Group items tagged

In addition to analyzing the content of their internet activities, the NSA also examined the targets' contact lists. The NSA accuses two of the targets of promoting al Qaeda propaganda, but states that surveillance of the three English-speakers’ communications revealed that they have "minimal terrorist contacts." In particular, “only seven (1 percent) of the contacts in the study of the three English-speaking radicalizers were characterized in SIGINT as affiliated with an extremist group or a Pakistani militant group. An earlier communications profile of [one of the targets] reveals that 3 of the 213 distinct individuals he was in contact with between 4 August and 2 November 2010 were known or suspected of being associated with terrorism," the document reads. The document contends that the three Arabic-speaking targets have more contacts with affiliates of extremist groups, but does not suggest they themselves are involved in any terror plots. Instead, the NSA believes the targeted individuals radicalize people through the expression of controversial ideas via YouTube, Facebook and other social media websites. Their audience, both English and Arabic speakers, "includes individuals who do not yet hold extremist views but who are susceptible to the extremist message,” the document states. The NSA says the speeches and writings of the six individuals resonate most in countries including the United Kingdom, Germany, Sweden, Kenya, Pakistan, India and Saudi Arabia.

The NSA possesses embarrassing sexually explicit information about at least two of the targets by virtue of electronic surveillance of their online activity. The report states that some of the data was gleaned through FBI surveillance programs carried out under the Foreign Intelligence and Surveillance Act. The document adds, "Information herein is based largely on Sunni extremist communications." It further states that "the SIGINT information is from primary sources with direct access and is generally considered reliable." According to the document, the NSA believes that exploiting electronic surveillance to publicly reveal online sexual activities can make it harder for these “radicalizers” to maintain their credibility. "Focusing on access reveals potential vulnerabilities that could be even more effectively exploited when used in combination with vulnerabilities of character or credibility, or both, of the message in order to shape the perception of the messenger as well as that of his followers," the document argues. An attached appendix lists the "argument" each surveillance target has made that the NSA says constitutes radicalism, as well the personal "vulnerabilities" the agency believes would leave the targets "open to credibility challenges" if exposed.

One target's offending argument is that "Non-Muslims are a threat to Islam," and a vulnerability listed against him is "online promiscuity." Another target, a foreign citizen the NSA describes as a "respected academic," holds the offending view that "offensive jihad is justified," and his vulnerabilities are listed as "online promiscuity" and "publishes articles without checking facts." A third targeted radical is described as a "well-known media celebrity" based in the Middle East who argues that "the U.S perpetrated the 9/11 attack." Under vulnerabilities, he is said to lead "a glamorous lifestyle." A fourth target, who argues that "the U.S. brought the 9/11 attacks on itself" is said to be vulnerable to accusations of “deceitful use of funds." The document expresses the hope that revealing damaging information about the individuals could undermine their perceived "devotion to the jihadist cause." The Huffington Post is withholding the names and locations of the six targeted individuals; the allegations made by the NSA about their online activities in this document cannot be verified. The document does not indicate whether the NSA carried out its plan to discredit these six individuals, either by communicating with them privately about the acquired information or leaking it publicly. There is also no discussion in the document of any legal or ethical constraints on exploiting electronic surveillance in this manner.

While Baker and others support using surveillance to tarnish the reputation of people the NSA considers "radicalizers," U.S. officials have in the past used similar tactics against civil rights leaders, labor movement activists and others. Under J. Edgar Hoover, the FBI harassed activists and compiled secret files on political leaders, most notably Martin Luther King, Jr. The extent of the FBI's surveillance of political figures is still being revealed to this day, as the bureau releases the long dossiers it compiled on certain people in response to Freedom of Information Act requests following their deaths. The information collected by the FBI often centered on sex -- homosexuality was an ongoing obsession on Hoover's watch -- and information about extramarital affairs was reportedly used to blackmail politicians into fulfilling the bureau's needs. Current FBI Director James Comey recently ordered new FBI agents to visit the Martin Luther King, Jr. Memorial in Washington to understand "the dangers in becoming untethered to oversight and accountability."

James Bamford, a journalist who has been covering the NSA since the early 1980s, said the use of surveillance to exploit embarrassing private behavior is precisely what led to past U.S. surveillance scandals. "The NSA's operation is eerily similar to the FBI's operations under J. Edgar Hoover in the 1960s where the bureau used wiretapping to discover vulnerabilities, such as sexual activity, to 'neutralize' their targets," he said. "Back then, the idea was developed by the longest serving FBI chief in U.S. history, today it was suggested by the longest serving NSA chief in U.S. history." That controversy, Bamford said, also involved the NSA. "And back then, the NSA was also used to do the eavesdropping on King and others through its Operation Minaret. A later review declared the NSA’s program 'disreputable if not outright illegal,'" he said. Baker said that until there is evidence the tactic is being abused, the NSA should be trusted to use its discretion. "The abuses that involved Martin Luther King occurred before Edward Snowden was born," he said. "I think we can describe them as historical rather than current scandals. Before I say, 'Yeah, we've gotta worry about that,' I'd like to see evidence of that happening, or is even contemplated today, and I don't see it."

Jaffer, however, warned that the lessons of history ought to compel serious concern that a "president will ask the NSA to use the fruits of surveillance to discredit a political opponent, journalist or human rights activist." "The NSA has used its power that way in the past and it would be naïve to think it couldn't use its power that way in the future," he said.

In a December 2014 opinion in the Hassanshahi case, US District Judge Rudolph Contreras allowed the evidence, but also required that the government provide a "declaration summarizing the contours of the law enforcement database used by Homeland Security Investigations to discover Hassanshahi’s phone number, including any limitations on how and when the database may be used." To comply with the judge’s order, Robert Patterson, the assistant special agent in charge of the DEA, wrote in the Thursday filing: As noted, this database was a federal law enforcement database. It could be used to query a telephone number where federal law enforcement officials had a reasonable articulable suspicion that the telephone number at issue was related to an ongoing federal criminal investigation. The Iranian number was determined to meet this standard based on specific information indicating that the Iranian number was being used for the purpose of importing technological goods to Iran in violation of United States law. Previously, the government had not revealed exactly how it began its investigation of Hassanshahi, and only referred cryptically to "[DHS]-accessible law enforcement databases," in Akronowitz’ 2013 and  2014 affidavits.

Similarly, other privacy-minded legal experts questioned the government’s tactics in this new revelation. "We just don’t know about the scope of these things, and that’s what’s disturbing," Andrew Crocker, a legal fellow at the Electronic Frontier Foundation, told Ars. His colleague, Hanni Fakhoury, an EFF attorney who used to be a federal public defender, added that he was "not surprised." "Bulk surveillance technologies and the dangerous legal theories that are used to support them trickle down, and here's a prime example of that," he wrote by e-mail. "The DEA's mandate is of course important but not at the level of national security where as you know there are serious legal questions about the propriety of this collection of phone metadata. And if the DEA has a program like this, it wouldn't surprise me if other agencies do too for other sorts of records the government has claimed it can collect with a subpoena (like bank records)."

Patrick Toomey, an attorney with the American Civil Liberties Union, chimed in to say that this indeed was a clear example of government overreach. "This disclosure underscores how the government has expanded its use of bulk collection far beyond the NSA and the national-security context, to rely on mass surveillance in ordinary criminal investigations," he said by e-mail. "It’s now clear that multiple government agencies have tracked the calls that Americans make to their parents and relatives, friends, and business associates overseas, all without any suspicion of wrongdoing," Toomey continued. "The DEA program shows yet again how strained and untenable legal theories have been used to secretly justify the surveillance of millions of innocent Americans using laws that were never written for that purpose."

The facility, a nondescript warehouse on Chicago’s west side known as Homan Square, has long been the scene of secretive work by special police units. Interviews with local attorneys and one protester who spent the better part of a day shackled in Homan Square describe operations that deny access to basic constitutional rights. Alleged police practices at Homan Square, according to those familiar with the facility who spoke out to the Guardian after its investigation into Chicago police abuse, include: Keeping arrestees out of official booking databases. Beating by police, resulting in head wounds. Shackling for prolonged periods. Denying attorneys access to the “secure” facility. Holding people without legal counsel for between 12 and 24 hours, including people as young as 15. At least one man was found unresponsive in a Homan Square “interview room” and later pronounced dead.

Brian Jacob Church, a protester known as one of the “Nato Three”, was held and questioned at Homan Square in 2012 following a police raid. Officers restrained Church for the better part of a day, denying him access to an attorney, before sending him to a nearby police station to be booked and charged.

The facility, a nondescript warehouse on Chicago’s west side known as Homan Square, has long been the scene of secretive work by special police units. Interviews with local attorneys and one protester who spent the better part of a day shackled in Homan Square describe operations that deny access to basic constitutional rights. Alleged police practices at Homan Square, according to those familiar with the facility who spoke out to the Guardian after its investigation into Chicago police abuse, include: Keeping arrestees out of official booking databases. Beating by police, resulting in head wounds. Shackling for prolonged periods. Denying attorneys access to the “secure” facility. Holding people without legal counsel for between 12 and 24 hours, including people as young as 15. At least one man was found unresponsive in a Homan Square “interview room” and later pronounced dead.

“Homan Square is definitely an unusual place,” Church told the Guardian on Friday. “It brings to mind the interrogation facilities they use in the Middle East. The CIA calls them black sites. It’s a domestic black site. When you go in, no one knows what’s happened to you.”

The secretive warehouse is the latest example of Chicago police practices that echo the much-criticized detention abuses of the US war on terrorism. While those abuses impacted people overseas, Homan Square – said to house military-style vehicles, interrogation cells and even a cage – trains its focus on Americans, most often poor, black and brown. Unlike a precinct, no one taken to Homan Square is said to be booked. Witnesses, suspects or other Chicagoans who end up inside do not appear to have a public, searchable record entered into a database indicating where they are, as happens when someone is booked at a precinct. Lawyers and relatives insist there is no way of finding their whereabouts. Those lawyers who have attempted to gain access to Homan Square are most often turned away, even as their clients remain in custody inside.

“It’s sort of an open secret among attorneys that regularly make police station visits, this place – if you can’t find a client in the system, odds are they’re there,” said Chicago lawyer Julia Bartmes. Chicago civil-rights attorney Flint Taylor said Homan Square represented a routinization of a notorious practice in local police work that violates the fifth and sixth amendments of the constitution. “This Homan Square revelation seems to me to be an institutionalization of the practice that dates back more than 40 years,” Taylor said, “of violating a suspect or witness’ rights to a lawyer and not to be physically or otherwise coerced into giving a statement.”

“It’s sort of an open secret among attorneys that regularly make police station visits, this place – if you can’t find a client in the system, odds are they’re there,” said Chicago lawyer Julia Bartmes. Chicago civil-rights attorney Flint Taylor said Homan Square represented a routinization of a notorious practice in local police work that violates the fifth and sixth amendments of the constitution.

At a fundamental level, suspicious activity reporting, as well as the digital and physical infrastructure of networked computer servers and fusion centers built around it, depends on what the government defines as suspicious.  As it happens, this turns out to include innocuous, First Amendment-protected behavior. As a start, a little history: the Nationwide Suspicious Activity Reporting Initiative was established in 2008 as a way for federal agencies, law enforcement, and the public to report and share potential terrorism-related information. The federal government then developed a list of 16 behaviors that it considered “reasonably indicative of criminal activity associated with terrorism.” Nine of those 16 behaviors, as the government acknowledges, could have nothing to do with criminal activity and are constitutionally protected, including snapping photographs, taking notes, and “observation through binoculars.”

There are any number of problems with this approach, starting with its premise.  Predicting who exactly is a future threat before a person has done anything wrong is a perilous undertaking. That’s especially the case if the public is encouraged to report suspicions of neighbors, colleagues, and community members based on a “hair-on-the-back-of-your-neck” threshold. Nor is it any comfort that the FBI promises to protect the innocent by investigating “suspicious” people in secret. The civil liberties and privacy implications are, in fact, truly hair-raising, particularly when the Bureau engages in abusive and discriminatory sting operations and other rights violations.

A few months later, a scathing report from the Senate subcommittee on homeland security described similar intelligence problems in state-based fusion centers. It found that Department of Homeland Security (DHS) personnel assigned to the centers “forwarded ‘intelligence’ of uneven quality -- oftentimes shoddy, rarely timely, sometimes endangering citizens’ civil liberties and Privacy Act protections... and more often than not unrelated to terrorism.”

Law enforcement officials, including the Los Angeles Police Department’s top counterterrorism officer, have themselves exhibited skepticism about suspicious activity reporting (out of concern with the possibility of overloading the system). In 2012, George Washington University’s Homeland Security Policy Institute surveyed counterterrorism personnel working in fusion centers and in a report generally accepting of SARs noted that the program had “flooded fusion centers, law enforcement, and other security outfits with white noise,” complicating “the intelligence process” and distorting “resource allocation and deployment decisions.” In other words, it was wasting time and sending personnel off on wild goose chases.

Under federal regulations, the government can only collect and maintain criminal intelligence information on an individual if there is a “reasonable suspicion” that he or she is “involved in criminal conduct or activity and the information is relevant to that criminal conduct or activity.” The SAR program officially lowered that bar significantly, violating the federal government’s own guidelines for maintaining a “criminal intelligence system.” There’s good reason for, at a minimum, using a reasonable suspicion standard. Anything less and it’s garbage in, garbage out, meaning counterterrorism “intelligence” databases become anything but intelligent.

yet another burgeoning secret database that the federal government calls its “consolidated terrorism watchlist.” Inclusion in this database -- and on government blacklists that are generated from it -- can bring more severe repercussions than unwarranted law enforcement attention. It can devastate lives.

There is hope, however. In August, four years after the ACLU filed a lawsuit on behalf of 13 people on the no-fly list, a judge ruled that the government’s redress system is unconstitutional. In early October, the government notified Mashal and six others that they were no longer on the list. Six of the ACLU’s clients remain unable to fly, but at least the government now has to disclose just why they have been put in that category, so that they can contest their blacklisting. Soon, others should have the same opportunity.

As of August 2013, there were approximately 47,000 people, including 800 U.S. citizens and legal permanent residents like Mashal, on that secretive no-fly list, all branded as “known or suspected terrorists.” All were barred from flying to, from, or over the United States without ever being given a reason why. On 9/11, just 16 names had been on the predecessor “no transport” list. The resulting increase of 293,650% -- perhaps more since 2013 -- isn’t an accurate gauge of danger, especially given that names are added to the list based on vague, broad, and error-prone standards.

The No Fly List is only the best known of the government’s web of terrorism watchlists. Many more exist, derived from the same master list.  Currently, there are more than one million names in the Terrorist Identities Datamart Environment, a database maintained by the National Counterterrorism Center. This classified source feeds the Terrorist Screening Database (TSDB), operated by the FBI’s Terrorist Screening Center. The TSDB is an unclassified but still secret list known as the “master watchlist.” containing what the government describes as “known or suspected terrorists,” or KSTs.

Nothing encapsulates the post-9/11, Alice-in-Wonderland inversion of American notions of due process more strikingly than this “blacklist first, innocence later... maybe” mindset. The Terrorist Screening Database is then used to fill other lists. In the context of aviation, this means the no-fly list, as well as the selectee and expanded selectee lists. Transportation security agents subject travelers on the latter two lists to extra screenings, which can include prolonged and invasive interrogation and searches of laptops, phones, and other electronic devices. Around the border, there’s the State Department’s Consular Lookout and Support System, which it uses to flag people it thinks shouldn’t get a visa, and the TECS System, which Customs and Border Protection uses to determine whether someone can enter the country.

According to documents recently leaked to the Intercept, as of August 2013 that master watchlist contained 680,000 people, including 5,000 U.S. citizens and legal permanent residents. The government can add people’s names to it according to a shaky “reasonable suspicion” standard. There is, however, growing evidence that what’s “reasonable” to the government may only remotely resemble what that word means in everyday usage. Information from a single source, even an uncorroborated Facebook post, can allow a government agent to watchlist an individual with virtually no outside scrutiny. Perhaps that’s why 40% of those on the master watchlist have “no recognized terrorist group affiliation,” according to the government’s own records.

This opens up the possibility of increased surveillance and tense encounters with the police, not to speak of outright harassment, for a large but undivulged number of people. When a police officer stops a person for a driving infraction, for instance, information about his or her KST status will pop up as soon a driver’s license is checked.  According to FBI documents, police officers who get a KST hit are warned to “approach with caution” and “ask probing questions.” When officers believe they’re about to go face to face with a terrorist, bad things can happen. It’s hardly a stretch of the imagination, particularly after a summer of police shootings of unarmed men, to suspect that an officer approaching a driver whom he believes to be a terrorist will be quicker to go for his gun. Meanwhile, the watchlisted person may never even know why his encounters with police have taken such a peculiar and menacing turn. According to the FBI's instructions, under no circumstances is a cop to tell a suspect that he or she is on a watchlist.

Inside the United States, no watchlist may be as consequential as the one that goes by the moniker of the Known or Appropriately Suspected Terrorist File. The names on this blacklist are shared with more than 17,000 state, local, and tribal police departments nationwide through the FBI’s National Crime Information Center (NCIC). Unlike any other information disseminated through the NCIC, the KST File reflects mere suspicion of involvement with criminal activity, so law enforcement personnel across the country are given access to a database of people who have secretly been labeled terrorism suspects with little or no actual evidence, based on virtually meaningless criteria.

And once someone is on this watchlist, good luck getting off it. According to the government’s watchlist rulebook, even a jury can’t help you. “An individual who is acquitted or against whom charges are dismissed for a crime related to terrorism,” it reads, “may nevertheless meet the reasonable standard and appropriately remain on, or be nominated to, the Terrorist Watchlist.” No matter the verdict, suspicion lasts forever.

The SARs program and the consolidated terrorism watchlist are just two domestic government databases of suspicion. Many more exist. Taken together, they should be seen as a new form of national ID for a growing group of people accused of no crime, who may have done nothing wrong, but are nevertheless secretly labeled by the government as suspicious or worse. Innocent until proven guilty has been replaced with suspicious until determined otherwise. Think of it as a new shadow system of national identification for a shadow government that is increasingly averse to operating in the light. It’s an ID its “owners” don’t carry around with them, yet it’s imposed on them whenever they interact with government agents or agencies. It can alter their lives in disastrous ways, often without their knowledge. And they could be you. If this sounds dystopian, that’s because it is.

The new license plate reader contract comes after years of internal lobbying by the agency. ICE first tested Vigilant’s system in 2012, gauging how effective it was at locating undocumented immigrants. Two years later, the agency issued an open solicitation for the technology, sparking an outcry from civil liberties group. Homeland Security secretary Jeh Johnson canceled the solicitation shortly afterward, citing privacy concerns, although two field offices subsequently formed rogue contracts with Vigilant in apparent violation of Johnson’s policy. In 2015, Homeland Security issued another call for bids, although an ICE representative said no contract resulted from that solicitation. As a result, this new contract is the first agency-wide contract ICE has completed with the company, a fact that is reflected in accompanying documents. On December 27th, 2017, Homeland Security issued an updated privacy assessment of license plate reader technology, a move it explained was necessary because “ICE has now entered into a contract with a vendor.” The new system places some limits on ICE surveillance, but not enough to quiet privacy concerns. Unlike many agencies, ICE won’t upload new data to Vigilant’s system but simply scan through the data that’s already there. In practical terms, that means driving past a Vigilant-linked camera might flag a car to ICE, but driving past an ICE camera won’t flag a car to everyone else using the system. License plates on the hot list will also expire after one year, and the system retains extensive audit logs to help supervisors trace back any abuse of the system. Still, the biggest concern for critics is the sheer scale of Vigilant’s network, assembled almost entirely outside of public accountability. “If ICE were to propose a system that would do what Vigilant does, there would be a huge privacy uproar and I don’t think Congress would approve it,” Stanley says. “But because it’s a private contract, they can sidestep that process.”

Even in their redacted form the reports give insight into the level of power individual agency employees have in ordering surveillance, and the intentional and unintentional abuses that can take place in an environment of minimal oversight. Though NSA officials have repeatedly suggested that the agency has rigorous safeguards in place to prevent individual employees from abusing their powers of surveillance, the agency’s own confidential internal reporting appears to contradict this. “The government conducts sweeping surveillance under this authority -— surveillance that increasingly puts Americans’ data in the hands of the NSA”, Patrick Toomey of the ACLU’s National Security Project said in comments to Bloomberg News. “Despite that fact, this spying is conducted almost entirely in secret and without legislative or judicial oversight.”

Also revealed in today’s report is the number of times the government has queried the controversial phone records database it created by collecting the phone records of every subscriber from U.S. providers. According to the report, the government used 423 “selectors” to search its massive phone records database, which includes records going back to at least 2006 when the program began. A search involves querying a specific phone number or device ID that appears in the database. The government has long maintained that its collection of phone records isn’t a violation of its authority, since it only views the records of specific individuals targeted in an investigation. But such searches, even if targeted at phone numbers used by foreigners, would include calls made to and from Americans as well as calls exchanged with people two or three hops out from the targeted number.

The report, remarkably, shows that the government obtained just one order last year under Section 702 of FISA—which allows for bulk collection of data on foreigners—and that this one order covered 89,138 targets. But, as the report notes, “target” can refer to “an individual person, a group, an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information.” Furthermore, Section 702 orders are actually certificates issued by the FISA Court that can cover surveillance of an entire facility. And since, as the government points out in its report, the government cannot know how many people use a facility, the figure only “reflects an estimate of the number of known users of particular facilities (sometimes referred to as selectors) subject to intelligence collection under those Certifications,” the report notes.

One additional figure today’s report covers is the number of National Security Letters the government issued last year to businesses to obtain data on accountholders and users—19,212. NSLs are written demands from the FBI that compel internet service providers, credit companies, financial institutions and others to hand over confidential records about their customers, such as subscriber information, phone numbers and e-mail addresses, websites visited, and more. These letters are a powerful tool because they do not require court approval, and they come with a built-in gag order, preventing recipients from disclosing to anyone that they have received an NSL. An FBI agent looking into a possible anti-terrorism case can self-issue an NSL to a credit bureau, ISP, or phone company with only the sign-off of the Special Agent in Charge of their office. The FBI has merely to assert that the information is “relevant” to an investigation into international terrorism or clandestine intelligence activities.

The FBI has issued hundreds of thousands of NSLs over the years and has been reprimanded for abusing them. Last year a federal judge ruled that the use of NSLs is unconstitutional, due to the gag order that accompanies them, and ordered the government to stop using them. Her ruling, however, was stayed pending the government’s appeal.

According to the government’s report today, the 19,000 NSLs issued last year involved more than 38,000 requests for information.

The president also went further than his review panel in suggesting the US needed to rein in its overseas surveillance activities. “We have got to provide more confidence to the international community. In a virtual world, some of these boundaries don’t matter any more,” he said. “The values that we have got as Americans are ones that we have to be willing to apply beyond our borders, perhaps more systematically than we have done in the past.”

Conspicuously, Obama declined to rebut one assessment from his surveillance review group – that the bulk collection of US call data was not essential to stopping a terrorist attack. Instead, he contended that there had been “no abuse” of the bulk phone data collection. But in 2009, a judge on the secret surveillance court prevented the NSA from searching through its databases of US phone information after discovering “daily violations” resulting from NSA searches of Americans’ phone records without reasonable suspicion of connections to terrorism. That data was inaccessible to the NSA for almost all of 2009, before the Fisa court was convinced the NSA had sufficient safeguards in place for preventing similar violations

In another indication of the shifting landscape on surveillance, the telecoms giant AT&T announced on Friday that it will begin publishing a semi-annual report about its complicity with government surveillance requests. AT&T followed its competitor Verizon, which announced a similar move on Thursday.

The first such report is expected for early 2014, Watts said. While technology firms like Yahoo and Google have pushed for greater transparency about providing their customer data to the government, the telecommunications firms – which have cooperated with the NSA since the agency’s 1952 inception – did not join them before the events of the past week.

Yet marketing documents obtained by The Washington Post show that companies are offering powerful systems that are designed to evade detection while plotting movements of surveillance targets on computerized maps. The documents claim system success rates of more than 70 percent. A 24-page marketing brochure for SkyLock, a cellular tracking system sold by Verint, a maker of analytics systems based in Melville, N.Y., carries the subtitle “Locate. Track. Manipulate.” The document, dated January 2013 and labeled “Commercially Confidential,” says the system offers government agencies “a cost-effective, new approach to obtaining global location information concerning known targets.”

tracking systems that access carrier location databases are unusual in their ability to allow virtually any government to track people across borders, with any type of cellular phone, across a wide range of carriers — without the carriers even knowing. These systems also can be used in tandem with other technologies that, when the general location of a person is already known, can intercept calls and Internet traffic, activate microphones, and access contact lists, photos and other documents. Companies that make and sell surveillance technology seek to limit public information about their systems’ capabilities and client lists, typically marketing their technology directly to law enforcement and intelligence services through international conferences that are closed to journalists and other members of the public.

Security experts say hackers, sophisticated criminal gangs and nations under sanctions also could use this tracking technology, which operates in a legal gray area. It is illegal in many countries to track people without their consent or a court order, but there is no clear international legal standard for secretly tracking people in other countries, nor is there a global entity with the authority to police potential abuses.

(Privacy International has collected several marketing brochures on cellular surveillance systems, including one that refers briefly to SkyLock, and posted them on its Web site. The 24-page SkyLock brochure and other material was independently provided to The Post by people concerned that such systems are being abused.)

Verint, which also has substantial operations in Israel, declined to comment for this story. It says in the marketing brochure that it does not use SkyLock against U.S. or Israeli phones, which could violate national laws. But several similar systems, marketed in recent years by companies based in Switzerland, Ukraine and elsewhere, likely are free of such limitations.

The tracking technology takes advantage of the lax security of SS7, a global network that cellular carriers use to communicate with one another when directing calls, texts and Internet data. The system was built decades ago, when only a few large carriers controlled the bulk of global phone traffic. Now thousands of companies use SS7 to provide services to billions of phones and other mobile devices, security experts say. All of these companies have access to the network and can send queries to other companies on the SS7 system, making the entire network more vulnerable to exploitation. Any one of these companies could share its access with others, including makers of surveillance systems.

Companies that market SS7 tracking systems recommend using them in tandem with “IMSI catchers,” increasingly common surveillance devices that use cellular signals collected directly from the air to intercept calls and Internet traffic, send fake texts, install spyware on a phone, and determine precise locations. IMSI catchers — also known by one popular trade name, StingRay — can home in on somebody a mile or two away but are useless if a target’s general location is not known. SS7 tracking systems solve that problem by locating the general area of a target so that IMSI catchers can be deployed effectively. (The term “IMSI” refers to a unique identifying code on a cellular phone.)

Verint can install SkyLock on the networks of cellular carriers if they are cooperative — something that telecommunications experts say is common in countries where carriers have close relationships with their national governments. Verint also has its own “worldwide SS7 hubs” that “are spread in various locations around the world,” says the brochure. It does not list prices for the services, though it says that Verint charges more for the ability to track targets in many far-flung countries, as opposed to only a few nearby ones. Among the most appealing features of the system, the brochure says, is its ability to sidestep the cellular operators that sometimes protect their users’ personal information by refusing government requests or insisting on formal court orders before releasing information.

Another company, Defentek, markets a similar system called Infiltrator Global Real-Time Tracking System on its Web site, claiming to “locate and track any phone number in the world.” The site adds: “It is a strategic solution that infiltrates and is undetected and unknown by the network, carrier, or the target.”

The FBI does not track how many queries it conducts using U.S. person identifiers. The FBI is responsible for identifying and countering threats to the homeland, such as terrorism pilots and espionage, inside the U.S. Unlike other IC agencies, because of its domestic mission, the FBI routinely deals with information about US persons and is expected to look for domestic connections to threats emanating from abroad, including threats involving Section 702 non-US. person targets. To fulfill its mission and avoid missing connections within the information lawfully in its possession, the FBI does not distinguish between U.S. and non- U.S. persons for purposes of querying Section 702 collection. It should be noted that the FBI does not receive all of Section 702 collection; rather, the FBI only requests and receives a small percentage of total Section 702 collection and only for those selectors in which the FBI has an investigative interest. Moreover, because the FBI stores Section 702 collection in the same database as its "traditional" FISA collection, a query of "traditional" FISA collection will also query Section 702 collection. In addition, the FBI routinely conducts queries across its databases in an effort to locate relevant information that is already in its possession when it opens new national security investigations and assessments. Therefore, the FBI believes the number of queries is substantial. However, only FBI personnel trained in the Section 702 minimization procedures are able to View any Section 702 collection that is responsive to any query.

In calendar year 2013, CIA conducted fewer than 1900 queries of Section 702-acquired communications using specific U.S. person identifiers as query terms or other more general query terms if they are intended to return information about a particular U.S. person. Of that total number approximately 40% were conducted as a result of requests for counterterrorism-related information from other U.S. intelligence agencies. Approximately 27% of the total number are duplicative or recurring queries conducted at different times using the same identifiers but that CIA nonetheless counts as separate queries. CIA also uses U.S. person identifiers to conduct metadata-only queries against metadata derived from the FISA Section 702 collection. However, the CIA does not track the number of metadata-only queries using U.S. person identifiers.

So, the CIA is doing these kinds of warrantless fishing expeditions into the communications of Americans as well, but at least the CIA tracks how often it's doing so. Of course, when it comes to metadata searches, the CIA doesn't bother. It's also a bit bizarre that the CIA is apparently carrying out a bunch of those searches for "other U.S. intelligence agencies," when the CIA should be especially limited in its ability to do these searches in the first place. Senator Wyden has responded to these revelations by pointing out how "flawed" the oversight system is that these have been allowed:

When the FBI says it conducts a substantial number of searches and it has no idea of what the number is, it shows how flawed this system is and the consequences of inadequate oversight. This huge gap in oversight is a problem now, and will only grow as global communications systems become more interconnected. The findings transmitted to me raise questions about whether the FBI is exercising any internal controls over the use of backdoor searches including who and how many government employees can access the personal data of individual Americans. I intend to follow this up until it is fixed.

Hopefully, now you are starting to recognize what a big deal it was last week when the House of Representatives recently voted to defund the ability to do these kinds of backdoor searches. Still, much more needs to be done. Oh, and in case you're wondering why Clapper finally 'fessed up to the FBI and CIA making use of these data to warrantlessly spy on Americans, it's worth noting that the Privacy and Civil Liberties Oversight Board (PCLOB) is expected to come out with its report on the Section 702 surveillance program on July 2nd (7/02, get it?). It seems likely that the report will discuss these backdoor searches on Americans and how other agencies besides the NSA has been involved in the practice.

A Columbia University computer sciences expert who heads one of the DNI-funded teams, Steven M. Bellovin, estimates the government could start conducting encrypted searches within the next year or two. "If the NSA wanted to deploy something like this it would take one to two years to get the hardware and software in place to start collecting data this way either from phone companies or whatever other entity they decide on," said Bellovin, who is also a former chief technologist for the Federal Trade Commission.

An encrypted search system would permit the NSA to shift storage of phone records to either phone providers or a third party, and conduct secure searches remotely through their databases. The coding could shield both the extracted metadata and identities of those conducting the searches, Bellovin said. The government could use encrypted searches to ensure its analysts were not leaking information or abusing anyone's privacy during their data searches. And the technique could also be used by the NSA to securely search out and retrieve Internet metadata, such as emails and other electronic records. Some computer science experts are less sanguine about the prospects for encrypted search techniques. Searches could bog down because of the encryption computations needed, said Daniel Weitzner, principal research scientist at MIT's Computer Science and Artificial Intelligence Laboratory and former deputy U.S. chief technology officer for the Obama administration. "There's no silver bullet that guarantees the intelligence community will only have access to the records they're supposed to have access to," Weitzner said. "We also need oversight of the actual use of the data."

The encrypted search techniques could make it more difficult for hackers to access the phone records and could prevent phone companies from knowing which records the government was searching. "It would remove one of the big objections to having the phone companies hold the data," Bellovin said. Similar research is underway by researchers at University of California at Irvine; a group from the University of Wisconsin-Madison and the University of Texas at Austin; another group from MIT, Yale and Rensselaer Polytechnic Institute; and a fourth from Stealth Software Technologies, a Los Angeles-based technology company.

1) More detail on how direct NSA's accesses are is coming, but in general, the reality is this: if an NSA, FBI, CIA, DIA, etc analyst has access to query raw SIGINT databases, they can enter and get results for anything they want. Phone number, email, user id, cell phone handset id (IMEI), and so on - it's all the same. The restrictions against this are policy based, not technically based, and can change at any time. Additionally, audits are cursory, incomplete, and easily fooled by fake justifications. For at least GCHQ, the number of audited queries is only 5% of those performed.

Obama's campaign promises and election gave me faith that he would lead us toward fixing the problems he outlined in his quest for votes. Many Americans felt similarly. Unfortunately, shortly after assuming power, he closed the door on investigating systemic violations of law, deepened and expanded several abusive programs, and refused to spend the political capital to end the kind of human rights violations like we see in Guantanamo, where men still sit without charge.

All I can say right now is the US Government is not going to be able to cover this up by jailing or murdering me. Truth is coming, and it cannot be stopped

NSA likes to use "domestic" as a weasel word here for a number of reasons. The reality is that due to the FISA Amendments Act and its section 702 authorities, Americans’ communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant. They excuse this as "incidental" collection, but at the end of the day, someone at NSA still has the content of your communications. Even in the event of "warranted" intercept, it's important to understand the intelligence community doesn't always deal with what you would consider a "real" warrant like a Police department would have to, the "warrant" is more of a templated form they fill out and send to a reliable judge with a rubber stamp.

Glenn Greenwald follow up: When you say "someone at NSA still has the content of your communications" - what do you mean? Do you mean they have a record of it, or the actual content? Both. If I target for example an email address, for example under FAA 702, and that email address sent something to you, Joe America, the analyst gets it. All of it. IPs, raw data, content, headers, attachments, everything. And it gets saved for a very long time - and can be extended further with waivers rather than warrants.

What are your thoughts on Google's and Facebook's denials? Do you think that they're honestly in the dark about PRISM, or do you think they're compelled to lie? Perhaps this is a better question to a lawyer like Greenwald, but: If you're presented with a secret order that you're forbidding to reveal the existence of, what will they actually do if you simply refuse to comply (without revealing the order)? Answer: Their denials went through several revisions as it become more and more clear they were misleading and included identical, specific language across companies. As a result of these disclosures and the clout of these companies, we're finally beginning to see more transparency and better details about these programs for the first time since their inception. They are legally compelled to comply and maintain their silence in regard to specifics of the program, but that does not comply them from ethical obligation. If for example Facebook, Google, Microsoft, and Apple refused to provide this cooperation with the Intelligence Community, what do you think the government would do? Shut them down?

Some skepticism exists about certain of your claims, including this: I, sitting at my desk, certainly had the authorities to wiretap anyone, from you, or your accountant, to a federal judge, to even the President if I had a personal email. Do you stand by that, and if so, could you elaborate? Answer: Yes, I stand by it. US Persons do enjoy limited policy protections (and again, it's important to understand that policy protection is no protection - policy is a one-way ratchet that only loosens) and one very weak technical protection - a near-the-front-end filter at our ingestion points. The filter is constantly out of date, is set at what is euphemistically referred to as the "widest allowable aperture," and can be stripped out at any time. Even with the filter, US comms get ingested, and even more so as soon as they leave the border. Your protected communications shouldn't stop being protected communications just because of the IP they're tagged with. More fundamentally, the "US Persons" protection in general is a distraction from the power and danger of this system. Suspicionless surveillance does not become okay simply because it's only victimizing 95% of the world instead of 100%. Our founders did not write that "We hold these Truths to be self-evident, that all US Persons are created equal."

Edward, there is rampant speculation, outpacing facts, that you have or will provide classified US information to the Chinese or other governments in exchange for asylum. Have/will you? Answer: This is a predictable smear that I anticipated before going public, as the US media has a knee-jerk "RED CHINA!" reaction to anything involving HK or the PRC, and is intended to distract from the issue of US government misconduct. Ask yourself: if I were a Chinese spy, why wouldn't I have flown directly into Beijing? I could be living in a palace petting a phoenix by now.

US officials say this every time there's a public discussion that could limit their authority. US officials also provide misleading or directly false assertions about the value of these programs, as they did just recently with the Zazi case, which court documents clearly show was not unveiled by PRISM. Journalists should ask a specific question: since these programs began operation shortly after September 11th, how many terrorist attacks were prevented SOLELY by information derived from this suspicionless surveillance that could not be gained via any other source? Then ask how many individual communications were ingested to acheive that, and ask yourself if it was worth it. Bathtub falls and police officers kill more Americans than terrorism, yet we've been asked to sacrifice our most sacred rights for fear of falling victim to it. Further, it's important to bear in mind I'm being called a traitor by men like former Vice President Dick Cheney. This is a man who gave us the warrantless wiretapping scheme as a kind of atrocity warm-up on the way to deceitfully engineering a conflict that has killed over 4,400 and maimed nearly 32,000 Americans, as well as leaving over 100,000 Iraqis dead. Being called a traitor by Dick Cheney is the highest honor you can give an American, and the more panicked talk we hear from people like him, Feinstein, and King, the better off we all are. If they had taught a class on how to be the kind of citizen Dick Cheney worries about, I would have finished high school.

Is encrypting my email any good at defeating the NSA survelielance? Id my data protected by standard encryption? Answer: Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it. 

Binney, Drake, Kiriakou, and Manning are all examples of how overly-harsh responses to public-interest whistle-blowing only escalate the scale, scope, and skill involved in future disclosures. Citizens with a conscience are not going to ignore wrong-doing simply because they'll be destroyed for it: the conscience forbids it. Instead, these draconian responses simply build better whistleblowers. If the Obama administration responds with an even harsher hand against me, they can be assured that they'll soon find themselves facing an equally harsh public response. This disclosure provides Obama an opportunity to appeal for a return to sanity, constitutional policy, and the rule of law rather than men. He still has plenty of time to go down in history as the President who looked into the abyss and stepped back, rather than leaping forward into it. I would advise he personally call for a special committee to review these interception programs, repudiate the dangerous "State Secrets" privilege, and, upon preparing to leave office, begin a tradition for all Presidents forthwith to demonstrate their respect for the law by appointing a special investigator to review the policies of their years in office for any wrongdoing. There can be no faith in government if our highest offices are excused from scrutiny - they should be setting the example of transparency. 

What would you say to others who are in a position to leak classified information that could improve public understanding of the intelligence apparatus of the USA and its effect on civil liberties?

This country is worth dying for.

My question: given the enormity of what you are facing now in terms of repercussions, can you describe the exact moment when you knew you absolutely were going to do this, no matter the fallout, and what it now feels like to be living in a post-revelation world? Or was it a series of moments that culminated in action? I think it might help other people contemplating becoming whistleblowers if they knew what the ah-ha moment was like. Again, thanks for your courage and heroism. Answer: I imagine everyone's experience is different, but for me, there was no single moment. It was seeing a continuing litany of lies from senior officials to Congress - and therefore the American people - and the realization that that Congress, specifically the Gang of Eight, wholly supported the lies that compelled me to act. Seeing someone in the position of James Clapper - the Director of National Intelligence - baldly lying to the public without repercussion is the evidence of a subverted democracy. The consent of the governed is not consent if it is not informed.

Regarding whether you have secretly given classified information to the Chinese government, some are saying you didn't answer clearly - can you give a flat no? Answer: No. I have had no contact with the Chinese government. Just like with the Guardian and the Washington Post, I only work with journalists.

So far are things going the way you thought they would regarding a public debate? – tikkamasala Answer: Initially I was very encouraged. Unfortunately, the mainstream media now seems far more interested in what I said when I was 17 or what my girlfriend looks like rather than, say, the largest program of suspicionless surveillance in human history.

Thanks to everyone for their support, and remember that just because you are not the target of a surveillance program does not make it okay. The US Person / foreigner distinction is not a reasonable substitute for individualized suspicion, and is only applied to improve support for the program. This is the precise reason that NSA provides Congress with a special immunity to its surveillance.

Under the traditional FISA, if the government wants to conduct electronic surveillance, it must make a classified application to a special court, identitying or describing the target. It must demonstrate probable cause that the target is a foreign power or an agent thereof, and that the facilities to be monitored will be used by the target.In 2008, Congress added section 702 to the statute, allowing the government to use electronic surveillance to collect foreign intelligence on non-U.S. persons it reasonably believes are abroad, without a court order for each target. A U.S. citizen may not intentionally be targeted.To the extent that the FISC sanctioned PRISM, it may be consistent with the law. But it is disingenuous to suggest that millions of Americans’ e-mails, photographs and documents are “incidental” to an investigation targeting foreigners overseas.The telephony metadata program raises similar concerns. FISA did not originally envision the government accessing records. Following the 1995 Oklahoma City bombing, Congress allowed applications for obtaining records from certain kinds of businesses. In 2001, lawmakers further expanded FISA to give the government access to any business or personal records. Under section 215 of the Patriot Act, the government no longer has to prove that the target is a foreign power. It need only state that the records are sought as part of an investigation to protect against terrorism or clandestine intelligence.

The telephony metadata program raises similar concerns. FISA did not originally envision the government accessing records. Following the 1995 Oklahoma City bombing, Congress allowed applications for obtaining records from certain kinds of businesses. In 2001, lawmakers further expanded FISA to give the government access to any business or personal records. Under section 215 of the Patriot Act, the government no longer has to prove that the target is a foreign power. It need only state that the records are sought as part of an investigation to protect against terrorism or clandestine intelligence.This means that FISA can now be used to gather records concerning individuals who are neither the target of any investigation nor an agent of a foreign power. Entire databases — such as telephony metadata — can be obtained, as long as an authorized investigation exists.Congress didn’t pass Section 215 to allow for the wholesale collection of information. As Rep. F. James Sensenbrenner Jr. (R-Wis.), who helped draft the statute, wrote in the Guardian: “Congress intended to allow the intelligence communities to access targeted information for specific investigations. How can every call that every American makes or receives be relevant to a specific investigation?”As a constitutional matter, the Supreme Court has long held that, where an individual has a reasonable expectation of privacy, search and seizure may occur only once the government has obtained a warrant, supported by probable cause and issued by a judge. The warrant must specify the places to be searched and items to be seized.

There are exceptions to the warrant requirement. In 1979 the court held that the use of a pen register to record numbers dialed from someone’s home was not a search. The court suggested that people who disclose their communications to others assume the risk that law enforcement may obtain the information.More than three decades later, digitization and the explosion of social-network technology have changed the calculus. In the ordinary course of life, third parties obtain massive amounts of information about us that, when analyzed, have much deeper implications for our privacy than before.As for Section 702 of FISA, the Supreme Court has held that the Fourth Amendment does not protect foreigners from searches conducted abroad. But it has never recognized a foreign intelligence exception to the warrant requirement when foreign-targeted searches result in the collection of vast stores of citizens’ communications.Americans reasonably expect that their movements, communications and decisions will not be recorded and analyzed by the government. A majority of the Supreme Court seems to agree. Last year, the court considered a case involving 28-day GPS surveillance. Justice Samuel Alito suggested that in most criminal investigations, long-term monitoring “impinges on expectations of privacy.” Justice Sonia Sotomayor recognized that following a person’s movements “reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.”The FISC is supposed to operate as a check. But it is a secret court, notorious for its low rate of denial. From 1979 to 2002, it did not reject a single application. Over the past five years, out of nearly 8,600 applications, only two have been denied.

On January 16, 2003, Senator Russ Feingold introduced legislation to suspend the activity of the IAO and the Total Information Awareness program pending a Congressional review of privacy issues involved.[8] A similar measure introduced by Senator Ron Wyden would have prohibited the IAO from operating within the United States unless specifically authorized to do so by Congress, and would have shut the IAO down entirely 60 days after passage unless either the Pentagon prepared a report to Congress assessing the impact of IAO activities on individual privacy and civil liberties or the President certified the program's research as vital to national security interests. In February 2003, Congress passed legislation suspending activities of the IAO pending a Congressional report of the office's activities (Consolidated Appropriations Resolution, 2003, No.108–7, Division M, §111(b) [signed Feb. 20, 2003]). In response to this legislation, DARPA provided Congress on May 20, 2003 with a report on its activities.[9] In this report, IAO changed the name of the program to the Terrorism Information Awareness Program and emphasized that the program was not designed to compile dossiers on US citizens, but rather to research and develop the tools that would allow authorized agencies to gather information on terrorist networks. Despite the name change and these assurances, the critics continued to see the system as prone to potential misuse or abuse. As a result House and Senate negotiators moved to prohibit further funding for the TIA program by adding provisions to the Department of Defense Appropriations Act, 2004[10] (signed into law by President Bush on October 1, 2003). Further, the Joint Explanatory Statement included in the conference committee report specifically directed that the IAO as program manager for TIA be terminated immediately.[11]