communications, such as those referred to in Article 5 of the directive, constitutes in itself an interference with the rights guaranteed by Article 7 of the Charter. 35      Furthermore, the access of the competent national authorities to the data constitutes a further interference with that fundamental right (see, as regards Article 8 of the ECHR, Eur. Court H.R., Leander v. Sweden, 26 March 1987, § 48, Series A no 116; Rotaru v. Romania [GC], no. 28341/95, § 46, ECHR 2000-V; and Weber and Saravia v. Germany (dec.), no. 54934/00, § 79, ECHR 2006-XI). Accordingly, Articles 4 and 8 of Directive 2006/24 laying down rules relating to the access of the competent national authorities to the data also constitute an interference with the rights guaranteed by Article 7 of the Charter. 36      Likewise, Directive 2006/24 constitutes an interference with the fundamental right to the protection of personal data guaranteed by Article 8 of the Charter because it provides for the processing of personal data.
  • 65      It follows from the above that Directive 2006/24 does not lay down clear and precise rules governing the extent of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter. It must therefore be held that Directive 2006/24 entails a wide-ranging and particularly serious interference with those fundamental rights in the legal order of the EU, without such an interference being precisely circumscribed by provisions to ensure that it is actually limited to what is strictly necessary.66      Moreover, as far as concerns the rules relating to the security and protection of data retained by providers of publicly available electronic communications services or of public communications networks, it must be held that Directive 2006/24 does not provide for sufficient safeguards, as required by Article 8 of the Charter, to ensure effective protection of the data retained against the risk of abuse and against any unlawful access and use of that data. In the first place, Article 7 of Directive 2006/24 does not lay down rules which are specific and adapted to (i) the vast quantity of data whose retention is required by that directive, (ii) the sensitive nature of that data and (iii) the risk of unlawful access to that data, rules which would serve, in particular, to govern the protection and security of the data in question in a clear and strict manner in order to ensure their full integrity and confidentiality. Furthermore, a specific obligation on Member States to establish such rules has also not been laid down.
  • 60      Secondly, not only is there a general absence of limits in Directive 2006/24 but Directive 2006/24 also fails to lay down any objective criterion by which to determine the limits of the access of the competent national authorities to the data and their subsequent use for the purposes of prevention, detection or criminal prosecutions concerning offences that, in view of the extent and seriousness of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter, may be considered to be sufficiently serious to justify such an interference. On the contrary, Directive 2006/24 simply refers, in Article 1(1), in a general manner to serious crime, as defined by each Member State in its national law.61      Furthermore, Directive 2006/24 does not contain substantive and procedural conditions relating to the access of the competent national authorities to the data and to their subsequent use. Article 4 of the directive, which governs the access of those authorities to the data retained, does not expressly provide that that access and the subsequent use of the data in question must be strictly restricted to the purpose of preventing and detecting precisely defined serious offences or of conducting criminal prosecutions relating thereto; it merely provides that each Member State is to define the procedures to be followed and the conditions to be fulfilled in order to gain access to the retained data in accordance with necessity and proportionality requirements.
  • 55      The need for such safeguards is all the greater where, as laid down in Directive 2006/24, personal data are subjected to automatic processing and where there is a significant risk of unlawful access to those data (see, by analogy, as regards Article 8 of the ECHR, S. and Marper v. the United Kingdom, § 103, and M. K. v. France, 18 April 2013, no. 19522/09, § 35).56      As for the question of whether the interference caused by Directive 2006/24 is limited to what is strictly necessary, it should be observed that, in accordance with Article 3 read in conjunction with Article 5(1) of that directive, the directive requires the retention of all traffic data concerning fixed telephony, mobile telephony, Internet access, Internet e-mail and Internet telephony. It therefore applies to all means of electronic communication, the use of which is very widespread and of growing importance in people’s everyday lives. Furthermore, in accordance with Article 3 of Directive 2006/24, the directive covers all subscribers and registered users. It therefore entails an interference with the fundamental rights of practically the entire European population. 57      In this respect, it must be noted, first, that Directive 2006/24 covers, in a generalised manner, all persons and all means of electronic communication as well as all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime.
  • 62      In particular, Directive 2006/24 does not lay down any objective criterion by which the number of persons authorised to access and subsequently use the data retained is limited to what is strictly necessary in the light of the objective pursued. Above all, the access by the competent national authorities to the data retained is not made dependent on a prior review carried out by a court or by an independent administrative body whose decision seeks to limit access to the data and their use to what is strictly necessary for the purpose of attaining the objective pursued and which intervenes following a reasoned request of those authorities submitted within the framework of procedures of prevention, detection or criminal prosecutions. Nor does it lay down a specific obligation on Member States designed to establish such limits. 63      Thirdly, so far as concerns the data retention period, Article 6 of Directive 2006/24 requires that those data be retained for a period of at least six months, without any distinction being made between the categories of data set out in Article 5 of that directive on the basis of their possible usefulness for the purposes of the objective pursued or according to the persons concerned.64      Furthermore, that period is set at between a minimum of 6 months and a maximum of 24 months, but it is not stated that the determination of the period of retention must be based on objective criteria in order to ensure that it is limited to what is strictly necessary.
  • 52      So far as concerns the right to respect for private life, the protection of that fundamental right requires, according to the Court’s settled case-law, in any event, that derogations and limitations in relation to the protection of personal data must apply only in so far as is strictly necessary (Case C‑473/12 IPI EU:C:2013:715, paragraph 39 and the case-law cited).53      In that regard, it should be noted that the protection of personal data resulting from the explicit obligation laid down in Article 8(1) of the Charter is especially important for the right to respect for private life enshrined in Article 7 of the Charter.54      Consequently, the EU legislation in question must lay down clear and precise rules governing the scope and application of the measure in question and imposing minimum safeguards so that the persons whose data have been retained have sufficient guarantees to effectively protect their personal data against the risk of abuse and against any unlawful access and use of that data (see, by analogy, as regards Article 8 of the ECHR, Eur. Court H.R., Liberty and Others v. the United Kingdom, 1 July 2008, no. 58243/00, § 62 and 63; Rotaru v. Romania, § 57 to 59, and S. and Marper v. the United Kingdom, § 99).
  • 26      In that regard, it should be observed that the data which providers of publicly available electronic communications services or of public communications networks must retain, pursuant to Articles 3 and 5 of Directive 2006/24, include data necessary to trace and identify the source of a communication and its destination, to identify the date, time, duration and type of a communication, to identify users’ communication equipment, and to identify the location of mobile communication equipment, data which consist, inter alia, of the name and address of the subscriber or registered user, the calling telephone number, the number called and an IP address for Internet services. Those data make it possible, in particular, to know the identity of the person with whom a subscriber or registered user has communicated and by what means, and to identify the time of the communication as well as the place from which that communication took place. They also make it possible to know the frequency of the communications of the subscriber or registered user with certain persons during a given period. 27      Those data, taken as a whole, may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them.
  • 32      By requiring the retention of the data listed in Article 5(1) of Directive 2006/24 and by allowing the competent national authorities to access those data, Directive 2006/24, as the Advocate General has pointed out, in particular, in paragraphs 39 and 40 of his Opinion, derogates from the system of protection of the right to privacy established by Directives 95/46 and 2002/58 with regard to the processing of personal data in the electronic communications sector, directives which provided for the confidentiality of communications and of traffic data as well as the obligation to erase or make those data anonymous where they are no longer needed for the purpose of the transmission of a communication, unless they are necessary for billing purposes and only for as long as so necessary.
  • On those grounds, the Court (Grand Chamber) hereby rules:Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC is invalid.
  • Paul Merrell on 19 Jul 14
     
    EU Court of Justice decision in regard to a Directive that required communications data retention by telcos/ISPs, finding the Directive invalid as a violation of the right of privacy in communications. Fairly read, paragraph 59 outlaws bulk collection of such records, i.e., it requires the equivalent of a judge-issued search warrant in the U.S. based on probable cause to believe that the particular individual's communications are a legitimate object of a search.  Note also that paragraph 67 effectively forbids transfer of any retained data outside the E.U. So a barrier for NSA sharing of data with GCHQ derived from communications NSA collects from EU communications traffic. Bye-bye, Big Data for GCHQ in the E.U. 
Gary Edwards

'Clinton death list': 33 spine-tingling cases - 0 views

www.wnd.com/...-list-33-most-intriguing-cases

Clinton-Body-Count

shared by Gary Edwards on 05 Feb 17 - No Cached
  • Gary Edwards on 05 Feb 17
     
    "(Editor's note: This list was originally published in August 2016 and has gone viral on the web. WND is running it again as American voters cast their ballots for the nation's next president on Election Day.) How many people do you personally know who have died mysteriously? How about in plane crashes or car wrecks? Bizarre suicides? People beaten to death or murdered in a hail of bullets? And what about violent freak accidents - like separate mountain biking and skiing collisions in Aspen, Colorado? Or barbells crushing a person's throat? Bill and Hillary Clinton attend a funeral Apparently, if you're Bill or Hillary Clinton, the answer to that question is at least 33 - and possibly many more. Talk-radio star Rush Limbaugh addressed the issue of the "Clinton body count" during an August show. "I swear, I could swear I saw these stories back in 1992, back in 1993, 1994," Limbaugh said. He cited a report from Rachel Alexander at Townhall.com titled, "Clinton body count or left-wing conspiracy? Three with ties to DNC mysteriously die." Limbaugh said he recalled Ted Koppel, then-anchor of ABC News' "Nightline," routinely having discussions on the issue following the July 20, 1993, death of White House Deputy Counsel Vince Foster. In fact, Limbaugh said, he appeared on Koppel's show. "One of the things I said was, 'Who knows what happened here? But let me ask you a question.' I said, 'Ted, how many people do you know in your life who've been murdered? Ted, how many people do you know in your life that have died under suspicious circumstances?' "Of course, the answer is zilch, zero, nada, none, very few," Limbaugh chuckled. "Ask the Clintons that question. And it's a significant number. It's a lot of people that they know who have died, who've been murdered. "And the same question here from Rachel Alexander. It's amazing the cycle that exists with the Clintons. [Citing Townhall]: 'What it
Paul Merrell

Disclosing Classified Info to the Press - With Permission | - 0 views

fas.org/...authorized-disclosure

surveillance state NSA authorized-disclosures

shared by Paul Merrell on 05 Jan 17 - No Cached
  • Intelligence officials disclosed classified information to members of the press on at least three occasions in 2013, according to a National Security Agency report to Congress that was released last week under the Freedom of Information Act. See Congressional Notification — Authorized Disclosures of Classified Information to Media Personnel, NSA memorandum to the staff director, House Permanent Select Committee on Intelligence, December 13, 2013. The specific information that NSA gave to the unnamed reporters was not declassified. But the disclosures were not “leaks,” or unauthorized disclosures. They were, instead, authorized disclosures. For their part, the reporters agreed not to disseminate the information further. “Noteworthy among the classified topics disclosed were NSA’s use of metadata to locate terrorists, the techniques we use and the processes we follow to assist in locating hostages, [several words deleted] overseas support to the warfighter and U.S. allies in war zones, and NSA support to overall USG efforts to mitigate cyber threats. The [deleted] personnel executed non-disclosure agreements that covered all classified discussions.” In one case, “classified information was disclosed in order to correct inaccurate understandings held by the reporter about the nature and circumstances of [deleted].” On another occasion, “classified information was disclosed in an effort to limit or avoid reporting that could lead to the loss of the capability [deleted].”
  • In all three cases, “the decision to disclose classified information was made in consultation with the Director of National Intelligence pursuant to Executive Order 13526, and in each case the information disclosed remains properly classified.” This seems like a generous interpretation of the Executive Order, which does not mention disclosures to the press at all. It does say, in section 4.2(b) that “In an emergency, when necessary to respond to an imminent threat to life or in defense of the homeland, the agency head or any designee may authorize the disclosure of classified information […] to an individual or individuals who are otherwise not eligible for access.” In an emergency, then, but not just “to correct inaccurate understandings.” Still, the report accurately reflects the true instrumental nature of the classification system. That is, the protection of classified information under all circumstances is not a paramount goal. National security secrecy is a tool to be used if it advances the national interest (and is consistent with law and policy) and to be set aside when it does not. So hypocrisy in the handling of classified information is not an issue here. The concern, rather, is that the power of selective disclosure of classified material can be easily abused to manage and to manipulate public perceptions. The congressional requirement to report on authorized disclosures of classified information to the press may help to mitigate that danger.
  • Paul Merrell on 05 Jan 17
     
    This would set up an interesting Freedom of Information Act case aimed at resolving the issue whether the "authorized" disclosures established a waiver of the FOIA exemption for national security information. A waiver, viewed most simplistically, is any conduct that is inconsistent with later assertion of a right. Deliberate disclosure to anyone who lacks a national security clearance would seem to be inconsistent with later assertion of the exemption. That the purpose of the disclosures was to adjust the attitudes of press members seems a very poor justification in that it establishes particular reporters as a class of persons entitled to more disclosure than other members of the public. Yet the Supreme Court has held time and again that journalists have no more right to access government information than any other member of the public. So there is a strong argument that everyone should be entitled to the same disclosures.
Paul Merrell

NSA Whistleblower: Snowden Never Had Access to the "Juiciest" Intelligence Documents | ... - 0 views

www.globalresearch.ca/...5386231

surveillance state NSA Snowden-documents NSA-domestic-surveillance Tice must-read

shared by Paul Merrell on 11 Jun 14 - No Cached
  • NSA whistleblower Russel Tice was a key source in the 2005 New York Times report that blew the lid off the Bush administration’s use of warrantless wiretapping. Tice told PBS and other media that the NSA is spying on – and blackmailing – top government officials and military officers, including Supreme Court Justices, highly-ranked generals, Colin Powell and other State Department personnel, and many other top officials:
  • He says the NSA started spying on President Obama when he was a candidate for Senate:
  • Many of Tice’s allegations have been confirmed by other government whistleblowers. And see this. Washington’s Blog called Tice to find out more about what he saw when he was at NSA.
  • ...8 more annotations...
  • NSA Has Hidden Its Most Radical Surveillance Operations … Even from People Like Snowden Who Had General “Code Word” Clearance WASHINGTON’S BLOG: Glenn Greenwald – supposedly, in the next couple of days or weeks – is going to disclose, based on NSA documents leaked by Snowden, that the NSA is spying on all sorts of normal Americans … and that the spying is really to crush dissent.  [Background here, here and here.] Does Snowden even have documents which contain the information which you’ve seen? RUSSELL TICE:  The answer is no. WASHINGTON’S BLOG: So you saw handwritten notes. And what Snowden was seeing were electronic files …?
  • RUSSELL TICE: Think of it this way.  Remember I told you about the NSA doing everything they could to make sure that the information from 40 years ago – from spying on Frank Church and Lord knows how many other Congressman that they were spying on – was hidden? Now do you think they’re going to put that information into Powerpoint slides that are easy to explain to everybody what they’re doing? They would not even put their own NSA designators on the reports [so that no one would know that] it came from the NSA.  They made the reports look like they were Humint (human intelligence) reports.  They did it to hide the fact that they were NSA and they were doing the collection. That’s 40 years ago.  [The NSA and other agencies are still doing "parallel construction", "laundering" information to hide the fact that the information is actually from mass NSA surveillance.] Now, what NSA is doing right now is that they’re taking the information and they’re putting it in a much higher security level.  It’s called “ECI” - Exceptionally Controlled Information  – and it’s called the black program … which I was a specialist in, by the way. I specialized in black world – DOD and IC (Intelligence Community) – programs, operations and missions … in “VRKs”, “ECIs”, and “SAPs”, “STOs”. SAP equals Special Access Program. It’s highly unlikely Mr. Snowden had any access to these. STO equals Special Technical Operations  It’s highly unlikely Mr. Snowden had any access to these.
  • Now in that world – the ECI/VRK world – everything in that system is classified at a higher level and it has its own computer systems that house it.  It’s totally separate than the system which Mr. Snowden was privy to, which was called the “JWICS”: Joint Worldwide Intelligence Communications System.  The JWICS system is what everybody at NSA has access to.  Mr Snowden had Sys Admin [systems administrator] authority for the JWICS. And you still have to have TS/SCI clearance [i.e. Top Secret/ Sensitive Compartmented Information - also known as “code word” - clearance] to get on the JWICS. But the ECI/VRK systems are much higher [levels of special compartmentalized clearance] than the JWICS. And you have to be in the black world to get that [clearance]. ECI = Exceptionally Controlled Information. I do not believe Mr. Snowden had any access to these ECI controlled networks). VRK = Very Restricted Knowledge. I do not believe Mr. Snowden had any access to these VRK controlled networks. These programs typically have, at the least, a requirement of 100 year or until death, ’till the person first being “read in” [i.e. sworn to secrecy as part of access to the higher classification program] can talk about them.  [As an interesting sidenote, the Washington Times reported in 2006 that – when Tice offered to testify to Congress about this illegal spying – he was informed by the NSA that the Senate and House intelligence committees were not cleared to hear such information.]
  • It’s very compartmentalized and – even with stuff that they had – you might have something at NSA, that there’s literally 40 people at NSA that know that it’s going on in the entire agency. When the stuff came out in the New York Times [the first big spying story, which broke in 2005] – and I was a source of information for the New York Times –   that’s when President Bush made up that nonsense about the “terrorist surveillance program.” By the way, that never existed. That was made up. There was no such thing beforehand. It was made up … to try to placate the American people. The NSA IG (Inspector General) – who was not cleared for this – all of a sudden is told he has to do an investigation on this; something he has no information or knowledge of. So what they did, is they took a few documents and they downgraded [he classification level of the documents] – just a few – and gave them to them to placate this basic whitewash investigation.
  • Snowden’s Failure To Understand the Most Important Documents RUSSELL TICE: Now, if Mr. Snowden were to find the crossover, it would be those documents that were downgraded to the NSA’s IG. The stuff that I saw looked like a bunch of alphanumeric gobbledygook.  Unless you have an analyst to know what to look for – and believe me, I think that what Snowden’s done is great – he’s not an intelligence analyst.  So he would see something like that, and he wouldn’t know what he’s looking at. But that would be “the jewels”. And the key is, you wouldn’t know it’s the jewels unless you were a diamond miner and you knew what to look for. Because otherwise, there’s a big lump of rock and you don’t know there’s a diamond in there. I worked special programs. And the way I found out is that I was working on a special operation, and I needed information from NSA … from another unit. And when I went to that unit and I said “I need this information”, and I dealt with [satellite spy operations], and I did that in the black world. I was a special operations officer. I would literally go do special missions that were in the black world where I would travel overseas and do spooky stuff.
  • Cheney Was Running the Show WASHINGTON’S BLOG: You said in one of your interviews that Dick Cheney ordered the intercepts that you found in the burn bags [the bags of documents which were slated to be destroyed because they were so sensitive]. Is that right … and if so, how do you know that? RUSSELL TICE: I did not know one way or the other until I talked to a very senior person at NSA who – much later – wanted to have a meeting with me. And we had a covert, clandestine style meeting. And that’s when this individual told me that the whole thing was being directed and was coming from the vice president’s office … Cheney, through his lawyer David Addington. WASHINGTON’S BLOG:  It sounds like it wasn’t going through normal routes?  It’s not like Cheney or Addington made formal requests to the NSA … through normal means? RUSSELL TICE: No, not normal at all. All on the sly … all “sneaky pete” under the table, in the evening when most NSA employees are gone for the day. This is all being done in the evenings … between like 7 [at night] and midnight.
  • NSA Is Spying On CONTENT as Well as Metadata WASHINGTON’S BLOG: And from what you and others have said, it’s content as well as metadata? RUSSELL TICE: Of course it is. Of course. [Background. But see this.] NSA Spying On Journalists, Congress, Admirals, Lawyers … RUSSELL TICE: In 2009, I told [reporters] that they were going after journalists and news organizations and reporters and such. I never read text of Congressman’s conversations. What I had was information – sometimes hand-written – of phone numbers of Congressmen, their wives, their children, their staffers, their home numbers, their cellphone numbers, their phone numbers of their residence back in Oregon or whatever state they’re from, and their little offices back in their state. Or an Admiral and his wife, and his kids and his staffers …
  • The main thing I saw more than anything else were lawyers and law firms. I saw more lawyers or law firms being wiretapped than anything else. These are the phone numbers I saw written. And then I would see those numbers incorporated into those lists with the columns of information about the phone number, and the serial number and the banks of recorders and digital converters and the data storage devices. I could see handwritten phone numbers and notes, sometimes with names, sometimes not.
  • Paul Merrell on 11 Jun 14
     
    Whistleblower Russell Tice says that there are super-classified domestic surveillance records that Edward Snowden, Congressional oversight committees, and the NSA Inspector-General did not have access to. Must-read.
Paul Merrell

WASHINGTON: Americans' personal data shared with CIA, IRS, others in security probe | N... - 0 views

www.mcclatchydc.com/...cans-personal-data-shared.html

surveillance state 1st Amendment Privacy-Act book-purchases

shared by Paul Merrell on 17 Nov 13 - No Cached
  • WASHINGTON — U.S. agencies collected and shared the personal information of thousands of Americans in an attempt to root out untrustworthy federal workers that ended up scrutinizing people who had no direct ties to the U.S. government and simply had purchased certain books.Federal officials gathered the information from the customer records of two men who were under criminal investigation for purportedly teaching people how to pass lie detector tests. The officials then distributed a list of 4,904 people – along with many of their Social Security numbers, addresses and professions – to nearly 30 federal agencies, including the Internal Revenue Service, the CIA, the National Security Agency and the Food and Drug Administration.
  • The unprecedented creation of such a list and decision to disseminate it widely demonstrate the ease with which the federal government can collect and share Americans’ personal information, even when there’s no clear reason for doing so. The case comes to light amid revelations that the NSA, in an effort to track foreign terrorists, has for years been stockpiling the data of the daily telephone and Internet communications of tens of millions of ordinary Americans. Though nowhere near as massive as the NSA programs, the polygraph inquiry is another example of the federal government’s vast appetite for Americans’ personal information and the sweeping legal authority it wields in the name of national security. “This is increasingly happening – data is being collected by the federal government for one use and then being entirely repurposed for other uses and shared,” said Fred Cate, an Indiana University-Bloomington law professor who specializes in information privacy and national security. “Yet there is no constitutional protection for sharing data within the government.”
  • While the collection of the information likely passes constitutional muster, the federal agencies involved may have violated their own privacy policies by sharing the personal information of people who aren’t government employees, several legal experts agreed.
  • Paul Merrell on 17 Nov 13
     
    The inter-agency sharing of information described in this article sounds like a straightforward violation of several different sections of the federal Privacy Act. That Act places severe restrictions on inter-agency sharing of information that includes personal identifiers of members of the public, including the requirement of notifying the victims when a violation is discovered. The Act also provides a private right of action for anyone whose rights under the Act are violated with a statutory minimum damages award of $1,500 plus attorney fees and expenses of litigation.   
Paul Merrell

Angry Birds and 'leaky' phone apps targeted by NSA and GCHQ for user data | World news ... - 0 views

www.theguardian.com/...-app-angry-birds-personal-data

surveillance state NSA mobile-app-data-intercept must-read NSA-targets

shared by Paul Merrell on 29 Jan 14 - No Cached
  • The National Security Agency and its UK counterpart GCHQ have been developing capabilities to take advantage of "leaky" smartphone apps, such as the wildly popular Angry Birds game, that transmit users' private information across the internet, according to top secret documents.The data pouring onto communication networks from the new generation of iPhone and Android apps ranges from phone model and screen size to personal details such as age, gender and location. Some apps, the documents state, can share users' most sensitive information such as sexual orientation – and one app recorded in the material even sends specific sexual preferences such as whether or not the user may be a swinger.Many smartphone owners will be unaware of the full extent this information is being shared across the internet, and even the most sophisticated would be unlikely to realise that all of it is available for the spy agencies to collect
  • Dozens of classified documents, provided to the Guardian by whistleblower Edward Snowden and reported in partnership with the New York Times and ProPublica, detail the NSA and GCHQ efforts to piggyback on this commercial data collection for their own purposes.Scooping up information the apps are sending about their users allows the agencies to collect large quantities of mobile phone data from their existing mass surveillance tools – such as cable taps, or from international mobile networks – rather than solely from hacking into individual mobile handsets. Exploiting phone information and location is a high-priority effort for the intelligence agencies, as terrorists and other intelligence targets make substantial use of phones in planning and carrying out their activities, for example by using phones as triggering devices in conflict zones. The NSA has cumulatively spent more than $1bn in its phone targeting efforts.The disclosures also reveal how much the shift towards smartphone browsing could benefit spy agencies' collection efforts.
  • Depending on what profile information a user had supplied, the documents suggested, the agency would be able to collect almost every key detail of a user's life: including home country, current location (through geolocation), age, gender, zip code, marital status – options included "single", "married", "divorced", "swinger" and more – income, ethnicity, sexual orientation, education level, and number of children.The agencies also made use of their mobile interception capabilities to collect location information in bulk, from Google and other mapping apps. One basic effort by GCHQ and the NSA was to build a database geolocating every mobile phone mast in the world – meaning that just by taking tower ID from a handset, location information could be gleaned.A more sophisticated effort, though, relied on intercepting Google Maps queries made on smartphones, and using them to collect large volumes of location information.So successful was this effort that one 2008 document noted that "[i]t effectively means that anyone using Google Maps on a smartphone is working in support of a GCHQ system."
  • ...3 more annotations...
  • One slide from a May 2010 NSA presentation on getting data from smartphones – breathlessly titled "Golden Nugget!" – sets out the agency's "perfect scenario": "Target uploading photo to a social media site taken with a mobile device. What can we get?"The question is answered in the notes to the slide: from that event alone, the agency said it could obtain a "possible image", email selector, phone, buddy lists, and "a host of other social working data as well as location".
  • The latest disclosures could also add to mounting public concern about how the technology sector collects and uses information, especially for those outside the US, who enjoy fewer privacy protections than Americans. A January poll for the Washington Post showed 69% of US adults were already concerned about how tech companies such as Google used and stored their information.The documents do not make it clear how much of the information that can be taken from apps is routinely collected, stored or searched, nor how many users may be affected. The NSA says it does not target Americans and its capabilities are deployed only against "valid foreign intelligence targets".The documents do set out in great detail exactly how much information can be collected from widely popular apps. One document held on GCHQ's internal Wikipedia-style guide for staff details what can be collected from different apps. Though it uses Android apps for most of its examples, it suggests much of the same data could be taken from equivalent apps on iPhone or other platforms.The GCHQ documents set out examples of what information can be extracted from different ad platforms, using perhaps the most popular mobile phone game of all time, Angry Birds – which has reportedly been downloaded more than 1.7bn times – as a case study.
  • Other apps choose to transmit much more data, meaning the agency could potentially net far more. One mobile ad platform, Millennial Media, appeared to offer particularly rich information. Millennial Media's website states it has partnered with Rovio on a special edition of Angry Birds; with Farmville maker Zynga; with Call of Duty developer Activision, and many other major franchises.
  • Paul Merrell on 29 Jan 14
     
    Don't miss the linked companion articles at New York Times and ProPublica. 
Paul Merrell

FBI, CIA Use Backdoor Searches To Warrentlessly Spy On Americans' Communications | Tech... - 0 views

www.techdirt.com/...ications-without-warrant.shtml

surveillance state NSA CIA FBI Wyden NSA-backdoors PCLOB

shared by Paul Merrell on 01 Jul 14 - No Cached
  • The other shoe just dropped when it comes to how the federal government illegally spies on Americans. Last summer, the details of the NSA's "backdoor searches" were revealed. This involved big collections of content and metadata (so, no, not "just metadata" as meaningless as that phrase is) that were collected under Section 702 of the FISA Amendments Act (FAA). This is part of the program that the infamous PRISM effort operates under, and which allows the NSA to collect all sorts of content, including communications to, from or about a "target" -- where a "target" can be incredibly loosely defined (i.e., it can include groups or machines or just about anything). The "backdoor searches" were a special loophole added in 2011 allowing the NSA to make use of "US person names and identifiers as query terms." In the past, it had been limited (as per the NSA's mandate) to only non-US persons.
  • This morning, James Clapper finally responded to a request from Senator Ron Wyden concerning the number of such backdoor searches using US identifiers that were done by various government agencies. And, surprisingly, it's redaction free. The big reveal is... that it's not just the NSA doing these searches, but the CIA and FBI as well. This is especially concerning with regards to the FBI. This means that the FBI, who does surveillance on Americans, is spying on Americans communications that were collected by the NSA and that they're doing so without anything resembling a warrant. Oh, and let's make this even worse: the FBI isn't even tracking how often it does this. It's just doing it willy nilly:
  • Got that? Basically, the FBI often asks the NSA for a big chunk of data that the NSA probably shouldn't have in the first place -- including tons of Americans' communications, and the FBI gets to dump it into the same database that it is free to query. And the FBI tracks none of this, other than to say that it believes that there are a "substantial" number of such queries. This would seem to be a pretty blatant attempt to end run around the 4th Amendment, giving the FBI broad access to searching through the communications of Americans with what appears to be almost no oversight. Yikes! Oh, and it's not just the NSA, but the CIA as well. Remember, the CIA is not supposed to be doing any surveillance on US persons (like the NSA), but that's not what's happening at all. At least the CIA tracks some (but not all) of its abuse of backdoor searches:
  • ...5 more annotations...
  • The FBI does not track how many queries it conducts using U.S. person identifiers. The FBI is responsible for identifying and countering threats to the homeland, such as terrorism pilots and espionage, inside the U.S. Unlike other IC agencies, because of its domestic mission, the FBI routinely deals with information about US persons and is expected to look for domestic connections to threats emanating from abroad, including threats involving Section 702 non-US. person targets. To fulfill its mission and avoid missing connections within the information lawfully in its possession, the FBI does not distinguish between U.S. and non- U.S. persons for purposes of querying Section 702 collection. It should be noted that the FBI does not receive all of Section 702 collection; rather, the FBI only requests and receives a small percentage of total Section 702 collection and only for those selectors in which the FBI has an investigative interest. Moreover, because the FBI stores Section 702 collection in the same database as its "traditional" FISA collection, a query of "traditional" FISA collection will also query Section 702 collection. In addition, the FBI routinely conducts queries across its databases in an effort to locate relevant information that is already in its possession when it opens new national security investigations and assessments. Therefore, the FBI believes the number of queries is substantial. However, only FBI personnel trained in the Section 702 minimization procedures are able to View any Section 702 collection that is responsive to any query.
  • In calendar year 2013, CIA conducted fewer than 1900 queries of Section 702-acquired communications using specific U.S. person identifiers as query terms or other more general query terms if they are intended to return information about a particular U.S. person. Of that total number approximately 40% were conducted as a result of requests for counterterrorism-related information from other U.S. intelligence agencies. Approximately 27% of the total number are duplicative or recurring queries conducted at different times using the same identifiers but that CIA nonetheless counts as separate queries. CIA also uses U.S. person identifiers to conduct metadata-only queries against metadata derived from the FISA Section 702 collection. However, the CIA does not track the number of metadata-only queries using U.S. person identifiers.
  • So, the CIA is doing these kinds of warrantless fishing expeditions into the communications of Americans as well, but at least the CIA tracks how often it's doing so. Of course, when it comes to metadata searches, the CIA doesn't bother. It's also a bit bizarre that the CIA is apparently carrying out a bunch of those searches for "other U.S. intelligence agencies," when the CIA should be especially limited in its ability to do these searches in the first place. Senator Wyden has responded to these revelations by pointing out how "flawed" the oversight system is that these have been allowed:
  • When the FBI says it conducts a substantial number of searches and it has no idea of what the number is, it shows how flawed this system is and the consequences of inadequate oversight. This huge gap in oversight is a problem now, and will only grow as global communications systems become more interconnected. The findings transmitted to me raise questions about whether the FBI is exercising any internal controls over the use of backdoor searches including who and how many government employees can access the personal data of individual Americans. I intend to follow this up until it is fixed.
  • Hopefully, now you are starting to recognize what a big deal it was last week when the House of Representatives recently voted to defund the ability to do these kinds of backdoor searches. Still, much more needs to be done. Oh, and in case you're wondering why Clapper finally 'fessed up to the FBI and CIA making use of these data to warrantlessly spy on Americans, it's worth noting that the Privacy and Civil Liberties Oversight Board (PCLOB) is expected to come out with its report on the Section 702 surveillance program on July 2nd (7/02, get it?). It seems likely that the report will discuss these backdoor searches on Americans and how other agencies besides the NSA has been involved in the practice.
  • Paul Merrell on 01 Jul 14
     
    Note to self: Look for the new PCLOB report in the morning. 
Paul Merrell

Israel Spied on Iran Nuclear Talks With U.S. - WSJ - 0 views

www.wsj.com/...spied-on-iran-talks-1427164201

war & peace surveillance state Israel spying Iran-negotiations leaks-to-Congress

shared by Paul Merrell on 24 Mar 15 - No Cached
  • Soon after the U.S. and other major powers entered negotiations last year to curtail Iran’s nuclear program, senior White House officials learned Israel was spying on the closed-door talks. The spying operation was part of a broader campaign by Israeli Prime Minister Benjamin Netanyahu’s government to penetrate the negotiations and then help build a case against the emerging terms of the deal, current and former U.S. officials said. In addition to eavesdropping, Israel acquired information from confidential U.S. briefings, informants and diplomatic contacts in Europe, the officials said.
  • The espionage didn’t upset the White House as much as Israel’s sharing of inside information with U.S. lawmakers and others to drain support from a high-stakes deal intended to limit Iran’s nuclear program, current and former officials said. “It is one thing for the U.S. and Israel to spy on each other. It is another thing for Israel to steal U.S. secrets and play them back to U.S. legislators to undermine U.S. diplomacy,” said a senior U.S. official briefed on the matter.
  • The U.S. and Israel, longtime allies who routinely swap information on security threats, sometimes operate behind the scenes like spy-versus-spy rivals. The White House has largely tolerated Israeli snooping on U.S. policy makers—a posture Israel takes when the tables are turned. The White House discovered the operation, in fact, when U.S. intelligence agencies spying on Israel intercepted communications among Israeli officials that carried details the U.S. believed could have come only from access to the confidential talks, officials briefed on the matter said. Israeli officials denied spying directly on U.S. negotiators and said they received their information through other means, including close surveillance of Iranian leaders receiving the latest U.S. and European offers. European officials, particularly the French, also have been more transparent with Israel about the closed-door discussions than the Americans, Israeli and U.S. officials said.
  • ...11 more annotations...
  • Mr. Netanyahu and Israeli Ambassador Ron Dermer early this year saw a rapidly closing window to increase pressure on Mr. Obama before a key deadline at the end of March, Israeli officials said. Using levers of political influence unique to Israel, Messrs. Netanyahu and Dermer calculated that a lobbying campaign in Congress before an announcement was made would improve the chances of killing or reshaping any deal. They knew the intervention would damage relations with the White House, Israeli officials said, but decided that was an acceptable cost. The campaign may not have worked as well as hoped, Israeli officials now say, because it ended up alienating many congressional Democrats whose support Israel was counting on to block a deal. Obama administration officials, departing from their usual description of the unbreakable bond between the U.S. and Israel, have voiced sharp criticism of Messrs. Netanyahu and Dermer to describe how the relationship has changed.
  • “People feel personally sold out,” a senior administration official said. “That’s where the Israelis really better be careful because a lot of these people will not only be around for this administration but possibly the next one as well.” This account of the Israeli campaign is based on interviews with more than a dozen current and former U.S. and Israeli diplomats, intelligence officials, policy makers and lawmakers. Weakened ties Distrust between Mr. Netanyahu and Mr. Obama had been growing for years but worsened when Mr. Obama launched secret talks with Iran in 2012. The president didn’t tell Mr. Netanyahu because of concerns about leaks, helping set the stage for the current standoff, according to current and former U.S. and Israeli officials. U.S. officials said Israel has long topped the list of countries that aggressively spy on the U.S., along with China, Russia and France. The U.S. expends more counterintelligence resources fending off Israeli spy operations than any other close ally, U.S. officials said.
  • A senior official in the prime minister’s office said Monday: “These allegations are utterly false. The state of Israel does not conduct espionage against the United States or Israel’s other allies. The false allegations are clearly intended to undermine the strong ties between the United States and Israel and the security and intelligence relationship we share.” Current and former Israeli officials said their intelligence agencies scaled back their targeting of U.S. officials after the jailing nearly 30 years ago of American Jonathan Pollard for passing secrets to Israel. While U.S. officials may not be direct targets, current and former officials said, Israeli intelligence agencies sweep up communications between U.S. officials and parties targeted by the Israelis, including Iran. Americans shouldn’t be surprised, said a person familiar with the Israeli practice, since U.S. intelligence agencies helped the Israelis build a system to listen in on high-level Iranian communications.
  • As secret talks with Iran progressed into 2013, U.S. intelligence agencies monitored Israel’s communications to see if the country knew of the negotiations. Mr. Obama didn’t tell Mr. Netanyahu until September 2013. Israeli officials, who said they had already learned about the talks through their own channels, told their U.S. counterparts they were upset about being excluded. “ ‘Did the administration really believe we wouldn’t find out?’ ” Israeli officials said, according to a former U.S. official.
  • The episode cemented Mr. Netanyahu’s concern that Mr. Obama was bent on clinching a deal with Iran whether or not it served Israel’s best interests, Israeli officials said. Obama administration officials said the president was committed to preventing Iran from developing nuclear weapons. Mr. Dermer started lobbying U.S. lawmakers just before the U.S. and other powers signed an interim agreement with Iran in November 2013. Mr. Netanyahu and Mr. Dermer went to Congress after seeing they had little influence on the White House. Before the interim deal was made public, Mr. Dermer gave lawmakers Israel’s analysis: The U.S. offer would dramatically undermine economic sanctions on Iran, according to congressional officials who took part. After learning about the briefings, the White House dispatched senior officials to counter Mr. Dermer. The officials told lawmakers that Israel’s analysis exaggerated the sanctions relief by as much as 10 times, meeting participants said.
  • When the next round of negotiations with Iran started in Switzerland last year, U.S. counterintelligence agents told members of the U.S. negotiating team that Israel would likely try to penetrate their communications, a senior Obama administration official said. The U.S. routinely shares information with its European counterparts and others to coordinate negotiating positions. While U.S. intelligence officials believe secured U.S. communications are relatively safe from the Israelis, they say European communications are vulnerable. Mr. Netanyahu and his top advisers received confidential updates on the Geneva talks from Undersecretary of State for Political Affairs Wendy Sherman and other U.S. officials, who knew at the time that Israeli intelligence was working to fill in any gaps. The White House eventually curtailed the briefings, U.S. officials said, withholding sensitive information for fear of leaks. Current and former Israeli officials said their intelligence agencies can get much of the information they seek by targeting Iranians and others in the region who are communicating with countries in the talks. In November, the Israelis learned the contents of a proposed deal offered by the U.S. but ultimately rejected by Iran, U.S. and Israeli officials said. Israeli officials told their U.S. counterparts the terms offered insufficient protections.
  • U.S. officials urged the Israelis to give the negotiations a chance. But Mr. Netanyahu’s top advisers concluded the emerging deal was unacceptable. The White House was making too many concessions, Israeli officials said, while the Iranians were holding firm. Obama administration officials reject that view, saying Israel was making impossible demands that Iran would never accept. “The president has made clear time and again that no deal is better than a bad deal,” a senior administration official said. In January, Mr. Netanyahu told the White House his government intended to oppose the Iran deal but didn’t explain how, U.S. and Israeli officials said. On Jan. 21, House Speaker John Boehner (R., Ohio) announced Mr. Netanyahu would address a joint meeting of Congress. That same day, Mr. Dermer and other Israeli officials visited Capitol Hill to brief lawmakers and aides, seeking a bipartisan coalition large enough to block or amend any deal. Most Republicans were already prepared to challenge the White House on the negotiations, so Mr. Dermer focused on Democrats. “This deal is bad,” he said in one briefing, according to participants.
  • A spokesman for the Israeli embassy in Washington, Aaron Sagui, said Mr. Dermer didn’t launch a special campaign on Jan 21. Mr. Dermer, the spokesperson said, has “consistently briefed both Republican and Democrats, senators and congressmen, on Israel’s concerns regarding the Iran negotiations for over a year.” Mr. Dermer and other Israeli officials over the following weeks gave lawmakers and their aides information the White House was trying to keep secret, including how the emerging deal could allow Iran to operate around 6,500 centrifuges, devices used to process nuclear material, said congressional officials who attended the briefings. The Israeli officials told lawmakers that Iran would also be permitted to deploy advanced IR-4 centrifuges that could process fuel on a larger scale, meeting participants and administration officials said. Israeli officials said such fuel, which under the emerging deal would be intended for energy plants, could be used to one day build nuclear bombs. The information in the briefings, Israeli officials said, was widely known among the countries participating in the negotiations. When asked in February during one briefing where Israel got its inside information, the Israeli officials said their sources included the French and British governments, as well as their own intelligence, according to people there.
  • “Ambassador Dermer never shared confidential intelligence information with members of Congress,” Mr. Sagui said. “His briefings did not include specific details from the negotiations, including the length of the agreement or the number of centrifuges Iran would be able to keep.” Current and former U.S. officials confirmed that the number and type of centrifuges cited in the briefings were part of the discussions. But they said the briefings were misleading because Israeli officials didn’t disclose concessions asked of Iran. Those included giving up stockpiles of nuclear material, as well as modifying the advanced centrifuges to slow output, these officials said. The administration didn’t brief lawmakers on the centrifuge numbers and other details at the time because the information was classified and the details were still in flux, current and former U.S. officials said. Unexpected reaction The congressional briefings and Mr. Netanyahu’s decision to address a joint meeting of Congress on the emerging deal sparked a backlash among many Democratic lawmakers, congressional aides said.
  • On Feb. 3, Mr. Dermer huddled with Sen. Joe Manchin, a West Virginia Democrat, who said he told Mr. Dermer it was a breach of protocol for Mr. Netanyahu to accept an invitation from Mr. Boehner without going through the White House. Mr. Manchin said he told Mr. Dermer he would attend the prime minister’s speech to Congress, but he was noncommittal about supporting any move by Congress to block a deal. Mr. Dermer spent the following day doing damage control with Sen. Kirsten Gillibrand, a New York Democrat, congressional aides said. Two days later, Mr. Dermer met with Sen. Dianne Feinstein of California, the top Democrat on the SenateIntelligence Committee, at her Washington, D.C., home. He pressed for her support because he knew that she, too, was angry about Mr. Netanyahu’s planned appearance. Ms. Feinstein said afterward she would oppose legislation allowing Congress to vote down an agreement.
  • Congressional aides and Israeli officials now say Israel’s coalition in Congress is short the votes needed to pass legislation that could overcome a presidential veto, although that could change. In response, Israeli officials said, Mr. Netanyahu was pursuing other ways to pressure the White House. This week, Mr. Netanyahu sent a delegation to France, which has been more closely aligned with Israel on the nuclear talks and which could throw obstacles in Mr. Obama’s way before a deal is signed. The Obama administration, meanwhile, is stepping up its outreach to Paris to blunt the Israeli push. “If you’re wondering whether something serious has shifted here, the answer is yes,” a senior U.S. official said. “These things leave scars.”
  • Paul Merrell on 24 Mar 15
     
    Obama is moving preemptively to blunt Israel's influence in Congress on the Iran negotiation.
Paul Merrell

Cybersecurity Information Sharing: A Legal Morass, Says CRS - 0 views

fas.org/...info-sharing-crs

cybersecurity legislation CRS nuclear-weapons

shared by Paul Merrell on 25 Mar 15 - No Cached
  • Several pending bills would promote increased sharing of cybersecurity-related information — such as threat intelligence and system vulnerabilities — in order to combat the perceived rise in the frequency and intensity of cyber attacks against private and government entities. But such information sharing is easier said than done, according to a new report from the Congressional Research Service, because it involves a thicket of conflicting and perhaps incompatible laws and policy objectives. “The legal issues surrounding cybersecurity information sharing… are complex and have few certain resolutions.” A copy of the CRS report was obtained by Secrecy News. See Cybersecurity and Information Sharing: Legal Challenges and Solutions, March 16, 2015. Cyber information sharing takes at least three different forms: the release of cyber intelligence from government to the private sector, information sharing among private entities, and the transfer of threat information from private entities to government agencies.
  • “While collectively these three variants on the concept of cyber-information sharing have some commonalities, each also raises separate legal challenges that may impede cyber-intelligence dissemination more generally,” said the CRS report, which examines the legal ramifications of each category in turn. Among the concerns at issue are: the potential for liability associate with disclosure of cybersecurity information, inappropriate release of private information through open government laws, loss of intellectual property, and potential compromise of personal privacy rights. All of these create a legal morass that may be unreconcilable. “A fundamental question lawmakers may need to contemplate is how restrictions that require close government scrutiny and control over shared cyber-information can be squared with other goals of cyber-information sharing legislation, like requirements that received information be disseminated in an almost instantaneous fashion,” the CRS report said.
  • “Ultimately, because the goals of cyber-information legislation are often diametrically opposed, it may simply be impossible for information sharing legislation to simultaneously promote the rapid and robust collection and dissemination of cyber-intelligence by the federal government, while also ensuring that the government respects the property and privacy interests implicated by such information sharing,” the report said. Other new or newly updated CRS reports that Congress has withheld from public distribution include the following. Cybersecurity: Authoritative Reports and Resources, by Topic, March 13, 2015
  • ...1 more annotation...
  • U.S. Strategic Nuclear Forces: Background, Developments, and Issues, March 18, 2015
clausonlaw22

How Much Does Mental Health Disability Pay In 2023 - 0 views

www.clausonlaw.com/...-health-disability-pay-in-2023

Social Security Disability Lawyers SSD Social Security attorneys

shared by clausonlaw22 on 31 Mar 23 - No Cached
  • clausonlaw22 on 31 Mar 23
     
    How Much Does Mental Health Disability Pay In 2023 Social Security Disability Insurance (SSDI or SSD) is the sole source of income for millions of Americans who are unable to work due to a non-work-related injury or illness. SSDI benefits are available only to workers and former workers with a substantial employment history. Both physical and mental disabilities are covered under the Social Security Act. While SSDI pays the same benefits for qualifying mental impairments as it does for physical impairments, the amount each individual receives in benefits depends on their history of earnings. This blog post will explain how Social Security defines qualifying disabilities, including mental impairments, and determines each individual's benefit payment. At The Clauson Law Firm, we know how important it is for every disability applicant and benefit recipient to understand how their benefits are arrived at, what affects their continued benefits, and how their benefits can change over time. Contact Clauson Law today if you have questions about qualifying for SSDI benefits or need help filing a claim or appealing a denial. We've helped thousands of disabled people across the U.S. with their disability claims. Mental Impairments And Social Security Disability More than 40% of SSD cases in the United States have some mental health or intellectual impairment as a component in the claim. Mental health impairments can result from an almost unlimited array of circumstances, including traumatic stress; depression; genetic predisposition to depression, bipolar disorder, or schizophrenia; or traumatic brain injury (TBI); one of the many forms of dementia; and others. The ways in which mental impairments affect the person suffering can often interfere with their ability to perform work on a regular basis. These are discussed in detail in the section "Common Mental Disabilities that May Qualify for SSDI" below. But first, let's look at how you qualify for SSD benefits and how you
  • clausonlaw22 on 31 Mar 23
     
    How Much Does Mental Health Disability Pay In 2023
Paul Merrell

Most Agencies Falling Short on Mandate for Online Records - 0 views

www2.gwu.edu/...NSAEBB505

eFOIA FOIA audit National-Security-Archives agency-compliance

shared by Paul Merrell on 14 Mar 15 - No Cached
  • Nearly 20 years after Congress passed the Electronic Freedom of Information Act Amendments (E-FOIA), only 40 percent of agencies have followed the law's instruction for systematic posting of records released through FOIA in their electronic reading rooms, according to a new FOIA Audit released today by the National Security Archive at www.nsarchive.org to mark Sunshine Week. The Archive team audited all federal agencies with Chief FOIA Officers as well as agency components that handle more than 500 FOIA requests a year — 165 federal offices in all — and found only 67 with online libraries populated with significant numbers of released FOIA documents and regularly updated.
  • Congress called on agencies to embrace disclosure and the digital era nearly two decades ago, with the passage of the 1996 "E-FOIA" amendments. The law mandated that agencies post key sets of records online, provide citizens with detailed guidance on making FOIA requests, and use new information technology to post online proactively records of significant public interest, including those already processed in response to FOIA requests and "likely to become the subject of subsequent requests." Congress believed then, and openness advocates know now, that this kind of proactive disclosure, publishing online the results of FOIA requests as well as agency records that might be requested in the future, is the only tenable solution to FOIA backlogs and delays. Thus the National Security Archive chose to focus on the e-reading rooms of agencies in its latest audit. Even though the majority of federal agencies have not yet embraced proactive disclosure of their FOIA releases, the Archive E-FOIA Audit did find that some real "E-Stars" exist within the federal government, serving as examples to lagging agencies that technology can be harnessed to create state-of-the art FOIA platforms. Unfortunately, our audit also found "E-Delinquents" whose abysmal web performance recalls the teletype era.
  • E-Delinquents include the Office of Science and Technology Policy at the White House, which, despite being mandated to advise the President on technology policy, does not embrace 21st century practices by posting any frequently requested records online. Another E-Delinquent, the Drug Enforcement Administration, insults its website's viewers by claiming that it "does not maintain records appropriate for FOIA Library at this time."
  • ...9 more annotations...
  • "The presumption of openness requires the presumption of posting," said Archive director Tom Blanton. "For the new generation, if it's not online, it does not exist." The National Security Archive has conducted fourteen FOIA Audits since 2002. Modeled after the California Sunshine Survey and subsequent state "FOI Audits," the Archive's FOIA Audits use open-government laws to test whether or not agencies are obeying those same laws. Recommendations from previous Archive FOIA Audits have led directly to laws and executive orders which have: set explicit customer service guidelines, mandated FOIA backlog reduction, assigned individualized FOIA tracking numbers, forced agencies to report the average number of days needed to process requests, and revealed the (often embarrassing) ages of the oldest pending FOIA requests. The surveys include:
  • The federal government has made some progress moving into the digital era. The National Security Archive's last E-FOIA Audit in 2007, " File Not Found," reported that only one in five federal agencies had put online all of the specific requirements mentioned in the E-FOIA amendments, such as guidance on making requests, contact information, and processing regulations. The new E-FOIA Audit finds the number of agencies that have checked those boxes is now much higher — 100 out of 165 — though many (66 in 165) have posted just the bare minimum, especially when posting FOIA responses. An additional 33 agencies even now do not post these types of records at all, clearly thwarting the law's intent.
  • The FOIAonline Members (Department of Commerce, Environmental Protection Agency, Federal Labor Relations Authority, Merit Systems Protection Board, National Archives and Records Administration, Pension Benefit Guaranty Corporation, Department of the Navy, General Services Administration, Small Business Administration, U.S. Citizenship and Immigration Services, and Federal Communications Commission) won their "E-Star" by making past requests and releases searchable via FOIAonline. FOIAonline also allows users to submit their FOIA requests digitally.
  • THE E-DELINQUENTS: WORST OVERALL AGENCIES In alphabetical order
  • Key Findings
  • Excuses Agencies Give for Poor E-Performance
  • Justice Department guidance undermines the statute. Currently, the FOIA stipulates that documents "likely to become the subject of subsequent requests" must be posted by agencies somewhere in their electronic reading rooms. The Department of Justice's Office of Information Policy defines these records as "frequently requested records… or those which have been released three or more times to FOIA requesters." Of course, it is time-consuming for agencies to develop a system that keeps track of how often a record has been released, which is in part why agencies rarely do so and are often in breach of the law. Troublingly, both the current House and Senate FOIA bills include language that codifies the instructions from the Department of Justice. The National Security Archive believes the addition of this "three or more times" language actually harms the intent of the Freedom of Information Act as it will give agencies an easy excuse ("not requested three times yet!") not to proactively post documents that agency FOIA offices have already spent time, money, and energy processing. We have formally suggested alternate language requiring that agencies generally post "all records, regardless of form or format that have been released in response to a FOIA request."
  • Disabilities Compliance. Despite the E-FOIA Act, many government agencies do not embrace the idea of posting their FOIA responses online. The most common reason agencies give is that it is difficult to post documents in a format that complies with the Americans with Disabilities Act, also referred to as being "508 compliant," and the 1998 Amendments to the Rehabilitation Act that require federal agencies "to make their electronic and information technology (EIT) accessible to people with disabilities." E-Star agencies, however, have proven that 508 compliance is no barrier when the agency has a will to post. All documents posted on FOIAonline are 508 compliant, as are the documents posted by the Department of Defense and the Department of State. In fact, every document created electronically by the US government after 1998 should already be 508 compliant. Even old paper records that are scanned to be processed through FOIA can be made 508 compliant with just a few clicks in Adobe Acrobat, according to this Department of Homeland Security guide (essentially OCRing the text, and including information about where non-textual fields appear). Even if agencies are insistent it is too difficult to OCR older documents that were scanned from paper, they cannot use that excuse with digital records.
  • Privacy. Another commonly articulated concern about posting FOIA releases online is that doing so could inadvertently disclose private information from "first person" FOIA requests. This is a valid concern, and this subset of FOIA requests should not be posted online. (The Justice Department identified "first party" requester rights in 1989. Essentially agencies cannot use the b(6) privacy exemption to redact information if a person requests it for him or herself. An example of a "first person" FOIA would be a person's request for his own immigration file.) Cost and Waste of Resources. There is also a belief that there is little public interest in the majority of FOIA requests processed, and hence it is a waste of resources to post them. This thinking runs counter to the governing principle of the Freedom of Information Act: that government information belongs to US citizens, not US agencies. As such, the reason that a person requests information is immaterial as the agency processes the request; the "interest factor" of a document should also be immaterial when an agency is required to post it online. Some think that posting FOIA releases online is not cost effective. In fact, the opposite is true. It's not cost effective to spend tens (or hundreds) of person hours to search for, review, and redact FOIA requests only to mail it to the requester and have them slip it into their desk drawer and forget about it. That is a waste of resources. The released document should be posted online for any interested party to utilize. This will only become easier as FOIA processing systems evolve to automatically post the documents they track. The State Department earned its "E-Star" status demonstrating this very principle, and spent no new funds and did not hire contractors to build its Electronic Reading Room, instead it built a self-sustaining platform that will save the agency time and money going forward.
Paul Merrell

Hackers Stole Secrets of U.S. Government Workers' Sex Lives - The Daily Beast - 0 views

www.thedailybeast.com/...ernment-workers-sex-lives.html

surveillance state OPM-computer-breach Snowden China

shared by Paul Merrell on 26 Jun 15 - No Cached
  • It was already being described as the worst hack of the U.S. government in history. And it just got much worse.A senior U.S. official has confirmed that foreign hackers compromised the intimate personal details of an untold number of government workers. Likely included in the hackers’ haul: information about workers’ sexual partners, drug and alcohol abuse, debts, gambling compulsions, marital troubles, and any criminal activity.Those details, which are now presumed to be in the hands of Chinese spies, are found in the so-called “adjudication information” that U.S. investigators compile on government employees and contractors who are applying for security clearances. The exposure suggests that the massive computer breach at the Office of Personnel Management is more significant and potentially damaging to national security than officials have previously said.
  • Three former U.S. intelligence officials told The Daily Beast that the adjudication information would effectively provide dossiers on current and former government employees, as well as contractors. It gives foreign intelligence agencies a roadmap for finding people with access to the government’s most highly classified secrets.Obama administration officials had previously acknowledged the breach of information that applicants voluntarily disclose on a routine questionnaire, called Standard Form 86, but the theft of the more detailed and wide-ranging adjudication information appears to have gone overlooked.
  • “Whoever compromised the adjudication information is going to have clear knowledge, beyond what’s in the SF86, about who the best targets for espionage are in the United States,” Michael Adams, a computer security expert who served more than two decades in the U.S. Special Operations Command, told The Daily Beast. “This is the most successful cyber attack in the history of the United States,” owing to the amount and quality of the information that was stolen, Adams said. U.S. intelligence officers spend years trying to recruit foreign spies to gather the kinds of details and insights that are contained in adjudication information, one former senior U.S. official said. This official, who requested anonymity, added that adjudication information would give foreign intelligence services “enormous leverage” over U.S. personnel whom they might forcibly interrogate for information or try to recruit.
  • ...4 more annotations...
  • The adjudication process had a broad scope, taking into account the SF86 questionnaire, reports from background investigations, interviews with the applicant's family members and associates, his or her employment history, and for people seeking high-level clearances, the results of polygraph investigations.Seymour said such records “span an employee’s career” and could stretch back as far as 30 years. Officials have said that as many as 18 million people may have been affected by the breach. Asked specifically what information the hackers had obtained, Seymour told lawmakers that she preferred to answer later in a “classified session.” Seymour didn’t specify how many people’s information was stolen. But the OPM oversees background investigations, which comprise a key part of the adjudication process, for more than 90 percent of security clearance applicants, according to the Congressional Research Service. An OPM spokesman didn’t respond to a request for comment in time for publication.
  • A former senior U.S. intelligence official, who asked to remain anonymous, said the OPM breach would cause more damage to national security operations and personnel than the leaks by Edward Snowden about classified surveillance by the National Security Agency.“This is worse than Snowden, because at least programs that were running before the leaks could be replaced or rebuilt,” the former official said. “But OPM, that’s the gift that keeps on giving. You can’t rebuild people.”Adjudicators are in a powerful position because in deciding whether to recommend granting a security clearance, they have access to the entire scope of an applicant’s file and are told to make a subjective analysis.“The adjudication process is the careful weighing of a number of variables known as the whole-person concept,” according to official guidelines. “Available, reliable information about the person, past and present, favorable and unfavorable, should be considered in reaching a determination.”
  • By design, adjudication is an invasive process, meant to unearth risk factors including drug and alcohol abuse, extramarital affairs, a history of violence, and other events that speak to a person’s “trustworthiness” and their susceptibility to blackmail or being recruited to spy for a foreign government.For instance, “compulsive gambling is a concern, as it may lead to financial crimes including espionage,” the guidelines say. Adjudicators are told to note “a pattern of compulsive, self-destructive, or high risk sexual behavior,” “relapse after diagnosis of alcohol abuse,” and “emotionally unstable, irresponsible, dysfunctional, violent, paranoid, or bizarre behavior,” among other warning signs in 13 categories. Some of the embarrassing personal details found in some adjudications have been made public. That’s what happens after an applicant who was denied a security clearance launched an appeal.
  • Armed with such intimate details of a person’s worst moments, foreign spies would have unprecedented advantage against their U.S. adversaries. And the news is especially bad for people who hold the highest levels of clearance, which require more rigorous background checks, noted Adams, the computer security expert. “The higher up you go in your sensitivity levels, the more data that’s in your adjudication file,” he said.
Paul Merrell

Information Awareness Office - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Information_Awareness_Office

surveillance state NSA DARPA Poindexter lies

shared by Paul Merrell on 23 Jun 13 - No Cached
  • The Information Awareness Office (IAO) was established by the Defense Advanced Research Projects Agency (DARPA) in January 2002 to bring together several DARPA projects focused on applying surveillance and information technology to track and monitor terrorists and other asymmetric threats to U.S. national security, by achieving Total Information Awareness (TIA). This would be achieved by creating enormous computer databases to gather and store the personal information of everyone in the United States, including personal e-mails, social networks, credit card records, phone calls, medical records, and numerous other sources, without any requirement for a search warrant.[1] This information would then be analyzed to look for suspicious activities, connections between individuals, and "threats".[2] Additionally, the program included funding for biometric surveillance technologies that could identify and track individuals using surveillance cameras, and other methods.[2] Following public criticism that the development and deployment of this technology could potentially lead to a mass surveillance system, the IAO was defunded by Congress in 2003. However, several IAO projects continued to be funded, and merely run under different names.[3][4][5][6]
  • The IAO was established after Admiral John Poindexter, former United States National Security Advisor to President Ronald Reagan, and SAIC executive Brian Hicks approached the US Department of Defense with the idea for an information awareness program after the attacks of September 11, 2001.[5] Poindexter and Hicks had previously worked together on intelligence-technology programs for the Defense Advanced Research Projects Agency. DARPA agreed to host the program and appointed Poindexter to run it in 2002. The IAO began funding research and development of the Total Information Awareness (TIA) Program in February 2003 but renamed the program the Terrorism Information Awareness Program in May that year after an adverse media reaction to the program's implications for public surveillance. Although TIA was only one of several IAO projects, many critics and news reports conflated TIA with other related research projects of the IAO, with the result that TIA came in popular usage to stand for an entire subset of IAO programs. The TIA program itself was the "systems-level" program of the IAO that intended to integrate information technologies into a prototype system to provide tools to better detect, classify, and identify potential foreign terrorists with the goal to increase the probability that authorized agencies of the United States could preempt adverse actions. As a systems-level program of programs, TIA's goal was the creation of a "counterterrorism information architecture" that integrated technologies from other IAO programs (and elsewhere, as appropriate). The TIA program was researching, developing, and integrating technologies to virtually aggregate data, to follow subject-oriented link analysis, to develop descriptive and predictive models through data mining or human hypothesis, and to apply such models to additional datasets to identify terrorists and terrorist groups.
  • Among the other IAO programs that were intended to provide TIA with component data aggregation and automated analysis technologies were the Genisys, Genisys Privacy Protection, Evidence Extraction and Link Discovery, and Scalable Social Network Analysis programs. On August 2, 2002, Dr. Poindexter gave a speech at DARPAtech 2002 entitled "Overview of the Information Awareness Office"[7] in which he described the TIA program. In addition to the program itself, the involvement of Poindexter as director of the IAO also raised concerns among some, since he had been earlier convicted of lying to Congress and altering and destroying documents pertaining to the Iran-Contra Affair, although those convictions were later overturned on the grounds that the testimony used against him was protected.
  • ...1 more annotation...
  • On January 16, 2003, Senator Russ Feingold introduced legislation to suspend the activity of the IAO and the Total Information Awareness program pending a Congressional review of privacy issues involved.[8] A similar measure introduced by Senator Ron Wyden would have prohibited the IAO from operating within the United States unless specifically authorized to do so by Congress, and would have shut the IAO down entirely 60 days after passage unless either the Pentagon prepared a report to Congress assessing the impact of IAO activities on individual privacy and civil liberties or the President certified the program's research as vital to national security interests. In February 2003, Congress passed legislation suspending activities of the IAO pending a Congressional report of the office's activities (Consolidated Appropriations Resolution, 2003, No.108–7, Division M, §111(b) [signed Feb. 20, 2003]). In response to this legislation, DARPA provided Congress on May 20, 2003 with a report on its activities.[9] In this report, IAO changed the name of the program to the Terrorism Information Awareness Program and emphasized that the program was not designed to compile dossiers on US citizens, but rather to research and develop the tools that would allow authorized agencies to gather information on terrorist networks. Despite the name change and these assurances, the critics continued to see the system as prone to potential misuse or abuse. As a result House and Senate negotiators moved to prohibit further funding for the TIA program by adding provisions to the Department of Defense Appropriations Act, 2004[10] (signed into law by President Bush on October 1, 2003). Further, the Joint Explanatory Statement included in the conference committee report specifically directed that the IAO as program manager for TIA be terminated immediately.[11]
  • Paul Merrell on 23 Jun 13
     
    What became today's NSA programs of public concern were the brain child of Admiral John Poindexter and a private sector compadre. U.S. v. Poindexter, 951 F.2d 369, 390 (D.C. Cir. 1991). Poindexter had previously been convicted on five criminal counts involving lying to Congress and destruction and alteration of evidence.  His convictions were overturned on appeal on grounds that some of the testimony against him had been immunized from use in prosecution by Congress. There was no claim on appeal that any such evidence had been false.  86 U.S. v. Poindexter, 951 F.2d 369, 390 (D.C. Cir. 1991), . For far more detail of the evidence against Poindexter, see the August 4, 1993 final report by independent prosecutor Lawrence Walsh, Vol 1, Part 4 section 3, .  So one might say that today's controversial NSA activities were the idea of and conceived by a government official more than willing to lie to Congress and  to destroy and alter evidence. 
Paul Merrell

The Latest Rules on How Long NSA Can Keep Americans' Encrypted Data Look Too Familiar |... - 0 views

justsecurity.org/...s-hold-encrypted-data-familiar

surveillance state NSA IAA-2015 Sect-309 legislation

shared by Paul Merrell on 26 Jan 15 - No Cached
  • Does the National Security Agency (NSA) have the authority to collect and keep all encrypted Internet traffic for as long as is necessary to decrypt that traffic? That was a question first raised in June 2013, after the minimization procedures governing telephone and Internet records collected under Section 702 of the Foreign Intelligence Surveillance Act were disclosed by Edward Snowden. The issue quickly receded into the background, however, as the world struggled to keep up with the deluge of surveillance disclosures. The Intelligence Authorization Act of 2015, which passed Congress this last December, should bring the question back to the fore. It established retention guidelines for communications collected under Executive Order 12333 and included an exception that allows NSA to keep ‘incidentally’ collected encrypted communications for an indefinite period of time. This creates a massive loophole in the guidelines. NSA’s retention of encrypted communications deserves further consideration today, now that these retention guidelines have been written into law. It has become increasingly clear over the last year that surveillance reform will be driven by technological change—specifically by the growing use of encryption technologies. Therefore, any legislation touching on encryption should receive close scrutiny.
  • Section 309 of the intel authorization bill describes “procedures for the retention of incidentally acquired communications.” It establishes retention guidelines for surveillance programs that are “reasonably anticipated to result in the acquisition of [telephone or electronic communications] to or from a United States person.” Communications to or from a United States person are ‘incidentally’ collected because the U.S. person is not the actual target of the collection. Section 309 states that these incidentally collected communications must be deleted after five years unless they meet a number of exceptions. One of these exceptions is that “the communication is enciphered or reasonably believed to have a secret meaning.” This exception appears to be directly lifted from NSA’s minimization procedures for data collected under Section 702 of FISA, which were declassified in 2013. 
  • While Section 309 specifically applies to collection taking place under E.O. 12333, not FISA, several of the exceptions described in Section 309 closely match exceptions in the FISA minimization procedures. That includes the exception for “enciphered” communications. Those minimization procedures almost certainly served as a model for these retention guidelines and will likely shape how this new language is interpreted by the Executive Branch. Section 309 also asks the heads of each relevant member of the intelligence community to develop procedures to ensure compliance with new retention requirements. I expect those procedures to look a lot like the FISA minimization guidelines.
  • ...6 more annotations...
  • This language is broad, circular, and technically incoherent, so it takes some effort to parse appropriately. When the minimization procedures were disclosed in 2013, this language was interpreted by outside commentators to mean that NSA may keep all encrypted data that has been incidentally collected under Section 702 for at least as long as is necessary to decrypt that data. Is this the correct interpretation? I think so. It is important to realize that the language above isn’t just broad. It seems purposefully broad. The part regarding relevance seems to mirror the rationale NSA has used to justify its bulk phone records collection program. Under that program, all phone records were relevant because some of those records could be valuable to terrorism investigations and (allegedly) it isn’t possible to collect only those valuable records. This is the “to find a needle a haystack, you first have to have the haystack” argument. The same argument could be applied to encrypted data and might be at play here.
  • This exception doesn’t just apply to encrypted data that might be relevant to a current foreign intelligence investigation. It also applies to cases in which the encrypted data is likely to become relevant to a future intelligence requirement. This is some remarkably generous language. It seems one could justify keeping any type of encrypted data under this exception. Upon close reading, it is difficult to avoid the conclusion that these procedures were written carefully to allow NSA to collect and keep a broad category of encrypted data under the rationale that this data might contain the communications of NSA targets and that it might be decrypted in the future. If NSA isn’t doing this today, then whoever wrote these minimization procedures wanted to at least ensure that NSA has the authority to do this tomorrow.
  • There are a few additional observations that are worth making regarding these nominally new retention guidelines and Section 702 collection. First, the concept of incidental collection as it has typically been used makes very little sense when applied to encrypted data. The way that NSA’s Section 702 upstream “about” collection is understood to work is that technology installed on the network does some sort of pattern match on Internet traffic; say that an NSA target uses example@gmail.com to communicate. NSA would then search content of emails for references to example@gmail.com. This could notionally result in a lot of incidental collection of U.S. persons’ communications whenever the email that references example@gmail.com is somehow mixed together with emails that have nothing to do with the target. This type of incidental collection isn’t possible when the data is encrypted because it won’t be possible to search and find example@gmail.com in the body of an email. Instead, example@gmail.com will have been turned into some alternative, indecipherable string of bits on the network. Incidental collection shouldn’t occur because the pattern match can’t occur in the first place. This demonstrates that, when communications are encrypted, it will be much harder for NSA to search Internet traffic for a unique ID associated with a specific target.
  • This lends further credence to the conclusion above: rather than doing targeted collection against specific individuals, NSA is collecting, or plans to collect, a broad class of data that is encrypted. For example, NSA might collect all PGP encrypted emails or all Tor traffic. In those cases, NSA could search Internet traffic for patterns associated with specific types of communications, rather than specific individuals’ communications. This would technically meet the definition of incidental collection because such activity would result in the collection of communications of U.S. persons who aren’t the actual targets of surveillance. Collection of all Tor traffic would entail a lot of this “incidental” collection because the communications of NSA targets would be mixed with the communications of a large number of non-target U.S. persons. However, this “incidental” collection is inconsistent with how the term is typically used, which is to refer to over-collection resulting from targeted surveillance programs. If NSA were collecting all Tor traffic, that activity wouldn’t actually be targeted, and so any resulting over-collection wouldn’t actually be incidental. Moreover, greater use of encryption by the general public would result in an ever-growing amount of this type of incidental collection.
  • This type of collection would also be inconsistent with representations of Section 702 upstream collection that have been made to the public and to Congress. Intelligence officials have repeatedly suggested that search terms used as part of this program have a high degree of specificity. They have also argued that the program is an example of targeted rather than bulk collection. ODNI General Counsel Robert Litt, in a March 2014 meeting before the Privacy and Civil Liberties Oversight Board, stated that “there is either a misconception or a mischaracterization commonly repeated that Section 702 is a form of bulk collection. It is not bulk collection. It is targeted collection based on selectors such as telephone numbers or email addresses where there’s reason to believe that the selector is relevant to a foreign intelligence purpose.” The collection of Internet traffic based on patterns associated with types of communications would be bulk collection; more akin to NSA’s collection of phone records en mass than it is to targeted collection focused on specific individuals. Moreover, this type of collection would certainly fall within the definition of bulk collection provided just last week by the National Academy of Sciences: “collection in which a significant portion of the retained data pertains to identifiers that are not targets at the time of collection.”
  • The Section 702 minimization procedures, which will serve as a template for any new retention guidelines established for E.O. 12333 collection, create a large loophole for encrypted communications. With everything from email to Internet browsing to real-time communications moving to encrypted formats, an ever-growing amount of Internet traffic will fall within this loophole.
  • Paul Merrell on 26 Jan 15
     
    Tucked into a budget authorization act in December without press notice. Section 309 (the Act is linked from the article) appears to be very broad authority for the NSA to intercept any form of telephone or other electronic information in bulk. There are far more exceptions from the five-year retention limitation than the encrypted information exception. When reading this, keep in mind that the U.S. intelligence community plays semantic games to obfuscate what it does. One of its word plays is that communications are not "collected" until an analyst looks at or listens to partiuclar data, even though the data will be searched to find information countless times before it becomes "collected." That searching was the major basis for a decision by the U.S. District Court in Washington, D.C. that bulk collection of telephone communications was unconstitutional: Under the Fourth Amendment, a "search" or "seizure" requiring a judicial warrant occurs no later than when the information is intercepted. That case is on appeal, has been briefed and argued, and a decision could come any time now. Similar cases are pending in two other courts of appeals. Also, an important definition from the new Intelligence Authorization Act: "(a) DEFINITIONS.-In this section: (1) COVERED COMMUNICATION.-The term ''covered communication'' means any nonpublic telephone or electronic communication acquired without the consent of a person who is a party to the communication, including communications in electronic storage."       
Paul Merrell

NSA shares raw intelligence including Americans' data with Israel | World news | The Gu... - 0 views

www.theguardian.com/...personal-data-israel-documents

security state NSA FISA Court Israel Unit-8200 NSA-records Obama lies

shared by Paul Merrell on 19 Sep 13 - No Cached
  • The National Security Agency routinely shares raw intelligence data with Israel without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals.Details of the intelligence-sharing agreement are laid out in a memorandum of understanding between the NSA and its Israeli counterpart that shows the US government handed over intercepted communications likely to contain phone calls and emails of American citizens. The agreement places no legally binding limits on the use of the data by the Israelis.The disclosure that the NSA agreed to provide raw intelligence data to a foreign country contrasts with assurances from the Obama administration that there are rigorous safeguards to protect the privacy of US citizens caught in the dragnet. The intelligence community calls this process "minimization", but the memorandum makes clear that the information shared with the Israelis would be in its pre-minimized state.
  • The deal was reached in principle in March 2009, according to the undated memorandum, which lays out the ground rules for the intelligence sharing.The five-page memorandum, termed an agreement between the US and Israeli intelligence agencies "pertaining to the protection of US persons", repeatedly stresses the constitutional rights of Americans to privacy and the need for Israeli intelligence staff to respect these rights.But this is undermined by the disclosure that Israel is allowed to receive "raw Sigint" – signal intelligence. The memorandum says: "Raw Sigint includes, but is not limited to, unevaluated and unminimized transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadata and content."According to the agreement, the intelligence being shared would not be filtered in advance by NSA analysts to remove US communications. "NSA routinely sends ISNU [the Israeli Sigint National Unit] minimized and unminimized raw collection", it says.
  • In a statement to the Guardian, an NSA spokesperson did not deny that personal data about Americans was included in raw intelligence data shared with the Israelis. But the agency insisted that the shared intelligence complied with all rules governing privacy."Any US person information that is acquired as a result of NSA's surveillance activities is handled under procedures that are designed to protect privacy rights," the spokesperson said.The NSA declined to answer specific questions about the agreement, including whether permission had been sought from the Foreign Intelligence Surveillance (Fisa) court for handing over such material.
  • ...3 more annotations...
  • While NSA documents tout the mutually beneficial relationship of Sigint sharing, another report, marked top secret and dated September 2007, states that the relationship, while central to US strategy, has become overwhelmingly one-sided in favor of Israel."Balancing the Sigint exchange equally between US and Israeli needs has been a constant challenge," states the report, titled 'History of the US – Israel Sigint Relationship, Post-1992'. "In the last decade, it arguably tilted heavily in favor of Israeli security concerns. 9/11 came, and went, with NSA's only true Third Party [counter-terrorism] relationship being driven almost totally by the needs of the partner."
  • In another top-secret document seen by the Guardian, dated 2008, a senior NSA official points out that Israel aggressively spies on the US. "On the one hand, the Israelis are extraordinarily good Sigint partners for us, but on the other, they target us to learn our positions on Middle East problems," the official says. "A NIE [National Intelligence Estimate] ranked them as the third most aggressive intelligence service against the US."Later in the document, the official is quoted as saying: "One of NSA's biggest threats is actually from friendly intelligence services, like Israel. There are parameters on what NSA shares with them, but the exchange is so robust, we sometimes share more than we intended."
  • The Guardian asked the Obama administration how many times US data had been found in the raw intelligence, either by the Israelis or when the NSA reviewed a sample of the files, but officials declined to provide this information. Nor would they disclose how many other countries the NSA shared raw data with, or whether the Fisa court, which is meant to oversee NSA surveillance programs and the procedures to handle US information, had signed off the agreement with Israel.In its statement, the NSA said: "We are not going to comment on any specific information sharing arrangements, or the authority under which any such information is collected. The fact that intelligence services work together under specific and regulated conditions mutually strengthens the security of both nations."NSA cannot, however, use these relationships to circumvent US legal restrictions. Whenever we share intelligence information, we comply with all applicable rules, including the rules to protect US person information."
Paul Merrell

US sets new record for denying federal files under Freedom of Information Act | US news... - 0 views

www.theguardian.com/...es-freedom-of-information-foia

transparency FOIA U.S. records

shared by Paul Merrell on 20 Mar 15 - No Cached
  • The US has set a new record for denying and censoring federal files under the Freedom of Information Act, analysis by the Associated Press reveals. For the second consecutive year, the Obama administration more often than ever censored government files or outright denied access to them under the open-government legislation. The government took longer to turn over files when it provided any, said more regularly that it couldn’t find documents, and refused a record number of times to turn over files quickly that might be especially newsworthy.
  • It also acknowledged in nearly one in three cases that its initial decisions to withhold or censor records were improper under the law – but only when it was challenged. Its backlog of unanswered requests at year’s end grew remarkably by 55% to more than 200,000. The government’s new figures, published Tuesday, covered all requests to 100 federal agencies during fiscal 2014 under the Freedom of Information law, which is heralded globally as a model for transparent government. They showed that despite disappointments and failed promises by the White House to make meaningful improvements in the way it releases records, the law was more popular than ever. Citizens, journalists, businesses and others made a record 714,231 requests for information. The US spent a record $434m trying to keep up.
  • The government responded to 647,142 requests, a 4% decrease over the previous year. The government more than ever censored materials it turned over or fully denied access to them, in 250,581 cases or 39% of all requests. Sometimes, the government censored only a few words or an employee’s phone number, but other times it completely marked out nearly every paragraph on pages. On 215,584 other occasions, the government said it couldn’t find records, a person refused to pay for copies or the government determined the request to be unreasonable or improper. The White House touted its success under its own analysis. It routinely excludes from its assessment instances when it couldn’t find records, a person refused to pay for copies or the request was determined to be improper under the law, and said under this calculation it released all or parts of records in 91% of requests – still a record low since Barack Obama took office using the White House’s own math.
  • ...4 more annotations...
  • “We actually do have a lot to brag about,” White House spokesman Josh Earnest said. The government’s responsiveness under the open records law is an important measure of its transparency. Under the law, citizens and foreigners can compel the government to turn over copies of federal records for zero or little cost. Anyone who seeks information through the law is generally supposed to get it unless disclosure would hurt national security, violate personal privacy or expose business secrets or confidential decision-making in certain areas. It cited such exceptions a record 554,969 times last year. Under the president’s instructions, the US should not withhold or censor government files merely because they might be embarrassing, but federal employees last year regularly misapplied the law. In emails that AP obtained from the National Archives and Records Administration about who pays for Michelle Obama’s expensive dresses, the agency blacked-out a sentence under part of the law intended to shield personal, private information, such as Social Security numbers, phone numbers or home addresses. But it failed to censor the same passage on a subsequent page.
  • The sentence: “We live in constant fear of upsetting the WH [White House].” In nearly one in three cases, when someone challenged under appeal the administration’s initial decision to censor or withhold files, the government reconsidered and acknowledged it was at least partly wrong. That was the highest reversal rate in at least five years. The AP’s chief executive, Gary Pruitt, said the news organization filed hundreds of requests for government files. Records the AP obtained revealed police efforts to restrict airspace to keep away news helicopters during violent street protests in Ferguson, Missouri. In another case, the records showed Veterans Affairs doctors concluding that a gunman who later killed 12 people had no mental health issues despite serious problems and encounters with police during the same period. They also showed the FBI pressuring local police agencies to keep details secret about a telephone surveillance device called Stingray.
  • “What we discovered reaffirmed what we have seen all too frequently in recent years,” Pruitt wrote in a column published this week. “The systems created to give citizens information about their government are badly broken and getting worse all the time.” The US released its new figures during Sunshine Week, when news organizations promote open government and freedom of information. The AP earlier this month sued the State Department under the law to force the release of email correspondence and government documents from Hillary Clinton’s tenure as secretary of state. The government had failed to turn over the files under repeated requests, including one made five years ago and others pending since the summer of 2013.
  • The government said the average time it took to answer each records request ranged from one day to more than 2.5 years. More than half of federal agencies took longer to answer requests last year than the previous year. Journalists and others who need information quickly to report breaking news fared worse than ever. Under the law, the US is required to move urgent requests from journalists to the front of the line for a speedy answer if records will inform the public concerning an actual or alleged government activity. But the government now routinely denies such requests: Over six years, the number of requests granted speedy processing status fell from nearly half to fewer than one in eight. The CIA, at the center of so many headlines, has denied every such request over the last two years.
  • Paul Merrell on 20 Mar 15
     
    I did a fair bit of FOIA litigation during my years as a citizen activist and later as a lawyer. The response situation never was good and it's gotten far worse. I have an outstanding FOIA request to the Dept. of Health & Human Services for copies of particular documents submitted as public comments by other agencies including the CIA in a rulemaking proceeding. I submitted electronically over a year ago, got an authresponder telling me to expect a postcard acknowledging receipt within ten working days as required by FOIA. Didn't hear back from them, so resubmitted with copies of the original request and the autoresponse and got the same autoresponse. Still haven't got either of my postcards or the records, so it looks like I'm about to come out of retirement and file a FOIA lawsuit. It's an area where the squeakiest wheel gets the grease.  The bureaucracy does not like public records requests.   
Gary Edwards

Hillary Clinton Email -- Classified Information Was Obvious to Her, and She Lied | Nati... - 1 views

www.nationalreview.com/...rmation-fbi-justice-department

General-Cartwright Hillary

shared by Gary Edwards on 23 Oct 16 - No Cached
  • Gary Edwards on 23 Oct 16
     
    "For mishandling 'top secret' information and lying about it, she should be prosecuted. So now Hillary finally knows what the "(C)" stands for in government documents: It's Cartwright . . . as in four-star Marine General James E. Cartwright, the retired 67-year-old former vice chairman of the Joint Chiefs of Staff, the expendable federal official against whom laws protecting classified information actually get enforced. (C), see? Oh wait - sorry. I don't mean to confuse Mrs. Clinton by starting this second paragraph with "(C)". After all, as she diva-'splained to the FBI, she could only "speculate" that "(C)" must have something to do with organizing paragraphs "in alphabetical order." Speculation was necessary, she said, apparently with a straight face, because she didn't really know what "(C)" meant. The question arose because the "(C)" designation - applicable to classified information at the confidential level - turned up in at least one of Clinton's personal e-mails. Those would be the e-mails that, she repeatedly insisted, never, ever contained classified information. Or at least, that's what she insisted until government agencies confessed that hundreds of the e-mails do contain classified information. Then Clinton's "never, ever" tale morphed into the more narrowly tailored lie that there were no e-mails "marked classified." Alas, that claim could not withstand examination of the e-mails, during which the "(C)" markings were found . . . whereupon the explanation underwent more, shall we say, refining. Thus the final, astonishing claim that she didn't know what the markings meant, along with the laugh-out-loud whopper that maybe it was all about alphabetical order. Yeah, that's the ticket! In case you're keeping score: When a person being prosecuted for a crime changes her story multiple times, as if she were playing Twister (kids, ask your parents), the prosecutor gets to prov
Paul Merrell

Obama to propose legislation to protect firms that share cyberthreat data - The Washing... - 0 views

www.washingtonpost.com/...4-bcfb-059ec7a93ddc_story.html

surveillance state U.S. digital-privacy legislation

shared by Paul Merrell on 19 Jan 15 - No Cached
  • President Obama plans to announce legislation Tuesday that would shield companies from lawsuits for sharing computer threat data with the government in an effort to prevent cyber­attacks. On the heels of a destructive attack at Sony Pictures Entertainment and major breaches at JPMorgan Chase and retail chains, Obama is intent on capitalizing on the heightened sense of urgency to improve the security of the nation’s networks, officials said. “He’s been doing everything he can within his executive authority to move the ball on this,” said a senior administration official who spoke on the condition of anonymity to discuss legislation that has not yet been released. “We’ve got to get something in place that allows both industry and government to work more closely together.”
  • The legislation is part of a broader package, to be sent to Capitol Hill on Tuesday, that includes measures to help protect consumers and students against ­cyberattacks and to give law enforcement greater authority to combat cybercrime. The provision’s goal is to “enshrine in law liability protection for the private sector for them to share specific information — cyberthreat indicators — with the government,” the official said. Some analysts questioned the need for such legislation, saying there are adequate measures in place to enable sharing between companies and the government and among companies.
  • “We think the current information-sharing regime is adequate,” said Mark Jaycox, legislative analyst at the Electronic Frontier Foundation, a privacy group. “More companies need to use it, but the idea of broad legal immunity isn’t needed right now.” The administration official disagreed. The lack of such immunity is what prevents many companies from greater sharing of data with the government, the official said. “We have heard that time and time again,” the official said. The proposal, which builds on a 2011 administration bill, grants liability protection to companies that provide indicators of cyberattacks and threats to the Department of Homeland Security.
  • ...5 more annotations...
  • But in a provision likely to raise concerns from privacy advocates, the administration wants to require DHS to share that information “in as near real time as possible” with other government agencies that have a cybersecurity mission, the official said. Those include the National Security Agency, the Pentagon’s ­Cyber Command, the FBI and the Secret Service. “DHS needs to take an active lead role in ensuring that unnecessary personal information is not shared with intelligence authorities,” Jaycox said. The debates over government surveillance prompted by disclosures from former NSA contractor Edward Snowden have shown that “the agencies already have a tremendous amount of unnecessary information,” he said.
  • The administration official stressed that the legislation will require companies to remove unnecessary personal information before furnishing it to the government in order to qualify for liability protection. It also will impose limits on the use of the data for cybersecurity crimes and instances in which there is a threat of death or bodily harm, such as kidnapping, the official said. And it will require DHS and the attorney general to develop guidelines for the federal government’s use and retention of the data. It will not authorize a company to take offensive cyber-measures to defend itself, such as “hacking back” into a server or computer outside its own network to track a breach. The bill also will provide liability protection to companies that share data with private-sector-developed organizations set up specifically for that purpose. Called information sharing and analysis organizations, these groups often are set up by particular industries, such as banking, to facilitate the exchange of data and best practices.
  • Efforts to pass information-sharing legislation have stalled in the past five years, blocked primarily by privacy concerns. The package also contains provisions that would allow prosecution for the sale of botnets or access to armies of compromised computers that can be used to spread malware, would criminalize the overseas sale of stolen U.S. credit card and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware used to stalk people or commit identity theft, and would give courts the authority to shut down botnets being used for criminal activity, such as denial-of-service attacks.
  • It would reaffirm that federal racketeering law applies to cybercrimes and amends the Computer Fraud and Abuse Act by ensuring that “insignificant conduct” does not fall within the scope of the statute. A third element of the package is legislation Obama proposed Monday to help protect consumers and students against cyberattacks. The theft of personal financial information “is a direct threat to the economic security of American families, and we’ve got to stop it,” Obama said. The plan, unveiled in a speech at the Federal Trade Commission, would require companies to notify customers within 30 days after the theft of personal information is discovered. Right now, data breaches are handled under a patchwork of state laws that the president said are confusing and costly to enforce. Obama’s plan would streamline those into one clear federal standard and bolster requirements for companies to notify customers. Obama is proposing closing loopholes to make it easier to track down cybercriminals overseas who steal and sell identities. “The more we do to protect consumer information and privacy, the harder it is for hackers to damage our businesses and hurt our economy,” he said.
  • In October, Obama signed an order to protect consumers from identity theft by strengthening security features in credit cards and the terminals that process them. Marc Rotenberg, executive director of the Electronic Privacy Information Center, said there is concern that a federal standard would “preempt stronger state laws” about how and when companies have to notify consumers. The Student Digital Privacy Act would ensure that data entered would be used only for educational purposes. It would prohibit companies from selling student data to third-party companies for purposes other than education. Obama also plans to introduce a Consumer Privacy Bill of Rights. And the White House will host a summit on cybersecurity and consumer protection on Feb. 13 at Stanford University.
1 - 20 of 415 Next › Last »
Showing 20 items per page