Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged search-&-seizure

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Saudi Arabia threatens to blockade Qatar over terrorism - The Irish Times - Tue, Mar 11... - 0 views

www.irishtimes.com/...qatar-over-terrorism-1.1719434

war & peace Saudis terrorism

shared by Paul Merrell on 12 Mar 14 - No Cached
  • Saudi Arabia has threatened to blockade neighbouring Qatar by air, land and sea unless Doha cuts ties with Egypt’s Muslim Brotherhood, closes global channel al-Jazeera, and expels local branches of the US Brookings Institution and Rand Corporation think tanks. The threat was issued by Riyadh before it withdrew its ambassador to Doha and branded as “terrorist organisations” the brotherhood, Lebanon’s Hizbullah and al-Qaeda-linked Islamic State of Iraq and Syria and Jabhat al-Nusra. Although the kingdom has long been the font of Sunni ultra-orthodox Salafism and jihadism, it now seeks to contain radical movements and media and other organisations giving them publicity.
  • King Abdullah has decreed that any Saudi who fights abroad could be jailed for 20-30 years, and those who join, endorse or provide moral or material support to groups classified as “terrorist” or “extremist” will risk prison sentences of five to 30 years. The decree followed the gazetting of a sweeping new anti- terrorism law prohibiting acts that disturb public order, promote insecurity, undermine national unity or harm the reputation of the kingdom.
  • While the law and decree are meant to curb jihadi operations on Saudi soil as well as counter non-jihadi dissidence, these legal instruments appear to contradict government policy on foreign jihad. While 400 Saudis have returned home from Syrian battlefields, another 1,000-2,000 are believed to be fighting with jihadi groups funded by the government as well as wealthy Saudis, Kuwaitis and Qataris. An informed source speculated the decree sends a message to Saudis: “Don’t come home. Fight unto death or victory.” For half a century Saudi Arabia used its oil wealth to promote Muslim fundamentalists, notably the brotherhood and its offshoots, to counter the secular pan-Arab nationalism preached by Egyptian president Gamal Abdel Nasser and the Syrian and Iraqi Baath parties.
  • ...1 more annotation...
  • Fearing blowback from Saudi jihadis engaged in the Syrian war, Riyadh has recently given the Syrian file to the interior minister Prince Mohamed bin Nayef, who has been in charge of an anti-terrorism campaign in the kingdom and Yemen, replacing intelligence chief Prince Bandar bin Sultan. The Wall Street Journal has quoted a key Saudi source who said the shift suggests that Riyadh could rely more on diplomatic than military means by exerting pressure on Russia, Iran and Hizbullah, Damascus’s chief supporters, to resolve the conflict by removing President Bashar al-Assad. Nevertheless, Riyadh also favours providing shoulder-fired anti-aircraft missiles to “vetted” rebels, well aware these weapons could fall into al-Qaeda hands.
  • Paul Merrell on 12 Mar 14
     
    Time will tell whether the House of Saud is actually getting out of the terrorism business.
Paul Merrell

UK spy base GCHQ tapped Irish internet cables - 0 views

www.irishtimes.com/...rish-internet-cables-1.2019492

surveillance-state GCHQ NSA-targets-Ireland telecom-cables

shared by Paul Merrell on 02 Dec 14 - No Cached
  • New documents released this week via the National Security Agency whistleblower Edward Snowden outline how Irish subsea telecommunications cables have been targeted by British intelligence. The documents detail a whole series of underwater cables – essentially the backbone that connects Ireland to the globe – that are being tapped. A document titled “Partner Cables” list the cables that Britain’s Government Communications Headquarters (GCHQ) has accessed or sought to access. The commercial owners of the cables are identified by codenames.
  • The cables include the Solas undersea cable, which extends from the Wexford coast to southern Wales. The owner of the cable is listed as “GERONTIC”, the password for Cable & Wireless, which is now part of Vodafone. The method of access is described as “DCO” or Direct Cable Ownership.
  • British intelligence also access the Hibernia cable, which connects Ireland to the US and Canada from Dublin to Halifax, Nova Scotia. It loops to the UK via Southport, on the other side of the Irish Sea. It is listed as a cable to which GCHQ does not “currently have good access”. According to the documents, the only providers assisting GCHQ with access to the Hibernia cable are called “VITREOUS” and “LITTLE”. They provide what’s called IRU/LC or “Indefeasible Rights of Use/Lit Capacity” access. An Irish company linked to the VITREOUS codename last night denied involvement.
  • ...2 more annotations...
  • A cable called ESAT 1, which goes from Kilmore Quay in Wexford and lands at Sennen Cove in Cornwall, is on the list, as is ESAT2, another cable that runs from Sandymount in Dublin to Southport, north of Liverpool in the UK. The German newspaper Süddeutsche Zeitung released the documents as part of its report on a new cache of documents from Mr Snowden. It focused on how telecom firm Cable & Wireless, which was acquired by Vodafone in 2012, “played a key role in establishing one of the Government Communications Headquarters’ (GCHQ) most controversial surveillance programmes”.
  • The newspaper said that according to the documents, Cable & Wireless “actively shaped and provided the most data to GCHQ mass surveillance programmes, and received millions of pounds in compensation”.Vodafone says it does not go beyond what is required under the law when responding to demands from any agency for access to customer data. Telecommunications companies can be legally compelled to co-operate with intelligence agencies in providing access to cables and also forbidden to disclose their involvement.
Paul Merrell

DOJ Seeks Removal Of Restrictions On Computer Search Warrants - 0 views

www.mintpressnews.com/...190535

surveillance state digital-privacy remote-computer-search 4th Amendment

shared by Paul Merrell on 13 May 14 - No Cached
  • The Justice Department recently submitted proposed new rules on the procedures and practices of the department’s agencies and bureaus. Among the suggested changes is a modification of the Federal Rules of Criminal Procedure Rule 41(b), which empowers a federal court to issue a warrant allowing the federal government to conduct a search of a computer or computer network involved in a criminal investigation. Under current regulations, a warrant issued by a federal court is only valid in that court’s district. As there are 94 federal judicial districts, investigating a widespread attack may require either petitioning dozens of district courts or acting extrajudicially by not seeking a warrant. An extrajudicial investigation, however, cannot be used if criminal convictions are sought, as evidence gathered in this manner is not typically admissible in court. The Justice Department is seeking to make remote access warrants to search, seize and copy electronic information valid for all federal districts.
  • The Justice Department argues that due to the sophistication of cyber-criminals, an offending computer or computer cluster can sit in a district separate from the district where the hackers that infected the target computer anonymously are and separate from the investigators’ district. “Criminals are using multiple computers in many districts simultaneously as part of complex criminal schemes, and effectively investigating and disrupting these schemes often requires remote access to Internet-connected computers in many different districts,” wrote then-acting Assistant Attorney General Mythili Raman in a September letter to the Advisory Committee on the Criminal Rules. “Botnets are a significant threat to the public: they are used to conduct large-scale denial of service attacks, steal personal and financial data, and distribute malware designed to invade the privacy of users of the host computers,” Raman continued. In the letter, Raman cited an investigation of a child porn site that uses The Onion Router Network, or Tor, to anonymize its traffic. The Justice Department argues that it knows the site’s hosting server location, but without a warrant local to the server, the department is prevented from retrieving the server’s user records — including IP and MAC addresses. In most cases, however, law enforcement do not know the physical location of the site’s server, making it impossible to request a specific warrant.
  • In these cases, the Justice Department could request a blanket warrant. This would allow the department to set up a “zero-day” attack on the server — an attack exploiting a manufacturer-unknown or -permitted security flaw, allowing access to the system’s operating software. However, a Texas judge denied the FBI access to such a warrant, saying the Justice Department’s use of “zero-day” attacks in its investigation exposes the public and the target to unknown risks. One typical type of a “zero-day” attack is an infected email that could affect a large number of innocent people if the target used a public computer to access his email. The FBI planned to install a Remote Administration Tool, or RAT, which would distribute such emails in a partially-targeted spam mail distribution. Last year, Federal Magistrate Judge Stephen Smith of the Houston Division of the Southern District of Texas ruled that this was a gross overreach of investigatory intrusion, blocking the plan temporarily. A “zero-day” attack has the potential to activate and control the targeted computer’s peripherals, such as webcams and microphones.
  • ...2 more annotations...
  • Following this ruling, based on the assumptions that federal law enforcement fundamentally act in good faith and that there may be a legitimate need for remote exploitation of computer data, the Justice Department sought to introduce changes to the rules that would overcome Smith’s objections. The proposed change to Rule 41(b) would allow magistrate judges “… to issue a warrant to use remote access to search electronic storage media and to seize electronically stored information located within or outside that district.” The Justice Department has indicated that it wants warrants permitting multiple computers to be searched at the same time, as well as permission to search all of the email and social media accounts accessible from a single computer. Such access would constitute a violation of the Electronic Communications Privacy Act, as the government, under the act, must make demonstrate probable cause to each targeted service provider and obtain and serve a warrant for each service provider. A warrant to search every account active on a computer would be actively bypassing the act’s numerous safeguards.
  • Privacy advocates fear that this rule change would allow prosecutors and the Justice Department to seek out magistrates likely to give them their requested warrants, creating a situation in which the federal government could have a “warrant shop” with just one judge for the whole of the nation. In light of allegations of federal government over-policing — including revelations of aggressive domestic and international electronic spying by the FBI and the National Security Agency — many advocates argue that an examination of the federal government’s commitment to the Fourth Amendment is needed. “The proposed amendment would significantly expand the government’s authority to conduct remote searches of electronic storage media,” the American Civil Liberties Union wrote in a memorandum early last month. “It would also expand the government’s power to engage in computer hacking in the course of criminal investigations, including through the use of malware and other techniques that pose a risk to internet security and that raise Fourth Amendment and policy concerns. “In light of these concerns, the ACLU recommends that the Advisory Committee exercise extreme caution before granting the government new authority to remotely search individuals’ electronic data.” The rules are scheduled to be discussed at the meeting of the Judiciary’s Committee on Rules of Practice and Procedure later this month.
  • Paul Merrell on 13 May 14
     
    The proposed rule change is at pp. 499-501 here. http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#page499 (very large PDF).  This is not just about the government being granted permission to exploit vulnerabilities unknown to the computer owner; the issue arose in a case where the government sought judicial permission to implant a Trojan Horse in a suspect's computer. Moreover, the proposed rule goes far beyond the confines of that case, purporting to authorize the government to skip merrily along searching computers not specified in the warrant, along the purported botnet. To put the icing on the cake, the government wants to be relieved from the requirement that they apply for a warrant in the district in which the computer to be searched is located. ("Oh, Goody! Let's start shopping around for the judges we like instead of the ones we are now required to persuade. What? The Mississippi judge refused to sign the warrant? Oh well, let's try it with that other judge we like, the one in Gnome, Alaska.") In other words, what the government seeks is authority for "general warrants," the very evil that the 4th Amendment was designed to outlaw. Even more outrageously, the proposed rule provides in part: "For a warrant to use remote access to search electronic storage media and seize or copy electronically stored information, the officer must make reasonable efforts to serve a copy of the warrant on the person whose property *was* searched or whose information *was* seized or copied. Service may be accomplished by any means, including electronic means, reasonably calculated to reach that person." Not the use of the past tense "was." So after they have drained your computer of all its data, they may permissibly install a batch file that will display a copy of the warrant on your monitor the next time you boot your computer. With a big red lipstick imprint of a kiss imprinted in the warrant's bottom margin, no doubt
  • Paul Merrell on 13 May 14
     
    The proposed rule change is at pp. 499-501 here. http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#page499 (very large PDF).  This is not just about the government being granted permission to exploit vulnerabilities unknown to the computer owner; the issue arose in a case where the government sought judicial permission to implant a Trojan Horse in a suspect's computer. Moreover, the proposed rule goes far beyond the confines of that case, purporting to authorize the government to skip merrily along searching computers not specified in the warrant, along the purported botnet. To put the icing on the cake, the government wants to be relieved from the requirement that they apply for a warrant in the district in which the computer to be searched is located. In other words, what the government seeks is authority for "general warrants," the very evil that the 4th Amendment was designed to outlaw. Even more outrageously, the proposed rule provides in part: "For a warrant to use remote access to search electronic storage media and seize or copy electronically stored information, the officer must make reasonable efforts to serve a copy of the warrant on the person whose property *was* searched or whose information *was* seized or copied. Service may be accomplished by any means, including electronic means, reasonably calculated to reach that person." Not the use of the past tense "was." So after they have drained your computer of all its data, they may permissibly install a batch file that will display a copy of the warrant on your monitor the next time you boot your computer. With a big red lipstick imprint of a kiss imprinted at the bottom.  To be continued after this is intially posted to Diigo so the content isn't cut off.   
Paul Merrell

News - Antitrust - Competition - European Commission - 0 views

ec.europa.eu/...news.html

antitrust Google European Commission DG Competition Android comarison-shopping-search

shared by Paul Merrell on 17 Apr 15 - No Cached
  • Google inquiries Commission accuses Google of systematically favouring own shopping comparison service Infographic: Google might be favouring 'Google Shopping' when displaying general search results
  • Antitrust: Commission sends Statement of Objections to Google on comparison shopping service; opens separate formal investigation on AndroidWed, 15 Apr 2015 10:00:00 GMTAntitrust: Commission opens formal investigation against Google in relation to Android mobile operating systemWed, 15 Apr 2015 10:00:00 GMTAntitrust: Commission sends Statement of Objections to Google on comparison shopping serviceWed, 15 Apr 2015 10:00:00 GMTStatement by Commissioner Vestager on antitrust decisions concerning GoogleWed, 15 Apr 2015 11:39:00 GMT
  • Paul Merrell on 17 Apr 15
     
    The more interesting issue to me is the accusation that Google violates antitrust law by boosting its comparison shopping search results in its search results, unfairly disadvantaging competing shopping services and not delivering best results to users. What's interesting to me is that the Commission is attempting to portray general search as a separate market from comparison shopping search, accusing Google of attempting to leverage its general search monopoly into the separate comoparison shopping search market. At first blush, Iim not convinced that these are or should be regarded as separable markets. But the ramifications are enormous. If that is a separate market, then arguably so is Google's book search, its Google Scholar search, its definition search, its site search, etc. It isn't clear to me how one might draw a defensible line taht does not also sweep in every new search feature  as a separate market.   
Paul Merrell

Obama administration had restrictions on NSA reversed in 2011 - The Washington Post - 0 views

www.washingtonpost.com/...3-85b6-d27422650fd5_story.html

surveillance state NSA NSA-targets Americans email-content phone-content lies

shared by Paul Merrell on 24 Dec 13 - No Cached
  • The Obama administration secretly won permission from a surveillance court in 2011 to reverse restrictions on the National Security Agency’s use of intercepted phone calls and e-mails, permitting the agency to search deliberately for Americans’ communications in its massive databases, according to interviews with government officials and recently declassified material. In addition, the court extended the length of time that the NSA is allowed to retain intercepted U.S. communications from five years to six years — and more under special circumstances, according to the documents, which include a recently released 2011 opinion by U.S. District Judge John D. Bates, then chief judge of the Foreign Intelligence Surveillance Court.
  • What had not been previously acknowledged is that the court in 2008 imposed an explicit ban — at the government’s request — on those kinds of searches, that officials in 2011 got the court to lift the bar and that the search authority has been used. Together the permission to search and to keep data longer expanded the NSA’s authority in significant ways without public debate or any specific authority from Congress. The administration’s assurances rely on legalistic definitions of the term “target” that can be at odds with ordinary English usage. The enlarged authority is part of a fundamental shift in the government’s approach to surveillance: collecting first, and protecting Americans’ privacy later.
  • “The government says, ‘We’re not targeting U.S. persons,’ ” said Gregory T. Nojeim, senior counsel at the Center for Democracy and Technology. “But then they never say, ‘We turn around and deliberately search for Americans’ records in what we took from the wire.’ That, to me, is not so different from targeting Americans at the outset.”
  • ...7 more annotations...
  • The court decision allowed the NSA “to query the vast majority” of its e-mail and phone call databases using the e-mail addresses and phone numbers of Americans and legal residents without a warrant, according to Bates’s opinion. The queries must be “reasonably likely to yield foreign intelligence information.” And the results are subject to the NSA’s privacy rules.
  • But in 2011, to more rapidly and effectively identify relevant foreign intelligence communications, “we did ask the court” to lift the ban, ODNI general counsel Robert S. Litt said in an interview. “We wanted to be able to do it,” he said, referring to the searching of Americans’ communications without a warrant.
  • But — and this was the nub of the criticism — a warrant for each target would no longer be required. That means that communications with Americans could be picked up without a court first determining that there is probable cause that the people they were talking to were terrorists, spies or “foreign powers.”That is why it is important to require a warrant before searching for Americans’ data, Udall said. “Our founders laid out a roadmap where Americans’ privacy rights are protected before their communications are seized or searched — not after the fact,” he said in a statement to The Post.
  • The [surveillance] Court documents declassified recently show that in late 2011 the court authorized the NSA to conduct warrantless searches of individual Americans’ communications using an authority intended to target only foreigners,” Wyden said in a statement to The Washington Post. “Our intelligence agencies need the authority to target the communications of foreigners, but for government agencies to deliberately read the e-mails or listen to the phone calls of individual Americans, the Constitution requires a warrant.”
  • Senior administration officials disagree. “If we’re validly targeting foreigners and we happen to collect communications of Americans, we don’t have to close our eyes to that,” Litt said. “I’m not aware of other situations where once we have lawfully collected information, we have to go back and get a warrant to look at the information we’ve already collected.” The searches take place under a surveillance program Congress authorized in 2008 under Section 702 of the Foreign Intelligence Surveillance Act. Under that law, the target must be a foreigner “reasonably believed” to be outside the United States, and the court must approve the targeting procedures in an order good for one year.
  • The court’s expansion of authority went largely unnoticed when the opinion was released, but it formed the basis for cryptic warnings last year by a pair of Democratic senators, Ron Wyden (Ore.) and Mark Udall (Colo.), that the administration had a “back-door search loophole” that enabled the NSA to scour intercepted communications for those of Americans. They introduced legislation to require a warrant, but they were barred by classification rules from disclosing the court’s authorization or whether the NSA was already conducting such searches.
  • The NSA intercepts more than 250 million Internet communications each year under Section 702. Ninety-one percent are from U.S. Internet companies such as Google and Yahoo. The rest come from “upstream” companies that route Internet traffic to, from and within the United States. The expanded search authority applies only to the downstream collection.
  • Paul Merrell on 24 Dec 13
     
    An important article I missed, from last September. Searching the content of American citizens' calls and emails without a search warrant. Straight-up violation of the Fourth and Fifth amendments (warrantless search and deprivation of due process).  And directly contrary to what Obama, Clapper, and Alexander told the public over and over again.
Paul Merrell

NSA performed warrantless searches on Americans' calls and emails - Clapper |... - 0 views

www.theguardian.com/...llance-loophole-americans-data

surveillance state NSA FISA-Court FISA-loophole lies Obama

shared by Paul Merrell on 02 Apr 14 - No Cached
  • US intelligence chiefs have confirmed that the National Security Agency has used a "back door" in surveillance law to perform warrantless searches on Americans’ communications.The NSA's collection programs are ostensibly targeted at foreigners, but in August the Guardian revealed a secret rule change allowing NSA analysts to search for Americans' details within the databases.Now, in a letter to Senator Ron Wyden, an Oregon Democrat on the intelligence committee, the director of national intelligence, James Clapper, has confirmed the use of this legal authority to search for data related to “US persons”.
  • “There have been queries, using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States,” Clapper wrote in the letter, which has been obtained by the Guardian.“These queries were performed pursuant to minimization procedures approved by the Fisa court and consistent with the statute and the fourth amendment.” The legal authority to perform the searches, revealed in top-secret NSA documents provided to the Guardian by Edward Snowden, was denounced by Wyden as a “backdoor search loophole.”Many of the NSA's most controversial programs collect information under the law affected by the so-called loophole. These include Prism, which allows the agency to collect data from Google, Apple, Facebook, Yahoo and other tech companies, and the agency's Upstream program – a huge network of internet cable taps.
  • Clapper did not say how many warrantless searches had been performed by the NSA. It was not the first time the searches had been confirmed: after the Snowden leaks, the office of the director of national intelligence declassified documents that discussed the rule change. But Clapper's letter drew greater attention to the issue.Confirmation that the NSA has searched for Americans’ communications in its phone call and email databases complicates President Barack Obama’s initial defenses of the broad surveillance in June.“When it comes to telephone calls, nobody is listening to your telephone calls. That’s not what this program’s about,” Obama said. “As was indicated, what the intelligence community is doing is looking at phone numbers and durations of calls. They are not looking at people’s names, and they’re not looking at content.”Obama was referring specifically to the bulk collection of US phone records, but his answer misleadingly suggested that the NSA could not examine Americans’ phone calls and emails.
  • ...4 more annotations...
  • At a recent hearing of the Privacy and Civil Liberties Oversight Board, administration lawyers defended their latitude to perform such searches. The board is scheduled to deliver a report on the legal authority under which the communications are collected, Section 702 of the Foreign Intelligence Surveillance Act (Fisa), passed in 2008. Wyden and Colorado Democrat Mark Udall failed in 2012 to persuade their fellow Senate intelligence committee members to prevent such warrantless searches during the re-authorisation of the 2008 Fisa Amendments Act, which wrote Section 702 into law. Dianne Feinstein, the California Democrat who chairs the committee, defended the practice, and argued that it did not violate the act’s “reverse targeting” prohibition on using NSA’s vast powers to collect content on Americans.
  • Much of the NSA's bulk data collection is covered by section 702 of the Fisa Amendments Act. This allows for the collection of communications – content and metadata alike – without individual warrants, so long as there is a reasonable belief the communications are both foreign and overseas.The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as "incidental collection".Initially, NSA rules on such data prevented the databases being searched for any details relating to "US persons" – that is, citizens or residents of the US. However, in October 2011 the Fisa court approved new procedures which allowed the agency to search for US person data, a revelation contained in documents revealed by Snowden.
  • The ruling appears to give the agency free access to search for information relating to US people within its vast databases, though not to specifically collect information against US citizens in the first place. However, until the DNI's disclosure to Wyden, it was not clear whether the NSA had ever actually used these powers.On Tuesday, Wyden and Udall said the NSA’s warrantless searches of Americans’ emails and phone calls “should be concerning to all.” “This is unacceptable. It raises serious constitutional questions, and poses a real threat to the privacy rights of law-abiding Americans. If a government agency thinks that a particular American is engaged in terrorism or espionage, the fourth amendment requires that the government secure a warrant or emergency authorisation before monitoring his or her communications. This fact should be beyond dispute,” the two senators said in a joint statement.
  • They continued: “Today’s admission by the Director of National Intelligence is further proof that meaningful surveillance reform must include closing the back-door searches loophole and requiring the intelligence community to show probable cause before deliberately searching through data collected under section 702 to find the communications of individual Americans."
Gary Edwards

XKeyscore: NSA tool collects 'nearly everything a user does on the internet' | World ne... - 1 views

www.theguardian.com/...top-secret-program-online-data

Edward-Snowden Glenn-Greenwald NSA NSA-Patriot-Act-NDAA NSA-Whistleblower

shared by Gary Edwards on 01 Aug 13 - No Cached
  • The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight.
  • The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10
  • "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email".
  • ...23 more annotations...
  • US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do."
  • But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed.
  • XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata.
  • Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity.
  • Under US law, the NSA is required to obtain an individualized Fisa warrant only if the target of their surveillance is a 'US person', though no such warrant is required for intercepting the communications of Americans with foreign targets.
  • But XKeyscore provides the technological capability, if not the legal authority, to target even US persons for extensive electronic surveillance without a warrant provided that some identifying information, such as their email or IP address, is known to the analyst.
  • One training slide illustrates the digital activity constantly being collected by XKeyscore and the analyst's ability to query the databases at any time.
  • The purpose of XKeyscore is to allow analysts to search the metadata as well as the content of emails and other internet activity, such as browser history, even when there is no known email account (a "selector" in NSA parlance) associated with the individual being targeted.
  • Analysts can also search by name, telephone number, IP address, keywords, the language in which the internet activity was conducted or the type of browser used.
  • One document notes that this is because "strong selection [search by email address] itself gives us only a very limited capability" because "a large amount of time spent on the web is performing actions that are anonymous."
  • Email monitoring
  • One top-secret document describes how the program "searches within bodies of emails, webpages and documents", including the "To, From, CC, BCC lines" and the 'Contact Us' pages on websites".
  • To search for emails, an analyst using XKS enters the individual's email address into a simple online search form, along with the "justification" for the search and the time period for which the emails are sought.
  • One document, a top secret 2010 guide describing the training received by NSA analysts for general surveillance under the Fisa Amendments Act of 2008, explains that analysts can begin surveillance on anyone by clicking a few simple pull-down menus designed to provide both legal and targeting justifications.
  • Once options on the pull-down menus are selected, their target is marked for electronic surveillance and the analyst is able to review the content of their communications:
  • Chats, browsing history and other internet activity
  • Beyond emails, the XKeyscore system allows analysts to monitor a virtually unlimited array of other internet activities, including those within social media.
  • An NSA tool called DNI Presenter, used to read the content of stored emails, also enables an analyst using XKeyscore to read the content of Facebook chats or private messages.
  • The XKeyscore program also allows an analyst to learn the IP addresses of every person who visits any website the analyst specifies.
  • The quantity of communications accessible through programs such as XKeyscore is staggeringly large. One NSA report from 2007 estimated that there were 850bn "call events" collected and stored in the NSA databases, and close to 150bn internet records. Each day, the document says, 1-2bn records were added.
  • William Binney, a former NSA mathematician, said last year that the agency had "assembled on the order of 20tn transactions about US citizens with other US citizens", an estimate, he said, that "only was involving phone calls and emails". A 2010 Washington Post article reported that "every day, collection systems at the [NSA] intercept and store 1.7bn emails, phone calls and other type of communications."
  • The ACLU's deputy legal director, Jameel Jaffer, told the Guardian last month that national security officials expressly said that a primary purpose of the new law was to enable them to collect large amounts of Americans' communications without individualized warrants.
  • "The government doesn't need to 'target' Americans in order to collect huge volumes of their communications," said Jaffer. "The government inevitably sweeps up the communications of many Americans" when targeting foreign nationals for surveillance.
  • Gary Edwards on 01 Aug 13
     
    "One presentation claims the XKeyscore program covers 'nearly everything a typical user does on the internet' ................................................................. A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden. The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet. The latest revelations will add to the intense public and congressional debate around the extent of NSA surveillance programs. They come as senior intelligence officials testify to the Senate judiciary committee on Wednesday, releasing classified documents in response to the Guardian's earlier stories on bulk collection of phone records and Fisa surveillance court oversight. The files shed light on one of Snowden's most controversial statements, made in his first video interview published by the Guardian on June 10. "I, sitting at my desk," said Snowden, could "wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email". US officials vehemently denied this specific claim. Mike Rogers, the Republican chairman of the House intelligence committee, said of Snowden's assertion: "He's lying. It's impossible for him to do what he was saying he could do." But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks - what the agency calls Digital Network Intelligence (DNI). One
  • Paul Merrell on 02 Aug 13
     
    "But training materials for XKeyscore detail how analysts can use it and other systems to mine enormous agency databases by filling in a simple on-screen form giving only a broad justification for the search. The request is not reviewed by a court or any NSA personnel before it is processed. " Note in that regard that Snowden said in an earlier interview that use of this system rarely was audited and that when audited, the most common request if changes were requested was to beef up the justification for the search. The XScore system puts the lie to just about everything the Administration has claimed about intense oversight by all three branches of federal government and about not reading emails or listening to (Skype) phone calls. The lies keep stacking up in an ever-deepening pile.
Paul Merrell

Officials: NSA programs broke plots in 20 nations - Times Union - 0 views

www.timesunion.com/...lots-in-20-nations-4602987.php

surveillance state NSA propaganda

shared by Paul Merrell on 16 Jun 13 - No Cached
  • Top U.S. intelligence officials said Saturday that information gleaned from two controversial data-collection programs run by the National Security Agency thwarted potential terrorist plots in the U.S. and more than 20 other countries — and that gathered data is destroyed every five years.Last year, fewer than 300 phone numbers were checked against the database of millions of U.S. phone records gathered daily by the NSA in one of the programs, the intelligence officials said in arguing that the programs are far less sweeping than their detractors allege.
  • No other new details about the plots or the countries involved were part of the newly declassified information released to Congress on Saturday and made public by the Senate Intelligence Committee. Intelligence officials said they are working to declassify the dozens of plots NSA chief Gen. Keith Alexander said were disrupted, to show Americans the value of the programs, but that they want to make sure they don't inadvertently reveal parts of the U.S. counterterrorism playbook in the process.
  • The officials offered more detail on how the phone records program helped the NSA stop a 2009 al-Qaida plot to blow up New York City subways. They say the program helped them track a co-conspirator of al-Qaida operative Najibullah Zazi — though it's not clear why the FBI needed the NSA to investigate Zazi's phone records because the FBI would have had the authority to gather records of Zazi's phone calls after identifying him as a suspect, rather than relying on the sweeping collection program.
  • Paul Merrell on 16 Jun 13
     
    Fewer than 300 phone numbers checked in 2012 *in one of the programs?*  How many in your other programs, please? Oops! Please don't answer yet; the polygraph isn't properly fastened. Perhaps time to remember that the Director of the NSA has already been caught lying to Congress. Let's also remember that nearly every FBI bust for terrorism has been a case where the FBI had to entice someone with no known "terrorist" organization connections into committing the crime.  Are these the dozens of plots referred to? If not, why no busts of real "terrorists?" This bit of propaganda doesn't pass the smell test. C'mon AP; you can do better than this. 
Paul Merrell

DARPA seeks the Holy Grail of search engines - 0 views

www.networkworld.com/...eeks-holy-grail-search-engines

surveillance state DARPA internet search_

shared by Paul Merrell on 10 Feb 14 - No Cached
  • The scientists at DARPA say the current methods of searching the Internet for all manner of information just won't cut it in the future. Today the agency announced a program that would aim to totally revamp Internet search and "revolutionize the discovery, organization and presentation of search results." Specifically, the goal of DARPA's Memex program is to develop software that will enable domain-specific indexing of public web content and domain-specific search capabilities. According to the agency the technologies developed in the program will also provide the mechanisms for content discovery, information extraction, information retrieval, user collaboration, and other areas needed to address distributed aggregation, analysis, and presentation of web content.
  • Memex also aims to produce search results that are more immediately useful to specific domains and tasks, and to improve the ability of military, government and commercial enterprises to find and organize mission-critical publically available information on the Internet. "The current one-size-fits-all approach to indexing and search of web content limits use to the business case of web-scale commercial providers," the agency stated. 
  • The Memex program will address the need to move beyond a largely manual process of searching for exact text in a centralized index, including overcoming shortcomings such as: Limited scope and richness of indexed content, which may not include relevant components of the deep web such as temporary pages, pages behind forms, etc.; an impoverished index, which may not include shared content across pages, normalized content, automatic annotations, content aggregation, analysis, etc. Basic search interfaces, where every session is independent, there is no collaboration or history beyond the search term, and nearly exact text input is required; standard practice for interacting with the majority of web content, which remains one-at-a-time manual queries that return federated lists of results. Memex would ultimately apply to any public domain content; initially, DARPA  said it intends to develop Memex to address a key Defense Department mission: fighting human trafficking. Human trafficking is a factor in many types of military, law enforcement and intelligence investigations and has a significant web presence to attract customers. The use of forums, chats, advertisements, job postings, hidden services, etc., continues to enable a growing industry of modern slavery. An index curated for the counter-trafficking domain, along with configurable interfaces for search and analysis, would enable new opportunities to uncover and defeat trafficking enterprises.
  • ...1 more annotation...
  • DARPA said the Memex program gets its name and inspiration from a hypothetical device described in "As We May Think," a 1945 article for The Atlantic Monthly written by Vannevar Bush, director of the U.S. Office of Scientific Research and Development (OSRD) during World War II. Envisioned as an analog computer to supplement human memory, the memex (a combination of "memory" and "index") would store and automatically cross-reference all of the user's books, records and other information. This cross-referencing, which Bush called associative indexing, would enable users to quickly and flexibly search huge amounts of information and more efficiently gain insights from it. The memex presaged and encouraged scientists and engineers to create hypertext, the Internet, personal computers, online encyclopedias and other major IT advances of the last seven decades, DARPA stated.
  • Paul Merrell on 10 Feb 14
     
    DoD announces that they want to go beyond Google. Lots more detail in the proposal description linked from the article. Interesting tidbits: [i] the dark web is a specific target; [ii] they want the ability to crawl web pages blocked by robots.txt; [iii] they want to be able to search page source code and comments. 
Paul Merrell

FBI, CIA Use Backdoor Searches To Warrentlessly Spy On Americans' Communications | Tech... - 0 views

www.techdirt.com/...ications-without-warrant.shtml

surveillance state NSA CIA FBI Wyden NSA-backdoors PCLOB

shared by Paul Merrell on 01 Jul 14 - No Cached
  • The other shoe just dropped when it comes to how the federal government illegally spies on Americans. Last summer, the details of the NSA's "backdoor searches" were revealed. This involved big collections of content and metadata (so, no, not "just metadata" as meaningless as that phrase is) that were collected under Section 702 of the FISA Amendments Act (FAA). This is part of the program that the infamous PRISM effort operates under, and which allows the NSA to collect all sorts of content, including communications to, from or about a "target" -- where a "target" can be incredibly loosely defined (i.e., it can include groups or machines or just about anything). The "backdoor searches" were a special loophole added in 2011 allowing the NSA to make use of "US person names and identifiers as query terms." In the past, it had been limited (as per the NSA's mandate) to only non-US persons.
  • This morning, James Clapper finally responded to a request from Senator Ron Wyden concerning the number of such backdoor searches using US identifiers that were done by various government agencies. And, surprisingly, it's redaction free. The big reveal is... that it's not just the NSA doing these searches, but the CIA and FBI as well. This is especially concerning with regards to the FBI. This means that the FBI, who does surveillance on Americans, is spying on Americans communications that were collected by the NSA and that they're doing so without anything resembling a warrant. Oh, and let's make this even worse: the FBI isn't even tracking how often it does this. It's just doing it willy nilly:
  • Got that? Basically, the FBI often asks the NSA for a big chunk of data that the NSA probably shouldn't have in the first place -- including tons of Americans' communications, and the FBI gets to dump it into the same database that it is free to query. And the FBI tracks none of this, other than to say that it believes that there are a "substantial" number of such queries. This would seem to be a pretty blatant attempt to end run around the 4th Amendment, giving the FBI broad access to searching through the communications of Americans with what appears to be almost no oversight. Yikes! Oh, and it's not just the NSA, but the CIA as well. Remember, the CIA is not supposed to be doing any surveillance on US persons (like the NSA), but that's not what's happening at all. At least the CIA tracks some (but not all) of its abuse of backdoor searches:
  • ...5 more annotations...
  • The FBI does not track how many queries it conducts using U.S. person identifiers. The FBI is responsible for identifying and countering threats to the homeland, such as terrorism pilots and espionage, inside the U.S. Unlike other IC agencies, because of its domestic mission, the FBI routinely deals with information about US persons and is expected to look for domestic connections to threats emanating from abroad, including threats involving Section 702 non-US. person targets. To fulfill its mission and avoid missing connections within the information lawfully in its possession, the FBI does not distinguish between U.S. and non- U.S. persons for purposes of querying Section 702 collection. It should be noted that the FBI does not receive all of Section 702 collection; rather, the FBI only requests and receives a small percentage of total Section 702 collection and only for those selectors in which the FBI has an investigative interest. Moreover, because the FBI stores Section 702 collection in the same database as its "traditional" FISA collection, a query of "traditional" FISA collection will also query Section 702 collection. In addition, the FBI routinely conducts queries across its databases in an effort to locate relevant information that is already in its possession when it opens new national security investigations and assessments. Therefore, the FBI believes the number of queries is substantial. However, only FBI personnel trained in the Section 702 minimization procedures are able to View any Section 702 collection that is responsive to any query.
  • In calendar year 2013, CIA conducted fewer than 1900 queries of Section 702-acquired communications using specific U.S. person identifiers as query terms or other more general query terms if they are intended to return information about a particular U.S. person. Of that total number approximately 40% were conducted as a result of requests for counterterrorism-related information from other U.S. intelligence agencies. Approximately 27% of the total number are duplicative or recurring queries conducted at different times using the same identifiers but that CIA nonetheless counts as separate queries. CIA also uses U.S. person identifiers to conduct metadata-only queries against metadata derived from the FISA Section 702 collection. However, the CIA does not track the number of metadata-only queries using U.S. person identifiers.
  • So, the CIA is doing these kinds of warrantless fishing expeditions into the communications of Americans as well, but at least the CIA tracks how often it's doing so. Of course, when it comes to metadata searches, the CIA doesn't bother. It's also a bit bizarre that the CIA is apparently carrying out a bunch of those searches for "other U.S. intelligence agencies," when the CIA should be especially limited in its ability to do these searches in the first place. Senator Wyden has responded to these revelations by pointing out how "flawed" the oversight system is that these have been allowed:
  • When the FBI says it conducts a substantial number of searches and it has no idea of what the number is, it shows how flawed this system is and the consequences of inadequate oversight. This huge gap in oversight is a problem now, and will only grow as global communications systems become more interconnected. The findings transmitted to me raise questions about whether the FBI is exercising any internal controls over the use of backdoor searches including who and how many government employees can access the personal data of individual Americans. I intend to follow this up until it is fixed.
  • Hopefully, now you are starting to recognize what a big deal it was last week when the House of Representatives recently voted to defund the ability to do these kinds of backdoor searches. Still, much more needs to be done. Oh, and in case you're wondering why Clapper finally 'fessed up to the FBI and CIA making use of these data to warrantlessly spy on Americans, it's worth noting that the Privacy and Civil Liberties Oversight Board (PCLOB) is expected to come out with its report on the Section 702 surveillance program on July 2nd (7/02, get it?). It seems likely that the report will discuss these backdoor searches on Americans and how other agencies besides the NSA has been involved in the practice.
  • Paul Merrell on 01 Jul 14
     
    Note to self: Look for the new PCLOB report in the morning. 
Paul Merrell

US looks at ways to prevent spying on its spying - 0 views

bigstory.ap.org/...king-prevent-spying-its-spying

surveillance state NSA call-metadata dispersed-call-metadata research

shared by Paul Merrell on 29 Jan 14 - No Cached
  • (AP) — The U.S. government is looking at ways to prevent anyone from spying on its own surveillance of Americans' phone records. As the Obama administration considers shifting the collection of those records from the National Security Agency to requiring that they be stored at phone companies or elsewhere, it's quietly funding research to prevent phone company employees or eavesdroppers from seeing whom the U.S. is spying on, The Associated Press has learned. The Office of the Director of National Intelligence has paid at least five research teams across the country to develop a system for high-volume, encrypted searches of electronic records kept outside the government's possession. The project is among several ideas that would allow the government to discontinue storing Americans' phone records, but still search them as needed.
  • Under the research, U.S. data mining would be shielded by secret coding that could conceal identifying details from outsiders and even the owners of the targeted databases, according to public documents obtained by The Associated Press and AP interviews with researchers, corporate executives and government officials.
  • Internal documents describing the Security and Privacy Assurance Research project do not cite the NSA or its phone surveillance program. But if the project were to prove successful, its encrypted search technology could pave the way for the government to shift storage of the records from NSA computers to either phone companies or a third-party organization. A DNI spokesman, Michael Birmingham, confirmed that the research was relevant to the NSA's phone records program. He cited "interest throughout the intelligence community" but cautioned that it may be some time before the technology is used. The intelligence director's office is by law exempt from disclosing detailed budget figures, so it's unclear how much money the government has spent on the SPAR project, which is overseen by the DNI's Intelligence Advanced Research Projects Activity office. Birmingham said the research is aimed for use in a "situation where a large sensitive data set is held by one party which another seeks to query, preserving privacy and enforcing access policies."
  • ...3 more annotations...
  • A Columbia University computer sciences expert who heads one of the DNI-funded teams, Steven M. Bellovin, estimates the government could start conducting encrypted searches within the next year or two. "If the NSA wanted to deploy something like this it would take one to two years to get the hardware and software in place to start collecting data this way either from phone companies or whatever other entity they decide on," said Bellovin, who is also a former chief technologist for the Federal Trade Commission.
  • An encrypted search system would permit the NSA to shift storage of phone records to either phone providers or a third party, and conduct secure searches remotely through their databases. The coding could shield both the extracted metadata and identities of those conducting the searches, Bellovin said. The government could use encrypted searches to ensure its analysts were not leaking information or abusing anyone's privacy during their data searches. And the technique could also be used by the NSA to securely search out and retrieve Internet metadata, such as emails and other electronic records. Some computer science experts are less sanguine about the prospects for encrypted search techniques. Searches could bog down because of the encryption computations needed, said Daniel Weitzner, principal research scientist at MIT's Computer Science and Artificial Intelligence Laboratory and former deputy U.S. chief technology officer for the Obama administration. "There's no silver bullet that guarantees the intelligence community will only have access to the records they're supposed to have access to," Weitzner said. "We also need oversight of the actual use of the data."
  • The encrypted search techniques could make it more difficult for hackers to access the phone records and could prevent phone companies from knowing which records the government was searching. "It would remove one of the big objections to having the phone companies hold the data," Bellovin said. Similar research is underway by researchers at University of California at Irvine; a group from the University of Wisconsin-Madison and the University of Texas at Austin; another group from MIT, Yale and Rensselaer Polytechnic Institute; and a fourth from Stealth Software Technologies, a Los Angeles-based technology company.
Paul Merrell

Feinstein promotes bill to strengthen NSA's hand on warrantless searches | World news |... - 0 views

www.theguardian.com/...rantless-searches-surveillance

surveillance state legislation Feinstein NSA law enforcement

shared by Paul Merrell on 17 Nov 13 - No Cached
  • A Senate bill promoted as a surveillance reform would codify the ability of the National Security Agency to search its troves of foreign phone and email communications for Americans’ information, and permit law enforcement agencies to search the vast databases as well. The Fisa Improvements Act, promoted by Dianne Feinstein, the California Democrat who chairs the Senate intelligence committee, would both make permanent a loophole permitting the NSA to search for Americans’ identifying information without a warrant – and, civil libertarians fear, contains an ambiguity that might allow the FBI, the DEA and other law enforcement agencies to do the same thing. “For the first time, the statute would explicitly allow the government to proactively search through the NSA data troves of information without a warrant,” said Michelle Richardson, the surveillance lobbyist for the ACLU.
  • “It may also expand current practices by allowing law enforcement to directly access US person information that was nominally collected for foreign intelligence purposes. This fourth amendment back door needs to be closed, not written into stone.” Feinstein’s bill passed the committee on an 11 to 4 vote on 31 October. An expanded report on its provisions released by the committee this week added details about the ability of both intelligence and law enforcement to sift through foreign communications databases that it accumulates under section 702 of the Fisa Amendments Act of 2008. Section 6 of Feinstein’s bill blesses what her committee colleague Ron Wyden, the Oregon Democrat and civil libertarian, has called the “backdoor search provision,” which the Guardian revealed thanks to a leak by Edward Snowden.  The section permits intelligence agencies to search “the contents of communications” collected primarily overseas for identifying information on US citizens, resident aliens and people inside the US, provided that the “purpose of the query is to obtain foreign intelligence information or information necessary to understand foreign intelligence information or to assess its importance.”
  • Section 6 bills itself as a “restriction,” but it would not stop the NSA from performing the warrantless search, merely requiring intelligence agencies to log their queries and make them “available for review” to Congress, the Fisa court, the Justice Department and inspectors general inside the executive branch. Additionally, the report on Section 6 explicitly states that the provision “does not limit the authority of law enforcement agencies to conduct queries of data acquired pursuant to Section 702 of Fisa for law enforcement purposes.” There is ambiguity surrounding whether the FBI can currently search through the NSA’s foreign communications databases, or is reliant on the NSA to pass on information from the databases relevant to the bureau. A declassified Fisa court document from 2011 refers to “FBI minimization procedures,” but it is unclear what those procedures are. A copy of the FBI minimization procedures from 2009, acquired by the ACLU under the Freedom of Information Act is almost completely redacted. So is the section in the government’s most recent report on its Section 702 collection dealing with the FBI’s role, though it contains references to how the FBI “receive[s] … unminimized Section 70 acquired communications” from the NSA. 
  • ...1 more annotation...
  • Feinstein’s bill “seems to imply there is currently some authority for law enforcement to query the database, which [intelligence community] officials have not mentioned in any of their remarks on Section 702,” said Alan Butler, an attorney with the Electronic Privacy Information Center. The provision is also unclear about whether law enforcement agencies can search through the foreign communications databases for information on US persons. Feinstein’s office did not respond to a request for clarification by deadline. The ambiguity concerns civil libertarians, as it opens a door for law enforcement agencies to sidestep warrant requirements. “If Senator Feinstein or other congressional supporters of this bill believe that it would in fact expand law enforcement access to the database, that would be an unjustified expansion of surveillance over Americans,” Butler said.
Paul Merrell

From Radio to Porn, British Spies Track Web Users' Online Identities - 0 views

theintercept.com/...ck-web-users-online-identities

surveillance state GCHQ Black-Hole

shared by Paul Merrell on 27 Sep 15 - No Cached
  • HERE WAS A SIMPLE AIM at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.
  • Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities.
  • The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant
  • ...17 more annotations...
  • A huge volume of the Internet data GCHQ collects flows directly into a massive repository named Black Hole, which is at the core of the agency’s online spying operations, storing raw logs of intercepted material before it has been subject to analysis. Black Hole contains data collected by GCHQ as part of bulk “unselected” surveillance, meaning it is not focused on particular “selected” targets and instead includes troves of data indiscriminately swept up about ordinary people’s online activities. Between August 2007 and March 2009, GCHQ documents say that Black Hole was used to store more than 1.1 trillion “events” — a term the agency uses to refer to metadata records — with about 10 billion new entries added every day. As of March 2009, the largest slice of data Black Hole held — 41 percent — was about people’s Internet browsing histories. The rest included a combination of email and instant messenger records, details about search engine queries, information about social media activity, logs related to hacking operations, and data on people’s use of tools to browse the Internet anonymously.
  • Throughout this period, as smartphone sales started to boom, the frequency of people’s Internet use was steadily increasing. In tandem, British spies were working frantically to bolster their spying capabilities, with plans afoot to expand the size of Black Hole and other repositories to handle an avalanche of new data. By 2010, according to the documents, GCHQ was logging 30 billion metadata records per day. By 2012, collection had increased to 50 billion per day, and work was underway to double capacity to 100 billion. The agency was developing “unprecedented” techniques to perform what it called “population-scale” data mining, monitoring all communications across entire countries in an effort to detect patterns or behaviors deemed suspicious. It was creating what it said would be, by 2013, “the world’s biggest” surveillance engine “to run cyber operations and to access better, more valued data for customers to make a real world difference.”
  • A document from the GCHQ target analysis center (GTAC) shows the Black Hole repository’s structure.
  • The data is searched by GCHQ analysts in a hunt for behavior online that could be connected to terrorism or other criminal activity. But it has also served a broader and more controversial purpose — helping the agency hack into European companies’ computer networks. In the lead up to its secret mission targeting Netherlands-based Gemalto, the largest SIM card manufacturer in the world, GCHQ used MUTANT BROTH in an effort to identify the company’s employees so it could hack into their computers. The system helped the agency analyze intercepted Facebook cookies it believed were associated with Gemalto staff located at offices in France and Poland. GCHQ later successfully infiltrated Gemalto’s internal networks, stealing encryption keys produced by the company that protect the privacy of cell phone communications.
  • Similarly, MUTANT BROTH proved integral to GCHQ’s hack of Belgian telecommunications provider Belgacom. The agency entered IP addresses associated with Belgacom into MUTANT BROTH to uncover information about the company’s employees. Cookies associated with the IPs revealed the Google, Yahoo, and LinkedIn accounts of three Belgacom engineers, whose computers were then targeted by the agency and infected with malware. The hacking operation resulted in GCHQ gaining deep access into the most sensitive parts of Belgacom’s internal systems, granting British spies the ability to intercept communications passing through the company’s networks.
  • In March, a U.K. parliamentary committee published the findings of an 18-month review of GCHQ’s operations and called for an overhaul of the laws that regulate the spying. The committee raised concerns about the agency gathering what it described as “bulk personal datasets” being held about “a wide range of people.” However, it censored the section of the report describing what these “datasets” contained, despite acknowledging that they “may be highly intrusive.” The Snowden documents shine light on some of the core GCHQ bulk data-gathering programs that the committee was likely referring to — pulling back the veil of secrecy that has shielded some of the agency’s most controversial surveillance operations from public scrutiny. KARMA POLICE and MUTANT BROTH are among the key bulk collection systems. But they do not operate in isolation — and the scope of GCHQ’s spying extends far beyond them.
  • The agency operates a bewildering array of other eavesdropping systems, each serving its own specific purpose and designated a unique code name, such as: SOCIAL ANTHROPOID, which is used to analyze metadata on emails, instant messenger chats, social media connections and conversations, plus “telephony” metadata about phone calls, cell phone locations, text and multimedia messages; MEMORY HOLE, which logs queries entered into search engines and associates each search with an IP address; MARBLED GECKO, which sifts through details about searches people have entered into Google Maps and Google Earth; and INFINITE MONKEYS, which analyzes data about the usage of online bulletin boards and forums. GCHQ has other programs that it uses to analyze the content of intercepted communications, such as the full written body of emails and the audio of phone calls. One of the most important content collection capabilities is TEMPORA, which mines vast amounts of emails, instant messages, voice calls and other communications and makes them accessible through a Google-style search tool named XKEYSCORE.
  • As of September 2012, TEMPORA was collecting “more than 40 billion pieces of content a day” and it was being used to spy on people across Europe, the Middle East, and North Africa, according to a top-secret memo outlining the scope of the program. The existence of TEMPORA was first revealed by The Guardian in June 2013. To analyze all of the communications it intercepts and to build a profile of the individuals it is monitoring, GCHQ uses a variety of different tools that can pull together all of the relevant information and make it accessible through a single interface. SAMUEL PEPYS is one such tool, built by the British spies to analyze both the content and metadata of emails, browsing sessions, and instant messages as they are being intercepted in real time. One screenshot of SAMUEL PEPYS in action shows the agency using it to monitor an individual in Sweden who visited a page about GCHQ on the U.S.-based anti-secrecy website Cryptome.
  • Partly due to the U.K.’s geographic location — situated between the United States and the western edge of continental Europe — a large amount of the world’s Internet traffic passes through its territory across international data cables. In 2010, GCHQ noted that what amounted to “25 percent of all Internet traffic” was transiting the U.K. through some 1,600 different cables. The agency said that it could “survey the majority of the 1,600” and “select the most valuable to switch into our processing systems.”
  • According to Joss Wright, a research fellow at the University of Oxford’s Internet Institute, tapping into the cables allows GCHQ to monitor a large portion of foreign communications. But the cables also transport masses of wholly domestic British emails and online chats, because when anyone in the U.K. sends an email or visits a website, their computer will routinely send and receive data from servers that are located overseas. “I could send a message from my computer here [in England] to my wife’s computer in the next room and on its way it could go through the U.S., France, and other countries,” Wright says. “That’s just the way the Internet is designed.” In other words, Wright adds, that means “a lot” of British data and communications transit across international cables daily, and are liable to be swept into GCHQ’s databases.
  • A map from a classified GCHQ presentation about intercepting communications from undersea cables. GCHQ is authorized to conduct dragnet surveillance of the international data cables through so-called external warrants that are signed off by a government minister. The external warrants permit the agency to monitor communications in foreign countries as well as British citizens’ international calls and emails — for example, a call from Islamabad to London. They prohibit GCHQ from reading or listening to the content of “internal” U.K. to U.K. emails and phone calls, which are supposed to be filtered out from GCHQ’s systems if they are inadvertently intercepted unless additional authorization is granted to scrutinize them. However, the same rules do not apply to metadata. A little-known loophole in the law allows GCHQ to use external warrants to collect and analyze bulk metadata about the emails, phone calls, and Internet browsing activities of British people, citizens of closely allied countries, and others, regardless of whether the data is derived from domestic U.K. to U.K. communications and browsing sessions or otherwise. In March, the existence of this loophole was quietly acknowledged by the U.K. parliamentary committee’s surveillance review, which stated in a section of its report that “special protection and additional safeguards” did not apply to metadata swept up using external warrants and that domestic British metadata could therefore be lawfully “returned as a result of searches” conducted by GCHQ.
  • Perhaps unsurprisingly, GCHQ appears to have readily exploited this obscure legal technicality. Secret policy guidance papers issued to the agency’s analysts instruct them that they can sift through huge troves of indiscriminately collected metadata records to spy on anyone regardless of their nationality. The guidance makes clear that there is no exemption or extra privacy protection for British people or citizens from countries that are members of the Five Eyes, a surveillance alliance that the U.K. is part of alongside the U.S., Canada, Australia, and New Zealand. “If you are searching a purely Events only database such as MUTANT BROTH, the issue of location does not occur,” states one internal GCHQ policy document, which is marked with a “last modified” date of July 2012. The document adds that analysts are free to search the databases for British metadata “without further authorization” by inputing a U.K. “selector,” meaning a unique identifier such as a person’s email or IP address, username, or phone number. Authorization is “not needed for individuals in the U.K.,” another GCHQ document explains, because metadata has been judged “less intrusive than communications content.” All the spies are required to do to mine the metadata troves is write a short “justification” or “reason” for each search they conduct and then click a button on their computer screen.
  • Intelligence GCHQ collects on British persons of interest is shared with domestic security agency MI5, which usually takes the lead on spying operations within the U.K. MI5 conducts its own extensive domestic surveillance as part of a program called DIGINT (digital intelligence).
  • GCHQ’s documents suggest that it typically retains metadata for periods of between 30 days to six months. It stores the content of communications for a shorter period of time, varying between three to 30 days. The retention periods can be extended if deemed necessary for “cyber defense.” One secret policy paper dated from January 2010 lists the wide range of information the agency classes as metadata — including location data that could be used to track your movements, your email, instant messenger, and social networking “buddy lists,” logs showing who you have communicated with by phone or email, the passwords you use to access “communications services” (such as an email account), and information about websites you have viewed.
  • Records showing the full website addresses you have visited — for instance, www.gchq.gov.uk/what_we_do — are treated as content. But the first part of an address you have visited — for instance, www.gchq.gov.uk — is treated as metadata. In isolation, a single metadata record of a phone call, email, or website visit may not reveal much about a person’s private life, according to Ethan Zuckerman, director of Massachusetts Institute of Technology’s Center for Civic Media. But if accumulated and analyzed over a period of weeks or months, these details would be “extremely personal,” he told The Intercept, because they could reveal a person’s movements, habits, religious beliefs, political views, relationships, and even sexual preferences. For Zuckerman, who has studied the social and political ramifications of surveillance, the most concerning aspect of large-scale government data collection is that it can be “corrosive towards democracy” — leading to a chilling effect on freedom of expression and communication. “Once we know there’s a reasonable chance that we are being watched in one fashion or another it’s hard for that not to have a ‘panopticon effect,’” he said, “where we think and behave differently based on the assumption that people may be watching and paying attention to what we are doing.”
  • When compared to surveillance rules in place in the U.S., GCHQ notes in one document that the U.K. has “a light oversight regime.” The more lax British spying regulations are reflected in secret internal rules that highlight greater restrictions on how NSA databases can be accessed. The NSA’s troves can be searched for data on British citizens, one document states, but they cannot be mined for information about Americans or other citizens from countries in the Five Eyes alliance. No such constraints are placed on GCHQ’s own databases, which can be sifted for records on the phone calls, emails, and Internet usage of Brits, Americans, and citizens from any other country. The scope of GCHQ’s surveillance powers explain in part why Snowden told The Guardian in June 2013 that U.K. surveillance is “worse than the U.S.” In an interview with Der Spiegel in July 2013, Snowden added that British Internet cables were “radioactive” and joked: “Even the Queen’s selfies to the pool boy get logged.”
  • In recent years, the biggest barrier to GCHQ’s mass collection of data does not appear to have come in the form of legal or policy restrictions. Rather, it is the increased use of encryption technology that protects the privacy of communications that has posed the biggest potential hindrance to the agency’s activities. “The spread of encryption … threatens our ability to do effective target discovery/development,” says a top-secret report co-authored by an official from the British agency and an NSA employee in 2011. “Pertinent metadata events will be locked within the encrypted channels and difficult, if not impossible, to prise out,” the report says, adding that the agencies were working on a plan that would “(hopefully) allow our Internet Exploitation strategy to prevail.”
Paul Merrell

Senate Investigation of Bush-Era Torture Erupts Into Constitutional Crisis | The Nation - 0 views

www.thenation.com/...e-erupts-constitutional-crisis

surveillance state CIA Feinstein Senate-Intelligence-Committee

shared by Paul Merrell on 12 Mar 14 - No Cached
  • Here’s what Feinstein described Tuesday morning: At some time after the committee staff identified and reviewed the Internal Panetta Review documents, access to the vast majority of them was removed by the CIA. We believe this happened in 2010 but we have no way of knowing the specifics. Nor do we know why the documents were removed. The staff was focused on reviewing the tens of thousands of new documents that continued to arrive on a regular basis. […] Shortly [after Udall’s comments], on January 15, 2014, CIA Director Brennan requested an emergency meeting to inform me and Vice Chairman Chambliss that without prior notification or approval, CIA personnel had conducted a “search”—that was John Brennan’s word—of the committee computers at the offsite facility. This search involved not only a search of documents provided to the committee by the CIA, but also a search of the ”stand alone” and “walled-off” committee network drive containing the committee’s own internal work product and communications. According to Brennan, the computer search was conducted in response to indications that some members of the committee staff might already have had access to the Internal Panetta Review. The CIA did not ask the committee or its staff if the committee had access to the Internal Review, or how we obtained it. Instead, the CIA just went and searched the committee’s computers.
  • If what Feinstein alleges is true, it essentially amounts to a constitutional crisis. And she said as much during her speech, describing “a defining moment for the oversight of our intelligence community.” “I have grave concerns that the CIA’s search may well have violated the separation of powers principles embodied in the United States Constitution, including the Speech and Debate clause. It may have undermined the constitutional framework essential to effective congressional oversight of intelligence activities or any other government function,” Feinstein said. “Besides the constitutional implications, the CIA’s search may also have violated the Fourth Amendment, the Computer Fraud and Abuse Act, as well as Executive Order 12333, which prohibits the CIA from conducting domestic searches or surveillance.”
  • There’s also the issue of intimidation. The media reports that have been bubbling up recently around this issue have suggested that Senate investigators illegally obtained the Panetta review—some even raised the specter of hacking by the Senate investigators. The CIA went so far as to file a crime report with the Department of Justice, accusing Senate staffers of illegally obtaining the Panetta review. Tuesday morning, Feinstein strenuously denied the review was illegally obtained, and asserted it was included in the 6.2 million files turned over by the CIA and describing at length why Senate lawyers felt it was a lawful document for the committee to possess. And, in a remarkable statement, Feinstein accused the CIA of intimidation by filing the crime report. “[T]here is no legitimate reason to allege to the Justice Department that Senate staff may have committed a crime. I view the acting general counsel’s referral [to DoJ] as a potential effort to intimidate this staff—and I am not taking it lightly.” Feinstein went on to note one fairly amazing fact. The (acting) general counsel she referred to, who filed the complaint with DoJ, was a lawyer in the CIA’s counterterrorism center beginning in 2004. That means he was directly involved in legal justifications for the torture program. “And now this individual is sending a crimes report to the Department of Justice on the actions of congressional staff,” she noted gravely. “The same congressional staff who researched and drafted a report that details how CIA officers—including the acting general counsel himself—provided inaccurate information to the Department of Justice about the program.”
  • ...5 more annotations...
  • Feinstein included an interesting aside in her speech. “Let me note: because the CIA has refused to answer the questions in my January 23 letter, and the CIA inspector general review is ongoing, I have limited information about exactly what the CIA did in conducting its search.”
  • Also: remember that earlier this year, in response to a question from Senator Bernie Sanders, the National Security Agency did not expressly deny spying on Congress. The NSA may just have been being careful with its language, reasoning that since bulk data collection exists, perhaps members of Congress were caught up in it. But the question remains: if the CIA felt justified spying on Senate computers, may it have listened in on phone calls as well?
  • Feinstein’s grave concerns were echoed Tuesday morning by Senator Patrick Leahy, chair of the Senate Judiciary Committee. “This is not just about getting to the truth of the CIA’s shameful use of torture. This is also about the core founding principle of the separation of powers, and the future of this institution and its oversight role,” Leahy said in a statement. “The Senate is bigger than any one Senator. Senators come and go, but the Senate endures. The members of the Senate must stand up in defense of this institution, the Constitution, and the values upon which this nation was founded.”
  • Underlying this constitutional crisis is a desire by many at the CIA to sweep the Bush-era torture abuses under the rug. That logically would be the clear motivating factor in seizing the Panetta review from Senate investigators. And Brennan wasn’t afraid to keep pushing that approach—even during the same Tuesday interview with NBC’s Mitchell in which he denied “spying” on the Senate. Brennan also said that the CIA’s history of detention and interrogation should be “put behind us.” (It should be noted, of course, that there is strong circumstantial evidence that Brennan himself was complicit in the illegal torture program when he served in the Bush administration.) In the wake of her revelations on Tuesday, Feinstein renewed her desire to declassify the Senate report. “We’re not going to stop. I intend to move to have the findings, conclusions and the executive summary of the report sent to the president for declassification and release to the American people,” she said, and suggested the findings will shock the public. “If the Senate can declassify this report, we will be able to ensure that an un-American, brutal program of detention and interrogation will never again be considered or permitted.”
  • Obama has long said he supports declassification, and it seems it will happen soon. Tuesday, Feinstein was already moving to hold a committee vote on declassification. Committee Republicans will likely oppose it, but independent Senator Angus King, the swing vote, told reporters he is inclined to vote for declassification.
  • Paul Merrell on 12 Mar 14
     
    Note the error in the last quoted paragraph: Obama has said he supports declassification of the Senate report's *findings," not the entire report. That's likely over a 6,000-page difference.
Paul Merrell

NSA loophole allows warrantless search for US citizens' emails and phone calls | World ... - 0 views

www.theguardian.com/...rrantless-searches-email-calls

surveillance state NSA Wyden FISA-loophole must-read

shared by Paul Merrell on 17 Aug 13 - No Cached
  • The National Security Agency has a secret backdoor into its vast databases under a legal authority enabling it to search for US citizens' email and phone calls without a warrant, according to a top-secret document passed to the Guardian by Edward Snowden.The previously undisclosed rule change allows NSA operatives to hunt for individual Americans' communications using their name or other identifying information. Senator Ron Wyden told the Guardian that the law provides the NSA with a loophole potentially allowing "warrantless searches for the phone calls or emails of law-abiding Americans".The authority, approved in 2011, appears to contrast with repeated assurances from Barack Obama and senior intelligence officials to both Congress and the American public that the privacy of US citizens is protected from the NSA's dragnet surveillance programs.
  • The intelligence data is being gathered under Section 702 of the of the Fisa Amendments Act (FAA), which gives the NSA authority to target without warrant the communications of foreign targets, who must be non-US citizens and outside the US at the point of collection.The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as "incidental collection" in surveillance parlance.But this is the first evidence that the NSA has permission to search those databases for specific US individuals' communications.
  • A secret glossary document provided to operatives in the NSA's Special Source Operations division – which runs the Prism program and large-scale cable intercepts through corporate partnerships with technology companies – details an update to the "minimization" procedures that govern how the agency must handle the communications of US persons. That group is defined as both American citizens and foreigners located in the US."While the FAA 702 minimization procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data," the glossary states, "analysts may NOT/NOT [not repeat not] implement any USP [US persons] queries until an effective oversight process has been developed by NSA and agreed to by DOJ/ODNI [Office of the Director of National Intelligence]."The term "identifiers" is NSA jargon for information relating to an individual, such as telephone number, email address, IP address and username as well as their name.The document – which is undated, though metadata suggests this version was last updated in June 2012 – does not say whether the oversight process it mentions has been established or whether any searches against US person names have taken place.
  • ...2 more annotations...
  • Wyden, an Oregon Democrat on the Senate intelligence committee, has obliquely warned for months that the NSA's retention of Americans' communications incidentally collected and its ability to search through it has been far more extensive than intelligence officials have stated publicly. Speaking this week, Wyden told the Guardian it amounts to a "backdoor search" through Americans' communications data."Section 702 was intended to give the government new authorities to collect the communications of individuals believed to be foreigners outside the US, but the intelligence community has been unable to tell Congress how many Americans have had their communications swept up in that collection," he said."Once Americans' communications are collected, a gap in the law that I call the 'back-door searches loophole' allows the government to potentially go through these communications and conduct warrantless searches for the phone calls or emails of law-abiding Americans."
  • Exclusive: Spy agency has secret backdoor permission to search databases for individual Americans' communications
Paul Merrell

My family's Google searching got us a visit from counterterrorism police | Michele Cata... - 0 views

www.theguardian.com/...nment-tracking-google-searches

surveillance state NSA surveillance-incidents lies

shared by Paul Merrell on 02 Aug 13 - No Cached
  • Paul Merrell on 02 Aug 13
     
    Note the difference between the author's statement that the Google searches were conducted on their home computers, while the police claim the searches were conducted on a workplace computer, which is essential to the explanation of the discovery of the searches by an unnamed computer company "regarding suspicious searches conducted by a recently released employee." It seems far more likely that this is a police cover story for information gained through NSA surveillance.  
Paul Merrell

How the NSA Converts Spoken Words Into Searchable Text - The Intercept - 0 views

firstlook.org/...nition-snowden-searchable-text

surveillance state NSA voice-to-text search

shared by Paul Merrell on 07 May 15 - No Cached
  • Most people realize that emails and other digital communications they once considered private can now become part of their permanent record. But even as they increasingly use apps that understand what they say, most people don’t realize that the words they speak are not so private anymore, either. Top-secret documents from the archive of former NSA contractor Edward Snowden show the National Security Agency can now automatically recognize the content within phone calls by creating rough transcripts and phonetic representations that can be easily searched and stored. The documents show NSA analysts celebrating the development of what they called “Google for Voice” nearly a decade ago.
  • Most people realize that emails and other digital communications they once considered private can now become part of their permanent record. But even as they increasingly use apps that understand what they say, most people don’t realize that the words they speak are not so private anymore, either. Top-secret documents from the archive of former NSA contractor Edward Snowden show the National Security Agency can now automatically recognize the content within phone calls by creating rough transcripts and phonetic representations that can be easily searched and stored. The documents show NSA analysts celebrating the development of what they called “Google for Voice” nearly a decade ago.
  • Though perfect transcription of natural conversation apparently remains the Intelligence Community’s “holy grail,” the Snowden documents describe extensive use of keyword searching as well as computer programs designed to analyze and “extract” the content of voice conversations, and even use sophisticated algorithms to flag conversations of interest. The documents include vivid examples of the use of speech recognition in war zones like Iraq and Afghanistan, as well as in Latin America. But they leave unclear exactly how widely the spy agency uses this ability, particularly in programs that pick up considerable amounts of conversations that include people who live in or are citizens of the United States.
  • ...9 more annotations...
  • The Defense Department, through its Defense Advanced Research Projects Agency (DARPA), started funding academic and commercial research into speech recognition in the early 1970s. What emerged were several systems to turn speech into text, all of which slowly but gradually improved as they were able to work with more data and at faster speeds. In a brief interview, Dan Kaufman, director of DARPA’s Information Innovation Office, indicated that the government’s ability to automate transcription is still limited. Kaufman says that automated transcription of phone conversation is “super hard,” because “there’s a lot of noise on the signal” and “it’s informal as hell.”
  • A 2008 document from the Snowden archive shows that  transcribing news broadcasts was already working well seven years ago, using a program called Enhanced Video Text and Audio Processing: (U//FOUO) EViTAP is a fully-automated news monitoring tool. The key feature of this Intelink-SBU-hosted tool is that it analyzes news in six languages, including Arabic, Mandarin Chinese, Russian, Spanish, English, and Farsi/Persian. “How does it work?” you may ask. It integrates Automatic Speech Recognition (ASR) which provides transcripts of the spoken audio. Next, machine translation of the ASR transcript translates the native language transcript to English. Voila! Technology is amazing. A version of the system the NSA uses is now even available commercially.
  • But even then, a newer, more sophisticated product was already being rolled out by the NSA’s Human Language Technology (HLT) program office. The new system, called VoiceRT, was first introduced in Baghdad, and “designed to index and tag 1 million cuts per day.” The goal, according to another 2006 memo, was to use voice processing technology to be able “index, tag and graph,” all intercepted communications. “Using HLT services, a single analyst will be able to sort through millions of cuts per day and focus on only the small percentage that is relevant,” the memo states. A 2009 memo from the NSA’s British partner, GCHQ, describes how “NSA have had the BBN speech-to-text system Byblos running at Fort Meade for at least 10 years. (Initially they also had Dragon.) During this period they have invested heavily in producing their own corpora of transcribed Sigint in both American English and an increasing range of other languages.” (GCHQ also noted that it had its own small corpora of transcribed voice communications, most of which happened to be “Northern Irish accented speech.”)
  • According to a 2011 memo, “How is Human Language Technology (HLT) Progressing?“, NSA that year deployed “HLT Labs” to Afghanistan, NSA facilities in Texas and Georgia, and listening posts in Latin America run by the Special Collection Service, a joint NSA/CIA unit that operates out of embassies and other locations. “Spanish is the most mature of our speech-to-text analytics,” the memo says, noting that the NSA and its Special Collections Service sites in Latin America, have had “great success searching for Spanish keywords.”
  • The Snowden archive, as searched and analyzed by The Intercept, documents extensive use of speech-to-text by the NSA to search through international voice intercepts — particularly in Iraq and Afghanistan, as well as Mexico and Latin America. For example, speech-to-text was a key but previously unheralded element of the sophisticated analytical program known as the Real Time Regional Gateway (RTRG), which started in 2005 when newly appointed NSA chief Keith B. Alexander, according to the Washington Post, “wanted everything: Every Iraqi text message, phone call and e-mail that could be vacuumed up by the agency’s powerful computers.” The Real Time Regional Gateway was credited with playing a role in “breaking up Iraqi insurgent networks and significantly reducing the monthly death toll from improvised explosive devices.” The indexing and searching of “voice cuts” was deployed to Iraq in 2006. By 2008, RTRG was operational in Afghanistan as well.
  • VoiceRT, in turn, was surpassed a few years after its launch. According to the intelligence community’s “Black Budget” for fiscal year 2013, VoiceRT was decommissioned and replaced in 2011 and 2012, so that by 2013, NSA could operationalize a new system. This system, apparently called SPIRITFIRE, could handle more data, faster. SPIRITFIRE would be “a more robust voice processing capability based on speech-to-text keyword search and paired dialogue transcription.”
  • What’s less clear from the archive is how extensively this capability is used to transcribe or otherwise index and search voice conversations that primarily involve what the NSA terms “U.S. persons.” The NSA did not answer a series of detailed questions about automated speech recognition, even though an NSA “classification guide” that is part of the Snowden archive explicitly states that “The fact that NSA/CSS has created HLT models” for speech-to-text processing as well as gender, language and voice recognition, is “UNCLASSIFIED.”
  • Also unclassified: The fact that the processing can sort and prioritize audio files for human linguists, and that the statistical models are regularly being improved and updated based on actual intercepts. By contrast, because they’ve been tuned using actual intercepts, the specific parameters of the systems are highly classified.
  • The presidentially appointed but independent Privacy and Civil Liberties Oversight Board (PCLOB) didn’t mention speech-to-text technology in its public reports. “I’m not going to get into whether any program does or does not have that capability,” PCLOB chairman David Medine told The Intercept. His board’s reports, he said, contained only information that the intelligence community agreed could be declassified.
Paul Merrell

Transcript: Comey Says Authors of Encryption Letter Are Uninformed or Not Fair-Minded |... - 0 views

justsecurity.org/...-letter-uninformed-fair-minded

surveillance state FBI Comey encryption backdoors

shared by Paul Merrell on 21 May 15 - No Cached
  • Earlier today, FBI Director James Comey implied that a broad coalition of technology companies, trade associations, civil society groups, and security experts were either uninformed or were not “fair-minded” in a letter they sent to the President yesterday urging him to reject any legislative proposals that would undermine the adoption of strong encryption by US companies. The letter was signed by dozens of organizations and companies in the latest part of the debate over whether the government should be given built-in access to encrypted data (see, for example, here, here, here, and here for previous iterations). The comments were made at the Third Annual Cybersecurity Law Institute held at Georgetown University Law Center. The transcript of his encryption-related discussion is below (emphasis added).
  • Increasingly, communications at rest sitting on a device or in motion are encrypted. The device is encrypted or the communication is encrypted and therefore unavailable to us even with a court order. So I make a showing of probable cause to a judge in a criminal case or in an intelligence case to the Foreign Intelligence Surveillance Court judge that the content of a particular defense or a particular communication stream should be collected to our statutory authority, and the judge approves, increasingly we are finding ourselves unable to read what we find or we’re unable to open a device. And that is a serious concern. I am actually — I think encryption is a good thing. I think there are tremendous societal benefits to encryption. That’s one of the reasons the FBI tells people not only lock your cars, but you should encrypt things that are important to you to make it harder for thieves to take them.
  • A group of tech companies and some prominent folks wrote a letter to the President yesterday that I frankly found depressing. Because their letter contains no acknowledgment that there are societal costs to universal encryption. Look, I recognize the challenges facing our tech companies. Competitive challenges, regulatory challenges overseas, all kinds of challenges. I recognize the benefits of encryption, but I think fair-minded people also have to recognize the costs associated with that. And I read this letter and I think, “Either these folks don’t see what I see or they’re not fair-minded.” And either one of those things is depressing to me. So I’ve just got to continue to have the conversation. I don’t know the answer, but I don’t think a democracy should drift to a place where suddenly law enforcement people say, “Well, actually we — the Fourth Amendment is an awesome thing, but we actually can’t access any information.”
  • ...2 more annotations...
  • But we have a collision going on in this country that’s getting closer and closer to an actual head-on, which is our important interest in privacy — which I am passionate about — and our important interest in public safety. The logic of universal encryption is inexorable that our authority under the Fourth Amendment — an amendment that I think is critical to ordered liberty — with the right predication and the right oversight to obtain information is going to become increasingly irrelevant. As all of our lives become digital, the logic of encryption is that all of our lives will be covered by strong encryption, therefore all of our lives — I know there are no criminals here, but including the lives of criminals and terrorists and spies — will be in a place that is utterly unavailable to court ordered process. And that, I think, to a democracy should be very, very concerning. I think we need to have a conversation about it. Again, how do we strike the right balance? Privacy matters tremendously. Public safety, I think, matters tremendously to everybody. I think fair-minded people have to recognize that there are tremendous benefits to a society from encryption. There are tremendous costs to a society from universal strong encryption. And how do we think about that?
  • We’ve got to have a conversation long before the logic of strong encryption takes us to that place. And smart people, reasonable people will disagree mightily. Technical people will say it’s too hard. My reaction to that is: Really? Too hard? Too hard for the people we have in this country to figure something out? I’m not that pessimistic. I think we ought to have a conversation.
  • Paul Merrell on 21 May 15
     
    Considering that I'm over 10 times as likely to die from a police shoooting as I am from a terrorist attack, how about we begin this conversation, Mr. Comey, by you providing formal notice to everyone who's had the telephone metadata gathered or searched all dates on which such gatherings and searches were conducted so citizens can file suit for violation of their privacy rights? Note that the Second U.S. Circuit Court of Appeals held last week that the FBI exceeded statutory authority in gathering and searching that information. Because the gathering and searching was not authorized, that would bring the gathering and searching under the protections of the Privacy Act, including the FBI duty to account for the disclosures  and to pay at least the statutory minimum $1,500 in damges per incident.  Then I would like to have an itemization of all of the commercial software and hardware products that your agency and or your buddies at NSA built backdoors into.  Then your resignation for millions of violations of the Privacy Act would be deeply appreciated. Please feel free to delegate the above mentioned tasks to your successor. 
Paul Merrell

James Clapper Confirms VADM Mike Rogers Needlessly Obfuscated in Confirmation Hearing |... - 0 views

www.emptywheel.net/...scated-in-confirmation-hearing

surveillance state NSA lies Clapper Mike-Rogers

shared by Paul Merrell on 02 Apr 14 - No Cached
  • On Friday, James Clapper finally provided Ron Wyden an unclassified response to a question he posed on January 29, admitting that the NSA conducts back door searches. (via Charlie Savage) As reflected in the August 2013 Semiannual Assessment of Compliance with Procedures and Guidelines Issued Pursuant to Section 702, which we declassified and released on August 21, 2013, there have been queries, using U.S. person identifiers, of communications lawfully acquired to obtain foreign intelligence by targeting non U.S. persons reasonably believed to be located outside the U.S. pursuant to Section 702 of FISA. It has taken just 9 months for Clapper to admit that, contrary to months of denials, the NSA (and FBI, which he doesn’t confirm but which the Report makes clear, as well as the CIA) can get the content of Americans’ communications without a warrant. But Clapper’s admission that this fact was declassified in August should disqualify Vice Admiral Mike Rogers from confirmation as CyberComm head (I believe he started serving as DIRNSA head, which doesn’t require confirmation, yesterday). Because it means Rogers refused to answer a question the response to which was already declassified.
  • Udall: If I might, in looking ahead, I want to turn to the 702 program and ask a policy question about the authorities under Section 702 that’s written into the FISA Amendments Act. The Committee asked your understanding of the legal rationale for NASA [sic] to search through data acquired under Section 702 using US person identifiers without probable cause. You replied the NASA–the NSA’s court approved procedures only permit searches of this lawfully acquired data using US person identifiers for valid foreign intelligence purposes and under the oversight of the Justice Department and the DNI. The statute’s written to anticipate the incidental collection of Americans’ communications in the course of collecting the communications of foreigners reasonably believed to be located overseas. But the focus of that collection is clearly intended to be foreigners’ communications, not Americans. But declassified court documents show that in 2011 the NSA sought and obtained the authority to go through communications collected under Section 702 and conduct warrantless searches for the communications of specific Americans. Now, my question is simple. Have any of those searches been conducted?
  • Rogers: I apologize Sir, I’m not in a position to answer that as the nominee. Udall: You–yes. Rogers: But if you would like me to come back to you in the future if confirmed to be able to specifically address that question I will be glad to do so, Sir. Udall: Let me follow up on that. You may recall that Director Clapper was asked this question in a hearing earlier this year and he didn’t believe that an open forum was the appropriate setting in which to discuss these issues. The problem that I have, Senator Wyden’s had, and others is that we’ve tried in various ways to get an unclassified answer — simple answer, yes or no — to the question. We want to have an answer because it relates — the answer does — to Americans’ privacy. Can you commit to answering the question before the Committee votes on your nomination?
  • ...3 more annotations...
  • Rogers: Sir, I believe that one of my challenges as the Director, if confirmed, is how do we engage the American people — and by extension their representatives — in a dialogue in which they have a level of comfort as to what we are doing and why. That is no insignificant challenge for those of us with an intelligence background, to be honest. But I believe that one of the takeaways from the situation over the last few months has been as an intelligence professional, as a senior intelligence leader, I have to be capable of communicating in a way that we are doing and why to the greatest extent possible. That perhaps the compromise is, if it comes to the how we do things, and the specifics, those are perhaps best addressed in classified sessions, but that one of my challenges is I have to be able to speak in broad terms in a way that most people can understand. And I look forward to that challenge. Udall: I’m going to continue asking that question and I look forward to working with you to rebuild the confidence. [my emphasis]
  • I assume that now that Clapper has given him the okay to discuss unclassified topics with Congress, Rogers will now provide a forthright answer, all the while claiming he was ignorant about the answer at the time (fine! then make me DIRNSA because I know more about it!). But Rogers’ response went far beyond such an answer. He refused — not just in the hearing but even after it — to commit to answering a question with a completely unclassified answer. And as I pointed out in this post, his written answers were even more obfuscatory. I don’t get a vote. But I think this should disqualify him as a nominee.
  • Update: Here’s the exchange in Rogers’ questions for the record on back door searches. What is your understanding of the legal rationale for NSA to search through data acquired under section 702 using U.S. Persons identifiers without probable cause? Information acquired by NSA under Section 702 of FI SA must be handled in strict accordance with minimization procedures adopted by the Attorney General and approved by the Foreign Intelligence Surveillance Court. As required by the statute and certifications approving Section 702 acquisitions, such activities must be limite d to targeting non-U.S. persons reasonably believed to be located outside the United States . NSA’s Court-approved procedures only permit searches of this lawfully acquired data using U.S. person identifiers for valid foreign intelligence purposes and under the oversight of the Department of Justice and Office of Director of National Intelligence.
Paul Merrell

Yahoo webcam images from millions of users intercepted by GCHQ | World news | The Guardian - 0 views

www.theguardian.com/...a-webcam-images-internet-yahoo

surveillance state GCHQ NSA NSA-methods webcam-intercepts

shared by Paul Merrell on 28 Feb 14 - No Cached
  • Britain's surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.In one six-month period in 2008 alone, the agency collected webcam imagery – including substantial quantities of sexually explicit communications – from more than 1.8 million Yahoo user accounts globally.Yahoo reacted furiously to the webcam interception when approached by the Guardian. The company denied any prior knowledge of the program, accusing the agencies of "a whole new level of violation of our users' privacy".
  • GCHQ does not have the technical means to make sure no images of UK or US citizens are collected and stored by the system, and there are no restrictions under UK law to prevent Americans' images being accessed by British analysts without an individual warrant.The documents also chronicle GCHQ's sustained struggle to keep the large store of sexually explicit imagery collected by Optic Nerve away from the eyes of its staff, though there is little discussion about the privacy implications of storing this material in the first place.
  • "Face detection has the potential to aid selection of useful images for 'mugshots' or even for face recognition by assessing the angle of the face," it reads. "The best images are ones where the person is facing the camera with their face upright."The agency did make efforts to limit analysts' ability to see webcam images, restricting bulk searches to metadata only.However, analysts were shown the faces of people with similar usernames to surveillance targets, potentially dragging in large numbers of innocent people. One document tells agency staff they were allowed to display "webcam images associated with similar Yahoo identifiers to your known target".Optic Nerve was based on collecting information from GCHQ's huge network of internet cable taps, which was then processed and fed into systems provided by the NSA. Webcam information was fed into NSA's XKeyscore search tool, and NSA research was used to build the tool which identified Yahoo's webcam traffic.
  • ...3 more annotations...
  • Optic Nerve, the documents provided by NSA whistleblower Edward Snowden show, began as a prototype in 2008 and was still active in 2012, according to an internal GCHQ wiki page accessed that year.The system, eerily reminiscent of the telescreens evoked in George Orwell's 1984, was used for experiments in automated facial recognition, to monitor GCHQ's existing targets, and to discover new targets of interest. Such searches could be used to try to find terror suspects or criminals making use of multiple, anonymous user IDs.Rather than collecting webcam chats in their entirety, the program saved one image every five minutes from the users' feeds, partly to comply with human rights legislation, and also to avoid overloading GCHQ's servers. The documents describe these users as "unselected" – intelligence agency parlance for bulk rather than targeted collection.One document even likened the program's "bulk access to Yahoo webcam images/events" to a massive digital police mugbook of previously arrested individuals.
  • Programs like Optic Nerve, which collect information in bulk from largely anonymous user IDs, are unable to filter out information from UK or US citizens. Unlike the NSA, GCHQ is not required by UK law to "minimize", or remove, domestic citizens' information from its databases. However, additional legal authorisations are required before analysts can search for the data of individuals likely to be in the British Isles at the time of the search.There are no such legal safeguards for searches on people believed to be in the US or the other allied "Five Eyes" nations – Australia, New Zealand and Canada.
  • The documents also show that GCHQ trialled automatic searches based on facial recognition technology, for people resembling existing GCHQ targets: "[I]f you search for similar IDs to your target, you will be able to request automatic comparison of the face in the similar IDs to those in your target's ID".
1 - 20 of 398 Next › Last »
Showing 20 items per page