Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged mass-surveillance

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

American Surveillance Now Threatens American Business - The Atlantic - 0 views

www.theatlantic.com/...382821

surveillance state NSA U.S. polls sense-of-privacy data privacy

shared by Paul Merrell on 23 Nov 14 - No Cached
  • What does it look like when a society loses its sense of privacy? <div><a href="http://pubads.g.doubleclick.net/gampad/jump?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drobinson-meyer%26title%3Damerican-surveillance-now-threatens-american-business%26pos%3Din-article&sz=300x250&c=285899172&tile=1" title=""><img style="border:none;" src="http://pubads.g.doubleclick.net/gampad/ad?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drobinson-meyer%26title%3Damerican-surveillance-now-threatens-american-business%26pos%3Din-article&sz=300x250&c=285899172&tile=1" alt="" /></a></div>In the almost 18 months since the Snowden files first received coverage, writers and critics have had to guess at the answer. Does a certain trend, consumer complaint, or popular product epitomize some larger shift? Is trust in tech companies eroding—or is a subset just especially vocal about it? Polling would make those answers clear, but polling so far has been… confused. A new study, conducted by the Pew Internet Project last January and released last week, helps make the average American’s view of his or her privacy a little clearer. And their confidence in their own privacy is ... low. The study's findings—and the statistics it reports—stagger. Vast majorities of Americans are uncomfortable with how the government uses their data, how private companies use and distribute their data, and what the government does to regulate those companies. No summary can equal a recounting of the findings. Americans are displeased with government surveillance en masse:   
  • A new study finds that a vast majority of Americans trust neither the government nor tech companies with their personal data.
  • What does it look like when a society loses its sense of privacy? <div><a href="http://pubads.g.doubleclick.net/gampad/jump?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drobinson-meyer%26title%3Damerican-surveillance-now-threatens-american-business%26pos%3Din-article&sz=300x250&c=285899172&tile=1" title=""><img style="border:none;" src="http://pubads.g.doubleclick.net/gampad/ad?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drobinson-meyer%26title%3Damerican-surveillance-now-threatens-american-business%26pos%3Din-article&sz=300x250&c=285899172&tile=1" alt="" /></a></div>In the almost 18 months since the Snowden files first received coverage, writers and critics have had to guess at the answer. Does a certain trend, consumer complaint, or popular product epitomize some larger shift? Is trust in tech companies eroding—or is a subset just especially vocal about it? Polling would make those answers clear, but polling so far has been… confused. A new study, conducted by the Pew Internet Project last January and released last week, helps make the average American’s view of his or her privacy a little clearer. And their confidence in their own privacy is ... low. The study's findings—and the statistics it reports—stagger. Vast majorities of Americans are uncomfortable with how the government uses their data, how private companies use and distribute their data, and what the government does to regulate those companies. No summary can equal a recounting of the findings. Americans are displeased with government surveillance en masse:   
  • ...3 more annotations...
  • “It’s clear the global community of Internet users doesn’t like to be caught up in the American surveillance dragnet,” Senator Ron Wyden said last month. At the same event, Google chairman Eric Schmidt agreed with him. “What occurred was a loss of trust between America and other countries,” he said, according to the Los Angeles Times. “It's making it very difficult for American firms to do business.” But never mind the world. Americans don’t trust American social networks. More than half of the poll’s respondents said that social networks were “not at all secure. Only 40 percent of Americans believe email or texting is at least “somewhat” secure. Indeed, Americans trusted most of all communication technologies where some protections has been enshrined into the law (though the report didn’t ask about snail mail). That is: Talking on the telephone, whether on a landline or cell phone, is the only kind of communication that a majority of adults believe to be “very secure” or “somewhat secure.”
  • According to the study, 70 percent of Americans are “at least somewhat concerned” with the government secretly obtaining information they post to social networking sites. Eighty percent of respondents agreed that “Americans should be concerned” with government surveillance of telephones and the web. They are also uncomfortable with how private corporations use their data: Ninety-one percent of Americans believe that “consumers have lost control over how personal information is collected and used by companies,” according to the study. Eighty percent of Americans who use social networks “say they are concerned about third parties like advertisers or businesses accessing the data they share on these sites.” And even though they’re squeamish about the government’s use of data, they want it to regulate tech companies and data brokers more strictly: 64 percent wanted the government to do more to regulate private data collection. Since June 2013, American politicians and corporate leaders have fretted over how much the leaks would cost U.S. businesses abroad.
  • (That may seem a bit incongruous, because making a telephone call is one area where you can be almost sure you are being surveilled: The government has requisitioned mass call records from phone companies since 2001. But Americans appear, when discussing security, to differentiate between the contents of the call and data about it.) Last month, Ramsey Homsany, the general counsel of Dropbox, said that one big thing could take down the California tech scene. “We have built this incredible economic engine in this region of the country,” said Homsany in the Los Angeles Times, “and [mistrust] is the one thing that starts to rot it from the inside out.” According to this poll, the mistrust has already begun corroding—and is already, in fact, well advanced. We’ve always assumed that the great hurt to American business will come globally—that citizens of other nations will stop using tech companies’s services. But the new Pew data shows that Americans suspect American businesses just as much. And while, unlike citizens of other nations, they may not have other places to turn, they may stop putting sensitive or delicate information online.
Paul Merrell

Congress Is Irrelevant on Mass Surveillance. Here's What Matters Instead. - The Intercept - 0 views

firstlook.org/...topping-nsas-mass-surveillance

surveillance state nsa-reform

shared by Paul Merrell on 20 Nov 14 - No Cached
  • The “USA Freedom Act”—the proponents of which were heralding as “NSA reform” despite its suffocatingly narrow scope—died in the august U.S. Senate last night when it attracted only 58 of the 60 votes needed to close debate and move on to an up-or-down vote. All Democratic and independent senators except one (Bill Nelson of Florida) voted in favor of the bill, as did three tea-party GOP Senators (Ted Cruz, Mike Lee, and Dean Heller). One GOP Senator, Rand Paul, voted against it on the ground that it did not go nearly far enough in reining in the NSA. On Monday, the White House had issued a statement “strongly supporting” the bill. The “debate” among the Senators that preceded the vote was darkly funny and deeply boring, in equal measure. The black humor was due to the way one GOP senator after the next—led by ranking intelligence committee member Saxby Chambliss of Georgia (pictured above)—stood up and literally screeched about 9/11 and ISIS over and over and over, and then sat down as though they had made a point.
  • So the pro-NSA Republican senators were actually arguing that if the NSA were no longer allowed to bulk-collect the communication records of Americans inside the U.S., then ISIS would kill you and your kids. But because they were speaking in an empty chamber and only to their warped and insulated D.C. circles and sycophantic aides, there was nobody there to cackle contemptuously or tell them how self-evidently moronic it all was. So they kept their Serious Faces on like they were doing The Nation’s Serious Business, even though what was coming out of their mouths sounded like the demented ramblings of a paranoid End is Nigh cult. The boredom of this spectacle was simply due to the fact that this has been seen so many times before—in fact, every time in the post-9/11 era that the U.S. Congress pretends publicly to debate some kind of foreign policy or civil liberties bill. Just enough members stand up to scream “9/11″ and “terrorism” over and over until the bill vesting new powers is passed or the bill protecting civil liberties is defeated.
  • Eight years ago, when this tawdry ritual was still a bit surprising to me, I live-blogged the 2006 debate over passage of the Military Commissions Act, which, with bipartisan support, literally abolished habeas corpus rights established by the Magna Carta by sanctioning detention without charges or trial. (My favorite episode there was when GOP Sen. Arlen Specter warned that “what the bill seeks to do is set back basic rights by some nine hundred years,” and then voted in favor of its enactment.) In my state of naive disbelief, as one senator after the next thundered about the “message we are sending” to “the terrorists,” I wrote: “The quality of the ‘debate’ on the Senate floor is so shockingly (though appropriately) low and devoid of substance that it is hard to watch.” So watching last night’s Senate debate was like watching a repeat of some hideously shallow TV show. The only new aspect was that the aging Al Qaeda villain has been rather ruthlessly replaced by the show’s producers with the younger, sleeker ISIS model. Showing no gratitude at all for the years of value it provided these senators, they ignored the veteran terror group almost completely in favor of its new replacement. And they proceeded to save a domestic surveillance program clearly unpopular among those they pretend to represent.
  • ...8 more annotations...
  • Ever since the Snowden reporting began and public opinion (in both the U.S. and globally) began radically changing, the White House’s strategy has been obvious. It’s vintage Obama: Enact something that is called “reform”—so that he can give a pretty speech telling the world that he heard and responded to their concerns—but that in actuality changes almost nothing, thus strengthening the very system he can pretend he “changed.” That’s the same tactic as Silicon Valley, which also supported this bill: Be able to point to something called “reform” so they can trick hundreds of millions of current and future users around the world into believing that their communications are now safe if they use Facebook, Google, Skype and the rest. In pretty much every interview I’ve done over the last year, I’ve been asked why there haven’t been significant changes from all the disclosures. I vehemently disagree with the premise of the question, which equates “U.S. legislative changes” with “meaningful changes.” But it has been clear from the start that U.S. legislation is not going to impose meaningful limitations on the NSA’s powers of mass surveillance, at least not fundamentally. Those limitations are going to come from—are now coming from —very different places:
  • All of that illustrates what is, to me, the most important point from all of this: the last place one should look to impose limits on the powers of the U.S. government is . . . the U.S. government. Governments don’t walk around trying to figure out how to limit their own power, and that’s particularly true of empires. The entire system in D.C. is designed at its core to prevent real reform. This Congress is not going to enact anything resembling fundamental limits on the NSA’s powers of mass surveillance. Even if it somehow did, this White House would never sign it. Even if all that miraculously happened, the fact that the U.S. intelligence community and National Security State operates with no limits and no oversight means they’d easily co-opt the entire reform process. That’s what happened after the eavesdropping scandals of the mid-1970s led to the establishment of congressional intelligence committees and a special FISA “oversight” court—the committees were instantly captured by putting in charge supreme servants of the intelligence community like Senators Dianne Feinstein and Chambliss, and Congressmen Mike Rogers and “Dutch” Ruppersberger, while the court quickly became a rubber stamp with subservient judges who operate in total secrecy.
  • There is a real question about whether the defeat of this bill is good, bad, or irrelevant. To begin with, it sought to change only one small sliver of NSA mass surveillance (domestic bulk collection of phone records under section 215 of the Patriot Act) while leaving completely unchanged the primary means of NSA mass surveillance, which takes place under section 702 of the FISA Amendments Act, based on the lovely and quintessentially American theory that all that matters are the privacy rights of Americans (and not the 95 percent of the planet called “non-Americans”). There were some mildly positive provisions in the USA Freedom Act: the placement of “public advocates” at the FISA court to contest the claims of the government; the prohibition on the NSA holding Americans’ phone records, requiring instead that they obtain FISA court approval before seeking specific records from the telecoms (which already hold those records for at least 18 months); and reducing the agency’s “contact chaining” analysis from three hops to two. One could reasonably argue (as the ACLU and EFF did) that, though woefully inadequate, the bill was a net-positive as a first step toward real reform, but one could also reasonably argue, as Marcy Wheeler has with characteristic insight, that the bill is so larded with ambiguities and fundamental inadequacies that it would forestall better options and advocates for real reform should thus root for its defeat.
  • 1) Individuals refusing to use internet services that compromise their privacy.
  • 2) Other countries taking action against U.S. hegemony over the internet.
  • 3) U.S. court proceedings.
  • 4) Greater individual demand for, and use of, encryption.
  • The “USA Freedom Act”—which its proponents were heralding as “NSA reform” despite its suffocatingly narrow scope—died in the august U.S. Senate last night when it attracted only 58 of the 60 votes needed to close debate and move on to an up-or-down vote. All Democratic and independent senators except one (Bill Nelson of Florida) voted in favor of the bill, as did three tea-party GOP Senators (Ted Cruz, Mike Lee, and Dean Heller). One GOP Senator, Rand Paul, voted against it on the ground that it did not go nearly far enough in reining in the NSA. On Monday, the White House had issued a statement “strongly supporting” the bill.
  • Paul Merrell on 20 Nov 14
     
    Glenn Greenwald on why the death of the USA Freedom Act is actually a Very Good Thing. I couldn't agree more.
Paul Merrell

POGO Adds its Voice to Calls for Secret Law Oversight - 0 views

www.pogo.org/...-for-secret-law-oversight.html

surveillance state mass-surveillance legislation NSA-reform must-read

shared by Paul Merrell on 25 Apr 15 - No Cached
  • April 21, 2015 Dear Chairman Goodlatte, Ranking Member Conyers, Chairman Grassley, and Ranking Member Leahy: We urge you to end mass surveillance of Americans. Among us are civil liberties organizations from across the political spectrum that speak for millions of people, businesses, whistleblowers, and experts. The impending expiration of three USA PATRIOT Act provisions on June 1 is a golden opportunity to end mass surveillance and enact additional reforms. Current surveillance practices are virtually limitless. They are unnecessary, counterproductive, and costly. They undermine our economy and the public’s trust in government. And they undercut the proper functioning of government. Meaningful surveillance reform entails congressional repeal of laws and protocols the Executive secretly interprets to permit current mass surveillance practices. Additionally, it requires Congress to appreciably increase transparency, oversight, and accountability of intelligence agencies, especially those that have acted unconstitutionally.
  • A majority of the House of Representatives already has voted against mass surveillance. The Massie-Lofgren amendment to the National Defense Authorization Act [i] garnered 293 votes in support of defunding “backdoor searches.” Unfortunately, that amendment was not included in the “CRomnibus"[ii] despite overwhelming support.  We urge you to act once again to vindicate our fundamental liberties.
  • Paul Merrell on 25 Apr 15
     
    Finally! A proposal for mass-surveillance reform that goes far beyond prior overly-modest proposals backed by ACLU, Electronic Frontier Foundation, etc., that were based on negotiation with members of Congress. This proposal is backed by a wide range of other organizations. A must-read.
Paul Merrell

EFF's Game Plan for Ending Global Mass Surveillance | Electronic Frontier Foundation - 0 views

www.eff.org/...nding-global-mass-surveillance

surveillance state global-privacy digital-privacy EFF-global-plan

shared by Paul Merrell on 31 Jan 15 - No Cached
  • We have a problem when it comes to stopping mass surveillance.  The entity that’s conducting the most extreme and far-reaching surveillance against most of the world’s communications—the National Security Agency—is bound by United States law.  That’s good news for Americans. U.S. law and the Constitution protect American citizens and legal residents from warrantless surveillance. That means we have a very strong legal case to challenge mass surveillance conducted domestically or that sweeps in Americans’ communications.  Similarly, the United States Congress is elected by American voters. That means Congressional representatives are beholden to the American people for their jobs, so public pressure from constituents can help influence future laws that might check some of the NSA’s most egregious practices. But what about everyone else? What about the 96% of the world’s population who are citizens of other countries, living outside U.S. borders. They don't get a vote in Congress. And current American legal protections generally only protect citizens, legal residents, or those physically located within the United States. So what can EFF do to protect the billions of people outside the United States who are victims of the NSA’s spying?
  • For years, we’ve been working on a strategy to end mass surveillance of digital communications of innocent people worldwide. Today we’re laying out the plan, so you can understand how all the pieces fit together—that is, how U.S. advocacy and policy efforts connect to the international fight and vice versa. Decide for yourself where you can get involved to make the biggest difference. This plan isn’t for the next two weeks or three months. It’s a multi-year battle that may need to be revised many times as we better understand the tools and authorities of entities engaged in mass surveillance and as more disclosures by whistleblowers help shine light on surveillance abuses.
Paul Merrell

DEA Global Surveillance Dragnet Exposed; Access to Data Likely Continues - The Intercept - 0 views

firstlook.org/...e-phone-records-crisscross-nsa

surveillance state DEA EO-12333 litigation Human-Rights-Watch

shared by Paul Merrell on 09 May 15 - No Cached
  • Secret mass surveillance conducted by the Drug Enforcement Administration is falling under renewed scrutiny after fresh revelations about the broad scope of the agency’s electronic spying. On Tuesday, USA Today reported that for more than two decades, dating back to 1992, the DEA and the Justice Department “amassed logs of virtually all telephone calls from the USA to as many as 116 countries linked to drug trafficking.” Citing anonymous current and former officials “involved with the operation,” USA Today reported that Americans’ calls were logged between the United States and targeted countries and regions including Canada, Mexico, and Central and South America.
  • The DEA’s data dragnet was apparently shut down by Attorney General Eric Holder in September 2013. But on Wednesday, following USA Today’s report, Human Rights Watch launched a lawsuit against the DEA over its bulk collection of phone records and is seeking a retrospective declaration that the surveillance was unlawful. The latest revelations shine more light on the broad scope of the DEA’s involvement in mass surveillance programs, which can be traced back to a secret program named “Project Crisscross” in the early 1990s, as The Intercept previously revealed. Documents from National Security Agency whistleblower Edward Snowden, published by The Intercept in August last year, showed that the DEA was involved in collecting and sharing billions of phone records alongside agencies such as the NSA, the CIA and the FBI.
  • The vast program reported on by USA Today shares some of the same hallmarks of Project Crisscross: it began in the early 1990s, was ostensibly aimed at gathering intelligence about drug trafficking, and targeted countries worldwide, with focus on Central and South America. It is also reminiscent of the so-called Hemisphere Project, a DEA operation revealed in September 2013 by The New York Times, which dated as far back as 1987, and used subpoenas to collect vast amounts of international call records every day. There is crossover, too, with a DEA database called DICE, revealed by Reuters in August 2013, which reportedly contains phone and Internet communication records gathered by the DEA through subpoenas and search warrants nationwide. The precise relationship between Crisscross, DICE, Hemisphere and the surveillance program revealed by USA Today is unclear. Whether or not they were part of a single overarching operation, the phone records and other data collected by each were likely accessible to DEA agents through the same computer interfaces and search and analysis tools.
  • ...3 more annotations...
  • A Justice Department spokesman told Reuters Wednesday that “all of the information has been deleted” and that the DEA was “no longer collecting bulk telephony metadata from U.S. service providers.” What the spokesman did not say is that the DEA has access to troves of phone records from multiple sources — and not all of them are obtained from U.S. service providers. As The Intercept’s reporting on Project Crisscross revealed, the DEA has had large-scale access to data covertly collected by the NSA, CIA and other agencies for years. According to NSA documents obtained by Snowden, the DEA can sift through billions of metadata records collected by other agencies about emails, phone calls, faxes, Internet chats and text messages using systems named ICREACH and CRISSCROSS/PROTON.
  • Notably, the DEA spying reported by USA Today encompassed phone records collected by the DEA using administrative subpoenas to obtain data from phone companies without the approval of a judge. The phone records collected by the agency as part of Project Hemisphere and the data stored on the DICE system were also collected through subpoenas and warrants. But ICREACH alone was designed to handle two to five billion new records every day — the majority of them not collected using any conventional search warrant or a subpoena. Instead, most of the data accessible to the DEA through ICREACH is vacuumed up by the NSA using Executive Order 12333, a controversial Reagan-era presidential directive that underpins several NSA bulk surveillance operations that monitor communications overseas. The 12333 surveillance takes place with no court oversight and has received minimal Congressional scrutiny because it is targeted at foreign, not domestic, communication networks.
  • This means that some of the DEA’s access to mass surveillance data — records collected in bulk through subpoenas or warrants — may have been shut down by Holder in 2013. But it is likely that the agency still has the ability to tap into other huge data repositories, and questions remain about how that access is being used.
  • Paul Merrell on 09 May 15
     
    How many ways do I love thee? ... Just a few minutes. I have to consult my haystacks.  'Twas on August 20, 1982 when Ronald Reagan formally declered "War on Drugs," thereby sweeping U.S. Drug Enforcement Administration records under the umbrella of "national security" secrets. Concurrently, a document was produced by the White House that mentioned that the forerunners of today's "fusion centers" would be created to begin trawling government databases for information to wage that war, including medical records held by the then-Veterans Administration. I''ve been keeping an eye on those rascals ever since. Believe me, we have merely scratched the surface of a very few of the Feds' "haystacks." There are very many to go before they're all rooted out into the sunlight.  
Paul Merrell

Canada Casts Global Surveillance Dragnet Over File Downloads - The Intercept - 0 views

firstlook.org/...e-levitation-mass-surveillance

surveillance state Canada CSE NSA-targets downloads

shared by Paul Merrell on 29 Jan 15 - No Cached
  • Canada’s leading surveillance agency is monitoring millions of Internet users’ file downloads in a dragnet search to identify extremists, according to top-secret documents. The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files. The revelations about the spying initiative, codenamed LEVITATION, are the first from the trove of files provided by National Security Agency whistleblower Edward Snowden to show that the Canadian government has launched its own globe-spanning Internet mass surveillance system. According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA. (The Canadian agency was formerly known as “CSEC” until a recent name change.)
  • The latest disclosure sheds light on Canada’s broad existing surveillance capabilities at a time when the country’s government is pushing for a further expansion of security powers following attacks in Ottawa and Quebec last year. Ron Deibert, director of University of Toronto-based Internet security think tank Citizen Lab, said LEVITATION illustrates the “giant X-ray machine over all our digital lives.” “Every single thing that you do – in this case uploading/downloading files to these sites – that act is being archived, collected and analyzed,” Deibert said, after reviewing documents about the online spying operation for CBC News. David Christopher, a spokesman for Vancouver-based open Internet advocacy group OpenMedia.ca, said the surveillance showed “robust action” was needed to rein in the Canadian agency’s operations.
  • In a top-secret PowerPoint presentation, dated from mid-2012, an analyst from the agency jokes about how, while hunting for extremists, the LEVITATION system gets clogged with information on innocuous downloads of the musical TV series Glee. CSE finds some 350 “interesting” downloads each month, the presentation notes, a number that amounts to less than 0.0001 per cent of the total collected data. The agency stores details about downloads and uploads to and from 102 different popular file-sharing websites, according to the 2012 document, which describes the collected records as “free file upload,” or FFU, “events.” Only three of the websites are named: RapidShare, SendSpace, and the now defunct MegaUpload.
  • ...3 more annotations...
  • LEVITATION does not rely on cooperation from any of the file-sharing companies. A separate secret CSE operation codenamed ATOMIC BANJO obtains the data directly from internet cables that it has tapped into, and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites. The IP addresses are valuable pieces of information to CSE’s analysts, helping to identify people whose downloads have been flagged as suspicious. The analysts use the IP addresses as a kind of search term, entering them into other surveillance databases that they have access to, such as the vast repositories of intercepted Internet data shared with the Canadian agency by the NSA and its British counterpart Government Communications Headquarters. If successful, the searches will return a list of results showing other websites visited by the people downloading the files – in some cases revealing associations with Facebook or Google accounts. In turn, these accounts may reveal the names and the locations of individual downloaders, opening the door for further surveillance of their activities.
  • “The specific uses that they talk about in this [counter-terrorism] context may not be the problem, but it’s what else they can do,” said Tamir Israel, a lawyer with the University of Ottawa’s Canadian Internet Policy and Public Interest Clinic. Picking which downloads to monitor is essentially “completely at the discretion of CSE,” Israel added. The file-sharing surveillance also raises questions about the number of Canadians whose downloading habits could have been swept up as part of LEVITATION’s dragnet. By law, CSE isn’t allowed to target Canadians. In the LEVITATION presentation, however, two Canadian IP addresses that trace back to a web server in Montreal appear on a list of suspicious downloads found across the world. The same list includes downloads that CSE monitored in closely allied countries, including the United Kingdom, United States, Spain, Brazil, Germany and Portugal. It is unclear from the document whether LEVITATION has ever prevented any terrorist attacks. The agency cites only two successes of the program in the 2012 presentation: the discovery of a hostage video through a previously unknown target, and an uploaded document that contained the hostage strategy of a terrorist organization. The hostage in the discovered video was ultimately killed, according to public reports.
  • Canada’s leading surveillance agency is monitoring millions of Internet users’ file downloads in a dragnet search to identify extremists, according to top-secret documents. The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files. The revelations about the spying initiative, codenamed LEVITATION, are the first from the trove of files provided by National Security Agency whistleblower Edward Snowden to show that the Canadian government has launched its own globe-spanning Internet mass surveillance system. According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA. (The Canadian agency was formerly known as “CSEC” until a recent name change.)
Paul Merrell

The Fundamentals of US Surveillance: What Edward Snowden Never Told Us? | Global Resear... - 0 views

www.globalresearch.ca/...5477125

surveillance state NSA GCHQ reciprocal-surveillance civil-liberties

shared by Paul Merrell on 21 Sep 15 - No Cached
  • Former US intelligence contractor Edward Snowden’s revelations rocked the world.  According to his detailed reports, the US had launched massive spying programs and was scrutinizing the communications of American citizens in a manner which could only be described as extreme and intense. The US’s reaction was swift and to the point. “”Nobody is listening to your telephone calls,” President Obama said when asked about the NSA. As quoted in The Guardian,  Obama went on to say that surveillance programs were “fully overseen not just by Congress but by the Fisa court, a court specially put together to evaluate classified programs to make sure that the executive branch, or government generally, is not abusing them”. However, it appears that Snowden may have missed a pivotal part of the US surveillance program. And in stating that the “nobody” is not listening to our calls, President Obama may have been fudging quite a bit.
  • In fact, Great Britain maintains a “listening post” at NSA HQ. The laws restricting live wiretaps do not apply to foreign countries  and thus this listening post  is not subject to  US law.  In other words, the restrictions upon wiretaps, etc. do not apply to the British listening post.  So when Great Britain hands over the recordings to the NSA, technically speaking, a law is not being broken and technically speaking, the US is not eavesdropping on our each and every call. It is Great Britain which is doing the eavesdropping and turning over these records to US intelligence. According to John Loftus, formerly an attorney with  the Department of Justice and author of a number of books concerning US intelligence activities, back in the late seventies  the USDOJ issued a memorandum proposing an amendment to FISA. Loftus, who recalls seeing  the memo, stated in conversation this week that the DOJ proposed inserting the words “by the NSA” into the FISA law  so the scope of the law would only restrict surveillance by the NSA, not by the British.  Any subsequent sharing of the data culled through the listening posts was strictly outside the arena of FISA. Obama was less than forthcoming when he insisted that “What I can say unequivocally is that if you are a US person, the NSA cannot listen to your telephone calls, and the NSA cannot target your emails … and have not.”
  • According to Loftus, the NSA is indeed listening as Great Britain is turning over the surveillance records en masse to that agency. Loftus states that the arrangement is reciprocal, with the US maintaining a parallel listening post in Great Britain. In an interview this past week, Loftus told this reporter that  he believes that Snowden simply did not know about the arrangement between Britain and the US. As a contractor, said Loftus, Snowden would not have had access to this information and thus his detailed reports on the extent of US spying, including such programs as XKeyscore, which analyzes internet data based on global demographics, and PRISM, under which the telecommunications companies, such as Google, Facebook, et al, are mandated to collect our communications, missed the critical issue of the FISA loophole.
  • ...2 more annotations...
  • U.S. government officials have defended the program by asserting it cannot be used on domestic targets without a warrant. But once again, the FISA courts and their super-secret warrants  do not apply to foreign government surveillance of US citizens. So all this sturm and drang about whether or not the US is eavesdropping on our communications is, in fact, irrelevant and diversionary.
  • In fact, the USA Freedom Act reinstituted a number of the surveillance protocols of Section 215, including  authorization for  roving wiretaps  and tracking “lone wolf terrorists.”  While mainstream media heralded the passage of the bill as restoring privacy rights which were shredded under 215, privacy advocates have maintained that the bill will do little, if anything, to reverse the  surveillance situation in the US. The NSA went on the record as supporting the Freedom Act, stating it would end bulk collection of telephone metadata. However, in light of the reciprocal agreement between the US and Great Britain, the entire hoopla over NSA surveillance, Section 215, FISA courts and the USA Freedom Act could be seen as a giant smokescreen. If Great Britain is collecting our real time phone conversations and turning them over to the NSA, outside the realm or reach of the above stated laws, then all this posturing over the privacy rights of US citizens and surveillance laws expiring and being resurrected doesn’t amount to a hill of CDs.
Paul Merrell

Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahama... - 0 views

firstlook.org/...-every-cell-phone-call-bahamas

surveillance state NSA DEA cell-phone-dragnet-recording

shared by Paul Merrell on 20 May 14 - No Cached
  • The National Security Agency is secretly intercepting, recording, and archiving the audio of virtually every cell phone conversation on the island nation of the Bahamas. According to documents provided by NSA whistleblower Edward Snowden, the surveillance is part of a top-secret system – code-named SOMALGET – that was implemented without the knowledge or consent of the Bahamian government. Instead, the agency appears to have used access legally obtained in cooperation with the U.S. Drug Enforcement Administration to open a backdoor to the country’s cellular telephone network, enabling it to covertly record and store the “full-take audio” of every mobile call made to, from and within the Bahamas – and to replay those calls for up to a month. SOMALGET is part of a broader NSA program called MYSTIC, which The Intercept has learned is being used to secretly monitor the telecommunications systems of the Bahamas and several other countries, including Mexico, the Philippines, and Kenya. But while MYSTIC scrapes mobile networks for so-called “metadata” – information that reveals the time, source, and destination of calls – SOMALGET is a cutting-edge tool that enables the NSA to vacuum up and store the actual content of every conversation in an entire country.
  • All told, the NSA is using MYSTIC to gather personal data on mobile calls placed in countries with a combined population of more than 250 million people. And according to classified documents, the agency is seeking funding to export the sweeping surveillance capability elsewhere. The program raises profound questions about the nature and extent of American surveillance abroad. The U.S. intelligence community routinely justifies its massive spying efforts by citing the threats to national security posed by global terrorism and unpredictable rival nations like Russia and Iran. But the NSA documents indicate that SOMALGET has been deployed in the Bahamas to locate “international narcotics traffickers and special-interest alien smugglers” – traditional law-enforcement concerns, but a far cry from derailing terror plots or intercepting weapons of mass destruction.
  • By targeting the Bahamas’ entire mobile network, the NSA is intentionally collecting and retaining intelligence on millions of people who have not been accused of any crime or terrorist activity. Nearly five million Americans visit the country each year, and many prominent U.S. citizens keep homes there, including Sen. Tom Harkin (D-Iowa), Bill Gates, and Oprah Winfrey.
  • ...12 more annotations...
  • The Intercept has confirmed that as of 2013, the NSA was actively using MYSTIC to gather cell-phone metadata in five countries, and was intercepting voice data in two of them. Documents show that the NSA has been generating intelligence reports from MYSTIC surveillance in the Bahamas, Mexico, Kenya, the Philippines, and one other country, which The Intercept is not naming in response to specific, credible concerns that doing so could lead to increased violence. The more expansive full-take recording capability has been deployed in both the Bahamas and the unnamed country. MYSTIC was established in 2009 by the NSA’s Special Source Operations division, which works with corporate partners to conduct surveillance. Documents in the Snowden archive describe it as a “program for embedded collection systems overtly installed on target networks, predominantly for the collection and processing of wireless/mobile communications networks.”
  • If an entire nation’s cell-phone calls were a menu of TV shows, MYSTIC would be a cable programming guide showing which channels offer which shows, and when. SOMALGET would be the DVR that automatically records every show on every channel and stores them for a month. MYSTIC provides the access; SOMALGET provides the massive amounts of storage needed to archive all those calls so that analysts can listen to them at will after the fact. According to one NSA document, SOMALGET is “deployed against entire networks” in the Bahamas and the second country, and processes “over 100 million call events per day.”
  • When U.S. drug agents need to tap a phone of a suspected drug kingpin in another country, they call up their counterparts and ask them set up an intercept. To facilitate those taps, many nations – including the Bahamas – have hired contractors who install and maintain so-called lawful intercept equipment on their telecommunications. With SOMALGET, it appears that the NSA has used the access those contractors developed to secretly mine the country’s entire phone system for “signals intelligence” –recording every mobile call in the country. “Host countries,” the document notes, “are not aware of NSA’s SIGINT collection.” “Lawful intercept systems engineer communications vulnerabilities into networks, forcing the carriers to weaken,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “Host governments really should be thinking twice before they accept one of these Trojan horses.”
  • The DEA has long been in a unique position to help the NSA gain backdoor access to foreign phone networks. “DEA has close relationships with foreign government counterparts and vetted foreign partners,” the manager of the NSA’s drug-war efforts reported in a 2004 memo. Indeed, with more than 80 international offices, the DEA is one of the most widely deployed U.S. agencies around the globe. But what many foreign governments fail to realize is that U.S. drug agents don’t confine themselves to simply fighting narcotics traffickers. “DEA is actually one of the biggest spy operations there is,” says Finn Selander, a former DEA special agent who works with the drug-reform advocacy group Law Enforcement Against Prohibition. “Our mandate is not just drugs. We collect intelligence.” What’s more, Selander adds, the NSA has aided the DEA for years on surveillance operations. “On our reports, there’s drug information and then there’s non-drug information,” he says. “So countries let us in because they don’t view us, really, as a spy organization.”
  • “I seriously don’t think that would be your run-of-the-mill legal interception equipment,” says the former engineer, who worked with hardware and software that typically maxed out at 1,000 intercepts. The NSA, by contrast, is recording and storing tens of millions of calls – “mass surveillance,” he observes, that goes far beyond the standard practices for lawful interception recognized around the world. The Bahamas Telecommunications Company did not respond to repeated phone calls and emails.
  • The proliferation of private contractors has apparently provided the NSA with direct access to foreign phone networks. According to the documents, MYSTIC draws its data from “collection systems” that were overtly installed on the telecommunications systems of targeted countries, apparently by corporate “partners” cooperating with the NSA. One NSA document spells out that “the overt purpose” given for accessing foreign telecommunications systems is “for legitimate commercial service for the Telco’s themselves.” But the same document adds: “Our covert mission is the provision of SIGINT,” or signals intelligence.
  • According to the NSA documents, MYSTIC targets calls and other data transmitted on  Global System for Mobile Communications networks – the primary framework used for cell phone calls worldwide. In the Philippines, MYSTIC collects “GSM, Short Message Service (SMS) and Call Detail Records” via access provided by a “DSD asset in a Philippine provider site.” (The DSD refers to the Defence Signals Directorate, an arm of Australian intelligence. The Australian consulate in New York declined to comment.) The operation in Kenya is “sponsored” by the CIA, according to the documents, and collects “GSM metadata with the potential for content at a later date.” The Mexican operation is likewise sponsored by the CIA. The documents don’t say how or under what pretenses the agency is gathering call data in those countries. In the Bahamas, the documents say, the NSA intercepts GSM data that is transmitted over what is known as the “A link”–or “A interface”–a core component of many mobile networks. The A link transfers data between two crucial parts of GSM networks – the base station subsystem, where phones in the field communicate with cell towers, and the network subsystem, which routes calls and text messages to the appropriate destination. “It’s where all of the telephone traffic goes,” says the former engineer.
  • When U.S. drug agents wiretap a country’s phone networks, they must comply with the host country’s laws and work alongside their law enforcement counterparts. “The way DEA works with our allies – it could be Bahamas or Jamaica or anywhere – the host country has to invite us,” says Margolis. “We come in and provide the support, but they do the intercept themselves.” The Bahamas’ Listening Devices Act requires all wiretaps to be authorized in writing either by the minister of national security or the police commissioner in consultation with the attorney general. The individuals to be targeted must be named. Under the nation’s Data Protection Act, personal data may only be “collected by means which are both lawful and fair in the circumstances of the case.” The office of the Bahamian data protection commissioner, which administers the act, said in a statement that it “was not aware of the matter you raise.” Countries like the Bahamas don’t install lawful intercepts on their own. With the adoption of international standards, a thriving market has emerged for private firms that are contracted by foreign governments to install and maintain lawful intercept equipment. Currently valued at more than $128 million, the global market for private interception services is expected to skyrocket to more than $970 million within the next four years, according to a 2013 report from the research firm Markets and Markets.
  • If the U.S. government wanted to make a case for surveillance in the Bahamas, it could point to the country’s status as a leading haven for tax cheats, corporate shell games, and a wide array of black-market traffickers. The State Department considers the Bahamas both a “major drug-transit country” and a “major money laundering country” (a designation it shares with more than 60 other nations, including the U.S.). According to the International Monetary Fund, as of 2011 the Bahamas was home to 271 banks and trust companies with active licenses. At the time, the Bahamian banks held $595 billion in U.S. assets. But the NSA documents don’t reflect a concerted focus on the money launderers and powerful financial institutions – including numerous Western banks – that underpin the black market for narcotics in the Bahamas. Instead, an internal NSA presentation from 2013 recounts with pride how analysts used SOMALGET to locate an individual who “arranged Mexico-to-United States marijuana shipments” through the U.S. Postal Service.
  • The presentation doesn’t say whether the NSA shared the information with the DEA. But the drug agency’s Special Operations Divison has come under fire for improperly using classified information obtained by the NSA to launch criminal investigations – and then creating false narratives to mislead courts about how the investigations began. The tactic – known as parallel construction – was first reported by Reuters last year, and is now under investigation by the Justice Department’s inspector general. So: Beyond a desire to bust island pot dealers, why would the NSA choose to apply a powerful collection tool such as SOMALGET against the Bahamas, which poses virtually no threat to the United States? The answer may lie in a document that characterizes the Bahamas operation as a “test bed for system deployments, capabilities, and improvements” to SOMALGET. The country’s small population – fewer than 400,000 residents – provides a manageable sample to try out the surveillance system’s features. Since SOMALGET is also operational in one other country, the Bahamas may be used as a sort of guinea pig to beta-test improvements and alterations without impacting the system’s operations elsewhere. “From an engineering point of view it makes perfect sense,” says the former engineer. “Absolutely.”
  • SOMALGET operates under Executive Order 12333, a Reagan-era rule establishing wide latitude for the NSA and other intelligence agencies to spy on other countries, as long as the attorney general is convinced the efforts are aimed at gathering foreign intelligence. In 2000, the NSA assured Congress that all electronic surveillance performed under 12333 “must be conducted in a manner that minimizes the acquisition, retention, and dissemination of information about unconsenting U.S. persons.” In reality, many legal experts point out, the lack of judicial oversight or criminal penalties for violating the order render the guidelines meaningless. “I think it would be open, whether it was legal or not,” says German, the former FBI agent. “Because we don’t have all the facts about how they’re doing it. For a long time, the NSA has been interpreting their authority in the broadest possible way, even beyond what an objective observer would say was reasonable.” “An American citizen has Fourth Amendment rights wherever they are,” adds Kurt Opsahl, an attorney with the Electronic Frontier Foundation. “Nevertheless, there have certainly been a number of things published over the last year which suggest that there are broad, sweeping programs that the NSA and other government agencies are doing abroad that sweep up the communications of Americans.”
  • Legal or not, the NSA’s covert surveillance of an entire nation suggests that it will take more than the president’s tepid “limits” to rein in the ambitions of the intelligence community. “It’s almost like they have this mentality – if we can, we will,” says German. “There’s no analysis of the long-term risks of doing it, no analysis of whether it’s actually worth the effort, no analysis of whether we couldn’t take those resources and actually put them on real threats and do more good.” It’s not surprising, German adds, that the government’s covert program in the Bahamas didn’t remain covert. “The undermining of international law and international cooperation is such a long-term negative result of these programs that they had to know would eventually be exposed, whether through a leak, whether through a spy, whether through an accident,” he says. “Nothing stays secret forever. It really shows the arrogance of these agencies – they were just going to do what they were going to do, and they weren’t really going to consider any other important aspects of how our long-term security needs to be addressed.”
  • Paul Merrell on 20 May 14
     
    Words fail me.
Paul Merrell

Exclusive: Inside America's Plan to Kill Online Privacy Rights Everywhere | The Cable - 0 views

thecable.foreignpolicy.com/...line_privacy_rights_everywhere

surveillance state NSA NSA-blowback UN digital-privacy human rights

shared by Paul Merrell on 22 Nov 13 - No Cached
  • The United States and its key intelligence allies are quietly working behind the scenes to kneecap a mounting movement in the United Nations to promote a universal human right to online privacy, according to diplomatic sources and an internal American government document obtained by The Cable. The diplomatic battle is playing out in an obscure U.N. General Assembly committee that is considering a proposal by Brazil and Germany to place constraints on unchecked internet surveillance by the National Security Agency and other foreign intelligence services. American representatives have made it clear that they won't tolerate such checks on their global surveillance network. The stakes are high, particularly in Washington -- which is seeking to contain an international backlash against NSA spying -- and in Brasilia, where Brazilian President Dilma Roussef is personally involved in monitoring the U.N. negotiations.
  • The Brazilian and German initiative seeks to apply the right to privacy, which is enshrined in the International Covenant on Civil and Political Rights (ICCPR), to online communications. Their proposal, first revealed by The Cable, affirms a "right to privacy that is not to be subjected to arbitrary or unlawful interference with their privacy, family, home, or correspondence." It notes that while public safety may "justify the gathering and protection of certain sensitive information," nations "must ensure full compliance" with international human rights laws. A final version the text is scheduled to be presented to U.N. members on Wednesday evening and the resolution is expected to be adopted next week. A draft of the resolution, which was obtained by The Cable, calls on states to "to respect and protect the right to privacy," asserting that the "same rights that people have offline must also be protected online, including the right to privacy." It also requests the U.N. high commissioner for human rights, Navi Pillay, present the U.N. General Assembly next year with a report on the protection and promotion of the right to privacy, a provision that will ensure the issue remains on the front burner.
  • Publicly, U.S. representatives say they're open to an affirmation of privacy rights. "The United States takes very seriously our international legal obligations, including those under the International Covenant on Civil and Political Rights," Kurtis Cooper, a spokesman for the U.S. mission to the United Nations, said in an email. "We have been actively and constructively negotiating to ensure that the resolution promotes human rights and is consistent with those obligations." But privately, American diplomats are pushing hard to kill a provision of the Brazilian and German draft which states that "extraterritorial surveillance" and mass interception of communications, personal information, and metadata may constitute a violation of human rights. The United States and its allies, according to diplomats, outside observers, and documents, contend that the Covenant on Civil and Political Rights does not apply to foreign espionage.
  • ...6 more annotations...
  • n recent days, the United States circulated to its allies a confidential paper highlighting American objectives in the negotiations, "Right to Privacy in the Digital Age -- U.S. Redlines." It calls for changing the Brazilian and German text so "that references to privacy rights are referring explicitly to States' obligations under ICCPR and remove suggestion that such obligations apply extraterritorially." In other words: America wants to make sure it preserves the right to spy overseas. The U.S. paper also calls on governments to promote amendments that would weaken Brazil's and Germany's contention that some "highly intrusive" acts of online espionage may constitute a violation of freedom of expression. Instead, the United States wants to limit the focus to illegal surveillance -- which the American government claims it never, ever does. Collecting information on tens of millions of people around the world is perfectly acceptable, the Obama administration has repeatedly said. It's authorized by U.S. statute, overseen by Congress, and approved by American courts.
  • "Recall that the USG's [U.S. government's] collection activities that have been disclosed are lawful collections done in a manner protective of privacy rights," the paper states. "So a paragraph expressing concern about illegal surveillance is one with which we would agree." The privacy resolution, like most General Assembly decisions, is neither legally binding nor enforceable by any international court. But international lawyers say it is important because it creates the basis for an international consensus -- referred to as "soft law" -- that over time will make it harder and harder for the United States to argue that its mass collection of foreigners' data is lawful and in conformity with human rights norms. "They want to be able to say ‘we haven't broken the law, we're not breaking the law, and we won't break the law,'" said Dinah PoKempner, the general counsel for Human Rights Watch, who has been tracking the negotiations. The United States, she added, wants to be able to maintain that "we have the freedom to scoop up anything we want through the massive surveillance of foreigners because we have no legal obligations."
  • The United States negotiators have been pressing their case behind the scenes, raising concerns that the assertion of extraterritorial human rights could constrain America's effort to go after international terrorists. But Washington has remained relatively muted about their concerns in the U.N. negotiating sessions. According to one diplomat, "the United States has been very much in the backseat," leaving it to its allies, Australia, Britain, and Canada, to take the lead. There is no extraterritorial obligation on states "to comply with human rights," explained one diplomat who supports the U.S. position. "The obligation is on states to uphold the human rights of citizens within their territory and areas of their jurisdictions."
  • The position, according to Jamil Dakwar, the director of the American Civil Liberties Union's Human Rights Program, has little international backing. The International Court of Justice, the U.N. Human Rights Committee, and the European Court have all asserted that states do have an obligation to comply with human rights laws beyond their own borders, he noted. "Governments do have obligation beyond their territories," said Dakwar, particularly in situations, like the Guantanamo Bay detention center, where the United States exercises "effective control" over the lives of the detainees. Both PoKempner and Dakwar suggested that courts may also judge that the U.S. dominance of the Internet places special legal obligations on it to ensure the protection of users' human rights.
  • "It's clear that when the United States is conducting surveillance, these decisions and operations start in the United States, the servers are at NSA headquarters, and the capabilities are mainly in the United States," he said. "To argue that they have no human rights obligations overseas is dangerous because it sends a message that there is void in terms of human rights protection outside countries territory. It's going back to the idea that you can create a legal black hole where there is no applicable law." There were signs emerging on Wednesday that America may have been making ground in pressing the Brazilians and Germans to back on one of its toughest provisions. In an effort to address the concerns of the U.S. and its allies, Brazil and Germany agreed to soften the language suggesting that mass surveillance may constitute a violation of human rights. Instead, it simply deep "concern at the negative impact" that extraterritorial surveillance "may have on the exercise of and enjoyment of human rights." The U.S., however, has not yet indicated it would support the revised proposal.
  • The concession "is regrettable. But it’s not the end of the battle by any means," said Human Rights Watch’s PoKempner. She added that there will soon be another opportunity to corral America's spies: a U.N. discussion on possible human rights violations as a result of extraterritorial surveillance will soon be taken up by the U.N. High commissioner.
  • Paul Merrell on 22 Nov 13
     
    Woo-hoo! Go get'em, U.N.
Paul Merrell

White House OKd spying on allies, U.S. intelligence officials say - latimes.com - 0 views

www.latimes.com/...-20131029,0,4289803,full.story

surveillance state NSA Obama NSA-targets lies scandal

shared by Paul Merrell on 30 Oct 13 - No Cached
  • The White House and State Department signed off on surveillance targeting phone conversations of friendly foreign leaders, current and former U.S. intelligence officials said Monday, pushing back against assertions that President Obama and his aides were unaware of the high-level eavesdropping. Professional staff members at the National Security Agency and other U.S. intelligence agencies are angry, these officials say, believing the president has cast them adrift as he tries to distance himself from the disclosures by former NSA contractor Edward Snowden that have strained ties with close allies. The resistance emerged as the White House said it would curtail foreign intelligence collection in some cases and two senior U.S. senators called for investigations of the practice. France, Germany, Italy, Mexico and Sweden have all publicly complained about the NSA surveillance operations, which reportedly captured private cellphone conversations by German Chancellor Angela Merkel, among other foreign leaders.
  • On Monday, as Spain joined the protest, the fallout also spread to Capitol Hill.
  • Until now, members of Congress have chiefly focused their attention on Snowden's disclosures about the NSA's collection of U.S. telephone and email records under secret court orders. "With respect to NSA collection of intelligence on leaders of U.S. allies — including France, Spain, Mexico and Germany — let me state unequivocally: I am totally opposed," said Sen. Dianne Feinstein (D-Calif.), who chairs the Senate Intelligence Committee. "Unless the United States is engaged in hostilities against a country or there is an emergency need for this type of surveillance, I do not believe the United States should be collecting phone calls or emails of friendly presidents and prime ministers," she said in a statement. Feinstein said the Intelligence Committee had not been told of "certain surveillance activities" for more than a decade, and she said she would initiate a major review of the NSA operation. She added that the White House had informed her that "collection on our allies will not continue," although other officials said most U.S. surveillance overseas would not be affected. Sen. John McCain (R-Ariz.), ranking minority member of the Armed Services Committee, said Congress should consider creating a special select committee to examine U.S. eavesdropping on foreign leaders.
  • ...5 more annotations...
  • "Obviously, we're going to want to know exactly what the president knew and when he knew it," McCain told reporters in Chicago. "We have always eavesdropped on people around the world. But the advance of technology has given us enormous capabilities, and I think you might make an argument that some of this capability has been very offensive both to us and to our allies."
  • Precisely how the surveillance is conducted is unclear. But if a foreign leader is targeted for eavesdropping, the relevant U.S. ambassador and the National Security Council staffer at the White House who deals with the country are given regular reports, said two former senior intelligence officials, who spoke on condition of anonymity in discussing classified information. Obama may not have been specifically briefed on NSA operations targeting a foreign leader's cellphone or email communications, one of the officials said. "But certainly the National Security Council and senior people across the intelligence community knew exactly what was going on, and to suggest otherwise is ridiculous." If U.S. spying on key foreign leaders was news to the White House, current and former officials said, then White House officials have not been reading their briefing books. Some U.S. intelligence officials said they were being blamed by the White House for conducting surveillance that was authorized under the law and utilized at the White House. "People are furious," said a senior intelligence official who would not be identified discussing classified information. "This is officially the White House cutting off the intelligence community."
  • Any decision to spy on friendly foreign leaders is made with input from the State Department, which considers the political risk, the official said. Any useful intelligence is then given to the president's counter-terrorism advisor, Lisa Monaco, among other White House officials. Jay Carney, the White House press secretary, said Monday that Obama had ordered a review of surveillance capabilities, including those affecting America's closest foreign partners and allies. "Our review is looking across the board at our intelligence gathering to ensure that as we gather intelligence, we are properly accounting for both the security of our citizens and our allies and the privacy concerns shared by Americans and citizens around the world," Carney said.
  • Caitlin Hayden, spokeswoman for the National Security Council, said the review would examine "whether we have the appropriate posture when it comes to heads of state, how we coordinate with our closest allies and partners, and what further guiding principles or constraints might be appropriate for our efforts." She said the review should be completed this year.
  • Intelligence officials also disputed a Wall Street Journal article Monday that said the White House had learned only this summer — during a review of surveillance operations that might be exposed by Snowden — about an NSA program to monitor communications of 35 world leaders. Since then, officials said, several of the eavesdropping operations have been stopped because of political sensitivities.
  • Paul Merrell on 30 Oct 13
     
    Good. The Intelligence community is calling BS on Obama's claim that he didn't know about the spying on foreign heads of allied states. And McCain says we need a select Congressional committee to look into what the president knew and when he knew it. That's an implicit slam of the Feinstein-led Senate Select Committee on Intelligence's oversight of the intelligence agencies and a signal that there is a scandal lurking here. More importantly, a new select committee would not have the same membership as the existing Intelligence Community, which has largely functioned as a rubber stamp for what the intelligence agencies want. We have been down this road before, in the mid-70s, when the Defense Dept. intelligence agencies were caught spying on Americans, leading to the Select Committee investigation headed by former Sen. Frank Church and to the initial passage of the Foreign Intelligence Surveillance Act, among other legislation delivering a strong message to the intelligence agencies that what happens within the U.S. is off-limits to them. But that was a lesson forgotten as new technology came along for NSA to play with. If Obama is smart, he will promptly respond to the LA Times article with a clarification that top members of his staff knew and the previous statement dealt only with his personal knowledge. But the Obama Administration has overwhelmingly demonstrated an inability to head off scandals and a big tendency to cover-up rather than get out in front of story, particularly in matters involving the NSA. So we may see a major scandal emerge from this already enormous scandal that is laid directly at Barack Obama's feet, a cover-up scandal.   Who knew what when, where, why, and how? My favorite question. 
Paul Merrell

Why Today's Landmark Court Victory Against Mass Surveillance Matters | American Civil L... - 0 views

www.aclu.org/...inst-mass-surveillance-matters

surveillance state NSA litigation Patriot-Act ACLU 2nd-Circuit

shared by Paul Merrell on 08 May 15 - No Cached
  • In a landmark victory for privacy, a federal appeals court ruled unanimously today that the mass phone-records program exposed two years ago by NSA whistleblower Edward Snowden is illegal because it goes far beyond what Congress ever intended to permit when it passed Section 215 of the Patriot Act. The ruling in ACLU v. Clapper is enormously significant, and not only because the program in question — the first to be revealed by Edward Snowden — is at the heart of a legislative reform effort playing out right now, or because it sparked the most significant debate about government surveillance in decades. The decision could also affect many other laws the government has stretched to the breaking point in order to justify dragnet collection of Americans’ sensitive information. Under the program, revealed in the Guardian on June 5, 2013, telecommunications companies hand over to the NSA, on a daily basis, records relating to the calls of all of their customers. Those records include information about who called whom, when, and for how long. The ACLU sued the NSA over the program just days after it was revealed, and we took the case to the Second Circuit Court of Appeals after it was dismissed by a district court.
  • A few points on what makes the decision so important. 1. It recognizes that Section 215 of the Patriot Act does not authorize the government to collect information on such a massive scale.
  • 2. The decision’s significance extends far beyond the phone records program alone. It implicates other mass spying programs that we have learned about in the past two years and — almost certainly ­— others that the government continues to conceal from the public. For example, we know that the Drug Enforcement Administration, for decades, employed a similar definition of “relevance” to amass logs of every call made from the United States to as many as 116 different countries. The same theory was also used to justify the collection of email metadata. Both those programs have been discontinued, but the legal reasoning hasn’t, and it could very well be the basis for programs the government has never acknowledged to the public, including the CIA’s bulk collection of Americans’ financial records.
  • ...3 more annotations...
  • 4. The importance of adversarial review. The court recognized that public, adversarial litigation concerning the lawfulness of this spying program was vitally important to its decision — and it drew a direct contrast to the secret, one-sided proceedings that occur in the Foreign Intelligence Surveillance Court.
  • 3. Metadata is incredibly sensitive and revealing. The government has long argued that the phone records program doesn’t reveal the contents of calls, and as such, it is not an invasion of privacy. But metadata, especially in aggregate, can be just as revealing as content, painting a detailed picture of a person’s life. 
  • 5. The congressional reforms under consideration just don’t cut it. Ahead of Section 215’s sunset on June 1, Sen. Majority Leader Mitch McConnell (R-Ky.) is trying to push through a straight reauthorization of the provision, extending its life by another five years. After today’s decision came down, he took to the floor to defend the program — a position altogether at odds with the appeals court decision, with the conclusions of multiple executive-branch review groups who found the program hasn’t been effective in stopping terrorism, and with the clear consensus that supports far-reaching surveillance reform. Another bill in play (which the ACLU neither supports nor opposes), the USA Freedom Act of 2015, doesn’t go nearly far enough, most notably in ensuring that the government cannot engage in broad collection of innocent Americans’ private information.
Paul Merrell

Information Awareness Office - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Information_Awareness_Office

surveillance state NSA DARPA Poindexter lies

shared by Paul Merrell on 23 Jun 13 - No Cached
  • The Information Awareness Office (IAO) was established by the Defense Advanced Research Projects Agency (DARPA) in January 2002 to bring together several DARPA projects focused on applying surveillance and information technology to track and monitor terrorists and other asymmetric threats to U.S. national security, by achieving Total Information Awareness (TIA). This would be achieved by creating enormous computer databases to gather and store the personal information of everyone in the United States, including personal e-mails, social networks, credit card records, phone calls, medical records, and numerous other sources, without any requirement for a search warrant.[1] This information would then be analyzed to look for suspicious activities, connections between individuals, and "threats".[2] Additionally, the program included funding for biometric surveillance technologies that could identify and track individuals using surveillance cameras, and other methods.[2] Following public criticism that the development and deployment of this technology could potentially lead to a mass surveillance system, the IAO was defunded by Congress in 2003. However, several IAO projects continued to be funded, and merely run under different names.[3][4][5][6]
  • Among the other IAO programs that were intended to provide TIA with component data aggregation and automated analysis technologies were the Genisys, Genisys Privacy Protection, Evidence Extraction and Link Discovery, and Scalable Social Network Analysis programs. On August 2, 2002, Dr. Poindexter gave a speech at DARPAtech 2002 entitled "Overview of the Information Awareness Office"[7] in which he described the TIA program. In addition to the program itself, the involvement of Poindexter as director of the IAO also raised concerns among some, since he had been earlier convicted of lying to Congress and altering and destroying documents pertaining to the Iran-Contra Affair, although those convictions were later overturned on the grounds that the testimony used against him was protected.
  • The IAO was established after Admiral John Poindexter, former United States National Security Advisor to President Ronald Reagan, and SAIC executive Brian Hicks approached the US Department of Defense with the idea for an information awareness program after the attacks of September 11, 2001.[5] Poindexter and Hicks had previously worked together on intelligence-technology programs for the Defense Advanced Research Projects Agency. DARPA agreed to host the program and appointed Poindexter to run it in 2002. The IAO began funding research and development of the Total Information Awareness (TIA) Program in February 2003 but renamed the program the Terrorism Information Awareness Program in May that year after an adverse media reaction to the program's implications for public surveillance. Although TIA was only one of several IAO projects, many critics and news reports conflated TIA with other related research projects of the IAO, with the result that TIA came in popular usage to stand for an entire subset of IAO programs. The TIA program itself was the "systems-level" program of the IAO that intended to integrate information technologies into a prototype system to provide tools to better detect, classify, and identify potential foreign terrorists with the goal to increase the probability that authorized agencies of the United States could preempt adverse actions. As a systems-level program of programs, TIA's goal was the creation of a "counterterrorism information architecture" that integrated technologies from other IAO programs (and elsewhere, as appropriate). The TIA program was researching, developing, and integrating technologies to virtually aggregate data, to follow subject-oriented link analysis, to develop descriptive and predictive models through data mining or human hypothesis, and to apply such models to additional datasets to identify terrorists and terrorist groups.
  • ...1 more annotation...
  • On January 16, 2003, Senator Russ Feingold introduced legislation to suspend the activity of the IAO and the Total Information Awareness program pending a Congressional review of privacy issues involved.[8] A similar measure introduced by Senator Ron Wyden would have prohibited the IAO from operating within the United States unless specifically authorized to do so by Congress, and would have shut the IAO down entirely 60 days after passage unless either the Pentagon prepared a report to Congress assessing the impact of IAO activities on individual privacy and civil liberties or the President certified the program's research as vital to national security interests. In February 2003, Congress passed legislation suspending activities of the IAO pending a Congressional report of the office's activities (Consolidated Appropriations Resolution, 2003, No.108–7, Division M, §111(b) [signed Feb. 20, 2003]). In response to this legislation, DARPA provided Congress on May 20, 2003 with a report on its activities.[9] In this report, IAO changed the name of the program to the Terrorism Information Awareness Program and emphasized that the program was not designed to compile dossiers on US citizens, but rather to research and develop the tools that would allow authorized agencies to gather information on terrorist networks. Despite the name change and these assurances, the critics continued to see the system as prone to potential misuse or abuse. As a result House and Senate negotiators moved to prohibit further funding for the TIA program by adding provisions to the Department of Defense Appropriations Act, 2004[10] (signed into law by President Bush on October 1, 2003). Further, the Joint Explanatory Statement included in the conference committee report specifically directed that the IAO as program manager for TIA be terminated immediately.[11]
  • Paul Merrell on 23 Jun 13
     
    What became today's NSA programs of public concern were the brain child of Admiral John Poindexter and a private sector compadre. U.S. v. Poindexter, 951 F.2d 369, 390 (D.C. Cir. 1991). Poindexter had previously been convicted on five criminal counts involving lying to Congress and destruction and alteration of evidence.  His convictions were overturned on appeal on grounds that some of the testimony against him had been immunized from use in prosecution by Congress. There was no claim on appeal that any such evidence had been false.  86 U.S. v. Poindexter, 951 F.2d 369, 390 (D.C. Cir. 1991), . For far more detail of the evidence against Poindexter, see the August 4, 1993 final report by independent prosecutor Lawrence Walsh, Vol 1, Part 4 section 3, .  So one might say that today's controversial NSA activities were the idea of and conceived by a government official more than willing to lie to Congress and  to destroy and alter evidence. 
Paul Merrell

Bureau files ECHR case challenging UK government over surveillance of journalists' comm... - 0 views

www.thebureauinvestigates.com/...-of-journalists-communications

surveillance state GCHQ journalists ECHR litigation

shared by Paul Merrell on 30 Mar 15 - No Cached
  • The Bureau of Investigative Journalism is asking a European court to rule on whether UK legislation properly protects journalists’ sources and communications from government scrutiny and mass surveillance. The Bureau’s application was filed with the European Court of Human Rights on Friday. If the court rules in favour of the application it will force the UK government to review regulation around the mass collection of communications data. The action follows concerns about the implications to journalists of some of the revelations that have come out of material leaked by Edward Snowden. These have made it clear that by using mass surveillance techniques and programs such as Tempora government agencies can not only collect, store and scrutinise the content of electronic communications but also analyse masses of metadata – the details about where digital communications such as emails originate and the subject area of those communications. Gavin Millar QC, who is working on the case with the Bureau, believes UK authorities are routinely carrying out such data collection and analysis and says this enables a sophisticated picture to be developed of a journalist’s or organisation’s network of contacts, sources and lines of enquiry as well as materials, subjects and persons of interest to them.
  • The Bureau’s Christopher Hird says: “We understand why the government feels the need to have the power of interception. “But our concern is that the existing regulatory regime to control the interception of communications data – such as phone calls and emails – by organisations such as GCHQ does not provide sufficient safeguards to ensure the protection of journalists’ sources, and as a result is a restriction on the operation of a free press.” The collection of data by authorities is governed in the UK by the Regulation of Investigatory Powers Act, known as RIPA. This is primarily focused on internal communications. Many of the investigations undertaken by Bureau journalists involve foreign sources and stories, which are more vulnerable to interception as RIPA does not provide the same safeguards as it does for internal communications. The Bureau is working with lawyers from Doughty Street chambers and law firm Leigh Day, who have advised that there is little protection or rigorous scrutiny provided by current UK legislation for these “external” communications.
  • Paul Merrell on 30 Mar 15
     
    Note that this case was filed with the ECHR in September 2014.  Quote from a prior decision of the ECHR involving Dutch journalists and government surveillance that will give UK government a steep hill to climb in persuading the ECHR to give GCHQ a pass:  "…where, as here, a power of the executive is exercised in secret, the risks of arbitrariness are evident. Since the implementation in practice of measures of secret surveillance is not open to scrutiny by the individuals concerned or the public at large, it would be contrary to the rule of law for the legal discretion granted to the executive to be expressed in terms of an unfettered power. Consequently, the law must indicate the scope of any such discretion conferred on the competent authorities and the manner of its exercise with sufficient clarity, having regard to the legitimate aim of the measure in question, to give the individual adequate protection against arbitrary interference."
Paul Merrell

Baltimore Police Have Been Secretly Spying On Entire City From The Air - 0 views

www.mintpressnews.com/...219806

surveillance state eye-in-the-sky Baltimore

shared by Paul Merrell on 26 Aug 16 - No Cached
  • Baltimore Police didn’t bother to inform the public (or anyone, for that matter) when they implemented a privately-funded mass surveillance program in January using a wide-angle camera-equipped plane flying above the city — which instantly uploaded and stored everything it recorded, just in case they needed it later. As Bloomberg’s Monte Reel reports, a small Cessna plane equipped with “a sophisticated array of cameras” capable of capturing “an area of roughly 30 square miles,” funded by an a private donor and provided by Dayton, Ohio-based Persistent Surveillance Systems, sometimes circled above the city for up to 10 hours per day recording and storing everything without anyone being privy to its presence. Since January, Reel noted, the Baltimore Police Department has been using this covert Big Brother’s eye-in-the-sky “to investigate all sorts of crimes, from property thefts to shootings.” Gone, apparently, are the days when the government’s surveillance state drew ire for attempting to ferret out potential terrorists — residents of Baltimore have been guinea pigs for an altogether more insidious spy dragnet. Persistent Surveillance Systems’ technology automatically stores all the footage on massive hard drives, making it available to law enforcement long afterward — but the idea police could access this information to solve a simple property crime is no less than alarming.
  • Particularly considering the company’s founder has an intense military background. Ross McNutt, Bloomberg reports, “is an Air Force Academy graduate, physicist, and MIT-trained astronautical engineer who in 2004 founded the Air Force’s Center for Rapid Product Development. The Pentagon asked him if he could develop something to figure out who was planting the roadside bombs that were killing and maiming American soldiers in Iraq. In 2006 he gave the military Angel Fire, a wide-area, live-feed surveillance system that could cast an unblinking eye on an entire city.” Though the technology had imperfections — even determining the gender of a person on the ground was impossible — its TiVo-like capabilities more than made up for any shortcomings. A person of interest could be followed by rewinding footage after, say, an IED exploded roadside, to track their movements — even if the cameras weren’t focused directly on the explosion at the moment it occurred. If the cameras were in the air at the time, anything that happened was fully trackable both back and forward in time. McNutt’s pitch for his technology concisely summarized, “Imagine Google Earth with TiVo capability.” Angel Fire truly evolved at the Los Alamos National Laboratory in New Mexico after 2007, when upgrades allowed for “all-weather and nighttime capabilities and then was used as the basis for another system, called Blue Devil, which coupled wide-area cameras with narrow-focus zoom lenses in the same package.”
  • Over time, after McNutt retired from the military, he worked to further improve the camera array and attended security conferences in hopes of garnering clients. After a brief but effective test run over the skies of Ciudad Juárez, Los Angeles became the first U.S. city to employ Persistent Surveillance’ system — and just as covertly as what has been taking place in Baltimore for the last eight months.
  • ...1 more annotation...
  • McNutt believes in the legitimacy of the services Persistent Surveillance can provide, and insists the technology isn’t as invasive as it might sound since individual identifying details, among other aspects, aren’t discernible, and because the every keystroke and action taken by analysts — like video footage — are logged and archived.
  • Paul Merrell on 26 Aug 16
     
    Just imagine what it will be like when the bugs in the focal system are gone, which undoubtedly is a goal. Couple it with facial recognition and what do we have?
Paul Merrell

Britain has passed the 'most extreme surveillance law ever passed in a democracy' | ZDNet - 0 views

www.zdnet.com/...-new-spying-powers-becomes-law

surveillance state GCHQ UK snoopers'-charter legislation

shared by Paul Merrell on 20 Nov 16 - No Cached
  • It's 2016 going on 1984. The UK has just passed a massive expansion in surveillance powers, which critics have called "terrifying" and "dangerous".
  • The new law, dubbed the "snoopers' charter", was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government. Four years and a general election later -- May is now prime minister -- the bill was finalized and passed on Wednesday by both parliamentary houses. But civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government "document everything we do online". It's no wonder, because it basically does. The law will force internet providers to record every internet customer's top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand -- though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch.
  • Not only that, the law also gives the intelligence agencies the power to hack into computers and devices of citizens (known as equipment interference), although some protected professions -- such as journalists and medical staff -- are layered with marginally better protections. In other words, it's the "most extreme surveillance law ever passed in a democracy," according to Jim Killock, director of the Open Rights Group. The bill was opposed by representatives of the United Nations, all major UK and many leading global privacy and rights groups, and a host of Silicon Valley tech companies alike. Even the parliamentary committee tasked with scrutinizing the bill called some of its provisions "vague".
  • ...1 more annotation...
  • And that doesn't even account for the three-quarters of people who think privacy, which this law almost entirely erodes, is a human right. There are some safeguards, however, such as a "double lock" system so that the secretary of state and an independent judicial commissioner must agree on a decision to carry out search warrants (though one member of the House of Lords disputed that claim). A new investigatory powers commissioner will also oversee the use of the powers. Despite the uproar, the government's opposition failed to scrutinize any significant amendments and abstained from the final vote. Killock said recently that the opposition Labour party spent its time "simply failing to hold the government to account". But the government has downplayed much of the controversy surrounding the bill. The government has consistently argued that the bill isn't drastically new, but instead reworks the old and outdated Regulation of Investigatory Powers Act (RIPA). This was brought into law in 2000, to "legitimize" new powers that were conducted or ruled on in secret, like collecting data in bulk and hacking into networks, which was revealed during the Edward Snowden affair. Much of those activities were only possible thanks to litigation by one advocacy group, Privacy International, which helped push these secret practices into the public domain while forcing the government to scramble to explain why these practices were legal. The law will be ratified by royal assent in the coming weeks.
Paul Merrell

How the NSA Plans to Infect 'Millions' of Computers with Malware - The Intercept - 0 views

firstlook.org/...ect-millions-computers-malware

surveillance state NSA GCHQ NSA-methods malware

shared by Paul Merrell on 13 Mar 14 - No Cached
  • Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.
  • The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands. To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices. In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations. But the NSA recognized that managing a massive network of implants is too big a job for humans alone.
  • “One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).” The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”
  • ...10 more annotations...
  • TURBINE was designed to make deploying malware much easier for the NSA’s hackers by reducing their role in overseeing its functions. The system would “relieve the user from needing to know/care about the details,” the NSA’s Technology Directorate notes in one secret document from 2009. “For example, a user should be able to ask for ‘all details about application X’ and not need to know how and where the application keeps files, registry entries, user application data, etc.” In practice, this meant that TURBINE would automate crucial processes that previously had to be performed manually – including the configuration of the implants as well as surveillance collection, or “tasking,” of data from infected systems. But automating these processes was about much more than a simple technicality. The move represented a major tactical shift within the NSA that was expected to have a profound impact – allowing the agency to push forward into a new frontier of surveillance operations. The ramifications are starkly illustrated in one undated top-secret NSA document, which describes how the agency planned for TURBINE to “increase the current capability to deploy and manage hundreds of Computer Network Exploitation (CNE) and Computer Network Attack (CNA) implants to potentially millions of implants.” (CNE mines intelligence from computers and networks; CNA seeks to disrupt, damage or destroy them.)
  • But not all of the NSA’s implants are used to gather intelligence, the secret files show. Sometimes, the agency’s aim is disruption rather than surveillance. QUANTUMSKY, a piece of NSA malware developed in 2004, is used to block targets from accessing certain websites. QUANTUMCOPPER, first tested in 2008, corrupts a target’s file downloads. These two “attack” techniques are revealed on a classified list that features nine NSA hacking tools, six of which are used for intelligence gathering. Just one is used for “defensive” purposes – to protect U.S. government networks against intrusions.
  • The NSA has a diverse arsenal of malware tools, each highly sophisticated and customizable for different purposes. One implant, codenamed UNITEDRAKE, can be used with a variety of “plug-ins” that enable the agency to gain total control of an infected computer. An implant plug-in named CAPTIVATEDAUDIENCE, for example, is used to take over a targeted computer’s microphone and record conversations taking place near the device. Another, GUMFISH, can covertly take over a computer’s webcam and snap photographs. FOGGYBOTTOM records logs of Internet browsing histories and collects login details and passwords used to access websites and email accounts. GROK is used to log keystrokes. And SALVAGERABBIT exfiltrates data from removable flash drives that connect to an infected computer. The implants can enable the NSA to circumvent privacy-enhancing encryption tools that are used to browse the Internet anonymously or scramble the contents of emails as they are being sent across networks. That’s because the NSA’s malware gives the agency unfettered access to a target’s computer before the user protects their communications with encryption. It is unclear how many of the implants are being deployed on an annual basis or which variants of them are currently active in computer systems across the world.
  • Eventually, the secret files indicate, the NSA’s plans for TURBINE came to fruition. The system has been operational in some capacity since at least July 2010, and its role has become increasingly central to NSA hacking operations. Earlier reports based on the Snowden files indicate that the NSA has already deployed between 85,000 and 100,000 of its implants against computers and networks across the world, with plans to keep on scaling up those numbers. The intelligence community’s top-secret “Black Budget” for 2013, obtained by Snowden, lists TURBINE as part of a broader NSA surveillance initiative named “Owning the Net.” The agency sought $67.6 million in taxpayer funding for its Owning the Net program last year. Some of the money was earmarked for TURBINE, expanding the system to encompass “a wider variety” of networks and “enabling greater automation of computer network exploitation.”
  • Infiltrating cellphone networks, however, is not all that the malware can be used to accomplish. The NSA has specifically tailored some of its implants to infect large-scale network routers used by Internet service providers in foreign countries. By compromising routers – the devices that connect computer networks and transport data packets across the Internet – the agency can gain covert access to monitor Internet traffic, record the browsing sessions of users, and intercept communications. Two implants the NSA injects into network routers, HAMMERCHANT and HAMMERSTEIN, help the agency to intercept and perform “exploitation attacks” against data that is sent through a Virtual Private Network, a tool that uses encrypted “tunnels” to enhance the security and privacy of an Internet session.
  • Before it can extract data from an implant or use it to attack a system, the NSA must first install the malware on a targeted computer or network. According to one top-secret document from 2012, the agency can deploy malware by sending out spam emails that trick targets into clicking a malicious link. Once activated, a “back-door implant” infects their computers within eight seconds. There’s only one problem with this tactic, codenamed WILLOWVIXEN: According to the documents, the spam method has become less successful in recent years, as Internet users have become wary of unsolicited emails and less likely to click on anything that looks suspicious. Consequently, the NSA has turned to new and more advanced hacking techniques. These include performing so-called “man-in-the-middle” and “man-on-the-side” attacks, which covertly force a user’s internet browser to route to NSA computer servers that try to infect them with an implant.
  • To perform a man-on-the-side attack, the NSA observes a target’s Internet traffic using its global network of covert “accesses” to data as it flows over fiber optic cables or satellites. When the target visits a website that the NSA is able to exploit, the agency’s surveillance sensors alert the TURBINE system, which then “shoots” data packets at the targeted computer’s IP address within a fraction of a second. In one man-on-the-side technique, codenamed QUANTUMHAND, the agency disguises itself as a fake Facebook server. When a target attempts to log in to the social media site, the NSA transmits malicious data packets that trick the target’s computer into thinking they are being sent from the real Facebook. By concealing its malware within what looks like an ordinary Facebook page, the NSA is able to hack into the targeted computer and covertly siphon out data from its hard drive. A top-secret animation demonstrates the tactic in action.
  • The TURBINE implants system does not operate in isolation. It is linked to, and relies upon, a large network of clandestine surveillance “sensors” that the agency has installed at locations across the world.
  • The NSA’s headquarters in Maryland are part of this network, as are eavesdropping bases used by the agency in Misawa, Japan and Menwith Hill, England. The sensors, codenamed TURMOIL, operate as a sort of high-tech surveillance dragnet, monitoring packets of data as they are sent across the Internet. When TURBINE implants exfiltrate data from infected computer systems, the TURMOIL sensors automatically identify the data and return it to the NSA for analysis. And when targets are communicating, the TURMOIL system can be used to send alerts or “tips” to TURBINE, enabling the initiation of a malware attack. The NSA identifies surveillance targets based on a series of data “selectors” as they flow across Internet cables. These selectors, according to internal documents, can include email addresses, IP addresses, or the unique “cookies” containing a username or other identifying information that are sent to a user’s computer by websites such as Google, Facebook, Hotmail, Yahoo, and Twitter. Other selectors the NSA uses can be gleaned from unique Google advertising cookies that track browsing habits, unique encryption key fingerprints that can be traced to a specific user, and computer IDs that are sent across the Internet when a Windows computer crashes or updates.
  • Documents published with this article: Menwith Hill Station Leverages XKeyscore for Quantum Against Yahoo and Hotmail Five Eyes Hacking Large Routers NSA Technology Directorate Analysis of Converged Data Selector Types There Is More Than One Way to Quantum NSA Phishing Tactics and Man in the Middle Attacks Quantum Insert Diagrams The NSA and GCHQ’s QUANTUMTHEORY Hacking Tactics TURBINE and TURMOIL VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN Industrial-Scale Exploitation Thousands of Implants
  • Paul Merrell on 13 Mar 14
     
    *Very* long article. Only small portions quoted.
Paul Merrell

NSA surveillance reform bill passes House by 303 votes to 121 | World news | theguardia... - 0 views

www.theguardian.com/...l-usa-freedom-act-passes-house

surveillance state NSA legislation NSA-reform

shared by Paul Merrell on 23 May 14 - No Cached
  • The first legislation aimed specifically at curbing US surveillance abuses revealed by Edward Snowden passed the House of Representatives on Thursday, with a majority of both Republicans and Democrats.But last-minute efforts by intelligence community loyalists to weaken key language in the USA Freedom Act led to a larger-than-expected rebellion by members of Congress, with the measure passing by 303 votes to 121.The bill's authors concede it was watered down significantly in recent days, but insist it will still outlaw the practice of bulk collection of US telephone metadata by the NSA first revealed by Snowden.Some members of Congress were worried that the bill will fail to prevent the National Security Agency from continuing to collect large amounts of data on ordinary US citizens.
  • “Perfect is rarely possible in politics, and this bill is no exception,” said Republican Jim Sensenbrenner, who has led efforts on the House judiciary committee to rein in the NSA.“In order to preserve core operations of the intelligence and law enforcement agencies, the administration insisted on broadening certain authorities and lessening certain restrictions. Some of the changes raise justifiable concerns. I don’t blame people for losing trust in their government, because the government violated their trust.”
  • But the revised language lost the support of several influential members of the judiciary committee who had previously voted for it, including Republicans Darrell Issa, Ted Poe and Raul Labrador and Democrat Zoe Lofgren.Issa also chairs the House oversight committee. Adam Smith, the most senior Democrat on the armed services committee, also voted against the bill.“Regrettably, we have learned that the intelligence community will run a truck through ambiguity,” said Lofgren during an hour and 15 minutes of debate which preceded the vote. No amendments were allowed.
  • ...4 more annotations...
  • After the vote, Mark Jaycox, a legislative analyst at the Electronic Frontier Foundation, said: “The bill is littered with loopholes. The problem right now, especially after multiple revisions, is that it doesn't effectively end mass surveillance.”In a statement, Zeke Johnson, the director of Amnesty International USA's security and human rights program, said the House had “failed to deliver serious surveillance reform”.
  • The size of the rebellion and the seniority of the rebels may support efforts to tighten language in the legislation as it makes its way to the Senate.Senator Patrick Leahy, the chair of the Senate judiciary committee and the lead Democratic author of the Freedom Act, said that the actions of the house in passing it was an “important step towards reforming our nation's surveillance authorities”which “few could have predicted less than a year ago.”However, in a statement issued on Thursday, Leahy expressed disappointment that the bill, which he had introduced jointly with Sensenbrenner in October, had been diluted.
  • Senator Ron Wyden, the Oregon Democrat who has waged an often lonely campaign against NSA surveillance, said he opposed the House bill in the form that passed on Thursday. "I am gravely concerned that the changes that have been made to the House version of this bill have watered it down so far that it fails to protect Americans from suspicionless mass surveillance," he said.He said the Senate version of the bill remained strong, and that he hoped that its provisions could be preserved.
  • The bill was the first vote on a NSA related matter in either the House or Senate since last July, when Republican congressman Justin Amash failed by 205-217 votes to pass an amendment to an appropriations bill that would have stripped funding for bulk surveillance.The revised USA Freedom Act was supported by the White House. Obama had urged for a solution to ending bulk collection of telephone metadata in ways that would not unduly constrain the NSA.
  • Paul Merrell on 23 May 14
     
    On to the Senate. No meaningful reform from the House. That the measure passed was supported by Obama tells the story of its effectiveness. It will "constrain the NSA."
Paul Merrell

Mass Surveillance and the Right to Privacy: Adding Nuance to the Schrems Case | Just Se... - 0 views

www.justsecurity.org/...t-max-schrems-case-safe-harbor

surveillance state EU ECJ Schrems litigation data privacy

shared by Paul Merrell on 18 Oct 15 - No Cached
  • Last week’s post by Megan Graham is certainly a welcome contribution in explaining the implications of the Max Schrems case by the European Union Court of Justice, and specifically how it relates to the Safe Harbor arrangement between the US and the EU. Let me add a different perspective: Irrespective of its consequences for Safe Harbor, last week’s ruling is hugely important on a more general level, namely for the understanding of what the right to privacy entails in Europe and what this means for mass surveillance. Through its ruling in Max Schrems the EU’s highest court has established that: Mere access by public authorities to confidential or group-specific communications data constitutes an intrusion into the right to privacy, even without any further processing of that data; and While indiscriminate intrusion into “metadata” may constitute a particularly serious intrusion into the right to privacy, access to “content” data will affect the essence of the right to privacy.
  • These findings were made under Article 7 of the EU Charter of Fundamental Rights, a broad provision on the right to respect for one’s private life. This provision of the EU Charter, which is a part of the foundational treaty framework of the European Union, is almost identical to Article 8 of the European Convention on Human Rights, a treaty legally binding for broader Europe and routinely a part of domestic legal orders. It remains to be seen whether the guardian of the latter framework, the European Court of Human Rights, will also be courageous enough to determine that indiscriminate mass surveillance that provides access to “content” data breaches the essential core of the right to privacy. The highest EU court already took that bold step. One of the most important implications of identifying government access to content as breaching the essence of the right to privacy, is that it negates the need for a proportionality assessment. Measures that compromise the essence of privacy have already crossed a red line, and there is no need for any further “balancing” between privacy and security. Therefore, the Max Schrems ruling is a huge blow to many of the current methods of electronic mass surveillance, including those practiced by the US and several European countries (including the United Kingdom).
  • Several additional points from my earlier post in Verfassungsblog about this case are also worth noting. First, the EU court did not really dwell on the separate Article 8 provision of the EU Charter on Fundamental Rights, concerning the right to the protection of personal data. This was perhaps because that provision is triggered by the “processing” of data, while the general privacy (Article 7) impact comes into play through mere “access.” Another point is that while it was easy to establish the jurisdiction of the EU court over data transfers from Europe to Facebook’s servers in the US, it may be much harder to bring a case before that court concerning “upstream” methods of mass surveillance, such as the NSA’s tapping of transatlantic fiber optic telecommunications cables. Perhaps most importantly, the substantive ruling in the Schrems case is formulated in a way that it would apply to any method of mass surveillance that gives public authorities access to the content of ordinary people’s private communications, including communications intended for a group of people but not for the authorities. Hence, the ruling is a major contribution as to what the right to privacy substantively means in Europe.
Paul Merrell

NSA grapples with huge increase in records requests - 0 views

www.usatoday.com/...3519889

surveillance state NSA litigation constitutional law

shared by Paul Merrell on 19 Nov 13 - No Cached
  • Fueled by the Edward Snowden scandal, more Americans than ever are asking the National Security Agency if their personal life is being spied on.And the NSA has a very direct answer for them: Tough luck, we're not telling you.Americans are inundating the NSA with open-records requests, leading to an 888% increase in such inquiries in the past fiscal year. Anyone asking is getting a standard pre-written letter saying the NSA can neither confirm nor deny that any information has been gathered."This was the largest spike we've ever had," said Pamela Phillips, the chief of the NSA Freedom of Information Act and Privacy Act Office, which handles all records requests to the agency. "We've had requests from individuals who want any records we have on their phone calls, their phone numbers, their e-mail addresses, their IP addresses, anything like that."
  • News reports of the NSA's surveillance program motivates most inquirers, she said.During the first quarter of the NSA's last fiscal year, which went from October to December 2012, it received 257 open-records requests. The next quarter, it received 241. However, on June 6, at the end of NSA's third fiscal quarter, news of Snowden's leaks hit the press, and the agency got 1,302 requests.In the next three months, the NSA received 2,538 requests. The spike has continued into the fall months and has overwhelmed her staff, Phillips said
  • The first court challenge to the federal government's mass surveillance of Americans' phone and Internet records opened Monday with two potential strikes against it, but the judge predicted it could go all the way to the Supreme Court.Federal District Court Judge Richard Leon expressed concern that conservative activist Larry Klayman and others lacked standing to bring the case and that his court lacked jurisdiction -- factors that could further insulate the spy programs from public oversight."To me, this is the overarching question," Leon said, referring to "this court's authority or lack thereof to inject itself into this situation."
  • ...3 more annotations...
  • The two programs, made public earlier this year by Edward Snowden, a former National Security Agency contractor now living in Russia, are reviewed by a top-secret court under the Foreign Intelligence Surveillance Act. But challengers from the political right and left are trying to have that court's periodic approvals circumvented.From the right on Monday came Klayman, a former Reagan administration lawyer who leads the advocacy group Freedom Watch. In an hour-long hearing, he called Leon "the last guard ... the last sentry to the tyranny in this country."But Justice Department lawyer James Gilligan said Klayman lacked standing to bring the case because he cannot prove the NSA examined his phone or Internet records. Gilligan also said Leon cannot review the statutory authority granted by Congress under FISA -- only the secret courts and the Supreme Court have that power.
  • Coincidentally, the Supreme Court on Monday turned down a chance to review the NSA's harvesting of Verizon phone records in a case brought by the watchdog group Electronic Privacy Information Center. The justices offered no reason for their decision.The law "makes it very difficult to challenge these determinations,' said Marc Rotenberg, president of the privacy group.Another challenge, brought by the American Civil Liberties Union, will be heard by U.S. District Court Judge William Pauley in Manhattan on Friday. Those two cases are likely to be appealed "upstairs," Leon said -- to appeals courts and possibly the Supreme Court.Both Klayman and the ACLU are seeking preliminary injunctions that would put a halt to the NSA surveillance. Both have targeted a program that sweeps up domestic telephone records, even though the targets are foreign terrorists. Klayman also is challenging a separate program that goes after cellphone and computer data from major wireless companies and Internet service providers.
  • Amnesty International and a coalition of lawyers, journalists and others brought the last Supreme Court challenge to government surveillance programs in 2012. But in February, the justices ruled 5-4 that the challengers lacked standing because they could not prove they had been wiretapped.Even if judges rule against Klayman and the ACLU, the controversial programs may get a full court test because the Justice Department has begun notifying criminal defendants whose arrests were based on warrantless surveillance. That makes the prospect of a future Supreme Court case more likely.
Paul Merrell

NSA phone surveillance program likely unconstitutional, federal judge rules | World new... - 0 views

www.theguardian.com/...-likely-unconstitutional-judge

surveillance state NSA call-metadata litigation 4th Amendment constitutional law NSA-blowback

shared by Paul Merrell on 17 Dec 13 - No Cached
  • A federal judge in Washington ruled on Monday that the bulk collection of Americans’ telephone records by the National Security Agency is likely to violate the US constitution, in the most significant legal setback for the agency since the publication of the first surveillance disclosures by the whistleblower Edward Snowden. Judge Richard Leon declared that the mass collection of metadata probably violates the fourth amendment, which prohibits unreasonable searches and seizures, and was "almost Orwellian" in its scope. In a judgment replete with literary swipes against the NSA, he said James Madison, the architect of the US constitution, would be "aghast" at the scope of the agency’s collection of Americans' communications data. The ruling, by the US district court for the District of Columbia, is a blow to the Obama administration, and sets up a legal battle that will drag on for months, almost certainly destined to end up in the supreme court. It was welcomed by campaigners pressing to rein in the NSA, and by Snowden, who issued a rare public statement saying it had vindicated his disclosures. It is also likely to influence other legal challenges to the NSA, currently working their way through federal courts.
  • In Monday’s ruling, the judge concluded that the pair's constitutional challenge was likely to be successful. In what was the only comfort to the NSA in a stinging judgment, Leon put the ruling on hold, pending an appeal by the government. Leon expressed doubt about the central rationale for the program cited by the NSA: that it is necessary for preventing terrorist attacks. “The government does not cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack,” he wrote.
  • Leon’s opinion contained stern and repeated warnings that he was inclined to rule that the metadata collection performed by the NSA – and defended vigorously by the NSA director Keith Alexander on CBS on Sunday night – was unconstitutional. “Plaintiffs have a substantial likelihood of showing that their privacy interests outweigh the government’s interest in collecting and analysing bulk telephony metadata and therefore the NSA’s bulk collection program is indeed an unreasonable search under the fourth amendment,” he wrote. Leon said that the mass collection of phone metadata, revealed by the Guardian in June, was "indiscriminatory" and "arbitrary" in its scope. "The almost-Orwellian technology that enables the government to store and analyze the phone metadata of every telephone user in the United States is unlike anything that could have been conceived in 1979," he wrote, referring to the year in which the US supreme court ruled on a fourth amendment case upon which the NSA now relies to justify the bulk records program.
  • ...5 more annotations...
  • In a statement, Snowden said the ruling justified his disclosures. “I acted on my belief that the NSA's mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts," he said in comments released through Glenn Greenwald, the former Guardian journalist who received leaked documents from Snowden. "Today, a secret program authorised by a secret court was, when exposed to the light of day, found to violate Americans’ rights. It is the first of many.”
  • In his ruling, Judge Leon expressly rejected the government’s claim that the 1979 supreme court case, Smith v Maryland, which the NSA and the Obama administration often cite to argue that there is no reasonable expectation of privacy over metadata, applies in the NSA’s bulk-metadata collection. The mass surveillance program differs so much from the one-time request dealt with by the 1979 case that it was of “little value” in assessing whether the metadata dragnet constitutes a fourth amendment search.
  • In a decision likely to influence other federal courts hearing similar arguments from the ACLU, Leon wrote that the Guardian’s disclosure of the NSA’s bulk telephone records collection means that citizens now have standing to challenge it in court, since they can demonstrate for the first time that the government is collecting their phone data.
  • Leon also struck a blow for judicial review of government surveillance practices even when Congress explicitly restricts the ability of citizens to sue for relief. “While Congress has great latitude to create statutory schemes like Fisa,” he wrote, referring to the seminal 1978 surveillance law, “it may not hang a cloak of secrecy over the constitution.”
  • In his ruling on Monday, Judge Leon predicted the process would take six months. He urged the government to take that time to prepare for an eventual defeat. “I fully expect that during the appellate process, which will consume at least the next six months, the government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld,” wrote Leon in his opinion. “Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions.”
  • Paul Merrell on 17 Dec 13
     
    This is the case I thought was the weakest because of poor drafting in the complaint. The judge noted those issues in dismissing the plaintiffs' claims under the Administrative Procedures Act, but picked his way through what remained to find sufficient allegations to support the 4th Amendment challenge. Because he ruled for the plaintiffs on the 4th Amendment count, the judge did not reach the plaintiffs' arguments under the First and Fifth Amendments. This case is about cellphone call metadata, which the FISA Court has been ordering cell phone companies to provide every day, with the orders updated every 90 days. The judge's 68-page opinion is at https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2013cv0881-40 (cleaner copy than the Guardian's, which was apparently faxed). Notably, the judge, Richard Leon, is a Bush II appointee and one of the plaintiffs is a prominent conservative civil libertarian lawyer. The other plaintiff is the father of an NSA cryptologist who worked closely with SEAL Team 6 and was killed along with members of that team when their helicopter crashed in Afghanistan. I'll add some more in a comment. But digital privacy is not yet dead.
  • Paul Merrell on 17 Dec 13
     
    Unfortunately, DRM is not dead yet either and the court's PDF file is locked. No easy copying of its content. If you want to jump directly to the discussion of 4th Amendment issues, go to page 35. That way, you can skip past all the dreary discussion of the Administrative Procedures Act claim and you won't miss much that's memorable. In ruling on the plaintiffs' standing to raise the 4th Amendment claim, Judge Leon postulated two possible search issues: [i] the bulk daily collection of metadata and its retention in the database for five years; and [ii] the analysis of that data through the NSA's querying process. The judge had no difficulty with the first issue; it definitely qualifies as a search. But the judge rejected the plaintiffs' argument on the second type (which was lame), demonstrating that at least one federal judge understands how computers work. The government's filings indicated that a "seed" telephone number or other identifier is used as the query string. Judge Leon figured out for himself from this fact that the NSA of necessity had to compare that number or identifier to every number or identifier in its database looking for a match. The judge concluded that the plaintiffs' metadata --- indeed everyone's metadata --- had to be searched for comparison purposes *every* time the NSA analysts ran any query against the database. See his incisive discussion at pp. 39-41. So having established that two searches were involved, one every time the NSA queried the database, the judge moved on to the next question, whether "the plaintiffs had a reasonable expectation of privacy that is violated when the Government indiscriminately collects their telephony metadata along with the metadata of hundreds of millions of other citizens without any particularized suspicion of wrongdoing, retains that metadata for five years, and then queries, analyzes, and investigates that data without prior judicial approval of the investigative targets." pg. 43. More later
‹ Previous 21 - 40 of 192 Next › Last »
Showing 20 items per page