Group items tagged

Everyone who carries a cellphone generates a trail of electronic breadcrumbs that records everywhere they go. Those breadcrumbs reveal a wealth of information about who we are, where we live, who our friends are and much more. And as we reported last week, the National Security Agency is collecting location information in bulk — 5 billion records per day worldwide — and using sophisticated algorithms to assist with U.S. intelligence-gathering operations. How do they do it? And what can they learn from location data? The latest documents show the extent of the location-tracking program we first reported last week. Read on to learn more about what the documents show.

In conversations with The Washington Post over Barton Gellman and Ashkan Soltani's recent story on cellphone location tracking, an intelligence agency lawyer told Gellman, "obviously there is no Fourth Amendment expectation in communications metadata.” But some experts say it's far from obvious that the 1979 Supreme Court case on which the administration bases this view gives the government unfettered power to scoop up Americans' cellphone location data.

And there's some reason to believe that a majority of the current Supreme Court justices might agree with her on the location data aspect of metadata. The most recent Supreme Court case involving location tracking, United States v. Jones was settled on narrow trespassing grounds in 2012. But five Supreme Court justices signed on to concurring opinions that questioned whether Smith v. Maryland holds up in the face of modern technology.  An opinion concurring in judgment with the Jones decision written by Justice Samuel Alito, and joined by Justices Ruth Bader Ginsburg, Stephen Breyer and Elena Kagan specifically noted the prevalence of smartphones and argued that "the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy."

A separate concurring opinion from a fifth justice, Sonia Sotomayor made many of the same arguments, saying "fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties" -- and even went further by arguing that "awareness that the Government may be watching chills associational and expressive freedoms."

Sen. Jon Tester (D-MT) has sent a letter to the Department of Homeland Security and outgoing Attorney General Eric Holder to learn more about the use of “dirtboxes,” which collect phone data by masquerading as a nearby cell tower. The letter, which was co-signed by Democratic and Independent senators from Alaska, Vermont, and other states, argues that dirtboxes “potentially violate the Fourth Amendment and represent a significant intrusion into the private lives of thousands of Americans.” . The senators wrote the letter, which was sent on Wednesday, in response to a Wall Street Journal report about a US Marshals program that attaches these dirtboxes to planes flying across the United States. This reportedly allows law enforcement to collect information about “tens of thousands” of citizens under the planes’ flight path. It’s not clear how often these planes are flown. But it is clear that the devices  can determine someone’s location within a few meters, which could allow law enforcement to tell if that person is in a specific room inside a building, instead of merely knowing their general location. The devices are also thought to be able to snoop on phone calls, text messages, and other information transferred to affected cellphones.

Uber dra

The NSA’s spying on everyone’s metadata can tell them just about everything about us … and it violates our Constitutional right to freedom of association. But people are getting distracted from the big picture by focusing on metadata. As security expert Bruce Schneier wrote yesterday: What frustrates me about all of this — [the Privacy and Civil Liberties Oversight Board] report, the president’s speech, and so many other things — is that they focus on the bulk collection of cell phone call records. There’s so much more bulk collection going on — phone calls, e-mails, address books, buddy lists, text messages, cell phone location data, financial documents, calendars, [smartphone apps] etc. — and we really need legislation and court opinions on it all. But because cell phone call records were the first disclosure, they’re what gets the attention. Indeed, Schneier confirmed last October what we’ve been saying for years … don’t get too distracted by the details, because the government is spying on everything:

Honestly, I think the details matter less and less. We have to assume that the NSA has EVERYONE who uses electronic communications under CONSTANT surveillance. New details about hows and whys will continue to emerge …but the big picture will remain the same. He’s right. As just one example, there is substantial evidence from top NSA and FBI whistleblowers that the government is recording the content of our calls and emails … word-for-word. So what should we make of the government’s denials that it records content? Given that the government has been caught lying about spying again and again, I’m not sure how much weight we should give to such denials. NSA whistleblower Russ Tice notes: They’re collecting content … word-for-word. *** You can’t trust these people. They lie, and they lie a lot.

Still, is the Justice Department’s airborne dragnet program legal? The answer is “maybe.” Federal authorities have employed similar tools in the past. The Federal Bureau of Investigation is known to use a surveillance tool called a “stingray,” a portable transceiver that tricks cell phones within a certain area into relaying their locations, not unlike the equipment onboard the Marshals’ aircraft. A government vehicle with a stingray can net hundreds of nearby cell phones’ approximate locations just by driving through a typical neighborhood. The government has said it doesn’t need a probable cause warrant to use stingrays because investigators don’t collect the content of phone calls, just the locations of those phones. Government officials, meanwhile, have said they get court approval to use the devices. Much of the government’s warrantless use of stingray-style technology hinges on a 1979 Supreme Court decision titled Smith v. Maryland. Smith involved law enforcement’s use of a device called a pen register that, when attached to a suspect’s phone line, recorded the numbers of outgoing calls, but not the calls themselves. The Smith decision upheld the warrantless use of such devices because the suspect’s phone company would record the same data picked up by the pen register, and therefore the suspect had no reasonable expectation of privacy when it came to that information. Currently, the law requires a court to approve the use of a pen register, but investigators only have to show that the device’s use is “relevant to an ongoing criminal investigation,” a much weaker standard than a probable cause warrant requires.

However, to get back to the Smith decision, wireless carriers do store your location history for several months to several years, information they obtain by keeping a record of the cell towers to which your device connects as you move from place to place. That could mean Americans don’t have a reasonable expectation of privacy over their location data and the Smith precedent applies, making the DoJ’s aerial surveillance program legal. Still, that would be a matter for the courts to decide. “There are a lot of tricky questions whether a stingray or dirtbox operated by the government directly is a pen register, or the Fourth Amendment concerns dismissed by the Supreme Court 35 years ago in Smith v. Maryland are more applicable here,” Fakhoury said.

Hanni Fakhoury, an attorney at the pro-privacy Electronic Frontier Foundation, says the Department of Justice could use the Smith precedent as legal justification for the airborne dirtbox program. However, Fakhoury also highlighted a key problem with that argument: Location. Pen registers aren’t intended to pick up location data beyond an area code, whereas the airborne dirtboxes can track a person down to a single building. Many courts, he said, have expressed that location data deserves greater constitutional protection than is afforded to other kinds of information.

For the first nine days of February, eight of the Los Angeles Police Department’s top brass were 7,500 miles away from home, being shuttled around Israel in a minibus.

LAPD Deputy Chief Jose Perez, a good-natured 30-year veteran of the department who oversees its central bureau, tweeted updates at nearly every stop. On Feb. 2, he shared a group photo of the Los Angeles delegation visiting the corporate headquarters of Nice Systems, an Israeli security and cyber intelligence company that can intercept and instantly analyze video, audio and text-based communications. (A seemingly tongue-in-cheek inspirational poster on the wall behind them reads: “Every voice deserves to be heard.”)

The group visited private security firms and drone manufacturers, as well as the terror-prone Ashdod Port, a museum in Sderot full of old rockets shot from nearby Gaza (the same one United States President Barack Obama visited on his 2008 campaign trip to Israel), and a “safe city” underground control center in the large suburb of Rishon LeZion, which receives live streams from more than 1,000 cameras with license plate recognition installed throughout the city.

A federal judge in Washington ruled on Monday that the bulk collection of Americans’ telephone records by the National Security Agency is likely to violate the US constitution, in the most significant legal setback for the agency since the publication of the first surveillance disclosures by the whistleblower Edward Snowden. Judge Richard Leon declared that the mass collection of metadata probably violates the fourth amendment, which prohibits unreasonable searches and seizures, and was "almost Orwellian" in its scope. In a judgment replete with literary swipes against the NSA, he said James Madison, the architect of the US constitution, would be "aghast" at the scope of the agency’s collection of Americans' communications data. The ruling, by the US district court for the District of Columbia, is a blow to the Obama administration, and sets up a legal battle that will drag on for months, almost certainly destined to end up in the supreme court. It was welcomed by campaigners pressing to rein in the NSA, and by Snowden, who issued a rare public statement saying it had vindicated his disclosures. It is also likely to influence other legal challenges to the NSA, currently working their way through federal courts.

In Monday’s ruling, the judge concluded that the pair's constitutional challenge was likely to be successful. In what was the only comfort to the NSA in a stinging judgment, Leon put the ruling on hold, pending an appeal by the government. Leon expressed doubt about the central rationale for the program cited by the NSA: that it is necessary for preventing terrorist attacks. “The government does not cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack,” he wrote.

Leon’s opinion contained stern and repeated warnings that he was inclined to rule that the metadata collection performed by the NSA – and defended vigorously by the NSA director Keith Alexander on CBS on Sunday night – was unconstitutional. “Plaintiffs have a substantial likelihood of showing that their privacy interests outweigh the government’s interest in collecting and analysing bulk telephony metadata and therefore the NSA’s bulk collection program is indeed an unreasonable search under the fourth amendment,” he wrote. Leon said that the mass collection of phone metadata, revealed by the Guardian in June, was "indiscriminatory" and "arbitrary" in its scope. "The almost-Orwellian technology that enables the government to store and analyze the phone metadata of every telephone user in the United States is unlike anything that could have been conceived in 1979," he wrote, referring to the year in which the US supreme court ruled on a fourth amendment case upon which the NSA now relies to justify the bulk records program.

The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations.

The Federal Bureau of Investigation is taking the position that court warrants are not required when deploying cell-site simulators in public places. Nicknamed "stingrays," the devices are decoy cell towers that capture locations and identities of mobile phone users and can intercept calls and texts. The FBI made its position known during private briefings with staff members of Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) and Sen. Chuck Grassley (R-Iowa). In response, the two lawmakers wrote Attorney General Eric Holder and Homeland Security chief Jeh Johnson, maintaining they were "concerned about whether the FBI and other law enforcement agencies have adequately considered the privacy interests" of Americans. According to the letter, which was released last week: For example, we understand that the FBI’s new policy requires FBI agents to obtain a search warrant whenever a cell-site simulator is used as part of a FBI investigation or operation, unless one of several exceptions apply, including (among others): (1) cases that pose an imminent danger to public safety, (2) cases that involve a fugitive, or (3) cases in which the technology is used in public places or other locations at which the FBI deems there is no reasonable expectation of privacy.

The letter was prompted in part by a Wall Street Journal report in November that said the Justice Department was deploying small airplanes equipped with cell-site simulators that enabled "investigators to scoop data from tens of thousands of cellphones in a single flight, collecting their identifying information and general location." The bureau's position on Americans' privacy isn't surprising. The Obama Administration has repeatedly maintained that the public has no privacy in public places. It began making that argument as early as 2010, when it told a federal appeals court that the authorities should be allowed to affix GPS devices on vehicles and track a suspect's every move without court authorization. The Supreme Court, however, eventually ruled that warrants are required. What's more, the administration has argued that placing a webcam with pan-and-zoom capabilities on a utility pole to spy on a suspect at his or her residence was no different from a police officer's observation from the public right-of-way. A federal judge last month disagreed with the government's position, tossing evidence gathered by the webcam that was operated from afar.

In their letter, Leahy and Grassley complained that little is known about how stingrays, also known as ISMI catchers, are used by law enforcement agencies. The Harris Corp., a maker of the devices from Florida, includes non-disclosure clauses with buyers. Baltimore authorities cited a non-disclosure agreement to a judge in November as their grounds for refusing to say how they tracked a suspect's mobile phone. They eventually dropped charges rather than disclose their techniques. Further, sometimes the authorities simply lie to judges about their use or undertake other underhanded methods to prevent the public from knowing that the cell-site simulators are being used.

They flow deep underneath the Atlantic Ocean and into the United Kingdom below the golden sands of idyllic beaches. But the internet cables that come ashore at the coast of Cornwall, England, are not just used to connect the country with the rest of the world. According to new reports based on documents from National Security Agency whistleblower Edward Snowden, the cables have become an integral part of the global mass surveillance system operated by the British spy agency Government Communications Headquarters, intimately assisted by a company now owned by Vodafone, the world’s third largest cellphone network provider.

The latest details about the extent of the spying were revealed on Thursday by the British Channel 4 News, the German newspaper Süddeutsche Zeitung, and the German broadcaster WDR, who worked in partnership with Intercept founding editor Laura Poitras. The Intercept obtained a preview of the revelations in advance of their publication. According to the reports, British telecommunications firms have helped GCHQ dramatically scale-up the volume of internet data it collects from undersea cables. In the five years leading up to 2012, there was a 7,000-fold increase in the amount of data the agency was sweeping up, with its computers monitoring some 46 billion private communications “events” every day, according to documents cited in the reports. The data swept up from the cables would include content from emails, online messages, browsing sessions, and calls made using internet chat tools.

British telecommunications company Cable & Wireless played a leading role in the secret cable tapping operation, according to the reports, and the collaboration appears to have gone further than simply complying with the law in helping implement the surveillance. The company provided GCHQ with updates on opportunities it could give the agency to tap into internet traffic, and in February 2009 a GCHQ employee was assigned to work within Cable & Wireless in a “full-time project management” role. The British government paid Cable & Wireless more than £5 million ($9 million) of taxpayers’ money as part of an annual lease for GCHQ to access the cables. The agency described the company a “partner” and designated it the codename Gerontic.

The first (and thus far only) roll-back of post-9/11 surveillance authorities was implemented over the weekend: The National Security Agency shuttered its program for collecting and holding the metadata of Americans’ phone calls under Section 215 of the Patriot Act. While bulk collection under Section 215 has ended, the government can obtain access to this information under the procedures specified in the USA Freedom Act. Indeed, some experts have argued that the Agency likely has access to more metadata because its earlier dragnet didn’t cover cell phones or Internet calling. In addition, the metadata of calls made by an individual in the United States to someone overseas and vice versa can still be collected in bulk — this takes place abroad under Executive Order 12333. No doubt the NSA wishes that this was the end of the surveillance reform story and the Paris attacks initially gave them an opening. John Brennan, the Director of the CIA, implied that the attacks were somehow related to “hand wringing” about spying and Sen. Tom Cotton (R-Ark.) introduced a bill to delay the shut down of the 215 program. Opponents of encryption were quick to say: “I told you so.”

But the facts that have emerged thus far tell a different story. It appears that much of the planning took place IRL (that’s “in real life” for those of you who don’t have teenagers). The attackers, several of whom were on law enforcement’s radar, communicated openly over the Internet. If France ever has a 9/11 Commission-type inquiry, it could well conclude that the Paris attacks were a failure of the intelligence agencies rather than a failure of intelligence authorities. Despite the passage of the USA Freedom Act, US surveillance authorities have remained largely intact. Section 702 of the FISA Amendments Act — which is the basis of programs like PRISM and the NSA’s Upstream collection of information from Internet cables — sunsets in the summer of 2017. While it’s difficult to predict the political environment that far out, meaningful reform of Section 702 faces significant obstacles. Unlike the Section 215 program, which was clearly aimed at Americans, Section 702 is supposedly targeted at foreigners and only picks up information about Americans “incidentally.” The NSA has refused to provide an estimate of how many Americans’ information it collects under Section 702, despite repeated requests from lawmakers and most recently a large cohort of advocates. The Section 215 program was held illegal by two federal courts (here and here), but civil attempts to challenge Section 702 have run into standing barriers. Finally, while two review panels concluded that the Section 215 program provided little counterterrorism benefit (here and here), they found that the Section 702 program had been useful.

There is, nonetheless, some pressure to narrow the reach of Section 702. The recent decision by the European Court of Justice in the safe harbor case suggests that data flows between Europe and the US may be restricted unless the PRISM program is modified to protect the information of Europeans (see here, here, and here for discussion of the decision and reform options). Pressure from Internet companies whose business is suffering — estimates run to the tune of $35 to 180 billion — as a result of disclosures about NSA spying may also nudge lawmakers towards reform. One of the courts currently considering criminal cases which rely on evidence derived from Section 702 surveillance may hold the program unconstitutional either on the basis of the Fourth Amendment or Article III for the reasons set out in this Brennan Center report. A federal district court in Colorado recently rejected such a challenge, although as explained in Steve’s post, the decision did not seriously explore the issues. Further litigation in the European courts too could have an impact on the debate.

More than a month after Sen. Ron Wyden (D-Ore.) requested information about US Customs and Border Protection's practice of searching cell phones at US borders and airports, he's still waiting for answers—but he's not waiting to introduce legislation to end the practice. "It's very concerning that [the Department of Homeland Security] hasn't managed to answer my questions about the number of digital searches at the border, five weeks after I requested that basic information," Wyden, a leading congressional advocate for civil liberties and privacy, told Mother Jones on Tuesday through a spokesman. "If CBP were to undertake a system of indiscriminate digital searches, that would distract CBP from its core mission, dragging time and attention away from catching the bad guys." Wyden's request to DHS and CBP came on the heels of a February 18 report from the Associated Press of a "fivefold increase" in electronic media searches in fiscal year 2016 over the previous year, from fewer than 5,000 to nearly 24,000. It also followed Homeland Security Secretary John Kelly's suggestion that visitors from a select group of countries, mainly Muslim, might be required to hand over passwords to their social media accounts as a condition of entry. (That comment came a week after President Donald Trump first unveiled his executive order⁠ banning travel from seven majority-Muslim countries.) The Knight First Amendment Institute, which advocates for freedom of speech, sued DHS on Monday for records relating to the seizure of electronic devices at border checkpoints. Wyden requested similar data on CBP device searches and demands for travelers' passwords. "There are well-established legal rules governing how law enforcement agencies may obtain data from social media companies and email providers," Wyden wrote in the February 20 letter to DHS and CBP. "By requesting a traveler's credentials and then directly accessing their data, CBP would be short-circuiting the vital checks and balances that exist in our current system." The senator wrote that the searches not only violate civil liberties but could reduce international business travel or force companies to outfit employees with "burner" laptops and mobile devices, "which some firms already use when employees visit nations like China."

"Folks are going to be less likely to travel freely to the US with the devices they need if they don't feel their sensitive business information is going to be safe at the border," Wyden said Tuesday, noting that CBP can copy the information it views on a device. "Then they can store that information and search it without a warrant." Wyden will soon introduce legislation to force law enforcement to obtain warrants before searching devices at the border. His bill would also prevent CBP from compelling travelers to reveal passwords to their accounts. A DHS spokesman said in a statement that "all travelers arriving to the US are subject to CBP inspection," which includes inspection of any electronic devices they may be carrying. Access to these devices, the spokesman said, helps CBP agents ascertain the identity and admissibility of people from other countries and "deter the entry of possible terrorists, terrorist weapons, controlled substances," and other prohibited items. "CBP electronic media searches," the spokesman said, "have resulted in arrests for child pornography, evidence helpful in combating terrorist activity, violations of export controls, convictions for intellectual property rights violations, and visa fraud discoveries." In a March 27 USA Today op-ed, Joseph B. Maher, DHS acting general counsel, compared device searches to searching luggage. "Just as Customs is charged with inspecting luggage, vehicles and cargo containers upon arrival to the USA, there are circumstances in this digital age when we must inspect an electronic device for violations of the law," Maher wrote.

But in a unanimous 2014 ruling, the Supreme Court found that police need warrants to search cell phones. Chief Justice John Roberts wrote in the opinion that cell phones are "such a pervasive and insistent part of daily life that the proverbial visitor from Mars might conclude they were an important feature of human anatomy." In response to a Justice Department argument that cell phones were akin to wallets, purses, and address books, Roberts wrote: "That is like saying a ride on horseback is materially indistinguishable from a flight to the moon." The law, however, applies differently at the border because of the "border search doctrine," which has traditionally given law enforcement wider latitude under the Fourth Amendment to perform searches at borders and international airports. CBP says it keeps tight controls on its searches and is sensitive to personal privacy. Wyden isn't convinced. "Given Trump's worrying track record so far, and the ease with which CBP could change its guidelines, it's important we create common-sense statutory protections for Americans' liberty and security," he says.

German prosecutors have opened an investigation into the alleged monitoring of Chancellor Angela Merkel’s cellphone by the U.S. National Security Agency, officials said Wednesday, in a move that could again complicate diplomatic relations between the two allies. It was not immediately clear what the new investigation might mean in terms of possible prosecutions of Americans. Documents provided by National Security Agency leaker Edward Snowden indicated in October that the U.S. was monitoring Merkel’s cellphone conversations, as well as those of 35 other foreign leaders. Merkel expressed outrage and accused Washington of a grave breach of trust. In the ensuing diplomatic fallout, President Barack Obama acknowledged Germany’s anger and promised that new guidelines would cut back on such monitoring, except in the case of a national security interest. “The leaders of our close friends and allies deserve to know that if I want to learn what they think about an issue, I will pick up the phone and call them rather than turning to surveillance,” Obama said at the time.

Following the news of the German probe, Obama’s deputy national security adviser, Ben Rhodes, said the U.S. believes direct dialogue between the two countries rather than an investigation is the best way to address Germany’s concerns. “We believe we have an open line and good communication” with Merkel and her team, Rhodes told reporters aboard Air Force One as Obama flew to Brussels for a meeting of the Group of Seven nations. After mulling for months whether to open a formal probe, Chief Federal Prosecutor Harald Range determined “that sufficient factual evidence exists that unknown members of U.S. intelligence services spied on the mobile phone of Chancellor Angela Merkel,” his office said. In a similarly thorny diplomatic case, Germany got as far as issuing warrants for 13 unidentified CIA agents suspected of kidnapping a German terrorism suspect and taking him to a detention center in Afghanistan. The case was shelved in 2007 after the U.S. Justice Department said extraditing the agents would harm “American national interests.”

In his Wednesday announcement, Range’s office said he was not opening a formal investigation of wider allegations of blanket surveillance of telecommunications data in Germany by U.S. and British intelligence, saying that there was not yet sufficient factual evidence of concrete crimes. His office said that will remain under consideration. Merkel’s spokesman, Steffen Seibert, declined to comment on Range’s decision or on whether the government fears it will weigh on relations with the U.S. The government didn’t exert any influence on the prosecutor, Seibert told reporters. “I am not going to evaluate here the decision he has made,” he said. Separately, the German Parliament earlier this year set up a committee to investigate the scope of spying by the NSA and other intelligence services in Germany.

Law enforcement is taking advantage of outdated privacy laws to track Americans like never before. New technologies can record your every movement, revealing detailed information about how you choose to live your life. Without the right protections in place, the government can gain access to this information -- and to your private life -- with disturbing ease.

As long as it is turned on, your mobile phone registers its position with cell towers every few minutes, whether the phone is being used or not. Since mobile carriers are retaining location data on their customers, government officials can learn a tremendous amount of detailed personal information about you by accessing your location history from your cell phone company, ranging from which friends you're seeing to where you go to the doctor to how often you go to church. The Justice Department and most local police forces can get months' worth of this information, without you ever knowing -- and often without a warrant from a judge.

The National Security Agency is secretly providing data to nearly two dozen U.S. government agencies with a “Google-like” search engine built to share more than 850 billion records about phone calls, emails, cellphone locations, and internet chats, according to classified documents obtained by The Intercept. The documents provide the first definitive evidence that the NSA has for years made massive amounts of surveillance data directly accessible to domestic law enforcement agencies. Planning documents for ICREACH, as the search engine is called, cite the Federal Bureau of Investigation and the Drug Enforcement Administration as key participants. ICREACH contains information on the private communications of foreigners and, it appears, millions of records on American citizens who have not been accused of any wrongdoing. Details about its existence are contained in the archive of materials provided to The Intercept by NSA whistleblower Edward Snowden. Earlier revelations sourced to the Snowden documents have exposed a multitude of NSA programs for collecting large volumes of communications. The NSA has acknowledged that it shares some of its collected data with domestic agencies like the FBI, but details about the method and scope of its sharing have remained shrouded in secrecy.

ICREACH has been accessible to more than 1,000 analysts at 23 U.S. government agencies that perform intelligence work, according to a 2010 memo. A planning document from 2007 lists the DEA, FBI, Central Intelligence Agency, and the Defense Intelligence Agency as core members. Information shared through ICREACH can be used to track people’s movements, map out their networks of associates, help predict future actions, and potentially reveal religious affiliations or political beliefs. The creation of ICREACH represented a landmark moment in the history of classified U.S. government surveillance, according to the NSA documents.

Documents published with this article: CIA Colleagues Enthusiastically Welcome NSA Training Sharing Communications Metadata Across the U.S. Intelligence Community CRISSCROSS/PROTON Point Paper Decision Memorandum for the DNI on ICREACH Metadata Sharing Memorandum Sharing SIGINT metadata on ICREACH Metadata Policy Conference ICREACH Wholesale Sharing Black Budget Extracts

AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data. The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania. In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.

Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”

Since 2001, armed Predator drones have been used by the CIA in many foreign nations to attack individuals on the ground. There's a new revelation about them, too: In some cases, the NSA helped the CIA find targets by locking onto their powered-off mobile phones. Even when phones have their batteries removed, it appears the NSA still has the ability to locate them. Buried inside a Washington Post story by Dana Priest is the following tidbit: By September 2004, a new NSA technique enabled the agency to find cellphones even when they were turned off. JSOC troops called this "The Find," and it gave them thousands of new targets, including members of a burgeoning al-Qaeda-sponsored insurgency in Iraq, according to members of the unit. At the same time, the NSA developed a new computer linkup called the Real Time Regional Gateway into which the military and intelligence officers could feed every bit of data or seized documents and get back a phone number or list of potential targets. It also allowed commanders to see, on a screen, every type of surveillance available in a given territory.

"The Find," the Post article says, is run by a team in the basement of the NSA's headquarters whose job is to track the location of mobile phones in real time. Because many phones have chips that stay on even after a battery has been removed, tracking powered-down phones is within the realm of possibility. The revelations fit right in with the Edward Snowden disclosures, but the NSA isn't the only one tracking phones: Other government agencies and private companies regularly track them without warrants or court orders as well.

The Obama administration defended its creation of a Twitter-like Cuban communications network to undermine the communist government, declaring the secret program was "invested and debated" by Congress and wasn't a covert operation that required White House approval.

But two senior Democrats on congressional intelligence and judiciary committees said Thursday they had known nothing about the effort, which one of them described as "dumb, dumb, dumb." A showdown with that senator's panel is expected next week, and the Republican chairman of a House oversight subcommittee said that it, too, would look into the program.An Associated Press investigation found that the network was built with secret shell companies and financed through a foreign bank. The project, which lasted more than two years and drew tens of thousands of subscribers, sought to evade Cuba's stranglehold on the Internet with a primitive social media platform.First, the network was to build a Cuban audience, mostly young people. Then, the plan was to push them toward dissent.

Yet its users were neither aware it was created by a U.S. agency with ties to the State Department, nor that American contractors were gathering personal data about them, in the hope that the information might be used someday for political purposes.It is unclear whether the scheme was legal under U.S. law, which requires written authorization of covert action by the president as well as congressional notification. White House spokesman Jay Carney said he was not aware of individuals in the White House who had known about the program.

State legislatures around the country, facing growing public concern about the collection and trade of personal data, have rushed to propose a series of privacy laws, from limiting how schools can collect student data to deciding whether the police need a warrant to track cellphone locations.

Over two dozen privacy laws have passed this year in more than 10 states, in places as different as Oklahoma and California. Many lawmakers say that news reports of widespread surveillance by the National Security Agency have led to more support for the bills among constituents. And in some cases, the state lawmakers say, they have felt compelled to act because of the stalemate in Washington on legislation to strengthen privacy laws. “Congress is obviously not interested in updating those things or protecting privacy,” said Jonathan Stickland, a Republican state representative in Texas. “If they’re not going to do it, states have to do it.”