Group items tagged

When the Senate Intelligence Committee passed the Cybersecurity Information Sharing Act by a vote of 14 to 1, committee chairman Senator Richard Burr argued that it successfully balanced security and privacy. Fifteen new amendments to the bill, he said, were designed to protect internet users’ personal information while enabling new ways for companies and federal agencies to coordinate responses to cyberattacks. But critics within the security and privacy communities still have two fundamental problems with the legislation: First, they say, the proposed cybersecurity act won’t actually boost security. And second, the “information sharing” it describes sounds more than ever like a backchannel for surveillance.

On Tuesday the bill’s authors released the full, updated text of the CISA legislation passed last week, and critics say the changes have done little to assuage their fears about wanton sharing of Americans’ private data. In fact, legal analysts say the changes actually widen the backdoor leading from private firms to intelligence agencies. “It’s a complete failure to strengthen the privacy protections of the bill,” says Robyn Greene, a policy lawyer for the Open Technology Institute, which joined a coalition of dozens of non-profits and cybersecurity experts criticizing the bill in an open letter earlier this month. “None of the [privacy-related] points we raised in our coalition letter to the committee was effectively addressed.” The central concern of that letter was how the same data sharing meant to bolster cybersecurity for companies and the government opens massive surveillance loopholes. The bill, as worded, lets a private company share with the Department of Homeland Security any information construed as a cybersecurity threat “notwithstanding any other provision of law.” That means CISA trumps privacy laws like the Electronic Communication Privacy Act of 1986 and the Privacy Act of 1974, which restrict eavesdropping and sharing of users’ communications. And once the DHS obtains the information, it would automatically be shared with the NSA, the Department of Defense (including Cyber Command), and the Office of the Director of National Intelligence.

In a statement posted to his website yesterday, Senator Burr wrote that “Information sharing is purely voluntary and companies can only share cyber-threat information and the government may only use shared data for cybersecurity purposes.” But in fact, the bill’s data sharing isn’t limited to cybersecurity “threat indicators”—warnings of incoming hacker attacks, which is the central data CISA is meant to disseminate among companies and three-letter agencies. OTI’s Greene says it also gives companies a mandate to share with the government any data related to imminent terrorist attacks, weapons of mass destruction, or even other information related to violent crimes like robbery and carjacking. 

Spy agencies in Britain will be given the explicit right to hack into smartphones and computers as part of a new law being introduced by the Conservative government. Security services MI5, MI6 and GCHQ can already access electronic devices by exploiting software security vulnerabilities, but the legal foundation for the practice is under scrutiny.New powers laid out in the Investigatory Powers Bill, due to be introduced in Parliament next month, will give spies a solid legal basis for hacking into computer systems, according to the Times.The revelation has sparked criticism from human rights group Liberty, which accuses the government of giving spy agencies “unlimited potential” to act against citizens.The bill, which was announced in the Queens’ Speech following the general election, is likely to include the new Snooper’s Charter, according to privacy campaigners at the Open Rights Group.

British spies will be able to hack into a person’s “property” through backdoors in the software. Once inside, intelligence agents can install software that allows them operate microphones to eavesdrop on conversations and even control the camera to take photographs of targets.The government admitted in February that MI5, MI6 and GCHQ were hacking into computers, servers, routers and mobile phones using the Intelligence Services Act 1994, which does not give explicit authorization for such practices.Independent reviewer of terrorism legislation Dave Anderson QC recommended in June that new legislation be introduced to clarify give intrusive hacking a firm legal basis.Anderson said that hacking presents a “dizzying array of possibilities to the security and intelligence agencies.”While some methods are appropriate, “many are of the view that there are others which are so intrusive that they would require exceptional safeguards for their use to be legal … A debate is clearly needed,” he said.

The investigatory powers bill will give agents explicit powers to interfere with “property” once they have obtained a warrant from the home secretary.Digital evidence expert Peter Sommer said the powers circumvented encryption technology.“Increasingly, [intelligence agents] can’t read communications sent over the internet because of encryption, so their ability to get information from interception is rapidly diminishing. The best way around this is to get inside someone’s computer. This is an increasingly important avenue for them,” he told the Times.

The UK government is secretly planning to force technology companies to build backdoors into their products, to enable intelligence agencies to read people’s private messages. A draft document leaked by the Open Rights Group details extreme new surveillance proposals, which would enable government agencies to spy on one in 10,000 citizens – around 6,500 people – at any one time.  The document, which follows the controversial Investigatory Powers Act, reveals government plans to force mobile operators and internet service providers to provide real-time communications of customers to the government “in an intelligible form”, and within one working day.

This would effectively ban encryption, an important security measure used by a wide range of companies, including WhatsApp and major banks, to keep people’s private data private and to protect them from hackers and cyber criminals. 

As the dust settles on yesterday evening's revelation that the U.S. government has been mining data from most of Silicon Valley's largest companies in a program called "PRISM," one question stands out: How did the NSA get access? Apple, Google, Yahoo! and Microsoft, the largest companies involved in PRISM, the existence of which was revealed last night in a simultaneous Washington Post and Guardian scoop, have categorically denied knowledge of or participation in the program in a series of statements, while acknowledging that they do provide targeted access to the government when required to do so by law, generally according to court orders.

So what gives? Does the government have backdoor access so secret that not even their targets are aware? Are the tech companies lying? Or are they forbidden—as Verizon allegedly is with its NSA arrangement—from acknowledging its existence to an absurd extent?

Last month, at the request of the Department of Justice, the Courts approved changes to the obscure Rule 41 of the Federal Rules of Criminal Procedure, which governs search and seizure. By the nature of this obscure bureaucratic process, these rules become law unless Congress rejects the changes before December 1, 2016.Today I, along with my colleagues Senators Paul from Kentucky, Baldwin from Wisconsin, and Daines and Tester from Montana, am introducing the Stopping Mass Hacking (SMH) Act (bill, summary), a bill to protect millions of law-abiding Americans from a massive expansion of government hacking and surveillance. Join the conversation with #SMHact.

For law enforcement to conduct a remote electronic search, they generally need to plant malware in — i.e. hack — a device. These rule changes will allow the government to search millions of computers with the warrant of a single judge. To me, that’s clearly a policy change that’s outside the scope of an “administrative change,” and it is something that Congress should consider. An agency with the record of the Justice Department shouldn’t be able to wave its arms and grant itself entirely new powers.

These changes say that if law enforcement doesn’t know where an electronic device is located, a magistrate judge will now have the the authority to issue a warrant to remotely search the device, anywhere in the world. While it may be appropriate to address the issue of allowing a remote electronic search for a device at an unknown location, Congress needs to consider what protections must be in place to protect Americans’ digital security and privacy. This is a new and uncertain area of law, so there needs to be full and careful debate. The ACLU has a thorough discussion of the Fourth Amendment ramifications and the technological questions at issue with these kinds of searches.The second part of the change to Rule 41 would give a magistrate judge the authority to issue a single warrant that would authorize the search of an unlimited number — potentially thousands or millions — of devices, located anywhere in the world. These changes would dramatically expand the government’s hacking and surveillance authority. The American public should understand that these changes won’t just affect criminals: computer security experts and civil liberties advocates say the amendments would also dramatically expand the government’s ability to hack the electronic devices of law-abiding Americans if their devices were affected by a computer attack. Devices will be subject to search if their owners were victims of a botnet attack — so the government will be treating victims of hacking the same way they treat the perpetrators.

Dropbox's Government Data Requests PrinciplesWe understand that when you entrust us with your digital life, you expect us to keep your stuff safe. Like most online services, we sometimes receive requests from governments seeking information about our users. These principles describe how we deal with the requests we receive and how we’ll work to try to change the laws to make them more protective of your privacy.Be transparent:  Online services should be allowed to report the exact number of government data requests received, the number of accounts affected by those requests, and the laws used to justify the requests. We’ll continue to advocate for the right to provide this important information. Learn more.Our Transparency Report discloses the number of law enforcement requests we receive and the number of accounts affected. Currently, our report doesn’t include specific details about the number of national security requests we receive from the US government, if any. We’ve urged the courts and the government to allow services like Dropbox to disclose the precise number of national security requests they receive and the number of accounts affected. We’ll continue this fight. In the meantime, we’re providing as much information about national security requests received and accounts affected as allowed.Fight blanket requests:  Government data requests should be limited to specific people and investigations. We’ll resist requests directed to large groups of people or that seek information unrelated to a specific investigation. Learn more.

Protect all users:  Laws authorizing governments to request user data from online services shouldn’t treat people differently based on their citizenship or where they live. We’ll work hard to reform these laws. Learn more.Certain laws give people different protections based on where they live or their citizenship. These laws don’t reflect the global nature of online services. We’re committed to extending fundamental privacy protections to all users: government data requests shouldn’t be in bulk, they should relate to specific individuals and investigations, and a neutral third party should evaluate and sign off on requests for content before they issue.Provide trusted services:  Governments should never install backdoors into online services or compromise infrastructure to obtain user data. We’ll continue to work to protect our systems and to change laws to make it clear that this type of activity is illegal. Learn more.

A group of cryptographers in the UK has published a letter that calls on authorities in that country and the United States to conduct an investigation to determine which security products, protocols and standards have been deliberately weakened by the countries’ intelligence services. The letter, signed by a number of researchers from the University of Bristol and other universities, said that the NSA and British GCHQ “have been acting against the interests of the public that they are meant to serve.” The appeal comes a couple of weeks after leaked documents from the NSA and its UK counterpart, Government Communications Headquarters, showed that the two agencies have been collaborating on projects that give them the ability to subvert encryption protocols and also have been working with unnamed security vendors to insert backdoors into hardware and software products. Security experts have been debating in recent weeks which products, standards and protocols may have been deliberately weakened, but so far no information has been forthcoming.

“By weakening cryptographic standards, in as yet undisclosed ways, and by inserting weaknesses into products which we all rely on to secure critical infrastructure, we believe that the agencies have been acting against the interests of the public that they are meant to serve. We find it shocking that agencies of both the US and UK governments now stand accused of undermining the systems which protect us. By weakening all our security so that they can listen in to the communications of our enemies, they also weaken our security against our potential enemies,” the letter says.

Published on Monday, the letter is signed by cryptographers from the University of Bristol, University of London, University of Birmingham, University of Luxembourg, University of Southampton, University of Surrey, University of Kent, Newcastle University and University College London. In it, the researchers call on the relevant authorities to publicly name the products and standards that have been weakened in order to inform users which systems they should avoid. “We call on the relevant parties to reveal what systems have been weakened so that they can be repaired, and to create a proper system of oversight with well-defined public rules that clearly forbid weakening the security of civilian systems and infrastructures. The statutory Intelligence and Security Committee of the House of Commons needs to investigate this issue as a matter of urgency. In the modern information age we all need to have complete trust in the basic infrastructure that we all use,” the letter says.

A Senate bill promoted as a surveillance reform would codify the ability of the National Security Agency to search its troves of foreign phone and email communications for Americans’ information, and permit law enforcement agencies to search the vast databases as well. The Fisa Improvements Act, promoted by Dianne Feinstein, the California Democrat who chairs the Senate intelligence committee, would both make permanent a loophole permitting the NSA to search for Americans’ identifying information without a warrant – and, civil libertarians fear, contains an ambiguity that might allow the FBI, the DEA and other law enforcement agencies to do the same thing. “For the first time, the statute would explicitly allow the government to proactively search through the NSA data troves of information without a warrant,” said Michelle Richardson, the surveillance lobbyist for the ACLU.

“It may also expand current practices by allowing law enforcement to directly access US person information that was nominally collected for foreign intelligence purposes. This fourth amendment back door needs to be closed, not written into stone.” Feinstein’s bill passed the committee on an 11 to 4 vote on 31 October. An expanded report on its provisions released by the committee this week added details about the ability of both intelligence and law enforcement to sift through foreign communications databases that it accumulates under section 702 of the Fisa Amendments Act of 2008. Section 6 of Feinstein’s bill blesses what her committee colleague Ron Wyden, the Oregon Democrat and civil libertarian, has called the “backdoor search provision,” which the Guardian revealed thanks to a leak by Edward Snowden.  The section permits intelligence agencies to search “the contents of communications” collected primarily overseas for identifying information on US citizens, resident aliens and people inside the US, provided that the “purpose of the query is to obtain foreign intelligence information or information necessary to understand foreign intelligence information or to assess its importance.”

Section 6 bills itself as a “restriction,” but it would not stop the NSA from performing the warrantless search, merely requiring intelligence agencies to log their queries and make them “available for review” to Congress, the Fisa court, the Justice Department and inspectors general inside the executive branch. Additionally, the report on Section 6 explicitly states that the provision “does not limit the authority of law enforcement agencies to conduct queries of data acquired pursuant to Section 702 of Fisa for law enforcement purposes.” There is ambiguity surrounding whether the FBI can currently search through the NSA’s foreign communications databases, or is reliant on the NSA to pass on information from the databases relevant to the bureau. A declassified Fisa court document from 2011 refers to “FBI minimization procedures,” but it is unclear what those procedures are. A copy of the FBI minimization procedures from 2009, acquired by the ACLU under the Freedom of Information Act is almost completely redacted. So is the section in the government’s most recent report on its Section 702 collection dealing with the FBI’s role, though it contains references to how the FBI “receive[s] … unminimized Section 70 acquired communications” from the NSA. 

Brazil plans to divorce itself from the U.S.-centric Internet over Washington’s widespread online spying, a move that many experts fear will be a potentially dangerous first step toward fracturing a global network built with minimal interference by governments. President Dilma Rousseff ordered a series of measures aimed at greater Brazilian online independence and security following revelations that the U.S. National Security Agency intercepted her communications, hacked into the state-owned Petrobras oil company’s network and spied on Brazilians who entrusted their personal data to U.S. tech companies such as Facebook and Google. The leader is so angered by the espionage that on Tuesday she postponed next month’s scheduled trip to Washington, where she was to be honored with a state dinner. Internet security and policy experts say the Brazilian government’s reaction to information leaked by former NSA contractor Edward Snowden is understandable, but warn it could set the Internet on a course of Balkanization.

“The global backlash is only beginning and will get far more severe in coming months,” said Sascha Meinrath, director of the Open Technology Institute at the Washington-based New America Foundation think tank. “This notion of national privacy sovereignty is going to be an increasingly salient issue around the globe.” While Brazil isn’t proposing to bar its citizens from U.S.-based Web services, it wants their data to be stored locally as the nation assumes greater control over Brazilians’ Internet use to protect them from NSA snooping. The danger of mandating that kind of geographic isolation, Meinrath said, is that it could render inoperable popular software applications and services and endanger the Internet’s open, interconnected structure.

The effort by Latin America’s biggest economy to digitally isolate itself from U.S. spying not only could be costly and difficult, it could encourage repressive governments to seek greater technical control over the Internet to crush free expression at home, experts say. In December, countries advocating greater “cyber-sovereignty” pushed for such control at an International Telecommunications Union meeting in Dubai, with Western democracies led by the United States and the European Union in opposition.

It wasn’t ever seriously in doubt, but the FBI yesterday acknowledged that it secretly took control of Freedom Hosting last July, days before the servers of the largest provider of ultra-anonymous hosting were found to be serving custom malware designed to identify visitors. Freedom Hosting’s operator, Eric Eoin Marques, had rented the servers from an unnamed commercial hosting provider in France, and paid for them from a bank account in Las Vegas. It’s not clear how the FBI took over the servers in late July, but the bureau was temporarily thwarted when Marques somehow regained access and changed the passwords, briefly locking out the FBI until it gained back control. The new details emerged in local press reports from a Thursday bail hearing in Dublin, Ireland, where Marques, 28, is fighting extradition to America on charges that Freedom Hosting facilitated child pornography on a massive scale. He was denied bail today for the second time since his arrest in July. Freedom Hosting was a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion, that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network. Tor hidden services are used by sites that need to evade surveillance or protect users’ privacy to an extraordinary degree – including human rights groups and journalists. But they also appeal to serious criminal elements, child-pornography traders among them.

The apparent FBI-malware attack was first noticed on August 4, when all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included at least some lawful websites, such as the secure email provider TorMail. Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address. By midday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploited a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser. Though many older revisions of Firefox were vulnerable to that bug, the malware only targeted Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network. That made it clear early on that the attack was focused specifically on de-anonymizing Tor users. Tor Browser Bundle users who installed or manually updated after June 26 were safe from the exploit, according to the Tor Project’s security advisory on the hack.

On August 4, all the sites hosted by Freedom Hosting — some with no connection to child porn — began serving an error message with hidden code embedded in the page. Security researchers dissected the code and found it exploited a security hole in Firefox to identify users of the Tor Browser Bundle, reporting back to a mysterious server in Northern Virginia. The FBI was the obvious suspect, but declined to comment on the incident. The FBI also didn’t respond to inquiries from WIRED today. But FBI Supervisory Special Agent J. Brooke Donahue was more forthcoming when he appeared in the Irish court yesterday to bolster the case for keeping Marques behind bars, according to local press reports. Among the many arguments Donahue and an Irish police inspector offered was that Marques might reestablish contact with co-conspirators, and further complicate the FBI probe. In addition to the wrestling match over Freedom Hosting’s servers, Marques allegedly dove for his laptop when the police raided him, in an effort to shut it down.

US intelligence chiefs have confirmed that the National Security Agency has used a "back door" in surveillance law to perform warrantless searches on Americans’ communications.The NSA's collection programs are ostensibly targeted at foreigners, but in August the Guardian revealed a secret rule change allowing NSA analysts to search for Americans' details within the databases.Now, in a letter to Senator Ron Wyden, an Oregon Democrat on the intelligence committee, the director of national intelligence, James Clapper, has confirmed the use of this legal authority to search for data related to “US persons”.

“There have been queries, using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States,” Clapper wrote in the letter, which has been obtained by the Guardian.“These queries were performed pursuant to minimization procedures approved by the Fisa court and consistent with the statute and the fourth amendment.” The legal authority to perform the searches, revealed in top-secret NSA documents provided to the Guardian by Edward Snowden, was denounced by Wyden as a “backdoor search loophole.”Many of the NSA's most controversial programs collect information under the law affected by the so-called loophole. These include Prism, which allows the agency to collect data from Google, Apple, Facebook, Yahoo and other tech companies, and the agency's Upstream program – a huge network of internet cable taps.

Clapper did not say how many warrantless searches had been performed by the NSA. It was not the first time the searches had been confirmed: after the Snowden leaks, the office of the director of national intelligence declassified documents that discussed the rule change. But Clapper's letter drew greater attention to the issue.Confirmation that the NSA has searched for Americans’ communications in its phone call and email databases complicates President Barack Obama’s initial defenses of the broad surveillance in June.“When it comes to telephone calls, nobody is listening to your telephone calls. That’s not what this program’s about,” Obama said. “As was indicated, what the intelligence community is doing is looking at phone numbers and durations of calls. They are not looking at people’s names, and they’re not looking at content.”Obama was referring specifically to the bulk collection of US phone records, but his answer misleadingly suggested that the NSA could not examine Americans’ phone calls and emails.

Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday.But Mr. Obama carved a broad exception for “a clear national security or law enforcement need,” the officials said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons.

elements of the decision became evident on Friday, when the White House denied that it had any prior knowledge of the Heartbleed bug, a newly known hole in Internet security that sent Americans scrambling last week to change their online passwords. The White House statement said that when such flaws are discovered, there is now a “bias” in the government to share that knowledge with computer and software manufacturers so a remedy can be created and distributed to industry and consumers.Caitlin Hayden, the spokeswoman for the National Security Council, said the review of the recommendations was now complete, and it had resulted in a “reinvigorated” process to weigh the value of disclosure when a security flaw is discovered, against the value of keeping the discovery secret for later use by the intelligence community.“This process is biased toward responsibly disclosing such vulnerabilities,” she said.

The N.S.A. made use of four “zero day” vulnerabilities in its attack on Iran’s nuclear enrichment sites. That operation, code-named “Olympic Games,” managed to damage roughly 1,000 Iranian centrifuges, and by some accounts helped drive the country to the negotiating table.Not surprisingly, officials at the N.S.A. and at its military partner, the United States Cyber Command, warned that giving up the capability to exploit undisclosed vulnerabilities would amount to “unilateral disarmament” — a phrase taken from the battles over whether and how far to cut America’s nuclear arsenal.“We don’t eliminate nuclear weapons until the Russians do,” one senior intelligence official said recently. “You are not going to see the Chinese give up on ‘zero days’ just because we do.” Even a senior White House official who was sympathetic to broad reforms after the N.S.A. disclosures said last month, “I can’t imagine the president — any president — entirely giving up a technology that might enable him some day to take a covert action that could avoid a shooting war.”

Companies that provide WiFi on US domestic flights are handing over their data to the NSA, adapting their technology to allow security services new powers to spy on passengers. In doing so, they may be in violation of privacy laws. In a letter leaked to Wired, Gogo, the leading provider of inflight WiFi in the US, admitted to violating the requirements of the Communications Assistance for Law Enforcement Act (CALEA). The act is part of a wiretapping law passed in 1994 that requires telecoms carriers to provide law enforcement with a backdoor in their systems to monitor telephone and broadband communications. Gogo states in the letter to the Federal Communications Commission that it added new capabilities to its service that go beyond CALEA, at the behest of law enforcement agencies.

“In designing its existing network, Gogo worked closely with law enforcement to incorporate functionalities and protections that would serve public safety and national security interests,” Gogo attorney Karis Hastings wrote in the leaked letter, which dates from 2012. He did not elaborate as to the nature of the changes, but said Gogo “worked with federal agencies to reach agreement regarding a set of additional capabilities to accommodate law enforcement interests.” Gogo, which provides WiFi services to the biggest US airlines, are not the only ones to adapt their services to enable spying. Panasonic Avionics also added “additional functionality” to their services as per an agreement with US law enforcement, according to a report published in December. The deals with security services have civil liberties organizations up in arms. They have condemned the WiFi providers’ deals with authorities as scandalous.

Virtually no foreign government is off-limits for the National Security Agency, which has been authorized to intercept information “concerning” all but four countries, according to top-secret documents. The United States has long had broad no-spying arrangements with those four countries — Britain, Canada, Australia and New Zealand — in a group known collectively with the United States as the Five Eyes. But a classified 2010 legal certification and other documents indicate the NSA has been given a far more elastic authority than previously known, one that allows it to intercept through U.S. companies not just the communications of its overseas targets but any communications about its targets as well.

The certification — approved by the Foreign Intelligence Surveillance Court and included among a set of documents leaked by former NSA contractor Edward Snowden — lists 193 countries that would be of valid interest for U.S. intelligence. The certification also permitted the agency to gather intelligence about entities including the World Bank, the International Monetary Fund, the European Union and the International Atomic Energy Agency. The NSA is not necessarily targeting all the countries or organizations identified in the certification, the affidavits and an accompanying exhibit; it has only been given authority to do so. Still, the privacy implications are far-reaching, civil liberties advocates say, because of the wide spectrum of people who might be engaged in communication about foreign governments and entities and whose communications might be of interest to the United States.

On Friday, the Office of the Director of National Intelligence released a transparency report stating that in 2013 the government targeted nearly 90,000 foreign individuals or organizations for foreign surveillance under the program. Some tech-industry lawyers say the number is relatively low, considering that several billion people use U.S. e-mail services.

April 21, 2015 Dear Chairman Goodlatte, Ranking Member Conyers, Chairman Grassley, and Ranking Member Leahy: We urge you to end mass surveillance of Americans. Among us are civil liberties organizations from across the political spectrum that speak for millions of people, businesses, whistleblowers, and experts. The impending expiration of three USA PATRIOT Act provisions on June 1 is a golden opportunity to end mass surveillance and enact additional reforms. Current surveillance practices are virtually limitless. They are unnecessary, counterproductive, and costly. They undermine our economy and the public’s trust in government. And they undercut the proper functioning of government. Meaningful surveillance reform entails congressional repeal of laws and protocols the Executive secretly interprets to permit current mass surveillance practices. Additionally, it requires Congress to appreciably increase transparency, oversight, and accountability of intelligence agencies, especially those that have acted unconstitutionally.

A majority of the House of Representatives already has voted against mass surveillance. The Massie-Lofgren amendment to the National Defense Authorization Act [i] garnered 293 votes in support of defunding “backdoor searches.” Unfortunately, that amendment was not included in the “CRomnibus"[ii] despite overwhelming support.  We urge you to act once again to vindicate our fundamental liberties.

On April 22, 2015, the Senate Finance Committee approved a bill to fast-track the Trans-Pacific Partnership (TPP), a massive trade agreement that would override our republican form of government and hand judicial and legislative authority to a foreign three-person panel of corporate lawyers. The secretive TPP is an agreement with Mexico, Canada, Japan, Singapore and seven other countries that affects 40% of global markets. Fast-track authority could now go to the full Senate for a vote as early as next week. Fast-track means Congress will be prohibited from amending the trade deal, which will be put to a simple up or down majority vote. Negotiating the TPP in secret and fast-tracking it through Congress is considered necessary to secure its passage, since if the public had time to review its onerous provisions, opposition would mount and defeat it.

The most controversial provision of the TPP is the Investor-State Dispute Settlement (ISDS) section, which strengthens existing ISDS  procedures. ISDS first appeared in a bilateral trade agreement in 1959. According to The Economist, ISDS gives foreign firms a special right to apply to a secretive tribunal of highly paid corporate lawyers for compensation whenever the government passes a law to do things that hurt corporate profits — such things as discouraging smoking, protecting the environment or preventing a nuclear catastrophe. Arbitrators are paid $600-700 an hour, giving them little incentive to dismiss cases; and the secretive nature of the arbitration process and the lack of any requirement to consider precedent gives wide scope for creative judgments. To date, the highest ISDS award has been for $2.3 billion to Occidental Oil Company against the government of Ecuador over its termination of an oil-concession contract, this although the termination was apparently legal. Still in arbitration is a demand by Vattenfall, a Swedish utility that operates two nuclear plants in Germany, for compensation of €3.7 billion ($4.7 billion) under the ISDS clause of a treaty on energy investments, after the German government decided to shut down its nuclear power industry following the Fukushima disaster in Japan in 2011.

Under the TPP, however, even larger judgments can be anticipated, since the sort of “investment” it protects includes not just “the commitment of capital or other resources” but “the expectation of gain or profit.” That means the rights of corporations in other countries extend not just to their factories and other “capital” but to the profits they expect to receive there.

As Washington weighs new cybersecurity steps amid a public backlash over mass surveillance, U.S. tech companies warned President Barack Obama not to weaken increasingly sophisticated encryption systems designed to protect consumers' privacy.In a strongly worded letter to Obama on Monday, two industry associations for major software and hardware companies said, "We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool."The Information Technology Industry Council and the Software and Information Industry Association, representing tech giants, including Apple Inc, Google Inc, Facebook Inc, IBM and Microsoft Corp, fired the latest salvo in what is shaping up to be a long fight over government access into smart phones and other digital devices.

A new study says that the U.S. tech industry is likely to lose more than $35 billion from foreign customers by 2016 because of concerns over government surveillance.“In short, foreign customers are shunning U.S. companies,” the authors of a new study from the Information Technology and Innovation Foundation write.ADVERTISEMENT“The U.S. government’s failure to reform many of the NSA’s surveillance programs has damaged the competitiveness of the U.S. tech sector and cost it a portion of the global market share,” they said.The think tank’s report found that the cost to the tech sector associated with ongoing concerns over surveillance programs run out of the U.S. was likely to “far exceed” $35 billion by 2016, an earlier estimate set by the group.

The group said that lawmakers must enact additional reforms to surveillance policy if they wish to help the tech sector regain the trust of foreign customers. That includes opposing “backdoors,” which allow law enforcement to access otherwise encrypted data, and signing off on trade agreements, including the controversial Trans-Pacific Partnership, that “ban digital protectionism.”The study’s authors found that the revelations about broad U.S. surveillance programs acted as a justification for foreign policymakers to enact protectionist policies aimed at aiding their own domestic technology sectors.Foreign companies have also used the information about U.S. surveillance programs to their advantage.“Some European companies have begun to highlight where their digital services are hosted as an alternative to U.S. companies,” the authors write.

American companies, they found, have lost contracts to foreign competitors over fears about mass surveillance.Earlier this month, President Obama signed the USA Freedom Act, a bill that reformed the three Patriot Act provisions that authorized the bulk, warrantless collection of Americans’ phone records. The bill was widely supported by technology companies, including giants like Apple and Google.

Republican presidential candidate Jeb Bush on Wednesday said he favors broader government surveillance of Americans, calling for private tech firms to cooperate better with federal agencies to “make sure that evildoers aren’t in our midst.”  "There's a place to find common ground between personal civil liberties and [the National Security Agency] doing its job," the former Florida governor said. "I think the balance has actually gone the wrong way." ADVERTISEMENTAt a national security forum in South Carolina on Tuesday, the presidential hopeful addressed the ongoing battle between Silicon Valley and the Obama administration over whether law enforcement officials should have guaranteed access to encrypted customer data at major tech firms. Bush said encryption “makes it harder for the American government to do its job” and called for “a new arrangement with Silicon Valley” to address what he termed as a “dangerous situation.”