Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged network

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Core Secrets: NSA Saboteurs in China and Germany - The Intercept - 0 views

firstlook.org/...core-secrets

surveillance state NSA HUMINT China Germany South-Korea

shared by Paul Merrell on 11 Oct 14 - No Cached
  • The National Security Agency has had agents in China, Germany, and South Korea working on programs that use “physical subversion” to infiltrate and compromise networks and devices, according to documents obtained by The Intercept. The documents, leaked by NSA whistleblower Edward Snowden, also indicate that the agency has used “under cover” operatives to gain access to sensitive data and systems in the global communications industry, and that these secret agents may have even dealt with American firms. The documents describe a range of clandestine field activities that are among the agency’s “core secrets” when it comes to computer network attacks, details of which are apparently shared with only a small number of officials outside the NSA.
  • with vast amounts of customer data, including phone records and email traffic. But documents published today by The Intercept suggest that even as the agency uses secret operatives to penetrate them, companies have also cooperated more broadly to undermine the physical infrastructure of the internet than has been previously confirmed. In addition to so-called “close access” operations, the NSA’s “core secrets” include the fact that the agency works with U.S. and foreign companies to weaken their encryption systems; the fact that the NSA spends “hundreds of millions of dollars” on technology to defeat commercial encryption; and the fact that the agency works with U.S. and foreign companies to penetrate computer networks, possibly without the knowledge of the host countries. Many of the NSA’s core secrets concern its relationships to domestic and foreign corporations.
  • Sentry Eagle includes six programs: Sentry Hawk (for activities involving computer network exploitation, or spying), Sentry Falcon (computer network defense), Sentry Osprey (cooperation with the CIA and other intelligence agencies), Sentry Raven (breaking encryption systems), Sentry Condor (computer network operations and attacks), and Sentry Owl (collaborations with private companies). Though marked as a draft from 2004, it refers to the various programs in language indicating that they were ongoing at the time, and later documents in the Snowden archive confirm that some of the activities were going on as recently as 2012.
  • ...3 more annotations...
  • The agency’s core secrets are outlined in a 13-page “brief sheet” about Sentry Eagle, an umbrella term that the NSA used to encompass its most sensitive programs “to protect America’s cyberspace.” “You are being indoctrinated on Sentry Eagle,” the 2004 document begins, before going on to list the most highly classified aspects of its various programs. It warns that the details of the Sentry Eagle programs are to be shared with only a “limited number” of people, and even then only with the approval of one of a handful of senior intelligence officials, including the NSA director. “The facts contained in this program constitute a combination of the greatest number of highly sensitive facts related to NSA/CSS’s overall cryptologic mission,” the briefing document states. “Unauthorized disclosure…will cause exceptionally grave damage to U.S. national security. The loss of this information could critically compromise highly sensitive cryptologic U.S. and foreign relationships, multi-year past and future NSA investments, and the ability to exploit foreign adversary cyberspace while protecting U.S. cyberspace.”
  • The most controversial revelation in Sentry Eagle might be a fleeting reference to the NSA infiltrating clandestine agents into “commercial entities.” The briefing document states that among Sentry Eagle’s most closely guarded components are “facts related to NSA personnel (under cover), operational meetings, specific operations, specific technology, specific locations and covert communications related to SIGINT enabling with specific commercial entities (A/B/C).” It is not clear whether these “commercial entities” are American or foreign or both. Generally the placeholder “(A/B/C)” is used in the briefing document to refer to American companies, though on one occasion it refers to both American and foreign companies. Foreign companies are referred to with the placeholder “(M/N/O).” The NSA refused to provide any clarification to The Intercept.
  • Documents: Sentry Eagle Brief Sheet (13 pages) TAREX Classification Guide (7 pages) Exceptionally Controlled Information Listing (6 pages) ECI WHIPGENIE Classification Guide (7 pages) ECI Pawleys Classification Guide (4 pages) ECI Compartments (4 pages) CNO Core Secrets Slide Slices (10 pages) CNO Core Secrets Security Structure (3 pages) Computer Network Exploitation Classification Guide (8 pages) CNO Core Secrets (7 pages)
Paul Merrell

Report: Verizon Claimed Public Utility Status To Get Government Perks - Slashdot - 0 views

news.slashdot.org/...status-to-get-government-perks

net-neutrality FCC Verizon banksters

shared by Paul Merrell on 29 May 14 - No Cached
  • Research for the Public Utility Law Project (PULP) has been released which details 'how Verizon deliberately moves back and forth between regulatory regimes, classifying its infrastructure either like a heavily regulated telephone network or a deregulated information service depending on its needs. The chicanery has allowed Verizon to raise telephone rates, all the while missing commitments for high-speed internet deployment' (PDF). In short, Verizon pushed for the government to give it common carrier privileges under Title II in order to build out its fiber network with tax-payer money. Result: increased service rates on telephone users to subsidize Verizon's 'infrastructure investment.' When it comes to regulations on Verizon's fiber network, however, Verizon has been pushing the government to classify its services as that of information only — i.e., beyond Title II. Verizon has made about $4.4 billion in additional revenue in New York City alone, 'money that's funneled directly from a Title II service to an array of services that currently lie beyond Title II's reach.' And it's all legal. An attorney at advocacy group Public Knowledge said it best: 'To expect that you can come in and use public infrastructure and funds to build a network and then be free of any regulation is absurd....When Verizon itself is describing these activities as a Title II common carrier, how can the FCC look at broadband internet and continue acting as though it's not a telecommunication network?'"
  • Paul Merrell on 29 May 14
     
    Let's also not forget that what is now named "Verizon" used to be named Bell Atlantic, one of the seven Baby Bells that were spun off by AT&T by government order during antitrust proceedings.  In other words, this is one of the companies rate-payers financed through a heavily-regulated analog telephony absolute monopoly. But Verizon wants to spread its wings and escape the chains of regulation as a telecommunications carrier. While having its cake and eating it to, according to this article. The FCC has poised itself through a proposed rule with the flexibility to postpone a decision on net neutrality.  AT&T famously was allowed to keep its R&D arm while being freed of the expense of upgrading the U.S. telephony network from analog to digital and from copper wire to fibre optic.  And pay for those Baby Bells to make that transition we did. I remember monthly bills for a two person office running as high as $1,100 a month for calls all carried from Baby Bell to AT&T and back to another Baby Bell. All at state-regulated rates with FCC looking the other way. But now Verizon, Comcast (the originally munipally regulated cable television monopolies) and the few other "competing" survivors of that broadband rollout, having had their infrastructure paid for by the ratepayers, want to fly off and begin charging us at the other end of the pipe,via charges to content providers that will be passed on to us. Leading to the squeezing out of Mom and Pop internet businesses by the big content providers that can afford the charges and pass them on to us. This is looking more and more like another massive rip-off of the customers who already paid for that infrasture. Is that banksters I smell, privatizing a enormous public utility in the name of free markets?      
Paul Merrell

ECHELON: NSA's Global Electronic Interception - 0 views

web.archive.org/...echelon-dc.htm

surveillance state NSA ECHELON Five-Eyes Duncan-Campbell NSA-history

shared by Paul Merrell on 24 Oct 14 - No Cached
  • 12 August 1988  Cover, pages 10-12   Somebody's  listening  . . . and they don't give a damn about personal privacy or commercial confidence. Project 415 is a top-secret new global surveillance system. It can tap into a billion calls a year in the UK alone. Inside Duncan Campbell on how spying entered the 21st century . . .  They've got it taped In the booming surveillance industry they spy on whom they wish, when they wish, protected by barriers of secrecy, fortified by billions of pounds worth of high, high technology. Duncan Campbell reports from the United States on the secret Anglo-American plan for a global electronic spy system for the 21st century capable of listening in to most of us most of the time   American, British and Allied intelligence agencies are soon to embark on a massive, billion-dollar expansion of their global electronic surveillance system. According to information given recently in secret to the US Congress, the surveillance system will enable the agencies to monitor and analyse civilian communications into the 21st century. Identified for the moment as Project P415, the system will be run by the US National Security Agency (NSA). But the intelligence agencies of many other countries will be closely involved with the new network, including those from Britain, Australia, Germany and Japan--and, surprisingly, the People's Republic of China. New satellite stations and monitoring centres are to be built around the world, and a chain of new satellites launched, so that NSA and its British counterpart, the Government Communications Headquarters (GCHQ) at Cheltenham, may keep abreast of the burgeoning international telecommunications traffic.
  • Both the new and existing surveillance systems are highly computerised. They rely on near total interception of international commercial and satellite communications in order to locate the telephone or other messages of target individuals. Last month, a US newspaper, the Cleveland Plain Dealer, revealed that the system had been used to target the telephone calls of a US Senator, Strom Thurmond. The fact that Thurmond, a southern Republican and usually a staunch supporter of the Reagan administration, is said to have been a target has raised fears that the NSA has restored domestic, electronic, surveillance programmes. These were originally exposed and criticised during the Watergate investigations, and their closure ordered by President Carter. After talking to the NSA, Thurmond later told the Plain Dealer that he did not believe the allegation. But Thurmond, a right-wing Republican, may have been unwilling to rock the boat. Staff members of the Permanent Select Committee on Intelligence said that staff were "digging into it" despite the "stratospheric security classification" of all the systems involved. The Congressional officials were first told of the Thurmond interception by a former employee of the Lockheed Space and Missiles Corporation, Margaret Newsham, who now lives in Sunnyvale, California. Newsham had originally given separate testimony and filed a lawsuit concerning corruption and mis-spending on other US government "black" projects. She has worked in the US and Britain for two corporations which manufacture signal intelligence computers, satellites and interception equipment for NSA, Ford Aerospace and Lockheed. Citing a special Executive Order signed by President Reagan. she told me last month that she could not and would not discuss classified information with journalists. But according to Washington sources (and the report in the Plain Dealer, she informed a US Congressman that the Thurmond interception took place at Menwith Hill, and that she p
  • A secret listening agreement, called UKUSA (UK-USA), assigns parts of the globe to each participating agency. GCHQ at Cheltenham is the co-ordinating centre for Europe, Africa and the Soviet Union (west of the Ural Mountains). The NSA covers the rest of the Soviet Union and most of the Americas. Australia--where another station in the NSA listening network is located in the outback--co-ordinates the electronic monitoring of the South Pacific, and South East Asia.
  • ...6 more annotations...
  • During the Watergate affair. it was revealed that NSA, in collaboration with GCHQ, had routinely intercepted the international communications of prominent anti-Vietnam war leaders such as Jane Fonda and Dr Benjamin Spock. Another target was former Black Panther leader Eldridge Cleaver. Then in the late 1970s, it was revealed that President Carter had ordered NSA to stop obtaining "back door" intelligence about US political figures through swapping intelligence data with GCHQ Cheltenham.
  • ince then, investigators have subpoenaed other witnesses and asked them to provide the complete plans and manuals of the ECHELON system and related projects. The plans and blueprints are said to show that targeting of US political figures would not occur by accident. but was designed into the system from the start. While working at Menwith Hill, Newsham is reported to have said that she was able to listen through earphones to telephone calls being monitored at the base. Other conversations that she heard were in Russian. After leaving Menwith Hill, she continued to have access to full details of Menwith Hill operations from a position as software manager for more than a dozen VAX computers at Menwith which operate the ECHELON system. Newsham refused last month to discuss classified details of her career, except with cleared Congressional officials. But it has been publicly acknowledged that she worked on a large range of so-called "black" US intelligence programmes, whose funds are concealed inside the costs of other defence projects. She was fired from Lockheed four years ago after complaining about the corruption, and sexual harassment.
  • he largest overseas station in the Project P415 network is the US satellite and communications base at Menwith Hill. near Harrogate in Yorkshire. It is run undercover by the NSA and taps into all Britain's main national and international communications networks (New Statesman, 7 August 1980). Although high technology stations such as Menwith Hill are primarily intended to monitor international communications, according to US experts their capability can be, and has been, turned inwards on domestic traffic. Menwith Hill, in particular, has been accused by a former employee of gross corruption and the monitoring of domestic calls. The vast international global eavesdropping network has existed since shortly after the second world war, when the US, Britain, Canada, Australia and New Zealand signed a secret agreement on signals intelligence, or "sigint". It was anticipated, correctly, that electronic monitoring of communications signals would continue to be the largest and most important form of post-war secret intelligence, as it had been through the war. Although it is impossible for analysts to listen to all but a small fraction of the billions of telephone calls, and other signals which might contain "significant" information, a network of monitoring stations in Britain and elsewhere is able to tap all international and some domestic communications circuits, and sift out messages which sound interesting. Computers automatically analyse every telex message or data signal, and can also identify calls to, say, a target telephone number in London, no matter from which country they originate.
  • If Margaret Newsham's testimony is confirmed by the ongoing Congressional investigation, then the NSA has been behaving illegally under US law--unless it can prove either that Thurmond's call was intercepted completely accidentally, or that the highly patriotic Senator is actually a foreign spy or terrorist. Moreover NSA's international phone tapping operations from Menwith Hill and at Morwenstow, Cornwall, can only be legal in Britain if special warrants have been issued by the Secretary of State to specify that American intelligence agents are persons to whom information from intercepts must or should be given. This can not be established, since the government has always refused to publish any details of the targets or recipients of specific interception warrants.
  • Both British and American domestic communications are also being targeted and intercepted by the ECHELON network, the US investigators have been told. The agencies are alleged to have collaborated not only on targeting and interception, but also on the monitoring of domestic UK communications. Special teams from GCHQ Cheltenham have been flown in secretly in the last few years to a computer centre in Silicon Valley near San Francisco for training on the special computer systems that carry out both domestic and international interception.
  • The centre near San Francisco has also been used to train staff from the "Technical Department" of the People's Liberation Army General Staff, which is the Chinese version of GCHQ. The Department operates two ultra-secret joint US-Chinese listening stations in the Xinjiang Uighur Autonomous Region, close to the Soviet Siberian border. Allegedly, such surveillance systems are only used to target Soviet or Warsaw Pact communications signals, and those suspected of involvement in espionage and terrorism. But those involved in ECHELON have stressed to Congress that there are no formal controls over who may be targeted. And I have been told that junior intelligence staff can feed target names into the system at all levels, without any check on their authority to do so. Witnesses giving evidence to the Congressional inquiry have discussed whether the Democratic presidential contender Jesse Jackson was targeted; one source implied that he had been. Even test engineers from manufacturing companies are able to listen in on private citizens' communications, the inquiry was told. But because of the special Executive Order signed by President Reagan, US intelligence operatives who know about such politically sensitive operations face jail sentences if they speak out--despite the constitutional American protection of freedom of speech and of the press. And in Britain, as we know, the government is in the process of tightening the Official Secrets Act to make the publication of any information from intelligence officials automatically a crime, even if the information had already been published, or had appeared overseas first.
  • Paul Merrell on 24 Oct 14
     
    From the original series of ariticles * in 1988 * that first brought the Five Eyes' nation's ECHELON surveillance project to light. But note the paragarph about the disclosure during the Watergate scandal (early 1970s) about domestic digital surveillance of antiwar leaders and Black Panther leader Eldridge Cleaver.    
Gary Edwards

25 Facts That The Mainstream Media Doesn't Really Want To Talk About - BlackListedNews.com - 1 views

www.blacklistednews.com/...M.html

globalist-media Globalist Banksters mainstream-media

shared by Gary Edwards on 27 Dec 12 - No Cached
  • Gary Edwards on 27 Dec 12
     
    Excellent list!  Also check out "Who Owns the Media?" http://goo.gl/O18r excerpt: "For decades, the mainstream media in the United States was accustomed to being able to tell the American people what to think.  Unfortunately for them, a whole lot of Americans are starting to break free from that paradigm and think for themselves.  A Gallup survey from earlier this year found that 60 percent of all Americans "have little or no trust" in the mainstream media.  More people than ever are realizing that the mainstream media is giving them a very distorted version of "the truth" and they are increasingly seeking out alternative sources of information.  In the United States today, just six giant media corporationscontrol the mainstream media.  Those giant media corporations own television networks, cable channels, movie studios, radio stations, newspapers, magazines, publishing houses, music labels and even many prominent websites.  But now thanks to the Internet the mainstream media no longer has a complete monopoly on the news.  In recent years the "alternative media" has exploded in popularity.  People want to hear about the things that the mainstream media doesn't really want to talk about.  They want to hear news that is not filtered by corporate bosses and government censors.  They want "the truth" and they know that they are not getting it from the mainstream media. We are watching a media revolution happen, and many in the mainstream media are totally freaking out about it.  In fact, some in the mainstream media have even begun publishing articles that mock the American people for not trusting them. " Anyone that does not acknowledge that the mainstream media has an agenda is not being honest with themselves.  The mainstream media presents a view of the world that is very favorable to their big corporate owners and the big corporations that spend billions of dollars to advertise on their networks.  The mainstream media is the mo
Paul Merrell

Study: Network News Viewers at All-Time Low; Half under Age 30 Never Watch News | CNS News - 0 views

cnsnews.com/...-half-under-age-30-never-watch

polls mainstream-media presstitutes

shared by Paul Merrell on 11 Jan 14 - No Cached
  • Network news viewers are declining in unprecedented rates, from an average of 48 million nightly network news viewers in 1985 to 24.5 million in 2013, according to Pew Research analysis of Nielsen Media Research data. Young people aged 18-29 are the least likely to watch network news regularly (only 11 percent did so in 2012), and 49 percent of people in this age group say they never watch the news. In the survey, only 15 percent of people under 30 could identify NBC Nightly News Anchor Brian Williams.
  • In news consumption surveys conducted by the Pew Research Center, the share of Americans who regularly watch a nightly network news program – ABC, CBS, and NBC – has declined from 60 percent in 1993 (the earliest available measure) to just 27 percent in 2012. In a similar study by Times Mirror/Gallup in July 1985, 47 percent of Americans of all ages could identify Dan Rather, anchor of CBS Evening News. Today, seven in 10 (53 percent) could not identify the picture of Brian Williams, and 18 percent named someone else (two percent thought it was a picture of Vice President Joe Biden.) Americans aged 65 and older are still the largest segment of nightly news viewers, but their viewership has declined dramatically since 1993 “from 75% down to 40% in 2012,” the Pew study said.
  • Paul Merrell on 11 Jan 14
     
    I'd guess that this is the natural result of providing propaganda rather than truth-based news.
Paul Merrell

NSA Spied on Chinese Government and Networking Firm Huawei - SPIEGEL ONLINE - 0 views

www.spiegel.de/...king-firm-huawei-a-960199.html

surveillance state NSA China Huawei NSA-targets

shared by Paul Merrell on 23 Mar 14 - No Cached
  • According to documents viewed by SPIEGEL, America'a NSA intelligence agency put considerable efforts into spying on Chinese politicians and firms. One major target was Huawei, a company that is fast becoming a major Internet player.
  • The American government conducted a major intelligence offensive against China, with targets including the Chinese government and networking company Huawei, according to documents from former NSA worker Edward Snowden that have been viewed by SPIEGEL. Among the American intelligence service's targets were former Chinese President Hu Jintao, the Chinese Trade Ministry, banks, as well as telecommunications companies. But the NSA made a special effort to target Huawei. With 150,000 employees and €28 billion ($38.6 billion) in annual revenues, the company is the world's second largest network equipment supplier. At the beginning of 2009, the NSA began an extensive operation, referred to internally as "Shotgiant," against the company, which is considered a major competitor to US-based Cisco. The company produces smartphones and tablets, but also mobile phone infrastructure, WLAN routers and fiber optic cable -- the kind of technology that is decisive in the NSA's battle for data supremacy. A special unit with the US intelligence agency succeeded in infiltrating Huwaei's network and copied a list of 1,400 customers as well as internal documents providing training to engineers on the use of Huwaei products, among other things.
  • According to a top secret NSA presentation, NSA workers not only succeeded in accessing the email archive, but also the secret source code of individual Huwaei products. Software source code is the holy grail of computer companies. Because Huawei directed all mail traffic from its employees through a central office in Shenzhen, where the NSA had infiltrated the network, the Americans were able to read a large share of the email sent by company workers beginning in January 2009, including messages from company CEO Ren Zhengfei and Chairwoman Sun Yafang. "We currently have good access and so much data that we don't know what to do with it," states one internal document. As justification for targeting the company, an NSA document claims that "many of our targets communicate over Huawei produced products, we want to make sure that we know how to exploit these products." The agency also states concern that "Huawei's widespread infrastructure will provide the PRC (People's Republic of China) with SIGINT capabilities." SIGINT is agency jargon for signals intelligence. The documents do not state whether the agency found information indicating that to be the case.
  • ...2 more annotations...
  • The operation was conducted with the involvement of the White House intelligence coordinator and the FBI. One document states that the threat posed by Huawei is "unique". The agency also stated in a document that "the intelligence community structures are not suited for handling issues that combine economic, counterintelligence, military influence and telecommunications infrastructure from one entity."
  • Editor's note: A longer version of this story will appear in German in the issue of SPIEGEL to be published on Monday.
Gary Edwards

XKeyscore: NSA tool collects 'nearly everything a user does on the internet' | World ne... - 1 views

www.theguardian.com/...top-secret-program-online-data

Edward-Snowden Glenn-Greenwald NSA NSA-Patriot-Act-NDAA NSA-Whistleblower

shared by Gary Edwards on 01 Aug 13 - No Cached
  • The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight.
  • The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10
  • "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email".
  • ...23 more annotations...
  • US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do."
  • But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed.
  • XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata.
  • Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity.
  • Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets.
  • But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.
  • One training slide illustrates the digital activity constantly being collected by XKeyscore and the analyst's ability to query the databases at any time.
  • The purpose of XKeyscore is to allow analysts to search the metadata as well as the content of emails and other internet activity, such as browser history, even when there is no known email account (a "selector" in NSA parlance) associated with the individual being targeted.
  • Analysts can also search by name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.
  • One document notes that this is because "strong selection [search by email address] itself gives us only a very limited capability" because "a large amount of time spent on the web is performing actions that are anonymous."
  • Email monitoring
  • One top-secret document describes how the program "searches within bodies of emails, webpages and documents", including the "To, From, CC, BCC lines" and the 'Contact Us' pages on websites".
  • To search for emails, an analyst using XKS enters the individual's email address into a simple online search form, along with the "justification" for the search and the time period for which the emails are sought.
  • One document, a top secret 2010 guide describing the training received by NSA analysts for general surveillance under the Fisa Amendments Act of 2008, explains that analysts can begin surveillance on anyone by clicking a few simple pull-down menus designed to provide both legal and targeting justifications.
  • Once options on the pull-down menus are selected, their target is marked for electronic surveillance and the analyst is able to review the content of their communications:
  • Chats, browsing history and other internet activity
  • Beyond emails, the XKeyscore system allows analysts to monitor a virtually unlimited array of other internet activities, including those within social media.
  • An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using XKeyscore to read the content of Facebook chats or private messages.
  • The XKeyscore program also allows an analyst to learn the IP addresses of every person who visits any website the analyst specifies.
  • The quantity of communications accessible through programs such as XKeyscore is staggeringly large. One NSA report from 2007 estimated that there were 850bn "call events" collected and stored in the NSA databases, and close to 150bn internet records. Each day, the document says, 1-2bn records were added.
  • William Binney, a former NSA mathematician, said last year that the agency had "assembled on the order of 20tn transactions about US citizens with other US citizens", an estimate, he said, that "only was involving phone calls and emails". A 2010 Washington Post article reported that "every day, collection systems at the [NSA] intercept and store 1.7bn emails, phone calls and other type of communications."
  • The ACLU's deputy legal director, Jameel Jaffer, told the Guardian last month that national security officials expressly said that a primary purpose of the new law was to enable them to collect large amounts of Americans' communications without individualized warrants.
  • "The government doesn't need to 'target' Americans in order to collect huge volumes of their communications," said Jaffer. "The government inevitably sweeps up the communications of many Americans" when targeting foreign nationals for surveillance.
  • Gary Edwards on 01 Aug 13
     
    "One presentation claims the XKeyscore program covers 'nearly everything a typical user does on the internet' ................................................................. A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden. The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet. The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight. The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10. "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email". US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do." But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks - what the agency calls Digital Network Intelligence (DNI). One
  • Paul Merrell on 02 Aug 13
     
    "But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. " Note in that regard that Snowden said in an earlier interview that use of this system rarely was audited and that when audited, the most common request if changes were requested was to beef up the justification for the search. The XScore system puts the lie to just about everything the Administration has claimed about intense oversight by all three branches of federal government and about not reading emails or listening to (Skype) phone calls. The lies keep stacking up in an ever-deepening pile.
Paul Merrell

NSA infected 50,000 computer networks with malicious software - nrc.nl - 0 views

www.nrc.nl/...tworks-with-malicious-software

surveillance state NSA NSA-targets malware

shared by Paul Merrell on 25 Nov 13 - No Cached
  • The American intelligence service - NSA - infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information. Documents provided by former NSA-employee Edward Snowden and seen by this newspaper, prove this. A management presentation dating from 2012 explains how the NSA collects information worldwide. In addition, the presentation shows that the intelligence service uses ‘Computer Network Exploitation’ (CNE) in more than 50,000 locations. CNE is the secret infiltration of computer systems achieved by installing malware, malicious software. One example of this type of hacking was discovered in September 2013 at the Belgium telecom provider Belgacom. For a number of years the British intelligence service - GCHQ – has been installing this malicious software in the Belgacom network in order to tap their customers’ telephone and data traffic. The Belgacom network was infiltrated by GCHQ through a process of luring employees to a false Linkedin page.
  • The NSA computer attacks are performed by a special department called TAO (Tailored Access Operations). Public sources show that this department employs more than a thousand hackers. As recently as August 2013, the Washington Post published articles about these NSA-TAO cyber operations. In these articles The Washington Post reported that the NSA installed an estimated 20,000 ‘implants’ as early as 2008. These articles were based on a secret budget report of the American intelligence services. By mid-2012 this number had more than doubled to 50,000, as is shown in the presentation NRC Handelsblad laid eyes on.
  • Cyber operations are increasingly important for the NSA. Computer hacks are relatively inexpensive and provide the NSA with opportunities to obtain information that they otherwise would not have access to. The NSA-presentation shows their CNE-operations in countries such as Venezuela and Brazil. The malware installed in these countries can remain active for years without being detected.
  • ...1 more annotation...
  • The malware can be controlled remotely and be turned on and off at will. The ‘implants’ act as digital ‘sleeper cells’ that can be activated with a single push of a button. According to the Washington Post, the NSA has been carrying out this type of cyber operation since 1998.
  • Paul Merrell on 25 Nov 13
     
    Nice interactive graphic too. 
Paul Merrell

CURIA - Documents - 0 views

curia.europa.eu/...document.jsf

surveillance state EU Court-of-Justice data-retention data privacy

shared by Paul Merrell on 19 Jul 14 - No Cached
  • 37      It must be stated that the interference caused by Directive 2006/24 with the fundamental rights laid down in Articles 7 and 8 of the Charter is, as the Advocate General has also pointed out, in particular, in paragraphs 77 and 80 of his Opinion, wide-ranging, and it must be considered to be particularly serious. Furthermore, as the Advocate General has pointed out in paragraphs 52 and 72 of his Opinion, the fact that data are retained and subsequently used without the subscriber or registered user being informed is likely to generate in the minds of the persons concerned the feeling that their private lives are the subject of constant surveillance.
  • 43      In this respect, it is apparent from recital 7 in the preamble to Directive 2006/24 that, because of the significant growth in the possibilities afforded by electronic communications, the Justice and Home Affairs Council of 19 December 2002 concluded that data relating to the use of electronic communications are particularly important and therefore a valuable tool in the prevention of offences and the fight against crime, in particular organised crime. 44      It must therefore be held that the retention of data for the purpose of allowing the competent national authorities to have possible access to those data, as required by Directive 2006/24, genuinely satisfies an objective of general interest.45      In those circumstances, it is necessary to verify the proportionality of the interference found to exist.46      In that regard, according to the settled case-law of the Court, the principle of proportionality requires that acts of the EU institutions be appropriate for attaining the legitimate objectives pursued by the legislation at issue and do not exceed the limits of what is appropriate and necessary in order to achieve those objectives (see, to that effect, Case C‑343/09 Afton Chemical EU:C:2010:419, paragraph 45; Volker und Markus Schecke and Eifert EU:C:2010:662, paragraph 74; Cases C‑581/10 and C‑629/10 Nelson and Others EU:C:2012:657, paragraph 71; Case C‑283/11 Sky Österreich EU:C:2013:28, paragraph 50; and Case C‑101/12 Schaible EU:C:2013:661, paragraph 29).
  • 67      Article 7 of Directive 2006/24, read in conjunction with Article 4(1) of Directive 2002/58 and the second subparagraph of Article 17(1) of Directive 95/46, does not ensure that a particularly high level of protection and security is applied by those providers by means of technical and organisational measures, but permits those providers in particular to have regard to economic considerations when determining the level of security which they apply, as regards the costs of implementing security measures. In particular, Directive 2006/24 does not ensure the irreversible destruction of the data at the end of the data retention period.68      In the second place, it should be added that that directive does not require the data in question to be retained within the European Union, with the result that it cannot be held that the control, explicitly required by Article 8(3) of the Charter, by an independent authority of compliance with the requirements of protection and security, as referred to in the two previous paragraphs, is fully ensured. Such a control, carried out on the basis of EU law, is an essential component of the protection of individuals with regard to the processing of personal data (see, to that effect, Case C‑614/10 Commission v Austria EU:C:2012:631, paragraph 37).69      Having regard to all the foregoing considerations, it must be held that, by adopting Directive 2006/24, the EU legislature has exceeded the limits imposed by compliance with the principle of proportionality in the light of Articles 7, 8 and 52(1) of the Charter.
  • ...13 more annotations...
  • 58      Directive 2006/24 affects, in a comprehensive manner, all persons using electronic communications services, but without the persons whose data are retained being, even indirectly, in a situation which is liable to give rise to criminal prosecutions. It therefore applies even to persons for whom there is no evidence capable of suggesting that their conduct might have a link, even an indirect or remote one, with serious crime. Furthermore, it does not provide for any exception, with the result that it applies even to persons whose communications are subject, according to rules of national law, to the obligation of professional secrecy. 59      Moreover, whilst seeking to contribute to the fight against serious crime, Directive 2006/24 does not require any relationship between the data whose retention is provided for and a threat to public security and, in particular, it is not restricted to a retention in relation (i) to data pertaining to a particular time period and/or a particular geographical zone and/or to a circle of particular persons likely to be involved, in one way or another, in a serious crime, or (ii) to persons who could, for other reasons, contribute, by the retention of their data, to the prevention, detection or prosecution of serious offences.
  • 1        These requests for a preliminary ruling concern the validity of Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC (OJ 2006 L 105, p. 54).
  • Digital Rights Ireland Ltd (C‑293/12)vMinister for Communications, Marine and Natural Resources,Minister for Justice, Equality and Law Reform,Commissioner of the Garda Síochána,Ireland,The Attorney General,intervener:Irish Human Rights Commission, andKärntner Landesregierung (C‑594/12),Michael Seitlinger,Christof Tschohl and others,
  • JUDGMENT OF THE COURT (Grand Chamber)8 April 2014 (*)(Electronic communications — Directive 2006/24/EC — Publicly available electronic communications services or public communications networks services — Retention of data generated or processed in connection with the provision of such services — Validity — Articles 7, 8 and 11 of the Charter of Fundamental Rights of the European Union)In Joined Cases C‑293/12 and C‑594/12,
  • 34      As a result, the obligation imposed by Articles 3 and 6 of Directive 2006/24 on providers of publicly available electronic communications services or of public communications networks to retain, for a certain period, data relating to a person’s private life and to his communications, such as those referred to in Article 5 of the directive, constitutes in itself an interference with the rights guaranteed by Article 7 of the Charter. 35      Furthermore, the access of the competent national authorities to the data constitutes a further interference with that fundamental right (see, as regards Article 8 of the ECHR, Eur. Court H.R., Leander v. Sweden, 26 March 1987, § 48, Series A no 116; Rotaru v. Romania [GC], no. 28341/95, § 46, ECHR 2000-V; and Weber and Saravia v. Germany (dec.), no. 54934/00, § 79, ECHR 2006-XI). Accordingly, Articles 4 and 8 of Directive 2006/24 laying down rules relating to the access of the competent national authorities to the data also constitute an interference with the rights guaranteed by Article 7 of the Charter. 36      Likewise, Directive 2006/24 constitutes an interference with the fundamental right to the protection of personal data guaranteed by Article 8 of the Charter because it provides for the processing of personal data.
  • 65      It follows from the above that Directive 2006/24 does not lay down clear and precise rules governing the extent of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter. It must therefore be held that Directive 2006/24 entails a wide-ranging and particularly serious interference with those fundamental rights in the legal order of the EU, without such an interference being precisely circumscribed by provisions to ensure that it is actually limited to what is strictly necessary.66      Moreover, as far as concerns the rules relating to the security and protection of data retained by providers of publicly available electronic communications services or of public communications networks, it must be held that Directive 2006/24 does not provide for sufficient safeguards, as required by Article 8 of the Charter, to ensure effective protection of the data retained against the risk of abuse and against any unlawful access and use of that data. In the first place, Article 7 of Directive 2006/24 does not lay down rules which are specific and adapted to (i) the vast quantity of data whose retention is required by that directive, (ii) the sensitive nature of that data and (iii) the risk of unlawful access to that data, rules which would serve, in particular, to govern the protection and security of the data in question in a clear and strict manner in order to ensure their full integrity and confidentiality. Furthermore, a specific obligation on Member States to establish such rules has also not been laid down.
  • 60      Secondly, not only is there a general absence of limits in Directive 2006/24 but Directive 2006/24 also fails to lay down any objective criterion by which to determine the limits of the access of the competent national authorities to the data and their subsequent use for the purposes of prevention, detection or criminal prosecutions concerning offences that, in view of the extent and seriousness of the interference with the fundamental rights enshrined in Articles 7 and 8 of the Charter, may be considered to be sufficiently serious to justify such an interference. On the contrary, Directive 2006/24 simply refers, in Article 1(1), in a general manner to serious crime, as defined by each Member State in its national law.61      Furthermore, Directive 2006/24 does not contain substantive and procedural conditions relating to the access of the competent national authorities to the data and to their subsequent use. Article 4 of the directive, which governs the access of those authorities to the data retained, does not expressly provide that that access and the subsequent use of the data in question must be strictly restricted to the purpose of preventing and detecting precisely defined serious offences or of conducting criminal prosecutions relating thereto; it merely provides that each Member State is to define the procedures to be followed and the conditions to be fulfilled in order to gain access to the retained data in accordance with necessity and proportionality requirements.
  • 55      The need for such safeguards is all the greater where, as laid down in Directive 2006/24, personal data are subjected to automatic processing and where there is a significant risk of unlawful access to those data (see, by analogy, as regards Article 8 of the ECHR, S. and Marper v. the United Kingdom, § 103, and M. K. v. France, 18 April 2013, no. 19522/09, § 35).56      As for the question of whether the interference caused by Directive 2006/24 is limited to what is strictly necessary, it should be observed that, in accordance with Article 3 read in conjunction with Article 5(1) of that directive, the directive requires the retention of all traffic data concerning fixed telephony, mobile telephony, Internet access, Internet e-mail and Internet telephony. It therefore applies to all means of electronic communication, the use of which is very widespread and of growing importance in people’s everyday lives. Furthermore, in accordance with Article 3 of Directive 2006/24, the directive covers all subscribers and registered users. It therefore entails an interference with the fundamental rights of practically the entire European population. 57      In this respect, it must be noted, first, that Directive 2006/24 covers, in a generalised manner, all persons and all means of electronic communication as well as all traffic data without any differentiation, limitation or exception being made in the light of the objective of fighting against serious crime.
  • 62      In particular, Directive 2006/24 does not lay down any objective criterion by which the number of persons authorised to access and subsequently use the data retained is limited to what is strictly necessary in the light of the objective pursued. Above all, the access by the competent national authorities to the data retained is not made dependent on a prior review carried out by a court or by an independent administrative body whose decision seeks to limit access to the data and their use to what is strictly necessary for the purpose of attaining the objective pursued and which intervenes following a reasoned request of those authorities submitted within the framework of procedures of prevention, detection or criminal prosecutions. Nor does it lay down a specific obligation on Member States designed to establish such limits. 63      Thirdly, so far as concerns the data retention period, Article 6 of Directive 2006/24 requires that those data be retained for a period of at least six months, without any distinction being made between the categories of data set out in Article 5 of that directive on the basis of their possible usefulness for the purposes of the objective pursued or according to the persons concerned.64      Furthermore, that period is set at between a minimum of 6 months and a maximum of 24 months, but it is not stated that the determination of the period of retention must be based on objective criteria in order to ensure that it is limited to what is strictly necessary.
  • 52      So far as concerns the right to respect for private life, the protection of that fundamental right requires, according to the Court’s settled case-law, in any event, that derogations and limitations in relation to the protection of personal data must apply only in so far as is strictly necessary (Case C‑473/12 IPI EU:C:2013:715, paragraph 39 and the case-law cited).53      In that regard, it should be noted that the protection of personal data resulting from the explicit obligation laid down in Article 8(1) of the Charter is especially important for the right to respect for private life enshrined in Article 7 of the Charter.54      Consequently, the EU legislation in question must lay down clear and precise rules governing the scope and application of the measure in question and imposing minimum safeguards so that the persons whose data have been retained have sufficient guarantees to effectively protect their personal data against the risk of abuse and against any unlawful access and use of that data (see, by analogy, as regards Article 8 of the ECHR, Eur. Court H.R., Liberty and Others v. the United Kingdom, 1 July 2008, no. 58243/00, § 62 and 63; Rotaru v. Romania, § 57 to 59, and S. and Marper v. the United Kingdom, § 99).
  • 26      In that regard, it should be observed that the data which providers of publicly available electronic communications services or of public communications networks must retain, pursuant to Articles 3 and 5 of Directive 2006/24, include data necessary to trace and identify the source of a communication and its destination, to identify the date, time, duration and type of a communication, to identify users’ communication equipment, and to identify the location of mobile communication equipment, data which consist, inter alia, of the name and address of the subscriber or registered user, the calling telephone number, the number called and an IP address for Internet services. Those data make it possible, in particular, to know the identity of the person with whom a subscriber or registered user has communicated and by what means, and to identify the time of the communication as well as the place from which that communication took place. They also make it possible to know the frequency of the communications of the subscriber or registered user with certain persons during a given period. 27      Those data, taken as a whole, may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them.
  • 32      By requiring the retention of the data listed in Article 5(1) of Directive 2006/24 and by allowing the competent national authorities to access those data, Directive 2006/24, as the Advocate General has pointed out, in particular, in paragraphs 39 and 40 of his Opinion, derogates from the system of protection of the right to privacy established by Directives 95/46 and 2002/58 with regard to the processing of personal data in the electronic communications sector, directives which provided for the confidentiality of communications and of traffic data as well as the obligation to erase or make those data anonymous where they are no longer needed for the purpose of the transmission of a communication, unless they are necessary for billing purposes and only for as long as so necessary.
  • On those grounds, the Court (Grand Chamber) hereby rules:Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC is invalid.
  • Paul Merrell on 19 Jul 14
     
    EU Court of Justice decision in regard to a Directive that required communications data retention by telcos/ISPs, finding the Directive invalid as a violation of the right of privacy in communications. Fairly read, paragraph 59 outlaws bulk collection of such records, i.e., it requires the equivalent of a judge-issued search warrant in the U.S. based on probable cause to believe that the particular individual's communications are a legitimate object of a search.  Note also that paragraph 67 effectively forbids transfer of any retained data outside the E.U. So a barrier for NSA sharing of data with GCHQ derived from communications NSA collects from EU communications traffic. Bye-bye, Big Data for GCHQ in the E.U. 
Gary Edwards

Birth of an Internet independence movement | CIO - 0 views

www.cio.com/...net-independence-movement.html

internet

shared by Gary Edwards on 04 May 15 - No Cached
  • The arrogance and utter incongruity of declaring Internet and telephone networks equivalent has led a group of friends, all of them reluctant activists, to convene an effort to restore Internet independence. So far, the group of “Tech Innovators” includes John Perry Barlow, Mark Cuban, Tim Draper, Tom Evslin, Dave Farber, Charlie Giancarlo, George Gilder, John Gilmore, Brian Martin, Bob Metcalfe, Ray Ozzie, Jeff Pulver, Michael Robertson, Scott McNealy and Les Vadasz. Through this civic initiative, we hope to defend the remarkable success of the Internet and lead a conversation toward the future — not the past, where laws enacted under FDR must inevitably lead us. The open Internet rules from the FCC end the “permissionless innovation” they purport to protect by inviting the commission to regulate computer networks for the first time. The uncertain benefits and certain unintended consequences of the policy reversal expose the communicating public to unnecessary risk and threaten to upend the success of the past 20 years. The Tech Innovators believe that by recognizing “Internet Independence Day,” Congress can help initiate and advance bipartisan legislation to restore the private-sector framework responsible for of the success of the Internet.
  • Americans today enjoy a thousand-fold improvement from the 56Kbps dial-up modems that 15 million Internet early adopters relied on in the ’90s. The Internet now reaches 3 billion people, and a proliferation of services push communication options far beyond the long-distance phone call of 1995. The FCC plan to impose public utility Title II provisions ends the policies responsible for these accomplishments. Domains subject to telephone-style regulations suffer stagnation without exception. A routine 10Mbps connection available as a nonregulated information service prior to the Open Internet Order would have cost $10,000 per month as a Title II data service in 1995. The insertion of fiat regulatory powers will prove fatal to the entrepreneurial energies responsible for building what FCC Chairman Wheeler calls “the most powerful network in the history of mankind” — a network built beyond the reach of FCC regulatory jurisdiction.
  • The Open Internet Order invents artificial distinctions between content companies, Internet providers and end users for the purposes of regulation. This will lead to the same types of regulatory arbitrage and innovation-deadening consequences as prior distinctions such as “long distance” or “intra-lata.” History demonstrates that asserting artificial market distinctions for purposes of regulation always invites arbitrage and unintended consequences. Resources White Paper 802.11ac: Wireless The Easy Way White Paper Web Application Acceleration: Practical Implementations See All Go The commission obtains jurisdiction by changing the definition of “public switched network” to include networks with IP addresses. The complete transformation of a policy landscape represents a decision the Constitution grants exclusively to Congress.
  • ...1 more annotation...
  • The coming litigation leaves the Internet ecosystem in jeopardy without regard to the outcome. The preference for a congressional action addressing current conditions and issues relative to the prospects of an 80-year-old regulatory framework should not be controversial. The privatization of the Internet represented an experiment. Restoring Internet independence merely recognizes the remarkable success of the commercial Internet.
  • Gary Edwards on 04 May 15
     
    "The 20th anniversary of the privatization of the Internet deserves recognition by the U.S. Congress and celebration by all Americans as "Internet Independence Day." Two decades ago, on April 30, 1995, the Internet was privatized with the decommissioning of the NSFNET backbone. State of the CIO 2015 More than 500 top IT leaders responded to our online survey to help us gauge the state of the READ NOW The past two decades of Internet-driven success were set in motion with the passage of the High Performance Computing Act of 1991, championed by Sen. Al Gore and signed into law by President George H.W. Bush. That decision of the U.S. government to step back and privatize the Internet led to a thriving and open Internet that provides a remarkable platform for innovation. Ironically, the Federal Communication Commission's recently announced Open Internet Order reasserts government control over the Internet by the means of repurposing Depression-era industrial policy meant to address a monopoly in voice-transmission technology. The FCC went down the dangerous and uncertain legal path of reverting to traditional, utility-style regulation under Title II of the Communications Act of 1934."
Paul Merrell

Exclusive: Dozens of Clinton emails were classified from the start, U.S. rules suggest ... - 0 views

www.reuters.com/...n-emails-idUSKCN0QQ0BW20150821

Auction 2016 Hillary Hillary-emails

shared by Paul Merrell on 23 Aug 15 - No Cached
  • For months, the U.S. State Department has stood behind its former boss Hillary Clinton as she has repeatedly said she did not send or receive classified information on her unsecured, private email account, a practice the government forbids.While the department is now stamping a few dozen of the publicly released emails as "Classified," it stresses this is not evidence of rule-breaking. Those stamps are new, it says, and do not mean the information was classified when Clinton, the Democratic frontrunner in the 2016 presidential election, first sent or received it.But the details included in those "Classified" stamps — which include a string of dates, letters and numbers describing the nature of the classification — appear to undermine this account, a Reuters examination of the emails and the relevant regulations has found.The new stamps indicate that some of Clinton's emails from her time as the nation's most senior diplomat are filled with a type of information the U.S. government and the department's own regulations automatically deems classified from the get-go — regardless of whether it is already marked that way or not.In the small fraction of emails made public so far, Reuters has found at least 30 email threads from 2009, representing scores of individual emails, that include what the State Department's own "Classified" stamps now identify as so-called 'foreign government information.' The U.S. government defines this as any information, written or spoken, provided in confidence to U.S. officials by their foreign counterparts.
  • This sort of information, which the department says Clinton both sent and received in her emails, is the only kind that must be "presumed" classified, in part to protect national security and the integrity of diplomatic interactions, according to U.S. regulations examined by Reuters."It's born classified," said J. William Leonard, a former director of the U.S. government's Information Security Oversight Office (ISOO). Leonard was director of ISOO, part of the White House's National Archives and Records Administration, from 2002 until 2008, and worked for both the Bill Clinton and George W. Bush administrations."If a foreign minister just told the secretary of state something in confidence, by U.S. rules that is classified at the moment it's in U.S. channels and U.S. possession," he said in a telephone interview, adding that for the State Department to say otherwise was "blowing smoke."
  • Although it appears to be true for Clinton to say none of her emails included classification markings, a point she and her staff have emphasized, the government's standard nondisclosure agreement warns people authorized to handle classified information that it may not be marked that way and that it may come in oral form.The State Department disputed Reuters' analysis but declined requests to explain how it was incorrect.
  • ...5 more annotations...
  • Clinton and her senior staff routinely sent foreign government information among themselves on unsecured networks several times a month, if the State Department's markings are correct. Within the 30 email threads reviewed by Reuters, Clinton herself sent at least 17 emails that contained this sort of information. In at least one case it was to a friend, Sidney Blumenthal, not in government. The information appears to include privately shared comments by a prime minister, several foreign ministers and a foreign spy chief, unredacted bits of the emails show. Typically, Clinton and her staff first learned the information in private meetings, telephone calls or, less often, in email exchanges with the foreign officials.
  • The findings of the Reuters review are separate from the recent analysis by the inspector general for U.S. intelligence agencies, who said last month that his office found four emails that contained classified government secrets at the time they were sent in a sample of 40 emails not yet made public.The State Department has said it does not know whether the inspector general is correct.
  • The Reuters review also found that the declassification dates the department has been marking on these emails suggest the department might believe the information was classified all along. Gerlach said this was incorrect.
  • A series of presidential executive orders has governed how officials should handle the ceaseless incoming stream of raw, usually unmarked information they acquire in their work. Since at least 2003, they have emphasized that information shared by a foreign government with an expectation or agreement of confidentiality is the only kind that is "presumed" classified.The State Department's own regulations, as laid out in the Foreign Affairs Manual, have been unequivocal since at least 1999: all department employees "must ... safeguard foreign government and NATO RESTRICTED information as U.S. Government Confidential" or higher, according to the version in force in 2009, when these particular emails were sent.
  • A spokeswoman for one of the foreign governments whose information appears in Clinton's emails said, on condition of anonymity to protect diplomatic relations, that the information was shared confidentially in 2009 with Clinton and her senior staff.If so, it appears this information should have been classified at the time and not handled on a private unsecured email network, according to government regulations.The foreign government expects all private exchanges with U.S. officials to be treated that way, the spokeswoman for the foreign government said.Leonard, the former ISOO director, said this sort of information was improperly shared by officials through insecure channels more frequently than the public may realize, although more typically within the unsecured .gov email network than on private email accounts.With few exceptions, officials are forbidden from sending classified information even via the .gov email network and must use a dedicated secure network instead. The difference in Clinton's case, Leonard said, is that so-called "spillages" of classified information within the .gov network are easier to track and contain.
Paul Merrell

For sale: Systems that can secretly track where cellphone users go around the globe - T... - 0 views

www.washingtonpost.com/...3-bf76-447a5df6411f_story.html

surveillance-state Verint cellphone-tracking SS7 IMSI surveillance-proliferation

shared by Paul Merrell on 26 Aug 14 - No Cached
  • Makers of surveillance systems are offering governments across the world the ability to track the movements of almost anybody who carries a cellphone, whether they are blocks away or on another continent. The technology works by exploiting an essential fact of all cellular networks: They must keep detailed, up-to-the-minute records on the locations of their customers to deliver calls and other services to them. Surveillance systems are secretly collecting these records to map people’s travels over days, weeks or longer, according to company marketing documents and experts in surveillance technology.
  • The world’s most powerful intelligence services, such as the National Security Agency and Britain’s GCHQ, long have used cellphone data to track targets around the globe. But experts say these new systems allow less technically advanced governments to track people in any nation — including the United States — with relative ease and precision.
  • It is unclear which governments have acquired these tracking systems, but one industry official, speaking on the condition of anonymity to share sensitive trade information, said that dozens of countries have bought or leased such technology in recent years. This rapid spread underscores how the burgeoning, multibillion-dollar surveillance industry makes advanced spying technology available worldwide. “Any tin-pot dictator with enough money to buy the system could spy on people anywhere in the world,” said Eric King, deputy director of Privacy International, a London-based activist group that warns about the abuse of surveillance technology. “This is a huge problem.”
  • ...9 more annotations...
  • Yet marketing documents obtained by The Washington Post show that companies are offering powerful systems that are designed to evade detection while plotting movements of surveillance targets on computerized maps. The documents claim system success rates of more than 70 percent. A 24-page marketing brochure for SkyLock, a cellular tracking system sold by Verint, a maker of analytics systems based in Melville, N.Y., carries the subtitle “Locate. Track. Manipulate.” The document, dated January 2013 and labeled “Commercially Confidential,” says the system offers government agencies “a cost-effective, new approach to obtaining global location information concerning known targets.”
  • tracking systems that access carrier location databases are unusual in their ability to allow virtually any government to track people across borders, with any type of cellular phone, across a wide range of carriers — without the carriers even knowing. These systems also can be used in tandem with other technologies that, when the general location of a person is already known, can intercept calls and Internet traffic, activate microphones, and access contact lists, photos and other documents. Companies that make and sell surveillance technology seek to limit public information about their systems’ capabilities and client lists, typically marketing their technology directly to law enforcement and intelligence services through international conferences that are closed to journalists and other members of the public.
  • Security experts say hackers, sophisticated criminal gangs and nations under sanctions also could use this tracking technology, which operates in a legal gray area. It is illegal in many countries to track people without their consent or a court order, but there is no clear international legal standard for secretly tracking people in other countries, nor is there a global entity with the authority to police potential abuses.
  • (Privacy International has collected several marketing brochures on cellular surveillance systems, including one that refers briefly to SkyLock, and posted them on its Web site. The 24-page SkyLock brochure and other material was independently provided to The Post by people concerned that such systems are being abused.)
  • Verint, which also has substantial operations in Israel, declined to comment for this story. It says in the marketing brochure that it does not use SkyLock against U.S. or Israeli phones, which could violate national laws. But several similar systems, marketed in recent years by companies based in Switzerland, Ukraine and elsewhere, likely are free of such limitations.
  • The tracking technology takes advantage of the lax security of SS7, a global network that cellular carriers use to communicate with one another when directing calls, texts and Internet data. The system was built decades ago, when only a few large carriers controlled the bulk of global phone traffic. Now thousands of companies use SS7 to provide services to billions of phones and other mobile devices, security experts say. All of these companies have access to the network and can send queries to other companies on the SS7 system, making the entire network more vulnerable to exploitation. Any one of these companies could share its access with others, including makers of surveillance systems.
  • Companies that market SS7 tracking systems recommend using them in tandem with “IMSI catchers,” increasingly common surveillance devices that use cellular signals collected directly from the air to intercept calls and Internet traffic, send fake texts, install spyware on a phone, and determine precise locations. IMSI catchers — also known by one popular trade name, StingRay — can home in on somebody a mile or two away but are useless if a target’s general location is not known. SS7 tracking systems solve that problem by locating the general area of a target so that IMSI catchers can be deployed effectively. (The term “IMSI” refers to a unique identifying code on a cellular phone.)
  • Verint can install SkyLock on the networks of cellular carriers if they are cooperative — something that telecommunications experts say is common in countries where carriers have close relationships with their national governments. Verint also has its own “worldwide SS7 hubs” that “are spread in various locations around the world,” says the brochure. It does not list prices for the services, though it says that Verint charges more for the ability to track targets in many far-flung countries, as opposed to only a few nearby ones. Among the most appealing features of the system, the brochure says, is its ability to sidestep the cellular operators that sometimes protect their users’ personal information by refusing government requests or insisting on formal court orders before releasing information.
  • Another company, Defentek, markets a similar system called Infiltrator Global Real-Time Tracking System on its Web site, claiming to “locate and track any phone number in the world.” The site adds: “It is a strategic solution that infiltrates and is undetected and unknown by the network, carrier, or the target.”
  • Paul Merrell on 26 Aug 14
     
    The Verint company has very close ties to the Iraeli government. Its former parent company Comverse, was heavily subsidized by Israel and the bulk of its manufacturing and code development was done in Israel. See https://en.wikipedia.org/wiki/Comverse_Technology "In December 2001, a Fox News report raised the concern that wiretapping equipment provided by Comverse Infosys to the U.S. government for electronic eavesdropping may have been vulnerable, as these systems allegedly had a back door through which the wiretaps could be intercepted by unauthorized parties.[55] Fox News reporter Carl Cameron said there was no reason to believe the Israeli government was implicated, but that "a classified top-secret investigation is underway".[55] A March 2002 story by Le Monde recapped the Fox report and concluded: "Comverse is suspected of having introduced into its systems of the 'catch gates' in order to 'intercept, record and store' these wire-taps. This hardware would render the 'listener' himself 'listened to'."[56] Fox News did not pursue the allegations, and in the years since, there have been no legal or commercial actions of any type taken against Comverse by the FBI or any other branch of the US Government related to data access and security issues. While no real evidence has been presented against Comverse or Verint, the allegations have become a favorite topic of conspiracy theorists.[57] By 2005, the company had $959 million in sales and employed over 5,000 people, of whom about half were located in Israel.[16]" Verint is also the company that got the Dept. of Homeland Security contract to provide and install an electronic and video surveillance system across the entire U.S. border with Mexico.  One need not be much of a conspiracy theorist to have concerns about Verint's likely interactions and data sharing with the NSA and its Israeli equivalent, Unit 8200. 
Paul Merrell

Great Britain Creates a Cyber Brigade to Manipulate Public Opinion | New Eastern Outlook - 0 views

journal-neo.org/...itanii-sozdayut-internetarmiyu

war & peace UK-Army psywar disinformation propaganda facebook-warriors

shared by Paul Merrell on 23 Feb 15 - No Cached
  • t’s no coincidence then that the White House advised London to establish a special unit within its military structure – the British Cyber Command, transferring up to 1500 officers under its command just “for starters”. One must note that Washington has already created its own special unit for cyberwarfare back in 2009. This unit goes under the name of United States Cyber Command, with its headquarters being located at Fort Meade (Maryland). According to The Guardian, the 77th brigade will formally come into being in April. The brigade will be carrying out covert operations on social networks exclusively, in an effort to spread disinformation and manipulate the population of certain countries, which should create “favorable conditions” for applying political pressure or the executing of regime change in strategically important regions of the world. Its headquarters will be located to the west of London in Newbury (Berkshire) while it’s official insignia will be the famous symbol of Chindits (a mythical god-like lion guarding temples in Myanmar and other countries in South-East Asia), that was used by a a British India ‘Special Force’ which participated in the suppression of guerrilla Japanese troops deep in the forests of Southeast Asia. The use of social networks to overthrow unwanted regimes has been Washington’s modus operandi for decades now. This led to the creation of a whole industry of disinformation and the manipulation of public opinion. The events surrounding the Arab Spring, countless other color revolutions and the latest events in Ukraine can serve as a perfect example of how an unstable sociopolitical and economic situation in a country can be exploited by Western intelligence agencies to a achieve a radical change in the sovereign governments of other states .First appeared: http://journal-neo.org/2015/02/11/rus-v-britanii-sozdayut-internetarmiyu/
  • Paul Merrell on 23 Feb 15
     
    In Egypt, Tunisia, Yemen, Algeria, Jordan, Syria, Ukraine, and Hong Kong along with a number of other countries, social networks have been used to coordinate the movement of protest groups, which allowed the gathering of a considerable number of protesters in designated areas. Back in 2011 the The Guardian reported the US Department of Defense was developing special software designed solely for manipulating social network users into buying pro-American propaganda. This operation was codenamed Operation Earnest Voice. This software has been put to "good use" in Britain, the United States and other Western countries during the Ukraine crisis for mass distribution of misleading information about Russia. This operation went as far as attempting to rewrite the history of World War II, with the active participation of Polish and Baltic politicians. The news on the creation of the 77th Brigade came short after the announcement made by Lieutenant General Marshall Webb the Commander, NATO Special Operations Forces HQ on the need to improve counter-information efforts against the Islamic State, as well as Russian and alternative media's coverage of the true causes of the ongoing events in Ukraine, and the large scale extermination of the civilian population by Kiev military units. These concerns, along with the recent events in Afghanistan, Iraq, and Syria, were the reason behind the assembly of a British cyber squad.
Paul Merrell

Documents Reveal Canada's Secret Hacking Tactics - The Intercept - 0 views

firstlook.org/...acking-cyberwar-secret-arsenal

surveillance state CSE NSA false-flag social media

shared by Paul Merrell on 24 Mar 15 - No Cached
  • Canada’s electronic surveillance agency has secretly developed an arsenal of cyberweapons capable of stealing data and destroying adversaries’ infrastructure, according to newly revealed classified documents. Communications Security Establishment, or CSE, has also covertly hacked into computers across the world to gather intelligence, breaking into networks in Europe, Mexico, the Middle East and North Africa, the documents show. The revelations, reported Monday by CBC News in collaboration with The Intercept, shine a light for the first time on how Canada has adopted aggressive tactics to attack, sabotage and infiltrate targeted computer systems. The latest disclosures come as the Canadian government debates whether to hand over more powers to its spies to disrupt threats as part of the controversial anti-terrorism law, Bill C-51.
  • Christopher Parsons, a surveillance expert at the University of Toronto’s Citizen Lab, told CBC News that the new revelations showed that Canada’s computer networks had already been “turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?” According to documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden, CSE has a wide range of powerful tools to perform “computer network exploitation” and “computer network attack” operations. These involve hacking into networks to either gather intelligence or to damage adversaries’ infrastructure, potentially including electricity, transportation or banking systems. The most well-known example of a state-sponsored “attack” operation involved the use of Stuxnet, a computer worm that was reportedly developed by the United States and Israel to sabotage Iranian nuclear facilities. One document from CSE, dated from 2011, outlines the range of methods the Canadian agency has at its disposal as part of a “cyber activity spectrum” to both defend against hacking attacks and to perpetrate them. CSE says in the document that it can “disable adversary infrastructure,” “control adversary infrastructure,” or “destroy adversary infrastructure” using the attack techniques. It can also insert malware “implants” on computers to steal data.
  • According to one top-secret NSA briefing paper, dated from 2013, Canada is considered an important player in global hacking operations. Under the heading “NSA and CSEC cooperate closely in the following areas,” the paper notes that the agencies work together on “active computer network access and exploitation on a variety of foreign intelligence targets, including CT [counter terrorism], Middle East, North Africa, Europe, and Mexico.” (The NSA had not responded to a request for comment at time of publication. The agency has previously told The Intercept that it “works with foreign partners to address a wide array of serious threats, including terrorist plots, the proliferation of weapons of mass destruction, and foreign aggression.”) Notably, CSE has gone beyond just adopting a range of tools to hack computers. According to the Snowden documents, it has a range of “deception techniques” in its toolbox. These include “false flag” operations to “create unrest,” and using so-called “effects” operations to “alter adversary perception.” A false-flag operation usually means carrying out an attack, but making it look like it was performed by another group — in this case, likely another government or hacker. Effects operations can involve sending out propaganda across social media or disrupting communications services. The newly revealed documents also reveal that CSE says it can plant a “honeypot” as part of its deception tactics, possibly a reference to some sort of bait posted online that lures in targets so that they can be hacked or monitored.
  • ...1 more annotation...
  • The apparent involvement of CSE in using the deception tactics suggests it is operating in the same area as a secretive British unit known as JTRIG, a division of the country’s eavesdropping agency, Government Communications Headquarters, or GCHQ. Last year, The Intercept published documents from Snowden showing that the JTRIG unit uses a range of effects operations to manipulate information online, such as by rigging the outcome of online polls, sending out fake messages on Facebook across entire countries, and posting negative information about targets online to damage their reputations.
Paul Merrell

US Intel Vets Dispute Russia Hacking Claims - Consortiumnews - 0 views

consortiumnews.com/...-dispute-russia-hacking-claims

war & peace Auction 2016 Russia hacking debunked VIPS

shared by Paul Merrell on 13 Dec 16 - No Cached
  • As the hysteria about Russia’s alleged interference in the U.S. election grows, a key mystery is why U.S. intelligence would rely on “circumstantial evidence” when it has the capability for hard evidence, say U.S. intelligence veterans. Veteran Intelligence Professionals for Sanity MEMORANDUM Allegations of Hacking Election Are Baseless A New York Times report on Monday alluding to “overwhelming circumstantial evidence” leading the CIA to believe that Russian President Vladimir Putin “deployed computer hackers with the goal of tipping the election to Donald J. Trump” is, sadly, evidence-free. This is no surprise, because harder evidence of a technical nature points to an inside leak, not hacking – by Russians or anyone else.
  • We have gone through the various claims about hacking. For us, it is child’s play to dismiss them. The email disclosures in question are the result of a leak, not a hack. Here’s the difference between leaking and hacking: Leak: When someone physically takes data out of an organization and gives it to some other person or organization, as Edward Snowden and Chelsea Manning did. Hack: When someone in a remote location electronically penetrates operating systems, firewalls or any other cyber-protection system and then extracts data. All signs point to leaking, not hacking. If hacking were involved, the National Security Agency would know it – and know both sender and recipient. In short, since leaking requires physically removing data – on a thumb drive, for example – the only way such data can be copied and removed, with no electronic trace of what has left the server, is via a physical storage device.
  • These collection resources are extensive [see attached NSA slides 1, 2, 3, 4, 5]; they include hundreds of trace route programs that trace the path of packets going across the network and tens of thousands of hardware and software implants in switches and servers that manage the network. Any emails being extracted from one server going to another would be, at least in part, recognizable and traceable by all these resources. The bottom line is that the NSA would know where and how any “hacked” emails from the DNC, HRC or any other servers were routed through the network. This process can sometimes require a closer look into the routing to sort out intermediate clients, but in the end sender and recipient can be traced across the network. The various ways in which usually anonymous spokespeople for U.S. intelligence agencies are equivocating – saying things like “our best guess” or “our opinion” or “our estimate” etc. – shows that the emails alleged to have been “hacked” cannot be traced across the network. Given NSA’s extensive trace capability, we conclude that DNC and HRC servers alleged to have been hacked were, in fact, not hacked. The evidence that should be there is absent; otherwise, it would surely be brought forward, since this could be done without any danger to sources and methods. Thus, we conclude that the emails were leaked by an insider – as was the case with Edward Snowden and Chelsea Manning. Such an insider could be anyone in a government department or agency with access to NSA databases, or perhaps someone within the DNC.
  • ...1 more annotation...
  • As for the comments to the media as to what the CIA believes, the reality is that CIA is almost totally dependent on NSA for ground truth in the communications arena. Thus, it remains something of a mystery why the media is being fed strange stories about hacking that have no basis in fact. In sum, given what we know of NSA’s existing capabilities, it beggars belief that NSA would be unable to identify anyone – Russian or not – attempting to interfere in a U.S. election by hacking. For the Steering Group, Veteran Intelligence Professionals for Sanity (VIPS)
Paul Merrell

China's CCTV launches global 'soft power' media network to extend influence - Channel N... - 0 views

www.channelnewsasia.com/...3405106.html

China CCTV global=multilingual-media-cluster

shared by Paul Merrell on 03 Jan 17 - No Cached
  • China Central Television (CCTV), Beijing's largest and most important TV network, said it will launch a new global media platform at the stroke of New Year's Day to help re-brand China overseas.The new multilingual media cluster will have six TV channels, a video newsletter agency and a new media agency and will see the original CCTV News channel renamed as China Global Television Network, the network said on its website on Friday night.China has been extending its global influence with "soft power" tactics such as launching new English language media and auditioning international public relations firms to tailor its branding strategy.President Xi Jinping said in February state media must tell China's story to the world better and become internationally influential, adding that onshore portals must follow the party line and promote "positive propaganda as the main theme".
Paul Merrell

Global Terrorism and Saudi Arabia: Bandar's Terror Network | Global Research - 0 views

www.globalresearch.ca/...5364556

war & peace Saudis Bandar-Bush Bandar-profile must-read

shared by Paul Merrell on 15 Jan 14 - No Cached
  • Faced with internal dissent from repressed subjects and religious minorities, the Saudi dictatorship perceives threats and dangers from all sides:  overseas, secular, nationalists and Shia ruling governments; internally, moderate Sunni nationalists, democrats and feminists; within the royalist cliques, traditionalists and modernizers.  In response it has turned toward financing, training and arming an international network of Islamic terrorists who are directed toward attacking, invading and destroying regimes opposed to the Saudi clerical-dictatorial regime.             The mastermind of the Saudi terror network is Bandar bin Sultan, who has longstanding and deep ties to high level US political, military and intelligence officials.  Bandar was trained and indoctrinated at Maxwell Air Force Base and Johns Hopkins University and served as Saudi Ambassador to the US for over two decades (1983 – 2005).  Between 2005 – 2011 he was Secretary of the National Security Council and in 2012 he was appointed as Director General of the Saudi Intelligence Agency.  Early on Bandar became deeply immersed in clandestine terror operations working
  • Paul Merrell on 15 Jan 14
     
    Excellent profile of Bandar bin Sultan (also known as "Bandar Bush"), his U.S. training, his decades as the Saudi Ambassador to the U.S., his role in CIA activities, his appointment in as the head of Saudi Intelligence, his network of terrorist fighters spanning multiple continents in pursuit of Wahabi Sunni dominance, his partnership with Israel to lobby Congress to derail the U.S.-Iranian negotiations, and his precarious political position within Saudi Arabia itself. In some detail.  Important read about a man who directly influences U.S. foreign policy and Congress.  
Paul Merrell

Documents Reveal N.S.A. Campaign Against Encryption - Document - NYTimes.com - 0 views

www.nytimes.com/...mpaign-against-encryption.html

surveillance state NSA NSA-capabilities compromised-encryption-standards

shared by Paul Merrell on 06 Sep 13 - No Cached
  • (U) HTTPS – HTTP traffic secured inside an SSL/TLS session, indicated by the https:// URL, commonly using TCP port 443 (U) IPSEC -- IPSec, or IP Security, is the Internet Engineering Task Force (IETF) standard for layer 3 real-time communication security. IPSec allows two hosts (or two gateways) to establish a secure connection, sometimes called a tunnel. All traffic is protected at the network layer. (U) SSH – Secure Shell. A common protocol used for secure remote computer access (U) SSL – Secure Sockets Layer. Commonly used to provide secure network communication. Widely used on the internet to provide secure web browsing, webmail, instant messaging, electronic commerce, etc. (U) TLS – Transport Layer Security. The follow-on to SSL, SSLv3 and TLSv1.0 are nearly identical. (U) VoIP – Voice over Internet Protocol. A general term for the using IP networks to make voice phone calls. The application layer protocol can be standards-based (e.g., H.323, SIP), or proprietary (e.g., Skype). (U) VPN – Virtual Private Network. A private network that makes use of the public telecommunications infrastructure, maintaining privacy via the use of a tunneling protocol and security procedures that typically include encryption. Common protocols include IPSEC and PPTP.
  • Paul Merrell on 06 Sep 13
     
    An "example" non-exclusive list of encryption standards that the "patriots" at the NSA have compromised.  Select the "Bullrun Briefing Sheet" tab to view.
Paul Merrell

Tomgram: Alfred McCoy, It's About Blackmail, Not National Security | TomDispatch - 0 views

www.tomdispatch.com/...kmail%2C_not_national_security

surveillance state blackmail power-projection empire Obama BushII

shared by Paul Merrell on 29 Jan 14 - No Cached
  • For more than six months, Edward Snowden’s revelations about the National Security Agency (NSA) have been pouring out from the Washington Post, the New York Times, the Guardian, Germany’s Der Spiegel, and Brazil’s O Globo, among other places.  Yet no one has pointed out the combination of factors that made the NSA’s expanding programs to monitor the world seem like such a slam-dunk development in Washington.  The answer is remarkably simple.  For an imperial power losing its economic grip on the planet and heading into more austere times, the NSA’s latest technological breakthroughs look like a bargain basement deal when it comes to projecting power and keeping subordinate allies in line -- like, in fact, the steal of the century.  Even when disaster turned out to be attached to them, the NSA’s surveillance programs have come with such a discounted price tag that no Washington elite was going to reject them.
  • What exactly was the aim of such an unprecedented program of massive domestic and planetary spying, which clearly carried the risk of controversy at home and abroad? Here, an awareness of the more than century-long history of U.S. surveillance can guide us through the billions of bytes swept up by the NSA to the strategic significance of such a program for the planet’s last superpower. What the past reveals is a long-term relationship between American state surveillance and political scandal that helps illuminate the unacknowledged reason why the NSA monitors America’s closest allies. Not only does such surveillance help gain intelligence advantageous to U.S. diplomacy, trade relations, and war-making, but it also scoops up intimate information that can provide leverage -- akin to blackmail -- in sensitive global dealings and negotiations of every sort. The NSA’s global panopticon thus fulfills an ancient dream of empire. With a few computer key strokes, the agency has solved the problem that has bedeviled world powers since at least the time of Caesar Augustus: how to control unruly local leaders, who are the foundation for imperial rule, by ferreting out crucial, often scurrilous, information to make them more malleable.
  • Once upon a time, such surveillance was both expensive and labor intensive. Today, however, unlike the U.S. Army’s shoe-leather surveillance during World War I or the FBI’s break-ins and phone bugs in the Cold War years, the NSA can monitor the entire world and its leaders with only 100-plus probes into the Internet’s fiber optic cables. This new technology is both omniscient and omnipresent beyond anything those lacking top-secret clearance could have imagined before the Edward Snowden revelations began.  Not only is it unimaginably pervasive, but NSA surveillance is also a particularly cost-effective strategy compared to just about any other form of global power projection. And better yet, it fulfills the greatest imperial dream of all: to be omniscient not just for a few islands, as in the Philippines a century ago, or a couple of countries, as in the Cold War era, but on a truly global scale. In a time of increasing imperial austerity and exceptional technological capability, everything about the NSA’s surveillance told Washington to just “go for it.”  This cut-rate mechanism for both projecting force and preserving U.S. global power surely looked like a no-brainer, a must-have bargain for any American president in the twenty-first century -- before new NSA documents started hitting front pages weekly, thanks to Snowden, and the whole world began returning the favor.
  • ...12 more annotations...
  • As the gap has grown between Washington’s global reach and its shrinking mailed fist, as it struggles to maintain 40% of world armaments (the 2012 figure) with only 23% of global gross economic output, the U.S. will need to find new ways to exercise its power far more economically. As the Cold War took off, a heavy-metal U.S. military -- with 500 bases worldwide circa 1950 -- was sustainable because the country controlled some 50% of the global gross product. But as its share of world output falls -- to an estimated 17% by 2016 -- and its social welfare costs climb relentlessly from 4% of gross domestic product in 2010 to a projected 18% by 2050, cost-cutting becomes imperative if Washington is to survive as anything like the planet’s “sole superpower.” Compared to the $3 trillion cost of the U.S. invasion and occupation of Iraq, the NSA’s 2012 budget of just $11 billion for worldwide surveillance and cyberwarfare looks like cost saving the Pentagon can ill-afford to forego. Yet this seeming “bargain” comes at what turns out to be an almost incalculable cost. The sheer scale of such surveillance leaves it open to countless points of penetration, whether by a handful of anti-war activists breaking into an FBI field office in Media, Pennsylvania, back in 1971 or Edward Snowden downloading NSA documents at a Hawaiian outpost in 2012.
  • In October 2001, not satisfied with the sweeping and extraordinary powers of the newly passed Patriot Act, President Bush ordered the National Security Agency to commence covert monitoring of private communications through the nation's telephone companies without the requisite FISA warrants. Somewhat later, the agency began sweeping the Internet for emails, financial data, and voice messaging on the tenuous theory that such “metadata” was “not constitutionally protected.” In effect, by penetrating the Internet for text and the parallel Public Switched Telephone Network (PSTN) for voice, the NSA had gained access to much of the world’s telecommunications. By the end of Bush’s term in 2008, Congress had enacted laws that not only retrospectively legalized these illegal programs, but also prepared the way for NSA surveillance to grow unchecked. Rather than restrain the agency, President Obama oversaw the expansion of its operations in ways remarkable for both the sheer scale of the billions of messages collected globally and for the selective monitoring of world leaders.
  • By 2012, the centralization via digitization of all voice, video, textual, and financial communications into a worldwide network of fiber optic cables allowed the NSA to monitor the globe by penetrating just 190 data hubs -- an extraordinary economy of force for both political surveillance and cyberwarfare.
  • With a few hundred cable probes and computerized decryption, the NSA can now capture the kind of gritty details of private life that J. Edgar Hoover so treasured and provide the sort of comprehensive coverage of populations once epitomized by secret police like East Germany’s Stasi. And yet, such comparisons only go so far. After all, once FBI agents had tapped thousands of phones, stenographers had typed up countless transcripts, and clerks had stored this salacious paper harvest in floor-to-ceiling filing cabinets, J. Edgar Hoover still only knew about the inner-workings of the elite in one city: Washington, D.C.  To gain the same intimate detail for an entire country, the Stasi had to employ one police informer for every six East Germans -- an unsustainable allocation of human resources. By contrast, the marriage of the NSA’s technology to the Internet’s data hubs now allows the agency’s 37,000 employees a similarly close coverage of the entire globe with just one operative for every 200,000 people on the planet
  • Through the expenditure of $250 million annually under its Sigint Enabling Project, the NSA has stealthily penetrated all encryption designed to protect privacy. “In the future, superpowers will be made or broken based on the strength of their cryptanalytic programs,” reads a 2007 NSA document. “It is the price of admission for the U.S. to maintain unrestricted access to and use of cyberspace.” By collecting knowledge -- routine, intimate, or scandalous -- about foreign leaders, imperial proconsuls from ancient Rome to modern America have gained both the intelligence and aura of authority necessary for dominion over alien societies. The importance, and challenge, of controlling these local elites cannot be overstated. During its pacification of the Philippines after 1898, for instance, the U.S. colonial regime subdued contentious Filipino leaders via pervasive policing that swept up both political intelligence and personal scandal. And that, of course, was just what J. Edgar Hoover was doing in Washington during the 1950s and 1960s.
  • Indeed, the mighty British Empire, like all empires, was a global tapestry woven out of political ties to local leaders or “subordinate elites” -- from Malay sultans and Indian maharajas to Gulf sheiks and West African tribal chiefs. As historian Ronald Robinson once observed, the British Empire spread around the globe for two centuries through the collaboration of these local leaders and then unraveled, in just two decades, when that collaboration turned to “non-cooperation.” After rapid decolonization during the 1960s transformed half-a-dozen European empires into 100 new nations, their national leaders soon found themselves the subordinate elites of a spreading American global imperium. Washington suddenly needed the sort of private information that could keep such figures in line. Surveillance of foreign leaders provides world powers -- Britain then, America now -- with critical information for the exercise of global hegemony. Such spying gave special penetrating power to the imperial gaze, to that sense of superiority necessary for dominion over others.  It also provided operational information on dissidents who might need to be countered with covert action or military force; political and economic intelligence so useful for getting the jump on allies in negotiations of all sorts; and, perhaps most important of all, scurrilous information about the derelictions of leaders useful in coercing their compliance.
  • In late 2013, the New York Times reported that, when it came to spying on global elites, there were “more than 1,000 targets of American and British surveillance in recent years,” reaching down to mid-level political actors in the international arena. Revelations from Edward Snowden’s cache of leaked documents indicate that the NSA has monitored leaders in some 35 nations worldwide -- including Brazilian president Dilma Rousseff, Mexican presidents Felipe Calderón and Enrique Peña Nieto, German Chancellor Angela Merkel, and Indonesia’s president Susilo Bambang Yudhoyono.  Count in as well, among so many other operations, the monitoring of “French diplomatic interests” during the June 2010 U.N. vote on Iran sanctions and “widespread surveillance” of world leaders during the Group 20 summit meeting at Ottawa in June 2010. Apparently, only members of the historic “Five Eyes” signals-intelligence alliance (Australia, Canada, New Zealand, and Great Britain) remain exempt -- at least theoretically -- from NSA surveillance. Such secret intelligence about allies can obviously give Washington a significant diplomatic advantage. During U.N. wrangling over the U.S. invasion of Iraq in 2002-2003, for example, the NSA intercepted Secretary-General Kofi Anan’s conversations and monitored the “Middle Six” -- Third World nations on the Security Council -- offering what were, in essence, well-timed bribes to win votes. The NSA’s deputy chief for regional targets sent a memo to the agency’s Five Eyes allies asking “for insights as to how membership is reacting to on-going debate regarding Iraq, plans to vote on any related resolutions [..., and] the whole gamut of information that could give U.S. policymakers an edge in obtaining results favorable to U.S. goals.”
  • Indicating Washington’s need for incriminating information in bilateral negotiations, the State Department pressed its Bahrain embassy in 2009 for details, damaging in an Islamic society, on the crown princes, asking: “Is there any derogatory information on either prince? Does either prince drink alcohol? Does either one use drugs?” Indeed, in October 2012, an NSA official identified as “DIRNSA,” or Director General Keith Alexander, proposed the following for countering Muslim radicals: “[Their] vulnerabilities, if exposed, would likely call into question a radicalizer’s devotion to the jihadist cause, leading to the degradation or loss of his authority.” The agency suggested that such vulnerabilities could include “viewing sexually explicit material online” or “using a portion of the donations they are receiving… to defray personal expenses.” The NSA document identified one potential target as a “respected academic” whose “vulnerabilities” are “online promiscuity.”
  • Just as the Internet has centralized communications, so it has moved most commercial sex into cyberspace. With an estimated 25 million salacious sites worldwide and a combined 10.6 billion page views per month in 2013 at the five top sex sites, online pornography has become a global business; by 2006, in fact, it generated $97 billion in revenue. With countless Internet viewers visiting porn sites and almost nobody admitting it, the NSA has easy access to the embarrassing habits of targets worldwide, whether Muslim militants or European leaders. According to James Bamford, author of two authoritative books on the agency, “The NSA's operation is eerily similar to the FBI's operations under J. Edgar Hoover in the 1960s where the bureau used wiretapping to discover vulnerabilities, such as sexual activity, to ‘neutralize’ their targets.”
  • Indeed, whistleblower Edward Snowden has accused the NSA of actually conducting such surveillance.  In a December 2013 letter to the Brazilian people, he wrote, “They even keep track of who is having an affair or looking at pornography, in case they need to damage their target's reputation.” If Snowden is right, then one key goal of NSA surveillance of world leaders is not U.S. national security but political blackmail -- as it has been since 1898. Such digital surveillance has tremendous potential for scandal, as anyone who remembers New York Governor Eliot Spitzer’s forced resignation in 2008 after routine phone taps revealed his use of escort services; or, to take another obvious example, the ouster of France’s budget minister Jérôme Cahuzac in 2013 following wire taps that exposed his secret Swiss bank account. As always, the source of political scandal remains sex or money, both of which the NSA can track with remarkable ease.
  • By starting a swelling river of NSA documents flowing into public view, Edward Snowden has given us a glimpse of the changing architecture of U.S. global power. At the broadest level, Obama’s digital “pivot” complements his overall defense strategy, announced in 2012, of reducing conventional forces while expanding into the new, cost-effective domains of space and cyberspace. While cutting back modestly on costly armaments and the size of the military, President Obama has invested billions in the building of a new architecture for global information control. If we add the $791 billion expended to build the Department of Homeland Security bureaucracy to the $500 billion spent on an increasingly para-militarized version of global intelligence in the dozen years since 9/11, then Washington has made a $1.2 trillion investment in a new apparatus of world power.
  • So formidable is this security bureaucracy that Obama’s recent executive review recommended the regularization, not reform, of current NSA practices, allowing the agency to continue collecting American phone calls and monitoring foreign leaders into the foreseeable future. Cyberspace offers Washington an austerity-linked arena for the exercise of global power, albeit at the cost of trust by its closest allies -- a contradiction that will bedevil America’s global leadership for years to come. To update Henry Stimson: in the age of the Internet, gentlemen don't just read each other’s mail, they watch each other’s porn. Even if we think we have nothing to hide, all of us, whether world leaders or ordinary citizens, have good reason to be concerned.
Paul Merrell

Surveillance scandal rips through hacker community | Security & Privacy - CNET News - 0 views

news.cnet.com/...-rips-through-hacker-community

surveillance state NSA NSA-blowback cloud computing mobile devices privacy

shared by Paul Merrell on 06 Aug 13 - No Cached
  • One security start-up that had an encounter with the FBI was Wickr, a privacy-forward text messaging app for the iPhone with an Android version in private beta. Wickr's co-founder Nico Sell told CNET at Defcon, "Wickr has been approached by the FBI and asked for a backdoor. We said, 'No.'" The mistrust runs deep. "Even if [the NSA] stood up tomorrow and said that [they] have eliminated these programs," said Marlinspike, "How could we believe them? How can we believe that anything they say is true?" Where does security innovation go next? The immediate future of information security innovation most likely lies in software that provides an existing service but with heightened privacy protections, such as webmail that doesn't mine you for personal data.
  • Wickr's Sell thinks that her company has hit upon a privacy innovation that a few others are also doing, but many will soon follow: the company itself doesn't store user data. "[The FBI] would have to force us to build a new app. With the current app there's no way," she said, that they could incorporate backdoor access to Wickr users' texts or metadata. "Even if you trust the NSA 100 percent that they're going to use [your data] correctly," Sell said, "Do you trust that they're going to be able to keep it safe from hackers? What if somebody gets that database and posts it online?" To that end, she said, people will start seeing privacy innovation for services that don't currently provide it. Calling it "social networks 2.0," she said that social network competitors will arise that do a better job of protecting their customer's privacy and predicted that some that succeed will do so because of their emphasis on privacy. Abine's recent MaskMe browser add-on and mobile app for creating disposable e-mail addresses, phone numbers, and credit cards is another example of a service that doesn't have access to its own users' data.
  • Stamos predicted changes in services that companies with cloud storage offer, including offering customers the ability to store their data outside of the U.S. "If they want to stay competitive, they're going to have to," he said. But, he cautioned, "It's impossible to do a cloud-based ad supported service." Soghoian added, "The only way to keep a service running is to pay them money." This, he said, is going to give rise to a new wave of ad-free, privacy protective subscription services.
  • ...2 more annotations...
  • The issue with balancing privacy and surveillance is that the wireless carriers are not interested in privacy, he said. "They've been providing wiretapping for 100 years. Apple may in the next year protect voice calls," he said, and said that the best hope for ending widespread government surveillance will be the makers of mobile operating systems like Apple and Google. Not all upcoming security innovation will be focused on that kind of privacy protection. Security researcher Brandon Wiley showed off at Defcon a protocol he calls Dust that can obfuscate different kinds of network traffic, with the end goal of preventing censorship. "I only make products about letting you say what you want to say anywhere in the world," such as content critical of governments, he said. Encryption can hide the specifics of the traffic, but some governments have figured out that they can simply block all encrypted traffic, he said. The Dust protocol would change that, he said, making it hard to tell the difference between encrypted and unencrypted traffic. It's hard to build encryption into pre-existing products, Wiley said. "I think people are going to make easy-to-use, encrypted apps, and that's going to be the future."
  • Companies could face severe consequences from their security experts, said Stamos, if the in-house experts find out that they've been lied to about providing government access to customer data. You could see "lots of resignations and maybe publicly," he said. "It wouldn't hurt their reputations to go out in a blaze of glory." Perhaps not surprisingly, Marlinspike sounded a hopeful call for non-destructive activism on Defcon's 21st anniversary. "As hackers, we don't have a lot of influence on policy. I hope that's something that we can focus our energy on," he said.
  • Paul Merrell on 06 Aug 13
     
    NSA as the cause of the next major disruption in the social networking service industry?  Grief ahead for Google? Note the point made that: "It's impossible to do a cloud-based ad supported service" where the encryption/decryption takes place on the client side. 
‹ Previous 21 - 40 of 520 Next › Last »
Showing 20 items per page