Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged privacy

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

2014 Press Release - NSA Announces New Civil Liberties and Privacy Officer" - 0 views

www.nsa.gov/...iberties_privacy_officer.shtml

surveillance state NSA Civil-Liberties-&-Privacy-Officer Rebecca-Richards

shared by Paul Merrell on 06 Apr 14 - No Cached
  • GEN Keith Alexander - Commander, U.S. Cyber Command/Director, NSA/Chief, CSS - announced today that well-known privacy expert Rebecca Richards will serve as the National Security Agency's new Civil Liberties and Privacy Officer. She most recently worked as the Senior Director for Privacy Compliance at the Department of Homeland Security.
  • Selected to lead the new NSA Civil Liberties and Privacy Office at the agency's Fort Meade headquarters, Ms. Richards' primary job will be to provide expert advice to the Director and oversight of NSA's civil liberties and privacy related activities. She will also develop measures to further strengthen NSA's privacy protections.
  • Paul Merrell on 06 Apr 14
     
    Softball Interview here. . I wasn't really expecting Obama to reach out to the ACLU and EFF for a good civil liberties lawyer recommendation, but this appointment is lame, the former Director of Privacy for Dept. of Homeland Security, those wonderful folk who keep the homeland safe from terra-ists. The airport gropers, secret no-fly listers, and masters of border protection, where all Constitutional privacy rights do not apply, per the Supreme Court., the coordinators of our glorious "fusion centers," the provisioners of funding for armored cars and surveillance equipment for local police, etc. A sample from her interview linked above that I transcribed (omitting all the umhs and ahs): "When you think about NSA, privacy there for them was privacy of its employees, about contractors, about the average person walking down the street - it was not as concentrated on, this is the big collection that we're getting through these means, and so what this job does is that it brings it up under direct reports to the director of NSA and it is just as a focal point, to bring all of those and -- I walked in the building and people were already asking questions so ..." Heaven help us; has this lassie's brain yet matured to the point of completing her first sentence? This is the lady who is going to keep Admiral Rogers on the straight and narrow path of respecting our civil liberties? I suspect not.  I may return to this inarticulate and non-assertive young lady in later posts. Let it suffice for now to observe that the Dept. of Homeland Security, whose raison d'etre is a virtually non-existent terrorist threat manufactured by the politics of fear, has not exactly been a champion of the People's civil liberties. Moreover, I've had recent occasion to dig rather deeply into exactly what it is that Privacy Officers do and don't do. Telling heads of agencies that they cannot lawfully do what they want to do is no
Paul Merrell

UN Report Finds Mass Surveillance Violates International Treaties and Privacy Rights - ... - 0 views

firstlook.org/...ort-condemns-mass-surveillance

surveillance state UN-report digital-privacy

shared by Paul Merrell on 16 Oct 14 - No Cached
  • The United Nations’ top official for counter-terrorism and human rights (known as the “Special Rapporteur”) issued a formal report to the U.N. General Assembly today that condemns mass electronic surveillance as a clear violation of core privacy rights guaranteed by multiple treaties and conventions. “The hard truth is that the use of mass surveillance technology effectively does away with the right to privacy of communications on the Internet altogether,” the report concluded. Central to the Rapporteur’s findings is the distinction between “targeted surveillance” — which “depend[s] upon the existence of prior suspicion of the targeted individual or organization” — and “mass surveillance,” whereby “states with high levels of Internet penetration can [] gain access to the telephone and e-mail content of an effectively unlimited number of users and maintain an overview of Internet activity associated with particular websites.” In a system of “mass surveillance,” the report explained, “all of this is possible without any prior suspicion related to a specific individual or organization. The communications of literally every Internet user are potentially open for inspection by intelligence and law enforcement agencies in the States concerned.”
  • Mass surveillance thus “amounts to a systematic interference with the right to respect for the privacy of communications,” it declared. As a result, “it is incompatible with existing concepts of privacy for States to collect all communications or metadata all the time indiscriminately.” In concluding that mass surveillance impinges core privacy rights, the report was primarily focused on the International Covenant on Civil and Political Rights, a treaty enacted by the General Assembly in 1966, to which all of the members of the “Five Eyes” alliance are signatories. The U.S. ratified the treaty in 1992, albeit with various reservations that allowed for the continuation of the death penalty and which rendered its domestic law supreme. With the exception of the U.S.’s Persian Gulf allies (Saudi Arabia, UAE and Qatar), virtually every major country has signed the treaty. Article 17 of the Covenant guarantees the right of privacy, the defining protection of which, the report explained, is “that individuals have the right to share information and ideas with one another without interference by the State, secure in the knowledge that their communication will reach and be read by the intended recipients alone.”
  • The report’s key conclusion is that this core right is impinged by mass surveillance programs: “Bulk access technology is indiscriminately corrosive of online privacy and impinges on the very essence of the right guaranteed by article 17. In the absence of a formal derogation from States’ obligations under the Covenant, these programs pose a direct and ongoing challenge to an established norm of international law.” The report recognized that protecting citizens from terrorism attacks is a vital duty of every state, and that the right of privacy is not absolute, as it can be compromised when doing so is “necessary” to serve “compelling” purposes. It noted: “There may be a compelling counter-terrorism justification for the radical re-evaluation of Internet privacy rights that these practices necessitate. ” But the report was adamant that no such justifications have ever been demonstrated by any member state using mass surveillance: “The States engaging in mass surveillance have so far failed to provide a detailed and evidence-based public justification for its necessity, and almost no States have enacted explicit domestic legislation to authorize its use.”
  • ...5 more annotations...
  • Instead, explained the Rapporteur, states have relied on vague claims whose validity cannot be assessed because of the secrecy behind which these programs are hidden: “The arguments in favor of a complete abrogation of the right to privacy on the Internet have not been made publicly by the States concerned or subjected to informed scrutiny and debate.” About the ongoing secrecy surrounding the programs, the report explained that “states deploying this technology retain a monopoly of information about its impact,” which is “a form of conceptual censorship … that precludes informed debate.” A June report from the High Commissioner for Human Rights similarly noted “the disturbing lack of governmental transparency associated with surveillance policies, laws and practices, which hinders any effort to assess their coherence with international human rights law and to ensure accountability.” The rejection of the “terrorism” justification for mass surveillance as devoid of evidence echoes virtually every other formal investigation into these programs. A federal judge last December found that the U.S. Government was unable to “cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack.” Later that month, President Obama’s own Review Group on Intelligence and Communications Technologies concluded that mass surveillance “was not essential to preventing attacks” and information used to detect plots “could readily have been obtained in a timely manner using conventional [court] orders.”
  • Three Democratic Senators on the Senate Intelligence Committee wrote in The New York Times that “the usefulness of the bulk collection program has been greatly exaggerated” and “we have yet to see any proof that it provides real, unique value in protecting national security.” A study by the centrist New America Foundation found that mass metadata collection “has had no discernible impact on preventing acts of terrorism” and, where plots were disrupted, “traditional law enforcement and investigative methods provided the tip or evidence to initiate the case.” It labeled the NSA’s claims to the contrary as “overblown and even misleading.” While worthless in counter-terrorism policies, the UN report warned that allowing mass surveillance to persist with no transparency creates “an ever present danger of ‘purpose creep,’ by which measures justified on counter-terrorism grounds are made available for use by public authorities for much less weighty public interest purposes.” Citing the UK as one example, the report warned that, already, “a wide range of public bodies have access to communications data, for a wide variety of purposes, often without judicial authorization or meaningful independent oversight.”
  • The report was most scathing in its rejection of a key argument often made by American defenders of the NSA: that mass surveillance is justified because Americans are given special protections (the requirement of a FISA court order for targeted surveillance) which non-Americans (95% of the world) do not enjoy. Not only does this scheme fail to render mass surveillance legal, but it itself constitutes a separate violation of international treaties (emphasis added): The Special Rapporteur concurs with the High Commissioner for Human Rights that where States penetrate infrastructure located outside their territorial jurisdiction, they remain bound by their obligations under the Covenant. Moreover, article 26 of the Covenant prohibits discrimination on grounds of, inter alia, nationality and citizenship. The Special Rapporteur thus considers that States are legally obliged to afford the same privacy protection for nationals and non-nationals and for those within and outside their jurisdiction. Asymmetrical privacy protection regimes are a clear violation of the requirements of the Covenant.
  • That principle — that the right of internet privacy belongs to all individuals, not just Americans — was invoked by NSA whistleblower Edward Snowden when he explained in a June, 2013 interview at The Guardian why he disclosed documents showing global surveillance rather than just the surveillance of Americans: “More fundamentally, the ‘US Persons’ protection in general is a distraction from the power and danger of this system. Suspicionless surveillance does not become okay simply because it’s only victimizing 95% of the world instead of 100%.” The U.N. Rapporteur was clear that these systematic privacy violations are the result of a union between governments and tech corporations: “States increasingly rely on the private sector to facilitate digital surveillance. This is not confined to the enactment of mandatory data retention legislation. Corporates [sic] have also been directly complicit in operationalizing bulk access technology through the design of communications infrastructure that facilitates mass surveillance. ”
  • The latest finding adds to the growing number of international formal rulings that the mass surveillance programs of the U.S. and its partners are illegal. In January, the European parliament’s civil liberties committee condemned such programs in “the strongest possible terms.” In April, the European Court of Justice ruled that European legislation on data retention contravened EU privacy rights. A top secret memo from the GCHQ, published last year by The Guardian, explicitly stated that one key reason for concealing these programs was fear of a “damaging public debate” and specifically “legal challenges against the current regime.” The report ended with a call for far greater transparency along with new protections for privacy in the digital age. Continuation of the status quo, it warned, imposes “a risk that systematic interference with the security of digital communications will continue to proliferate without any serious consideration being given to the implications of the wholesale abandonment of the right to online privacy.” The urgency of these reforms is underscored, explained the Rapporteur, by a conclusion of the United States Privacy and Civil Liberties Oversight Board that “permitting the government to routinely collect the calling records of the entire nation fundamentally shifts the balance of power between the state and its citizens.”
Paul Merrell

Distrust of US surveillance threatens data deal | TheHill - 0 views

thehill.com/...rveillance-threatens-data-deal

surveillance state EU NSA safe-harbor negotiations Congress

shared by Paul Merrell on 08 Feb 16 - No Cached
  • European privacy regulators are putting U.S. surveillance practices under the microscope, this time with a crucial transatlantic data deal hanging in the balance.Legal and privacy advocates say European nations are poised to strike down the deal if they decide the U.S. hasn't done enough to reform its spying programs.The new test comes after the European Commission and the Commerce Department — after months of tense negotiations — reached a deal this week permitting Facebook, Google and thousands of other companies to continue legally handling Europeans’ personal data.ADVERTISEMENTCritics though have long warned that unless the U.S. overhauls its privacy and national security laws, there is no legal framework that can stand up in European court, where privacy is considered a fundamental right under the EU Charter.A working group of 28 EU nations’ data protection authorities — domestic entities separate from the Commission that will be in charge of enforcing the new agreement — may now cast the deciding vote.The group is spending the next few months picking through the so-called Privacy Shield agreement to determine if it adequately protects the personal data of European citizens.
  • “The Commission has said, ‘We’re satisfied. We believe them. We believe the U.S. has substantially changed its practices,’ and they are no longer going off the [Edward] Snowden revelations in the media,” said Susan Foster, a privacy attorney at Mintz Levin who works in both the EU and the U.S.“Whether the working group will go along with it is another question.”The privacy advocate whose complaint against Facebook brought down the Privacy Shield’s 15-year-old predecessor agreement is already questioning the new deal’s validity.“With all due respect ... a couple of letters by the outgoing Obama administration is by no means a legal basis to guarantee the fundamental rights of 500 million European users in the long run, when there is explicit U.S. law allowing mass surveillance,” Max Schrems of Austria said in a statement Tuesday.The United States has been fighting against the perception that it tramples on civil liberties after ex-National Security Agency contractor Edward Snowden revealed the breadth of the agency’s snooping.One sticking point in the Privacy Shield negotiations was over the scope of an exception allowing surveillance for national security purposes.
  • In announcing the deal, Commission officials insisted that the U.S. had provided “detailed written assurances” that surveillance of Europeans’ data by intelligence agencies would be subject to appropriate limitations.“The U.S. has clarified that they do not carry out indiscriminate surveillance of Europeans,” Andrus Ansip, Vice President for the Digital Single Market on the European Commission, said Tuesday.The U.S. has also agreed to create an office in the State Department, to address complaints from EU citizens who feel their data has been inappropriately accessed by intelligence authorities.Complicating the working group’s approval of the deal is the hodgepodge of competing regulators in Europe. Each nation has an agency in charge of its own country’s regulation. Some countries — such as Germany — are seen as tougher on privacy than others, like France or the U.K.While some countries consider U.S. privacy protections to be satisfactory, in others they are seen as woefully inadequate.
  • ...2 more annotations...
  • Defenders of U.S. intelligence practices often point to France and the U.K., arguing they are equally intrusive with their citizens' data.A recent public report “pretty clearly documented that the protections are patchy, vary hugely and are nonexistent in some of the countries,” Foster noted.Privacy advocates dismiss those arguments.“You cannot pick the worst member state, like the U.K., and claim you are ‘equivalent’ to that,” Schrems said Tuesday. “First, this is not a price [sic] you want to win, secondly you have to meet the standards of the European Court of Justice, EU law and the EU Charter of Fundamental Rights — not the standard of the worst member state.”The U.S. has made significant reforms to federal spying powers under the Obama administration.The Privacy and Civil Liberties Oversight Board — a small bipartisan watchdog — on Friday said the government has begun addressing each of the nearly two-dozen recommendations it made following Snowden's revelations.“[I]mportant measures have been taken to enhance the protection of Americans’ privacy and civil liberties and to strengthen the transparency of the government’s surveillance efforts, without jeopardizing our counterterrorism efforts,” the five-member board said.
  • But whether European countries believe those changes are sufficient to sign off on the Privacy Shield is uncertain. Each of the EU’s 28 member states must approve the deal before it can be finalized.“A lot of this is going to come down to whether the data protection authorities are persuaded by the U.S.’s portrayal of the cumulative protections given to European citizens and the cumulative carving back on the NSA surveillance programs,” Foster said.If the European working group is not satisfied with the assurances from the Commerce Department, the consequences could be dire. Businesses fear a chilling of transatlantic trade, valued at $1 trillion in 2014.The most likely outcome, experts say, would be a patchwork of country-to-country regulations that would make it extremely expensive for companies to comply.Legislative changes in the U.S. seem unlikely. Congress is close to passing a privacy law considered crucial to getting seeing the Privacy Shield approved. But the bill — which gives EU citizens the right to sue in U.S. courts over the misuse of personal data — has sparked controversy on Capitol Hill.Some lawmakers are expressing frustration that the EU has used the threat of enforcement action against U.S. companies to push Congress to make more concessions.“It’s been hard enough to get the Judicial Redress Act passed — if they’re going to make more demands on Congress, there won’t be a lot of willing listeners here,” Sen. Chris Murphy (D-Conn.) told The Hill on Thursday.
Paul Merrell

Reset The Net - Privacy Pack - 0 views

pack.resetthenet.org

surveillance state digital-privacy NSA-reform Reset-the-Net

shared by Paul Merrell on 03 Jun 14 - No Cached
  • This June 5th, I pledge to take strong steps to protect my freedom from government mass surveillance. I expect the services I use to do the same.
  • Fight for the Future and Center for Rights will contact you about future campaigns. Privacy Policy
  • Paul Merrell on 03 Jun 14
     
    I wound up joining this campaign at the urging of the ACLU after checking the Privacy Policy. The Reset the Net campaign seems to be endorsed by a lot of change-oriented groups, from the ACLU to Greenpeac to the Pirate Party. A fair number of groups with a Progressive agenda, but certainly not limited to them. The right answer to that situation is to urge other groups to endorse, not to avoid the campaign. Single-issue coalition-building is all about focusing on an area of agreement rather than worrying about who you are rubbing elbows with.  I have been looking for a a bipartisan group that's tackling government surveillance issues via mass actions but has no corporate sponsors. This might be the one. The reason: Corporate types like Google have no incentive to really butt heads with the government voyeurs. They are themselves engaged in massive surveillance of their users and certainly will not carry the battle for digital privacy over to the private sector. But this *is* a battle over digital privacy and legally defining user privacy rights in the private sector is just as important as cutting back on government surveillance. As we have learned through the Snowden disclosures, what the private internet companies have, the NSA can and does get.  The big internet services successfully pushed in the U.S. for authorization to publish more numbers about how many times they pass private data to the government, but went no farther. They wanted to be able to say they did something, but there's a revolving door of staffers between NSA and the big internet companies and the internet service companies' data is an open book to the NSA.   The big internet services are not champions of their users' privacy. If they were, they would be featuring end-to-end encryption with encryption keys unique to each user and unknown to the companies.  Like some startups in Europe are doing. E.g., the Wuala.com filesync service in Switzerland (first 5 GB of storage free). Compare tha
Paul Merrell

Exclusive: Inside America's Plan to Kill Online Privacy Rights Everywhere | The Cable - 0 views

thecable.foreignpolicy.com/...line_privacy_rights_everywhere

surveillance state NSA NSA-blowback UN digital-privacy human rights

shared by Paul Merrell on 22 Nov 13 - No Cached
  • The United States and its key intelligence allies are quietly working behind the scenes to kneecap a mounting movement in the United Nations to promote a universal human right to online privacy, according to diplomatic sources and an internal American government document obtained by The Cable. The diplomatic battle is playing out in an obscure U.N. General Assembly committee that is considering a proposal by Brazil and Germany to place constraints on unchecked internet surveillance by the National Security Agency and other foreign intelligence services. American representatives have made it clear that they won't tolerate such checks on their global surveillance network. The stakes are high, particularly in Washington -- which is seeking to contain an international backlash against NSA spying -- and in Brasilia, where Brazilian President Dilma Roussef is personally involved in monitoring the U.N. negotiations.
  • The Brazilian and German initiative seeks to apply the right to privacy, which is enshrined in the International Covenant on Civil and Political Rights (ICCPR), to online communications. Their proposal, first revealed by The Cable, affirms a "right to privacy that is not to be subjected to arbitrary or unlawful interference with their privacy, family, home, or correspondence." It notes that while public safety may "justify the gathering and protection of certain sensitive information," nations "must ensure full compliance" with international human rights laws. A final version the text is scheduled to be presented to U.N. members on Wednesday evening and the resolution is expected to be adopted next week. A draft of the resolution, which was obtained by The Cable, calls on states to "to respect and protect the right to privacy," asserting that the "same rights that people have offline must also be protected online, including the right to privacy." It also requests the U.N. high commissioner for human rights, Navi Pillay, present the U.N. General Assembly next year with a report on the protection and promotion of the right to privacy, a provision that will ensure the issue remains on the front burner.
  • Publicly, U.S. representatives say they're open to an affirmation of privacy rights. "The United States takes very seriously our international legal obligations, including those under the International Covenant on Civil and Political Rights," Kurtis Cooper, a spokesman for the U.S. mission to the United Nations, said in an email. "We have been actively and constructively negotiating to ensure that the resolution promotes human rights and is consistent with those obligations." But privately, American diplomats are pushing hard to kill a provision of the Brazilian and German draft which states that "extraterritorial surveillance" and mass interception of communications, personal information, and metadata may constitute a violation of human rights. The United States and its allies, according to diplomats, outside observers, and documents, contend that the Covenant on Civil and Political Rights does not apply to foreign espionage.
  • ...6 more annotations...
  • n recent days, the United States circulated to its allies a confidential paper highlighting American objectives in the negotiations, "Right to Privacy in the Digital Age -- U.S. Redlines." It calls for changing the Brazilian and German text so "that references to privacy rights are referring explicitly to States' obligations under ICCPR and remove suggestion that such obligations apply extraterritorially." In other words: America wants to make sure it preserves the right to spy overseas. The U.S. paper also calls on governments to promote amendments that would weaken Brazil's and Germany's contention that some "highly intrusive" acts of online espionage may constitute a violation of freedom of expression. Instead, the United States wants to limit the focus to illegal surveillance -- which the American government claims it never, ever does. Collecting information on tens of millions of people around the world is perfectly acceptable, the Obama administration has repeatedly said. It's authorized by U.S. statute, overseen by Congress, and approved by American courts.
  • "Recall that the USG's [U.S. government's] collection activities that have been disclosed are lawful collections done in a manner protective of privacy rights," the paper states. "So a paragraph expressing concern about illegal surveillance is one with which we would agree." The privacy resolution, like most General Assembly decisions, is neither legally binding nor enforceable by any international court. But international lawyers say it is important because it creates the basis for an international consensus -- referred to as "soft law" -- that over time will make it harder and harder for the United States to argue that its mass collection of foreigners' data is lawful and in conformity with human rights norms. "They want to be able to say ‘we haven't broken the law, we're not breaking the law, and we won't break the law,'" said Dinah PoKempner, the general counsel for Human Rights Watch, who has been tracking the negotiations. The United States, she added, wants to be able to maintain that "we have the freedom to scoop up anything we want through the massive surveillance of foreigners because we have no legal obligations."
  • The United States negotiators have been pressing their case behind the scenes, raising concerns that the assertion of extraterritorial human rights could constrain America's effort to go after international terrorists. But Washington has remained relatively muted about their concerns in the U.N. negotiating sessions. According to one diplomat, "the United States has been very much in the backseat," leaving it to its allies, Australia, Britain, and Canada, to take the lead. There is no extraterritorial obligation on states "to comply with human rights," explained one diplomat who supports the U.S. position. "The obligation is on states to uphold the human rights of citizens within their territory and areas of their jurisdictions."
  • The position, according to Jamil Dakwar, the director of the American Civil Liberties Union's Human Rights Program, has little international backing. The International Court of Justice, the U.N. Human Rights Committee, and the European Court have all asserted that states do have an obligation to comply with human rights laws beyond their own borders, he noted. "Governments do have obligation beyond their territories," said Dakwar, particularly in situations, like the Guantanamo Bay detention center, where the United States exercises "effective control" over the lives of the detainees. Both PoKempner and Dakwar suggested that courts may also judge that the U.S. dominance of the Internet places special legal obligations on it to ensure the protection of users' human rights.
  • "It's clear that when the United States is conducting surveillance, these decisions and operations start in the United States, the servers are at NSA headquarters, and the capabilities are mainly in the United States," he said. "To argue that they have no human rights obligations overseas is dangerous because it sends a message that there is void in terms of human rights protection outside countries territory. It's going back to the idea that you can create a legal black hole where there is no applicable law." There were signs emerging on Wednesday that America may have been making ground in pressing the Brazilians and Germans to back on one of its toughest provisions. In an effort to address the concerns of the U.S. and its allies, Brazil and Germany agreed to soften the language suggesting that mass surveillance may constitute a violation of human rights. Instead, it simply deep "concern at the negative impact" that extraterritorial surveillance "may have on the exercise of and enjoyment of human rights." The U.S., however, has not yet indicated it would support the revised proposal.
  • The concession "is regrettable. But it’s not the end of the battle by any means," said Human Rights Watch’s PoKempner. She added that there will soon be another opportunity to corral America's spies: a U.N. discussion on possible human rights violations as a result of extraterritorial surveillance will soon be taken up by the U.N. High commissioner.
  • Paul Merrell on 22 Nov 13
     
    Woo-hoo! Go get'em, U.N.
Paul Merrell

Rep. Mike Rogers Angrily Defends Bathroom Spycam | Popehat - 0 views

www.popehat.com/...ngrily-defends-bathroom-spycam

surveillance state NSA NSA-oversight must-read

shared by Paul Merrell on 31 Oct 13 - No Cached
  • Representative Mike Rogers (R-Michigan) was defiant today in the face of accusations that he had installed a small digital camera in the women's bathroom in his office at the Capitol. "This is just politics," said the ten-term Congressman. "I would argue the fact that we haven't had any women come forward with any specificity arguing that their privacy has been violated, clearly indicates, in ten years, clearly indicates that something must be doing right. Somebody must be doing something exactly right." When reporters asked how women would know to complain — the spycam, funded by the government, was expertly hidden — Rogers asserted that was the point. "You can't have your privacy violated if you don't know your privacy is violated," said Rogers.
  • Rogers went on to explain that the nation's Capitol — which has housed figures like former Congressman Bob Filner and former Senator Bob Packwood — presents known dangers to women, and that the spycam is calculated to make certain they are protected from those dangers. “If the women knew exactly what that spycam was about, they would be applauding and popping champagne corks. It’s a good thing. it keeps the women safe. It keeps the Capitol safe," Rogers asserted. Rogers then abruptly concluded the interview, threatening to sue reporters if they wrote about it.
  • Paul Merrell on 31 Oct 13
     
    Ken White of Popehat gives a great satirical take on the statement by Rep. Mike Rogers's statement that this week during a hearing on the NSA scandal that: "You can't have your privacy violated if you don't know your privacy is violated." (Put that one in your memorable quotes file, quick.) Worse, Rogers seemed to be sincere. And even worse yet, he is the chairman of the House Intelligence Committee. The CSPAN footage is in one of the links from White's masterful satire. 
  • Paul Merrell on 31 Oct 13
     
    Oops! Chairman Rogers apparently has a double standard on what constitutes "privacy" that distinguishes between victims of NSA snooping and victims of an insecure Affordable Care Act web site: "Continuing with the issue of privacy, Rep. Mike Rogers, R-Mich., ridiculed the program as unsafe for private information, stating that functionality concerns are indicative of a lack of privacy. "If it's not functioning, you know it's not secure," said Rogers. "You have exposed millions of Americans because you said it was "an acceptable risk." http://washington.cbslocal.com/2013/10/30/obamacare-website-down-while-sebelius-testifies/ So actual NSA privacy violations: not a problem. Potential ACA privacy violations: huge problem. Somehow, I strongly favor accidental privacy violations over intentional and secret government snooping. But maybe I'm just weird.
Paul Merrell

Privacy board report last straw on NSA surveillance program, lawmakers say | TheHill - 0 views

thehill.com/...traw-on-surveillance-lawmakers

surveillance state NSA NSA-reform Congress NSA-blowback Obama

shared by Paul Merrell on 29 Jan 14 - No Cached
  • Lawmakers are renewing their calls for an end to a controversial surveillance program that collects data about virtually all American phone calls, citing the newest recommendations from a government privacy board.This newest set of recommendations “spells the final end of the government's bulk collection” of phone call data, Rep. Adam Schiff (D-Calif.) said in a statement.The Privacy and Civil Liberties Oversight Board — tasked with overseeing the country’s surveillance activities — released its first report on the controversial surveillance programs made public by former National Security Agency contractor Edward Snowden last year.
  • The board recommended that the government end the phone data program, questioning its efficacy and saying that it “lacks a viable legal foundation” and “raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value.”Last week, President Obama outlined changes he plans to make to the surveillance program, including requiring intelligence agencies to get court approval before accessing the phone data.Critics of the NSA and its phone data program say Obama didn’t go far enough in his speech and are now pointing to the privacy board’s report as evidence that more needs to be done.“The president's recommendations last week did not go far enough to rein in the out-of-control National Security Agency,” Sen. Bernie Sanders (I-Vt.) — who has questioned the intelligence community on whether it spies on officials — said in a statement.
  • “This report underscores that the collection of records on virtually every phone call made in the United States is an unconstitutional violation of the privacy rights guaranteed by the Fourth Amendment,” he said, calling on Congress to “pass strong legislation to protect the privacy and civil liberties of the American people.”Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.), co-author of the USA Freedom Act, which would end bulk surveillance programs, said the report highlights the need for congressional action.“The report appropriately calls into question the legality and constitutionality of the program, and underscores the need to change the law to rein in the government’s overbroad interpretation” of its surveillance authority, he said in a statement.Schiff called for congressional action before next year’s sunset of a surveillance-enabling national security law.“Congress will not re-authorize bulk collection of this data when it expires next year, but Congress should not wait for the program to expire on its own,” he said. “Rather we should work to restructure the program now.”
  • ...2 more annotations...
  • House Judiciary Committee Chairman Bob Goodlatte (R-Va.) vowed to consider the report as his committee looks at the phone data program, which “is in need of significant reform.”In his statement, Goodlatte said he plans to hold a hearing “soon” to examine Obama’s announced plans to rein in surveillance, as well as the recommendations from the privacy board and a White House-convened group of privacy and intelligence experts.Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee and an ardent defender of the NSA, slammed the report, accusing the privacy board of overstepping its boundaries. 
  • Rogers pointed to the 17 federal judges who, in 38 cases, “examined this issue and found the telephone metadata program to be legal, concluding this program complies with both the statutory text and with the U.S. Constitution.”The privacy board should “advise policymakers on civil liberties and privacy aspects of national security programs, and not partake in unwarranted legal analysis” or “go outside its expertise to opine on the effectiveness of counterterrorism programs,” Rogers said in a statement. 
Paul Merrell

How Edward Snowden Changed Everything | The Nation - 0 views

www.thenation.com/...ard-snowden-changed-everything

surveillance state Snowden Wizner state-of-play civil-liberties must-read

shared by Paul Merrell on 16 Nov 15 - No Cached
  • Ben Wizner, who is perhaps best known as Edward Snowden’s lawyer, directs the American Civil Liberties Union’s Speech, Privacy & Technology Project. Wizner, who joined the ACLU in August 2001, one month before the 9/11 attacks, has been a force in the legal battles against torture, watch lists, and extraordinary rendition since the beginning of the global “war on terror.” Ad Policy On October 15, we met with Wizner in an upstate New York pub to discuss the state of privacy advocacy today. In sometimes sardonic tones, he talked about the transition from litigating on issues of torture to privacy advocacy, differences between corporate and state-sponsored surveillance, recent developments in state legislatures and the federal government, and some of the obstacles impeding civil liberties litigation. The interview has been edited and abridged for publication.
  • en Wizner, who is perhaps best known as Edward Snowden’s lawyer, directs the American Civil Liberties Union’s Speech, Privacy & Technology Project. Wizner, who joined the ACLU in August 2001, one month before the 9/11 attacks, has been a force in the legal battles against torture, watch lists, and extraordinary rendition since the beginning of the global “war on terror.” Ad Policy On October 15, we met with Wizner in an upstate New York pub to discuss the state of privacy advocacy today. In sometimes sardonic tones, he talked about the transition from litigating on issues of torture to privacy advocacy, differences between corporate and state-sponsored surveillance, recent developments in state legislatures and the federal government, and some of the obstacles impeding civil liberties litigation. The interview has been edited and abridged for publication.
  • Many of the technologies, both military technologies and surveillance technologies, that are developed for purposes of policing the empire find their way back home and get repurposed. You saw this in Ferguson, where we had military equipment in the streets to police nonviolent civil unrest, and we’re seeing this with surveillance technologies, where things that are deployed for use in war zones are now commonly in the arsenals of local police departments. For example, a cellphone surveillance tool that we call the StingRay—which mimics a cellphone tower and communicates with all the phones around—was really developed as a military technology to help identify targets. Now, because it’s so inexpensive, and because there is a surplus of these things that are being developed, it ends up getting pushed down into local communities without local democratic consent or control.
  • ...4 more annotations...
  • SG & TP: How do you see the current state of the right to privacy? BW: I joked when I took this job that I was relieved that I was going to be working on the Fourth Amendment, because finally I’d have a chance to win. That was intended as gallows humor; the Fourth Amendment had been a dishrag for the last several decades, largely because of the war on drugs. The joke in civil liberties circles was, “What amendment?” But I was able to make this joke because I was coming to Fourth Amendment litigation from something even worse, which was trying to sue the CIA for torture, or targeted killings, or various things where the invariable outcome was some kind of non-justiciability ruling. We weren’t even reaching the merits at all. It turns out that my gallows humor joke was prescient.
  • The truth is that over the last few years, we’ve seen some of the most important Fourth Amendment decisions from the Supreme Court in perhaps half a century. Certainly, I think the Jones decision in 2012 [U.S. v. Jones], which held that GPS tracking was a Fourth Amendment search, was the most important Fourth Amendment decision since Katz in 1967 [Katz v. United States], in terms of starting a revolution in Fourth Amendment jurisprudence signifying that changes in technology were not just differences in degree, but they were differences in kind, and require the Court to grapple with it in a different way. Just two years later, you saw the Court holding that police can’t search your phone incident to an arrest without getting a warrant [Riley v. California]. Since 2012, at the level of Supreme Court jurisprudence, we’re seeing a recognition that technology has required a rethinking of the Fourth Amendment at the state and local level. We’re seeing a wave of privacy legislation that’s really passing beneath the radar for people who are not paying close attention. It’s not just happening in liberal states like California; it’s happening in red states like Montana, Utah, and Wyoming. And purple states like Colorado and Maine. You see as many libertarians and conservatives pushing these new rules as you see liberals. It really has cut across at least party lines, if not ideologies. My overall point here is that with respect to constraints on government surveillance—I should be more specific—law-enforcement government surveillance—momentum has been on our side in a way that has surprised even me.
  • Do you think that increased privacy protections will happen on the state level before they happen on the federal level? BW: I think so. For example, look at what occurred with the death penalty and the Supreme Court’s recent Eighth Amendment jurisprudence. The question under the Eighth Amendment is, “Is the practice cruel and unusual?” The Court has looked at what it calls “evolving standards of decency” [Trop v. Dulles, 1958]. It matters to the Court, when it’s deciding whether a juvenile can be executed or if a juvenile can get life without parole, what’s going on in the states. It was important to the litigants in those cases to be able to show that even if most states allowed the bad practice, the momentum was in the other direction. The states that were legislating on this most recently were liberalizing their rules, were making it harder to execute people under 18 or to lock them up without the possibility of parole. I think you’re going to see the same thing with Fourth Amendment and privacy jurisprudence, even though the Court doesn’t have a specific doctrine like “evolving standards of decency.” The Court uses this much-maligned test, “Do individuals have a reasonable expectation of privacy?” We’ll advance the argument, I think successfully, that part of what the Court should look at in considering whether an expectation of privacy is reasonable is showing what’s going on in the states. If we can show that a dozen or eighteen state legislatures have enacted a constitutional protection that doesn’t exist in federal constitutional law, I think that that will influence the Supreme Court.
  • The question is will it also influence Congress. I think there the answer is also “yes.” If you’re a member of the House or the Senate from Montana, and you see that your state legislature and your Republican governor have enacted privacy legislation, you’re not going to be worried about voting in that direction. I think this is one of those places where, unlike civil rights, where you saw most of the action at the federal level and then getting forced down to the states, we’re going to see more action at the state level getting funneled up to the federal government.
  • Paul Merrell on 16 Nov 15
     
    A must-read. Ben Wizner discusses the current climate in the courts in government surveillance cases and how Edward Snowden's disclosures have affected that, and much more. Wizner is not only Edward Snowden's lawyer, he is also the coordinator of all ACLU litigation on electronic surveillance matters.
Paul Merrell

Mass Surveillance and the Right to Privacy: Adding Nuance to the Schrems Case | Just Se... - 0 views

www.justsecurity.org/...t-max-schrems-case-safe-harbor

surveillance state EU ECJ Schrems litigation data privacy

shared by Paul Merrell on 18 Oct 15 - No Cached
  • Last week’s post by Megan Graham is certainly a welcome contribution in explaining the implications of the Max Schrems case by the European Union Court of Justice, and specifically how it relates to the Safe Harbor arrangement between the US and the EU. Let me add a different perspective: Irrespective of its consequences for Safe Harbor, last week’s ruling is hugely important on a more general level, namely for the understanding of what the right to privacy entails in Europe and what this means for mass surveillance. Through its ruling in Max Schrems the EU’s highest court has established that: Mere access by public authorities to confidential or group-specific communications data constitutes an intrusion into the right to privacy, even without any further processing of that data; and While indiscriminate intrusion into “metadata” may constitute a particularly serious intrusion into the right to privacy, access to “content” data will affect the essence of the right to privacy.
  • These findings were made under Article 7 of the EU Charter of Fundamental Rights, a broad provision on the right to respect for one’s private life. This provision of the EU Charter, which is a part of the foundational treaty framework of the European Union, is almost identical to Article 8 of the European Convention on Human Rights, a treaty legally binding for broader Europe and routinely a part of domestic legal orders. It remains to be seen whether the guardian of the latter framework, the European Court of Human Rights, will also be courageous enough to determine that indiscriminate mass surveillance that provides access to “content” data breaches the essential core of the right to privacy. The highest EU court already took that bold step. One of the most important implications of identifying government access to content as breaching the essence of the right to privacy, is that it negates the need for a proportionality assessment. Measures that compromise the essence of privacy have already crossed a red line, and there is no need for any further “balancing” between privacy and security. Therefore, the Max Schrems ruling is a huge blow to many of the current methods of electronic mass surveillance, including those practiced by the US and several European countries (including the United Kingdom).
  • Several additional points from my earlier post in Verfassungsblog about this case are also worth noting. First, the EU court did not really dwell on the separate Article 8 provision of the EU Charter on Fundamental Rights, concerning the right to the protection of personal data. This was perhaps because that provision is triggered by the “processing” of data, while the general privacy (Article 7) impact comes into play through mere “access.” Another point is that while it was easy to establish the jurisdiction of the EU court over data transfers from Europe to Facebook’s servers in the US, it may be much harder to bring a case before that court concerning “upstream” methods of mass surveillance, such as the NSA’s tapping of transatlantic fiber optic telecommunications cables. Perhaps most importantly, the substantive ruling in the Schrems case is formulated in a way that it would apply to any method of mass surveillance that gives public authorities access to the content of ordinary people’s private communications, including communications intended for a group of people but not for the authorities. Hence, the ruling is a major contribution as to what the right to privacy substantively means in Europe.
Paul Merrell

Surveillance scandal rips through hacker community | Security & Privacy - CNET News - 0 views

news.cnet.com/...-rips-through-hacker-community

surveillance state NSA NSA-blowback cloud computing mobile devices privacy

shared by Paul Merrell on 06 Aug 13 - No Cached
  • One security start-up that had an encounter with the FBI was Wickr, a privacy-forward text messaging app for the iPhone with an Android version in private beta. Wickr's co-founder Nico Sell told CNET at Defcon, "Wickr has been approached by the FBI and asked for a backdoor. We said, 'No.'" The mistrust runs deep. "Even if [the NSA] stood up tomorrow and said that [they] have eliminated these programs," said Marlinspike, "How could we believe them? How can we believe that anything they say is true?" Where does security innovation go next? The immediate future of information security innovation most likely lies in software that provides an existing service but with heightened privacy protections, such as webmail that doesn't mine you for personal data.
  • Wickr's Sell thinks that her company has hit upon a privacy innovation that a few others are also doing, but many will soon follow: the company itself doesn't store user data. "[The FBI] would have to force us to build a new app. With the current app there's no way," she said, that they could incorporate backdoor access to Wickr users' texts or metadata. "Even if you trust the NSA 100 percent that they're going to use [your data] correctly," Sell said, "Do you trust that they're going to be able to keep it safe from hackers? What if somebody gets that database and posts it online?" To that end, she said, people will start seeing privacy innovation for services that don't currently provide it. Calling it "social networks 2.0," she said that social network competitors will arise that do a better job of protecting their customer's privacy and predicted that some that succeed will do so because of their emphasis on privacy. Abine's recent MaskMe browser add-on and mobile app for creating disposable e-mail addresses, phone numbers, and credit cards is another example of a service that doesn't have access to its own users' data.
  • Stamos predicted changes in services that companies with cloud storage offer, including offering customers the ability to store their data outside of the U.S. "If they want to stay competitive, they're going to have to," he said. But, he cautioned, "It's impossible to do a cloud-based ad supported service." Soghoian added, "The only way to keep a service running is to pay them money." This, he said, is going to give rise to a new wave of ad-free, privacy protective subscription services.
  • ...2 more annotations...
  • The issue with balancing privacy and surveillance is that the wireless carriers are not interested in privacy, he said. "They've been providing wiretapping for 100 years. Apple may in the next year protect voice calls," he said, and said that the best hope for ending widespread government surveillance will be the makers of mobile operating systems like Apple and Google. Not all upcoming security innovation will be focused on that kind of privacy protection. Security researcher Brandon Wiley showed off at Defcon a protocol he calls Dust that can obfuscate different kinds of network traffic, with the end goal of preventing censorship. "I only make products about letting you say what you want to say anywhere in the world," such as content critical of governments, he said. Encryption can hide the specifics of the traffic, but some governments have figured out that they can simply block all encrypted traffic, he said. The Dust protocol would change that, he said, making it hard to tell the difference between encrypted and unencrypted traffic. It's hard to build encryption into pre-existing products, Wiley said. "I think people are going to make easy-to-use, encrypted apps, and that's going to be the future."
  • Companies could face severe consequences from their security experts, said Stamos, if the in-house experts find out that they've been lied to about providing government access to customer data. You could see "lots of resignations and maybe publicly," he said. "It wouldn't hurt their reputations to go out in a blaze of glory." Perhaps not surprisingly, Marlinspike sounded a hopeful call for non-destructive activism on Defcon's 21st anniversary. "As hackers, we don't have a lot of influence on policy. I hope that's something that we can focus our energy on," he said.
  • Paul Merrell on 06 Aug 13
     
    NSA as the cause of the next major disruption in the social networking service industry?  Grief ahead for Google? Note the point made that: "It's impossible to do a cloud-based ad supported service" where the encryption/decryption takes place on the client side. 
Paul Merrell

NSA broke privacy rules thousands of times per year, audit finds - The Washington Post - 0 views

www.washingtonpost.com/...3-a07f-49ddc7417125_story.html

surveillance state NSA Snowden privacy-violations lies

shared by Paul Merrell on 16 Aug 13 - No Cached
  • The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents. Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by statute and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. e-mails and telephone calls.
  • The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance. In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.
  • Read the documents NSA report on privacy violations Read the full report with key sections highlighted and annotated by the reporter.
  • ...2 more annotations...
  • The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents. Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by statute and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. e-mails and telephone calls.
  • The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.
  • Gary Edwards on 16 Aug 13
     
    4 Part Article; this is page 1. Based on a Congressional Audit of the NSA, and, the NSA documents provided by uber patriot Edward Snowden.
Paul Merrell

CISA Security Bill: An F for Security But an A+ for Spying | WIRED - 0 views

www.wired.com/...ty-bill-gets-f-security-spying

surveillance state legislation CISA

shared by Paul Merrell on 23 Mar 15 - No Cached
  • When the Senate Intelligence Committee passed the Cybersecurity Information Sharing Act by a vote of 14 to 1, committee chairman Senator Richard Burr argued that it successfully balanced security and privacy. Fifteen new amendments to the bill, he said, were designed to protect internet users’ personal information while enabling new ways for companies and federal agencies to coordinate responses to cyberattacks. But critics within the security and privacy communities still have two fundamental problems with the legislation: First, they say, the proposed cybersecurity act won’t actually boost security. And second, the “information sharing” it describes sounds more than ever like a backchannel for surveillance.
  • On Tuesday the bill’s authors released the full, updated text of the CISA legislation passed last week, and critics say the changes have done little to assuage their fears about wanton sharing of Americans’ private data. In fact, legal analysts say the changes actually widen the backdoor leading from private firms to intelligence agencies. “It’s a complete failure to strengthen the privacy protections of the bill,” says Robyn Greene, a policy lawyer for the Open Technology Institute, which joined a coalition of dozens of non-profits and cybersecurity experts criticizing the bill in an open letter earlier this month. “None of the [privacy-related] points we raised in our coalition letter to the committee was effectively addressed.” The central concern of that letter was how the same data sharing meant to bolster cybersecurity for companies and the government opens massive surveillance loopholes. The bill, as worded, lets a private company share with the Department of Homeland Security any information construed as a cybersecurity threat “notwithstanding any other provision of law.” That means CISA trumps privacy laws like the Electronic Communication Privacy Act of 1986 and the Privacy Act of 1974, which restrict eavesdropping and sharing of users’ communications. And once the DHS obtains the information, it would automatically be shared with the NSA, the Department of Defense (including Cyber Command), and the Office of the Director of National Intelligence.
  • In a statement posted to his website yesterday, Senator Burr wrote that “Information sharing is purely voluntary and companies can only share cyber-threat information and the government may only use shared data for cybersecurity purposes.” But in fact, the bill’s data sharing isn’t limited to cybersecurity “threat indicators”—warnings of incoming hacker attacks, which is the central data CISA is meant to disseminate among companies and three-letter agencies. OTI’s Greene says it also gives companies a mandate to share with the government any data related to imminent terrorist attacks, weapons of mass destruction, or even other information related to violent crimes like robbery and carjacking. 
  • ...2 more annotations...
  • The latest update to the bill tacks on yet another kind of information, anything related to impending “serious economic harm.” All of those vague terms, Greene argues, widen the pipe of data that companies can send the government, expanding CISA into a surveillance system for the intelligence community and domestic law enforcement. If information-sharing legislation does not include adequate privacy protections, then...It’s a surveillance bill by another name. Senator Ron Wyden
  • “CISA goes far beyond [cybersecurity], and permits law enforcement to use information it receives for investigations and prosecutions of a wide range of crimes involving any level of physical force,” reads the letter from the coalition opposing CISA. “The lack of use limitations creates yet another loophole for law enforcement to conduct backdoor searches on Americans—including searches of digital communications that would otherwise require law enforcement to obtain a warrant based on probable cause. This undermines Fourth Amendment protections and constitutional principles.”
  • Paul Merrell on 23 Mar 15
     
    I read the legislation. It's as bad for privacy as described in the aritcle. And its drafting is incredibly sloppy.
Paul Merrell

FindLaw | Cases and Codes - 0 views

caselaw.lp.findlaw.com/...getcase.pl

surveillance state NSA pen-register 4th Amendment

shared by Paul Merrell on 20 Jun 13 - No Cached
  • SMITH v. MARYLAND, 442 U.S. 735 (1979)
  • The telephone company, at police request, installed at its central offices a pen register to record the numbers dialed from the telephone at petitioner's home. Prior to his robbery trial, petitioner moved to suppress "all fruits derived from" the pen register. The Maryland trial court denied this motion, holding that the warrantless installation of the pen register did not violate the Fourth Amendment. Petitioner was convicted, and the Maryland Court of Appeals affirmed. Held: The installation and use of the pen register was not a "search" within the meaning of the Fourth Amendment, and hence no warrant was required. Pp. 739-746. (a) Application of the Fourth Amendment depends on whether the person invoking its protection can claim a "legitimate expectation of privacy" that has been invaded by government action. This inquiry normally embraces two questions: first, whether the individual has exhibited an actual (subjective) expectation of privacy; and second, whether his expectation is one that society is prepared to recognize as "reasonable." Katz v. United States, 389 U.S. 347 . Pp. 739-741.
  • (b) Petitioner in all probability entertained no actual expectation of privacy in the phone numbers he dialed, and even if he did, his expectation was not "legitimate." First, it is doubtful that telephone users in general have any expectation of privacy regarding the numbers they dial, since they typically know that they must convey phone numbers to the telephone company and that the company has facilities for recording this information and does in fact record it for various legitimate business purposes. And petitioner did not demonstrate an expectation of privacy merely by using his home phone rather than some other phone, since his conduct, although perhaps calculated to keep the contents of his conversation private, was not calculated to preserve the privacy of the number he dialed. Second, even if petitioner did harbor some subjective expectation of privacy, this expectation was not one that society is prepared to recognize as "reasonable." When petitioner voluntarily conveyed numerical information to the phone company and "exposed" that information to its equipment in the normal course of business, he assumed the risk that the company would reveal the information [442 U.S. 735, 736]   to the police, cf. United States v. Miller, 425 U.S. 435 . Pp. 741-746. 283 Md. 156, 389 A. 2d 858, affirmed.
  • Paul Merrell on 20 Jun 13
     
    The Washington Post has reported that "on July 15 [2001], the secret surveillance court allowed the NSA to resume bulk collection under the court's own authority. The opinion, which remains highly classified, was based on a provision of electronic surveillance law, known as "pen register, trap and trace," that was written to allow law enforcement officers to obtain the phone numbers of incoming and outgoing calls from a single telephone line." .  The seminal case on pen registers is the Supreme Court's 1979 Smith v. Maryland decision, bookmarked here and the Clerk's syllabus highlighted, with the Court's discussion on the same web page. We will be hearing a lot about this case decision in the weeks and months to come.  Let it suffice for now to record a few points of what my antenna are telling me:  -- Both technology and the law have moved on since then. We are 34 years down the line from the Smith decision. Its pronouncements have been sliced and diced by subsequent decisions. Not a single Justice who sat on the Smith case is still on the High Bench.   -- In Smith, a single pen register was used to obtain calling information from a single telephone number by law enforcement officials. In the present circumstance, we face an Orwellian situation of a secret intelligence agency with no law enforcement authority forbidden by law from conducting domestic surveillance perusing and all digital communications of the entire citizenry. -- The NSA has been gathering not only information analogous to pen register results but also the communications of American citizens themselves. The communications themselves --- the contents --- are subject to the 4th Amendment warrant requirement. Consider the circuitous route of the records ordered to be disclosed in the Verizon FISA order. Verizon was ordered to disclose them to the FBI, not to the NSA. But then the FBI apparently forwards the records to the NSA, who has both the "pen register
Paul Merrell

House Intelligence Bill Fumbled Transparency - Federation Of American Scientists - 0 views

fas.org/...house-intel

surveillance state NSA-reform Congress legislation

shared by Paul Merrell on 06 Jun 14 - No Cached
  • Intelligence community whistleblowers would have been able to submit their complaints to the Privacy and Civil Liberties Oversight Board (PCLOB) under a proposed amendment to the intelligence authorization act that was offered last week by Rep. Tulsi Gabbard (D-HI). This could have been an elegant solution to the whistleblowing conundrum posed by Edward Snowden. It made little sense for Snowden to bring his concerns about bulk collection of American phone records to the congressional intelligence committees, considering that they had already secretly embraced the practice. The PCLOB, by contrast, has staked out a position as an independent critical voice on intelligence policy. (And it has an unblemished record for protecting classified information.) The Board’s January 2014 report argued cogently and at length that the Section 215 bulk collection program was likely unlawful as well as ineffective. In short, the PCLOB seemed like a perfect fit for any potential whistleblower who might have concerns about the legality or propriety of current intelligence programs from a privacy or civil liberties perspective.
  • But when Rep. Gabbard offered her amendment to the intelligence authorization act last week, it was not voted down– it was blocked. The House Rules Committee declared that the amendment was “out of order” and could not be brought to a vote on the House floor. Several other amendments on transparency issues met a similar fate. These included a measure proposed by Rep. Adam Schiff to require reporting on casualties resulting from targeted killing operations, a proposal to disclose intelligence spending at the individual agency level, and another to require disclosure of the number of U.S. persons whose communications had been collected under FISA, among others. In dismay at this outcome, Rep. Rush Holt (D-NJ) and I lamented the “staggering failure of oversight” in a May 30 op-ed. See The House Committee on Intelligence Needs Oversight of Its Own, MSNBC.
  • The House did approve an amendment offered by Rep. John Carney (D-DE) to require the Director of National Intelligence “to issue a report to Congress on how to improve the declassification process across the intelligence community.” While the DNI’s views on the subject may indeed be of interest, the amendment failed to specify the problem it intended to address (erroneous classification standards? excessive backlogs? something else?), and so it is unclear exactly what is to be improved.
  • ...1 more annotation...
  • However, a more focused classification reform program may be in the works. Rep. Bennie Thompson (D-MS), the ranking member of the House Homeland Security Committee, said that he would introduce “a comprehensive security clearance reform bill” that would also address the need to shrink the national security classification system. The Thompson bill, which is to be introduced “in the coming weeks,” would “greatly expand the resources and responsibilities of the Public Interest Declassification Board,” Rep. Thompson said during the House floor debate on the intelligence bill on May 30. “A well-resourced and robust Board is essential to increasing accountability of the intelligence community,” he said.
  • Paul Merrell on 06 Jun 14
     
    I don't agree that whistleblowers need a secret system for their complaints. Secrecy is the problem, not the solution.In a supposedly democratic republic, every bit of government secrecy runs directly contrary to the citizen's right to be know what their government is up to.  All of the NSA reform measures in Congress share a fundamental flaw: they focus on what the NSA is allowed to do in secret. Any sane legislative approach would begin by identifying and clarifying what digital privacy rights citizens have and the obligation of government agencies and the private sector to report violations to their victims. Then one can proceed to examine how intelligence agencies might function within those parameters.  But the approach in Congress has been a catfight over "NSA reform" with secrecy accepted as the norm and without consideration of citizens' privacy rights, not even their Constitutional rights. But it is our privacy laws and their enforcement that needs attention, not directions to the Dark Government that is still allowed to remain in the dark. In other words, it is the public that should be informed of whistleblowers' revelations, not selected members of Congress, not secret courts, not some Privacy and Civil Liberties Oversight Board whose public reports are only summaries with all data they examine hid from view.  Bring that Dark Government into the sunlight and then real reform can happen but not before.
  • Gary Edwards on 07 Jun 14
     
    +1 The Constitutional and Natural rights of citizens come first. The legality of the NSA activities as well as other gov ops follows. This is an excellent point you make Paul! I hope others take up the cross and realize what an important point you are making in your comment.
Paul Merrell

Data Transfer Pact Between U.S. and Europe Is Ruled Invalid - The New York Times - 0 views

www.nytimes.com/...-union-us-data-collection.html

surveillance state NSA-reform EUCJ litigation safe-harbor

shared by Paul Merrell on 06 Oct 15 - No Cached
  • Europe’s highest court on Tuesday struck down an international agreement that allowed companies to move digital information like people’s web search histories and social media updates between the European Union and the United States. The decision left the international operations of companies like Google and Facebook in a sort of legal limbo even as their services continued working as usual.The ruling, by the European Court of Justice, said the so-called safe harbor agreement was flawed because it allowed American government authorities to gain routine access to Europeans’ online information. The court said leaks from Edward J. Snowden, the former contractor for the National Security Agency, made it clear that American intelligence agencies had almost unfettered access to the data, infringing on Europeans’ rights to privacy. The court said data protection regulators in each of the European Union’s 28 countries should have oversight over how companies collect and use online information of their countries’ citizens. European countries have widely varying stances towards privacy.
  • Data protection advocates hailed the ruling. Industry executives and trade groups, though, said the decision left a huge amount of uncertainty for big companies, many of which rely on the easy flow of data for lucrative businesses like online advertising. They called on the European Commission to complete a new safe harbor agreement with the United States, a deal that has been negotiated for more than two years and could limit the fallout from the court’s decision.
  • Some European officials and many of the big technology companies, including Facebook and Microsoft, tried to play down the impact of the ruling. The companies kept their services running, saying that other agreements with the European Union should provide an adequate legal foundation.But those other agreements are now expected to be examined and questioned by some of Europe’s national privacy watchdogs. The potential inquiries could make it hard for companies to transfer Europeans’ information overseas under the current data arrangements. And the ruling appeared to leave smaller companies with fewer legal resources vulnerable to potential privacy violations.
  • ...3 more annotations...
  • “We can’t assume that anything is now safe,” Brian Hengesbaugh, a privacy lawyer with Baker & McKenzie in Chicago who helped to negotiate the original safe harbor agreement. “The ruling is so sweepingly broad that any mechanism used to transfer data from Europe could be under threat.”At issue is the sort of personal data that people create when they post something on Facebook or other social media; when they do web searches on Google; or when they order products or buy movies from Amazon or Apple. Such data is hugely valuable to companies, which use it in a broad range of ways, including tailoring advertisements to individuals and promoting products or services based on users’ online activities.The data-transfer ruling does not apply solely to tech companies. It also affects any organization with international operations, such as when a company has employees in more than one region and needs to transfer payroll information or allow workers to manage their employee benefits online.
  • But it was unclear how bulletproof those treaties would be under the new ruling, which cannot be appealed and went into effect immediately. Europe’s privacy watchdogs, for example, remain divided over how to police American tech companies.France and Germany, where companies like Facebook and Google have huge numbers of users and have already been subject to other privacy rulings, are among the countries that have sought more aggressive protections for their citizens’ personal data. Britain and Ireland, among others, have been supportive of Safe Harbor, and many large American tech companies have set up overseas headquarters in Ireland.
  • “For those who are willing to take on big companies, this ruling will have empowered them to act,” said Ot van Daalen, a Dutch privacy lawyer at Project Moore, who has been a vocal advocate for stricter data protection rules. The safe harbor agreement has been in place since 2000, enabling American tech companies to compile data generated by their European clients in web searches, social media posts and other online activities.
  • Paul Merrell on 06 Oct 15
     
    Another take on it from EFF: https://www.eff.org/deeplinks/2015/10/europes-court-justice-nsa-surveilance Expected since the Court's Advocate General released an opinion last week, presaging today's opinion.  Very big bucks involved behind the scenes because removing U.S.-based internet companies from the scene in the E.U. would pave the way for growth of E.U.-based companies.  The way forward for the U.S. companies is even more dicey because of a case now pending in the U.S.  The Second U.S. Circuit Court of Appeals is about to decide a related case in which Microsoft was ordered by the lower court to produce email records stored on a server in Ireland. . Should the Second Circuit uphold the order and the Supreme Court deny review, then under the principles announced today by the Court in the E.U., no U.S.-based company could ever be allowed to have "possession, custody, or control" of the data of E.U. citizens. You can bet that the E.U. case will weigh heavily in the Second Circuit's deliberations.  The E.U. decision is by far and away the largest legal event yet flowing out of the Edward Snowden disclosures, tectonic in scale. Up to now, Congress has succeeded in confining all NSA reforms to apply only to U.S. citizens. But now the large U.S. internet companies, Google, Facebook, Microsoft, Dropbox, etc., face the loss of all Europe as a market. Congress *will* be forced by their lobbying power to extend privacy protections to "non-U.S. persons."  Thank you again, Edward Snowden.
Paul Merrell

American Surveillance Now Threatens American Business - The Atlantic - 0 views

www.theatlantic.com/...382821

surveillance state NSA U.S. polls sense-of-privacy data privacy

shared by Paul Merrell on 23 Nov 14 - No Cached
  • What does it look like when a society loses its sense of privacy? <div><a href="http://pubads.g.doubleclick.net/gampad/jump?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drobinson-meyer%26title%3Damerican-surveillance-now-threatens-american-business%26pos%3Din-article&sz=300x250&c=285899172&tile=1" title=""><img style="border:none;" src="http://pubads.g.doubleclick.net/gampad/ad?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drobinson-meyer%26title%3Damerican-surveillance-now-threatens-american-business%26pos%3Din-article&sz=300x250&c=285899172&tile=1" alt="" /></a></div>In the almost 18 months since the Snowden files first received coverage, writers and critics have had to guess at the answer. Does a certain trend, consumer complaint, or popular product epitomize some larger shift? Is trust in tech companies eroding—or is a subset just especially vocal about it? Polling would make those answers clear, but polling so far has been… confused. A new study, conducted by the Pew Internet Project last January and released last week, helps make the average American’s view of his or her privacy a little clearer. And their confidence in their own privacy is ... low. The study's findings—and the statistics it reports—stagger. Vast majorities of Americans are uncomfortable with how the government uses their data, how private companies use and distribute their data, and what the government does to regulate those companies. No summary can equal a recounting of the findings. Americans are displeased with government surveillance en masse:   
  • A new study finds that a vast majority of Americans trust neither the government nor tech companies with their personal data.
  • What does it look like when a society loses its sense of privacy? <div><a href="http://pubads.g.doubleclick.net/gampad/jump?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drobinson-meyer%26title%3Damerican-surveillance-now-threatens-american-business%26pos%3Din-article&sz=300x250&c=285899172&tile=1" title=""><img style="border:none;" src="http://pubads.g.doubleclick.net/gampad/ad?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drobinson-meyer%26title%3Damerican-surveillance-now-threatens-american-business%26pos%3Din-article&sz=300x250&c=285899172&tile=1" alt="" /></a></div>In the almost 18 months since the Snowden files first received coverage, writers and critics have had to guess at the answer. Does a certain trend, consumer complaint, or popular product epitomize some larger shift? Is trust in tech companies eroding—or is a subset just especially vocal about it? Polling would make those answers clear, but polling so far has been… confused. A new study, conducted by the Pew Internet Project last January and released last week, helps make the average American’s view of his or her privacy a little clearer. And their confidence in their own privacy is ... low. The study's findings—and the statistics it reports—stagger. Vast majorities of Americans are uncomfortable with how the government uses their data, how private companies use and distribute their data, and what the government does to regulate those companies. No summary can equal a recounting of the findings. Americans are displeased with government surveillance en masse:   
  • ...3 more annotations...
  • “It’s clear the global community of Internet users doesn’t like to be caught up in the American surveillance dragnet,” Senator Ron Wyden said last month. At the same event, Google chairman Eric Schmidt agreed with him. “What occurred was a loss of trust between America and other countries,” he said, according to the Los Angeles Times. “It's making it very difficult for American firms to do business.” But never mind the world. Americans don’t trust American social networks. More than half of the poll’s respondents said that social networks were “not at all secure. Only 40 percent of Americans believe email or texting is at least “somewhat” secure. Indeed, Americans trusted most of all communication technologies where some protections has been enshrined into the law (though the report didn’t ask about snail mail). That is: Talking on the telephone, whether on a landline or cell phone, is the only kind of communication that a majority of adults believe to be “very secure” or “somewhat secure.”
  • According to the study, 70 percent of Americans are “at least somewhat concerned” with the government secretly obtaining information they post to social networking sites. Eighty percent of respondents agreed that “Americans should be concerned” with government surveillance of telephones and the web. They are also uncomfortable with how private corporations use their data: Ninety-one percent of Americans believe that “consumers have lost control over how personal information is collected and used by companies,” according to the study. Eighty percent of Americans who use social networks “say they are concerned about third parties like advertisers or businesses accessing the data they share on these sites.” And even though they’re squeamish about the government’s use of data, they want it to regulate tech companies and data brokers more strictly: 64 percent wanted the government to do more to regulate private data collection. Since June 2013, American politicians and corporate leaders have fretted over how much the leaks would cost U.S. businesses abroad.
  • (That may seem a bit incongruous, because making a telephone call is one area where you can be almost sure you are being surveilled: The government has requisitioned mass call records from phone companies since 2001. But Americans appear, when discussing security, to differentiate between the contents of the call and data about it.) Last month, Ramsey Homsany, the general counsel of Dropbox, said that one big thing could take down the California tech scene. “We have built this incredible economic engine in this region of the country,” said Homsany in the Los Angeles Times, “and [mistrust] is the one thing that starts to rot it from the inside out.” According to this poll, the mistrust has already begun corroding—and is already, in fact, well advanced. We’ve always assumed that the great hurt to American business will come globally—that citizens of other nations will stop using tech companies’s services. But the new Pew data shows that Americans suspect American businesses just as much. And while, unlike citizens of other nations, they may not have other places to turn, they may stop putting sensitive or delicate information online.
Paul Merrell

CISA Cybersecurity Bill Advances Despite Privacy Concerns | WIRED - 0 views

www.wired.com/...nces-despite-privacy-critiques

surveillance state NSA cybersecurity legislation CISA privacy-loophole

shared by Paul Merrell on 13 Mar 15 - No Cached
  • For months, privacy advocates have been pointing to flaws in CISA, the new reincarnation of the cybersecurity bill known as CISPA that Congress has been kicking around since 2013. But today that zombie bill lurched one step closer to becoming law. The Senate Intelligence Committee passed the Cybersecurity Information Sharing Act, or CISA, by a vote of 14 to one Thursday afternoon. The bill, like the failed Cybersecurity Information Sharing and Protection Act that proceeded it, is designed to encourage the sharing of data between private companies and the government to prevent and respond to cybersecurity threats. But privacy critics have protested that CISA would create a legal framework for companies to more closely monitor internet users and share that data with government agencies.
  • After Thursday’s vote, Senator Ron Wyden—the only member of the Senate’s intelligence committee to vote against the bill—repeated those privacy concerns in a public statement. “If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill—it’s a surveillance bill by another name,” he wrote. “It makes sense to encourage private firms to share information about cybersecurity threats. But this information sharing is only acceptable if there are strong protections for the privacy rights of law-abiding American citizens.”
  • Looking at the most recently revealed public version of CISA, privacy advocates have pointed out that it would allow sharing of personal data that goes beyond cybersecurity threats. It also allows the sharing of private sector data with the government that could prevent “terrorism” or an “imminent threat of death or serious bodily harm.” That language, Open Technology Institute privacy counsel Robyn Greene has argued, means CISA might “facilitate investigations into garden-variety violent crimes that have nothing to do with cyber threats.” “If that weren’t worrisome enough, the bill would also let law enforcement and other government agencies use information it receives to investigate, without a requirement for imminence or any connection to computer crime, even more crimes like carjacking, robbery, possession or use of firearms, ID fraud, and espionage,” Greene wrote in February. “While some of these are terrible crimes, and law enforcement should take reasonable steps to investigate them, they should not do so with information that was shared under the guise of enhancing cybersecurity.”
Paul Merrell

EU-US Personal Data Privacy Deal 'Cracked Beyond Repair' - 0 views

www.mintpressnews.com/...218358

surveillance state EU safe-harbor privacy-shield litigation

shared by Paul Merrell on 12 Jul 16 - No Cached
  • Privacy Shield is the proposed new deal between the EU and the US that is supposed to safeguard all personal data on EU citizens held on computer systems in the US from being subject to mass surveillance by the US National Security Agency. The data can refer to any transaction — web purchases, cars or clothing — involving an EU citizen whose data is held on US servers. Privacy groups say Privacy Shield — which replaces the Safe Harbor agreement ruled unlawful in October 2015 — does not meet strict EU standard on the use of personal data. Monique Goyens, Director General of the European Consumer Organization (BEUC) told Sputnik: “We consider that the shield is cracked beyond repair and is unlikely to stand scrutiny by the European Court of Justice. A fundamental problem remains that the US side of the shield is made of clay, not iron.”
  • The agreement has been under negotiation for months ever since the because the European Court of Justice ruled in October 2015 that the previous EU-US data agreement — Safe Harbor — was invalid. The issue arises from the strict EU laws — enshrined in the Charter of Fundamental Rights of the European Union — to the privacy of their personal data.
  • The Safe Harbor agreement was a quasi-judicial understanding that the US undertook to agree that it would ensure that EU citizens’ data on US servers would be held and protected under the same restrictions as it would be under EU law and directives. The data covers a huge array of information — from Internet and communications usage, to sales transactions, import and exports.
  • ...1 more annotation...
  • The case arose when Maximillian Schrems, a Facebook user, lodged a complaint with the Irish Data Protection Commissioner, arguing that — in the light of the revelations by ex-CIA contractor Edward Snowden of mass surveillance by the US National Security Agency (NSA) — the transfer of data from Facebook’s Irish subsidiary onto the company’s servers in the US does not provide sufficient protection of his personal data. The court ruled that: “the Safe Harbor Decision denies the national supervisory authorities their powers where a person calls into question whether the decision is compatible with the protection of the privacy and of the fundamental rights and freedoms of individuals.”
  • Paul Merrell on 12 Jul 16
     
    Off we go for another trip to the European Court of Justice.
Paul Merrell

Obama to propose legislation to protect firms that share cyberthreat data - The Washing... - 0 views

www.washingtonpost.com/...4-bcfb-059ec7a93ddc_story.html

surveillance state U.S. digital-privacy legislation

shared by Paul Merrell on 19 Jan 15 - No Cached
  • President Obama plans to announce legislation Tuesday that would shield companies from lawsuits for sharing computer threat data with the government in an effort to prevent cyber­attacks. On the heels of a destructive attack at Sony Pictures Entertainment and major breaches at JPMorgan Chase and retail chains, Obama is intent on capitalizing on the heightened sense of urgency to improve the security of the nation’s networks, officials said. “He’s been doing everything he can within his executive authority to move the ball on this,” said a senior administration official who spoke on the condition of anonymity to discuss legislation that has not yet been released. “We’ve got to get something in place that allows both industry and government to work more closely together.”
  • The legislation is part of a broader package, to be sent to Capitol Hill on Tuesday, that includes measures to help protect consumers and students against ­cyberattacks and to give law enforcement greater authority to combat cybercrime. The provision’s goal is to “enshrine in law liability protection for the private sector for them to share specific information — cyberthreat indicators — with the government,” the official said. Some analysts questioned the need for such legislation, saying there are adequate measures in place to enable sharing between companies and the government and among companies.
  • “We think the current information-sharing regime is adequate,” said Mark Jaycox, legislative analyst at the Electronic Frontier Foundation, a privacy group. “More companies need to use it, but the idea of broad legal immunity isn’t needed right now.” The administration official disagreed. The lack of such immunity is what prevents many companies from greater sharing of data with the government, the official said. “We have heard that time and time again,” the official said. The proposal, which builds on a 2011 administration bill, grants liability protection to companies that provide indicators of cyberattacks and threats to the Department of Homeland Security.
  • ...5 more annotations...
  • But in a provision likely to raise concerns from privacy advocates, the administration wants to require DHS to share that information “in as near real time as possible” with other government agencies that have a cybersecurity mission, the official said. Those include the National Security Agency, the Pentagon’s ­Cyber Command, the FBI and the Secret Service. “DHS needs to take an active lead role in ensuring that unnecessary personal information is not shared with intelligence authorities,” Jaycox said. The debates over government surveillance prompted by disclosures from former NSA contractor Edward Snowden have shown that “the agencies already have a tremendous amount of unnecessary information,” he said.
  • The administration official stressed that the legislation will require companies to remove unnecessary personal information before furnishing it to the government in order to qualify for liability protection. It also will impose limits on the use of the data for cybersecurity crimes and instances in which there is a threat of death or bodily harm, such as kidnapping, the official said. And it will require DHS and the attorney general to develop guidelines for the federal government’s use and retention of the data. It will not authorize a company to take offensive cyber-measures to defend itself, such as “hacking back” into a server or computer outside its own network to track a breach. The bill also will provide liability protection to companies that share data with private-sector-developed organizations set up specifically for that purpose. Called information sharing and analysis organizations, these groups often are set up by particular industries, such as banking, to facilitate the exchange of data and best practices.
  • Efforts to pass information-sharing legislation have stalled in the past five years, blocked primarily by privacy concerns. The package also contains provisions that would allow prosecution for the sale of botnets or access to armies of compromised computers that can be used to spread malware, would criminalize the overseas sale of stolen U.S. credit card and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware used to stalk people or commit identity theft, and would give courts the authority to shut down botnets being used for criminal activity, such as denial-of-service attacks.
  • It would reaffirm that federal racketeering law applies to cybercrimes and amends the Computer Fraud and Abuse Act by ensuring that “insignificant conduct” does not fall within the scope of the statute. A third element of the package is legislation Obama proposed Monday to help protect consumers and students against cyberattacks. The theft of personal financial information “is a direct threat to the economic security of American families, and we’ve got to stop it,” Obama said. The plan, unveiled in a speech at the Federal Trade Commission, would require companies to notify customers within 30 days after the theft of personal information is discovered. Right now, data breaches are handled under a patchwork of state laws that the president said are confusing and costly to enforce. Obama’s plan would streamline those into one clear federal standard and bolster requirements for companies to notify customers. Obama is proposing closing loopholes to make it easier to track down cybercriminals overseas who steal and sell identities. “The more we do to protect consumer information and privacy, the harder it is for hackers to damage our businesses and hurt our economy,” he said.
  • In October, Obama signed an order to protect consumers from identity theft by strengthening security features in credit cards and the terminals that process them. Marc Rotenberg, executive director of the Electronic Privacy Information Center, said there is concern that a federal standard would “preempt stronger state laws” about how and when companies have to notify consumers. The Student Digital Privacy Act would ensure that data entered would be used only for educational purposes. It would prohibit companies from selling student data to third-party companies for purposes other than education. Obama also plans to introduce a Consumer Privacy Bill of Rights. And the White House will host a summit on cybersecurity and consumer protection on Feb. 13 at Stanford University.
Paul Merrell

NSA targets the privacy-conscious (Seite 1)| Das Erste - Panorama - Meldungen - 0 views

daserste.ndr.de/...nsa230_page-1.html

surveillance state NSA XKeyscore Tor Tails

shared by Paul Merrell on 04 Jul 14 - No Cached
  • The investigation discloses the following: Two servers in Germany - in Berlin and Nuremberg - are under surveillance by the NSA. Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.  The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".
  • Three authors of this investigation have personal and professional ties to the Tor Project, an American company mentioned within the following investigation.
  • Teil 1: NSA targets the privacy-conscious Teil 2: The Tor Project - anathema to the NSA Teil 3: Servers in Germany targeted Teil 4: Simple web searches are suspicious Teil 5: NSA: In strict accordance with the rule of law
  • ...3 more annotations...
  • von J. Appelbaum, A. Gibson, J. Goetz, V. Kabisch, L. Kampf, L. Ryge The investigation discloses the following: Two servers in Germany - in Berlin and Nuremberg - are under surveillance by the NSA. Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.  The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".
  • Downloads XKeyscore rules Read/download the XKeyscore rules here  | download
  • Yet despite these efforts, one of the servers is targeted by the NSA. The IP address 212.212.245.170 is explicitly specified in the rules of the powerful and invasive spy software program XKeyscore. The code is published here exclusively for the first time. After a year of NSA revelations based on documents that focus on program names and high-level Powerpoint presentations, NDR and WDR are revealing NSA source code that shows how these programs function and how they are implemented in Germany and around the world. Months of investigation by the German public television broadcasters NDR and WDR, drawing on exclusive access to top secret NSA source code, interviews with former NSA employees, and the review of secret documents of the German government reveal that not only is the server in Nuremberg under observation by the NSA, but so is virtually anyone who has taken an interest in several well-known privacy software systems.
1 - 20 of 479 Next › Last »
Showing 20 items per page