Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged phone-content

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Cy Vance's Proposal to Backdoor Encrypted Devices Is Riddled With Vulnerabilities | Jus... - 0 views

www.justsecurity.org/...evices-riddled-vulnerabilities

surveillance state encryption-backdoors Vance tyranny right-to-whisper

shared by Paul Merrell on 11 Dec 15 - No Cached
  • Less than a week after the attacks in Paris — while the public and policymakers were still reeling, and the investigation had barely gotten off the ground — Cy Vance, Manhattan’s District Attorney, released a policy paper calling for legislation requiring companies to provide the government with backdoor access to their smartphones and other mobile devices. This is the first concrete proposal of this type since September 2014, when FBI Director James Comey reignited the “Crypto Wars” in response to Apple’s and Google’s decisions to use default encryption on their smartphones. Though Comey seized on Apple’s and Google’s decisions to encrypt their devices by default, his concerns are primarily related to end-to-end encryption, which protects communications that are in transit. Vance’s proposal, on the other hand, is only concerned with device encryption, which protects data stored on phones. It is still unclear whether encryption played any role in the Paris attacks, though we do know that the attackers were using unencrypted SMS text messages on the night of the attack, and that some of them were even known to intelligence agencies and had previously been under surveillance. But regardless of whether encryption was used at some point during the planning of the attacks, as I lay out below, prohibiting companies from selling encrypted devices would not prevent criminals or terrorists from being able to access unbreakable encryption. Vance’s primary complaint is that Apple’s and Google’s decisions to provide their customers with more secure devices through encryption interferes with criminal investigations. He claims encryption prevents law enforcement from accessing stored data like iMessages, photos and videos, Internet search histories, and third party app data. He makes several arguments to justify his proposal to build backdoors into encrypted smartphones, but none of them hold water.
  • Before addressing the major privacy, security, and implementation concerns that his proposal raises, it is worth noting that while an increase in use of fully encrypted devices could interfere with some law enforcement investigations, it will help prevent far more crimes — especially smartphone theft, and the consequent potential for identity theft. According to Consumer Reports, in 2014 there were more than two million victims of smartphone theft, and nearly two-thirds of all smartphone users either took no steps to secure their phones or their data or failed to implement passcode access for their phones. Default encryption could reduce instances of theft because perpetrators would no longer be able to break into the phone to steal the data.
  • Vance argues that creating a weakness in encryption to allow law enforcement to access data stored on devices does not raise serious concerns for security and privacy, since in order to exploit the vulnerability one would need access to the actual device. He considers this an acceptable risk, claiming it would not be the same as creating a widespread vulnerability in encryption protecting communications in transit (like emails), and that it would be cheap and easy for companies to implement. But Vance seems to be underestimating the risks involved with his plan. It is increasingly important that smartphones and other devices are protected by the strongest encryption possible. Our devices and the apps on them contain astonishing amounts of personal information, so much that an unprecedented level of harm could be caused if a smartphone or device with an exploitable vulnerability is stolen, not least in the forms of identity fraud and credit card theft. We bank on our phones, and have access to credit card payments with services like Apple Pay. Our contact lists are stored on our phones, including phone numbers, emails, social media accounts, and addresses. Passwords are often stored on people’s phones. And phones and apps are often full of personal details about their lives, from food diaries to logs of favorite places to personal photographs. Symantec conducted a study, where the company spread 50 “lost” phones in public to see what people who picked up the phones would do with them. The company found that 95 percent of those people tried to access the phone, and while nearly 90 percent tried to access private information stored on the phone or in other private accounts such as banking services and email, only 50 percent attempted contacting the owner.
  • ...8 more annotations...
  • Vance attempts to downplay this serious risk by asserting that anyone can use the “Find My Phone” or Android Device Manager services that allow owners to delete the data on their phones if stolen. However, this does not stand up to scrutiny. These services are effective only when an owner realizes their phone is missing and can take swift action on another computer or device. This delay ensures some period of vulnerability. Encryption, on the other hand, protects everyone immediately and always. Additionally, Vance argues that it is safer to build backdoors into encrypted devices than it is to do so for encrypted communications in transit. It is true that there is a difference in the threats posed by the two types of encryption backdoors that are being debated. However, some manner of widespread vulnerability will inevitably result from a backdoor to encrypted devices. Indeed, the NSA and GCHQ reportedly hacked into a database to obtain cell phone SIM card encryption keys in order defeat the security protecting users’ communications and activities and to conduct surveillance. Clearly, the reality is that the threat of such a breach, whether from a hacker or a nation state actor, is very real. Even if companies go the extra mile and create a different means of access for every phone, such as a separate access key for each phone, significant vulnerabilities will be created. It would still be possible for a malicious actor to gain access to the database containing those keys, which would enable them to defeat the encryption on any smartphone they took possession of. Additionally, the cost of implementation and maintenance of such a complex system could be high.
  • Privacy is another concern that Vance dismisses too easily. Despite Vance’s arguments otherwise, building backdoors into device encryption undermines privacy. Our government does not impose a similar requirement in any other context. Police can enter homes with warrants, but there is no requirement that people record their conversations and interactions just in case they someday become useful in an investigation. The conversations that we once had through disposable letters and in-person conversations now happen over the Internet and on phones. Just because the medium has changed does not mean our right to privacy has.
  • In addition to his weak reasoning for why it would be feasible to create backdoors to encrypted devices without creating undue security risks or harming privacy, Vance makes several flawed policy-based arguments in favor of his proposal. He argues that criminals benefit from devices that are protected by strong encryption. That may be true, but strong encryption is also a critical tool used by billions of average people around the world every day to protect their transactions, communications, and private information. Lawyers, doctors, and journalists rely on encryption to protect their clients, patients, and sources. Government officials, from the President to the directors of the NSA and FBI, and members of Congress, depend on strong encryption for cybersecurity and data security. There are far more innocent Americans who benefit from strong encryption than there are criminals who exploit it. Encryption is also essential to our economy. Device manufacturers could suffer major economic losses if they are prohibited from competing with foreign manufacturers who offer more secure devices. Encryption also protects major companies from corporate and nation-state espionage. As more daily business activities are done on smartphones and other devices, they may now hold highly proprietary or sensitive information. Those devices could be targeted even more than they are now if all that has to be done to access that information is to steal an employee’s smartphone and exploit a vulnerability the manufacturer was required to create.
  • Vance also suggests that the US would be justified in creating such a requirement since other Western nations are contemplating requiring encryption backdoors as well. Regardless of whether other countries are debating similar proposals, we cannot afford a race to the bottom on cybersecurity. Heads of the intelligence community regularly warn that cybersecurity is the top threat to our national security. Strong encryption is our best defense against cyber threats, and following in the footsteps of other countries by weakening that critical tool would do incalculable harm. Furthermore, even if the US or other countries did implement such a proposal, criminals could gain access to devices with strong encryption through the black market. Thus, only innocent people would be negatively affected, and some of those innocent people might even become criminals simply by trying to protect their privacy by securing their data and devices. Finally, Vance argues that David Kaye, UN Special Rapporteur for Freedom of Expression and Opinion, supported the idea that court-ordered decryption doesn’t violate human rights, provided certain criteria are met, in his report on the topic. However, in the context of Vance’s proposal, this seems to conflate the concepts of court-ordered decryption and of government-mandated encryption backdoors. The Kaye report was unequivocal about the importance of encryption for free speech and human rights. The report concluded that:
  • States should promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online. … States should not restrict encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate. States should avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. Additionally, the group of intelligence experts that was hand-picked by the President to issue a report and recommendations on surveillance and technology, concluded that: [R]egarding encryption, the U.S. Government should: (1) fully support and not undermine efforts to create encryption standards; (2) not in any way subvert, undermine, weaken, or make vulnerable generally available commercial software; and (3) increase the use of encryption and urge US companies to do so, in order to better protect data in transit, at rest, in the cloud, and in other storage.
  • The clear consensus among human rights experts and several high-ranking intelligence experts, including the former directors of the NSA, Office of the Director of National Intelligence, and DHS, is that mandating encryption backdoors is dangerous. Unaddressed Concerns: Preventing Encrypted Devices from Entering the US and the Slippery Slope In addition to the significant faults in Vance’s arguments in favor of his proposal, he fails to address the question of how such a restriction would be effectively implemented. There is no effective mechanism for preventing code from becoming available for download online, even if it is illegal. One critical issue the Vance proposal fails to address is how the government would prevent, or even identify, encrypted smartphones when individuals bring them into the United States. DHS would have to train customs agents to search the contents of every person’s phone in order to identify whether it is encrypted, and then confiscate the phones that are. Legal and policy considerations aside, this kind of policy is, at the very least, impractical. Preventing strong encryption from entering the US is not like preventing guns or drugs from entering the country — encrypted phones aren’t immediately obvious as is contraband. Millions of people use encrypted devices, and tens of millions more devices are shipped to and sold in the US each year.
  • Finally, there is a real concern that if Vance’s proposal were accepted, it would be the first step down a slippery slope. Right now, his proposal only calls for access to smartphones and devices running mobile operating systems. While this policy in and of itself would cover a number of commonplace devices, it may eventually be expanded to cover laptop and desktop computers, as well as communications in transit. The expansion of this kind of policy is even more worrisome when taking into account the speed at which technology evolves and becomes widely adopted. Ten years ago, the iPhone did not even exist. Who is to say what technology will be commonplace in 10 or 20 years that is not even around today. There is a very real question about how far law enforcement will go to gain access to information. Things that once seemed like merely science fiction, such as wearable technology and artificial intelligence that could be implanted in and work with the human nervous system, are now available. If and when there comes a time when our “smart phone” is not really a device at all, but is rather an implant, surely we would not grant law enforcement access to our minds.
  • Policymakers should dismiss Vance’s proposal to prohibit the use of strong encryption to protect our smartphones and devices in order to ensure law enforcement access. Undermining encryption, regardless of whether it is protecting data in transit or at rest, would take us down a dangerous and harmful path. Instead, law enforcement and the intelligence community should be working to alter their skills and tactics in a fast-evolving technological world so that they are not so dependent on information that will increasingly be protected by encryption.
Paul Merrell

Eric Holder: The Justice Department could strike deal with Edward Snowden - 0 views

www.yahoo.com/...could-strike-123393663066.html

surveillance state Snowden charges plea-deal Holder

shared by Paul Merrell on 07 Jul 15 - No Cached
  • Eric Holder: The Justice Department could strike deal with Edward SnowdenMichael IsikoffChief Investigative CorrespondentJuly 6, 2015Former U.S. Attorney General Eric Holder. (Photo: Olivier Douliery-Pool/Getty) Former Attorney General Eric Holder said today that a “possibility exists” for the Justice Department to cut a deal with former NSA contractor Edward Snowden that would allow him to return to the United States from Moscow. In an interview with Yahoo News, Holder said “we are in a different place as a result of the Snowden disclosures” and that “his actions spurred a necessary debate” that prompted President Obama and Congress to change policies on the bulk collection of phone records of American citizens. Asked if that meant the Justice Department might now be open to a plea bargain that allows Snowden to return from his self-imposed exile in Moscow, Holder replied: “I certainly think there could be a basis for a resolution that everybody could ultimately be satisfied with. I think the possibility exists.”
  • But his remarks to Yahoo News go further than any current or former Obama administration official in suggesting that Snowden’s disclosures had a positive impact and that the administration might be open to a negotiated plea that the self-described whistleblower could accept, according to his lawyer Ben Wizner.
  • It’s also not clear whether Holder’s comments signal a shift in Obama administration attitudes that could result in a resolution of the charges against Snowden. Melanie Newman, chief spokeswoman for Attorney General Loretta Lynch, Holder’s successor, immediately shot down the idea that the Justice Department was softening its stance on Snowden. “This is an ongoing case so I am not going to get into specific details but I can say our position regarding bringing Edward Snowden back to the United States to face charges has not changed,” she said in an email.
  • ...1 more annotation...
  • Three sources familiar with informal discussions of Snowden’s case told Yahoo News that one top U.S. intelligence official, Robert Litt, the chief counsel to Director of National Intelligence James Clapper, recently privately floated the idea that the government might be open to a plea bargain in which Snowden returns to the United States, pleads guilty to one felony count and receives a prison sentence of three to five years in exchange for full cooperation with the government.
Paul Merrell

From Radio to Porn, British Spies Track Web Users' Online Identities - 0 views

theintercept.com/...ck-web-users-online-identities

surveillance state GCHQ Black-Hole

shared by Paul Merrell on 27 Sep 15 - No Cached
  • HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.
  • Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities.
  • The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant
  • ...17 more annotations...
  • A huge volume of the Internet data GCHQ collects flows directly into a massive repository named Black Hole, which is at the core of the agency’s online spying operations, storing raw logs of intercepted material before it has been subject to analysis. Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about ordinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion “events” — a term the agency uses to refer to metadata records — with about 10 billion new entries added every day. As of March 2009, the largest slice of data Black Hole held — 41 percent — was about people’s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.
  • Throughout this period, as smartphone sales started to boom, the frequency of people’s Internet use was steadily increasing. In tandem, British spies were working frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositories to handle an avalanche of new data. By 2010, according to the documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perform what it called “population-scale” data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it said would be, by 2013, “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.”
  • A document from the GCHQ target analysis center (GTAC) shows the Black Hole repository’s structure.
  • The data is searched by GCHQ analysts in a hunt for behavior online that could be connected to terrorism or other criminal activity. But it has also served a broader and more controversial purpose — helping the agency hack into European companies’ computer networks. In the lead up to its secret mission targeting Netherlands-based Gemalto, the largest SIM card manufacturer in the world, GCHQ used MUTANT BROTH in an effort to identify the company’s employees so it could hack into their computers. The system helped the agency analyze intercepted Facebook cookies it believed were associated with Gemalto staff located at offices in France and Poland. GCHQ later successfully infiltrated Gemalto’s internal networks, stealing encryption keys produced by the company that protect the privacy of cell phone communications.
  • Similarly, MUTANT BROTH proved integral to GCHQ’s hack of Belgian telecommunications provider Belgacom. The agency entered IP addresses associated with Belgacom into MUTANT BROTH to uncover information about the company’s employees. Cookies associated with the IPs revealed the Google, Yahoo, and LinkedIn accounts of three Belgacom engineers, whose computers were then targeted by the agency and infected with malware. The hacking operation resulted in GCHQ gaining deep access into the most sensitive parts of Belgacom’s internal systems, granting British spies the ability to intercept communications passing through the company’s networks.
  • In March, a U.K. parliamentary committee published the findings of an 18-month review of GCHQ’s operations and called for an overhaul of the laws that regulate the spying. The committee raised concerns about the agency gathering what it described as “bulk personal datasets” being held about “a wide range of people.” However, it censored the section of the report describing what these “datasets” contained, despite acknowledging that they “may be highly intrusive.” The Snowden documents shine light on some of the core GCHQ bulk data-gathering programs that the committee was likely referring to — pulling back the veil of secrecy that has shielded some of the agency’s most controversial surveillance operations from public scrutiny. KARMA POLICE and MUTANT BROTH are among the key bulk collection systems. But they do not operate in isolation — and the scope of GCHQ’s spying extends far beyond them.
  • The agency operates a bewildering array of other eavesdropping systems, each serving its own specific purpose and designated a unique code name, such as: SOCIAL ANTHROPOID, which is used to analyze metadata on emails, instant messenger chats, social media connections and conversations, plus “telephony” metadata about phone calls, cell phone locations, text and multimedia messages; MEMORY HOLE, which logs queries entered into search engines and associates each search with an IP address; MARBLED GECKO, which sifts through details about searches people have entered into Google Maps and Google Earth; and INFINITE MONKEYS, which analyzes data about the usage of online bulletin boards and forums. GCHQ has other programs that it uses to analyze the content of intercepted communications, such as the full written body of emails and the audio of phone calls. One of the most important content collection capabilities is TEMPORA, which mines vast amounts of emails, instant messages, voice calls and other communications and makes them accessible through a Google-style search tool named XKEYSCORE.
  • As of September 2012, TEMPORA was collecting “more than 40 billion pieces of content a day” and it was being used to spy on people across Europe, the Middle East, and North Africa, according to a top-secret memo outlining the scope of the program. The existence of TEMPORA was first revealed by The Guardian in June 2013. To analyze all of the communications it intercepts and to build a profile of the individuals it is monitoring, GCHQ uses a variety of different tools that can pull together all of the relevant information and make it accessible through a single interface. SAMUEL PEPYS is one such tool, built by the British spies to analyze both the content and metadata of emails, browsing sessions, and instant messages as they are being intercepted in real time. One screenshot of SAMUEL PEPYS in action shows the agency using it to monitor an individual in Sweden who visited a page about GCHQ on the U.S.-based anti-secrecy website Cryptome.
  • Partly due to the U.K.’s geographic location — situated between the United States and the western edge of continental Europe — a large amount of the world’s Internet traffic passes through its territory across international data cables. In 2010, GCHQ noted that what amounted to “25 percent of all Internet traffic” was transiting the U.K. through some 1,600 different cables. The agency said that it could “survey the majority of the 1,600” and “select the most valuable to switch into our processing systems.”
  • According to Joss Wright, a research fellow at the University of Oxford’s Internet Institute, tapping into the cables allows GCHQ to monitor a large portion of foreign communications. But the cables also transport masses of wholly domestic British emails and online chats, because when anyone in the U.K. sends an email or visits a website, their computer will routinely send and receive data from servers that are located overseas. “I could send a message from my computer here [in England] to my wife’s computer in the next room and on its way it could go through the U.S., France, and other countries,” Wright says. “That’s just the way the Internet is designed.” In other words, Wright adds, that means “a lot” of British data and communications transit across international cables daily, and are liable to be swept into GCHQ’s databases.
  • A map from a classified GCHQ presentation about intercepting communications from undersea cables. GCHQ is authorized to conduct dragnet surveillance of the international data cables through so-called external warrants that are signed off by a government minister. The external warrants permit the agency to monitor communications in foreign countries as well as British citizens’ international calls and emails — for example, a call from Islamabad to London. They prohibit GCHQ from reading or listening to the content of “internal” U.K. to U.K. emails and phone calls, which are supposed to be filtered out from GCHQ’s systems if they are inadvertently intercepted unless additional authorization is granted to scrutinize them. However, the same rules do not apply to metadata. A little-known loophole in the law allows GCHQ to use external warrants to collect and analyze bulk metadata about the emails, phone calls, and Internet browsing activities of British people, citizens of closely allied countries, and others, regardless of whether the data is derived from domestic U.K. to U.K. communications and browsing sessions or otherwise. In March, the existence of this loophole was quietly acknowledged by the U.K. parliamentary committee’s surveillance review, which stated in a section of its report that “special protection and additional safeguards” did not apply to metadata swept up using external warrants and that domestic British metadata could therefore be lawfully “returned as a result of searches” conducted by GCHQ.
  • Perhaps unsurprisingly, GCHQ appears to have readily exploited this obscure legal technicality. Secret policy guidance papers issued to the agency’s analysts instruct them that they can sift through huge troves of indiscriminately collected metadata records to spy on anyone regardless of their nationality. The guidance makes clear that there is no exemption or extra privacy protection for British people or citizens from countries that are members of the Five Eyes, a surveillance alliance that the U.K. is part of alongside the U.S., Canada, Australia, and New Zealand. “If you are searching a purely Events only database such as MUTANT BROTH, the issue of location does not occur,” states one internal GCHQ policy document, which is marked with a “last modified” date of July 2012. The document adds that analysts are free to search the databases for British metadata “without further authorization” by inputing a U.K. “selector,” meaning a unique identifier such as a person’s email or IP address, username, or phone number. Authorization is “not needed for individuals in the U.K.,” another GCHQ document explains, because metadata has been judged “less intrusive than communications content.” All the spies are required to do to mine the metadata troves is write a short “justification” or “reason” for each search they conduct and then click a button on their computer screen.
  • Intelligence GCHQ collects on British persons of interest is shared with domestic security agency MI5, which usually takes the lead on spying operations within the U.K. MI5 conducts its own extensive domestic surveillance as part of a program called DIGINT (digital intelligence).
  • GCHQ’s documents suggest that it typically retains metadata for periods of between 30 days to six months. It stores the content of communications for a shorter period of time, varying between three to 30 days. The retention periods can be extended if deemed necessary for “cyber defense.” One secret policy paper dated from January 2010 lists the wide range of information the agency classes as metadata — including location data that could be used to track your movements, your email, instant messenger, and social networking “buddy lists,” logs showing who you have communicated with by phone or email, the passwords you use to access “communications services” (such as an email account), and information about websites you have viewed.
  • Records showing the full website addresses you have visited — for instance, www.gchq.gov.uk/what_we_do — are treated as content. But the first part of an address you have visited — for instance, www.gchq.gov.uk — is treated as metadata. In isolation, a single metadata record of a phone call, email, or website visit may not reveal much about a person’s private life, according to Ethan Zuckerman, director of Massachusetts Institute of Technology’s Center for Civic Media. But if accumulated and analyzed over a period of weeks or months, these details would be “extremely personal,” he told The Intercept, because they could reveal a person’s movements, habits, religious beliefs, political views, relationships, and even sexual preferences. For Zuckerman, who has studied the social and political ramifications of surveillance, the most concerning aspect of large-scale government data collection is that it can be “corrosive towards democracy” — leading to a chilling effect on freedom of expression and communication. “Once we know there’s a reasonable chance that we are being watched in one fashion or another it’s hard for that not to have a ‘panopticon effect,’” he said, “where we think and behave differently based on the assumption that people may be watching and paying attention to what we are doing.”
  • When compared to surveillance rules in place in the U.S., GCHQ notes in one document that the U.K. has “a light oversight regime.” The more lax British spying regulations are reflected in secret internal rules that highlight greater restrictions on how NSA databases can be accessed. The NSA’s troves can be searched for data on British citizens, one document states, but they cannot be mined for information about Americans or other citizens from countries in the Five Eyes alliance. No such constraints are placed on GCHQ’s own databases, which can be sifted for records on the phone calls, emails, and Internet usage of Brits, Americans, and citizens from any other country. The scope of GCHQ’s surveillance powers explain in part why Snowden told The Guardian in June 2013 that U.K. surveillance is “worse than the U.S.” In an interview with Der Spiegel in July 2013, Snowden added that British Internet cables were “radioactive” and joked: “Even the Queen’s selfies to the pool boy get logged.”
  • In recent years, the biggest barrier to GCHQ’s mass collection of data does not appear to have come in the form of legal or policy restrictions. Rather, it is the increased use of encryption technology that protects the privacy of communications that has posed the biggest potential hindrance to the agency’s activities. “The spread of encryption … threatens our ability to do effective target discovery/development,” says a top-secret report co-authored by an official from the British agency and an NSA employee in 2011. “Pertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,” the report says, adding that the agencies were working on a plan that would “(hopefully) allow our Internet Exploitation strategy to prevail.”
Paul Merrell

Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahama... - 0 views

firstlook.org/...-every-cell-phone-call-bahamas

surveillance state NSA DEA cell-phone-dragnet-recording

shared by Paul Merrell on 20 May 14 - No Cached
  • The National Security Agency is secretly intercepting, recording, and archiving the audio of virtually every cell phone conversation on the island nation of the Bahamas. According to documents provided by NSA whistleblower Edward Snowden, the surveillance is part of a top-secret system – code-named SOMALGET – that was implemented without the knowledge or consent of the Bahamian government. Instead, the agency appears to have used access legally obtained in cooperation with the U.S. Drug Enforcement Administration to open a backdoor to the country’s cellular telephone network, enabling it to covertly record and store the “full-take audio” of every mobile call made to, from and within the Bahamas – and to replay those calls for up to a month. SOMALGET is part of a broader NSA program called MYSTIC, which The Intercept has learned is being used to secretly monitor the telecommunications systems of the Bahamas and several other countries, including Mexico, the Philippines, and Kenya. But while MYSTIC scrapes mobile networks for so-called “metadata” – information that reveals the time, source, and destination of calls – SOMALGET is a cutting-edge tool that enables the NSA to vacuum up and store the actual content of every conversation in an entire country.
  • All told, the NSA is using MYSTIC to gather personal data on mobile calls placed in countries with a combined population of more than 250 million people. And according to classified documents, the agency is seeking funding to export the sweeping surveillance capability elsewhere. The program raises profound questions about the nature and extent of American surveillance abroad. The U.S. intelligence community routinely justifies its massive spying efforts by citing the threats to national security posed by global terrorism and unpredictable rival nations like Russia and Iran. But the NSA documents indicate that SOMALGET has been deployed in the Bahamas to locate “international narcotics traffickers and special-interest alien smugglers” – traditional law-enforcement concerns, but a far cry from derailing terror plots or intercepting weapons of mass destruction.
  • By targeting the Bahamas’ entire mobile network, the NSA is intentionally collecting and retaining intelligence on millions of people who have not been accused of any crime or terrorist activity. Nearly five million Americans visit the country each year, and many prominent U.S. citizens keep homes there, including Sen. Tom Harkin (D-Iowa), Bill Gates, and Oprah Winfrey.
  • ...12 more annotations...
  • The Intercept has confirmed that as of 2013, the NSA was actively using MYSTIC to gather cell-phone metadata in five countries, and was intercepting voice data in two of them. Documents show that the NSA has been generating intelligence reports from MYSTIC surveillance in the Bahamas, Mexico, Kenya, the Philippines, and one other country, which The Intercept is not naming in response to specific, credible concerns that doing so could lead to increased violence. The more expansive full-take recording capability has been deployed in both the Bahamas and the unnamed country. MYSTIC was established in 2009 by the NSA’s Special Source Operations division, which works with corporate partners to conduct surveillance. Documents in the Snowden archive describe it as a “program for embedded collection systems overtly installed on target networks, predominantly for the collection and processing of wireless/mobile communications networks.”
  • If an entire nation’s cell-phone calls were a menu of TV shows, MYSTIC would be a cable programming guide showing which channels offer which shows, and when. SOMALGET would be the DVR that automatically records every show on every channel and stores them for a month. MYSTIC provides the access; SOMALGET provides the massive amounts of storage needed to archive all those calls so that analysts can listen to them at will after the fact. According to one NSA document, SOMALGET is “deployed against entire networks” in the Bahamas and the second country, and processes “over 100 million call events per day.”
  • When U.S. drug agents need to tap a phone of a suspected drug kingpin in another country, they call up their counterparts and ask them set up an intercept. To facilitate those taps, many nations – including the Bahamas – have hired contractors who install and maintain so-called lawful intercept equipment on their telecommunications. With SOMALGET, it appears that the NSA has used the access those contractors developed to secretly mine the country’s entire phone system for “signals intelligence” –recording every mobile call in the country. “Host countries,” the document notes, “are not aware of NSA’s SIGINT collection.” “Lawful intercept systems engineer communications vulnerabilities into networks, forcing the carriers to weaken,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “Host governments really should be thinking twice before they accept one of these Trojan horses.”
  • The DEA has long been in a unique position to help the NSA gain backdoor access to foreign phone networks. “DEA has close relationships with foreign government counterparts and vetted foreign partners,” the manager of the NSA’s drug-war efforts reported in a 2004 memo. Indeed, with more than 80 international offices, the DEA is one of the most widely deployed U.S. agencies around the globe. But what many foreign governments fail to realize is that U.S. drug agents don’t confine themselves to simply fighting narcotics traffickers. “DEA is actually one of the biggest spy operations there is,” says Finn Selander, a former DEA special agent who works with the drug-reform advocacy group Law Enforcement Against Prohibition. “Our mandate is not just drugs. We collect intelligence.” What’s more, Selander adds, the NSA has aided the DEA for years on surveillance operations. “On our reports, there’s drug information and then there’s non-drug information,” he says. “So countries let us in because they don’t view us, really, as a spy organization.”
  • “I seriously don’t think that would be your run-of-the-mill legal interception equipment,” says the former engineer, who worked with hardware and software that typically maxed out at 1,000 intercepts. The NSA, by contrast, is recording and storing tens of millions of calls – “mass surveillance,” he observes, that goes far beyond the standard practices for lawful interception recognized around the world. The Bahamas Telecommunications Company did not respond to repeated phone calls and emails.
  • The proliferation of private contractors has apparently provided the NSA with direct access to foreign phone networks. According to the documents, MYSTIC draws its data from “collection systems” that were overtly installed on the telecommunications systems of targeted countries, apparently by corporate “partners” cooperating with the NSA. One NSA document spells out that “the overt purpose” given for accessing foreign telecommunications systems is “for legitimate commercial service for the Telco’s themselves.” But the same document adds: “Our covert mission is the provision of SIGINT,” or signals intelligence.
  • According to the NSA documents, MYSTIC targets calls and other data transmitted on  Global System for Mobile Communications networks – the primary framework used for cell phone calls worldwide. In the Philippines, MYSTIC collects “GSM, Short Message Service (SMS) and Call Detail Records” via access provided by a “DSD asset in a Philippine provider site.” (The DSD refers to the Defence Signals Directorate, an arm of Australian intelligence. The Australian consulate in New York declined to comment.) The operation in Kenya is “sponsored” by the CIA, according to the documents, and collects “GSM metadata with the potential for content at a later date.” The Mexican operation is likewise sponsored by the CIA. The documents don’t say how or under what pretenses the agency is gathering call data in those countries. In the Bahamas, the documents say, the NSA intercepts GSM data that is transmitted over what is known as the “A link”–or “A interface”–a core component of many mobile networks. The A link transfers data between two crucial parts of GSM networks – the base station subsystem, where phones in the field communicate with cell towers, and the network subsystem, which routes calls and text messages to the appropriate destination. “It’s where all of the telephone traffic goes,” says the former engineer.
  • When U.S. drug agents wiretap a country’s phone networks, they must comply with the host country’s laws and work alongside their law enforcement counterparts. “The way DEA works with our allies – it could be Bahamas or Jamaica or anywhere – the host country has to invite us,” says Margolis. “We come in and provide the support, but they do the intercept themselves.” The Bahamas’ Listening Devices Act requires all wiretaps to be authorized in writing either by the minister of national security or the police commissioner in consultation with the attorney general. The individuals to be targeted must be named. Under the nation’s Data Protection Act, personal data may only be “collected by means which are both lawful and fair in the circumstances of the case.” The office of the Bahamian data protection commissioner, which administers the act, said in a statement that it “was not aware of the matter you raise.” Countries like the Bahamas don’t install lawful intercepts on their own. With the adoption of international standards, a thriving market has emerged for private firms that are contracted by foreign governments to install and maintain lawful intercept equipment. Currently valued at more than $128 million, the global market for private interception services is expected to skyrocket to more than $970 million within the next four years, according to a 2013 report from the research firm Markets and Markets.
  • If the U.S. government wanted to make a case for surveillance in the Bahamas, it could point to the country’s status as a leading haven for tax cheats, corporate shell games, and a wide array of black-market traffickers. The State Department considers the Bahamas both a “major drug-transit country” and a “major money laundering country” (a designation it shares with more than 60 other nations, including the U.S.). According to the International Monetary Fund, as of 2011 the Bahamas was home to 271 banks and trust companies with active licenses. At the time, the Bahamian banks held $595 billion in U.S. assets. But the NSA documents don’t reflect a concerted focus on the money launderers and powerful financial institutions – including numerous Western banks – that underpin the black market for narcotics in the Bahamas. Instead, an internal NSA presentation from 2013 recounts with pride how analysts used SOMALGET to locate an individual who “arranged Mexico-to-United States marijuana shipments” through the U.S. Postal Service.
  • The presentation doesn’t say whether the NSA shared the information with the DEA. But the drug agency’s Special Operations Divison has come under fire for improperly using classified information obtained by the NSA to launch criminal investigations – and then creating false narratives to mislead courts about how the investigations began. The tactic – known as parallel construction – was first reported by Reuters last year, and is now under investigation by the Justice Department’s inspector general. So: Beyond a desire to bust island pot dealers, why would the NSA choose to apply a powerful collection tool such as SOMALGET against the Bahamas, which poses virtually no threat to the United States? The answer may lie in a document that characterizes the Bahamas operation as a “test bed for system deployments, capabilities, and improvements” to SOMALGET. The country’s small population – fewer than 400,000 residents – provides a manageable sample to try out the surveillance system’s features. Since SOMALGET is also operational in one other country, the Bahamas may be used as a sort of guinea pig to beta-test improvements and alterations without impacting the system’s operations elsewhere. “From an engineering point of view it makes perfect sense,” says the former engineer. “Absolutely.”
  • SOMALGET operates under Executive Order 12333, a Reagan-era rule establishing wide latitude for the NSA and other intelligence agencies to spy on other countries, as long as the attorney general is convinced the efforts are aimed at gathering foreign intelligence. In 2000, the NSA assured Congress that all electronic surveillance performed under 12333 “must be conducted in a manner that minimizes the acquisition, retention, and dissemination of information about unconsenting U.S. persons.” In reality, many legal experts point out, the lack of judicial oversight or criminal penalties for violating the order render the guidelines meaningless. “I think it would be open, whether it was legal or not,” says German, the former FBI agent. “Because we don’t have all the facts about how they’re doing it. For a long time, the NSA has been interpreting their authority in the broadest possible way, even beyond what an objective observer would say was reasonable.” “An American citizen has Fourth Amendment rights wherever they are,” adds Kurt Opsahl, an attorney with the Electronic Frontier Foundation. “Nevertheless, there have certainly been a number of things published over the last year which suggest that there are broad, sweeping programs that the NSA and other government agencies are doing abroad that sweep up the communications of Americans.”
  • Legal or not, the NSA’s covert surveillance of an entire nation suggests that it will take more than the president’s tepid “limits” to rein in the ambitions of the intelligence community. “It’s almost like they have this mentality – if we can, we will,” says German. “There’s no analysis of the long-term risks of doing it, no analysis of whether it’s actually worth the effort, no analysis of whether we couldn’t take those resources and actually put them on real threats and do more good.” It’s not surprising, German adds, that the government’s covert program in the Bahamas didn’t remain covert. “The undermining of international law and international cooperation is such a long-term negative result of these programs that they had to know would eventually be exposed, whether through a leak, whether through a spy, whether through an accident,” he says. “Nothing stays secret forever. It really shows the arrogance of these agencies – they were just going to do what they were going to do, and they weren’t really going to consider any other important aspects of how our long-term security needs to be addressed.”
  • Paul Merrell on 20 May 14
     
    Words fail me.
Paul Merrell

Obama to Call for End to N.S.A.'s Bulk Data Collection - NYTimes.com - 0 views

www.nytimes.com/...eek-nsa-curb-on-call-data.html

surveillance state NSA call-metadata NSA-reform Obama legislation

shared by Paul Merrell on 26 Mar 14 - No Cached
  • The Obama administration is preparing to unveil a legislative proposal for a far-reaching overhaul of the National Security Agency’s once-secret bulk phone records program in a way that — if approved by Congress — would end the aspect that has most alarmed privacy advocates since its existence was leaked last year, according to senior administration officials.Under the proposal, they said, the N.S.A. would end its systematic collection of data about Americans’ calling habits. The bulk records would stay in the hands of phone companies, which would not be required to retain the data for any longer than they normally would. And the N.S.A. could obtain specific records only with permission from a judge, using a new kind of court order. In a speech in January, President Obama said he wanted to get the N.S.A. out of the business of collecting call records in bulk while preserving the program’s abilities. He acknowledged, however, that there was no easy way to do so, and had instructed Justice Department and intelligence officials to come up with a plan by March 28 — Friday — when the current court order authorizing the program expires.
  • As part of the proposal, the administration has decided to ask the Foreign Intelligence Surveillance Court to renew the program as it exists for at least one more 90-day cycle, senior administration officials said. But under the plan the administration has developed and now advocates, the officials said, it would later undergo major changes. The new type of surveillance court orders envisioned by the administration would require phone companies to swiftly provide records in a technologically compatible data format, including making available, on a continuing basis, data about any new calls placed or received after the order is received, the officials said. They would also allow the government to swiftly seek related records for callers up to two phone calls, or “hops,” removed from the number that has come under suspicion, even if those callers are customers of other companies.
  • The N.S.A. now retains the phone data for five years. But the administration considered and rejected imposing a mandate on phone companies that they hold on to their customers’ calling records for a period longer than the 18 months that federal regulations already generally require — a burden that the companies had resisted shouldering and that was seen as a major obstacle to keeping the data in their hands. A senior administration official said that intelligence agencies had concluded that the operational impact of that change would be small because older data is less important.The N.S.A. uses the once-secret call records program — sometimes known as the 215 program, after Section 215 of the Patriot Act — to analyze links between callers in an effort to identify hidden terrorist associates, if they exist. It was part of the secret surveillance program that President George W. Bush unilaterally put in place after the terrorist attacks of Sept. 11, 2001, outside of any legal framework or court oversight.
  • ...4 more annotations...
  • Marc Rotenberg, the executive director of the Electronic Privacy Information Center, called the administration’s proposal a “sensible outcome, given that the 215 program likely exceeded current legal authority and has not proved to be effective.” While he said that he would like to see more overhauls to other surveillance authorities, he said the proposal was “significant” and addressed the major concerns with the N.S.A.’s bulk records program. Jameel Jaffer of the American Civil Liberties Union said, “We have many questions about the details, but we agree with the administration that the N.S.A.’s bulk collection of call records should end.” He added, “As we’ve argued since the program was disclosed, the government can track suspected terrorists without placing millions of people under permanent surveillance.”
  • In recent days, attention in Congress has shifted to legislation developed by leaders of the House Intelligence Committee. That bill, according to people familiar with a draft proposal, would have the court issue an overarching order authorizing the program, but allow the N.S.A. to issue subpoenas for specific phone records without prior judicial approval.
  • The Obama administration proposal, by contrast, would retain a judicial role in determining whether the standard of suspicion was met for a particular phone number before the N.S.A. could obtain associated records.The administration’s proposal would also include a provision clarifying whether Section 215 of the Patriot Act, due to expire next year unless Congress reauthorizes it, may in the future be legitimately interpreted as allowing bulk data collection of telephone data.The proposal would not, however, affect other forms of bulk collection under the same provision. The C.I.A., for example, has obtained orders for bulk collection of records about international money transfers handled by companies like Western Union.
  • The government has been unable to point to any thwarted terrorist attacks that would have been carried out if the program had not existed, but has argued that it is a useful tool.
  • Paul Merrell on 26 Mar 14
     
    "The N.S.A. uses the once-secret call records program ... to analyze links between callers in an effort to identify hidden terrorist associates, if they exist." Correction: "The N.S.A. *claims* to use the ..." 
Paul Merrell

NSA Director Finally Admits Encryption Is Needed to Protect Public's Privacy - 0 views

www.mintpressnews.com/...213028

surveillance state encryption NSA Comey

shared by Paul Merrell on 25 Jan 16 - No Cached
  • NSA Director Finally Admits Encryption Is Needed to Protect Public’s Privacy The new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. By Carey Wedler | AntiMedia | January 22, 2016 Share this article! https://mail.google.com/mail/?view=cm&fs=1&to&su=NSA%20Director%20Finally%20Admits%20Encryption%20Is%20Needed%20to%20Protect%20Public%E2%80%99s%20Privacy&body=http%3A%2F%2Fwww.mintpress
  • Rogers cited the recent Office of Personnel Management hack of over 20 million users as a reason to increase encryption rather than scale it back. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack that compromised the personal data about 20 million people who obtained background checks. Rogers’ comments, while forward-thinking, signify an about face in his stance on encryption. In February 2015, he said he “shares [FBI] Director [James] Comey’s concern” about cell phone companies’ decision to add encryption features to their products. Comey has been one loudest critics of encryption. However, Rogers’ comments on Thursday now directly conflict with Comey’s stated position. The FBI director has publicly chastised encryption, as well as the companies that provide it. In 2014, he claimed Apple’s then-new encryption feature could lead the world to “a very dark place.” At a Department of Justice hearing in November, Comey testified that “Increasingly, the shadow that is ‘going dark’ is falling across more and more of our work.” Though he claimed, “We support encryption,” he insisted “we have a problem that encryption is crashing into public safety and we have to figure out, as people who care about both, to resolve it. So, I think the conversation’s in a healthier place.”
  • At the same hearing, Comey and Attorney General Loretta Lynch declined to comment on whether they had proof the Paris attackers used encryption. Even so, Comey recently lobbied for tech companies to do away with end-to-end encryption. However, his crusade has fallen on unsympathetic ears, both from the private companies he seeks to control — and from the NSA. Prior to Rogers’ statements in support of encryption Thursday, former NSA chief Michael Hayden said, “I disagree with Jim Comey. I actually think end-to-end encryption is good for America.” Still another former NSA chair has criticized calls for backdoor access to information. In October, Mike McConnell told a panel at an encryption summit that the United States is “better served by stronger encryption, rather than baking in weaker encryption.” Former Department of Homeland Security chief, Michael Chertoff, has also spoken out against government being able to bypass encryption.
  • ...2 more annotations...
  • Regardless of these individual defenses of encryption, the Intercept explained why these statements may be irrelevant: “Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.”
  • Rogers statements, of course, are not a full-fledged endorsement of privacy, nor can the NSA be expected to make it a priority. Even so, his new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. “So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” Rogers said Thursday. “So what we’ve got to ask ourselves is, with that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”
Paul Merrell

NSA 'secret backdoor' paved way to U.S. phone, e-mail snooping | Politics and Law - CNE... - 0 views

news.cnet.com/...y-to-u.s-phone-e-mail-snooping

surveillance state NSA Obama lies must-read

shared by Paul Merrell on 17 Aug 13 - No Cached
  • The National Security Agency created a "secret backdoor" so its massive databases could be searched for the contents of U.S. citizens' confidential phone calls and e-mail messages without a warrant, according to the latest classified documents leaked by Edward Snowden. A report in the Guardian on Friday quoted Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence Committee, as saying the secret rule offers a loophole allowing "warrantless searches for the phone calls or emails of law-abiding Americans." That appears to confirm what Rep. Jerrold Nadler, a New York Democrat, said in June after receiving a classified briefing from administration officials a few days earlier on the extent of the NSA's domestic surveillance operations. If the NSA wants "to listen to the phone," an analyst's decision is sufficient, without any other legal authorization required, Nadler said he had been told during the briefing. "I was rather startled," said Nadler, an attorney who serves on the House Judiciary Committee.
  • FBI Director Robert Mueller responded by assuring Nadler, according to a transcript of the hearing, that to "listen to the phone," the government would need "a particularized order" from the Foreign Intelligence Surveillance Court -- a claim that is contradicted by today's Guardian report and other documents. Mueller has been succeeded by James Comey, who was confirmed last month by the Senate. In response to a CNET article at the time, Director of National Intelligence James Clapper released a statement saying: "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress." Clapper never elaborated, however, on what "proper" authorization would be. Today's top-secret document leaked by Snowden reveals that "procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data."
  • FAA 702 is a reference to section 702 of a 2008 law that amended the Foreign Intelligence Surveillance Act. Those amendments created a warrantless surveillance process that could be employed by NSA analysts, but Congress never intended it to be used domestically against American citizens: A congressional report accompanying the law claimed it allows electronic surveillance only of "persons located outside the United States in order to acquire foreign intelligence information." In reality, though, the Obama Justice Department has devised secret interpretations of FAA 702 carving out loopholes in what were intended to be strict privacy safeguards. One loophole revealed in June shows that NSA, CIA, and FBI analysts are granted broad access to data vacuumed up by the world's most powerful intelligence agency -- but are supposed to follow certain "targeting" and "minimization" procedures to limit the number of Americans who become individual targets of warrantless surveillance.
  • ...2 more annotations...
  • Today's disclosures appear to be at odds with what President Obama has said over the last two months in defense of NSA surveillance. "What I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls and the NSA cannot target your e-mails," Obama has said. Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications.
  • AT&T and other telecommunications companies that allow the NSA to tap into their fiber links receive absolute immunity from civil liability or criminal prosecution, thanks to Section 702 of the FISA Amendments Act, which Congress renewed in 2012. It says that any civil lawsuit "against any person for providing assistance to an element of the intelligence community...shall be promptly dismissed." Section 702 of the law says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court -- in practice, this means analysts at the NSA and other agencies with intelligence functions -- as long as minimization requirements and general procedures blessed by the court are followed. It's unclear whether the court has approved the "secret backdoor" allowing Americans' e-mail and phone messages to be targeted for domestic surveillance.
Paul Merrell

NSA can eavesdrop on Americans' phone calls, documents show | Politics and Law - CNET News - 0 views

news.cnet.com/...ans-phone-calls-documents-show

surveillance state NSA Clapper lies must-read

shared by Paul Merrell on 17 Aug 13 - No Cached
  • The National Security Agency has been secretly granted legal authority to operate a massive domestic eavesdropping system that vacuums up Americans' phone calls and Internet communications, newly leaked documents show. A pair of classified government documents (No. 1 and No. 2) signed by Attorney General Eric Holder and posted by the Guardian on Thursday show that NSA analysts are able to listen to Americans' intercepted phone calls without asking a judge for a warrant first. That appears to be at odds with what President Obama said earlier this week in defense of the NSA's surveillance efforts. "I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls and the NSA cannot target your e-mails," Obama said. The new documents indicate, however, that NSA, CIA, and FBI analysts are granted broad access to data vacuumed up by the world's most powerful intelligence agency -- but are supposed to follow certain "targeting" and "minimization" procedures to limit the number of Americans who become individual targets of warrantless surveillance.
  • Analysts are expected to exercise "reasonable judgment" in determining which data to use, according to the documents, and "inadvertently acquired communications of or concerning a United States person may be retained no longer than five years." The documents also refer to "content repositories" that contain records of devices' "previous Internet activity," and say the NSA keeps records of Americans' "electronic communications accounts/addresses/identifiers" in an apparent effort to avoid targeting them in future eavesdropping efforts. The Holder procedures were blessed in advance by the secret Foreign Intelligence Surveillance Court, the Guardian reported, meaning that the judges would have issued a general order that authorizes the NSA to engage in warrantless surveillance as long as it's primarily aimed at foreign targets, subject to some limited judicial oversight. Today's disclosure jibes with what Edward Snowden, the former NSA contractor who leaked top-secret documents, alleged in an online chat earlier this week. Snowden said, referring to the contents of e-mail and phone calls, that "Americans' communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant."
  • On Sunday, Director of National Intelligence James Clapper released a carefully-worded statement in response to a CNET article and other reports questioning when intelligence analysts can listen to domestic phone calls. Clapper said: "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress." Clapper's statement was viewed as a denial, but it wasn't. Today's disclosures reveal why: Because the Justice Department granted intelligence analysts "proper legal authorization" in advance through the Holder regulations. "The DNI has a history of playing games with wording, using terms with carefully obscured meanings to leave an impression different from the truth," Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation who has litigated domestic surveillance cases, told CNET earlier this week.
  • ...3 more annotations...
  • Jameel Jaffer, the American Civil Liberties Union's deputy legal director, said in a statement today that: After Congress enacted the FISA Amendments Act in 2008, we worried that the NSA would use the new authority to conduct warrantless surveillance of Americans' telephone calls and emails. These documents confirm many of our worst fears. The "targeting" procedures indicate that the NSA is engaged in broad surveillance of Americans' international communications. The "minimization" procedures that supposedly protect Americans' constitutional rights turn out to be far weaker than we imagined they could be. For example, the NSA claims the authority to collect and disseminate attorney-client communications -- and even, in some circumstances, to turn them over to Justice Department prosecutors. The government also claims the authority to retain Americans' purely domestic communications in certain situations.
  • The documents suggest there are some significant loopholes in domestic surveillance: if an NSA analyst reviews an intercepted communication and finds "evidence of a crime that has been, is being, or is about to be committed," it can be forwarded to the FBI or other federal law enforcement agencies. Another loophole is "a serious harm to life or property" -- which could sweep in intellectual property -- and "enciphered" data. Communications that contain "enciphered" data, which would likely include PGP but also could mean encrypted Web connections using SSL, may be kept indefinitely. Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications.
  • Section 702 of the FAA says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court, as long as minimization requirements and general procedures blessed by the court are followed.
Paul Merrell

FindLaw | Cases and Codes - 0 views

caselaw.lp.findlaw.com/...getcase.pl

surveillance state NSA pen-register 4th Amendment

shared by Paul Merrell on 20 Jun 13 - No Cached
  • SMITH v. MARYLAND, 442 U.S. 735 (1979)
  • The telephone company, at police request, installed at its central offices a pen register to record the numbers dialed from the telephone at petitioner's home. Prior to his robbery trial, petitioner moved to suppress "all fruits derived from" the pen register. The Maryland trial court denied this motion, holding that the warrantless installation of the pen register did not violate the Fourth Amendment. Petitioner was convicted, and the Maryland Court of Appeals affirmed. Held: The installation and use of the pen register was not a "search" within the meaning of the Fourth Amendment, and hence no warrant was required. Pp. 739-746. (a) Application of the Fourth Amendment depends on whether the person invoking its protection can claim a "legitimate expectation of privacy" that has been invaded by government action. This inquiry normally embraces two questions: first, whether the individual has exhibited an actual (subjective) expectation of privacy; and second, whether his expectation is one that society is prepared to recognize as "reasonable." Katz v. United States, 389 U.S. 347 . Pp. 739-741.
  • (b) Petitioner in all probability entertained no actual expectation of privacy in the phone numbers he dialed, and even if he did, his expectation was not "legitimate." First, it is doubtful that telephone users in general have any expectation of privacy regarding the numbers they dial, since they typically know that they must convey phone numbers to the telephone company and that the company has facilities for recording this information and does in fact record it for various legitimate business purposes. And petitioner did not demonstrate an expectation of privacy merely by using his home phone rather than some other phone, since his conduct, although perhaps calculated to keep the contents of his conversation private, was not calculated to preserve the privacy of the number he dialed. Second, even if petitioner did harbor some subjective expectation of privacy, this expectation was not one that society is prepared to recognize as "reasonable." When petitioner voluntarily conveyed numerical information to the phone company and "exposed" that information to its equipment in the normal course of business, he assumed the risk that the company would reveal the information [442 U.S. 735, 736]   to the police, cf. United States v. Miller, 425 U.S. 435 . Pp. 741-746. 283 Md. 156, 389 A. 2d 858, affirmed.
  • Paul Merrell on 20 Jun 13
     
    The Washington Post has reported that "on July 15 [2001], the secret surveillance court allowed the NSA to resume bulk collection under the court's own authority. The opinion, which remains highly classified, was based on a provision of electronic surveillance law, known as "pen register, trap and trace," that was written to allow law enforcement officers to obtain the phone numbers of incoming and outgoing calls from a single telephone line." .  The seminal case on pen registers is the Supreme Court's 1979 Smith v. Maryland decision, bookmarked here and the Clerk's syllabus highlighted, with the Court's discussion on the same web page. We will be hearing a lot about this case decision in the weeks and months to come.  Let it suffice for now to record a few points of what my antenna are telling me:  -- Both technology and the law have moved on since then. We are 34 years down the line from the Smith decision. Its pronouncements have been sliced and diced by subsequent decisions. Not a single Justice who sat on the Smith case is still on the High Bench.   -- In Smith, a single pen register was used to obtain calling information from a single telephone number by law enforcement officials. In the present circumstance, we face an Orwellian situation of a secret intelligence agency with no law enforcement authority forbidden by law from conducting domestic surveillance perusing and all digital communications of the entire citizenry. -- The NSA has been gathering not only information analogous to pen register results but also the communications of American citizens themselves. The communications themselves --- the contents --- are subject to the 4th Amendment warrant requirement. Consider the circuitous route of the records ordered to be disclosed in the Verizon FISA order. Verizon was ordered to disclose them to the FBI, not to the NSA. But then the FBI apparently forwards the records to the NSA, who has both the "pen register
Paul Merrell

Is the Government's Aerial Smartphone Surveillance Program Legal? | TIME - 0 views

time.com/...government-aerial-surveillance

surveillance-state DoJ aerial-stingrays location-data

shared by Paul Merrell on 18 Nov 14 - No Cached
  • Still, is the Justice Department’s airborne dragnet program legal? The answer is “maybe.” Federal authorities have employed similar tools in the past. The Federal Bureau of Investigation is known to use a surveillance tool called a “stingray,” a portable transceiver that tricks cell phones within a certain area into relaying their locations, not unlike the equipment onboard the Marshals’ aircraft. A government vehicle with a stingray can net hundreds of nearby cell phones’ approximate locations just by driving through a typical neighborhood. The government has said it doesn’t need a probable cause warrant to use stingrays because investigators don’t collect the content of phone calls, just the locations of those phones. Government officials, meanwhile, have said they get court approval to use the devices. Much of the government’s warrantless use of stingray-style technology hinges on a 1979 Supreme Court decision titled Smith v. Maryland. Smith involved law enforcement’s use of a device called a pen register that, when attached to a suspect’s phone line, recorded the numbers of outgoing calls, but not the calls themselves. The Smith decision upheld the warrantless use of such devices because the suspect’s phone company would record the same data picked up by the pen register, and therefore the suspect had no reasonable expectation of privacy when it came to that information. Currently, the law requires a court to approve the use of a pen register, but investigators only have to show that the device’s use is “relevant to an ongoing criminal investigation,” a much weaker standard than a probable cause warrant requires.
  • However, to get back to the Smith decision, wireless carriers do store your location history for several months to several years, information they obtain by keeping a record of the cell towers to which your device connects as you move from place to place. That could mean Americans don’t have a reasonable expectation of privacy over their location data and the Smith precedent applies, making the DoJ’s aerial surveillance program legal. Still, that would be a matter for the courts to decide. “There are a lot of tricky questions whether a stingray or dirtbox operated by the government directly is a pen register, or the Fourth Amendment concerns dismissed by the Supreme Court 35 years ago in Smith v. Maryland are more applicable here,” Fakhoury said.
  • Hanni Fakhoury, an attorney at the pro-privacy Electronic Frontier Foundation, says the Department of Justice could use the Smith precedent as legal justification for the airborne dirtbox program. However, Fakhoury also highlighted a key problem with that argument: Location. Pen registers aren’t intended to pick up location data beyond an area code, whereas the airborne dirtboxes can track a person down to a single building. Many courts, he said, have expressed that location data deserves greater constitutional protection than is afforded to other kinds of information.
  • ...2 more annotations...
  • Civil rights groups are raising serious constitutional questions about the Justice Department’s use of dragnet technology onboard aircraft to collect data from suspects’ cell phones, as reported by the Wall Street Journal Thursday.
  • The Justice Department said it could not confirm or deny the existence of the program. But a department official said that all federal investigations are consistent with federal law and are subject to court approval. That official also said the Marshals Service does not maintain any databases of cell phone information — meaning the program could possibly only be used to track the whereabouts of suspects on a case-by-case basis and that it’s vastly different in nature from the kinds of sweeping government surveillance programs first revealed by Edward Snowden.
  • Paul Merrell on 18 Nov 14
     
    Smith v. Maryland is a dead precedent for mass surveillance after the Supreme Court's ruling in Riley v. California. It awaits only the judicial coup de grace. 
Paul Merrell

Obama to Place Some Restraints on Surveillance - NYTimes.com - 0 views

www.nytimes.com/...hamper-surveillance-court.html

surveillance state NSA Obama Obama-decision

shared by Paul Merrell on 16 Jan 14 - No Cached
  • President Obama will issue new guidelines on Friday to curtail government surveillance, but will not embrace the most far-reaching proposals of his own advisers and will ask Congress to help decide some of the toughest issues, according to people briefed on his thinking.Mr. Obama plans to increase limits on access to bulk telephone data, call for privacy safeguards for foreigners and propose the creation of a public advocate to represent privacy concerns at a secret intelligence court. But he will not endorse leaving bulk data in the custody of telecommunications firms, nor will he require court permission for all so-called national security letters seeking business records.
  • President Obama will issue new guidelines on Friday to curtail government surveillance, but will not embrace the most far-reaching proposals of his own advisers and will ask Congress to help decide some of the toughest issues, according to people briefed on his thinking.Mr. Obama plans to increase limits on access to bulk telephone data, call for privacy safeguards for foreigners and propose the creation of a public advocate to represent privacy concerns at a secret intelligence court. But he will not endorse leaving bulk data in the custody of telecommunications firms, nor will he require court permission for all so-called national security letters seeking business records.
  • The emerging approach, described by current and former government officials who insisted on anonymity in advance of Mr. Obama’s widely anticipated speech, suggested a president trying to straddle a difficult line in hopes of placating foreign leaders and advocates of civil liberties without a backlash from national security agencies. The result seems to be a speech that leaves in place many current programs, but embraces the spirit of reform and keeps the door open to changes later. The decision to provide additional privacy protections for non-American citizens or residents, for instance, largely codifies existing practices but will be followed by a 180-day study by the director of national intelligence about whether to go further. Likewise, instead of taking the storage of bulk data out of government hands, as recommended by a review panel he appointed, Mr. Obama will leave it in place for now and ask lawmakers to weigh in.The blend of decisions, to be outlined in a speech at the Justice Department and in a presidential guidelines memorandum, will be Mr. Obama’s highest-profile response to the disclosures about the National Security Agency made in recent months by Edward J. Snowden, a former N.S.A. contractor who has fled to Russia.
  • ...5 more annotations...
  • The developments came as the nation’s judiciary waded into the highly charged debate. In a letter made public on Tuesday, a judge designated by Chief Justice John G. Roberts Jr. to express the views of the judicial branch warned that some changes under consideration would have a negative “operational impact” on a secret foreign intelligence court.Judge John D. Bates, a former chief judge of the Foreign Intelligence Surveillance Court, urged Mr. Obama and Congress not to alter the way the court is appointed or to create an independent public advocate to argue against the Justice Department in secret proceedings. Any such advocate, he wrote, should instead be appointed only when the court decided one was needed.Judge Bates objected to the workload of requiring that courts approve all national security letters, which are administrative subpoenas allowing the F.B.I. to obtain records about communications and financial transactions without court approval. And he raised concerns about greater public disclosure of court rulings, arguing that unclassified summaries would be “likely to promote confusion and misunderstanding.”
  • But the president will not, at least for now, back the panel’s suggestion that telecommunications firms keep such data and that the government be allowed to tap into those databases only when necessary. Intelligence officials complained it would be inefficient to have to go to multiple companies, so some officials proposed creating an independent consortium to store the data instead.Mr. Obama has decided against keeping the data at the private providers because they do not want that responsibility, officials said, and no independent consortium currently exists. As a result, he will ask Congress to work with him to determine the best way to store the data.
  • The judge’s objection to the proposal on national security letters dovetailed with that of the F.B.I. director, James B. Comey, who argued it would be inefficient to have to go to a judge each time records were sought. Mr. Obama has decided not to require court approval in every case, but might still require it in some circumstances, according to one administration official.Mr. Obama will cut back on the number of people whose phone records can be examined by the N.S.A. through its bulk data program. Currently the agency can scrutinize call records of people as far as three steps, or “hops,” removed from a suspect. Mr. Obama’s review panel proposed limiting searches to people just two steps removed. He is also likely to cut down the number of years such data can be retained; currently it is deleted after five years.
  • The judge’s letter, versions of which he sent to the leaders of several congressional committees, was released as all five members of Mr. Obama’s surveillance review group testified Tuesday before the Senate Judiciary Committee, seeking support for their recommendations.Illustrating the cross-pressures on the president, the advisers argued for the appointment of the independent version of a public advocate, a recommendation the president is expected to follow, though it is not clear how he will structure the position.
  • The letter by Judge Bates was accompanied by 15 pages of often specific comments about possible surveillance reforms.It is highly unusual for judges to weigh in on public policy debates involving the other two branches of government, but Judge Bates, the director of the Administrative Office of the United States Court, said that Chief Justice Roberts had designated him to “act as a liaison” and that he had consulted other judges.
  • Paul Merrell on 16 Jan 14
     
    I keep wondering if Barack Obama just might be the most timid President the U.S. has ever had. Certainly, he lacks the courage to lead the nation. 
Paul Merrell

Edward Snowden: A 'Nation' Interview | The Nation - 0 views

www.thenation.com/...wden-exile-exclusive-interview

surveillance state Snowden-interview

shared by Paul Merrell on 30 Oct 14 - No Cached
  • Snowden: That’s the key—to maintain the garden of liberty, right? This is a generational thing that we must all do continuously. We only have the rights that we protect. It doesn’t matter what we say or think we have. It’s not enough to believe in something; it matters what we actually defend. So when we think in the context of the last decade’s infringements upon personal liberty and the last year’s revelations, it’s not about surveillance. It’s about liberty. When people say, “I have nothing to hide,” what they’re saying is, “My rights don’t matter.” Because you don’t need to justify your rights as a citizen—that inverts the model of responsibility. The government must justify its intrusion into your rights. If you stop defending your rights by saying, “I don’t need them in this context” or “I can’t understand this,” they are no longer rights. You have ceded the concept of your own rights. You’ve converted them into something you get as a revocable privilege from the government, something that can be abrogated at its convenience. And that has diminished the measure of liberty within a society.
  • From the very beginning, I said there are two tracks of reform: there’s the political and the technical. I don’t believe the political will be successful, for exactly the reasons you underlined. The issue is too abstract for average people, who have too many things going on in their lives. And we do not live in a revolutionary time. People are not prepared to contest power. We have a system of education that is really a sort of euphemism for indoctrination. It’s not designed to create critical thinkers. We have a media that goes along with the government by parroting phrases intended to provoke a certain emotional response—for example, “national security.” Everyone says “national security” to the point that we now must use the term “national security.” But it is not national security that they’re concerned with; it is state security. And that’s a key distinction. We don’t like to use the phrase “state security” in the United States because it reminds us of all the bad regimes. But it’s a key concept, because when these officials are out on TV, they’re not talking about what’s good for you. They’re not talking about what’s good for business. They’re not talking about what’s good for society. They’re talking about the protection and perpetuation of a national state system. I’m not an anarchist. I’m not saying, “Burn it to the ground.” But I’m saying we need to be aware of it, and we need to be able to distinguish when political developments are occurring that are contrary to the public interest. And that cannot happen if we do not question the premises on which they’re founded. And that’s why I don’t think political reform is likely to succeed. [Senators] Udall and Wyden, on the intelligence committee, have been sounding the alarm, but they are a minority.
  • The Nation: Every president—and this seems to be confirmed by history—will seek to maximize his or her power, and will see modern-day surveillance as part of that power. Who is going to restrain presidential power in this regard? Snowden: That’s why we have separate and co-equal branches. Maybe it will be Congress, maybe not. Might be the courts, might not. But the idea is that, over time, one of these will get the courage to do so. One of the saddest and most damaging legacies of the Bush administration is the increased assertion of the “state secrets” privilege, which kept organizations like the ACLU—which had cases of people who had actually been tortured and held in indefinite detention—from getting their day in court. The courts were afraid to challenge executive declarations of what would happen. Now, over the last year, we have seen—in almost every single court that has had this sort of national-security case—that they have become markedly more skeptical. People at civil-liberties organizations say it’s a sea change, and that it’s very clear judges have begun to question more critically assertions made by the executive. Even though it seems so obvious now, it is extraordinary in the context of the last decade, because courts had simply said they were not the best branch to adjudicate these claims—which is completely wrong, because they are the only nonpolitical branch. They are the branch that is specifically charged with deciding issues that cannot be impartially decided by politicians. The power of the presidency is important, but it is not determinative. Presidents should not be exempted from the same standards of reason and evidence and justification that any other citizen or civil movement should be held to.
  • ...14 more annotations...
  • The Nation: Explain the technical reform you mentioned. Snowden: We already see this happening. The issue I brought forward most clearly was that of mass surveillance, not of surveillance in general. It’s OK if we wiretap Osama bin Laden. I want to know what he’s planning—obviously not him nowadays, but that kind of thing. I don’t care if it’s a pope or a bin Laden. As long as investigators must go to a judge—an independent judge, a real judge, not a secret judge—and make a showing that there’s probable cause to issue a warrant, then they can do that. And that’s how it should be done. The problem is when they monitor all of us, en masse, all of the time, without any specific justification for intercepting in the first place, without any specific judicial showing that there’s a probable cause for that infringement of our rights.
  • Since the revelations, we have seen a massive sea change in the technological basis and makeup of the Internet. One story revealed that the NSA was unlawfully collecting data from the data centers of Google and Yahoo. They were intercepting the transactions of data centers of American companies, which should not be allowed in the first place because American companies are considered US persons, sort of, under our surveillance authorities. They say, “Well, we were doing it overseas,” but that falls under a different Reagan-era authority: EO 12333, an executive order for foreign-intelligence collection, as opposed to the ones we now use domestically. So this one isn’t even authorized by law. It’s just an old-ass piece of paper with Reagan’s signature on it, which has been updated a couple times since then. So what happened was that all of a sudden these massive, behemoth companies realized their data centers—sending hundreds of millions of people’s communications back and forth every day—were completely unprotected, electronically naked. GCHQ, the British spy agency, was listening in, and the NSA was getting the data and everything like that, because they could dodge the encryption that was typically used. Basically, the way it worked technically, you go from your phone to Facebook.com, let’s say—that link is encrypted. So if the NSA is trying to watch it here, they can’t understand it. But what these agencies discovered was, the Facebook site that your phone is connected to is just the front end of a larger corporate network—that’s not actually where the data comes from. When you ask for your Facebook page, you hit this part and it’s protected, but it has to go on this long bounce around the world to actually get what you’re asking for and go back. So what they did was just get out of the protected part and they went onto the back network. They went into the private network of these companies.
  • The Nation: The companies knew this? Snowden: Companies did not know it. They said, “Well, we gave the NSA the front door; we gave you the PRISM program. You could get anything you wanted from our companies anyway—all you had to do was ask us and we’re gonna give it to you.” So the companies couldn’t have imagined that the intelligence communities would break in the back door, too—but they did, because they didn’t have to deal with the same legal process as when they went through the front door. When this was published by Barton Gellman in The Washington Post and the companies were exposed, Gellman printed a great anecdote: he showed two Google engineers a slide that showed how the NSA was doing this, and the engineers “exploded in profanity.” Another example—one document I revealed was the classified inspector general’s report on a Bush surveillance operation, Stellar Wind, which basically showed that the authorities knew it was unlawful at the time. There was no statutory basis; it was happening basically on the president’s say-so and a secret authorization that no one was allowed to see. When the DOJ said, “We’re not gonna reauthorize this because it is not lawful,” Cheney—or one of Cheney’s advisers—went to Michael Hayden, director of the NSA, and said, “There is no lawful basis for this program. DOJ is not going to reauthorize it, and we don’t know what we’re going to do. Will you continue it anyway on the president’s say-so?” Hayden said yes, even though he knew it was unlawful and the DOJ was against it. Nobody has read this document because it’s like twenty-eight pages long, even though it’s incredibly important.
  • The big tech companies understood that the government had not only damaged American principles, it had hurt their businesses. They thought, “No one trusts our products anymore.” So they decided to fix these security flaws to secure their phones. The new iPhone has encryption that protects the contents of the phone. This means if someone steals your phone—if a hacker or something images your phone—they can’t read what’s on the phone itself, they can’t look at your pictures, they can’t see the text messages you send, and so forth. But it does not stop law enforcement from tracking your movements via geolocation on the phone if they think you are involved in a kidnapping case, for example. It does not stop law enforcement from requesting copies of your texts from the providers via warrant. It does not stop them from accessing copies of your pictures or whatever that are uploaded to, for example, Apple’s cloud service, which are still legally accessible because those are not encrypted. It only protects what’s physically on the phone. This is purely a security feature that protects against the kind of abuse that can happen with all these things being out there undetected. In response, the attorney general and the FBI director jumped on a soap box and said, “You are putting our children at risk.”
  • The Nation: Is there a potential conflict between massive encryption and the lawful investigation of crimes? Snowden: This is the controversy that the attorney general and the FBI director were trying to create. They were suggesting, “We have to be able to have lawful access to these devices with a warrant, but that is technically not possible on a secure device. The only way that is possible is if you compromise the security of the device by leaving a back door.” We’ve known that these back doors are not secure. I talk to cryptographers, some of the leading technologists in the world, all the time about how we can deal with these issues. It is not possible to create a back door that is only accessible, for example, to the FBI. And even if it were, you run into the same problem with international commerce: if you create a device that is famous for compromised security and it has an American back door, nobody is gonna buy it. Anyway, it’s not true that the authorities cannot access the content of the phone even if there is no back door. When I was at the NSA, we did this every single day, even on Sundays. I believe that encryption is a civic responsibility, a civic duty.
  • The Nation: Some years ago, The Nation did a special issue on patriotism. We asked about a hundred people how they define it. How do you define patriotism? And related to that, you’re probably the world’s most famous whistleblower, though you don’t like that term. What characterization of your role do you prefer? Snowden: What defines patriotism, for me, is the idea that one rises to act on behalf of one’s country. As I said before, that’s distinct from acting to benefit the government—a distinction that’s increasingly lost today. You’re not patriotic just because you back whoever’s in power today or their policies. You’re patriotic when you work to improve the lives of the people of your country, your community and your family. Sometimes that means making hard choices, choices that go against your personal interest. People sometimes say I broke an oath of secrecy—one of the early charges leveled against me. But it’s a fundamental misunderstanding, because there is no oath of secrecy for people who work in the intelligence community. You are asked to sign a civil agreement, called a Standard Form 312, which basically says if you disclose classified information, they can sue you; they can do this, that and the other. And you risk going to jail. But you are also asked to take an oath, and that’s the oath of service. The oath of service is not to secrecy, but to the Constitution—to protect it against all enemies, foreign and domestic. That’s the oath that I kept, that James Clapper and former NSA director Keith Alexander did not. You raise your hand and you take the oath in your class when you are on board. All government officials are made to do it who work for the intelligence agencies—at least, that’s where I took the oath.
  • The Nation: Creating a new system may be your transition, but it’s also a political act. Snowden: In case you haven’t noticed, I have a somewhat sneaky way of effecting political change. I don’t want to directly confront great powers, which we cannot defeat on their terms. They have more money, more clout, more airtime. We cannot be effective without a mass movement, and the American people today are too comfortable to adapt to a mass movement. But as inequality grows, the basic bonds of social fraternity are fraying—as we discussed in regard to Occupy Wall Street. As tensions increase, people will become more willing to engage in protest. But that moment is not now.
  • The Nation: You really think that if you could go home tomorrow with complete immunity, there wouldn’t be irresistible pressure on you to become a spokesperson, even an activist, on behalf of our rights and liberties? Indeed, wouldn’t that now be your duty? Snowden: But the idea for me now—because I’m not a politician, and I do not think I am as effective in this way as people who actually prepare for it—is to focus on technical reform, because I speak the language of technology. I spoke with Tim Berners-Lee, the guy who invented the World Wide Web. We agree on the necessity for this generation to create what he calls the Magna Carta for the Internet. We want to say what “digital rights” should be. What values should we be protecting, and how do we assert them? What I can do—because I am a technologist, and because I actually understand how this stuff works under the hood—is to help create the new systems that reflect our values. Of course I want to see political reform in the United States. But we could pass the best surveillance reforms, the best privacy protections in the history of the world, in the United States, and it would have zero impact internationally. Zero impact in China and in every other country, because of their national laws—they won’t recognize our reforms; they’ll continue doing their own thing. But if someone creates a reformed technical system today—technical standards must be identical around the world for them to function together.
  • As for labeling someone a whistleblower, I think it does them—it does all of us—a disservice, because it “otherizes” us. Using the language of heroism, calling Daniel Ellsberg a hero, and calling the other people who made great sacrifices heroes—even though what they have done is heroic—is to distinguish them from the civic duty they performed, and excuses the rest of us from the same civic duty to speak out when we see something wrong, when we witness our government engaging in serious crimes, abusing power, engaging in massive historic violations of the Constitution of the United States. We have to speak out or we are party to that bad action.
  • The Nation: Considering your personal experience—the risks you took, and now your fate here in Moscow—do you think other young men or women will be inspired or discouraged from doing what you did? Snowden: Chelsea Manning got thirty-five years in prison, while I’m still free. I talk to people in the ACLU office in New York all the time. I’m able to participate in the debate and to campaign for reform. I’m just the first to come forward in the manner that I did and succeed. When governments go too far to punish people for actions that are dissent rather than a real threat to the nation, they risk delegitimizing not just their systems of justice, but the legitimacy of the government itself. Because when they bring political charges against people for acts that were clearly at least intended to work in the public interest, they deny them the opportunity to mount a public-interest defense. The charges they brought against me, for example, explicitly denied my ability to make a public-interest defense. There were no whistleblower protections that would’ve protected me—and that’s known to everybody in the intelligence community. There are no proper channels for making this information available when the system fails comprehensively.
  • The government would assert that individuals who are aware of serious wrongdoing in the intelligence community should bring their concerns to the people most responsible for that wrongdoing, and rely on those people to correct the problems that those people themselves authorized. Going all the way back to Daniel Ellsberg, it is clear that the government is not concerned with damage to national security, because in none of these cases was there damage. At the trial of Chelsea Manning, the government could point to no case of specific damage that had been caused by the massive revelation of classified information. The charges are a reaction to the government’s embarrassment more than genuine concern about these activities, or they would substantiate what harms were done. We’re now more than a year since my NSA revelations, and despite numerous hours of testimony before Congress, despite tons of off-the-record quotes from anonymous officials who have an ax to grind, not a single US official, not a single representative of the United States government, has ever pointed to a single case of individualized harm caused by these revelations. This, despite the fact that former NSA director Keith Alexander said this would cause grave and irrevocable harm to the nation. Some months after he made that statement, the new director of the NSA, Michael Rogers, said that, in fact, he doesn’t see the sky falling. It’s not so serious after all.
  • The Nation: You also remind us of [Manhattan Project physicist] Robert Oppenheimer—what he created and then worried about. Snowden: Someone recently talked about mass surveillance and the NSA revelations as being the atomic moment for computer scientists. The atomic bomb was the moral moment for physicists. Mass surveillance is the same moment for computer scientists, when they realize that the things they produce can be used to harm a tremendous number of people. It is interesting that so many people who become disenchanted, who protest against their own organizations, are people who contributed something to them and then saw how it was misused. When I was working in Japan, I created a system for ensuring that intelligence data was globally recoverable in the event of a disaster. I was not aware of the scope of mass surveillance. I came across some legal questions when I was creating it. My superiors pushed back and were like, “Well, how are we going to deal with this data?” And I was like, “I didn’t even know it existed.” Later, when I found out that we were collecting more information on American communications than we were on Russian communications, for example, I was like, “Holy shit.” Being confronted with the realization that work you intended to benefit people is being used against them has a radicalizing effect.
  • The Nation: We have a sense, or certainly the hope, we’ll be seeing you in America soon—perhaps sometime after this Ukrainian crisis ends. Snowden: I would love to think that, but we’ve gone all the way up the chain at all the levels, and things like that. A political decision has been made not to irritate the intelligence community. The spy agencies are really embarrassed, they’re really sore—the revelations really hurt their mystique. The last ten years, they were getting the Zero Dark Thirty treatment—they’re the heroes. The surveillance revelations bring them back to Big Brother kind of narratives, and they don’t like that at all. The Obama administration almost appears as though it is afraid of the intelligence community. They’re afraid of death by a thousand cuts—you know, leaks and things like that.
  • The Nation: You’ve given us a lot of time, and we are very grateful, as will be The Nation’s and other readers. But before we end, any more thoughts about your future? Snowden: If I had to guess what the future’s going to look like for me—assuming it’s not an orange jumpsuit in a hole—I think I’m going to alternate between tech and policy. I think we need that. I think that’s actually what’s missing from government, for the most part. We’ve got a lot of policy people, but we have no technologists, even though technology is such a big part of our lives. It’s just amazing, because even these big Silicon Valley companies, the masters of the universe or whatever, haven’t engaged with Washington until recently. They’re still playing catch-up. As for my personal politics, some people seem to think I’m some kind of archlibertarian, a hyper-conservative. But when it comes to social policies, I believe women have the right to make their own choices, and inequality is a really important issue. As a technologist, I see the trends, and I see that automation inevitably is going to mean fewer and fewer jobs. And if we do not find a way to provide a basic income for people who have no work, or no meaningful work, we’re going to have social unrest that could get people killed. When we have increasing production—year after year after year—some of that needs to be reinvested in society. It doesn’t need to be consistently concentrated in these venture-capital funds and things like that. I’m not a communist, a socialist or a radical. But these issues have to be 
addressed.
  • Paul Merrell on 30 Oct 14
     
    Remarkable interview. Snowden finally gets asked some questions about politics. 
Paul Merrell

Verizon's New, Encrypted Calling App Plays Nice With the NSA - Businessweek - 0 views

www.businessweek.com/...pp-comes-prehacked-for-the-nsa

surveillance state Verizon backdoors pseudo-encryption

shared by Paul Merrell on 13 Dec 14 - No Cached
  • Verizon is the latest big company to enter the post-Snowden market for secure communication, and it's doing so with an encryption standard that comes with a way for law enforcement to access ostensibly secure phone conversations.Verizon Voice Cypher, the product introduced on Thursday with the encryption company Cellcrypt, offers business and government customers end-to-end encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app. The encryption software provides secure communications for people speaking on devices with the app, regardless of their wireless carrier, and it can also connect to an organization's secure phone system. Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they're able to prove that there's a legitimate law enforcement reason for doing so. Seth Polansky, Cellcrypt's vice president for North America, disputes the idea that building technology to allow wiretapping is a security risk. "It's only creating a weakness for government agencies," he says. "Just because a government access option exists, it doesn't mean other companies can access it." 
  • Phone carriers like Verizon are required by U.S. law to build networks that can be wiretapped. But the legislation known as the Communications Assistance for Law Enforcement Act requires phone carriers to decrypt communications for the government only if they have designed their technology to make it possible to do so. If Verizon and Cellcrypt had structured their encryption so that neither company had the information necessary to decrypt the calls, they would not have been breaking the law.
  • There has been increased interest in encryption from individual consumers, too, largely thanks to the NSA revelations leaked by Edward Snowden. Yahoo and Google began offering end-to-end encrypted e-mail services this year. Silent Circle, a startup catering to consumer and enterprise clients, has been developing end-to-end voice encryption for phones calls. Verizon's service, with a monthly price of $45 per device, isn't targeting individual buyers and won't be offered to average consumers in the near future.But Verizon's partner, Cellcrypt, looks upon selling to large organizations as the first step toward bringing down the price before eventually offering a consumer-level encryption service. "At the end of the day, we'd love to have this be a line item on your Verizon bill," says Polansky.
  • ...2 more annotations...
  • Other companies have designed their encryption in this way, including AT&T, which offers encrypted phone service for business customers. Apple and Android recently began protecting content stored on users's phones in a way that would keep the tech companies from being able to comply with requests from law enforcement. The move drew public criticism from FBI Director James Comey, and some security experts expect that a renewed effort to stir passage of legislation banning such encryption will accompany Silicon Valley's increased interest in developing these services. Verizon believes major demand for its new encryption service will come from governmental agencies conveying sensitive but unclassified information over the phone, says Tim Petsky, a senior product manager for Verizon Wireless. Corporate customers who are concerned about corporate espionage are also itching for answers. "You read about breaches in security almost every week in the press," says Petsky. "Enterprise customers have been asking about ways to secure their communications and up until this point, we didn't have a solution." 
  • Many people in the security industry believe that a designed access point creates a vulnerability for criminals or spies to exploit. Last year reports surfaced that the FBI was pushing legislation that would require many forms of Internet communication to be wiretap-ready. A group of prominent security experts responded strongly: "Requiring software vendors to build intercept functionality into their products is unwise and will be ineffective, with the result being serious consequences (PDF) for the economic well-being and national security of the United States," they wrote in a report issued in May. 
Paul Merrell

Forget Metadata ... The NSA Is Spying On EVERYTHING Washington's Blog - 0 views

www.washingtonsblog.com/...ata-nsa-spying-everything.html

surveillance state NSA NSA-targets must-read

shared by Paul Merrell on 08 Feb 14 - No Cached
  • The NSA’s spying on everyone’s metadata can tell them just about everything about us … and it violates our Constitutional right to freedom of association. But people are getting distracted from the big picture by focusing on metadata. As security expert Bruce Schneier wrote yesterday: What frustrates me about all of this — [the Privacy and Civil Liberties Oversight Board] report, the president’s speech, and so many other things — is that they focus on the bulk collection of cell phone call records. There’s so much more bulk collection going on — phone calls, e-mails, address books, buddy lists, text messages, cell phone location data, financial documents, calendars, [smartphone apps] etc. — and we really need legislation and court opinions on it all. But because cell phone call records were the first disclosure, they’re what gets the attention. Indeed, Schneier confirmed last October what we’ve been saying for years … don’t get too distracted by the details, because the government is spying on everything:
  • Honestly, I think the details matter less and less. We have to assume that the NSA has EVERYONE who uses electronic communications under CONSTANT surveillance. New details about hows and whys will continue to emerge …but the big picture will remain the same. He’s right. As just one example, there is substantial evidence from top NSA and FBI whistleblowers that the government is recording the content of our calls and emails … word-for-word. So what should we make of the government’s denials that it records content? Given that the government has been caught lying about spying again and again, I’m not sure how much weight we should give to such denials. NSA whistleblower Russ Tice notes: They’re collecting content … word-for-word. *** You can’t trust these people. They lie, and they lie a lot.
  • Paul Merrell on 08 Feb 14
     
    Personally, I don't think the focus is on metadata because it was the first target exposed. I see it more as a propaganda weapon to divert attention from the other NSA targets.  In any event, this page offers a very comprehensive list of the types of data the NSA is collecting, with links to further information on each type.
Paul Merrell

U.S. surveillance architecture includes collection of revealing Internet, phone metadat... - 0 views

www.washingtonpost.com/...2-b05f-3ea3f0e7bb5a_print.html

surveillance state NSA must-read pen-register

shared by Paul Merrell on 19 Jun 13 - No Cached
  • On March 12, 2004, acting attorney general James B. Comey and the Justice Department’s top leadership reached the brink of resignation over electronic surveillance orders that they believed to be illegal. President George W. Bush backed down, halting secret foreign-intelligence-gathering operations that had crossed into domestic terrain. That morning marked the beginning of the end of STELLARWIND, the cover name for a set of four surveillance programs that brought Americans and American territory within the domain of the National Security Agency for the first time in decades. It was also a prelude to new legal structures that allowed Bush and then President Obama to reproduce each of those programs and expand their reach.What exactly STELLARWIND did has never been disclosed in an unclassified form. Which parts of it did Comey approve? Which did he shut down? What became of the programs when the crisis passed and Comey, now Obama’s expected nominee for FBI director, returned to private life?Authoritative new answers to those questions, drawing upon a classified NSA history of STELLARWIND and interviews with high-ranking intelligence officials, offer the clearest map yet of the Bush-era programs and the NSA’s contemporary U.S. operations.STELLARWIND was succeeded by four major lines of intelligence collection in the territorial United States, together capable of spanning the full range of modern telecommunications, according to the interviews and documents.
  • Two of the four collection programs, one each for telephony and the Internet, process trillions of “metadata” records for storage and analysis in systems called MAINWAY and MARINA, respectively. Metadata includes highly revealing information about the times, places, devices and participants in electronic communication, but not its contents. The bulk collection of telephone call records from Verizon Business Services, disclosed this month by the British newspaper the Guardian, is one source of raw intelligence for MAINWAY.The other two types of collection, which operate on a much smaller scale, are aimed at content. One of them intercepts telephone calls and routes the spoken words to a system called ­NUCLEON.For Internet content, the most important source collection is the PRISM project reported on June 6 by The Washington Post and the Guardian. It draws from data held by Google, Yahoo, Microsoft and other Silicon Valley giants, collectively the richest depositories of personal information in history.
  • The debate has focused on two of the four U.S.-based collection programs: PRISM, for Internet content, and the comprehensive collection of telephone call records, foreign and domestic, that the Guardian revealed by posting a classified order from the Foreign Intelligence Surveillance Court to Verizon Business Services.The Post has learned that similar orders have been renewed every three months for other large U.S. phone companies, including Bell South and AT&T, since May 24, 2006. On that day, the surveillance court made a fundamental shift in its approach to Section 215 of the Patriot Act, which permits the FBI to compel production of “business records” that are relevant to a particular terrorism investigation and to share those in some circumstances with the NSA. Henceforth, the court ruled, it would define the relevant business records as the entirety of a telephone company’s call database.The Bush administration, by then, had been taking “bulk metadata” from the phone companies under voluntary agreements for more than four years. The volume of information overwhelmed the MAINWAY database, according to a classified report from the NSA inspector general in 2009. The agency spent $146 million in supplemental counterterrorism funds to buy new hardware and contract support — and to make unspecified payments to the phone companies for “collaborative partnerships.”When the New York Times revealed the warrantless surveillance of voice calls, in December 2005, the telephone companies got nervous. One of them, unnamed in the report, approached the NSA with a request. Rather than volunteer the data, at a price, the “provider preferred to be compelled to do so by a court order,” the report said. Other companies followed suit. The surveillance court order that recast the meaning of business records “essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had” under Bush’s asserted authority alone.
  • ...3 more annotations...
  • Telephone metadata was not the issue that sparked a rebellion at the Justice Department, first by Jack Goldsmith of the Office of Legal Counsel and then by Comey, who was acting attorney general because John D. Ashcroft was in intensive care with acute gallstone pancreatitis. It was Internet metadata.At Bush’s direction, in orders prepared by David Addington, the counsel to Vice President Richard B. Cheney, the NSA had been siphoning e-mail metadata and technical records of Skype calls from data links owned by AT&T, Sprint and MCI, which later merged with Verizon.For reasons unspecified in the report, Goldsmith and Comey became convinced that Bush had no lawful authority to do that.MARINA and the collection tools that feed it are probably the least known of the NSA’s domestic operations, even among experts who follow the subject closely. Yet they probably capture information about more American citizens than any other, because the volume of e-mail, chats and other Internet communications far exceeds the volume of standard telephone calls.The NSA calls Internet metadata “digital network information.” Sophisticated analysis of those records can reveal unknown associates of known terrorism suspects. Depending on the methods applied, it can also expose medical conditions, political or religious affiliations, confidential business negotiations and extramarital affairs.What permits the former and prevents the latter is a complex set of policies that the public is not permitted to see.
  • In the urgent aftermath of Sept. 11, 2001, with more attacks thought to be imminent, analysts wanted to use “contact chaining” techniques to build what the NSA describes as network graphs of people who represented potential threats.The legal challenge for the NSA was that its practice of collecting high volumes of data from digital links did not seem to meet even the relatively low requirements of Bush’s authorization, which allowed collection of Internet metadata “for communications with at least one communicant outside the United States or for which no communicant was known to be a citizen of the United States,” the NSA inspector general’s report said.Lawyers for the agency came up with an interpretation that said the NSA did not “acquire” the communications, a term with formal meaning in surveillance law, until analysts ran searches against it. The NSA could “obtain” metadata in bulk, they argued, without meeting the required standards for acquisition.Goldsmith and Comey did not buy that argument, and a high-ranking U.S. intelligence official said the NSA does not rely on it today.As soon as surveillance data “touches us, we’ve got it, whatever verbs you choose to use,” the official said in an interview. “We’re not saying there’s a magic formula that lets us have it without having it.”
  • When Comey finally ordered a stop to the program, Bush signed an order renewing it anyway. Comey, Goldsmith, FBI Director Robert S. Mueller III and most of the senior Bush appointees in the Justice Department began drafting letters of resignation.Then-NSA Director Michael V. Hayden was not among them. According to the inspector general’s classified report, Cheney’s lawyer, Addington, placed a phone call and “General Hayden had to decide whether NSA would execute the Authorization without the Attorney General’s signature.” He decided to go along.The following morning, when Mueller told Bush that he and Comey intended to resign, the president reversed himself.Three months later, on July 15, the secret surveillance court allowed the NSA to resume bulk collection under the court’s own authority. The opinion, which remains highly classified, was based on a provision of electronic surveillance law, known as “pen register, trap and trace,” that was written to allow law enforcement officers to obtain the phone numbers of incoming and outgoing calls from a single telephone line.
  • Paul Merrell on 19 Jun 13
     
    Note particularly the mention that the FISA Court decision to throw the doors open for government snooping was based on "pen register, trap and trace" law. As suspected, now we are into territory dealt with by the Supreme Court in the pre-internet days of 1979 In Smith v. Maryland, 442 U.S. 735 (1979), More about that next, in a bookmark also tagged with "pen-register".
Paul Merrell

NYPD Blows Whistle on New Hillary Emails: Money Laundering, Sex Crimes with Children, C... - 1 views

www.blacklistednews.com/...M.html

Auction 2016 Hillary-emails FBI NYPD Huma Weiner sex-crimes perjury Clinton-Foundation money-laundering obstruction

shared by Paul Merrell on 03 Nov 16 - No Cached
  • New York Police Department detectives and prosecutors working an alleged underage sexting case against former Congressman Anthony Weiner have turned over a newly-found laptop he shared with wife Huma Abedin to the FBI with enough evidence “to put Hillary (Clinton) and her crew away for life,” NYPD sources told True Pundit. NYPD sources said Clinton’s “crew” also included several unnamed yet implicated members of Congress in addition to her aides and insiders. The NYPD seized the computer from Weiner during a search warrant and detectives discovered a trove of over 500,000 emails to and from Hillary Clinton, Abedin and other insiders during her tenure as secretary of state. The content of those emails sparked the FBI to reopen its defunct email investigation into Clinton on Friday.
  • But new revelations on the contents of that laptop, according to law enforcement sources, implicate the Democratic presidential candidate, her subordinates, and even select elected officials in far more alleged serious crimes than mishandling classified and top secret emails, sources said. NYPD sources said these new emails include evidence linking Clinton herself and associates to: Money laundering Child exploitation Sex crimes with minors (children) Perjury Pay to play through Clinton Foundation Obstruction of justice Other felony crimes NYPD detectives and a NYPD Chief, the department’s highest rank under Commissioner, said openly that if the FBI and Justice Department fail to garner timely indictments against Clinton and co- conspirators, NYPD will go public with the damaging emails now in the hands of FBI Director James Comey and many FBI field offices. “What’s in the emails is staggering and as a father, it turned my stomach,” the NYPD Chief said. “There is not going to be any Houdini-like escape from what we found. We have copies of everything. We will ship them to Wikileaks or I will personally hold my own press conference if it comes to that.”
  • The NYPD Chief said once Comey saw the alarming contents of the emails he was forced to reopen a criminal probe against Clinton. “People are going to prison,” he said. Meanwhile, FBI sources said Abedin and Weiner were cooperating with federal agents, who have taken over the non-sexting portions the case from NYPD. The husband-and-wife Clinton insiders  are both shopping for separate immunity deals, sources said. “If they don’t cooperate they are going to see long sentences,” a federal law enforcement source said. NYPD sources said Weiner or Abedin stored all the emails in a massive Microsoft Outlook program on the laptop. The emails implicate other current and former members of Congress and one high-ranking Democratic Senator as having possibly engaged in criminal activity too, sources said. Prosecutors in the office of US Attorney Preet Bharara have issued a subpoena for Weiner’s cell phones and travel records, law enforcement sources confirmed. NYPD said it planned to order the same phone and travel records on Clinton and Abedin, however, the FBI said it was in the process of requesting the identical records. Law enforcement sources are particularly interested in cell phone activity and travel to the Bahamas, U.S. Virgin Islands and other locations that sources would not divulge.
  • ...4 more annotations...
  • The new emails contain travel documents and itineraries indicating Hillary Clinton, President Bill Clinton, Weiner and multiple members of Congress and other government officials accompanied convicted pedophile billionaire Jeffrey Epstein on his Boeing 727 on multiple occasions to his private island in the U.S Virgin Islands, sources said. Epstein’s island has also been dubbed Orgy Island or Sex Slave Island where Epstein allegedly pimps out underage girls and boys to international dignitaries. Both NYPD and FBI sources confirm based on the new emails they now believe Hillary Clinton traveled as Epstein’s guest on at least six occasions, probably more when all the evidence is combed, sources said. Bill Clinton, it has been confirmed in media reports spanning recent years, that he too traveled with Epstein over 20 times to the island.
  • According to other uncovered emails, Abedin and Clinton both sent and received thousands of classified and top secret documents to personal email accounts including Weiner’s unsecured campaign web site which is managed by Democratic political consultants in Washington D.C. Weiner maintained little known email accounts that the couple shared on the website anthonyweiner.com. Weiner, a former seven-term Democratic Congressman from New York, primarily used that domain to campaign for Congress and for his failed mayoral bid of New York City. At one point, FBI sources said, Abedin and Clinton’s classified and top secret State Department documents and emails were stored in Weiner’s email on a server shared with a dog grooming service and a western Canadian bicycle shop. However, Weiner and Abedin, who is Hillary Clinton’s closest personal aide, weren’t the only people with access to the Weiner’s email account. Potentially dozens of unknown individuals had access to Abedin’s sensitive State Department emails that were stored in Weiner’s email account, FBI sources confirmed. FEC records show Weiner paid more than $92,000 of congressional campaign funds to Anne Lewis Strategies LLC to manage his email and web site. According to FBI sources, the D.C.-based political consulting firm has served as the official administrator of the anthonyweiner.com domain since 2010, the same time Abedin was working at the State Department. This means technically Weiner and Abedin’s emails, including top secret State Department emails, could have been accessed, printed, discussed, leaked, or distributed by untold numbers of personnel at the Anne Lewis consulting firm because they can control where the website and it emails are pointed, FBI sources said.
  • According to FBI sources, the bureau’s newly-minted probe into Clinton’s use and handling of emails while she served as secretary of state, has also been broadened to include investigating new email-related revelations, including: Abedin forwarded classified and top secret State Department emails to Weiner’s email Abedin stored emails, containing government secrets, in a special folder shared with Weiner warehousing over 500,000 archived State Department emails. Weiner had access to these classified and top secret documents without proper security clearance to view the records Abedin also used a personal yahoo address and her Clintonemail.com address to send/receive/store classified and top secret documents A private consultant managed Weiner’s site for the last six years, including three years when Clinton was secretary of state, and therefore, had full access to all emails as the domain’s listed registrant and administrator via Whois email contacts. Because Weiner’s campaign website is managed by the third-party consultant and political email guru, FBI agents are burdened with the task of trying to decipher just how many people had access to Weiner’s server and emails and who were these people. Or if the server was ever compromised by hackers, or other actors.
  • Abedin told FBI agents in an April interview that she didn’t know how to consistently print documents or emails from her secure Dept. of State system. Instead, she would forward the sensitive emails to her yahoo, Clintonemail.com and her email linked to Weiner. Abedin said, according to FBI documents, she would then access those email accounts via webmail from an unclassified computer system at the State Dept. and print the documents, many of which were classified and top secret, from the largely unprotected webmail portals. Clinton did not have a computer in her office on Mahogany Row at the State Dept. so she was not able to read timely intelligence unless it was printed out for her, Abedin said. Abedin also said Clinton could not operate the secure State Dept. fax machine installed in her Chappaqua, NY home without assistance. Perhaps more alarming, according to the FBI’s 302 Report detailing its interview with Abedin, none of the multiple FBI agents and Justice Department officials who conducted the interview pressed Abedin to further detail the email address linked to Weiner. There was never a follow up, according to the 302 report. But now, all that has changed, with the FBI’s decision to reopen the Clinton email investigation and the husband and wife seeking immunity deals to testify against Clinton and other associates about the contents of the laptop’s emails.
  • Gary Edwards on 03 Nov 16
     
    "New York Police Department detectives and prosecutors working an alleged underage sexting case against former Congressman Anthony Weiner have turned over a newly-found laptop he shared with wife Huma Abedin to the FBI with enough evidence "to put Hillary (Clinton) and her crew away for life," NYPD sources told True Pundit. NYPD sources said Clinton's "crew" also included several unnamed yet implicated members of Congress in addition to her aides and insiders. The NYPD seized the computer from Weiner during a search warrant and detectives discovered a trove of over 500,000 emails to and from Hillary Clinton, Abedin and other insiders during her tenure as secretary of state. The content of those emails sparked the FBI to reopen its defunct email investigation into Clinton on Friday. But new revelations on the contents of that laptop, according to law enforcement sources, implicate the Democratic presidential candidate, her subordinates, and even select elected officials in far more alleged serious crimes than mishandling classified and top secret emails, sources said. NYPD sources said these new emails include evidence linking Clinton herself and associates to: Money laundering Child exploitation Sex crimes with minors (children) Perjury Pay to play through Clinton Foundation Obstruction of justice Other felony crimes NYPD detectives and a NYPD Chief, the department's highest rank under Commissioner, said openly that if the FBI and Justice Department fail to garner timely indictments against Clinton and co- conspirators, NYPD will go public with the damaging emails now in the hands of FBI Director James Comey and many FBI field offices. "What's in the emails is staggering and as a father, it turned my stomach," the NYPD Chief said. "There is not going to be any Houdini-like escape from what we found. We have copies of everything. We will ship them to Wikileaks or I will personally hold my own press conference if it comes to that." The NYPD
Gary Edwards

XKeyscore: NSA tool collects 'nearly everything a user does on the internet' | World ne... - 1 views

www.theguardian.com/...top-secret-program-online-data

Edward-Snowden Glenn-Greenwald NSA NSA-Patriot-Act-NDAA NSA-Whistleblower

shared by Gary Edwards on 01 Aug 13 - No Cached
  • The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight.
  • The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10
  • "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email".
  • ...23 more annotations...
  • US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do."
  • But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed.
  • XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata.
  • Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity.
  • Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets.
  • But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.
  • One training slide illustrates the digital activity constantly being collected by XKeyscore and the analyst's ability to query the databases at any time.
  • The purpose of XKeyscore is to allow analysts to search the metadata as well as the content of emails and other internet activity, such as browser history, even when there is no known email account (a "selector" in NSA parlance) associated with the individual being targeted.
  • Analysts can also search by name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.
  • One document notes that this is because "strong selection [search by email address] itself gives us only a very limited capability" because "a large amount of time spent on the web is performing actions that are anonymous."
  • Email monitoring
  • One top-secret document describes how the program "searches within bodies of emails, webpages and documents", including the "To, From, CC, BCC lines" and the 'Contact Us' pages on websites".
  • To search for emails, an analyst using XKS enters the individual's email address into a simple online search form, along with the "justification" for the search and the time period for which the emails are sought.
  • One document, a top secret 2010 guide describing the training received by NSA analysts for general surveillance under the Fisa Amendments Act of 2008, explains that analysts can begin surveillance on anyone by clicking a few simple pull-down menus designed to provide both legal and targeting justifications.
  • Once options on the pull-down menus are selected, their target is marked for electronic surveillance and the analyst is able to review the content of their communications:
  • Chats, browsing history and other internet activity
  • Beyond emails, the XKeyscore system allows analysts to monitor a virtually unlimited array of other internet activities, including those within social media.
  • An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using XKeyscore to read the content of Facebook chats or private messages.
  • The XKeyscore program also allows an analyst to learn the IP addresses of every person who visits any website the analyst specifies.
  • The quantity of communications accessible through programs such as XKeyscore is staggeringly large. One NSA report from 2007 estimated that there were 850bn "call events" collected and stored in the NSA databases, and close to 150bn internet records. Each day, the document says, 1-2bn records were added.
  • William Binney, a former NSA mathematician, said last year that the agency had "assembled on the order of 20tn transactions about US citizens with other US citizens", an estimate, he said, that "only was involving phone calls and emails". A 2010 Washington Post article reported that "every day, collection systems at the [NSA] intercept and store 1.7bn emails, phone calls and other type of communications."
  • The ACLU's deputy legal director, Jameel Jaffer, told the Guardian last month that national security officials expressly said that a primary purpose of the new law was to enable them to collect large amounts of Americans' communications without individualized warrants.
  • "The government doesn't need to 'target' Americans in order to collect huge volumes of their communications," said Jaffer. "The government inevitably sweeps up the communications of many Americans" when targeting foreign nationals for surveillance.
  • Gary Edwards on 01 Aug 13
     
    "One presentation claims the XKeyscore program covers 'nearly everything a typical user does on the internet' ................................................................. A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden. The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet. The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight. The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10. "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email". US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do." But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks - what the agency calls Digital Network Intelligence (DNI). One
  • Paul Merrell on 02 Aug 13
     
    "But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. " Note in that regard that Snowden said in an earlier interview that use of this system rarely was audited and that when audited, the most common request if changes were requested was to beef up the justification for the search. The XScore system puts the lie to just about everything the Administration has claimed about intense oversight by all three branches of federal government and about not reading emails or listening to (Skype) phone calls. The lies keep stacking up in an ever-deepening pile.
Gary Edwards

Why the Ruling Class is So Upset About Edward Snowden » CounterPunch: Tells t... - 0 views

www.counterpunch.org/...-so-upset-about-edward-snowden

Gary-Leupp NSA-Patriot-Act-NDAA NSA-Whistleblower Edward-Snowden

shared by Gary Edwards on 26 Jun 13 - No Cached
  • the networks now compete with one another to generate outrage—not at the spying, mind you, but at Snowden for violating the law.
  • O’Reilly’s current position is that while a hero, Snowden should be placed on trial and judged by a jury. Which is to say, he should be apprehended abroad, brought back in handcuffs and treated to the same benefits of the U.S. judicial system enjoyed by a Bradley Manning or a Guantanamo detainee.
  • He broke the law! He told us: “Any analyst at any time can target anyone.”
  • ...24 more annotations...
  • “He took an oath,” thunders Dianne Feinstein
  • chair of the Senate Intelligence Committee (and thus someone complicit in the spying programs).
  • What she means by this is that he broke his pledge, made when he became an employee of the CIA contractor Booz Allen Hamilton—which helps handle the massive effort to monitor all of us daily—to conceal any secrets he obtained as an employee.
  • She is of course not referring to the oath he made at the same time, to uphold the Constitution of the United States, which says very clearly that “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…”
  • Snowden has not merely revealed that the U.S. government has forced service providers Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube and Apple to share all their records with itself, in the form of mega-data that can only be accessed for content following the issuance of warrants from (secret) courts, in order to thwart real or imagined terrorist plots. He hasn’t merely shown that the NSA intercepts 1.7 billion electronic records every day (in order, of course, to thwart the terrorists). He has charged the following:
  • The FBI’s “Counterintelligence Program” (COINTELPRO), active from 1956 to 1971, collected information through wiretaps and other means with the specific objective of destroying civil rights and left-wing organizations.
  • Snowden indicates that those with that power can indeed gain access to what Bill Clinton recently called the “meat” of your communications.
  • That is, every word you’ve spoken on the phone recently, or maybe for several years; or test-messaged or instant-messaged online; can be accessed by government “analysts” at their whim.
  • in 2008, ABC News revealed that National Security Agency staffers enjoyed monitoring satellite phone sex involving U.S. officers in Iraq. It’s worth quoting at length.
  • “‘These were just really everyday, average, ordinary Americans who happened to be in the Middle East, in our area of intercept and happened to be making these phone calls on satellite phones,’ said Adrienne Kinne, a 31-year old US Army Reserves Arab linguist assigned to a special military program at the NSA’s Back Hall at Fort Gordon from November 2001 to 2003. Kinne described the contents of the calls as ‘personal, private things with Americans who are not in any way, shape or form associated with anything to do with terrorism.’ [...] Another intercept operator, former Navy Arab linguist, David Murfee Faulk, 39, said he and his fellow intercept operators listened into hundreds of Americans picked up using phones in Baghdad’s Green Zone from late 2003 to November 2007. ‘Calling home to the United States, talking to their spouses, sometimes their girlfriends, sometimes one phone call following another,’ said Faulk. [...] ‘Hey, check this out,’ Faulk says he would be told, ‘there’s good phone sex or there’s some pillow talk, pull up this call, it’s really funny, go check it out. It would be some colonel making pillow talk and we would say, ‘Wow, this was crazy,’ Faulk told ABC News.”
  • If that’s the way NSA analysts could deal with U.S. military officers in Iraq—fellow cogs in the system, fighting on behalf of U.S. imperialism—how much respect do you suppose they have for you and your privacy? For your security from their searches, their violations?
  • But the main issue is not your protection from phone-sex interlopers, but protection from those who want to do you harm.
  • “Any analyst at any time can target anyone. Any selector, anywhere… I, sitting at my desk, certainly had the authorities to wiretap anyone, from you or your accountant, to a federal judge, to even the President…”
  • One of its stated missions was to use surveillance on activists to release negative personal information to the public to discredit them. In many instances the agents succeeded, and they ruined lives. And their abilities to do so pale in comparison with the abilities of Obama’s NSA.
  • the Bush administration would be willing to learn a thing or two about domestic spying from the experts of the former Stasi. What ruling elite has ever gained more total information awareness about its citizens than the old German Democratic Republic?  And done it with such elegant legal scaffolding?
  • As historians such as Katherine Pence and Paul Betts have shown, the GDR authorities operated within scrupulously observed legal constraints. One sees this in the film Das Leben der Anderen (The Lives of Others) produced in the reunited Germany in 2006. It depicts the surveillance culture of the former East Germany, leaving the viewer nauseated.
  • Everything according to law.
  • I thought of that film while reading the lead Boston Globe editorial on June 13. It concludes that the “policies that [Snowden revealed], however objectionable, are properly authorized” while Snowden himself “broke the law.”
  • It all, in my humble opinion, boils down to thi
  • U.S. to World: “You Must View Snowden as a Criminal, and Give Him Back”
  • Suddenly, the Cold War has reappeared. Snowden is charged with espionage, some of his critics alleging that he’s in the service of the PRC and/or Russia or other “enemies.” It in fact appears that Beijing and Moscow both were taken by surprise by this episode, and that both have attempted to handle Snowden’s unexpected presence carefully to avoid annoying the U.S.
  • The entirety of the ruling elite and the journalistic establishment are keen on defending the programs Snowden has exposed; keen on punishing him for his whistle-blowing; determined to vilify him as a punk, narcissist, egoist, attention-hungry ne’er-do-well (anything but a thoughtful man who made a moral choice that has enlightened people about the character of the U.S. government); feverishly working on damage control while anticipating more damning revelations; and determined to get those four laptops with their incriminating content back into the bosom of the national security state.
  • Thus, you see, he’s not a whistle-blower but a criminal.
  • No, there are us, and there are them. The tiny power elite that controls the mainstream press and cable channels, the corporations that dutifully hand over mega-data to the state (and then deny doing so to allay consumer outrage), the twin political parties, are sick to their stomachs that they’ve been so exposed. We in our turn should feel, if not terrorized, nauseated.
  • Gary Edwards on 26 Jun 13
     
    This is a fun and enlightening read.  Extremely well written!  Maybe the most complete statement of both the facts of the Snowden - NSA disclosure event, and the mix of heartache and anger I feel about it.  Gut wrenching, nauseating and sick to my soul over what these clowns are doing to this great Republic, the Constitution, and the brief history of individual liberty this country represents.  Nicely written summary.
Paul Merrell

F.B.I. Is Broadening Surveillance Role, Report Shows - NYTimes.com - 0 views

www.nytimes.com/...illance-role-report-shows.html

surveillance state NSA FBI Bush2 FISA-Court 2007

shared by Paul Merrell on 12 Jan 15 - No Cached
  • Although the government’s warrantless surveillance program is associated with the National Security Agency, the Federal Bureau of Investigation has gradually become a significant player in administering it, a newly declassified report shows.In 2008, according to the report, the F.B.I. assumed the power to review email accounts the N.S.A. wanted to collect through the “Prism” system, which collects emails of foreigners from providers like Yahoo and Google. The bureau’s top lawyer, Valerie E. Caproni, who is now a Federal District Court judge, developed procedures to make sure no such accounts belonged to Americans.
  • Then, in October 2009, the F.B.I. started retaining copies of unprocessed communications gathered without a warrant to analyze for its own purposes. And in April 2012, the bureau began nominating new email accounts and phone numbers belonging to foreigners for collection, including through the N.S.A.’s “upstream” system, which collects communications transiting network switches.That information is in a 231-page study by the Justice Department’s inspector general about the F.B.I.’s activities under the FISA Amendments Act of 2008, which authorized the surveillance program. The report was entirely classified when completed in September 2012. But the government has now made a semi-redacted version of the report public in response to a Freedom of Information Act lawsuit filed by The New York Times.
  • The report also filled in a gap about the evolving legality of the warrantless wiretapping program, which traces back to a decision by President George W. Bush in October 2001 to direct the N.S.A. to collect Americans’ international phone calls and emails, from network locations on domestic soil, without the individual warrants required by the Foreign Intelligence Surveillance Act, or FISA. The Times revealed that program in December 2005.After the article appeared, telecommunications providers that had voluntarily participated in the program were sued, and a Federal District Court judge in Detroit ruled that the program was illegal, although that decision was later vacated. The Bush administration sought to put the program on more solid legal footing by gaining orders from the Foreign Intelligence Surveillance Court approving it.Continue reading the main story Continue reading the main story Continue reading the main story In January 2007, the Bush administration persuaded the court’s Judge Malcolm Howard to issue an order to telephone and network companies requiring them to let the security agency target foreigners’ accounts for collection without individual warrants. But in April 2007, when the order came up for renewal before Judge Roger Vinson, he said that it was illegal.
  • ...1 more annotation...
  • Judge Vinson’s resistance led Congress to enact, in August 2007, the Protect America Act, a temporary law permitting warrantless surveillance of foreigners from domestic network locations. The next year, Congress replaced that law with the FISA Amendments Act.Last month, as a result of separate Freedom of Information Act lawsuits by The Times and the Electronic Frontier Foundation, the government declassified the identities of the judges who disagreed in early 2007 and several court filings from that episode. But it remained unclear what the N.S.A. had done in June and July of 2007.The newly declassified report said Judge Vinson issued an order on May 31, 2007, that allowed existing surveillance to continue by approving collection on a long list of specific foreign phone numbers and email addresses. But after that, when the agency wanted to start wiretapping an additional person, it had to ask the court for permission.The report said that “the rigorous nature of the FISA Court’s probable cause review of new selectors submitted to the various FISA Court judges following Judge Vinson’s May 31, 2007, order caused the N.S.A. to place fewer foreign selectors under coverage than it wanted to.” That and other factors “combined to accelerate the government’s efforts” to persuade Congress to enact the Protect America Act.
Paul Merrell

Redactions in U.S. Memo Leave Doubts on Data Surveillance Program - NYTimes.com - 0 views

www.nytimes.com/...data-surveillance-program.html

surveillance-state NSA DoJ Stellar-Wind email Bush2 illegal

shared by Paul Merrell on 08 Sep 14 - No Cached
  • The Justice Department has released a newly declassified version of a May 2004 legal memo approving the National Security Agency’s Stellarwind program, a set of warrantless surveillance and data collection activities that President George W. Bush secretly authorized after the terrorist attacks of Sept. 11, 2001. But questions about the program remain.A more heavily redacted version of the memo had been released in 2011 as part of Freedom of Information Act lawsuits by the American Civil Liberties Union and the Electronic Privacy Information Center. The new version includes previously censored references to the existence of the data collection related to Americans’ phone calls and emails.
  • The Obama administration voluntarily reprocessed the memo from Jack Goldsmith, the head of the Justice Department’s Office of Legal Counsel, in light of the fact that it had declassified the existence of the bulk phone and email data programs last year after leaks by Edward J. Snowden, a former N.S.A. contractor.The fuller release adds to the public record of an important historical episode. However, the government continued to redact crucial portions of the memo that would answer a primary remaining question about the history of Stellarwind: What prompted the Justice Department to conclude in early 2004 that one aspect of the program, which collected records about Americans’ emails in bulk, was illegal — even though it permitted other aspects, like warrantless wiretapping and the bulk collection of Americans’ phone records, to continue?“They have continued to keep redacted something very significant,” said Jameel Jaffer, a lawyer with the A.C.L.U.
  • The Justice Department’s conclusion that the email metadata program was illegal led to a March 2004 confrontation between White House and department officials in the hospital room of Attorney General John Ashcroft, after which nearly the entire top leadership of the department threatened to resign, prompting President Bush to agree to changes.
  • ...1 more annotation...
  • parts of what had happened began to become public, starting with a December 2005 article in The New York Times that revealed the warrantless wiretapping portion of the program. The bulk phone and email metadata programs, however, remained secret until 2013, when they came to light in leaks by Mr. Snowden.While the basic existence of the March 2004 crisis has been known, it was not until Mr. Snowden’s leaks that it became clear that it pertained only to the Internet metadata program. However, it has remained murky what Mr. Goldsmith objected to in light of his willingness to bless the rest of Stellarwind based on a sweeping theory of presidential wartime powers.Those portions of the memo remain redacted in the newly released version.
1 - 20 of 141 Next › Last »
Showing 20 items per page