Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged metadata

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

How the NSA is still harvesting your online data | World news | guardian.co.uk - 0 views

www.guardian.co.uk/...nsa-online-metadata-collection

surveillance state NSA Obama lies EvilOlive ShellTrumpet MoonLightPath Spinneret xKeyScore Deep Dive Transient Thurible

shared by Paul Merrell on 30 Jun 13 - No Cached
  • A review of top-secret NSA documents suggests that the surveillance agency still collects and sifts through large quantities of Americans' online data – despite the Obama administration's insistence that the program that began under Bush ended in 2011.Shawn Turner, the Obama administration's director of communications for National Intelligence, told the Guardian that "the internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted."But the documents indicate that the amount of internet metadata harvested, viewed, processed and overseen by the Special Source Operations (SSO) directorate inside the NSA is extensive.While there is no reference to any specific program currently collecting purely domestic internet metadata in bulk, it is clear that the agency collects and analyzes significant amounts of data from US communications systems in the course of monitoring foreign targets.
  • On December 26 2012, SSO announced what it described as a new capability to allow it to collect far more internet traffic and data than ever before. With this new system, the NSA is able to direct more than half of the internet traffic it intercepts from its collection points into its own repositories. One end of the communications collected are inside the United States.The NSA called it the "One-End Foreign (1EF) solution". It intended the program, codenamed EvilOlive, for "broadening the scope" of what it is able to collect. It relied, legally, on "FAA Authority", a reference to the 2008 Fisa Amendments Act that relaxed surveillance restrictions.This new system, SSO stated in December, enables vastly increased collection by the NSA of internet traffic. "The 1EF solution is allowing more than 75% of the traffic to pass through the filter," the SSO December document reads. "This milestone not only opened the aperture of the access but allowed the possibility for more traffic to be identified, selected and forwarded to NSA repositories."
  • It continued: "After the EvilOlive deployment, traffic has literally doubled."The scale of the NSA's metadata collection is highlighted by references in the documents to another NSA program, codenamed ShellTrumpet.On December 31, 2012, an SSO official wrote that ShellTrumpet had just "processed its One Trillionth metadata record".
  • ...4 more annotations...
  • Explaining that the five-year old program "began as a near-real-time metadata analyzer … for a classic collection system", the SSO official noted: "In its five year history, numerous other systems from across the Agency have come to use ShellTrumpet's processing capabilities for performance monitoring" and other tasks, such as "direct email tip alerting."Almost half of those trillion pieces of internet metadata were processed in 2012, the document detailed: "though it took five years to get to the one trillion mark, almost half of this volume was processed in this calendar year".
  • Another SSO entry, dated February 6, 2013, described ongoing plans to expand metadata collection. A joint surveillance collection operation with an unnamed partner agency yielded a new program "to query metadata" that was "turned on in the Fall 2012". Two others, called MoonLightPath and Spinneret, "are planned to be added by September 2013."A substantial portion of the internet metadata still collected and analyzed by the NSA comes from allied governments, including its British counterpart, GCHQ.
  • An SSO entry dated September 21, 2012, announced that "Transient Thurible, a new Government Communications Head Quarters (GCHQ) managed XKeyScore (XKS) Deep Dive was declared operational." The entry states that GCHQ "modified" an existing program so the NSA could "benefit" from what GCHQ harvested."Transient Thurible metadata [has been] flowing into NSA repositories since 13 August 2012," the entry states.
  • A review of top-secret NSA documents suggests that the surveillance agency still collects and sifts through large quantities of Americans' online data – despite the Obama administration's insistence that the program that began under Bush ended in 2011.Shawn Turner, the Obama administration's director of communications for National Intelligence, told the Guardian that "the internet metadata collection program authorized by the Fisa court was discontinued in 2011 for operational and resource reasons and has not been restarted."But the documents indicate that the amount of internet metadata harvested, viewed, processed and overseen by the Special Source Operations (SSO) directorate inside the NSA is extensive.While there is no reference to any specific program currently collecting purely domestic internet metadata in bulk, it is clear that the agency collects and analyzes significant amounts of data from US communications systems in the course of monitoring foreign targets.
Paul Merrell

From Radio to Porn, British Spies Track Web Users' Online Identities - 0 views

theintercept.com/...ck-web-users-online-identities

surveillance state GCHQ Black-Hole

shared by Paul Merrell on 27 Sep 15 - No Cached
  • HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.
  • Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities.
  • The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant
  • ...17 more annotations...
  • A huge volume of the Internet data GCHQ collects flows directly into a massive repository named Black Hole, which is at the core of the agency’s online spying operations, storing raw logs of intercepted material before it has been subject to analysis. Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about ordinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion “events” — a term the agency uses to refer to metadata records — with about 10 billion new entries added every day. As of March 2009, the largest slice of data Black Hole held — 41 percent — was about people’s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.
  • Throughout this period, as smartphone sales started to boom, the frequency of people’s Internet use was steadily increasing. In tandem, British spies were working frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositories to handle an avalanche of new data. By 2010, according to the documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perform what it called “population-scale” data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it said would be, by 2013, “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.”
  • A document from the GCHQ target analysis center (GTAC) shows the Black Hole repository’s structure.
  • The data is searched by GCHQ analysts in a hunt for behavior online that could be connected to terrorism or other criminal activity. But it has also served a broader and more controversial purpose — helping the agency hack into European companies’ computer networks. In the lead up to its secret mission targeting Netherlands-based Gemalto, the largest SIM card manufacturer in the world, GCHQ used MUTANT BROTH in an effort to identify the company’s employees so it could hack into their computers. The system helped the agency analyze intercepted Facebook cookies it believed were associated with Gemalto staff located at offices in France and Poland. GCHQ later successfully infiltrated Gemalto’s internal networks, stealing encryption keys produced by the company that protect the privacy of cell phone communications.
  • Similarly, MUTANT BROTH proved integral to GCHQ’s hack of Belgian telecommunications provider Belgacom. The agency entered IP addresses associated with Belgacom into MUTANT BROTH to uncover information about the company’s employees. Cookies associated with the IPs revealed the Google, Yahoo, and LinkedIn accounts of three Belgacom engineers, whose computers were then targeted by the agency and infected with malware. The hacking operation resulted in GCHQ gaining deep access into the most sensitive parts of Belgacom’s internal systems, granting British spies the ability to intercept communications passing through the company’s networks.
  • In March, a U.K. parliamentary committee published the findings of an 18-month review of GCHQ’s operations and called for an overhaul of the laws that regulate the spying. The committee raised concerns about the agency gathering what it described as “bulk personal datasets” being held about “a wide range of people.” However, it censored the section of the report describing what these “datasets” contained, despite acknowledging that they “may be highly intrusive.” The Snowden documents shine light on some of the core GCHQ bulk data-gathering programs that the committee was likely referring to — pulling back the veil of secrecy that has shielded some of the agency’s most controversial surveillance operations from public scrutiny. KARMA POLICE and MUTANT BROTH are among the key bulk collection systems. But they do not operate in isolation — and the scope of GCHQ’s spying extends far beyond them.
  • The agency operates a bewildering array of other eavesdropping systems, each serving its own specific purpose and designated a unique code name, such as: SOCIAL ANTHROPOID, which is used to analyze metadata on emails, instant messenger chats, social media connections and conversations, plus “telephony” metadata about phone calls, cell phone locations, text and multimedia messages; MEMORY HOLE, which logs queries entered into search engines and associates each search with an IP address; MARBLED GECKO, which sifts through details about searches people have entered into Google Maps and Google Earth; and INFINITE MONKEYS, which analyzes data about the usage of online bulletin boards and forums. GCHQ has other programs that it uses to analyze the content of intercepted communications, such as the full written body of emails and the audio of phone calls. One of the most important content collection capabilities is TEMPORA, which mines vast amounts of emails, instant messages, voice calls and other communications and makes them accessible through a Google-style search tool named XKEYSCORE.
  • As of September 2012, TEMPORA was collecting “more than 40 billion pieces of content a day” and it was being used to spy on people across Europe, the Middle East, and North Africa, according to a top-secret memo outlining the scope of the program. The existence of TEMPORA was first revealed by The Guardian in June 2013. To analyze all of the communications it intercepts and to build a profile of the individuals it is monitoring, GCHQ uses a variety of different tools that can pull together all of the relevant information and make it accessible through a single interface. SAMUEL PEPYS is one such tool, built by the British spies to analyze both the content and metadata of emails, browsing sessions, and instant messages as they are being intercepted in real time. One screenshot of SAMUEL PEPYS in action shows the agency using it to monitor an individual in Sweden who visited a page about GCHQ on the U.S.-based anti-secrecy website Cryptome.
  • Partly due to the U.K.’s geographic location — situated between the United States and the western edge of continental Europe — a large amount of the world’s Internet traffic passes through its territory across international data cables. In 2010, GCHQ noted that what amounted to “25 percent of all Internet traffic” was transiting the U.K. through some 1,600 different cables. The agency said that it could “survey the majority of the 1,600” and “select the most valuable to switch into our processing systems.”
  • According to Joss Wright, a research fellow at the University of Oxford’s Internet Institute, tapping into the cables allows GCHQ to monitor a large portion of foreign communications. But the cables also transport masses of wholly domestic British emails and online chats, because when anyone in the U.K. sends an email or visits a website, their computer will routinely send and receive data from servers that are located overseas. “I could send a message from my computer here [in England] to my wife’s computer in the next room and on its way it could go through the U.S., France, and other countries,” Wright says. “That’s just the way the Internet is designed.” In other words, Wright adds, that means “a lot” of British data and communications transit across international cables daily, and are liable to be swept into GCHQ’s databases.
  • A map from a classified GCHQ presentation about intercepting communications from undersea cables. GCHQ is authorized to conduct dragnet surveillance of the international data cables through so-called external warrants that are signed off by a government minister. The external warrants permit the agency to monitor communications in foreign countries as well as British citizens’ international calls and emails — for example, a call from Islamabad to London. They prohibit GCHQ from reading or listening to the content of “internal” U.K. to U.K. emails and phone calls, which are supposed to be filtered out from GCHQ’s systems if they are inadvertently intercepted unless additional authorization is granted to scrutinize them. However, the same rules do not apply to metadata. A little-known loophole in the law allows GCHQ to use external warrants to collect and analyze bulk metadata about the emails, phone calls, and Internet browsing activities of British people, citizens of closely allied countries, and others, regardless of whether the data is derived from domestic U.K. to U.K. communications and browsing sessions or otherwise. In March, the existence of this loophole was quietly acknowledged by the U.K. parliamentary committee’s surveillance review, which stated in a section of its report that “special protection and additional safeguards” did not apply to metadata swept up using external warrants and that domestic British metadata could therefore be lawfully “returned as a result of searches” conducted by GCHQ.
  • Perhaps unsurprisingly, GCHQ appears to have readily exploited this obscure legal technicality. Secret policy guidance papers issued to the agency’s analysts instruct them that they can sift through huge troves of indiscriminately collected metadata records to spy on anyone regardless of their nationality. The guidance makes clear that there is no exemption or extra privacy protection for British people or citizens from countries that are members of the Five Eyes, a surveillance alliance that the U.K. is part of alongside the U.S., Canada, Australia, and New Zealand. “If you are searching a purely Events only database such as MUTANT BROTH, the issue of location does not occur,” states one internal GCHQ policy document, which is marked with a “last modified” date of July 2012. The document adds that analysts are free to search the databases for British metadata “without further authorization” by inputing a U.K. “selector,” meaning a unique identifier such as a person’s email or IP address, username, or phone number. Authorization is “not needed for individuals in the U.K.,” another GCHQ document explains, because metadata has been judged “less intrusive than communications content.” All the spies are required to do to mine the metadata troves is write a short “justification” or “reason” for each search they conduct and then click a button on their computer screen.
  • Intelligence GCHQ collects on British persons of interest is shared with domestic security agency MI5, which usually takes the lead on spying operations within the U.K. MI5 conducts its own extensive domestic surveillance as part of a program called DIGINT (digital intelligence).
  • GCHQ’s documents suggest that it typically retains metadata for periods of between 30 days to six months. It stores the content of communications for a shorter period of time, varying between three to 30 days. The retention periods can be extended if deemed necessary for “cyber defense.” One secret policy paper dated from January 2010 lists the wide range of information the agency classes as metadata — including location data that could be used to track your movements, your email, instant messenger, and social networking “buddy lists,” logs showing who you have communicated with by phone or email, the passwords you use to access “communications services” (such as an email account), and information about websites you have viewed.
  • Records showing the full website addresses you have visited — for instance, www.gchq.gov.uk/what_we_do — are treated as content. But the first part of an address you have visited — for instance, www.gchq.gov.uk — is treated as metadata. In isolation, a single metadata record of a phone call, email, or website visit may not reveal much about a person’s private life, according to Ethan Zuckerman, director of Massachusetts Institute of Technology’s Center for Civic Media. But if accumulated and analyzed over a period of weeks or months, these details would be “extremely personal,” he told The Intercept, because they could reveal a person’s movements, habits, religious beliefs, political views, relationships, and even sexual preferences. For Zuckerman, who has studied the social and political ramifications of surveillance, the most concerning aspect of large-scale government data collection is that it can be “corrosive towards democracy” — leading to a chilling effect on freedom of expression and communication. “Once we know there’s a reasonable chance that we are being watched in one fashion or another it’s hard for that not to have a ‘panopticon effect,’” he said, “where we think and behave differently based on the assumption that people may be watching and paying attention to what we are doing.”
  • When compared to surveillance rules in place in the U.S., GCHQ notes in one document that the U.K. has “a light oversight regime.” The more lax British spying regulations are reflected in secret internal rules that highlight greater restrictions on how NSA databases can be accessed. The NSA’s troves can be searched for data on British citizens, one document states, but they cannot be mined for information about Americans or other citizens from countries in the Five Eyes alliance. No such constraints are placed on GCHQ’s own databases, which can be sifted for records on the phone calls, emails, and Internet usage of Brits, Americans, and citizens from any other country. The scope of GCHQ’s surveillance powers explain in part why Snowden told The Guardian in June 2013 that U.K. surveillance is “worse than the U.S.” In an interview with Der Spiegel in July 2013, Snowden added that British Internet cables were “radioactive” and joked: “Even the Queen’s selfies to the pool boy get logged.”
  • In recent years, the biggest barrier to GCHQ’s mass collection of data does not appear to have come in the form of legal or policy restrictions. Rather, it is the increased use of encryption technology that protects the privacy of communications that has posed the biggest potential hindrance to the agency’s activities. “The spread of encryption … threatens our ability to do effective target discovery/development,” says a top-secret report co-authored by an official from the British agency and an NSA employee in 2011. “Pertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,” the report says, adding that the agencies were working on a plan that would “(hopefully) allow our Internet Exploitation strategy to prevail.”
Paul Merrell

NSA phone surveillance program likely unconstitutional, federal judge rules | World new... - 0 views

www.theguardian.com/...-likely-unconstitutional-judge

surveillance state NSA call-metadata litigation 4th Amendment constitutional law NSA-blowback

shared by Paul Merrell on 17 Dec 13 - No Cached
  • A federal judge in Washington ruled on Monday that the bulk collection of Americans’ telephone records by the National Security Agency is likely to violate the US constitution, in the most significant legal setback for the agency since the publication of the first surveillance disclosures by the whistleblower Edward Snowden. Judge Richard Leon declared that the mass collection of metadata probably violates the fourth amendment, which prohibits unreasonable searches and seizures, and was "almost Orwellian" in its scope. In a judgment replete with literary swipes against the NSA, he said James Madison, the architect of the US constitution, would be "aghast" at the scope of the agency’s collection of Americans' communications data. The ruling, by the US district court for the District of Columbia, is a blow to the Obama administration, and sets up a legal battle that will drag on for months, almost certainly destined to end up in the supreme court. It was welcomed by campaigners pressing to rein in the NSA, and by Snowden, who issued a rare public statement saying it had vindicated his disclosures. It is also likely to influence other legal challenges to the NSA, currently working their way through federal courts.
  • In Monday’s ruling, the judge concluded that the pair's constitutional challenge was likely to be successful. In what was the only comfort to the NSA in a stinging judgment, Leon put the ruling on hold, pending an appeal by the government. Leon expressed doubt about the central rationale for the program cited by the NSA: that it is necessary for preventing terrorist attacks. “The government does not cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack,” he wrote.
  • Leon’s opinion contained stern and repeated warnings that he was inclined to rule that the metadata collection performed by the NSA – and defended vigorously by the NSA director Keith Alexander on CBS on Sunday night – was unconstitutional. “Plaintiffs have a substantial likelihood of showing that their privacy interests outweigh the government’s interest in collecting and analysing bulk telephony metadata and therefore the NSA’s bulk collection program is indeed an unreasonable search under the fourth amendment,” he wrote. Leon said that the mass collection of phone metadata, revealed by the Guardian in June, was "indiscriminatory" and "arbitrary" in its scope. "The almost-Orwellian technology that enables the government to store and analyze the phone metadata of every telephone user in the United States is unlike anything that could have been conceived in 1979," he wrote, referring to the year in which the US supreme court ruled on a fourth amendment case upon which the NSA now relies to justify the bulk records program.
  • ...5 more annotations...
  • In a statement, Snowden said the ruling justified his disclosures. “I acted on my belief that the NSA's mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts," he said in comments released through Glenn Greenwald, the former Guardian journalist who received leaked documents from Snowden. "Today, a secret program authorised by a secret court was, when exposed to the light of day, found to violate Americans’ rights. It is the first of many.”
  • In his ruling, Judge Leon expressly rejected the government’s claim that the 1979 supreme court case, Smith v Maryland, which the NSA and the Obama administration often cite to argue that there is no reasonable expectation of privacy over metadata, applies in the NSA’s bulk-metadata collection. The mass surveillance program differs so much from the one-time request dealt with by the 1979 case that it was of “little value” in assessing whether the metadata dragnet constitutes a fourth amendment search.
  • In a decision likely to influence other federal courts hearing similar arguments from the ACLU, Leon wrote that the Guardian’s disclosure of the NSA’s bulk telephone records collection means that citizens now have standing to challenge it in court, since they can demonstrate for the first time that the government is collecting their phone data.
  • Leon also struck a blow for judicial review of government surveillance practices even when Congress explicitly restricts the ability of citizens to sue for relief. “While Congress has great latitude to create statutory schemes like Fisa,” he wrote, referring to the seminal 1978 surveillance law, “it may not hang a cloak of secrecy over the constitution.”
  • In his ruling on Monday, Judge Leon predicted the process would take six months. He urged the government to take that time to prepare for an eventual defeat. “I fully expect that during the appellate process, which will consume at least the next six months, the government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld,” wrote Leon in his opinion. “Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions.”
  • Paul Merrell on 17 Dec 13
     
    This is the case I thought was the weakest because of poor drafting in the complaint. The judge noted those issues in dismissing the plaintiffs' claims under the Administrative Procedures Act, but picked his way through what remained to find sufficient allegations to support the 4th Amendment challenge. Because he ruled for the plaintiffs on the 4th Amendment count, the judge did not reach the plaintiffs' arguments under the First and Fifth Amendments. This case is about cellphone call metadata, which the FISA Court has been ordering cell phone companies to provide every day, with the orders updated every 90 days. The judge's 68-page opinion is at https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2013cv0881-40 (cleaner copy than the Guardian's, which was apparently faxed). Notably, the judge, Richard Leon, is a Bush II appointee and one of the plaintiffs is a prominent conservative civil libertarian lawyer. The other plaintiff is the father of an NSA cryptologist who worked closely with SEAL Team 6 and was killed along with members of that team when their helicopter crashed in Afghanistan. I'll add some more in a comment. But digital privacy is not yet dead.
  • Paul Merrell on 17 Dec 13
     
    Unfortunately, DRM is not dead yet either and the court's PDF file is locked. No easy copying of its content. If you want to jump directly to the discussion of 4th Amendment issues, go to page 35. That way, you can skip past all the dreary discussion of the Administrative Procedures Act claim and you won't miss much that's memorable. In ruling on the plaintiffs' standing to raise the 4th Amendment claim, Judge Leon postulated two possible search issues: [i] the bulk daily collection of metadata and its retention in the database for five years; and [ii] the analysis of that data through the NSA's querying process. The judge had no difficulty with the first issue; it definitely qualifies as a search. But the judge rejected the plaintiffs' argument on the second type (which was lame), demonstrating that at least one federal judge understands how computers work. The government's filings indicated that a "seed" telephone number or other identifier is used as the query string. Judge Leon figured out for himself from this fact that the NSA of necessity had to compare that number or identifier to every number or identifier in its database looking for a match. The judge concluded that the plaintiffs' metadata --- indeed everyone's metadata --- had to be searched for comparison purposes *every* time the NSA analysts ran any query against the database. See his incisive discussion at pp. 39-41. So having established that two searches were involved, one every time the NSA queried the database, the judge moved on to the next question, whether "the plaintiffs had a reasonable expectation of privacy that is violated when the Government indiscriminately collects their telephony metadata along with the metadata of hundreds of millions of other citizens without any particularized suspicion of wrongdoing, retains that metadata for five years, and then queries, analyzes, and investigates that data without prior judicial approval of the investigative targets." pg. 43. More later
Paul Merrell

Germany's Spies Store 11 Billion Pieces Of Phone Metadata A Year -- And Pass On 6 Billi... - 0 views

www.techdirt.com/...ar-pass-6-billion-to-nsa.shtml

surveillance state NSA Germany BND phone-metadata

shared by Paul Merrell on 07 Feb 15 - No Cached
  • Given Germany's high-profile attachment to privacy, it's always interesting to hear about ways in which its spies have been ignoring that tradition. Here, for example, is a story in the German newspaper Die Zeit about the country's foreign intelligence agency BND gathering metadata from millions of phone records every day: Zeit Online has learned from secret BND documents that five agency locations are involved in gathering huge amounts of metadata. Metadata vacuumed up across the world -- 220 million pieces of it every single day -- flows into BND branch offices in the German towns of Schöningen, Reinhausen, Bad Aibling and Gablingen. There, they are stored for between a week and six months and sorted according to still-unknown criteria. Exactly where the BND obtains the data remains unclear. The Bundestag [German parliament] committee investigating the NSA spying scandal has uncovered that the German intelligence agency intercepts communications traveling via both satellites and Internet cables. The 220 million metadata are only one part of what is amassed from these eavesdropping activities. It is certain that the metadata only come from "foreign dialed traffic," in other words, from telephone conversations and text messages that are held and sent via mobile telephony and satellites.
  • As in the US and UK, the German spies attempt to pull the "it's only metadata, so it's not surveillance" trick: Many people don't realize how much information can be derived from metadata -- and the BND is working hard to keep it that way. For example, during hearings before the Bundestag committee investigating the NSA affair, intelligence officials have consistently spoken about "routine traffic" whenever they have actually meant metadata. Given that the German word for "traffic" is the same as that for "intercourse," this has sounded more like bad sex and has aimed to obscure the fact that hidden behind it was comprehensive, groundless and massive surveillance. What's more, the officials have argued that they are permitted to vacuum up this kind of routine traffic all over the world without any restrictions and to use it as they see fit. However, Peter Schaar doesn't share this view at all. Instead, the German government's former commissioner for data protection and freedom of information believes that metadata should also be protected by the basic right of privacy of correspondence, posts and telecommunications guaranteed by Article 10 of Germany’s Basic Law.
  • This long and interesting report is important for the insight it gives us about what the BND is up to -- despite Germany's stringent laws -- as well as the news that the German intelligence service passes 500 million pieces of metadata to the NSA every month. General Michael Hayden, former director of the NSA and the CIA, famously said: "We kill people based on metadata." That means privacy-loving Germany could be implicated in some of those deaths. And there's another aspect to the story worth noting. Nowhere does Die Zeit say that this information comes from Edward Snowden. Once again, it looks as if his example is inspiring others to shine a little light on the murky world of surveillance.
Paul Merrell

U.S. surveillance architecture includes collection of revealing Internet, phone metadat... - 0 views

www.washingtonpost.com/...2-b05f-3ea3f0e7bb5a_print.html

surveillance state NSA must-read pen-register

shared by Paul Merrell on 19 Jun 13 - No Cached
  • On March 12, 2004, acting attorney general James B. Comey and the Justice Department’s top leadership reached the brink of resignation over electronic surveillance orders that they believed to be illegal. President George W. Bush backed down, halting secret foreign-intelligence-gathering operations that had crossed into domestic terrain. That morning marked the beginning of the end of STELLARWIND, the cover name for a set of four surveillance programs that brought Americans and American territory within the domain of the National Security Agency for the first time in decades. It was also a prelude to new legal structures that allowed Bush and then President Obama to reproduce each of those programs and expand their reach.What exactly STELLARWIND did has never been disclosed in an unclassified form. Which parts of it did Comey approve? Which did he shut down? What became of the programs when the crisis passed and Comey, now Obama’s expected nominee for FBI director, returned to private life?Authoritative new answers to those questions, drawing upon a classified NSA history of STELLARWIND and interviews with high-ranking intelligence officials, offer the clearest map yet of the Bush-era programs and the NSA’s contemporary U.S. operations.STELLARWIND was succeeded by four major lines of intelligence collection in the territorial United States, together capable of spanning the full range of modern telecommunications, according to the interviews and documents.
  • Two of the four collection programs, one each for telephony and the Internet, process trillions of “metadata” records for storage and analysis in systems called MAINWAY and MARINA, respectively. Metadata includes highly revealing information about the times, places, devices and participants in electronic communication, but not its contents. The bulk collection of telephone call records from Verizon Business Services, disclosed this month by the British newspaper the Guardian, is one source of raw intelligence for MAINWAY.The other two types of collection, which operate on a much smaller scale, are aimed at content. One of them intercepts telephone calls and routes the spoken words to a system called ­NUCLEON.For Internet content, the most important source collection is the PRISM project reported on June 6 by The Washington Post and the Guardian. It draws from data held by Google, Yahoo, Microsoft and other Silicon Valley giants, collectively the richest depositories of personal information in history.
  • The debate has focused on two of the four U.S.-based collection programs: PRISM, for Internet content, and the comprehensive collection of telephone call records, foreign and domestic, that the Guardian revealed by posting a classified order from the Foreign Intelligence Surveillance Court to Verizon Business Services.The Post has learned that similar orders have been renewed every three months for other large U.S. phone companies, including Bell South and AT&T, since May 24, 2006. On that day, the surveillance court made a fundamental shift in its approach to Section 215 of the Patriot Act, which permits the FBI to compel production of “business records” that are relevant to a particular terrorism investigation and to share those in some circumstances with the NSA. Henceforth, the court ruled, it would define the relevant business records as the entirety of a telephone company’s call database.The Bush administration, by then, had been taking “bulk metadata” from the phone companies under voluntary agreements for more than four years. The volume of information overwhelmed the MAINWAY database, according to a classified report from the NSA inspector general in 2009. The agency spent $146 million in supplemental counterterrorism funds to buy new hardware and contract support — and to make unspecified payments to the phone companies for “collaborative partnerships.”When the New York Times revealed the warrantless surveillance of voice calls, in December 2005, the telephone companies got nervous. One of them, unnamed in the report, approached the NSA with a request. Rather than volunteer the data, at a price, the “provider preferred to be compelled to do so by a court order,” the report said. Other companies followed suit. The surveillance court order that recast the meaning of business records “essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had” under Bush’s asserted authority alone.
  • ...3 more annotations...
  • Telephone metadata was not the issue that sparked a rebellion at the Justice Department, first by Jack Goldsmith of the Office of Legal Counsel and then by Comey, who was acting attorney general because John D. Ashcroft was in intensive care with acute gallstone pancreatitis. It was Internet metadata.At Bush’s direction, in orders prepared by David Addington, the counsel to Vice President Richard B. Cheney, the NSA had been siphoning e-mail metadata and technical records of Skype calls from data links owned by AT&T, Sprint and MCI, which later merged with Verizon.For reasons unspecified in the report, Goldsmith and Comey became convinced that Bush had no lawful authority to do that.MARINA and the collection tools that feed it are probably the least known of the NSA’s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls.The NSA calls Internet metadata “digital network information.” Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects. Depending on the methods applied, it can also expose medical conditions, political or religious affiliations, confidential business negotiations and extramarital affairs.What permits the former and prevents the latter is a complex set of policies that the public is not permitted to see.
  • In the urgent aftermath of Sept. 11, 2001, with more attacks thought to be imminent, analysts wanted to use “contact chaining” techniques to build what the NSA describes as network graphs of people who represented potential threats.The legal challenge for the NSA was that its practice of collecting high volumes of data from digital links did not seem to meet even the relatively low requirements of Bush’s authorization, which allowed collection of Internet metadata “for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States,” the NSA inspector general’s report said.Lawyers for the agency came up with an interpretation that said the NSA did not “acquire” the communications, a term with formal meaning in surveillance law, until analysts ran searches against it. The NSA could “obtain” metadata in bulk, they argued, without meeting the required standards for acquisition.Goldsmith and Comey did not buy that argument, and a high-ranking U.S. intelligence official said the NSA does not rely on it today.As soon as surveillance data “touches us, we’ve got it, whatever verbs you choose to use,” the official said in an interview. “We’re not saying there’s a magic formula that lets us have it without having it.”
  • When Comey finally ordered a stop to the program, Bush signed an order renewing it anyway. Comey, Goldsmith, FBI Director Robert S. Mueller III and most of the senior Bush appointees in the Justice Department began drafting letters of resignation.Then-NSA Director Michael V. Hayden was not among them. According to the inspector general’s classified report, Cheney’s lawyer, Addington, placed a phone call and “General Hayden had to decide whether NSA would execute the Authorization without the Attorney General’s signature.” He decided to go along.The following morning, when Mueller told Bush that he and Comey intended to resign, the president reversed himself.Three months later, on July 15, the secret surveillance court allowed the NSA to resume bulk collection under the court’s own authority. The opinion, which remains highly classified, was based on a provision of electronic surveillance law, known as “pen register, trap and trace,” that was written to allow law enforcement officers to obtain the phone numbers of incoming and outgoing calls from a single telephone line.
  • Paul Merrell on 19 Jun 13
     
    Note particularly the mention that the FISA Court decision to throw the doors open for government snooping was based on "pen register, trap and trace" law. As suspected, now we are into territory dealt with by the Supreme Court in the pre-internet days of 1979 In Smith v. Maryland, 442 U.S. 735 (1979), More about that next, in a bookmark also tagged with "pen-register".
Paul Merrell

'We Kill People Based on Metadata' by David Cole | NYRblog | The New York Review of Books - 0 views

www.nybooks.com/...we-kill-people-based-metadata

surveillance state NSA CIA Hayden metadata

shared by Paul Merrell on 19 Jul 14 - No Cached
  • Of course knowing the content of a call can be crucial to establishing a particular threat. But metadata alone can provide an extremely detailed picture of a person’s most intimate associations and interests, and it’s actually much easier as a technological matter to search huge amounts of metadata than to listen to millions of phone calls. As NSA General Counsel Stewart Baker has said, “metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.” When I quoted Baker at a recent debate at Johns Hopkins University, my opponent, General Michael Hayden, former director of the NSA and the CIA, called Baker’s comment “absolutely correct,” and raised him one, asserting, “We kill people based on metadata.”
  • Paul Merrell on 19 Jul 14
     
    "We kill people based on metadata." Trial by Metadata replaces Trial by Jury? 
Paul Merrell

Canadian Spies Collect Domestic Emails in Secret Security Sweep - The Intercept - 0 views

firstlook.org/...ony-express-email-surveillance

surveillance state Canada CSE bulk-collection email

shared by Paul Merrell on 27 Feb 15 - No Cached
  • Canada’s electronic surveillance agency is covertly monitoring vast amounts of Canadians’ emails as part of a sweeping domestic cybersecurity operation, according to top-secret documents. The surveillance initiative, revealed Wednesday by CBC News in collaboration with The Intercept, is sifting through millions of emails sent to Canadian government agencies and departments, archiving details about them on a database for months or even years. The data mining operation is carried out by the Communications Security Establishment, or CSE, Canada’s equivalent of the National Security Agency. Its existence is disclosed in documents obtained by The Intercept from NSA whistleblower Edward Snowden. The emails are vacuumed up by the Canadian agency as part of its mandate to defend against hacking attacks and malware targeting government computers. It relies on a system codenamed PONY EXPRESS to analyze the messages in a bid to detect potential cyber threats.
  • Last year, CSE acknowledged it collected some private communications as part of cybersecurity efforts. But it refused to divulge the number of communications being stored or to explain for how long any intercepted messages would be retained. Now, the Snowden documents shine a light for the first time on the huge scope of the operation — exposing the controversial details the government withheld from the public. Under Canada’s criminal code, CSE is not allowed to eavesdrop on Canadians’ communications. But the agency can be granted special ministerial exemptions if its efforts are linked to protecting government infrastructure — a loophole that the Snowden documents show is being used to monitor the emails. The latest revelations will trigger concerns about how Canadians’ private correspondence with government employees are being archived by the spy agency and potentially shared with police or allied surveillance agencies overseas, such as the NSA. Members of the public routinely communicate with government employees when, for instance, filing tax returns, writing a letter to a member of parliament, applying for employment insurance benefits or submitting a passport application.
  • Chris Parsons, an internet security expert with the Toronto-based internet think tank Citizen Lab, told CBC News that “you should be able to communicate with your government without the fear that what you say … could come back to haunt you in unexpected ways.” Parsons said that there are legitimate cybersecurity purposes for the agency to keep tabs on communications with the government, but he added: “When we collect huge volumes, it’s not just used to track bad guys. It goes into data stores for years or months at a time and then it can be used at any point in the future.” In a top-secret CSE document on the security operation, dated from 2010, the agency says it “processes 400,000 emails per day” and admits that it is suffering from “information overload” because it is scooping up “too much data.” The document outlines how CSE built a system to handle a massive 400 terabytes of data from Internet networks each month — including Canadians’ emails — as part of the cyber operation. (A single terabyte of data can hold about a billion pages of text, or about 250,000 average-sized mp3 files.)
  • ...1 more annotation...
  • The agency notes in the document that it is storing large amounts of “passively tapped network traffic” for “days to months,” encompassing the contents of emails, attachments and other online activity. It adds that it stores some kinds of metadata — data showing who has contacted whom and when, but not the content of the message — for “months to years.” The document says that CSE has “excellent access to full take data” as part of its cyber operations and is receiving policy support on “use of intercepted private communications.” The term “full take” is surveillance-agency jargon that refers to the bulk collection of both content and metadata from Internet traffic. Another top-secret document on the surveillance dated from 2010 suggests the agency may be obtaining at least some of the data by covertly mining it directly from Canadian Internet cables. CSE notes in the document that it is “processing emails off the wire.”
  • Paul Merrell on 27 Feb 15
     
    " CANADIAN SPIES COLLECT DOMESTIC EMAILS IN SECRET SECURITY SWEEP BY RYAN GALLAGHER AND GLENN GREENWALD @rj_gallagher@ggreenwald YESTERDAY AT 2:02 AM SHARE TWITTER FACEBOOK GOOGLE EMAIL PRINT POPULAR EXCLUSIVE: TSA ISSUES SECRET WARNING ON 'CATASTROPHIC' THREAT TO AVIATION CHICAGO'S "BLACK SITE" DETAINEES SPEAK OUT WHY DOES THE FBI HAVE TO MANUFACTURE ITS OWN PLOTS IF TERRORISM AND ISIS ARE SUCH GRAVE THREATS? NET NEUTRALITY IS HERE - THANKS TO AN UNPRECEDENTED GUERRILLA ACTIVISM CAMPAIGN HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE Canada's electronic surveillance agency is covertly monitoring vast amounts of Canadians' emails as part of a sweeping domestic cybersecurity operation, according to top-secret documents. The surveillance initiative, revealed Wednesday by CBC News in collaboration with The Intercept, is sifting through millions of emails sent to Canadian government agencies and departments, archiving details about them on a database for months or even years. The data mining operation is carried out by the Communications Security Establishment, or CSE, Canada's equivalent of the National Security Agency. Its existence is disclosed in documents obtained by The Intercept from NSA whistleblower Edward Snowden. The emails are vacuumed up by the Canadian agency as part of its mandate to defend against hacking attacks and malware targeting government computers. It relies on a system codenamed PONY EXPRESS to analyze the messages in a bid to detect potential cyber threats. Last year, CSE acknowledged it collected some private communications as part of cybersecurity efforts. But it refused to divulge the number of communications being stored or to explain for how long any intercepted messages would be retained. Now, the Snowden documents shine a light for the first time on the huge scope of the operation - exposing the controversial details the government withheld from the public. Under Canada's criminal code, CSE is no
Paul Merrell

Stanford Researchers: It Is Trivially Easy to Match Metadata to Real People - Rebecca J... - 0 views

www.theatlantic.com/...282642

surveillance state NSA lies Obama

shared by Paul Merrell on 13 Jan 14 - No Cached
  • In defending the NSA's telephony metadata collection efforts, government officials have repeatedly resorted to one seemingly significant detail: This is just metadata—numbers dialed, lengths of calls. "There are no names, there’s no content in that database," President Barack Obama told Charlie Rose in June. No names; just metadata. New research from Stanford demonstrates the silliness of that distinction. Armed with very sparse metadata, Jonathan Mayer and Patrick Mutchler found it easy—trivially so—to figure out the identity of a caller. <div><a href="http://pubads.g.doubleclick.net/gampad/jump?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drebecca-j-rosen%26title%3Dstanford-researchers-it-is-trivially-easy-to-match-metadata-to-real-people%26pos%3Din-article&sz=300x185&c=387748957&tile=3" title=""><img src="http://pubads.g.doubleclick.net/gampad/ad?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drebecca-j-rosen%26title%3Dstanford-researchers-it-is-trivially-easy-to-match-metadata-to-real-people%26pos%3Din-article&sz=300x185&c=387748957&tile=3" alt="" /></a></div> Mayer and Mutchler are running an experiment which works with volunteers who agree to use an Android app, MetaPhone, that allows the researchers access to their metadata. Now, using that data, Mayer and Mutchler say that it was hardly any trouble at all to figure out who the phone numbers belonged to, and they did it in just a few hours.
  • They write: We randomly sampled 5,000 numbers from our crowdsourced MetaPhone dataset and queried the Yelp, Google Places, and Facebook directories. With little marginal effort and just those three sources—all free and public—we matched 1,356 (27.1%) of the numbers. Specifically, there were 378 hits (7.6%) on Yelp, 684 (13.7%) on Google Places, and 618 (12.3%) on Facebook. What about if an organization were willing to put in some manpower? To conservatively approximate human analysis, we randomly sampled 100 numbers from our dataset, then ran Google searches on each. In under an hour, we were able to associate an individual or a business with 60 of the 100 numbers. When we added in our three initial sources, we were up to 73. How about if money were no object? We don’t have the budget or credentials to access a premium data aggregator, so we ran our 100 numbers with Intelius, a cheap consumer-oriented service. 74 matched.1 Between Intelius, Google search, and our three initial sources, we associated a name with 91 of the 100 numbers.
  • Their results weren't perfect (and they note that the Intelius data was particularly spotty), but they didn't even try all that hard. "If a few academic researchers can get this far this quickly, it’s difficult to believe the NSA would have any trouble identifying the overwhelming majority of American phone numbers," they conclude. It's also difficult to believe they wouldn't try. As federal district judge Richard Leon wrote in his decision last week, "There is also nothing stopping the Government from skipping the [National Security Letter] step altogether and using public databases or any of its other vast resources to match phone numbers with subscribers."
  • Paul Merrell on 13 Jan 14
     
    Another Obama/NSA lie exposed. 
Paul Merrell

US Government Labeled Al Jazeera Journalist as Al Qaeda - 0 views

firstlook.org/...al-qaeda-member-put-watch-list

surveillance state NSA Al-Jazeera metadata phone-metadata

shared by Paul Merrell on 09 May 15 - No Cached
  • The U.S. government labeled a prominent journalist as a member of Al Qaeda and placed him on a watch list of suspected terrorists, according to a top-secret document that details U.S. intelligence efforts to track Al Qaeda couriers by analyzing metadata. The briefing singles out Ahmad Muaffaq Zaidan, Al Jazeera’s longtime Islamabad bureau chief, as a member of the terrorist group. A Syrian national, Zaidan has focused his reporting throughout his career on the Taliban and Al Qaeda, and has conducted several high-profile interviews with senior Al Qaeda leaders, including Osama bin Laden.
  • The document cites Zaidan as an example to demonstrate the powers of SKYNET, a program that analyzes location and communication data (or “metadata”) from bulk call records in order to detect suspicious patterns. In the Terminator movies, SKYNET is a self-aware military computer system that launches a nuclear war to exterminate the human race, and then systematically kills the survivors. According to the presentation, the NSA uses its version of SKYNET to identify people that it believes move like couriers used by Al Qaeda’s senior leadership. The program assessed Zaidan as a likely match, which raises troubling questions about the U.S. government’s method of identifying terrorist targets based on metadata. It appears, however, that Zaidan had already been identified as an Al Qaeda member before he showed up on SKYNET’s radar. That he was already assigned a watch list number would seem to indicate that the government had a prior intelligence file on him. The Terrorist Identities Datamart Environment, or TIDE, is a U.S. government database of over one million names suspected of a connection to terrorism, which is shared across the U.S. intelligence community.
  • Peter Bergen, CNN’s national security analyst and author of several books on Al Qaeda and Osama bin Laden, told The Intercept, “I’ve known [Zaidan] for well over a decade, and he’s a first class journalist.” “He has the contacts and the access that of course no Western journalist has,” said Bergen. “But by that standard any journalist who spent time with Al Qaeda would be suspect.” Bergen himself interviewed bin Laden in 1997.
  • ...6 more annotations...
  • That presentation states that the call data is acquired from major Pakistani telecom providers, though it does not specify the technical means by which the data is obtained. The June 2012 document poses the question: “Given a handful of courier selectors, can we find others that ‘behave similarly’” by analyzing cell phone metadata? “We are looking for different people using phones in similar ways,” the presentation continues, and measuring “pattern of life, social network, and travel behavior.” For the experiment, the analysts fed 55 million cell phone records from Pakistan into the system, the document states. The results identified someone who is “PROB” — which appears to mean probably — Zaidan as the “highest scoring selector” traveling between Peshawar and Lahore.
  • According to another 2012 presentation describing SKYNET, the program looks for terrorist connections based on questions such as “who has traveled from Peshawar to Faisalabad or Lahore (and back) in the past month? Who does the traveler call when he arrives?” and behaviors such as “excessive SIM or handset swapping,” “incoming calls only,” “visits to airports,” and “overnight trips.”
  • The following slide appears to show other top hits, noting that 21 of the top 500 were previously tasked for surveillance, indicating that the program is “on the right track” to finding people of interest. A portion of that list visible on the slide includes individuals supposedly affiliated with Al Qaeda and the Taliban, as well as members of Pakistan’s spy agency, Inter-Services Intelligence. But sometimes the descriptions are vague. One selector is identified simply as “Sikh Extremist.” As other documents from Snowden revealed, drone targets are often identified in part based on metadata analysis and cell phone tracking. Former NSA director Michael Hayden famously put it more bluntly in May 2014, when he said, “we kill people based on metadata.” Metadata also played a key role in locating and killing Osama bin Laden. The CIA used cell phone calling patterns to track an Al Qaeda courier and identify bin Laden’s hiding place in Pakistan.
  • A History of Targeting Al Jazeera  The U.S. government’s surveillance of Zaidan is not the first time that it has linked Al Jazeera or its personnel to Al Qaeda. During the invasion of Afghanistan, in November 2001, the United States bombed the network’s Kabul offices. The Pentagon claimed that it was “a known al-Qaeda facility.” That was just the beginning. Sami al-Hajj, an Al Jazeera cameraman, was imprisoned by the U.S. government at Guantanamo for six years before being released in 2008 without ever being charged. He has said he was repeatedly interrogated about Al Jazeera. In 2003, Al Jazeera’s financial reporters were barred from the trading floor of the New York Stock Exchange for “security reasons.” Nasdaq soon followed suit.
  • During the invasion of Iraq, U.S. forces bombed Al Jazeera’s Baghdad offices, killing correspondent Tariq Ayoub. The U.S. insisted it was unintentional, though Al Jazeera had given the Pentagon the coordinates of the building. When American forces laid siege to Fallujah, and Al Jazeera was one of the few news organizations broadcasting from within the city, Bush administration officials accused it of airing propaganda and lies. Al Jazeera’s Fallujah correspondent, Ahmed Mansour, reported that his crew had been targeted with tanks, and the house they had stayed in had been bombed by fighter jets. So great was the suspicion of Al Jazeera’s ties to terrorism that Dennis Montgomery, a contractor who had previously tried peddling cheat-detector software to Las Vegas casinos, managed to convince the CIA that he could decode secret Al Qaeda messages from Al Jazeera broadcasts. Those “codes” reportedly caused Bush to ground a number of commercial transatlantic flights in December 2003. But the U.S. government appeared to have somewhat softened its view of the network in the last several years. The Obama administration has criticized Egypt for holding three of Al Jazeera’s journalists on charges of aiding the Muslim Brotherhood. During the height of the 2011 Arab Spring, then-Secretary of State Hillary Clinton praised the network’s coverage, saying, “Viewership of Al Jazeera is going up in the United States because it’s real news.”
  • Zaidan is still Al Jazeera’s Islamabad bureau chief, and has also reported from Syria and Yemen in recent years. Al Jazeera vigorously defended his reporting. “Our commitment to our audiences is to gain access to authentic, raw, unfiltered information from key sources and present it in an honest and responsible way.” They added that, “our journalists continue to be targeted and stigmatized by governments,” even though “Al Jazeera is not the first channel that has met with controversial figures such as bin Laden and others — prominent western media outlets were among the first to do so.”
  • Paul Merrell on 09 May 15
     
    It was crazy. I was at home in Idaho sitting there watching TV and chatting with my internet buddy in Croatia. Then the black helicopters came for me ... 
Paul Merrell

Using Metadata to find Paul Revere - Kieran Healy - 0 views

kieranhealy.org/...g-metadata-to-find-paul-revere

surveillance state NSA metadata

shared by Paul Merrell on 12 Jun 13 - No Cached
  • London, 1772. I have been asked by my superiors to give a brief demonstration of the surprising effectiveness of even the simplest techniques of the new-fangled Social Networke Analysis in the pursuit of those who would seek to undermine the liberty enjoyed by His Majesty’s subjects. This is in connection with the discussion of the role of “metadata” in certain recent events and the assurances of various respectable parties that the government was merely “sifting through this so-called metadata” and that the “information acquired does not include the content of any communications”. I will show how we can use this “metadata” to find key persons involved in terrorist groups operating within the Colonies at the present time. I shall also endeavour to show how these methods work in what might be called a relational manner.
  • Paul Merrell on 12 Jun 13
     
    It's just metadata; we're not reading your mail, they say. So it doesn't matter, right?  Wrong.
Paul Merrell

ICREACH: How the NSA Built Its Own Secret Google -The Intercept - 0 views

firstlook.org/...ecret-google-crisscross-proton

surveillance state NSA ICREACH mustread

shared by Paul Merrell on 26 Aug 14 - No Cached
  • The National Security Agency is secretly providing data to nearly two dozen U.S. government agencies with a “Google-like” search engine built to share more than 850 billion records about phone calls, emails, cellphone locations, and internet chats, according to classified documents obtained by The Intercept. The documents provide the first definitive evidence that the NSA has for years made massive amounts of surveillance data directly accessible to domestic law enforcement agencies. Planning documents for ICREACH, as the search engine is called, cite the Federal Bureau of Investigation and the Drug Enforcement Administration as key participants. ICREACH contains information on the private communications of foreigners and, it appears, millions of records on American citizens who have not been accused of any wrongdoing. Details about its existence are contained in the archive of materials provided to The Intercept by NSA whistleblower Edward Snowden. Earlier revelations sourced to the Snowden documents have exposed a multitude of NSA programs for collecting large volumes of communications. The NSA has acknowledged that it shares some of its collected data with domestic agencies like the FBI, but details about the method and scope of its sharing have remained shrouded in secrecy.
  • ICREACH has been accessible to more than 1,000 analysts at 23 U.S. government agencies that perform intelligence work, according to a 2010 memo. A planning document from 2007 lists the DEA, FBI, Central Intelligence Agency, and the Defense Intelligence Agency as core members. Information shared through ICREACH can be used to track people’s movements, map out their networks of associates, help predict future actions, and potentially reveal religious affiliations or political beliefs. The creation of ICREACH represented a landmark moment in the history of classified U.S. government surveillance, according to the NSA documents.
  • Documents published with this article: CIA Colleagues Enthusiastically Welcome NSA Training Sharing Communications Metadata Across the U.S. Intelligence Community CRISSCROSS/PROTON Point Paper Decision Memorandum for the DNI on ICREACH Metadata Sharing Memorandum Sharing SIGINT metadata on ICREACH Metadata Policy Conference ICREACH Wholesale Sharing Black Budget Extracts
  • Paul Merrell on 26 Aug 14
     
     The most important Snowden disclosure yet. It's a long, detailed article, but it's a must read. I couldn't highlight any more without highlighting the entire article. Read the whole thing soon or you're going to be late for the mob with pitchforks.  This is beyond outrageous. The integrity of our entire system of government is now at issue. 
Paul Merrell

Feds operated yet another secret metadata database until 2013 | Ars Technica - 0 views

arstechnica.com/...t-metadata-database-until-2013

surveillance state DEA phone-metadata litigation

shared by Paul Merrell on 18 Jan 15 - No Cached
  • In a new court filing, the Department of Justice revealed that it kept a secret database of telephone metadata—with one party in the United States and another abroad—that ended in 2013. The three-page partially-redacted affidavit from a top Drug Enforcement Agency (DEA) official, which was filed Thursday, explained that the database was authorized under a particular federal drug trafficking statute. The law allows the government to use "administrative subpoenas" to obtain business records and other "tangible things." The affidavit does not specify which countries records were included, but specifically does mention Iran. This database program appears to be wholly separate from the National Security Agency’s metadata program revealed by Edward Snowden, but it targets similar materials and is collected by a different agency. The Wall Street Journal, citing anonymous sources, reported Friday that this newly-revealed program began in the 1990s and was shut down in August 2013.
  • The criminal case involves an Iranian-American man named Shantia Hassanshahi, who is accused of violating the American trade embargo against Iran. His lawyer, Mir Saied Kashani, told Ars that the government has clearly abused its authority. "They’ve converted this from a war on drugs to a war on privacy," he said. "[Hassanshahi] is not accused of any drug crime but they used this drug enforcement information to gather information against him, that's contrary to the law, and we will revisit that. We will bring motions in the court and we will appeal if necessary." Neither the DEA nor the Department of Justice immediately responded to Ars' query as to whether this program is continuing under a different authority.
  • The story begins in 2011, when a Department of Homeland Security (DHS) agent received a tip about someone who might be in violation of American sanctions against Iran. The source provided an e-mail from an Iranian businessman, Manoucher Sheiki, who was involved in acquiring power grid equipment. A second Homeland Security agent, Joshua Akronowitz, wrote in a 2013 affidavit that he searched Sheiki’s Iranian phone number in this database, but declined to explain exactly what kind of database it was. Akronowitz found that the Iranian number came up exactly one time in the database, and was linked to an 818 number, based in Los Angeles County. That number turned out to be the Google Voice number of Hassanshahi. DHS then subpoenaed Google, and got Hassanshahi’s call log and later, metadata on his Gmail account. By early 2012, the agency found out that he was set to return to Los Angeles from Iran. At LAX Airport, customs agents seized his phone, laptop, thumb drives, camcorder, and SIM cards and sent them to Homeland Security. Last year, Kashani, Hassanshahi’s lawyer, argued that this evidence should be suppressed on account that it was the "fruit of the poisonous tree"—obtained via illicit means. In support of his arguments, Kashani cited an important ongoing NSA-related lawsuit, Klayman v. Obama, which remains the only instance where a judge has order the NSA metadata program to be shut down—that order was stayed pending an appeal. (Earlier this month, Ars explored Klayman and other pending notable surveillance cases.)
  • ...3 more annotations...
  • In a December 2014 opinion in the Hassanshahi case, US District Judge Rudolph Contreras allowed the evidence, but also required that the government provide a "declaration summarizing the contours of the law enforcement database used by Homeland Security Investigations to discover Hassanshahi’s phone number, including any limitations on how and when the database may be used." To comply with the judge’s order, Robert Patterson, the assistant special agent in charge of the DEA, wrote in the Thursday filing: As noted, this database was a federal law enforcement database. It could be used to query a telephone number where federal law enforcement officials had a reasonable articulable suspicion that the telephone number at issue was related to an ongoing federal criminal investigation. The Iranian number was determined to meet this standard based on specific information indicating that the Iranian number was being used for the purpose of importing technological goods to Iran in violation of United States law. Previously, the government had not revealed exactly how it began its investigation of Hassanshahi, and only referred cryptically to "[DHS]-accessible law enforcement databases," in Akronowitz’ 2013 and  2014 affidavits.
  • Similarly, other privacy-minded legal experts questioned the government’s tactics in this new revelation. "We just don’t know about the scope of these things, and that’s what’s disturbing," Andrew Crocker, a legal fellow at the Electronic Frontier Foundation, told Ars. His colleague, Hanni Fakhoury, an EFF attorney who used to be a federal public defender, added that he was "not surprised." "Bulk surveillance technologies and the dangerous legal theories that are used to support them trickle down, and here's a prime example of that," he wrote by e-mail. "The DEA's mandate is of course important but not at the level of national security where as you know there are serious legal questions about the propriety of this collection of phone metadata. And if the DEA has a program like this, it wouldn't surprise me if other agencies do too for other sorts of records the government has claimed it can collect with a subpoena (like bank records)."
  • Patrick Toomey, an attorney with the American Civil Liberties Union, chimed in to say that this indeed was a clear example of government overreach. "This disclosure underscores how the government has expanded its use of bulk collection far beyond the NSA and the national-security context, to rely on mass surveillance in ordinary criminal investigations," he said by e-mail. "It’s now clear that multiple government agencies have tracked the calls that Americans make to their parents and relatives, friends, and business associates overseas, all without any suspicion of wrongdoing," Toomey continued. "The DEA program shows yet again how strained and untenable legal theories have been used to secretly justify the surveillance of millions of innocent Americans using laws that were never written for that purpose."
  • Paul Merrell on 18 Jan 15
     
    The authorizing statute clearly limits the scope of the administrative subpoena authority to drug related criminal investigations. "In any investigation relating to his functions under this subchapter with respect to controlled substances, listed chemicals, tableting machines, or encapsulating machines, the Attorney General may subpena witnesses, compel the attendance and testimony of witnesses, and require the production of any records (including books, papers, documents, and other tangible things which constitute or contain evidence) which the Attorney General finds relevant or material to the investigation."
Paul Merrell

Forget Metadata ... The NSA Is Spying On EVERYTHING Washington's Blog - 0 views

www.washingtonsblog.com/...ata-nsa-spying-everything.html

surveillance state NSA NSA-targets must-read

shared by Paul Merrell on 08 Feb 14 - No Cached
  • The NSA’s spying on everyone’s metadata can tell them just about everything about us … and it violates our Constitutional right to freedom of association. But people are getting distracted from the big picture by focusing on metadata. As security expert Bruce Schneier wrote yesterday: What frustrates me about all of this — [the Privacy and Civil Liberties Oversight Board] report, the president’s speech, and so many other things — is that they focus on the bulk collection of cell phone call records. There’s so much more bulk collection going on — phone calls, e-mails, address books, buddy lists, text messages, cell phone location data, financial documents, calendars, [smartphone apps] etc. — and we really need legislation and court opinions on it all. But because cell phone call records were the first disclosure, they’re what gets the attention. Indeed, Schneier confirmed last October what we’ve been saying for years … don’t get too distracted by the details, because the government is spying on everything:
  • Honestly, I think the details matter less and less. We have to assume that the NSA has EVERYONE who uses electronic communications under CONSTANT surveillance. New details about hows and whys will continue to emerge …but the big picture will remain the same. He’s right. As just one example, there is substantial evidence from top NSA and FBI whistleblowers that the government is recording the content of our calls and emails … word-for-word. So what should we make of the government’s denials that it records content? Given that the government has been caught lying about spying again and again, I’m not sure how much weight we should give to such denials. NSA whistleblower Russ Tice notes: They’re collecting content … word-for-word. *** You can’t trust these people. They lie, and they lie a lot.
  • Paul Merrell on 08 Feb 14
     
    Personally, I don't think the focus is on metadata because it was the first target exposed. I see it more as a propaganda weapon to divert attention from the other NSA targets.  In any event, this page offers a very comprehensive list of the types of data the NSA is collecting, with links to further information on each type.
Paul Merrell

EU high court strikes down metadata collection law | Ars Technica - 0 views

arstechnica.com/...s-down-metadata-collection-law

surveillance state E.U. law data-retention digital-privacy litigation

shared by Paul Merrell on 09 Apr 14 - No Cached
  • While the United States continues to debate metadata collection conducted in secret by the National Security Agency, the European Union has been openly collecting the same sort of data for eight years. In the wake of terrorist attacks in Madrid (2004) and London (2005), the European Union passed a directive in 2006 requiring that all telecommunications providers retain all kinds of telephone and Internet metadata for at least six months and provide it to law enforcement upon request. According to a ruling handed down Tuesday by the European Court of Justice, that directive is now invalid. The case was brought by activists at Digital Rights Ireland and the Austrian Working Group on Data Retention. The two organizations had challenged the law as it had been imposed in their respective countries.
  • While the United States continues to debate metadata collection conducted in secret by the National Security Agency, the European Union has been openly collecting the same sort of data for eight years. In the wake of terrorist attacks in Madrid (2004) and London (2005), the European Union passed a directive in 2006 requiring that all telecommunications providers retain all kinds of telephone and Internet metadata for at least six months and provide it to law enforcement upon request. According to a ruling handed down Tuesday by the European Court of Justice, that directive is now invalid. The case was brought by activists at Digital Rights Ireland and the Austrian Working Group on Data Retention. The two organizations had challenged the law as it had been imposed in their respective countries.
  • The European judges concluded: The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data. Furthermore, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the persons concerned a feeling that their private lives are the subject of constant surveillance. . . . Although the retention of data required by the directive may be considered to be appropriate for attaining the objective pursued by it, the wide-ranging and particularly serious interference of the directive with the fundamental rights at issue is not sufficiently circumscribed to ensure that that interference is actually limited to what is strictly necessary.
Paul Merrell

Feds confirm Bush-era e-mail surveillance - POLITICO.com - 0 views

www.politico.com/...email-surveillance-185283.html

surveillance state NSA Bush-II email digital-privacy

shared by Paul Merrell on 20 Mar 14 - No Cached
  • The U.S. government has acknowledged that it swept up huge volumes of data from emails in the U.S. for several years without any court approval, based solely on the orders of former President George W. Bush. In a court filings on Monday, government lawyers said that the Internet program ran in parallel with a program gathering so-called metadata about telephone calls. The counterterrorism efforts operated under presidential authority before a judge approved them in July 2004, said a 2007 court filing made public Monday by the Justice Department (and posted here.)
  • "After the 9/11 attacks and pursuant to an authorization of the President, [redacted] the NSA [redacted] the bulk collection of non-content information about  telephone calls and Internet communications (hereafter 'metadata') activities that enable the NSA to uncover the contacts [redacted] of members or agents of al Qaeda or affiliated terrorist organizations," a senior NSA official wrote in an October 2007 declaration originally filed under seal as part of an effort to defeat litigation about the snooping Bush ordered. "Specifically, the President authorized the the NSA to collect metadata related to Internet communications for the purpose of conducting targeted analysis to track Al Qaeda-related networks. Internet metadata is header/router/addressing information, such as the 'to,' 'from,' 'cc,' and 'bcc' lines, as opposed to the body or 're' lines, of a standard e-mail. Since July 2004, the collection of Internet metadata has been conducted pursuant to an Order of the Foreign Intelligence Surveillance Court," the still-unidentified official from NSA's Signals Intelligence Directorate continued. The email program was effectively public since June of last year, after contractor Edward Snowden leaked a top-secret National Security Agency inspector general report that described the program.
  • FISC Judge Colleen Kollar-Kotelly's opinion approving the surveillance was officially released in November 2013. However, the date she issued it was redacted. Many surmised that her opinion followed a dust-up in March 2004, when then-Deputy Attorney General James Comey questioned the legality of some aspect of Bush's post-9/11 surveillance programs and refused to reauthorize that portion of the surveillance. Comey's refusal is said to have put the program into turmoil for a period of months, until officials sought and won the order from Kollar-Kotelly blessing the gathering of both the email and telephone metadata. The publicly released version of Kollar-Kotelly's opinion does not discuss the operation of the program during the period before the application for court approval. The filings Monday came in continuing legal wrangling over obligations pending lawsuits may create for the NSA to hang on to aging metadata that it would ordinarily have been required to erase under FISC orders. A federal judge in San Francisco has required that the NSA preserve that data, at least for now, rather than erasing it.
Paul Merrell

NSA Will Destroy Archived Metadata When Program Stops - 0 views

firstlook.org/...rchived-metadata-program-stops

surveillance state telephone-metadata purge pending-litigation

shared by Paul Merrell on 28 Jul 15 - No Cached
  • Four months from now, at the same time that the National Security Agency finally abandons the massive domestic telephone dragnet exposed by whistleblower Edward Snowden, it will also stop perusing the vast archive of data collected by the program. The NSA announced on Monday that it will expunge all the telephone metadata it previously swept up, citing Section 215 of the U.S.A Patriot Act. The program was ruled illegal by a federal appeals court in May. In June, Congress voted to end the program, but gave the NSA until the end of November to phase it out. The historical metadata —  records of American phone calls showing who called who, when, and for how long — will be put out of the reach of analysts on November 29, although technical personnel will have access for three more months. The program started 14 years ago, and operated under rules requiring data be retained for five years, and then destroyed.
  • The only possible hold-up, ironically, would be if any of the civil lawsuits prompted by the program prohibit the destruction of the data. “The telephony metadata” will be “preserved solely because of preservation obligations in pending civil litigation,” the Office of the Director of National Intelligence announced. “As soon as possible, NSA will destroy the Section 215 bulk telephony metadata upon expiration of its litigation preservation obligations.” ACLU staff attorney Alex Abdo told The Intercept his organization is “pleased that the NSA intends to purge the call records it has collected illegally.” But, he added: “Even with today’s pledge, the devil may be in the details.”
Paul Merrell

Why AT&T's Surveillance Report Omits 80 Million NSA Targets | Threat Level | Wired.com - 0 views

www.wired.com/...ma-bell-non-transparency

surveillance state NSA transparency Obama AT&T

shared by Paul Merrell on 24 Feb 14 - No Cached
  • AT&T this week released for the first time in the phone company’s 140-year history a rough accounting of how often the U.S. government secretly demands records on telephone customers. But to those who’ve been following the National Security Agency leaks, Ma Bell’s numbers come up short by more than 80 million spied-upon Americans. AT&T’s transparency report counts 301,816 total requests for information — spread between subpoenas, court orders and search warrants — in 2013. That includes between 2,000 and 4,000 under the category “national security demands,” which collectively gathered information on about 39,000 to 42,000 different accounts. There was a time when that number would have seemed high. Today, it’s suspiciously low, given the disclosures by whistleblower Edward Snowden about the NSA’s bulk metadata program. We now know that the secretive Foreign Intelligence Surveillance Court is ordering the major telecoms to provide the NSA a firehose of metadata covering every phone call that crosses their networks. An accurate transparency report should include a line indicating that AT&T has turned over information on each and every one of its more than 80 million-plus customers. It doesn’t.
  • That’s particularly ironic, given that it was Snowden’s revelations about this so-called “Section 215″ metadata spying that paved the way for the transparency report. In Snowden’s wake, technology companies pushed President Barack Obama to craft new rules allowing them to be more transparent about how much customer data they’re forced to provide the NSA and other agencies. In a Jan. 17 globally televised speech, Obama finally agreed. We will also enable communications providers to make public more information than ever before about the orders they have received to provide data to the government. But when the new transparency guidelines came out on Jan. 27, the language left it unclear whether discussing bulk collection was allowed, says Alex Abdo, an American Civil Liberties Union staff attorney. AT&T on Monday became the first phone company to release a transparency report under the new rules, and the results seem to confirm that the metadata collection is still meant to stay secret. “This transparency report confirmed our fear that the DOJ’s apparent concession was carefully crafted to prevent real transparency,” Abdo says. “If they want real transparency, they would allow the disclosure of the bulk telephone metadata program.”
  • The guidelines allow for the disclosure, in chunks of 1,000, of “the number of customer selectors [phone numbers] targeted under FISA non-content orders.” Since the bulk metadata collection doesn’t “target” any “selectors” it is, by definition, not subject to disclosure. This loophole is no accident of phrasing. In other sections of the guidelines covering National Security Letters — a type of subpoena that doesn’t require a judge’s signature — Obama allows disclosure of the “number of customer accounts affected.” If the guidelines used that same language for the FISA disclosures, AT&T’s transparency report would presumably disclose that more than 80 million customers — that would be all of AT&T’s customers — had been spied upon. The end result, observes Kevin Bankston, the policy director of the New America Foundation’s Open Technology Institute, is that Obama’s so-called reform has spawned a misleading report that provides false comfort to AT&T customers — and all Americans.
Paul Merrell

Researchers Connect 91% of Numbers With Names In Metadata Probe - Slashdot - 0 views

yro.slashdot.org/...s-with-names-in-metadata-probe

NSA NSA-targets metadata names lies

shared by Paul Merrell on 24 Dec 13 - No Cached
  • "One of the key tenets of the argument that the National Security Agency and some lawmakers have constructed to justify the agency's collection of phone metadata is that the information it's collecting, such as phone numbers and length of call, can't be tied to the callers' names. However, some quick investigation by some researchers at Stanford University who have been collecting information voluntarily from Android users found that they could correlate numbers to names with very little effort. The Stanford researchers recently started a program called Metaphone that gathers data from volunteers with Android phones. They collect data such as recent phone calls and text messages and social network information. The goal of the project, which is the work of the Stanford Security Lab, is to draw some lines connecting metadata and surveillance. As part of the project, the researchers decided to select a random set of 5,000 numbers from their data and see whether they could connect any of them to subscriber names using just freely available Web tools. The result: They found names for 27 percent of the numbers using just Google, Yelp, Facebook and Google Places. Using some other online tools, they connected 91 of 100 numbers with names."
Gary Edwards

XKeyscore: NSA tool collects 'nearly everything a user does on the internet' | World ne... - 1 views

www.theguardian.com/...top-secret-program-online-data

Edward-Snowden Glenn-Greenwald NSA NSA-Patriot-Act-NDAA NSA-Whistleblower

shared by Gary Edwards on 01 Aug 13 - No Cached
  • The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight.
  • The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10
  • "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email".
  • ...23 more annotations...
  • US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do."
  • But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed.
  • XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata.
  • Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity.
  • Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets.
  • But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.
  • One training slide illustrates the digital activity constantly being collected by XKeyscore and the analyst's ability to query the databases at any time.
  • The purpose of XKeyscore is to allow analysts to search the metadata as well as the content of emails and other internet activity, such as browser history, even when there is no known email account (a "selector" in NSA parlance) associated with the individual being targeted.
  • Analysts can also search by name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.
  • One document notes that this is because "strong selection [search by email address] itself gives us only a very limited capability" because "a large amount of time spent on the web is performing actions that are anonymous."
  • Email monitoring
  • One top-secret document describes how the program "searches within bodies of emails, webpages and documents", including the "To, From, CC, BCC lines" and the 'Contact Us' pages on websites".
  • To search for emails, an analyst using XKS enters the individual's email address into a simple online search form, along with the "justification" for the search and the time period for which the emails are sought.
  • One document, a top secret 2010 guide describing the training received by NSA analysts for general surveillance under the Fisa Amendments Act of 2008, explains that analysts can begin surveillance on anyone by clicking a few simple pull-down menus designed to provide both legal and targeting justifications.
  • Once options on the pull-down menus are selected, their target is marked for electronic surveillance and the analyst is able to review the content of their communications:
  • Chats, browsing history and other internet activity
  • Beyond emails, the XKeyscore system allows analysts to monitor a virtually unlimited array of other internet activities, including those within social media.
  • An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using XKeyscore to read the content of Facebook chats or private messages.
  • The XKeyscore program also allows an analyst to learn the IP addresses of every person who visits any website the analyst specifies.
  • The quantity of communications accessible through programs such as XKeyscore is staggeringly large. One NSA report from 2007 estimated that there were 850bn "call events" collected and stored in the NSA databases, and close to 150bn internet records. Each day, the document says, 1-2bn records were added.
  • William Binney, a former NSA mathematician, said last year that the agency had "assembled on the order of 20tn transactions about US citizens with other US citizens", an estimate, he said, that "only was involving phone calls and emails". A 2010 Washington Post article reported that "every day, collection systems at the [NSA] intercept and store 1.7bn emails, phone calls and other type of communications."
  • The ACLU's deputy legal director, Jameel Jaffer, told the Guardian last month that national security officials expressly said that a primary purpose of the new law was to enable them to collect large amounts of Americans' communications without individualized warrants.
  • "The government doesn't need to 'target' Americans in order to collect huge volumes of their communications," said Jaffer. "The government inevitably sweeps up the communications of many Americans" when targeting foreign nationals for surveillance.
  • Gary Edwards on 01 Aug 13
     
    "One presentation claims the XKeyscore program covers 'nearly everything a typical user does on the internet' ................................................................. A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden. The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet. The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight. The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10. "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email". US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do." But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks - what the agency calls Digital Network Intelligence (DNI). One
  • Paul Merrell on 02 Aug 13
     
    "But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. " Note in that regard that Snowden said in an earlier interview that use of this system rarely was audited and that when audited, the most common request if changes were requested was to beef up the justification for the search. The XScore system puts the lie to just about everything the Administration has claimed about intense oversight by all three branches of federal government and about not reading emails or listening to (Skype) phone calls. The lies keep stacking up in an ever-deepening pile.
Paul Merrell

The NSA says it 'obviously' can track locations without a warrant. That's not so obvious. - 0 views

www.washingtonpost.com/...a-warrant-thats-not-so-obvious

surveillance state NSA NSA-targets location-data constitutional law

shared by Paul Merrell on 05 Dec 13 - No Cached
  • In conversations with The Washington Post over Barton Gellman and Ashkan Soltani's recent story on cellphone location tracking, an intelligence agency lawyer told Gellman, "obviously there is no Fourth Amendment expectation in communications metadata.” But some experts say it's far from obvious that the 1979 Supreme Court case on which the administration bases this view gives the government unfettered power to scoop up Americans' cellphone location data.
  • And there's some reason to believe that a majority of the current Supreme Court justices might agree with her on the location data aspect of metadata. The most recent Supreme Court case involving location tracking, United States v. Jones was settled on narrow trespassing grounds in 2012. But five Supreme Court justices signed on to concurring opinions that questioned whether Smith v. Maryland holds up in the face of modern technology.  An opinion concurring in judgment with the Jones decision written by Justice Samuel Alito, and joined by Justices Ruth Bader Ginsburg, Stephen Breyer and Elena Kagan specifically noted the prevalence of smartphones and argued that "the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy."
  • A separate concurring opinion from a fifth justice, Sonia Sotomayor made many of the same arguments, saying "fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties" -- and even went further by arguing that "awareness that the Government may be watching chills associational and expressive freedoms."
  • Paul Merrell on 05 Dec 13
     
    A Supreme Court majority also specifically reserved judgment on whether the principles of Smith v. Maryland would apply in cases involving dragnet surveillance, specifically referring to Smith, in the case of Amnesty International v. Clapper, last year. Both Amnesty Int'l  and Jones were decided before revelations of widespread NSA surveillance broke beginning in June, 2013. Since then, the mood of the nation has changed enormously, from ignorant to informed and mostly objecting.  That factor will weigh heavily in the Supreme Court's inevitable decision on whether dragnet seizure of call metadata is constitutional.   So it takes some chutzpah for government lawyers to claim that Smith v. Maryland authorized warrantless gathering of telephone metadata in the dragnet context where no single person is suspected of a crime. The Supreme Court has never so held. At stake: whether we become an Orwellian state.
1 - 20 of 181 Next › Last »
Showing 20 items per page