Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged search-encryption

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
4More

Michael Hayden talks to CNN about XKEYSCORE program. - 0 views

www.slate.com/...n_about_xkeyscore_program.html surveillance state NSA xKeyScore Deep Dive Hayden
shared by Paul Merrell on 17 Aug 13 - No Cached
  • Does the NSA really operate a vast database that allows its analysts to sift through millions of records showing nearly everything a user does on the Internet, as was recently reported? Yes, and people should stop worrying and learn to love it, according former NSA chief Gen. Michael Hayden. Last week, the Guardian published a series of leaked documents revealing new details about an NSA surveillance program called XKEYSCORE. The newspaper said that the program enabled the agency to “search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals,” and secret slides dated 2008 showed how people could be deemed a target for searching the Web for “suspicious stuff” or by using encryption. Following the disclosures, Hayden appeared on CNN to discuss the agency’s surveillance programs. The general, who directed the NSA from 1999 through 2005, was remarkably candid in his responses to Erin Burnett’s questions about the Guardian’s XKEYSCORE report. Was there any truth to claims that the NSA is sifting through millions of browsing histories and able to collect virtually everything users do on the Internet? “Yeah,” Hayden said. “And it's really good news.”
  • Not only that, Hayden went further. He revealed that the XKEYSCORE was “a tool that's been developed over the years, and lord knows we were trying to develop similar tools when I was at the National Security Agency.” The XKEYSCORE system, Hayden said, allows analysts to enter a “straight-forward question” into a computer and sift through the “oceans of data” that have been collected as part of foreign intelligence gathering efforts. How this process works was illustrated in the Guardian’s report. Analysts can enter search terms to sift through data and select from a drop-down menu a target’s “foreignness factor,” which is intended to minimize the warrantless surveillance of Americans. However, operating a vast electronic dragnet such as this is far from an exact science, and the NSA’s system of sifting data from the backbone of international Internet networks likely sometimes involves gobbling up information on Americans’ communications and online activity—whether it is done wittingly or not. Indeed, the NSA reportedly only needs to have 51 percent certainty that it is targeting a foreigner. And as leaked secret rules for the surveillance have shown, even if the NSA does “inadvertently” gather Americans’ communications, it can hold on to them if they are deemed valuable for vague “foreign intelligence” purposes or if the communications show evidence of a crime that has occurred or may occur in the future.
  • In the CNN interview, Hayden described XKEYSCORE as “really quite an achievement” and said that it enabled NSA spies to find the needle in the haystack. But his ardent defense of the system is unlikely to reassure civil liberties advocates. Having Hayden’s support is a rather dubious stamp of approval, particularly because he was responsible for leading the NSA’s illegal warrantless wiretapping program, which was initiated post-9/11 and exposed by the New York Times in 2005. Hayden later went on to lead the CIA from 2006 through 2009, where he oversaw the use of the waterboarding torture technique and the operation of a controversial black-site prison program that was eventually dismantled by President Obama. The former NSA chief retired in 2009, but he has since become a regular media commentator, using a recent column at CNN to blast Snowden for leaking the secret NSA documents and implying that he’d like to see the Guardian journalist Glenn Greenwald prosecuted as a “co-conspirator” for his role reporting the surveillance scoops.
  • Paul Merrell on 17 Aug 13
     
    Let's see, the entire U.S. military has been forbidden from reading The Guardian because the documents Edward Snowden leaked are still classified. But a former NSA chief can confirm their accuracy on CNN?  Surely, even as I write a grand jury is busy indicting him on Espionage Act charges? No? Smells like hypocrisy to me. 
6More

Britain Detains the Partner of a Reporter Tied to Leaks - NYTimes.com - 0 views

www.nytimes.com/...of-reporter-tied-to-leaks.html surveillance state Greenwald Miranda-detention border-search-&-seizure thumbdrive Snowden British-Terrorism-Act
shared by Paul Merrell on 19 Aug 13 - No Cached
  • The partner of Glenn Greenwald, the journalist for The Guardian who has been publishing information leaked by the former National Security Agency contractor Edward J. Snowden, was detained for nine hours by the British authorities under a counterterrorism law while on a stop in London’s Heathrow Airport during a trip from Germany to Brazil, Mr. Greenwald said Sunday.
  • Mr. Greenwald’s partner, David Michael Miranda, 28, is a citizen of Brazil. He had spent the previous week in Berlin visiting Laura Poitras, a documentary filmmaker who has also been helping to disseminate Mr. Snowden’s leaks, to assist Mr. Greenwald. The Guardian had paid for the trip, Mr. Greenwald said, and Mr. Miranda was on his way home to Rio de Janeiro.
  • The Guardian published a report on Mr. Miranda’s detainment on Sunday afternoon. Mr. Greenwald said someone who identified himself as a security official from Heathrow Airport called him early on Sunday and informed him that Mr. Miranda had been detained, at that point for three hours. The British authorities, he said, told Mr. Miranda that they would obtain permission from a judge to arrest him for 48 hours, but he was released at the end of the nine hours, around 1 p.m. Eastern time. Mr. Miranda was in Berlin to deliver documents related to Mr. Greenwald’s investigation into government surveillance to Ms. Poitras, Mr. Greenwald said. Ms. Poitras, in turn, gave Mr. Miranda different documents to pass to Mr. Greenwald. Those documents, which were stored on encrypted thumb drives, were confiscated by airport security, Mr. Greenwald said. All of the documents came from the trove of materials provided to the two journalists by Mr. Snowden. The British authorities seized all of his electronic media — including video games, DVDs and data storage devices — and did not return them, Mr. Greenwald said.
  • Paul Merrell on 19 Aug 13
     
    My comments mighty be longer than Diigo allows from the client sidee so I will place them in in a comment following this post. However, do not miss the companion article in The Guardian, at  
  • Paul Merrell on 19 Aug 13
     
    Note that when detained, Mr. Miranda was acting in the role of a courier transporting documents on a thumb drive between two of the lead reporters working on the NSA scandal for The Guardian. The police kept the thumb drive and all other electronic devices Mr. Miranda carried, presumably to study their data stores.  Perhaps even more to the point, this was the seizure of leaked NSA documents and reporters' notes about them. I do not know about the UK law on the subject, but the shame of it is that it would be lawful accordng to the U.S. Supreme Court for U.S. Customs officials to do the same thing had Mr. Miranda arrived at an American international airport. Most Americans would be shocked to learn how many of their cherished Constitutional rights disappear at a port or entry or when crossing a border into the U.S. and when traveling within a 100-mile distance from a U.S. border on the U.S. side. But the particular detention of Mr. Miranda and seizure of the reporter's research and NSA document copies was sure from the outset to cause a major media stir. It has also provoked a strong diplomatic protest from Brazil This incident has already provoked not only a strong diplomatic protest from Brazil, but also in the UK, "Labour MP Tom Watson said he was shocked at the news and called for it to be made clear if any ministers were involved in authorising the detention." Also note in The Guardian article that the police were acting under authority of the draconian British Terrorism Act, which does not limit its application to those who are not suspected of being a terrorist. That UK government was willing to endure a public whipping by the media testifies loudly to the desperation of spy agencies - in the U.K., U.S., Australia, New Zealand, Canada, and Israel intelligence alliance - to learn what documents Snowden leaked to Glenn Greenwald and the Washington Post so they have a clue about: [i] what hammer blows will hit them in the future so they can get out i
  • Paul Merrell on 19 Aug 13
     
    I see that I forgot to paste the link to the companion article in The Guardian. Here 'tis. http://www.theguardian.com/world/2013/aug/18/glenn-greenwald-guardian-partner-detained-heathrow
5More

NSA Issues Non-Denial Denial Of Infiltrating Google & Yahoo's Networks | Techdirt - 0 views

www.techdirt.com/...g-google-yahoos-networks.shtml surveillance state NSA NSA-targets Google Yahoo lies
shared by Paul Merrell on 31 Oct 13 - No Cached
  • While NSA boss Keith Alexander issued a misleading denial of this morning's report of how the NSA has infiltrated Yahoo and Google's networks by hacking into their private network connections between datacenters, the NSA has now come out with its official statement which is yet another typical non-denial denial. They deny things that weren't quite said while refusing to address the actual point:
  • Note what is missing from all of this. They do not deny hacking into the data center connection lines outside of the US. They do not deny getting access to all that data, especially on non-US persons. As for the claim that they're protecting the privacy of US persons, previous statements from Robert Litt, the general counsel for the Office of the Director of National Intelligence, have already made it clear that if they collect info on Americans, they're going to use this loophole to search them: "If we're validly targeting foreigners and we happen to collect communications of Americans, we don't have to close our eyes to that," Litt said. "I'm not aware of other situations where once we have lawfully collected information, we have to go back and get a warrant to look at the information we've already collected."
  • So, for all the claims that this kind of information will be "minimized," it certainly looks like they've already admitted they don't do that. Meanwhile, that Guardian article that has the NSA's response also has responses from the 3 other players in this drama. There's the UK's GCHQ, who apparently has partnered with the NSA in breaking into Google and Yahoo. It didn't want to say a damn thing: "We are aware of the story but we don't have any comment."
  • ...2 more annotations...
  • Google, however, was reasonably furious about this story. In a statement, Google's chief legal officer, David Drummond, said the company was "outraged" by the latest revelations. "We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide," he said. "We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform."
  • Yahoo's response, unfortunately, was a lot more restrained and not particularly on point. "We have strict controls in place to protect the security of our data centers, and we have not given access to our data centers to the NSA or to any other government agency." Yeah, but the story is how the NSA got around your security. Yahoo should be a lot angrier about this. One hopes that once the technical people talk to management, the company will realize just how bad this situation is. Hopefully, this means that Google and Yahoo will stop just focusing on getting more "transparency" out of the government concerning NSA surveillance, and will start taking a much more active role. This includes: (1) pushing back hard against government surveillance, including going to court to stop it and (2) building much more secure systems that cannot be easily compromised by the NSA.
4More

The Digital Hunt for Duqu, a Dangerous and Cunning U.S.-Israeli Spy Virus - The Intercept - 0 views

firstlook.org/...stuxnet surveillance state cyberwar Stuxnet
shared by Paul Merrell on 14 Nov 14 - No Cached
  • “Is this related to what we talked about before?” Bencsáth said, referring to a previous discussion they’d had about testing new services the company planned to offer customers. “No, something else,” Bartos said. “Can you come now? It’s important. But don’t tell anyone where you’re going.” Bencsáth wolfed down the rest of his lunch and told his colleagues in the lab that he had a “red alert” and had to go. “Don’t ask,” he said as he ran out the door. A while later, he was at Bartos’ office, where a triage team had been assembled to address the problem they wanted to discuss. “We think we’ve been hacked,” Bartos said.
  • They found a suspicious file on a developer’s machine that had been created late at night when no one was working. The file was encrypted and compressed so they had no idea what was inside, but they suspected it was data the attackers had copied from the machine and planned to retrieve later. A search of the company’s network found a few more machines that had been infected as well. The triage team felt confident they had contained the attack but wanted Bencsáth’s help determining how the intruders had broken in and what they were after. The company had all the right protections in place—firewalls, antivirus, intrusion-detection and -prevention systems—and still the attackers got in.
  • Bencsáth was a teacher, not a malware hunter, and had never done such forensic work before. At the CrySyS Lab, where he was one of four advisers working with a handful of grad students, he did academic research for the European Union and occasional hands-on consulting work for other clients, but the latter was mostly run-of-the-mill cleanup work—mopping up and restoring systems after random virus infections. He’d never investigated a targeted hack before, let alone one that was still live, and was thrilled to have the chance. The only catch was, he couldn’t tell anyone what he was doing. Bartos’ company depended on the trust of customers, and if word got out that the company had been hacked, they could lose clients. The triage team had taken mirror images of the infected hard drives, so they and Bencsáth spent the rest of the afternoon poring over the copies in search of anything suspicious. By the end of the day, they’d found what they were looking for—an “infostealer” string of code that was designed to record passwords and other keystrokes on infected machines, as well as steal documents and take screenshots. It also catalogued any devices or systems that were connected to the machines so the attackers could build a blueprint of the company’s network architecture. The malware didn’t immediately siphon the stolen data from infected machines but instead stored it in a temporary file, like the one the triage team had found. The file grew fatter each time the infostealer sucked up data, until at some point the attackers would reach out to the machine to retrieve it from a server in India that served as a command-and-control node for the malware.
  • ...1 more annotation...
  • Bencsáth took the mirror images and the company’s system logs with him, after they had been scrubbed of any sensitive customer data, and over the next few days scoured them for more malicious files, all the while being coy to his colleagues back at the lab about what he was doing. The triage team worked in parallel, and after several more days they had uncovered three additional suspicious files. When Bencsáth examined one of them—a kernel-mode driver, a program that helps the computer communicate with devices such as printers—his heart quickened. It was signed with a valid digital certificate from a company in Taiwan (digital certificates are documents ensuring that a piece of software is legitimate). Wait a minute, he thought. Stuxnet—the cyberweapon that was unleashed on Iran’s uranium-enrichment program—also used a driver that was signed with a certificate from a company in Taiwan. That one came from RealTek Semiconductor, but this certificate belonged to a different company, C-Media Electronics. The driver had been signed with the certificate in August 2009, around the same time Stuxnet had been unleashed on machines in Iran.
3More

ACLU Demands Secret Court Hand Over Crucial Rulings On Surveillance Law - 0 views

www.mintpressnews.com/...221667 surveillance state FISA-Court opinions disclosure litigation ACLU
shared by Paul Merrell on 24 Oct 16 - No Cached
  • The American Civil Liberties Union (ACLU) has filed a motion to reveal the secret court opinions with “novel or significant interpretations” of surveillance law, in a renewed push for government transparency. The motion, filed Wednesday by the ACLU and Yale Law School’s Media Freedom and Information Access Clinic, asks the Foreign Intelligence Surveillance Act (FISA) Court, which rules on intelligence gathering activities in secret, to release 23 classified decisions it made between 9/11 and the passage of the USA Freedom Act in June 2015. As ACLU National Security Project staff attorney Patrick Toomey explains, the opinions are part of a “much larger collection of hidden rulings on all sorts of government surveillance activities that affect the privacy rights of Americans.” Among them is the court order that the government used to direct Yahoo to secretly scanits users’ emails for “a specific set of characters.” Toomey writes: These court rulings are essential for the public to understand how federal laws are being construed and implemented. They also show how constitutional protections for personal privacy and expressive activities are being enforced by the courts. In other words, access to these opinions is necessary for the public to properly oversee their government.
  • Although the USA Freedom Act requires the release of novel FISA court opinions on surveillance law, the government maintains that the rule does not apply retroactively—thereby protecting the panel from publishing many of its post-9/11 opinions, which helped create an “unprecedented buildup” of secret surveillance laws. Even after National Security Agency (NSA) whistleblower Edward Snowden revealed the scope of mass surveillance in 2013, sparking widespread outcry, dozens of rulings on spying operations remain hidden from the public eye, which stymies efforts to keep the government accountable, civil liberties advocates say. “These rulings are necessary to inform the public about the scope of the government’s surveillance powers today,” the ACLU’s motion states.
  • Toomey writes that the rulings helped influence a number of novel spying activities, including: The government’s use of malware, which it calls “Network Investigative Techniques” The government’s efforts to compel technology companies to weaken or circumvent their own encryption protocols The government’s efforts to compel technology companies to disclose their source code so that it can identify vulnerabilities The government’s use of “cybersignatures” to search through internet communications for evidence of computer intrusions The government’s use of stingray cell-phone tracking devices under the Foreign Intelligence Surveillance Act (FISA) The government’s warrantless surveillance of Americans under FISA Section 702—a controversial authority scheduled to expire in December 2017 The bulk collection of financial records by the CIA and FBI under Section 215 of the Patriot Act Without these rulings being made public, “it simply isn’t possible to understand the government’s claimed authority to conduct surveillance,” Toomey writes. As he told The Intercept on Wednesday, “The people of this country can’t hold the government accountable for its surveillance activities unless they know what our laws allow. These secret court opinions define the limits of the government’s spying powers. Their disclosure is essential for meaningful public oversight in our democracy.”
9More

Cover Story: How NSA Spied on Merkel Cell Phone from Berlin Embassy - SPIEGEL ONLINE - 0 views

www.spiegel.de/...m-berlin-embassy-a-930205.html surveillance state NSA Obama Merkel U.S. Germany U.S. foreign policy NSA-blowback must-read lies
shared by Paul Merrell on 29 Oct 13 - No Cached
  • According to SPIEGEL research, United States intelligence agencies have not only targeted Chancellor Angela Merkel's cellphone, but they have also used the American Embassy in Berlin as a listening station. The revelations now pose a serious threat to German-American relations.
  • Research by SPIEGEL reporters in Berlin and Washington, talks with intelligence officials and the evaluation of internal documents of the US' National Security Agency and other information, most of which comes from the archive of former NSA contractor Edward Snowden, lead to the conclusion that the US diplomatic mission in the German capital has not merely been promoting German-American friendship. On the contrary, it is a nest of espionage. From the roof of the embassy, a special unit of the CIA and NSA can apparently monitor a large part of cellphone communication in the government quarter. And there is evidence that agents based at Pariser Platz recently targeted the cellphone that Merkel uses the most. The NSA spying scandal has thus reached a new level, becoming a serious threat to the trans-Atlantic partnership. The mere suspicion that one of Merkel's cellphones was being monitored by the NSA has led in the past week to serious tensions between Berlin and Washington.
  • A "top secret" classified NSA document from the year 2010 shows that a unit known as the "Special Collection Service" (SCS) is operational in Berlin, among other locations. It is an elite corps run in concert by the US intelligence agencies NSA and CIA. The secret list reveals that its agents are active worldwide in around 80 locations, 19 of which are in Europe -- cities such as Paris, Madrid, Rome, Prague and Geneva. The SCS maintains two bases in Germany, one in Berlin and another in Frankfurt. That alone is unusual. But in addition, both German bases are equipped at the highest level and staffed with active personnel. The SCS teams predominantly work undercover in shielded areas of the American Embassy and Consulate, where they are officially accredited as diplomats and as such enjoy special privileges. Under diplomatic protection, they are able to look and listen unhindered. They just can't get caught.
  • ...5 more annotations...
  • This would correspond to internal NSA documents seen by SPIEGEL. They show, for example, an SCS office in another US embassy -- a small windowless room full of cables with a work station of "signal processing racks" containing dozens of plug-in units for "signal analysis." On Friday, author and NSA expert James Bamford also visited SPIEGEL's Berlin bureau, which is located on Pariser Platz diagonally opposite the US Embassy. "To me, it looks like NSA eavesdropping equipment is hidden behind there," he said. "The covering seems to be made of the same material that the agency uses to shield larger systems." The Berlin-based security expert Andy Müller Maguhn was also consulted. "The location is ideal for intercepting mobile communications in Berlin's government district," he says, "be it technical surveillance of communication between cellphones and wireless cell towers or radio links that connect radio towers to the network."
  • Campbell refers to window-like indentations on the roof of the US Embassy. They are not glazed but rather veneered with "dielectric" material and are painted to blend into the surrounding masonry. This material is permeable even by weak radio signals. The interception technology is located behind these radio-transparent screens, says Campbell. The offices of SCS agents would most likely be located in the same windowless attic.
  • Wiretapping from an embassy is illegal in nearly every country. But that is precisely the task of the SCS, as is evidenced by another secret document. According to the document, the SCS operates its own sophisticated listening devices with which they can intercept virtually every popular method of communication: cellular signals, wireless networks and satellite communication. The necessary equipment is usually installed on the upper floors of the embassy buildings or on rooftops where the technology is covered with screens or Potemkin-like structures that protect it from prying eyes. That is apparently the case in Berlin, as well. SPIEGEL asked British investigative journalist Duncan Campbell to appraise the setup at the embassy. In 1976, Campbell uncovered the existence of the British intelligence service GCHQ. In his so-called "Echelon Report" in 1999, he described for the European Parliament the existence of the global surveillance network of the same name.
  • Apparently, SCS agents use the same technology all over the world. They can intercept cellphone signals while simultaneously locating people of interest. One antenna system used by the SCS is known by the affable code name "Einstein." When contacted by SPIEGEL, the NSA declined to comment on the matter. The SCS are careful to hide their technology, especially the large antennas on the roofs of embassies and consulates. If the equipment is discovered, explains a "top secret" set of classified internal guidelines, it "would cause serious harm to relations between the United States and a foreign government." According to the documents, SCS units can also intercept microwave and millimeter-wave signals. Some programs, such as one entitled "Birdwatcher," deal primarily with encrypted communications in foreign countries and the search for potential access points. Birdwatcher is controlled directly from SCS headquarters in Maryland.
  • With the growing importance of the Internet, the work of the SCS has changed. Some 80 branches offer "thousands of opportunities on the net" for web-based operations, according to an internal presentation. The organization is now able not only to intercept cellphone calls and satellite communication, but also to proceed against criminals or hackers. From some embassies, the Americans have planted sensors in communications equipment of the respective host countries that are triggered by selected terms.
  • Paul Merrell on 29 Oct 13
     
    A must-read article offering an in-depth, 3-page view of how badly the Snowden disclosures have poisoned trust between the U.S. and its NATO allies that are not favored members of the Five Eyes club. Details of NSA's surveillance operations in Germany and strong circumstantial evidence that Obama knew -- as recently as June 2013 -- of spy operations being conducted against hundreds of world leaders but denied it.  
4More

NSA Spying Relies on AT&T's 'Extreme Willingness to Help' - ProPublica - 0 views

www.propublica.org/...ts-extreme-willingness-to-help surveillance state NSA AT&T
shared by Paul Merrell on 17 Aug 15 - No Cached
  • he National Security Agency’s ability to spy on vast quantities of Internet traffic passing through the United States has relied on its extraordinary, decades-long partnership with a single company: the telecom giant AT&T. While it has been long known that American telecommunications companies worked closely with the spy agency, newly disclosed NSA documents show that the relationship with AT&T has been considered unique and especially productive. One document described it as “highly collaborative,” while another lauded the company’s “extreme willingness to help.”
  • AT&T’s cooperation has involved a broad range of classified activities, according to the documents, which date from 2003 to 2013. AT&T has given the NSA access, through several methods covered under different legal rules, to billions of emails as they have flowed across its domestic networks. It provided technical assistance in carrying out a secret court order permitting the wiretapping of all Internet communications at the United Nations headquarters, a customer of AT&T. The NSA’s top-secret budget in 2013 for the AT&T partnership was more than twice that of the next-largest such program, according to the documents. The company installed surveillance equipment in at least 17 of its Internet hubs on American soil, far more than its similarly sized competitor, Verizon. And its engineers were the first to try out new surveillance technologies invented by the eavesdropping agency. One document reminds NSA officials to be polite when visiting AT&T facilities, noting: “This is a partnership, not a contractual relationship.” The documents, provided by the former agency contractor Edward Snowden, were jointly reviewed by The New York Times and ProPublica.
  • It is not clear if the programs still operate in the same way today. Since the Snowden revelations set off a global debate over surveillance two years ago, some Silicon Valley technology companies have expressed anger at what they characterize as NSA intrusions and have rolled out new encryption to thwart them. The telecommunications companies have been quieter, though Verizon unsuccessfully challenged a court order for bulk phone records in 2014. At the same time, the government has been fighting in court to keep the identities of its telecom partners hidden. In a recent case, a group of AT&T customers claimed that the NSA’s tapping of the Internet violated the Fourth Amendment protection against unreasonable searches. This year, a federal judge dismissed key portions of the lawsuit after the Obama administration argued that public discussion of its telecom surveillance efforts would reveal state secrets, damaging national security.
5More

Things Barack Obama Doesn't Consider "Abuse" | emptywheel - 0 views

www.emptywheel.net/...ck-obama-doesnt-consider-abuse surveillance state NSA-abuse Obama
shared by Paul Merrell on 23 May 14 - No Cached
  • President Obama will shortly give a speech in which he’ll make cosmetic changes to the NSA dragnet, but will continue, in many ways, the accessing of personal data from Americans with no probable cause. As part of his cosmetic effort, he will also say there has been no evidence of abuse in these programs. That means he does not consider any of the following abuse: The NSA spied on the porn and phone sex habits of ideological opponents, including those with no significant ties to extremists, and including a US person.
  • According to the NSA in 2009, it had a program similar to Project Minaret — the tracking of anti-war opponents in the 1970s — in which it spied on people in the US in the guise of counterterrorism without approval. We still don’t have details of this abuse. When the NSA got FISC approval for the Internet (2004) and phone (2006) dragnets, NSA did not turn off features of Bush’s illegal program that did not comply with the FISC authorization. These abuses continued until 2009 (one of them, the collection of Internet metadata that qualified as content, continued even after 2004 identification of those abuses). Even after the FISC spent 9 months reining in some of this abuse, the NSA continued to ignore limits on disseminating US person data. Similarly, the NSA and FBI never complied with PATRIOT Act requirements to develop minimization procedures for the Section 215 program (in part, probably, because NSA’s role in the phone dragnet would violate any compliant minimization procedures).
  • The NSA has twice — in 2009 and 2011 — admitted to collecting US person content in the United States in bulk after having done so for years. It tried to claim (and still claims publicly in spite of legal rulings to the contrary) this US person content did not count as intentionally-collected US person content (FISC disagreed both times), and has succeeded in continuing some of it by refusing to count it, so it can claim it doesn’t know it is happening. As recently as spring 2012, 9% of the NSA’s violations involved analysts breaking standard operating procedures they know. NSA doesn’t report these as willful violations, however, because they’ve deemed any rule-breaking in pursuit of “the mission” not to be willful violations. In 2008, Congress passed a law allowing bulk collection of foreign-targeted content in the US, Section 702, to end the NSA’s practice of stealing Internet company data from telecom cables. Yet in spite of having a legal way to acquire such data, the NSA (through GCHQ) continues to steal data from some of the same companies, this time overseas, from their own cables. Arguably this is a violation of Section 702 of FISA.
  • ...1 more annotation...
  • NSA may intentionally collect US person content (including Internet metadata that legally qualifies as content) overseas (it won’t count this data, so we don’t know how systematic it is). If it does, it may be a violation of Section 703 of FISA. Rather than discussing any of these violations, the NSA has waved around a few cases of LOVEINT (most, if not all, of which have not been prosecuted) as part of a successful ploy to distract from much more systemic abuses of its authority, affecting far more Americans. But there has been abuse, even beyond practices (like back door searches) that gut the Fourth Amendment or (like NSA’s approach to encryption) that hurt Americans’ security. President Obama will spend a lot of time saying there have been no abuses. He’s wrong.
  • Paul Merrell on 23 May 14
     
    One I had missed before, Marcy Wheeler's missive just before Obama delivered his speech on the NSA in January 2014, announcing his proposed "reforms."
5More

Use Tor or 'EXTREMIST' Tails Linux? Congrats, you're on the NSA's list * The Register - 0 views

www.theregister.co.uk/...nsa_xkeyscore_stasi_scandal surveillance state NSA-targets Tor Tails
shared by Paul Merrell on 04 Jul 14 - No Cached
  • Alleged leaked documents about the NSA's XKeyscore snooping software appear to show the paranoid agency is targeting Tor and Tails users, Linux Journal readers – and anyone else interested in online privacy.Apparently, this configuration file for XKeyscore is in the divulged data, which was obtained and studied by members of the Tor project and security specialists for German broadcasters NDR and WDR. <a href="http://pubads.g.doubleclick.net/gampad/jump?iu=/6978/reg_security/front&sz=300x250%7C300x600&tile=3&c=33U7ZK6qwQrMkAACSrTugAAAP1&t=ct%3Dns%26unitnum%3D3%26unitname%3Dwww_top_mpu%26pos%3Dtop%26test%3D0" target="_blank"> <img src="http://pubads.g.doubleclick.net/gampad/ad?iu=/6978/reg_security/front&sz=300x250%7C300x600&tile=3&c=33U7ZK6qwQrMkAACSrTugAAAP1&t=ct%3Dns%26unitnum%3D3%26unitname%3Dwww_top_mpu%26pos%3Dtop%26test%3D0" alt=""></a> In their analysis of the alleged top-secret documents, they claim the NSA is, among other things:Specifically targeting Tor directory servers Reading email contents for mentions of Tor bridges Logging IP addresses used to search for privacy-focused websites and software And possibly breaking international law in doing so. We already know from leaked Snowden documents that Western intelligence agents hate Tor for its anonymizing abilities. But what the aforementioned leaked source code, written in a rather strange custom language, shows is that not only is the NSA targeting the anonymizing network Tor specifically, it is also taking digital fingerprints of any netizens who are remotely interested in privacy.
  • These include readers of the Linux Journal site, anyone visiting the website for the Tor-powered Linux operating system Tails – described by the NSA as "a comsec mechanism advocated by extremists on extremist forums" – and anyone looking into combining Tails with the encryption tool Truecrypt.If something as innocuous as Linux Journal is on the NSA's hit list, it's a distinct possibility that El Reg is too, particularly in light of our recent exclusive report on GCHQ – which led to a Ministry of Defence advisor coming round our London office for a chat.
  • If you take even the slightest interest in online privacy or have Googled a Linux Journal article about a broken package, you are earmarked in an NSA database for further surveillance, according to these latest leaks.This is assuming the leaked file is genuine, of course.Other monitored sites, we're told, include HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy, privacy.li and an anonymous email service called MixMinion. The IP address of computer users even looking at these sites is recorded and stored on the NSA's servers for further analysis, and it's up to the agency how long it keeps that data.The XKeyscore code, we're told, includes microplugins that target Tor servers in Germany, at MIT in the United States, in Sweden, in Austria, and in the Netherlands. In doing so it may not only fall foul of German law but also the US's Fourth Amendment.
  • ...2 more annotations...
  • The nine Tor directory servers receive especially close monitoring from the NSA's spying software, which states the "goal is to find potential Tor clients connecting to the Tor directory servers." Tor clients linking into the directory servers are also logged."This shows that Tor is working well enough that Tor has become a target for the intelligence services," said Sebastian Hahn, who runs one of the key Tor servers. "For me this means that I will definitely go ahead with the project.”
  • While the German reporting team has published part of the XKeyscore scripting code, it doesn't say where it comes from. NSA whistleblower Edward Snowden would be a logical pick, but security experts are not so sure."I do not believe that this came from the Snowden documents," said security guru Bruce Schneier. "I also don't believe the TAO catalog came from the Snowden documents. I think there's a second leaker out there."If so, the NSA is in for much more scrutiny than it ever expected.
4More

ISPs take GCHQ to court in UK over mass surveillance | World news | theguardian.com - 0 views

www.theguardian.com/...rveillance-privacy-court-claim surveillance state GCHQ litigation ISPs NSA-blowback
shared by Paul Merrell on 02 Jul 14 - No Cached
  • Internet service providers from around the world are lodging formal complaints against the UK government's monitoring service, GCHQ, alleging that it uses "malicious software" to break into their networks.The claims from seven organisations based in six countries – the UK, Netherlands, US, South Korea, Germany and Zimbabwe – will add to international pressure on the British government following Edward Snowden's revelations about mass surveillance of the internet by UK and US intelligence agencies.The claims are being filed with the investigatory powers tribunal (IPT), the court in London that assesses complaints about the agencies' activities and misuse of surveillance by government organisations. Most of its hearings are held at least partially in secret.
  • The IPT is already considering a number of related submissions. Later this month it will investigate complaints by human rights groups about the way social media sites have been targeted by GCHQ.The government has defended the security services, pointing out that online searches are often routed overseas and those deemed "external communications" can be monitored without the need for an individual warrant. Critics say that such a legal interpretation sidesteps the need for traditional intercept safeguards.The latest claim is against both GCHQ, located near Cheltenham, and the Foreign Office. It is based on articles published earlier this year in the German magazine Der Spiegel. That report alleged that GCHQ had carried out an attack, codenamed Operation Socialist, on the Belgian telecoms group, Belgacom, targeting individual employees with "malware (malicious software)".One of the techniques was a "man in the middle" attack, which, according to the documents filed at the IPT, bypasses modern encryption software and "operates by interposing the attacker [GCHQ] between two computers that believe that they are securely communicating with each other. In fact, each is communicating with GCHQ, who collect the communications, as well as relaying them in the hope that the interference will be undetected."The complaint alleges that the attacks were a breach of the Computer Misuse Act 1990 and an interference with the privacy rights of the employees under the European convention of human rights.
  • The organisations targeted, the submission states, were all "responsible and professional internet service providers". The claimants are: GreenNet Ltd, based in the UK, Riseup Networks in Seattle, Mango Email Service in Zimbabwe, Jinbonet in South Korea, Greenhost in the Netherlands, May First/People Link in New York and the Chaos Computer Club in Hamburg.
  • ...1 more annotation...
  • Among the programs said to have been operating were Turbine, which automates the injection of data and can infect millions of machines and Warrior Pride, which enables microphones on iPhones and Android devices to be remotely activated.
‹ Previous 21 - 30 of 30
Showing 20 items per page