Group items tagged

After only one hour of floor debate, and no allowed amendments, the House of Representatives today passed legislation that opponents believe may give brand new authorization to the U.S. government to conduct domestic dragnets. The USA Freedom Act was approved in a 338-88 vote, with approximately equal numbers of Democrats and Republicans voting against. The bill’s supporters say it will disallow bulk collection of domestic telephone metadata, in which the Foreign Intelligence Surveillance Court has regularly ordered phone companies to turn over such data. The Obama administration claims such collection is authorized by Section 215 of the USA Patriot Act, which is set to expire June 1. However, the U.S. Court of Appeals for the Second Circuit recently held that Section 215 does not provide such authorization. Today’s legislation would prevent the government from issuing such orders for bulk collection and instead rely on telephone companies to store all their metadata — some of which the government could then demand using a “specific selection term” related to foreign terrorism. Bill supporters maintain this would prevent indiscriminate collection.

However, the legislation may not end bulk surveillance and in fact could codify the ability of the government to conduct dragnet data collection. “We’re taking something that was not permitted under regular section 215 … and now we’re creating a whole apparatus to provide for it,” Rep. Justin Amash, R-Mich., said on Tuesday night during a House Rules Committee proceeding. “The language does limit the amount of bulk collection, it doesn’t end bulk collection,” Rep. Amash said, arguing that the problematic “specific selection term” allows for “very large data collection, potentially in the hundreds of thousands of people, maybe even millions.” In a statement posted to Facebook ahead of the vote, Rep. Amash said the legislation “falls woefully short of reining in the mass collection of Americans’ data, and it takes us a step in the wrong direction by specifically authorizing such collection in violation of the Fourth Amendment to the Constitution.”

“While I appreciate a number of the reforms in the bill and understand the need for secure counter-espionage and terrorism investigations, I believe our nation is better served by allowing Section 215 to expire completely and replacing it with a measure that finds a better balance between national security interests and protecting the civil liberties of Americans,” Congressman Ted Lieu, D-Calif., said in a statement explaining his vote against the bill.

The nation’s top technology firms and a coalition of privacy groups are urging Congress to place curbs on government surveillance in the face of a fast-approaching deadline for legislative action. A set of key Patriot Act surveillance authorities expire June 1, but the effective date is May 21 — the last day before Congress breaks for a Memorial Day recess. In a letter to be sent Wednesday to the Obama administration and senior lawmakers, the coalition vowed to oppose any legislation that, among other things, does not ban the “bulk collection” of Americans’ phone records and other data.

We know that there are some in Congress who think that they can get away with reauthorizing the expiring provisions of the Patriot Act without any reforms at all,” said Kevin Bankston, policy director of New America Foundation’s Open Technology Institute, a privacy group that organized the effort. “This letter draws a line in the sand that makes clear that the privacy community and the Internet industry do not intend to let that happen without a fight.” At issue is the bulk collection of Americans’ data by intelligence agencies such as the National Security Agency. The NSA’s daily gathering of millions of records logging phone call times, lengths and other “metadata” stirred controversy when it was revealed in June 2013 by former NSA contractor Edward Snowden. The records are placed in a database that can, with a judge’s permission, be searched for links to foreign terrorists.They do not include the content of conversations.

That program, placed under federal surveillance court oversight in 2006, was authorized by the court in secret under Section 215 of the Patriot Act — one of the expiring provisions. The public outcry that ensued after the program was disclosed forced President Obama in January 2014 to call for an end to the NSA’s storage of the data. He also appealed to Congress to find a way to preserve the agency’s access to the data for counterterrorism information.

The first (and thus far only) roll-back of post-9/11 surveillance authorities was implemented over the weekend: The National Security Agency shuttered its program for collecting and holding the metadata of Americans’ phone calls under Section 215 of the Patriot Act. While bulk collection under Section 215 has ended, the government can obtain access to this information under the procedures specified in the USA Freedom Act. Indeed, some experts have argued that the Agency likely has access to more metadata because its earlier dragnet didn’t cover cell phones or Internet calling. In addition, the metadata of calls made by an individual in the United States to someone overseas and vice versa can still be collected in bulk — this takes place abroad under Executive Order 12333. No doubt the NSA wishes that this was the end of the surveillance reform story and the Paris attacks initially gave them an opening. John Brennan, the Director of the CIA, implied that the attacks were somehow related to “hand wringing” about spying and Sen. Tom Cotton (R-Ark.) introduced a bill to delay the shut down of the 215 program. Opponents of encryption were quick to say: “I told you so.”

But the facts that have emerged thus far tell a different story. It appears that much of the planning took place IRL (that’s “in real life” for those of you who don’t have teenagers). The attackers, several of whom were on law enforcement’s radar, communicated openly over the Internet. If France ever has a 9/11 Commission-type inquiry, it could well conclude that the Paris attacks were a failure of the intelligence agencies rather than a failure of intelligence authorities. Despite the passage of the USA Freedom Act, US surveillance authorities have remained largely intact. Section 702 of the FISA Amendments Act — which is the basis of programs like PRISM and the NSA’s Upstream collection of information from Internet cables — sunsets in the summer of 2017. While it’s difficult to predict the political environment that far out, meaningful reform of Section 702 faces significant obstacles. Unlike the Section 215 program, which was clearly aimed at Americans, Section 702 is supposedly targeted at foreigners and only picks up information about Americans “incidentally.” The NSA has refused to provide an estimate of how many Americans’ information it collects under Section 702, despite repeated requests from lawmakers and most recently a large cohort of advocates. The Section 215 program was held illegal by two federal courts (here and here), but civil attempts to challenge Section 702 have run into standing barriers. Finally, while two review panels concluded that the Section 215 program provided little counterterrorism benefit (here and here), they found that the Section 702 program had been useful.

There is, nonetheless, some pressure to narrow the reach of Section 702. The recent decision by the European Court of Justice in the safe harbor case suggests that data flows between Europe and the US may be restricted unless the PRISM program is modified to protect the information of Europeans (see here, here, and here for discussion of the decision and reform options). Pressure from Internet companies whose business is suffering — estimates run to the tune of $35 to 180 billion — as a result of disclosures about NSA spying may also nudge lawmakers towards reform. One of the courts currently considering criminal cases which rely on evidence derived from Section 702 surveillance may hold the program unconstitutional either on the basis of the Fourth Amendment or Article III for the reasons set out in this Brennan Center report. A federal district court in Colorado recently rejected such a challenge, although as explained in Steve’s post, the decision did not seriously explore the issues. Further litigation in the European courts too could have an impact on the debate.

The public controversy that erupted over NSA bulk collection of Americans’ telephone records was a clear sign, if one were needed, that the boundaries of government secrecy had been drawn incorrectly, and that the public had been wrongly denied an opportunity to grant or withhold its consent in such cases. To remedy this systemic problem, the Privacy and Civil Liberties Oversight Board said in a new report yesterday that the government needs to develop new criteria for secrecy and openness.

“The Board concludes that Section 215 [of the USA Patriot Act] does not provide an adequate legal basis to support this [bulk collection] program. Because the program is not statutorily authorized, it must be ended,” the report said. Even in the absence of overt abuse, it was argued, the mere collection of American telephone records in bulk is an infringement on privacy and other civil liberties. “Permitting the government to routinely collect the calling records of the entire nation fundamentally shifts the balance of power between the state and its citizens.” While there are procedures in place to limit the official use of such records, “in our view they cannot fully ameliorate the implications for privacy, speech, and association that follow from the government’s ongoing collection of virtually all telephone records of every American. Any governmental program that entails such costs requires a strong showing of efficacy. We do not believe the NSA’s telephone records program conducted under Section 215 meets that standard.”

If the bulk collection program were demonstrably effective in saving lives, the report implied, then certain infringements on privacy might well be warranted. But that is not the case, the Board majority concluded. “Given the limited value this [bulk collection] program has demonstrated to date… we find little reason to expect that it is likely to provide significant value, much less essential value, in safeguarding the nation in the future,” the Board report said.

Britain's surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.Yahoo reacted furiously to the webcam interception when approached by the Guardian. The company denied any prior knowledge of the program, accusing the agencies of "a whole new level of violation of our users' privacy".

GCHQ does not have the technical means to make sure no images of UK or US citizens are collected and stored by the system, and there are no restrictions under UK law to prevent Americans' images being accessed by British analysts without an individual warrant.The documents also chronicle GCHQ's sustained struggle to keep the large store of sexually explicit imagery collected by Optic Nerve away from the eyes of its staff, though there is little discussion about the privacy implications of storing this material in the first place.

"Face detection has the potential to aid selection of useful images for 'mugshots' or even for face recognition by assessing the angle of the face," it reads. "The best images are ones where the person is facing the camera with their face upright."The agency did make efforts to limit analysts' ability to see webcam images, restricting bulk searches to metadata only.However, analysts were shown the faces of people with similar usernames to surveillance targets, potentially dragging in large numbers of innocent people. One document tells agency staff they were allowed to display "webcam images associated with similar Yahoo identifiers to your known target".Optic Nerve was based on collecting information from GCHQ's huge network of internet cable taps, which was then processed and fed into systems provided by the NSA. Webcam information was fed into NSA's XKeyscore search tool, and NSA research was used to build the tool which identified Yahoo's webcam traffic.

President Barack Obama has conceded that mass collection of private data by the US government may be unnecessary and said there were different ways of “skinning the cat”, which could allow intelligence agencies to keep the country safe without compromising privacy. In an apparent endorsement of a recommendation by a review panel to shift responsibility for the bulk collection of telephone records away from the National Security Agency and on to the phone companies, the president said change was necessary to restore public confidence. “In light of the disclosures, it is clear that whatever benefits the configuration of this particular programme may have, may be outweighed by the concerns that people have on its potential abuse,” Obama told an end-of-year White House press conference. “If it that’s the case, there may be a better way of skinning the cat.”

Though insisting he will not make a final decision until January, this is the furthest the president has gone in backing calls to dismantle the programme to collect telephone data, a practice the NSA claims has legal foundation under section 215 of the Patriot Act. This week, a federal judge said the program “very likely” violates the US constitution. “There are ways we can do this potentially that give people greater assurance that there are checks and balances, sufficient oversight and transparency,” Obama added. “Programmes like 215 could be redesigned in ways that give you the same information when you need it without creating these potentials for abuse. That’s exactly what we should be doing: to evaluate things in a very clear specific way and moving forward on changes. And that’s what I intend to do.”

The president would not comment on a suggestion last weekend by Richard Ledgett, the NSA official investigating the Snowden leaks, that an amnesty might be appropriate in exchange for the return of the data Snowden took from the agency. Obama said he could not comment specifically because Snowden was “under indictment”, something not previously disclosed. While the Justice Department filed a criminal complaint against Snowden on espionage-related charges in June, there has been no public subsequent indictment, although it is possible one exists under gag order. The Justice Department referred comment on a Snowden indictment to the White House. Caitlin Hayden, the chief spokeswoman for the White House National Security Council, clarified that Obama was referring to the criminal complaint against Snowden. It remains unclear if there is an indictment under seal. 

Newly declassified court documents indicate that the National Security Agency shared its trove of American bulk email and internet data with other government agencies in violation of specific court-ordered procedures to protect Americans’ privacy. The dissemination of the sensitive data transgressed both the NSA’s affirmations to the secret surveillance court about the extent of the access it provided, and prompted incensed Fisa court judges to question both the NSA’s truthfulness and the value of the now-cancelled program to counter-terrorism. While the NSA over the past several months has portrayed its previous violations of Fisa court orders as “technical” violations or inadvertent errors, the oversharing of internet data is described in the documents as apparent widespread and unexplained procedural violations. “NSA’s record of compliance with these rules has been poor,” wrote judge John Bates in an opinion released on Monday night in which the date is redacted.

“Most notably, NSA generally disregarded the special rules for disseminating United States person information outside of NSA until it was ordered to report such disseminations and to certify to the [Fisa court] that the required approval had been obtained.” In addition to improperly permitting access to the email and internet data – intended to include information such as the “to” “from” and “BCC” lines of an email – Bates found that the NSA engaged in “systemic overcollection”, suggesting that content of Americans’ communications was collected as well.

The court had required the NSA to comply with a longstanding internal procedure for protecting Americans’ sensitive information prior to sharing the data internally within NSA, known as United States Signals Intelligence Directive 18 (USSID 18) and also declassified on Monday night; and additionally required a senior NSA official to determine that any material shared outside the powerful surveillance agency was related to counter-terrorism. Yet in a separate Fisa court document, the current presiding judge, Reggie Walton, blasted the government’s secret declaration that it followed USSID 18 “rather than specifically requiring that the narrower dissemination provision set forth in the Court’s orders in this matter be strictly adhered to”. Walton wrote: “The court understands this to mean that the NSA likely has disseminated US person information derived from the [email and internet bulk] metadata outside NSA without a prior determination from the NSA official designated in the court’s orders that the information is related to counter-terrorism information and is necessary to understand the counter-terrorism information or assess its importance.”

Secret mass surveillance conducted by the Drug Enforcement Administration is falling under renewed scrutiny after fresh revelations about the broad scope of the agency’s electronic spying. On Tuesday, USA Today reported that for more than two decades, dating back to 1992, the DEA and the Justice Department “amassed logs of virtually all telephone calls from the USA to as many as 116 countries linked to drug trafficking.” Citing anonymous current and former officials “involved with the operation,” USA Today reported that Americans’ calls were logged between the United States and targeted countries and regions including Canada, Mexico, and Central and South America.

The DEA’s data dragnet was apparently shut down by Attorney General Eric Holder in September 2013. But on Wednesday, following USA Today’s report, Human Rights Watch launched a lawsuit against the DEA over its bulk collection of phone records and is seeking a retrospective declaration that the surveillance was unlawful. The latest revelations shine more light on the broad scope of the DEA’s involvement in mass surveillance programs, which can be traced back to a secret program named “Project Crisscross” in the early 1990s, as The Intercept previously revealed. Documents from National Security Agency whistleblower Edward Snowden, published by The Intercept in August last year, showed that the DEA was involved in collecting and sharing billions of phone records alongside agencies such as the NSA, the CIA and the FBI.

The vast program reported on by USA Today shares some of the same hallmarks of Project Crisscross: it began in the early 1990s, was ostensibly aimed at gathering intelligence about drug trafficking, and targeted countries worldwide, with focus on Central and South America. It is also reminiscent of the so-called Hemisphere Project, a DEA operation revealed in September 2013 by The New York Times, which dated as far back as 1987, and used subpoenas to collect vast amounts of international call records every day. There is crossover, too, with a DEA database called DICE, revealed by Reuters in August 2013, which reportedly contains phone and Internet communication records gathered by the DEA through subpoenas and search warrants nationwide. The precise relationship between Crisscross, DICE, Hemisphere and the surveillance program revealed by USA Today is unclear. Whether or not they were part of a single overarching operation, the phone records and other data collected by each were likely accessible to DEA agents through the same computer interfaces and search and analysis tools.

On March 12, 2004, acting attorney general James B. Comey and the Justice Department’s top leadership reached the brink of resignation over electronic surveillance orders that they believed to be illegal. President George W. Bush backed down, halting secret foreign-intelligence-gathering operations that had crossed into domestic terrain. That morning marked the beginning of the end of STELLARWIND, the cover name for a set of four surveillance programs that brought Americans and American territory within the domain of the National Security Agency for the first time in decades. It was also a prelude to new legal structures that allowed Bush and then President Obama to reproduce each of those programs and expand their reach.What exactly STELLARWIND did has never been disclosed in an unclassified form. Which parts of it did Comey approve? Which did he shut down? What became of the programs when the crisis passed and Comey, now Obama’s expected nominee for FBI director, returned to private life?Authoritative new answers to those questions, drawing upon a classified NSA history of STELLARWIND and interviews with high-ranking intelligence officials, offer the clearest map yet of the Bush-era programs and the NSA’s contemporary U.S. operations.STELLARWIND was succeeded by four major lines of intelligence collection in the territorial United States, together capable of spanning the full range of modern telecommunications, according to the interviews and documents.

Two of the four collection programs, one each for telephony and the Internet, process trillions of “metadata” records for storage and analysis in systems called MAINWAY and MARINA, respectively. Metadata includes highly revealing information about the times, places, devices and participants in electronic communication, but not its contents. The bulk collection of telephone call records from Verizon Business Services, disclosed this month by the British newspaper the Guardian, is one source of raw intelligence for MAINWAY.The other two types of collection, which operate on a much smaller scale, are aimed at content. One of them intercepts telephone calls and routes the spoken words to a system called ­NUCLEON.For Internet content, the most important source collection is the PRISM project reported on June 6 by The Washington Post and the Guardian. It draws from data held by Google, Yahoo, Microsoft and other Silicon Valley giants, collectively the richest depositories of personal information in history.

The debate has focused on two of the four U.S.-based collection programs: PRISM, for Internet content, and the comprehensive collection of telephone call records, foreign and domestic, that the Guardian revealed by posting a classified order from the Foreign Intelligence Surveillance Court to Verizon Business Services.The Post has learned that similar orders have been renewed every three months for other large U.S. phone companies, including Bell South and AT&T, since May 24, 2006. On that day, the surveillance court made a fundamental shift in its approach to Section 215 of the Patriot Act, which permits the FBI to compel production of “business records” that are relevant to a particular terrorism investigation and to share those in some circumstances with the NSA. Henceforth, the court ruled, it would define the relevant business records as the entirety of a telephone company’s call database.The Bush administration, by then, had been taking “bulk metadata” from the phone companies under voluntary agreements for more than four years. The volume of information overwhelmed the MAINWAY database, according to a classified report from the NSA inspector general in 2009. The agency spent $146 million in supplemental counterterrorism funds to buy new hardware and contract support — and to make unspecified payments to the phone companies for “collaborative partnerships.”When the New York Times revealed the warrantless surveillance of voice calls, in December 2005, the telephone companies got nervous. One of them, unnamed in the report, approached the NSA with a request. Rather than volunteer the data, at a price, the “provider preferred to be compelled to do so by a court order,” the report said. Other companies followed suit. The surveillance court order that recast the meaning of business records “essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had” under Bush’s asserted authority alone.

HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.

Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities.

The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant

Director of National Intelligence James Clapper has won the infamous Rosemary Award for worst open government performance in 2013, according to the citation published today by the National Security Archive at www.nsarchive.org. Despite heavy competition, Clapper's "No, sir" lie to Senator Ron Wyden's question: "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" sealed his receipt of the dubious achievement award, which cites the vastly excessive secrecy of the entire U.S. surveillance establishment. The Rosemary Award citation leads with what Clapper later called the "least untruthful" answer possible to congressional questions about the secret bulk collection of Americans' phone call data. It further cites other Clapper claims later proved false, such as his 2012 statement that "we don't hold data on U.S. citizens." But the Award also recognizes Clapper's fellow secrecy fetishists and enablers, including:

Gen. Keith Alexander, director of the NSA, for multiple Rose Mary Woods-type stretches, such as (1) claiming that the secret bulk collection prevented 54 terrorist plots against the U.S. when the actual number, according to the congressionally-established Privacy and Civil Liberties Oversight Board (PCLOB) investigation (pp. 145-153), is zero; (2) his 2009 declaration to the wiretap court that multiple NSA violations of the court's orders arose from differences over "terminology," an explanation which the chief judge said "strains credulity;" and (3) public statements by the NSA about its programs that had to be taken down from its website for inaccuracies (see Documents 78, 85, 87 in The Snowden Affair), along with public statements by other top NSA officials now known to be untrue (see "Remarks of Rajesh De," NSA General Counsel, Document 53 in The Snowden Affair).

Robert Mueller, former FBI director, for suggesting (as have Gen. Alexander and many others) that the secret bulk collection program might have been able to prevent the 9/11 attacks, when the 9/11 Commission found explicitly the problem was not lack of data points, but failing to connect the many dots the intelligence community already had about the would-be hijackers living in San Diego. The National Security Division lawyers at the Justice Department, for misleading their own Solicitor General (Donald Verrilli) who then misled (inadvertently) the U.S. Supreme Court over whether Justice let defendants know that bulk collection had contributed to their prosecutions. The same National Security Division lawyers who swore under oath in the Electronic Frontier Foundation's Freedom of Information Act lawsuit for a key wiretap court opinion that the entire text of the opinion was appropriately classified Top Secret/Sensitive Compartmented Information (release of which would cause "exceptionally grave damage" to U.S. national security). Only after the Edward Snowden leaks and the embarrassed governmental declassification of the opinion did we find that one key part of the opinion's text simply reproduced the actual language of the 4th Amendment to the U.S. Constitution, and the only "grave damage" was to the government's false claims.

The USA PATRIOT Act granted the government powerful new spying capabilities that have grown out of control—but the provision that the FBI and NSA have been using to collect the phone records of millions of innocent people expires on June 1. Tell Congress: it’s time to rethink out-of-control spying. A vote to reauthorize Section 215 is a vote against the Constitution.

On June 5, 2013, the Guardian published a secret court order showing that the NSA has interpreted Section 215 to mean that, with the help of the FBI, it can collect the private calling records of millions of innocent people. The government could even try to use Section 215 for bulk collection of financial records. The NSA’s defenders argue that invading our privacy is the only way to keep us safe. But the White House itself, along with the President’s Review Board has said that the government can accomplish its goals without bulk telephone records collection. And the Privacy and Civil Liberties Oversight Board said, “We have not identified a single instance involving a threat to the United States in which [bulk collection under Section 215 of the PATRIOT Act] made a concrete difference in the outcome of a counterterrorism investigation.” Since June of 2013, we’ve continued to learn more about how out of control the NSA is. But what has not happened since June is legislative reform of the NSA. There have been myriad bipartisan proposals in Congress—some authentic and some not—but lawmakers didn’t pass anything. We need comprehensive reform that addresses all the ways the NSA has overstepped its authority and provides the NSA with appropriate and constitutional tools to keep America safe. In the meantime, tell Congress to take a stand. A vote against reauthorization of Section 215 is a vote for the Constitution.

Senior figures inside British intelligence have been alarmed by GCHQ's secret decision to tap into transatlantic cables in order to engage in the bulk interception of phone calls and internet traffic.According to one source who has been directly involved in GCHQ operations, concerns were expressed when the project was being discussed internally in 2008: "We felt we were starting to overstep the mark with some of it. People from MI5 were complaining that they were going too far from a civil liberties perspective … We all had reservations about it, because we all thought: 'If this was used against us, we wouldn't stand a chance'."The Guardian revealed on Friday that GCHQ has placed more than 200 probes on transatlantic cables and is processing 600m "telephone events" a day as well as up to 39m gigabytes of internet traffic. Using a programme codenamed Tempora, it can store and analyse voice recordings, the content of emails, entries on Facebook, the use of websites as well as the "metadata" which records who has contacted who. The programme is shared with GCHQ's American partner, the National Security Agency.

Interviews with the UK source and the NSA whistleblower Edward Snowden raise questions about whether the programme:■ Exploits existing law which was passed by parliament without any anticipation that it would be used for this purpose.■ For the first time allows GCHQ to process bulk internal UK traffic which is routed overseas via these cables.■ Allows the NSA to engage in bulk intercepts of internal US traffic which would be forbidden in its own territory.■ Functions with no effective oversight.

The source claimed that even the conventional warrant system has been distorted – whereas police used to ask for a warrant before intercepting a target's communications, they will now ask GCHQ to intercept the target's communications and then use that information to seek a warrant.There is a particular concern that the programme allows GCHQ to break the boundary which stopped it engaging in the bulk interception of internal UK communications. The Ripa requirement that one end of a communication must be outside the UK was a significant restriction when it was applied to phone calls using satellites, but it is no longer effective in the world of fibre-optic cables. "The point is that this is an island," the source said. "Everything comes and goes – nearly everything – down fibre-optic cables. You make a mobile phone call, it goes to a mast and then down into a fibre-optic cable, under the ground and away. And even if the call is UK to UK, it's very likely – because of the way the system is structured – to go out of the UK and come back in through these fibre-optic channels."

Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.

Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.

The case challenges the mass telephone records collection that was confirmed by the FISA Order that was published on June 5, 2013 and confirmed by the Director of National Intelligence (DNI) on June 6, 2013. The DNI confirmed that the collection was “broad in scope” and conducted under the “business records” provision of the Foreign Intelligence Surveillance Act, also known as section 215 of the Patriot Act and 50 U.S.C. section 1861. The facts have long been part of EFF’s Jewel v. NSA case. The case does not include section 702 programs, which includes the recently made public and called the PRISM program or the fiber optic splitter program that is included (along with the telephone records program) in the Jewel v. NSA case. 

AT&T this week released for the first time in the phone company’s 140-year history a rough accounting of how often the U.S. government secretly demands records on telephone customers. But to those who’ve been following the National Security Agency leaks, Ma Bell’s numbers come up short by more than 80 million spied-upon Americans. AT&T’s transparency report counts 301,816 total requests for information — spread between subpoenas, court orders and search warrants — in 2013. That includes between 2,000 and 4,000 under the category “national security demands,” which collectively gathered information on about 39,000 to 42,000 different accounts. There was a time when that number would have seemed high. Today, it’s suspiciously low, given the disclosures by whistleblower Edward Snowden about the NSA’s bulk metadata program. We now know that the secretive Foreign Intelligence Surveillance Court is ordering the major telecoms to provide the NSA a firehose of metadata covering every phone call that crosses their networks. An accurate transparency report should include a line indicating that AT&T has turned over information on each and every one of its more than 80 million-plus customers. It doesn’t.

That’s particularly ironic, given that it was Snowden’s revelations about this so-called “Section 215″ metadata spying that paved the way for the transparency report. In Snowden’s wake, technology companies pushed President Barack Obama to craft new rules allowing them to be more transparent about how much customer data they’re forced to provide the NSA and other agencies. In a Jan. 17 globally televised speech, Obama finally agreed. We will also enable communications providers to make public more information than ever before about the orders they have received to provide data to the government. But when the new transparency guidelines came out on Jan. 27, the language left it unclear whether discussing bulk collection was allowed, says Alex Abdo, an American Civil Liberties Union staff attorney. AT&T on Monday became the first phone company to release a transparency report under the new rules, and the results seem to confirm that the metadata collection is still meant to stay secret. “This transparency report confirmed our fear that the DOJ’s apparent concession was carefully crafted to prevent real transparency,” Abdo says. “If they want real transparency, they would allow the disclosure of the bulk telephone metadata program.”

The guidelines allow for the disclosure, in chunks of 1,000, of “the number of customer selectors [phone numbers] targeted under FISA non-content orders.” Since the bulk metadata collection doesn’t “target” any “selectors” it is, by definition, not subject to disclosure. This loophole is no accident of phrasing. In other sections of the guidelines covering National Security Letters — a type of subpoena that doesn’t require a judge’s signature — Obama allows disclosure of the “number of customer accounts affected.” If the guidelines used that same language for the FISA disclosures, AT&T’s transparency report would presumably disclose that more than 80 million customers — that would be all of AT&T’s customers — had been spied upon. The end result, observes Kevin Bankston, the policy director of the New America Foundation’s Open Technology Institute, is that Obama’s so-called reform has spawned a misleading report that provides false comfort to AT&T customers — and all Americans.

NSA phone data collection deemed legal: full ruling

A legal battle over the scope of US government surveillance took a turn in favour of the National Security Agency on Friday with a court opinion declaring that bulk collection of telephone data does not violate the constitution. The judgement, in a case brought before a district court in New York by the American Civil Liberties Union, directly contradicts the result of a similar challenge in a Washington court last week which ruled the NSA's bulk collection program was likely to prove unconstitutional and was "almost Orwellian" in scale. Friday's ruling makes it more likely that the issue will be settled by the US supreme court, although it may be overtaken by the decision of Barack Obama on whether to accept the recommendations of a White House review panel to ban the NSA from directly collecting such data. But the ruling from Judge William Pauley, a Clinton appointee to the Southern District of New York, will provide important ammunition for those within the intelligence community urging Obama to maintain the programme.

Judge Pauley said privacy protections enshrined in the fourth amendment of the US constitution needed to be balanced against a government need to maintain a database of records to prevent future terrorist attacks. “The right to be free from searches is fundamental but not absolute,” he said. “Whether the fourth amendment protects bulk telephony metadata is ultimately a question of reasonableness.”

Some morning in the future, you take a pill — maybe something for depression or cholesterol. You take it every morning. Buried inside the pill is a sand-sized grain, one millimeter square and a third of a millimeter thick, made from copper, magnesium, and silicon. When the pill reaches your stomach, your stomach acids form a circuit with the copper and magnesium, powering up a microchip. Soon, the entire contraption will dissolve, but in the five minutes before that happens, the chip taps out a steady rhythm of electrical pulses, barely audible over the body's background hum. The signal travels as far as a patch stuck to your skin near the navel, which verifies the signal, then transmits it wirelessly to your smartphone, which passes it along to your doctor. There's now a verifiable record that the pill reached your stomach.

This is the vision of Proteus, a new drug-device accepted for review by the Food and Drug Administration last month. The company says it's the first in a new generation of smart drugs, a new source of data for patients and doctors alike. But bioethicists worry that the same data could be used to control patients, infringing on the intensely personal right to refuse medication and giving insurers new power over patients’ lives. As the device moves closer to market, it raises a serious question: Is tracking medicine worth the risk?

But not everyone's convinced that the ability to track pills will be good news for patients. The right to refuse treatment is an important, fragile principle in health care. Many are worried that tracking whether a pill is being consumed will be the first step towards punishing patients that don't comply. While doctors can’t force a patient to take a pill, court orders frequently mandate treatments involving specific drug regimens.

The Obama administration has asked a secret surveillance court to ignore a federal court that found bulk surveillance illegal and to once again grant the National Security Agency the power to collect the phone records of millions of Americans for six months. The legal request, filed nearly four hours after Barack Obama vowed to sign a new law banning precisely the bulk collection he asks the secret court to approve, also suggests that the administration may not necessarily comply with any potential court order demanding that the collection stop.

But Carlin asked the Fisa court to set aside a landmark declaration by the second circuit court of appeals. Decided on 7 May, the appeals court ruled that the government had erroneously interpreted the Patriot Act’s authorization of data collection as “relevant” to an ongoing investigation to permit bulk collection. Carlin, in his filing, wrote that the Patriot Act provision remained “in effect” during the transition period. “This court may certainly consider ACLU v Clapper as part of its evaluation of the government’s application, but second circuit rulings do not constitute controlling precedent for this court,” Carlin wrote in the 2 June application. Instead, the government asked the court to rely on its own body of once-secret precedent stretching back to 2006, which Carlin called “the better interpretation of the statute”.

But the Fisa court must first decide whether the new bulk-surveillance request is lawful. On Friday, the conservative group FreedomWorks filed a rare motion before the Fisa court, asking it to reject the government’s surveillance request as a violation of the fourth amendment’s prohibition on unreasonable searches and seizures. Fisa court judge Michael Moseman gave the justice department until this coming Friday to respond – and explicitly barred the government from arguing that FreedomWorks lacks the standing to petition the secret court.

The United Nations’ top official for counter-terrorism and human rights (known as the “Special Rapporteur”) issued a formal report to the U.N. General Assembly today that condemns mass electronic surveillance as a clear violation of core privacy rights guaranteed by multiple treaties and conventions. “The hard truth is that the use of mass surveillance technology effectively does away with the right to privacy of communications on the Internet altogether,” the report concluded. Central to the Rapporteur’s findings is the distinction between “targeted surveillance” — which “depend[s] upon the existence of prior suspicion of the targeted individual or organization” — and “mass surveillance,” whereby “states with high levels of Internet penetration can [] gain access to the telephone and e-mail content of an effectively unlimited number of users and maintain an overview of Internet activity associated with particular websites.” In a system of “mass surveillance,” the report explained, “all of this is possible without any prior suspicion related to a specific individual or organization. The communications of literally every Internet user are potentially open for inspection by intelligence and law enforcement agencies in the States concerned.”

Mass surveillance thus “amounts to a systematic interference with the right to respect for the privacy of communications,” it declared. As a result, “it is incompatible with existing concepts of privacy for States to collect all communications or metadata all the time indiscriminately.” In concluding that mass surveillance impinges core privacy rights, the report was primarily focused on the International Covenant on Civil and Political Rights, a treaty enacted by the General Assembly in 1966, to which all of the members of the “Five Eyes” alliance are signatories. The U.S. ratified the treaty in 1992, albeit with various reservations that allowed for the continuation of the death penalty and which rendered its domestic law supreme. With the exception of the U.S.’s Persian Gulf allies (Saudi Arabia, UAE and Qatar), virtually every major country has signed the treaty. Article 17 of the Covenant guarantees the right of privacy, the defining protection of which, the report explained, is “that individuals have the right to share information and ideas with one another without interference by the State, secure in the knowledge that their communication will reach and be read by the intended recipients alone.”

The report’s key conclusion is that this core right is impinged by mass surveillance programs: “Bulk access technology is indiscriminately corrosive of online privacy and impinges on the very essence of the right guaranteed by article 17. In the absence of a formal derogation from States’ obligations under the Covenant, these programs pose a direct and ongoing challenge to an established norm of international law.” The report recognized that protecting citizens from terrorism attacks is a vital duty of every state, and that the right of privacy is not absolute, as it can be compromised when doing so is “necessary” to serve “compelling” purposes. It noted: “There may be a compelling counter-terrorism justification for the radical re-evaluation of Internet privacy rights that these practices necessitate. ” But the report was adamant that no such justifications have ever been demonstrated by any member state using mass surveillance: “The States engaging in mass surveillance have so far failed to provide a detailed and evidence-based public justification for its necessity, and almost no States have enacted explicit domestic legislation to authorize its use.”

The Justice Department has released a newly declassified version of a May 2004 legal memo approving the National Security Agency’s Stellarwind program, a set of warrantless surveillance and data collection activities that President George W. Bush secretly authorized after the terrorist attacks of Sept. 11, 2001. But questions about the program remain.A more heavily redacted version of the memo had been released in 2011 as part of Freedom of Information Act lawsuits by the American Civil Liberties Union and the Electronic Privacy Information Center. The new version includes previously censored references to the existence of the data collection related to Americans’ phone calls and emails.

The Obama administration voluntarily reprocessed the memo from Jack Goldsmith, the head of the Justice Department’s Office of Legal Counsel, in light of the fact that it had declassified the existence of the bulk phone and email data programs last year after leaks by Edward J. Snowden, a former N.S.A. contractor.The fuller release adds to the public record of an important historical episode. However, the government continued to redact crucial portions of the memo that would answer a primary remaining question about the history of Stellarwind: What prompted the Justice Department to conclude in early 2004 that one aspect of the program, which collected records about Americans’ emails in bulk, was illegal — even though it permitted other aspects, like warrantless wiretapping and the bulk collection of Americans’ phone records, to continue?“They have continued to keep redacted something very significant,” said Jameel Jaffer, a lawyer with the A.C.L.U.

The Justice Department’s conclusion that the email metadata program was illegal led to a March 2004 confrontation between White House and department officials in the hospital room of Attorney General John Ashcroft, after which nearly the entire top leadership of the department threatened to resign, prompting President Bush to agree to changes.