Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged fiber-optic

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Secret to Prism program: Even bigger data seizure - 0 views

bigstory.ap.org/...ccess-even-bigger-data-seizure

surveillance state NSA must-read

shared by Paul Merrell on 17 Jun 13 - No Cached
  • The revelation of Prism this month by the Washington Post and Guardian newspapers has touched off the latest round in a decade-long debate over what limits to impose on government eavesdropping, which the Obama administration says is essential to keep the nation safe. But interviews with more than a dozen current and former government and technology officials and outside experts show that, while Prism has attracted the recent attention, the program actually is a relatively small part of a much more expansive and intrusive eavesdropping effort. Americans who disapprove of the government reading their emails have more to worry about from a different and larger NSA effort that snatches data as it passes through the fiber optic cables that make up the Internet's backbone. That program, which has been known for years, copies Internet traffic as it enters and leaves the United States, then routes it to the NSA for analysis.
  • Whether by clever choice or coincidence, Prism appears to do what its name suggests. Like a triangular piece of glass, Prism takes large beams of data and helps the government find discrete, manageable strands of information. The fact that it is productive is not surprising; documents show it is one of the major sources for what ends up in the president's daily briefing. Prism makes sense of the cacophony of the Internet's raw feed. It provides the government with names, addresses, conversation histories and entire archives of email inboxes.
  • The NSA is prohibited from spying on Americans or anyone inside the United States. That's the FBI's job and it requires a warrant. Despite that prohibition, shortly after the Sept. 11 terrorist attacks, President George W. Bush secretly authorized the NSA to plug into the fiber optic cables that enter and leave the United States, knowing it would give the government unprecedented, warrantless access to Americans' private conversations. Tapping into those cables allows the NSA access to monitor emails, telephone calls, video chats, websites, bank transactions and more. It takes powerful computers to decrypt, store and analyze all this information, but the information is all there, zipping by at the speed of light. "You have to assume everything is being collected," said Bruce Schneier, who has been studying and writing about cryptography and computer security for two decades. The New York Times disclosed the existence of this effort in 2005. In 2006, former AT&T technician Mark Klein revealed that the company had allowed the NSA to install a computer at its San Francisco switching center, a key hub for fiber optic cables.
  • ...11 more annotations...
  • Many of the people interviewed for this report insisted on anonymity because they were not authorized to publicly discuss a classified, continuing effort. But those interviews, along with public statements and the few public documents available, show there are two vital components to Prism's success. The first is how the government works closely with the companies that keep people perpetually connected to each other and the world. That story line has attracted the most attention so far. The second and far murkier one is how Prism fits into a larger U.S. wiretapping program in place for years.
  • The government has said it minimizes all conversations and emails involving Americans. Exactly what that means remains classified. But former U.S. officials familiar with the process say it allows the government to keep the information as long as it is labeled as belonging to an American and stored in a special, restricted part of a computer. That means Americans' personal emails can live in government computers, but analysts can't access, read or listen to them unless the emails become relevant to a national security investigation. The government doesn't automatically delete the data, officials said, because an email or phone conversation that seems innocuous today might be significant a year from now. What's unclear to the public is how long the government keeps the data. That is significant because the U.S. someday will have a new enemy. Two decades from now, the government could have a trove of American emails and phone records it can tap to investigative whatever Congress declares a threat to national security.
  • The Bush administration shut down its warrantless wiretapping program in 2007 but endorsed a new law, the Protect America Act, which allowed the wiretapping to continue with changes: The NSA generally would have to explain its techniques and targets to a secret court in Washington, but individual warrants would not be required. Congress approved it, with Sen. Barack Obama, D-Ill., in the midst of a campaign for president, voting against it.
  • That's one example of how emails belonging to Americans can become swept up in the hunt. In that way, Prism helps justify specific, potentially personal searches. But it's the broader operation on the Internet fiber optics cables that actually captures the data, experts agree. "I'm much more frightened and concerned about real-time monitoring on the Internet backbone," said Wolf Ruzicka, CEO of EastBanc Technologies, a Washington software company. "I cannot think of anything, outside of a face-to-face conversation, that they could not have access to."
  • When the Protect America Act made warrantless wiretapping legal, lawyers and executives at major technology companies knew what was about to happen.
  • For years, the companies had been handling requests from the FBI. Now Congress had given the NSA the authority to take information without warrants. Though the companies didn't know it, the passage of the Protect America Act gave birth to a top-secret NSA program, officially called US-98XN. It was known as Prism. Though many details are still unknown, it worked like this:
  • Facebook said it received between 9,000 and 10,000 requests for data from all government agencies in the second half of last year. The social media company said fewer than 19,000 users were targeted.
  • Every company involved denied the most sensational assertion in the Prism documents: that the NSA pulled data "directly from the servers" of Microsoft, Yahoo, Google, Facebook, AOL and more. Technology experts and a former government official say that phrasing, taken from a PowerPoint slide describing the program, was likely meant to differentiate Prism's neatly organized, company-provided data from the unstructured information snatched out of the Internet's major pipelines. In slide made public by the newspapers, NSA analysts were encouraged to use data coming from both Prism and from the fiber-optic cables. Prism, as its name suggests, helps narrow and focus the stream. If eavesdroppers spot a suspicious email among the torrent of data pouring into the United States, analysts can use information from Internet companies to pinpoint the user. With Prism, the government gets a user's entire email inbox. Every email, including contacts with American citizens, becomes government property. Once the NSA has an inbox, it can search its huge archives for information about everyone with whom the target communicated. All those people can be investigated, too.
  • What followed was the most significant debate over domestic surveillance since the 1975 Church Committee, a special Senate committee led by Sen. Frank Church, D-Idaho, reined in the CIA and FBI for spying on Americans. Unlike the recent debate over Prism, however, there were no visual aids, no easy-to-follow charts explaining that the government was sweeping up millions of emails and listening to phone calls of people accused of no wrongdoing.
  • A few months after Obama took office in 2009, the surveillance debate reignited in Congress because the NSA had crossed the line. Eavesdroppers, it turned out, had been using their warrantless wiretap authority to intercept far more emails and phone calls of Americans than they were supposed to. Obama, no longer opposed to the wiretapping, made unspecified changes to the process. The government said the problems were fixed.
  • Schneier, the author and security expert, said it doesn't really matter how Prism works, technically. Just assume the government collects everything, he said. He said it doesn't matter what the government and the companies say, either. It's spycraft, after all. "Everyone is playing word games," he said. "No one is telling the truth."
  • Paul Merrell on 17 Jun 13
     
    Associated Press is now doing its job with a masterful overview of NSA capabilities, discussing how NSA scoops up all "backbone" telecommunications, then uses PRISM to narrow down the specific communications they decide to look at. This one is a "must read" article if you're interested in the NSA scandal. It ties a lot of the pieces together.  
Paul Merrell

How Secret Partners Expand NSA's Surveillance Dragnet - The Intercept - 0 views

firstlook.org/...le-partners-revealed-rampart-a

surveillance state NSA NSA-partners fiber-optic

shared by Paul Merrell on 20 Jun 14 - No Cached
  • Huge volumes of private emails, phone calls, and internet chats are being intercepted by the National Security Agency with the secret cooperation of more foreign governments than previously known, according to newly disclosed documents from whistleblower Edward Snowden. The classified files, revealed today by the Danish newspaper Dagbladet Information in a reporting collaboration with The Intercept, shed light on how the NSA’s surveillance of global communications has expanded under a clandestine program, known as RAMPART-A, that depends on the participation of a growing network of intelligence agencies.
  • It has already been widely reported that the NSA works closely with eavesdropping agencies in the United Kingdom, Canada, New Zealand, and Australia as part of the so-called Five Eyes surveillance alliance. But the latest Snowden documents show that a number of other countries, described by the NSA as “third-party partners,” are playing an increasingly important role – by secretly allowing the NSA to install surveillance equipment on their fiber-optic cables. The NSA documents state that under RAMPART-A, foreign partners “provide access to cables and host U.S. equipment.” This allows the agency to covertly tap into “congestion points around the world” where it says it can intercept the content of phone calls, faxes, e-mails, internet chats, data from virtual private networks, and calls made using Voice over IP software like Skype.
  • The secret documents reveal that the NSA has set up at least 13 RAMPART-A sites, nine of which were active in 2013. Three of the largest – codenamed AZUREPHOENIX, SPINNERET and MOONLIGHTPATH – mine data from some 70 different cables or networks. The precise geographic locations of the sites and the countries cooperating with the program are among the most carefully guarded of the NSA’s secrets, and these details are not contained in the Snowden files. However, the documents point towards some of the countries involved – Denmark and Germany among them. An NSA memo prepared for a 2012 meeting between the then-NSA director, Gen. Keith Alexander, and his Danish counterpart noted that the NSA had a longstanding partnership with the country’s intelligence service on a special “cable access” program. Another document, dated from 2013 and first published by Der Spiegel on Wednesday, describes a German cable access point under a program that was operated by the NSA, the German intelligence service BND, and an unnamed third partner.
  • ...2 more annotations...
  • The program, which the secret files show cost U.S. taxpayers about $170 million between 2011 and 2013, sweeps up a vast amount of communications at lightning speed. According to the intelligence community’s classified “Black Budget” for 2013, RAMPART-A enables the NSA to tap into three terabits of data every second as the data flows across the compromised cables – the equivalent of being able to download about 5,400 uncompressed high-definition movies every minute. In an emailed statement, the NSA declined to comment on the RAMPART-A program. “The fact that the U.S. government works with other nations, under specific and regulated conditions, mutually strengthens the security of all,” said NSA spokeswoman Vanee’ Vines. “NSA’s efforts are focused on ensuring the protection of the national security of the United States, its citizens, and our allies through the pursuit of valid foreign intelligence targets only.”
  • The Danish and German operations appear to be associated with RAMPART-A because it is the only NSA cable-access initiative that depends on the cooperation of third-party partners. Other NSA operations tap cables without the consent or knowledge of the countries that host the cables, or are operated from within the United States with the assistance of American telecommunications companies that have international links. One secret NSA document notes that most of the RAMPART-A projects are operated by the partners “under the cover of an overt comsat effort,” suggesting that the tapping of the fiber-optic cables takes place at Cold War-era eavesdropping stations in the host countries, usually identifiable by their large white satellite dishes and radomes. A shortlist of other countries potentially involved in the RAMPART-A operation is contained in the Snowden archive. A classified presentation dated 2013, published recently in Intercept editor Glenn Greenwald’s book No Place To Hide, revealed that the NSA had top-secret spying agreements with 33 third-party countries, including Denmark, Germany, and 15 other European Union member states:
  • Paul Merrell on 20 Jun 14
     
    Don't miss the slide with the names of the NSA-partner nations. Lots of E.U. member nations.
Paul Merrell

Tomgram: Alfred McCoy, It's About Blackmail, Not National Security | TomDispatch - 0 views

www.tomdispatch.com/...kmail%2C_not_national_security

surveillance state blackmail power-projection empire Obama BushII

shared by Paul Merrell on 29 Jan 14 - No Cached
  • For more than six months, Edward Snowden’s revelations about the National Security Agency (NSA) have been pouring out from the Washington Post, the New York Times, the Guardian, Germany’s Der Spiegel, and Brazil’s O Globo, among other places.  Yet no one has pointed out the combination of factors that made the NSA’s expanding programs to monitor the world seem like such a slam-dunk development in Washington.  The answer is remarkably simple.  For an imperial power losing its economic grip on the planet and heading into more austere times, the NSA’s latest technological breakthroughs look like a bargain basement deal when it comes to projecting power and keeping subordinate allies in line -- like, in fact, the steal of the century.  Even when disaster turned out to be attached to them, the NSA’s surveillance programs have come with such a discounted price tag that no Washington elite was going to reject them.
  • What exactly was the aim of such an unprecedented program of massive domestic and planetary spying, which clearly carried the risk of controversy at home and abroad? Here, an awareness of the more than century-long history of U.S. surveillance can guide us through the billions of bytes swept up by the NSA to the strategic significance of such a program for the planet’s last superpower. What the past reveals is a long-term relationship between American state surveillance and political scandal that helps illuminate the unacknowledged reason why the NSA monitors America’s closest allies. Not only does such surveillance help gain intelligence advantageous to U.S. diplomacy, trade relations, and war-making, but it also scoops up intimate information that can provide leverage -- akin to blackmail -- in sensitive global dealings and negotiations of every sort. The NSA’s global panopticon thus fulfills an ancient dream of empire. With a few computer key strokes, the agency has solved the problem that has bedeviled world powers since at least the time of Caesar Augustus: how to control unruly local leaders, who are the foundation for imperial rule, by ferreting out crucial, often scurrilous, information to make them more malleable.
  • Once upon a time, such surveillance was both expensive and labor intensive. Today, however, unlike the U.S. Army’s shoe-leather surveillance during World War I or the FBI’s break-ins and phone bugs in the Cold War years, the NSA can monitor the entire world and its leaders with only 100-plus probes into the Internet’s fiber optic cables. This new technology is both omniscient and omnipresent beyond anything those lacking top-secret clearance could have imagined before the Edward Snowden revelations began.  Not only is it unimaginably pervasive, but NSA surveillance is also a particularly cost-effective strategy compared to just about any other form of global power projection. And better yet, it fulfills the greatest imperial dream of all: to be omniscient not just for a few islands, as in the Philippines a century ago, or a couple of countries, as in the Cold War era, but on a truly global scale. In a time of increasing imperial austerity and exceptional technological capability, everything about the NSA’s surveillance told Washington to just “go for it.”  This cut-rate mechanism for both projecting force and preserving U.S. global power surely looked like a no-brainer, a must-have bargain for any American president in the twenty-first century -- before new NSA documents started hitting front pages weekly, thanks to Snowden, and the whole world began returning the favor.
  • ...12 more annotations...
  • As the gap has grown between Washington’s global reach and its shrinking mailed fist, as it struggles to maintain 40% of world armaments (the 2012 figure) with only 23% of global gross economic output, the U.S. will need to find new ways to exercise its power far more economically. As the Cold War took off, a heavy-metal U.S. military -- with 500 bases worldwide circa 1950 -- was sustainable because the country controlled some 50% of the global gross product. But as its share of world output falls -- to an estimated 17% by 2016 -- and its social welfare costs climb relentlessly from 4% of gross domestic product in 2010 to a projected 18% by 2050, cost-cutting becomes imperative if Washington is to survive as anything like the planet’s “sole superpower.” Compared to the $3 trillion cost of the U.S. invasion and occupation of Iraq, the NSA’s 2012 budget of just $11 billion for worldwide surveillance and cyberwarfare looks like cost saving the Pentagon can ill-afford to forego. Yet this seeming “bargain” comes at what turns out to be an almost incalculable cost. The sheer scale of such surveillance leaves it open to countless points of penetration, whether by a handful of anti-war activists breaking into an FBI field office in Media, Pennsylvania, back in 1971 or Edward Snowden downloading NSA documents at a Hawaiian outpost in 2012.
  • In October 2001, not satisfied with the sweeping and extraordinary powers of the newly passed Patriot Act, President Bush ordered the National Security Agency to commence covert monitoring of private communications through the nation's telephone companies without the requisite FISA warrants. Somewhat later, the agency began sweeping the Internet for emails, financial data, and voice messaging on the tenuous theory that such “metadata” was “not constitutionally protected.” In effect, by penetrating the Internet for text and the parallel Public Switched Telephone Network (PSTN) for voice, the NSA had gained access to much of the world’s telecommunications. By the end of Bush’s term in 2008, Congress had enacted laws that not only retrospectively legalized these illegal programs, but also prepared the way for NSA surveillance to grow unchecked. Rather than restrain the agency, President Obama oversaw the expansion of its operations in ways remarkable for both the sheer scale of the billions of messages collected globally and for the selective monitoring of world leaders.
  • By 2012, the centralization via digitization of all voice, video, textual, and financial communications into a worldwide network of fiber optic cables allowed the NSA to monitor the globe by penetrating just 190 data hubs -- an extraordinary economy of force for both political surveillance and cyberwarfare.
  • With a few hundred cable probes and computerized decryption, the NSA can now capture the kind of gritty details of private life that J. Edgar Hoover so treasured and provide the sort of comprehensive coverage of populations once epitomized by secret police like East Germany’s Stasi. And yet, such comparisons only go so far. After all, once FBI agents had tapped thousands of phones, stenographers had typed up countless transcripts, and clerks had stored this salacious paper harvest in floor-to-ceiling filing cabinets, J. Edgar Hoover still only knew about the inner-workings of the elite in one city: Washington, D.C.  To gain the same intimate detail for an entire country, the Stasi had to employ one police informer for every six East Germans -- an unsustainable allocation of human resources. By contrast, the marriage of the NSA’s technology to the Internet’s data hubs now allows the agency’s 37,000 employees a similarly close coverage of the entire globe with just one operative for every 200,000 people on the planet
  • Through the expenditure of $250 million annually under its Sigint Enabling Project, the NSA has stealthily penetrated all encryption designed to protect privacy. “In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,” reads a 2007 NSA document. “It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.” By collecting knowledge -- routine, intimate, or scandalous -- about foreign leaders, imperial proconsuls from ancient Rome to modern America have gained both the intelligence and aura of authority necessary for dominion over alien societies. The importance, and challenge, of controlling these local elites cannot be overstated. During its pacification of the Philippines after 1898, for instance, the U.S. colonial regime subdued contentious Filipino leaders via pervasive policing that swept up both political intelligence and personal scandal. And that, of course, was just what J. Edgar Hoover was doing in Washington during the 1950s and 1960s.
  • Indeed, the mighty British Empire, like all empires, was a global tapestry woven out of political ties to local leaders or “subordinate elites” -- from Malay sultans and Indian maharajas to Gulf sheiks and West African tribal chiefs. As historian Ronald Robinson once observed, the British Empire spread around the globe for two centuries through the collaboration of these local leaders and then unraveled, in just two decades, when that collaboration turned to “non-cooperation.” After rapid decolonization during the 1960s transformed half-a-dozen European empires into 100 new nations, their national leaders soon found themselves the subordinate elites of a spreading American global imperium. Washington suddenly needed the sort of private information that could keep such figures in line. Surveillance of foreign leaders provides world powers -- Britain then, America now -- with critical information for the exercise of global hegemony. Such spying gave special penetrating power to the imperial gaze, to that sense of superiority necessary for dominion over others.  It also provided operational information on dissidents who might need to be countered with covert action or military force; political and economic intelligence so useful for getting the jump on allies in negotiations of all sorts; and, perhaps most important of all, scurrilous information about the derelictions of leaders useful in coercing their compliance.
  • In late 2013, the New York Times reported that, when it came to spying on global elites, there were “more than 1,000 targets of American and British surveillance in recent years,” reaching down to mid-level political actors in the international arena. Revelations from Edward Snowden’s cache of leaked documents indicate that the NSA has monitored leaders in some 35 nations worldwide -- including Brazilian president Dilma Rousseff, Mexican presidents Felipe Calderón and Enrique Peña Nieto, German Chancellor Angela Merkel, and Indonesia’s president Susilo Bambang Yudhoyono.  Count in as well, among so many other operations, the monitoring of “French diplomatic interests” during the June 2010 U.N. vote on Iran sanctions and “widespread surveillance” of world leaders during the Group 20 summit meeting at Ottawa in June 2010. Apparently, only members of the historic “Five Eyes” signals-intelligence alliance (Australia, Canada, New Zealand, and Great Britain) remain exempt -- at least theoretically -- from NSA surveillance. Such secret intelligence about allies can obviously give Washington a significant diplomatic advantage. During U.N. wrangling over the U.S. invasion of Iraq in 2002-2003, for example, the NSA intercepted Secretary-General Kofi Anan’s conversations and monitored the “Middle Six” -- Third World nations on the Security Council -- offering what were, in essence, well-timed bribes to win votes. The NSA’s deputy chief for regional targets sent a memo to the agency’s Five Eyes allies asking “for insights as to how membership is reacting to on-going debate regarding Iraq, plans to vote on any related resolutions [..., and] the whole gamut of information that could give U.S. policymakers an edge in obtaining results favorable to U.S. goals.”
  • Indicating Washington’s need for incriminating information in bilateral negotiations, the State Department pressed its Bahrain embassy in 2009 for details, damaging in an Islamic society, on the crown princes, asking: “Is there any derogatory information on either prince? Does either prince drink alcohol? Does either one use drugs?” Indeed, in October 2012, an NSA official identified as “DIRNSA,” or Director General Keith Alexander, proposed the following for countering Muslim radicals: “[Their] vulnerabilities, if exposed, would likely call into question a radicalizer’s devotion to the jihadist cause, leading to the degradation or loss of his authority.” The agency suggested that such vulnerabilities could include “viewing sexually explicit material online” or “using a portion of the donations they are receiving… to defray personal expenses.” The NSA document identified one potential target as a “respected academic” whose “vulnerabilities” are “online promiscuity.”
  • Just as the Internet has centralized communications, so it has moved most commercial sex into cyberspace. With an estimated 25 million salacious sites worldwide and a combined 10.6 billion page views per month in 2013 at the five top sex sites, online pornography has become a global business; by 2006, in fact, it generated $97 billion in revenue. With countless Internet viewers visiting porn sites and almost nobody admitting it, the NSA has easy access to the embarrassing habits of targets worldwide, whether Muslim militants or European leaders. According to James Bamford, author of two authoritative books on the agency, “The NSA's operation is eerily similar to the FBI's operations under J. Edgar Hoover in the 1960s where the bureau used wiretapping to discover vulnerabilities, such as sexual activity, to ‘neutralize’ their targets.”
  • Indeed, whistleblower Edward Snowden has accused the NSA of actually conducting such surveillance.  In a December 2013 letter to the Brazilian people, he wrote, “They even keep track of who is having an affair or looking at pornography, in case they need to damage their target's reputation.” If Snowden is right, then one key goal of NSA surveillance of world leaders is not U.S. national security but political blackmail -- as it has been since 1898. Such digital surveillance has tremendous potential for scandal, as anyone who remembers New York Governor Eliot Spitzer’s forced resignation in 2008 after routine phone taps revealed his use of escort services; or, to take another obvious example, the ouster of France’s budget minister Jérôme Cahuzac in 2013 following wire taps that exposed his secret Swiss bank account. As always, the source of political scandal remains sex or money, both of which the NSA can track with remarkable ease.
  • By starting a swelling river of NSA documents flowing into public view, Edward Snowden has given us a glimpse of the changing architecture of U.S. global power. At the broadest level, Obama’s digital “pivot” complements his overall defense strategy, announced in 2012, of reducing conventional forces while expanding into the new, cost-effective domains of space and cyberspace. While cutting back modestly on costly armaments and the size of the military, President Obama has invested billions in the building of a new architecture for global information control. If we add the $791 billion expended to build the Department of Homeland Security bureaucracy to the $500 billion spent on an increasingly para-militarized version of global intelligence in the dozen years since 9/11, then Washington has made a $1.2 trillion investment in a new apparatus of world power.
  • So formidable is this security bureaucracy that Obama’s recent executive review recommended the regularization, not reform, of current NSA practices, allowing the agency to continue collecting American phone calls and monitoring foreign leaders into the foreseeable future. Cyberspace offers Washington an austerity-linked arena for the exercise of global power, albeit at the cost of trust by its closest allies -- a contradiction that will bedevil America’s global leadership for years to come. To update Henry Stimson: in the age of the Internet, gentlemen don't just read each other’s mail, they watch each other’s porn. Even if we think we have nothing to hide, all of us, whether world leaders or ordinary citizens, have good reason to be concerned.
Paul Merrell

NSA could have accessed Google, Yahoo data through private cable provider - RT USA - 0 views

rt.com/...nsa-snowden-level3-cable-336

surveillance state NSA Google Yahoo wiretap Level3

shared by Paul Merrell on 27 Nov 13 - No Cached
  • A new analysis of the National Security Agency’s covert eavesdropping operations suggests the private American company that supplies the likes of Google and Yahoo with fiber optic cables might have allowed the NSA to infiltrate those networks. Reporters at the New York Times wrote this week that Level 3 Communications — the Colorado-based internet company that manages online traffic for much of North America, Latin America and Europe — is likely responsible for letting the NSA and its British counterpart silently collect troves of sensitive data from the biggest firms on the web.
  • Nearly one month later, an article published this Monday by Nicole Perlroth and John Markoff at the Times says those interception points could have been approved by Level 3, who owns the cable infrastructure that the majority of America’s web traffic travels through. “People knowledgeable about Google and Yahoo’s infrastructure say they believe that government spies bypassed the big Internet companies and hit them at a weak spot — the fiber-optic cables that connect data centers around the world that are owned by companies like Verizon Communications, the BT Group, the Vodafone Group and Level 3 Communications,” Perlroth and Markoff wrote. “In particular, fingers have been pointed at Level 3, the world’s largest so-called Internet backbone provider, whose cables are used by Google and Yahoo.”
  • In a financial report made by the company and obtained by the paper, however, Level 3 is revealed to have much more of a relationship with the government then one that just involves the occasional compliance order. According to that report, the company announced, “We are party to an agreement with the US Departments of Homeland Security, Justice and Defense addressing the US government’s national security and law enforcement concerns. This agreement imposes significant requirements on us related to information storage and management; traffic management; physical, logical and network security arrangements; personnel screening and training and other matters.”
  • ...1 more annotation...
  • When news of the eavesdropping operation surfaced last month, Christopher Soghoian, a technologist at the American Civil Liberties Union, speculated on Twitter that if Level 3 indeed allowed the government to tap its cables, they’d likely not be covered by the same legal protections in the Foreign Intelligence Surveillance Act, or FISA, that let feds conduct widespread surveillance over private companies’ data. If Level 3 voluntarily let NSA/GCHQ tap Google's data, the immunity available via FISA 702 orders won't apply and they can be sued.
Paul Merrell

EU Parliament says other countries spy, but not as much as the UK or US | ITworld - 0 views

www.itworld.com/...ountries-spy-not-much-uk-or-us

surveillance state NSA GCHQ EU-report UK France Germany Sweden everyone-does-it-excuse

shared by Paul Merrell on 27 Oct 13 - No Cached
  • The European Parliament's research department has found that four out of five member states surveyed carry out wide-scale telecommunications surveillance. In a report released on Friday the department revealed that the U.K., France, Germany and Sweden all engaged in bulk collection of data. The Netherlands, which was also examined, has not done so, so far, but is engaged in setting up an agency for that purpose.
  • "It appears unlikely that the programmes of EU member states such as Sweden, France and Germany come close to the sheer magnitude of the operations launched by GCHQ and the NSA," says the report. Reports allege that GCHQ has placed data interceptors on approximately 200 U.K. fiber-optic cables that transmit Internet data and that by 2012 the agency was able to process data from at least 46 fiber-optic cables at any one time. This gives the agency the possibility to intercept more than 21 petabytes of data a day. This is estimated to have contributed to a 7,000 percent increase in the amount of personal data available to GCHQ from Internet and mobile traffic in the past five years. In order to deal with this vast amount of data, GCHQ uses a system of so-called "Massive Volume Reduction," removing 30 percent of less intelligence-relevant data such as peer-to-peer downloads. The remaining data is combed using some of up to 40,000 "selectors" such as keywords, email addresses or phone numbers of targeted individuals by about 300 GCHQ and 250 NSA staff working together.
  • Paul Merrell on 27 Oct 13
     
    Regarding the "everyone does it" excuse for bulk surveillance being used by the Obama Administration (which every parent learns to ignore when a teenage child wants something the parent ain't gonna' let happen), note the following statement from the E.U. report: "'It appears unlikely that the programmes of EU member states such as Sweden, France and Germany come close to the sheer magnitude of the operations launched by GCHQ and the NSA,' says the report." So the "everyone does it" excuse, in addition to ducking the question of whether *anyone* should be doing it let alone the U.S. with its constitutional limitations, also ignores qualitative differences in what "everyone does." 
Gary Edwards

Daniel Henninger: Capitalism Saved the Miners - WSJ.com - 0 views

online.wsj.com/...3673604575550322091167574.html

capitalism obammunism chile daniel-henninger

shared by Gary Edwards on 17 Oct 10 - No Cached
  • Gary Edwards on 17 Oct 10
     
    If those miners had been trapped a half-mile down like this 25 years ago anywhere on earth, they would be dead. What happened over the past 25 years that meant the difference between life and death for those men? Short answer: the Center Rock drill bit. This is the miracle bit that drilled down to the trapped miners. Center Rock Inc. is a private company in Berlin, Pa. It has 74 employees. The drill's rig came from Schramm Inc. in West Chester, Pa. Seeing the disaster, Center Rock's president, Brandon Fisher, called the Chileans to offer his drill. Chile accepted. The miners are alive. Longer answer: The Center Rock drill, heretofore not featured on websites like Engadget or Gizmodo, is in fact a piece of tough technology developed by a small company in it for the money, for profit. That's why they innovated down-the-hole hammer drilling. If they make money, they can do more innovation. This profit = innovation dynamic was everywhere at that Chilean mine. The high-strength cable winding around the big wheel atop that simple rig is from Germany. Japan supplied the super-flexible, fiber-optic communications cable that linked the miners to the world above.
Paul Merrell

Report: Verizon Claimed Public Utility Status To Get Government Perks - Slashdot - 0 views

news.slashdot.org/...status-to-get-government-perks

net-neutrality FCC Verizon banksters

shared by Paul Merrell on 29 May 14 - No Cached
  • Research for the Public Utility Law Project (PULP) has been released which details 'how Verizon deliberately moves back and forth between regulatory regimes, classifying its infrastructure either like a heavily regulated telephone network or a deregulated information service depending on its needs. The chicanery has allowed Verizon to raise telephone rates, all the while missing commitments for high-speed internet deployment' (PDF). In short, Verizon pushed for the government to give it common carrier privileges under Title II in order to build out its fiber network with tax-payer money. Result: increased service rates on telephone users to subsidize Verizon's 'infrastructure investment.' When it comes to regulations on Verizon's fiber network, however, Verizon has been pushing the government to classify its services as that of information only — i.e., beyond Title II. Verizon has made about $4.4 billion in additional revenue in New York City alone, 'money that's funneled directly from a Title II service to an array of services that currently lie beyond Title II's reach.' And it's all legal. An attorney at advocacy group Public Knowledge said it best: 'To expect that you can come in and use public infrastructure and funds to build a network and then be free of any regulation is absurd....When Verizon itself is describing these activities as a Title II common carrier, how can the FCC look at broadband internet and continue acting as though it's not a telecommunication network?'"
  • Paul Merrell on 29 May 14
     
    Let's also not forget that what is now named "Verizon" used to be named Bell Atlantic, one of the seven Baby Bells that were spun off by AT&T by government order during antitrust proceedings.  In other words, this is one of the companies rate-payers financed through a heavily-regulated analog telephony absolute monopoly. But Verizon wants to spread its wings and escape the chains of regulation as a telecommunications carrier. While having its cake and eating it to, according to this article. The FCC has poised itself through a proposed rule with the flexibility to postpone a decision on net neutrality.  AT&T famously was allowed to keep its R&D arm while being freed of the expense of upgrading the U.S. telephony network from analog to digital and from copper wire to fibre optic.  And pay for those Baby Bells to make that transition we did. I remember monthly bills for a two person office running as high as $1,100 a month for calls all carried from Baby Bell to AT&T and back to another Baby Bell. All at state-regulated rates with FCC looking the other way. But now Verizon, Comcast (the originally munipally regulated cable television monopolies) and the few other "competing" survivors of that broadband rollout, having had their infrastructure paid for by the ratepayers, want to fly off and begin charging us at the other end of the pipe,via charges to content providers that will be passed on to us. Leading to the squeezing out of Mom and Pop internet businesses by the big content providers that can afford the charges and pass them on to us. This is looking more and more like another massive rip-off of the customers who already paid for that infrasture. Is that banksters I smell, privatizing a enormous public utility in the name of free markets?      
Paul Merrell

Asia Times Online :: Our man in Quito - 0 views

www.atimes.com/...WOR-02-240613.html

surveillance state NSA Snowden China Russia Cuba Ecuador Obama propaganda

shared by Paul Merrell on 24 Jun 13 - No Cached
  • HONG KONG - So it's going to be Our Man in Quito. The narrative may not be as elegant as Graham Greene's, but the plot certainly beats the Bourne trilogy - because it's happening live, in real time, right in front of our eyes. It takes a former CIA asset to beat US "intelligence" - more like intel deprivation. The story of Edward Snowden's escape from Hong Kong is textbook. This correspondent, at dim sum on Sunday, was alerted by a source; "Get ready for something big; he's leaving soon." That was about 12:30 pm Hong Kong time. In fact Snowden had already flown from Chek Lap Kok on SU 213 <a href='http://asianmedia.com/GAAN/www/delivery/ck.php?n=a9473bc7&cb=%n' target='_blank'><img src='http://asianmedia.com/GAAN/www/delivery/avw.php?zoneid=36&cb=%n&n=a9473bc7&ct0=%c' border='0' alt='' ></a> bound for Moscow at 11:00 am. But nobody knew it yet. Hong Kong was still digesting the front page of the South China Morning Post displaying yet more devastating evidence of US cyber-spying of China.
  • Asia Times Online had also learned from another source close to Snowden's tight circle that a short stint in Hong Kong was always part of Plan A; he never intended to ask for political asylum in either Hong Kong or China. He was already focused on a "third country". What he did was to use Hong Kong as an ideal platform to unveil the inner workings of the Orwellian/Panopticon US surveillance state. First a set of general revelations to The Guardian. Then he went underground to prepare his escape - as he knew Washington would come after him with all guns (drones?) blazing. And then, a final set of revelations to the South China Morning Post closely focused on Asia and China. When Washington woke up to it, he was already out of the building. Jason Bourne, eat your heart out. Snowden was not "allowed to slip away". It all revolved around a meticulously timed operation involving Snowden, the Hong Kong government and WikiLeaks mediation.
  • So the US government thought it could simply intimate to Hong Kong to do it "our way or the highway" - while at the same time news of US serial hacking of Hong Kong and China was front-page news. Once again, five hours into Snowden's flight to Moscow, US corporate media was still parroting the official narrative - stressed by Obama's National Security Adviser Tom Donilon - that the noose was tightening around his neck. Whether Beijing had a subtly indirect input on the Hong Kong government's decision is open to a South China Sea of speculation. The fact is, not only was this a perfect solution for Hong Kong - which would be facing relentless pressure from the US government to extradite him - but also for Beijing, which maintains its upper-hand, furiously demanding a lot of explanations about the NSA targeting Chinese phone companies, the Asia-Pacific fiber-optic network and even Beijing's Tsinghua University.
  • ...2 more annotations...
  • The predictable fury across Capitol Hill, with plenty of "hostile nations" rhetoric coupled with the inevitable demonizing of Russian President Vladimir Putin, not to mention NSA spy chief General Keith Alexander, among the usual platitudes about "defending this nation from a terrorist attack", depicting Snowden as an " individual who is not acting, in my opinion, with noble intent" - this all reads like lazily written lines in a cheap spy thriller. For the Empire, getting a bloody eye is not taken lightly. Washington is left with wishful thinking that Moscow might detain Snowden. Rubbish. Foreign Minister Sergey Lavrov had even advanced that Russia would consider granting political asylum if Snowden asked for it. And what about this priceless quote from Dmitry Peskov, Putin's spokesman? "I know nothing." Xinhua, for its part, predictably had a field day with it; "Washington should come clean about its record first. The United States, which has long been trying to play innocent as a victim of cyber attacks, has turned out to be the biggest villain in our age."
  • Among all the excitement provoked by this thriller, one should not lose focus; the most crucial aspect of the story is Obama and spy supremo Keith Alexander swearing that the Orwellian privatized intelligence-corporate-industrial complex is essential to prevent terrorism. It is not. This is a monumental lie - and Obama is complicit. Former ambassador Joe Wilson and his wife Valerie Plame Wilson - outed by Dick Cheney's gang - certainly don't lose their focus in this timely piece. Now to Quito. Danger still looms. But once he's there, it's game, set, match - as I said in this interview. And then HBO should start casting the movie, fast. With Ryan Gosling in the lead. Snowden, of course, should write the screenplay.
  • Paul Merrell on 24 Jun 13
     
    Pepe Escobar foresees a movie about what Edward Snowden has done to rival the Jason Bourne thrillers. And provides the international political context behind Snowden's escape from pursuing Feds out to punish him for blowing the whistle on their creation of an Orwellian surveillance state. The entire article is recommended reading; Pepe has an unusual talent for coming up with the information other reporters miss and telling the story in a fascinating way.    
Paul Merrell

NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say - ... - 0 views

www.washingtonpost.com/...3-8b74-d89d714ca4dd_story.html

surveillance state NSA NSA-targets Google Yahoo must-read

shared by Paul Merrell on 31 Oct 13 - No Cached
  • The National Security Agency has secretly broken into the main communications links that connect Yahoo and Google data centers around the world, according to documents obtained from former NSA contractor Edward Snowden and interviews with knowledgeable officials. By tapping those links, the agency has positioned itself to collect at will from hundreds of millions of user accounts, many of them belonging to Americans. The NSA does not keep everything it collects, but it keeps a lot.
  • According to a top-secret accounting dated Jan. 9, 2013, the NSA’s acquisitions directorate sends millions of records every day from internal Yahoo and Google networks to data warehouses at the agency’s headquarters at Fort Meade, Md. In the preceding 30 days, the report said, field collectors had processed and sent back 181,280,466 new records — including “metadata,” which would indicate who sent or received e-mails and when, as well as content such as text, audio and video.The NSA’s principal tool to exploit the data links is a project called MUSCULAR, operated jointly with the agency’s British counterpart, the Government Communications Headquarters . From undisclosed interception points, the NSA and the GCHQ are copying entire data flows across fiber-optic cables that carry information among the data centers of the Silicon Valley giants.
  • The infiltration is especially striking because the NSA, under a separate program known as PRISM, has front-door access to Google and Yahoo user accounts through a court-approved process. The MUSCULAR project appears to be an unusually aggressive use of NSA tradecraft against flagship American companies. The agency is built for high-tech spying, with a wide range of digital tools, but it has not been known to use them routinely against U.S. companies.
  • ...1 more annotation...
  • In a statement, Google’s chief legal officer, David Drummond, said the company has “long been concerned about the possibility of this kind of snooping” and has not provided the government with access to its systems.“We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform,” he said.
  • Paul Merrell on 31 Oct 13
     
    It says later in this 3-page article that Google's data centers back up their content to each other in case one goes down. So no question that U.S. citizens' data is collected, I think. See also closely related article, Why the NSA Wanted More Access, http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/30/prism-already-gave-the-nsa-access-to-tech-giants-heres-why-it-wanted-more/ ("Scooping up data is deep in the NSA's DNA, and it may simply have been unable to help itself."). See also http://apps.washingtonpost.com/g/page/world/how-the-nsas-muscular-program-collects-too-much-data-from-yahoo-and-google/543/ (excerpts from documents discussed in the main article). 
Paul Merrell

The Still-Missing Evidence of Russia-gate - Consortiumnews - 0 views

consortiumnews.com/...issing-evidence-of-russia-gate

surveillance state NSA Binney Russia-Gate

shared by Paul Merrell on 03 Jan 18 - No Cached
  • A changing-places moment brought about by Russia-gate is that liberals who are usually more skeptical of U.S. intelligence agencies, especially their evidence-free claims, now question the patriotism of Americans who insist that the intelligence community supply proof to support the dangerous claims about Russian ‘hacking” of Democratic emails especially when some  veteran U.S. government experts say the data would be easily available if the Russians indeed were guilty. One of those experts is William Binney, a former high-level National Security Agency intelligence official who, after his 2001 retirement, blew the whistle on the extraordinary breadth of NSA surveillance programs. His outspoken criticism of the NSA during the George W. Bush administration made him the subject of FBI investigations that included a raid on his home in 2007. Even before Edward Snowden’s NSA whistleblowing, Binney publicly revealed that NSA had access to telecommunications companies’ domestic and international billing records, and that since 9/11 the agency has intercepted some 15 trillion to 20 trillion communications. Snowden has said: “I have tremendous respect for Binney, who did everything he could according to the rules.”
  • I spoke to Binney on Dec. 28 about Russia-gate and a host of topics having to do with spying and America’s expanding national security state.
  • Bernstein: Your expertise was in the Soviet Union and so you must know a lot about bugging.  Do you believe that Russia hacked and undermined our last election?  Can Trump thank Russia for the result? Binney:  We at Veteran Intelligence Professionals for Sanity (VIPS) published an article on this in July.  First of all, if any of the data went anywhere across the fiber optic world, the NSA would know.  Just inside the United States, the NSA has over a hundred tap points on the fiber lines, taking in everything.    Mark Klein exposed some of this at the AT&T facility in San Francisco. This is not for foreigners, by the way, this is for targeting US citizens.  If they wanted only foreigners, all they would have to do was look at the transatlantic cables where they surface on the coast of the United States.  But they are not there, they are distributed among the US population. Bernstein: So if, in fact, the Russians were tapping into DNC headquarters, the NSA would absolutely know about it. Binney: Yes, and they would also have trace routes on where they went specifically, in Russia or anywhere else.  If you remember, about three or four years ago, the Chinese hacked into somewhere in the United States and our government came out and confirmed that it was the Chinese who did it, and it came from a specific military facility in Shanghai.  The NSA had these trace route programs embedded by the hundreds across the US and all around the world.
  • ...3 more annotations...
  • The other data that came out from Guccifer 2.0, a download from the DNC, has been a charade.  It was a download and not a transfer across the Web.  The Web won’t manage such a high speed.  It could not have gotten across the Atlantic at that high speed.  You would have to have high capacity lines dedicated to that in order to do it. They have been playing games with us.  There is no factual evidence to back up any charge of hacking here. Bernstein: So was this a leak by somebody at Democratic headquarters? Binney: We don’t know that for sure, either.  All we know was that it was a local download.  We can likely attribute it to a USB device that was physically passed along.
  • Right now, our government is violating the first, fourth and fifth amendments in various ways.  Mueller did it, Comey did it, they were all involved in violating the Constitution.
  • Bernstein:  There seems to be a new McCarthyite operation around the Russia-gate investigation.  It appears that it is an attempt to justify the idea that Clinton lost because the Russians undermined the election. Binney: I have seen no evidence at all from anybody, including the intelligence community.  If you look at the Intelligence Community Assessment (ICA) report, they state on the first page that “We have high confidence that the Russians did this.”  But when you get toward the end of the report, they basically confess that “our judgment does not imply that we have evidence to back it up.” Bernstein:  It was initially put out that seventeen intelligence agencies found compelling evidence that the Russians hacked into our election.  You’re saying it was actually selected individuals from just three agencies.  Is there anything to the revelations that FBI agents talked about taking action to prevent Trump from becoming president? Binney: It certainly does seem that it is leaning that way, that is was all a frame-up.  It is a sad time in our history, to see the government working against itself internally. Bernstein:  I take it you are not a big supporter of Trump. Binney:  Well, I voted for him.  I couldn’t vote for a warmonger like Clinton.  She wanted to see our planes shooting down Russian planes in Syria.  She advocated for destabilizing Libya, for getting rid of Assad in Syria, she was a strong backer of the war in Iraq.
Paul Merrell

Meet the Israeli-linked firm that sold Big Brother machines to Mubarak, Qaddafi - and W... - 0 views

mondoweiss.net/...chines-qaddafi-washington.html

surveillance state NSA Israel Narus Verint Obama

shared by Paul Merrell on 16 Jun 13 - No Cached
  • In 2006, an AT&T technician named Mark Klein discovered a secret room inside the company’s windowless “Folsom Street Facility” in downtown San Francisco that was bristling with Narus machines. The now notorious Room 641A was controlled by the NSA, which was using it to collect AT&T customer data for data mining and real-time analysis. Thanks to the powerful NarusInsight system, the NSA was able to monitor 108 billion emails from AT&T customers per day.
  • Following a lawsuit filed against AT&T by the Electronic Freedom Foundation, Congress passed the FISA Amendments Act in July 2008, giving retroactive immunity to telecom corporations that assisted the NSA, and relieving them of any consequences for spying on Americans. Cass Sunstein, an informal advisor to Barack Obama’s 2008 presidential campaign who now heads the Office of Information and Regulatory Affairs, and who has urged federal law enforcement to “cognitively infiltrate” anti-government groups, was an outspoken supporter of the retroactive immunity bill. With Sunstein by his side, Obama reversed his initial objections to the NSA’s domestic spying operations, voting as a Senator for retroactive immunity. The vote allowed the NSA to expand its domestic spying operations, clearing the legal hurdles obstructing the creation of PRISM. The stage was set for the second term scandal that would leave Obama reeling.
  • Binney told me that throughout the United States there are currently as many as 20 NSA black sites like Room 641A. Narus devices, he said, have been placed at fiber-optic convergence points, allowing the NSA to retrieve about 80 percent of data carried through telecom and online service providers. Binney emphasized that the devices do not only retrieve so-called metadata, which only offers general records of data, but that they gather the actual content of emails and calls. (“We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on; we can reconstruct their (Voice Over Internet) calls,” said Steve Bannerman, the marketing director of Narus). Thanks to PRISM, the NSA bas been able to “fill in the gaps,” Binney explained, gathering bulk data from communications the NSA might have missed with the NarusInsight system, especially those made between Americans and foreign countries.
  • ...2 more annotations...
  • Another Israeli-linked tech company, Verint, is a subsidiary of the Israeli firm Comverse, which boasts a reputation as “the world’s leading provider… of communications intercept and analysis” technology. Among the many Comverse executives plucked from the ranks of Israeli army intelligence is the company’s founder, Jacob “Kobi” Alexander, an ex-Israeli intelligence agent who cashed in through Israel’s high-tech surveillance industry. Alexander’s lucrative career collapsed in dramatic fashion when he was arrested for fraud in Namibia in 2006 after an international manhunt, and wound up handing over bank accounts worth $46 million to US authorities.
  • Just as AT&T relied on Narus systems, Verint’s DPI devices have been used to fulfill NSA requests for data from Verizon’s subscribers. And as Bamford explained in his 2008 book on the NSA, “Shadow Factory,” much of the data Verint and other private Israeli contractors gather from can be remotely accessed from Israel. “The greatest potential beneficiaries of this marriage between the Israeli eavesdroppers and America’s increasingly centralized telecom grid are Israel’s intelligence agencies,” Bamford wrote.
Paul Merrell

Lawmaker Says There More To NSA Spying - Business Insider - 0 views

www.businessinsider.com/here-more-to-nsa-spying-2013-6

surveillance state NSA future-disclosures

shared by Paul Merrell on 04 Jul 13 - No Cached
  • A House Democrat said information revealed about the National Security Agency's secret surveillance programs are "the tip of the iceberg," Daniel Strauss of The Hill reports. "I think it's just broader than most people even realize, and I think that's, in one way, what astounded most of us, too," Rep. Loretta Sanchez (D-Calif.) told C-SPAN's "Washington Journal" after a classified briefing with national security officials. Rep. Joe Barton (R-Texas), who also attended the meeting, said that the NSA "violated the spirit of the law when it started collecting data from everyone in the country just because technology now makes that possible.” Barton added that "in America ... You don’t target everyone and violate their 4th Amendment rights just because of a handful of threats. But that is exactly what is happening at the NSA ... it is wrong and it needs to stop now.” More from Sanchez: "I don't know if there are other leaks, if there's more information somewhere, if somebody else is going to step up, but I will tell you that I believe it's the tip of the iceberg."
  • A House Democrat said information revealed about the National Security Agency's secret surveillance programs are "the tip of the iceberg," Daniel Strauss of The Hill reports. "I think it's just broader than most people even realize, and I think that's, in one way, what astounded most of us, too," Rep. Loretta Sanchez (D-Calif.) told C-SPAN's "Washington Journal" after a classified briefing with national security officials. Rep. Joe Barton (R-Texas), who also attended the meeting, said that the NSA "violated the spirit of the law when it started collecting data from everyone in the country just because technology now makes that possible.” Barton added that "in America ... You don’t target everyone and violate their 4th Amendment rights just because of a handful of threats. But that is exactly what is happening at the NSA ... it is wrong and it needs to stop now.”
  • Glenn Greenwald of the Guardian, who has served as a conduit for Snowden's leaks, recently said that there will me many more "significant revelations that have not yet been heard." Greenwald told The New York Times that he received “thousands” of classified documents — “dozens” of which are newsworthy — from the the 29-year-old ex-Booz Allen employee who was contracted by the NSA. Sanchez said that what lawmakers learned "is significantly more than what is out in the media today," which is interesting when considering previous reports by journalists and whistleblowers.
  • ...2 more annotations...
  • Here's a rundown of the reports and the allegations: In 2006 NSA insiders told Leslie Cauley of USA Today that the NSA has been collecting almost all U.S. phone records since shortly after 9/11. In 2010 Dana Priest and William Arkin of The Washington Post reported that "collection systems at the [NSA] intercept and store 1.7 billion emails, phone calls, and other types of communications" every day. According to a 2007 lawsuit, Verizon built a fiber optic cable to give the "access to all communications flowing through the carrier’s operations center." In April 2012 Wired's James Bamford reported how the U.S. government hired two secretive Israeli companies to wiretap AT&T. AT&T engineer Mark Klein discovered the "secret room" at AT&T central office in San Francisco, through which the NSA actively "vacuumed up Internet and phone-call data from ordinary Americans with the cooperation of AT&T" through the wiretapping rooms, emphasizing that "much of the data sent through AT&T to the NSA was purely domestic." Former NSA executive and whistleblower Thomas Drake testified that the NSA is using Israeli-made hardware to "seize and save all personal electronic communications."
  • A classified program called Prism, leaked by Snowden, appears to acquire information from the servers of nine of the biggest internet companies. The Washington Post reported that the government's orders "serve as one-time blanket approvals for data acquisition and surveillance on selected foreign targets for periods of as long as a year." NSA Whistleblower William Binney that the NSA began using the program he built (i.e. ThinThread) to use communications data for creating, in real time, profiles of nearly all Americans so that the government is "able to monitor what people are doing" and who they are doing it with. In July the Foreign Intelligence Surveillance Court (FISC), established to "hear applications for and grant orders approving electronic surveillance," found that the NSA violated the Fourth Amendment's restriction against unreasonable searches and seizures "on at least one occasion." BONUS: In March CIA Chief Technology Officer Ira "Gus" Hunt said: "It is really very nearly within our grasp to be able to compute on all human generated information." If there is "significantly more" to the NSA's domestic snooping, then we're all ears and eyes.
Paul Merrell

Mass Surveillance and the Right to Privacy: Adding Nuance to the Schrems Case | Just Se... - 0 views

www.justsecurity.org/...t-max-schrems-case-safe-harbor

surveillance state EU ECJ Schrems litigation data privacy

shared by Paul Merrell on 18 Oct 15 - No Cached
  • Last week’s post by Megan Graham is certainly a welcome contribution in explaining the implications of the Max Schrems case by the European Union Court of Justice, and specifically how it relates to the Safe Harbor arrangement between the US and the EU. Let me add a different perspective: Irrespective of its consequences for Safe Harbor, last week’s ruling is hugely important on a more general level, namely for the understanding of what the right to privacy entails in Europe and what this means for mass surveillance. Through its ruling in Max Schrems the EU’s highest court has established that: Mere access by public authorities to confidential or group-specific communications data constitutes an intrusion into the right to privacy, even without any further processing of that data; and While indiscriminate intrusion into “metadata” may constitute a particularly serious intrusion into the right to privacy, access to “content” data will affect the essence of the right to privacy.
  • These findings were made under Article 7 of the EU Charter of Fundamental Rights, a broad provision on the right to respect for one’s private life. This provision of the EU Charter, which is a part of the foundational treaty framework of the European Union, is almost identical to Article 8 of the European Convention on Human Rights, a treaty legally binding for broader Europe and routinely a part of domestic legal orders. It remains to be seen whether the guardian of the latter framework, the European Court of Human Rights, will also be courageous enough to determine that indiscriminate mass surveillance that provides access to “content” data breaches the essential core of the right to privacy. The highest EU court already took that bold step. One of the most important implications of identifying government access to content as breaching the essence of the right to privacy, is that it negates the need for a proportionality assessment. Measures that compromise the essence of privacy have already crossed a red line, and there is no need for any further “balancing” between privacy and security. Therefore, the Max Schrems ruling is a huge blow to many of the current methods of electronic mass surveillance, including those practiced by the US and several European countries (including the United Kingdom).
  • Several additional points from my earlier post in Verfassungsblog about this case are also worth noting. First, the EU court did not really dwell on the separate Article 8 provision of the EU Charter on Fundamental Rights, concerning the right to the protection of personal data. This was perhaps because that provision is triggered by the “processing” of data, while the general privacy (Article 7) impact comes into play through mere “access.” Another point is that while it was easy to establish the jurisdiction of the EU court over data transfers from Europe to Facebook’s servers in the US, it may be much harder to bring a case before that court concerning “upstream” methods of mass surveillance, such as the NSA’s tapping of transatlantic fiber optic telecommunications cables. Perhaps most importantly, the substantive ruling in the Schrems case is formulated in a way that it would apply to any method of mass surveillance that gives public authorities access to the content of ordinary people’s private communications, including communications intended for a group of people but not for the authorities. Hence, the ruling is a major contribution as to what the right to privacy substantively means in Europe.
Paul Merrell

First Unitarian Church of Los Angeles v. NSA | Electronic Frontier Foundation - 0 views

www.eff.org/...arian-church-los-angeles-v-nsa

surveillance state NSA NSA-blowback litigation 1st Amendment EFF

shared by Paul Merrell on 13 Jan 14 - No Cached
  • Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.
  • Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.
  • The case challenges the mass telephone records collection that was confirmed by the FISA Order that was published on June 5, 2013 and confirmed by the Director of National Intelligence (DNI) on June 6, 2013. The DNI confirmed that the collection was “broad in scope” and conducted under the “business records” provision of the Foreign Intelligence Surveillance Act, also known as section 215 of the Patriot Act and 50 U.S.C. section 1861. The facts have long been part of EFF’s Jewel v. NSA case. The case does not include section 702 programs, which includes the recently made public and called the PRISM program or the fiber optic splitter program that is included (along with the telephone records program) in the Jewel v. NSA case. 
  • ...5 more annotations...
  • Our goal is to highlight one of the most important ways that the government collection of telephone records is unconstitutional: it violates the First Amendment right of association. When the government gets access to the phone records of political and activist organizations and their members, it knows who is talking to whom, when, and for how long. This so-called “metadata,” especially when collected in bulk and aggregated, tracks the associations of these organizations. After all, if the government knows that you call the Unitarian Church or Calguns or People for the American Way or Students for Sensible Drug Policy regularly, it has a very good indication that you are a member and it certainly knows that you associate regularly. The law has long recognized that government access to associations can create a chilling effect—people are less likely to associate with organizations when they know the government is watching and when the government can track their associations. 
  • Twenty-two organizations including Unitarian church groups, gun ownership advocates, and a broad coalition of membership and political advocacy organizations filed suit against the National Security Agency for violating their First Amendment right of association by illegally collecting their call records. The coalition is represented by EFF. At the heart of First Unitarian Church of Los Angeles v. NSA is the bulk telephone records collection program that was confirmed by the publication of an order from the Foreign Intelligence Surveillance Court (FISC) in June of 2013. The Director of National Intelligence (DNI) further confirmed that this formerly secret document was authentic, and part of a broader program to collect all major telecommunications customers’ call history. The order demands wholesale collection of every call made, the location of the phone, the time of the call, the duration of the call, and other “identifying information” for every phone and call for all customers of Verizon for a period of three months. Government officials further confirmed that this was just one of series of orders issued on a rolling basis since at least 2006. First Unitarian v. NSA argues that this spying violates the First Amendment, which protects the freedom to associate and express political views as a group.
  • The First Amendment right of association is a well established doctrine that prevents the government “interfering with the right to peaceably assemble or prohibit the petition for a governmental redress of grievances.” The most famous case embracing it is a 1958 Supreme Court Case from the Civil Rights era called  NAACP v. Alabama. In that case the Supreme Court held that it would violate the First Amendment for the NAACP to have to turn over its membership lists in litigation. The right stems from the simple fact that the First Amendment protects the freedom to associate and express political views as a group. This constitutional protection is critical because, as the court noted “[e]ffective advocacy of both public and private points of view, particularly controversial ones, is undeniably enhanced by group association[.]” NAACP v. Alabama, 357 U.S. at 460. As another court noted: the Constitution protects freedom of association to encourage the “advancing ideas and airing grievances” Bates v. City of Little Rock, 361 U.S. 516, 522-23 (1960).
  • The collection and analysis of telephone records give the government a broad window into our associations. The First Amendment protects against this because, as the Supreme Court has recognized, “it may induce members to withdraw from the association and dissuade others from joining it because of fear of exposure of their beliefs shown through their associations and of the consequences of their exposure.” NAACP v. Alabama, 357 U.S. at 462-63. See also Bates, 361 U.S. at 523; Gibson v. Florida Legislative Investigation Comm., 372 U.S. 539 (1963).  Privacy in one’s associational ties is also closely linked to freedom of association: “Inviolability of privacy in group association may in many circumstances be indispensable to preservation of freedom of association, particularly where a group espouses dissident beliefs.” NAACP v. Alabama, 357 U.S. at 462. 
  • The Supreme Court has made clear that infringements on freedom of association may survive constitutional scrutiny only when they “serve compelling state interests, unrelated to the suppression of ideas, that cannot be achieved through means significantly less restrictive of associational freedoms.” Roberts v. United States Jaycees, 468 U.S. 609, 623 (1984); see also NAACP v. Button, 371 U.S. at 341; Knox v. SEIU, Local 1000, 132 S. Ct. 2277, 2291 (2012)  Here, the wholesale collection of telephone records of millions of innocent Americans’ communications records, and thereby collection of their associations, is massively overbroad, regardless of the government’s interest. Thus, the NSA spying program fails under the basic First Amendment tests that have been in place for over fifty years.
  • Paul Merrell on 13 Jan 14
     
    This case is related to EFF's earlier pending case, Jewel v. NSA and has been assigned to Judge Whyte, the same judge who ruled earlier in Jewel that the State Secrets Privilege does not apply to NSA's call metadata "haystack." The plaintiffs are 22 different groups who would make strange bedfellows indeed, except in opposition to government surveillance and repression. 
Paul Merrell

N.S.A. Devises Radio Pathway Into Computers - NYTimes.com - 1 views

www.nytimes.com/...not-connected-to-internet.html

surveillance state NSA NSA-capabilities air-gap-penetration must-read

shared by Paul Merrell on 16 Jan 14 - No Cached
  • The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
  • The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
  • The N.S.A. and the Pentagon’s Cyber Command have implanted nearly 100,000 “computer network exploits” around the world, but the hardest problem is getting inside machines isolated from outside communications.
  • ...8 more annotations...
  • the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”
  • A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.
  • Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.
  • A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.
  • The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.
  • One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as eight miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.
  • Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.
  • But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.
  • Paul Merrell on 16 Jan 14
     
    Even radio transceivers emplanted in USB jacks. So now to be truly secure, we need not only an air gap but also a Faraday cage protecting the air gap. 
Paul Merrell

N.S.A. Able to Foil Basic Safeguards of Privacy on Web - NYTimes.com - 1 views

www.nytimes.com/...-much-internet-encryption.html

surveillance state NSA GCHQ NSA-capabilities

shared by Paul Merrell on 06 Sep 13 - No Cached
Gary Edwards liked it
  • The National Security Agency is winning its long-running secret war on encryption, using supercomputers, technical trickery, court orders and behind-the-scenes persuasion to undermine the major tools protecting the privacy of everyday communications in the Internet age, according to newly disclosed documents.
  • The agency has circumvented or cracked much of the encryption, or digital scrambling, that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the e-mails, Web searches, Internet chats and phone calls of Americans and others around the world, the documents show.
  • The N.S.A. hacked into target computers to snare messages before they were encrypted. In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world.
  • ...11 more annotations...
  • “For the past decade, N.S.A. has led an aggressive, multipronged effort to break widely used Internet encryption technologies,” said a 2010 memo describing a briefing about N.S.A. accomplishments for employees of its British counterpart, Government Communications Headquarters, or GCHQ. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
  • Some of the agency’s most intensive efforts have focused on the encryption in universal use in the United States, including Secure Sockets Layer, or SSL; virtual private networks, or VPNs; and the protection used on fourth-generation, or 4G, smartphones. Many Americans, often without realizing it, rely on such protection every time they send an e-mail, buy something online, consult with colleagues via their company’s computer network, or use a phone or a tablet on a 4G network.
  • For at least three years, one document says, GCHQ, almost certainly in collaboration with the N.S.A., has been looking for ways into protected traffic of popular Internet companies: Google, Yahoo, Facebook and Microsoft’s Hotmail. By 2012, GCHQ had developed “new access opportunities” into Google’s systems, according to the document. (Google denied giving any government access and said it had no evidence its systems had been breached).
  • Paul Kocher, a leading cryptographer who helped design the SSL protocol, recalled how the N.S.A. lost the heated national debate in the 1990s about inserting into all encryption a government back door called the Clipper Chip. “And they went and did it anyway, without telling anyone,” Mr. Kocher said. He said he understood the agency’s mission but was concerned about the danger of allowing it unbridled access to private information.
  • The documents are among more than 50,000 shared by The Guardian with The New York Times and ProPublica, the nonprofit news organization. They focus on GCHQ but include thousands from or about the N.S.A. Intelligence officials asked The Times and ProPublica not to publish this article, saying it might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read. The news organizations removed some specific facts but decided to publish the article because of the value of a public debate about government actions that weaken the most powerful privacy tools.
  • The files show that the agency is still stymied by some encryption, as Mr. Snowden suggested in a question-and-answer session on The Guardian’s Web site in June. “Properly implemented strong crypto systems are one of the few things that you can rely on,” he said, though cautioning that the N.S.A. often bypasses the encryption altogether by targeting the computers at one end or the other and grabbing text before it is encrypted or after it is decrypted.
  • Because strong encryption can be so effective, classified N.S.A. documents make clear, the agency’s success depends on working with Internet companies — by getting their voluntary collaboration, forcing their cooperation with court orders or surreptitiously stealing their encryption keys or altering their software or hardware.
  • At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.
  • Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method. Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of Standards and Technology and later by the International Organization for Standardization, which has 163 countries as members. Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.” “Eventually, N.S.A. became the sole editor,” the memo says.
  • But the agencies’ goal was to move away from decrypting targets’ tools one by one and instead decode, in real time, all of the information flying over the world’s fiber optic cables and through its Internet hubs, only afterward searching the decrypted material for valuable intelligence. A 2010 document calls for “a new approach for opportunistic decryption, rather than targeted.” By that year, a Bullrun briefing document claims that the agency had developed “groundbreaking capabilities” against encrypted Web chats and phone calls. Its successes against Secure Sockets Layer and virtual private networks were gaining momentum.
  • Ladar Levison, the founder of Lavabit, wrote a public letter to his disappointed customers, offering an ominous warning. “Without Congressional action or a strong judicial precedent,” he wrote, “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
  • Paul Merrell on 06 Sep 13
     
    Lengthy article, lots of new information on NSA decryption capabilities, none of it good for those who value their data privacy.
  • Gary Edwards on 06 Sep 13
     
    Thanks Paul - nice job cutting this monster down to size :)
Paul Merrell

Snowden Documents Reveal Covert Surveillance and Pressure Tactics Aimed at WikiLeaks an... - 0 views

firstlook.org/...t-wikileaks-and-its-supporters

surveillance state NSA GCHQ Wikileaks Assange anti-spying-deal lies Obama

shared by Paul Merrell on 21 Feb 14 - No Cached
  • Top-secret documents from the National Security Agency and its British counterpart reveal for the first time how the governments of the United States and the United Kingdom targeted WikiLeaks and other activist groups with tactics ranging from covert surveillance to prosecution. The efforts – detailed in documents provided previously by NSA whistleblower Edward Snowden – included a broad campaign of international pressure aimed not only at WikiLeaks founder Julian Assange, but at what the U.S. government calls “the human network that supports WikiLeaks.” The documents also contain internal discussions about targeting the file-sharing site Pirate Bay and hacktivist collectives such as Anonymous. One classified document from Government Communications Headquarters, Britain’s top spy agency, shows that GCHQ used its surveillance system to secretly monitor visitors to a WikiLeaks site. By exploiting its ability to tap into the fiber-optic cables that make up the backbone of the Internet, the agency confided to allies in 2012, it was able to collect the IP addresses of visitors in real time, as well as the search terms that visitors used to reach the site from search engines like Google.
  • Another classified document from the U.S. intelligence community, dated August 2010, recounts how the Obama administration urged foreign allies to file criminal charges against Assange over the group’s publication of the Afghanistan war logs. A third document, from July 2011, contains a summary of an internal discussion in which officials from two NSA offices – including the agency’s general counsel and an arm of its Threat Operations Center – considered designating WikiLeaks as “a ‘malicious foreign actor’ for the purpose of targeting.” Such a designation would have allowed the group to be targeted with extensive electronic surveillance – without the need to exclude U.S. persons from the surveillance searches.
  • In a statement to The Intercept, Assange condemned what he called “the reckless and unlawful behavior of the National Security Agency” and GCHQ’s “extensive hostile monitoring of a popular publisher’s website and its readers.” “News that the NSA planned these operations at the level of its Office of the General Counsel is especially troubling,” Assange said. “Today, we call on the White House to appoint a special prosecutor to investigate the extent of the NSA’s criminal activity against the media, including WikiLeaks, its staff, its associates and its supporters.” Illustrating how far afield the NSA deviates from its self-proclaimed focus on terrorism and national security, the documents reveal that the agency considered using its sweeping surveillance system against Pirate Bay, which has been accused of facilitating copyright violations. The agency also approved surveillance of the foreign “branches” of hacktivist groups, mentioning Anonymous by name. The documents call into question the Obama administration’s repeated insistence that U.S. citizens are not being caught up in the sweeping surveillance dragnet being cast by the NSA. Under the broad rationale considered by the agency, for example, any communication with a group designated as a “malicious foreign actor,” such as WikiLeaks and Anonymous, would be considered fair game for surveillance.
  • ...2 more annotations...
  • The system used by GCHQ to monitor the WikiLeaks website – codenamed ANTICRISIS GIRL – is described in a classified PowerPoint presentation prepared by the British agency and distributed at the 2012 “SIGDEV Conference.” At the annual gathering, each member of the “Five Eyes” alliance – the United States, United Kingdom, Canada, Australia and New Zealand – describes the prior year’s surveillance successes and challenges. In a top-secret presentation at the conference, two GCHQ spies outlined how ANTICRISIS GIRL was used to enable “targeted website monitoring” of WikiLeaks (See slides 33 and 34). The agency logged data showing hundreds of users from around the world, including the United States, as they were visiting a WikiLeaks site –contradicting claims by American officials that a deal between the U.K. and the U.S. prevents each country from spying on the other’s citizens. The IP addresses collected by GCHQ are used to identify individual computers that connect to the Internet, and can be traced back to specific people if the IP address has not been masked using an anonymity service. If WikiLeaks or other news organizations were receiving submissions from sources through a public dropbox on their website, a system like ANTICRISIS GIRL could potentially be used to help track them down. (WikiLeaks has not operated a public dropbox since 2010, when it shut down its system in part due to security concerns over surveillance.)
  • It is unclear from the PowerPoint presentation whether GCHQ monitored the WikiLeaks site as part of a pilot program designed to demonstrate its capability, using only a small set of covertly collected data, or whether the agency continues to actively deploy its surveillance system to monitor visitors to WikiLeaks. It was previously reported in The Guardian that X-KEYSCORE, a comprehensive surveillance weapon used by both NSA and GCHQ, allows “an analyst to learn the IP addresses of every person who visits any website the analyst specifies.”
  • Paul Merrell on 21 Feb 14
     
    "... the Obama administration urged foreign allies to file criminal charges against Assange over the group's publication of the Afghanistan war logs." Sweden promptly launches an alleged rape investigation and Assange is forced by the UK courts to take refuge in the London embassy of Ecuador. Because of urging by the Obama administration aimed at chilling the the First Amendment rights of journalists. That should be grounds for impeachment.  
Paul Merrell

Inside TAO: The NSA's Shadow Network - SPIEGEL ONLINE - 0 views

www.spiegel.de/...lobal-networks-a-940969-3.html

surveillance state NSA TAO NSA-methods parallel-internet must-read

shared by Paul Merrell on 30 Dec 13 - No Cached
  • The insert method and other variants of QUANTUM are closely linked to a shadow network operated by the NSA alongside the Internet, with its own, well-hidden infrastructure comprised of "covert" routers and servers. It appears the NSA also incorporates routers and servers from non-NSA networks into its covert network by infecting these networks with "implants" that then allow the government hackers to control the computers remotely. (Click here to read a related article on the NSA's "implants".) In this way, the intelligence service seeks to identify and track its targets based on their digital footprints. These identifiers could include certain email addresses or website cookies set on a person's computer. Of course, a cookie doesn't automatically identify a person, but it can if it includes additional information like an email address. In that case, a cookie becomes something like the web equivalent of a fingerprint.
  • Once TAO teams have gathered sufficient data on their targets' habits, they can shift into attack mode, programming the QUANTUM systems to perform this work in a largely automated way. If a data packet featuring the email address or cookie of a target passes through a cable or router monitored by the NSA, the system sounds the alarm. It determines what website the target person is trying to access and then activates one of the intelligence service's covert servers, known by the codename FOXACID. This NSA server coerces the user into connecting to NSA covert systems rather than the intended sites. In the case of Belgacom engineers, instead of reaching the LinkedIn page they were actually trying to visit, they were also directed to FOXACID servers housed on NSA networks. Undetected by the user, the manipulated page transferred malware already custom tailored to match security holes on the target person's computer. The technique can literally be a race between servers, one that is described in internal intelligence agency jargon with phrases like: "Wait for client to initiate new connection," "Shoot!" and "Hope to beat server-to-client response." Like any competition, at times the covert network's surveillance tools are "too slow to win the race." Often enough, though, they are effective. Implants with QUANTUMINSERT, especially when used in conjunction with LinkedIn, now have a success rate of over 50 percent, according to one internal document.
  • At the same time, it is in no way true to say that the NSA has its sights set exclusively on select individuals. Of even greater interest are entire networks and network providers, such as the fiber optic cables that direct a large share of global Internet traffic along the world's ocean floors. One document labeled "top secret" and "not for foreigners" describes the NSA's success in spying on the "SEA-ME-WE-4" cable system. This massive underwater cable bundle connects Europe with North Africa and the Gulf states and then continues on through Pakistan and India, all the way to Malaysia and Thailand. The cable system originates in southern France, near Marseille. Among the companies that hold ownership stakes in it are France Telecom, now known as Orange and still partly government-owned, and Telecom Italia Sparkle. The document proudly announces that, on Feb. 13, 2013, TAO "successfully collected network management information for the SEA-Me-We Undersea Cable Systems (SMW-4)." With the help of a "website masquerade operation," the agency was able to "gain access to the consortium's management website and collected Layer 2 network information that shows the circuit mapping for significant portions of the network."
  • ...3 more annotations...
  • It appears the government hackers succeeded here once again using the QUANTUMINSERT method. The document states that the TAO team hacked an internal website of the operator consortium and copied documents stored there pertaining to technical infrastructure. But that was only the first step. "More operations are planned in the future to collect more information about this and other cable systems," it continues. But numerous internal announcements of successful attacks like the one against the undersea cable operator aren't the exclusive factors that make TAO stand out at the NSA. In contrast to most NSA operations, TAO's ventures often require physical access to their targets. After all, you might have to directly access a mobile network transmission station before you can begin tapping the digital information it provides.
  • To conduct those types of operations, the NSA works together with other intelligence agencies such as the CIA and FBI, which in turn maintain informants on location who are available to help with sensitive missions. This enables TAO to attack even isolated networks that aren't connected to the Internet. If necessary, the FBI can even make an agency-owned jet available to ferry the high-tech plumbers to their target. This gets them to their destination at the right time and can help them to disappear again undetected after as little as a half hour's work.
  • Sometimes it appears that the world's most modern spies are just as reliant on conventional methods of reconnaissance as their predecessors. Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer. These minor disruptions in the parcel shipping business rank among the "most productive operations" conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks "around the world."
  • Paul Merrell on 30 Dec 13
     
    From page 3 of a 3-page article. The entire article is well worth reading. I chose this page to bookmark because of its disclosure that NSA is intercepting new computers before they are delivered and installing hardware and software backdoors, then reshipping them to their intended recipients. Although not mentioned, this implies the complicity of package shipment companies and conceivably government mail systems and original equipment manufacturers ("OEMs").  
Paul Merrell

NSA Spied on Chinese Government and Networking Firm Huawei - SPIEGEL ONLINE - 0 views

www.spiegel.de/...king-firm-huawei-a-960199.html

surveillance state NSA China Huawei NSA-targets

shared by Paul Merrell on 23 Mar 14 - No Cached
  • According to documents viewed by SPIEGEL, America'a NSA intelligence agency put considerable efforts into spying on Chinese politicians and firms. One major target was Huawei, a company that is fast becoming a major Internet player.
  • The American government conducted a major intelligence offensive against China, with targets including the Chinese government and networking company Huawei, according to documents from former NSA worker Edward Snowden that have been viewed by SPIEGEL. Among the American intelligence service's targets were former Chinese President Hu Jintao, the Chinese Trade Ministry, banks, as well as telecommunications companies. But the NSA made a special effort to target Huawei. With 150,000 employees and €28 billion ($38.6 billion) in annual revenues, the company is the world's second largest network equipment supplier. At the beginning of 2009, the NSA began an extensive operation, referred to internally as "Shotgiant," against the company, which is considered a major competitor to US-based Cisco. The company produces smartphones and tablets, but also mobile phone infrastructure, WLAN routers and fiber optic cable -- the kind of technology that is decisive in the NSA's battle for data supremacy. A special unit with the US intelligence agency succeeded in infiltrating Huwaei's network and copied a list of 1,400 customers as well as internal documents providing training to engineers on the use of Huwaei products, among other things.
  • According to a top secret NSA presentation, NSA workers not only succeeded in accessing the email archive, but also the secret source code of individual Huwaei products. Software source code is the holy grail of computer companies. Because Huawei directed all mail traffic from its employees through a central office in Shenzhen, where the NSA had infiltrated the network, the Americans were able to read a large share of the email sent by company workers beginning in January 2009, including messages from company CEO Ren Zhengfei and Chairwoman Sun Yafang. "We currently have good access and so much data that we don't know what to do with it," states one internal document. As justification for targeting the company, an NSA document claims that "many of our targets communicate over Huawei produced products, we want to make sure that we know how to exploit these products." The agency also states concern that "Huawei's widespread infrastructure will provide the PRC (People's Republic of China) with SIGINT capabilities." SIGINT is agency jargon for signals intelligence. The documents do not state whether the agency found information indicating that to be the case.
  • ...2 more annotations...
  • The operation was conducted with the involvement of the White House intelligence coordinator and the FBI. One document states that the threat posed by Huawei is "unique". The agency also stated in a document that "the intelligence community structures are not suited for handling issues that combine economic, counterintelligence, military influence and telecommunications infrastructure from one entity."
  • Editor's note: A longer version of this story will appear in German in the issue of SPIEGEL to be published on Monday.
Paul Merrell

How the NSA Plans to Infect 'Millions' of Computers with Malware - The Intercept - 0 views

firstlook.org/...ect-millions-computers-malware

surveillance state NSA GCHQ NSA-methods malware

shared by Paul Merrell on 13 Mar 14 - No Cached
  • Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.
  • The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands. To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices. In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations. But the NSA recognized that managing a massive network of implants is too big a job for humans alone.
  • “One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).” The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”
  • ...10 more annotations...
  • TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.” In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations. The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)
  • But not all of the NSA’s implants are used to gather intelligence, the secret files show. Sometimes, the agency’s aim is disruption rather than surveillance. QUANTUMSKY, a piece of NSA malware developed in 2004, is used to block targets from accessing certain websites. QUANTUMCOPPER, first tested in 2008, corrupts a target’s file downloads. These two “attack” techniques are revealed on a classified list that features nine NSA hacking tools, six of which are used for intelligence gathering. Just one is used for “defensive” purposes – to protect U.S. government networks against intrusions.
  • The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes. One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer. An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer. The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption. It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world.
  • Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications. Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through a Virtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.
  • Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations. Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers. The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.” The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”
  • Before it can extract data from an implant or use it to attack a system, the NSA must first install the malware on a targeted computer or network. According to one top-secret document from 2012, the agency can deploy malware by sending out spam emails that trick targets into clicking a malicious link. Once activated, a “back-door implant” infects their computers within eight seconds. There’s only one problem with this tactic, codenamed WILLOWVIXEN: According to the documents, the spam method has become less successful in recent years, as Internet users have become wary of unsolicited emails and less likely to click on anything that looks suspicious. Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.
  • To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second. In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.
  • The TURBINE implants system does not operate in isolation. It is linked to, and relies upon, a large network of clandestine surveillance “sensors” that the agency has installed at locations across the world.
  • The NSA’s headquarters in Maryland are part of this network, as are eavesdropping bases used by the agency in Misawa, Japan and Menwith Hill, England. The sensors, codenamed TURMOIL, operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet. When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack. The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter. Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.
  • Documents published with this article: Menwith Hill Station Leverages XKeyscore for Quantum Against Yahoo and Hotmail Five Eyes Hacking Large Routers NSA Technology Directorate Analysis of Converged Data Selector Types There Is More Than One Way to Quantum NSA Phishing Tactics and Man in the Middle Attacks Quantum Insert Diagrams The NSA and GCHQ’s QUANTUMTHEORY Hacking Tactics TURBINE and TURMOIL VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN Industrial-Scale Exploitation Thousands of Implants
  • Paul Merrell on 13 Mar 14
     
    *Very* long article. Only small portions quoted.
1 - 20 of 29 Next ›
Showing 20 items per page