Group items tagged

What does it look like when a society loses its sense of privacy? <div><a href="http://pubads.g.doubleclick.net/gampad/jump?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drobinson-meyer%26title%3Damerican-surveillance-now-threatens-american-business%26pos%3Din-article&sz=300x250&c=285899172&tile=1" title=""><img style="border:none;" src="http://pubads.g.doubleclick.net/gampad/ad?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drobinson-meyer%26title%3Damerican-surveillance-now-threatens-american-business%26pos%3Din-article&sz=300x250&c=285899172&tile=1" alt="" /></a></div>In the almost 18 months since the Snowden files first received coverage, writers and critics have had to guess at the answer. Does a certain trend, consumer complaint, or popular product epitomize some larger shift? Is trust in tech companies eroding—or is a subset just especially vocal about it? Polling would make those answers clear, but polling so far has been… confused. A new study, conducted by the Pew Internet Project last January and released last week, helps make the average American’s view of his or her privacy a little clearer. And their confidence in their own privacy is ... low. The study's findings—and the statistics it reports—stagger. Vast majorities of Americans are uncomfortable with how the government uses their data, how private companies use and distribute their data, and what the government does to regulate those companies. No summary can equal a recounting of the findings. Americans are displeased with government surveillance en masse:   

A new study finds that a vast majority of Americans trust neither the government nor tech companies with their personal data.

What does it look like when a society loses its sense of privacy? <div><a href="http://pubads.g.doubleclick.net/gampad/jump?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drobinson-meyer%26title%3Damerican-surveillance-now-threatens-american-business%26pos%3Din-article&sz=300x250&c=285899172&tile=1" title=""><img style="border:none;" src="http://pubads.g.doubleclick.net/gampad/ad?iu=%2F4624%2FTheAtlanticOnline%2Fchannel_technology&t=src%3Dblog%26by%3Drobinson-meyer%26title%3Damerican-surveillance-now-threatens-american-business%26pos%3Din-article&sz=300x250&c=285899172&tile=1" alt="" /></a></div>In the almost 18 months since the Snowden files first received coverage, writers and critics have had to guess at the answer. Does a certain trend, consumer complaint, or popular product epitomize some larger shift? Is trust in tech companies eroding—or is a subset just especially vocal about it? Polling would make those answers clear, but polling so far has been… confused. A new study, conducted by the Pew Internet Project last January and released last week, helps make the average American’s view of his or her privacy a little clearer. And their confidence in their own privacy is ... low. The study's findings—and the statistics it reports—stagger. Vast majorities of Americans are uncomfortable with how the government uses their data, how private companies use and distribute their data, and what the government does to regulate those companies. No summary can equal a recounting of the findings. Americans are displeased with government surveillance en masse:   

Intelligence community whistleblowers would have been able to submit their complaints to the Privacy and Civil Liberties Oversight Board (PCLOB) under a proposed amendment to the intelligence authorization act that was offered last week by Rep. Tulsi Gabbard (D-HI). This could have been an elegant solution to the whistleblowing conundrum posed by Edward Snowden. It made little sense for Snowden to bring his concerns about bulk collection of American phone records to the congressional intelligence committees, considering that they had already secretly embraced the practice. The PCLOB, by contrast, has staked out a position as an independent critical voice on intelligence policy. (And it has an unblemished record for protecting classified information.) The Board’s January 2014 report argued cogently and at length that the Section 215 bulk collection program was likely unlawful as well as ineffective. In short, the PCLOB seemed like a perfect fit for any potential whistleblower who might have concerns about the legality or propriety of current intelligence programs from a privacy or civil liberties perspective.

But when Rep. Gabbard offered her amendment to the intelligence authorization act last week, it was not voted down– it was blocked. The House Rules Committee declared that the amendment was “out of order” and could not be brought to a vote on the House floor. Several other amendments on transparency issues met a similar fate. These included a measure proposed by Rep. Adam Schiff to require reporting on casualties resulting from targeted killing operations, a proposal to disclose intelligence spending at the individual agency level, and another to require disclosure of the number of U.S. persons whose communications had been collected under FISA, among others. In dismay at this outcome, Rep. Rush Holt (D-NJ) and I lamented the “staggering failure of oversight” in a May 30 op-ed. See The House Committee on Intelligence Needs Oversight of Its Own, MSNBC.

The House did approve an amendment offered by Rep. John Carney (D-DE) to require the Director of National Intelligence “to issue a report to Congress on how to improve the declassification process across the intelligence community.” While the DNI’s views on the subject may indeed be of interest, the amendment failed to specify the problem it intended to address (erroneous classification standards? excessive backlogs? something else?), and so it is unclear exactly what is to be improved.

President Obama plans to announce legislation Tuesday that would shield companies from lawsuits for sharing computer threat data with the government in an effort to prevent cyber­attacks. On the heels of a destructive attack at Sony Pictures Entertainment and major breaches at JPMorgan Chase and retail chains, Obama is intent on capitalizing on the heightened sense of urgency to improve the security of the nation’s networks, officials said. “He’s been doing everything he can within his executive authority to move the ball on this,” said a senior administration official who spoke on the condition of anonymity to discuss legislation that has not yet been released. “We’ve got to get something in place that allows both industry and government to work more closely together.”

The legislation is part of a broader package, to be sent to Capitol Hill on Tuesday, that includes measures to help protect consumers and students against ­cyberattacks and to give law enforcement greater authority to combat cybercrime. The provision’s goal is to “enshrine in law liability protection for the private sector for them to share specific information — cyberthreat indicators — with the government,” the official said. Some analysts questioned the need for such legislation, saying there are adequate measures in place to enable sharing between companies and the government and among companies.

“We think the current information-sharing regime is adequate,” said Mark Jaycox, legislative analyst at the Electronic Frontier Foundation, a privacy group. “More companies need to use it, but the idea of broad legal immunity isn’t needed right now.” The administration official disagreed. The lack of such immunity is what prevents many companies from greater sharing of data with the government, the official said. “We have heard that time and time again,” the official said. The proposal, which builds on a 2011 administration bill, grants liability protection to companies that provide indicators of cyberattacks and threats to the Department of Homeland Security.

For months, privacy advocates have been pointing to flaws in CISA, the new reincarnation of the cybersecurity bill known as CISPA that Congress has been kicking around since 2013. But today that zombie bill lurched one step closer to becoming law. The Senate Intelligence Committee passed the Cybersecurity Information Sharing Act, or CISA, by a vote of 14 to one Thursday afternoon. The bill, like the failed Cybersecurity Information Sharing and Protection Act that proceeded it, is designed to encourage the sharing of data between private companies and the government to prevent and respond to cybersecurity threats. But privacy critics have protested that CISA would create a legal framework for companies to more closely monitor internet users and share that data with government agencies.

After Thursday’s vote, Senator Ron Wyden—the only member of the Senate’s intelligence committee to vote against the bill—repeated those privacy concerns in a public statement. “If information-sharing legislation does not include adequate privacy protections then that’s not a cybersecurity bill—it’s a surveillance bill by another name,” he wrote. “It makes sense to encourage private firms to share information about cybersecurity threats. But this information sharing is only acceptable if there are strong protections for the privacy rights of law-abiding American citizens.”

Looking at the most recently revealed public version of CISA, privacy advocates have pointed out that it would allow sharing of personal data that goes beyond cybersecurity threats. It also allows the sharing of private sector data with the government that could prevent “terrorism” or an “imminent threat of death or serious bodily harm.” That language, Open Technology Institute privacy counsel Robyn Greene has argued, means CISA might “facilitate investigations into garden-variety violent crimes that have nothing to do with cyber threats.” “If that weren’t worrisome enough, the bill would also let law enforcement and other government agencies use information it receives to investigate, without a requirement for imminence or any connection to computer crime, even more crimes like carjacking, robbery, possession or use of firearms, ID fraud, and espionage,” Greene wrote in February. “While some of these are terrible crimes, and law enforcement should take reasonable steps to investigate them, they should not do so with information that was shared under the guise of enhancing cybersecurity.”

For more than six months, Edward Snowden’s revelations about the National Security Agency (NSA) have been pouring out from the Washington Post, the New York Times, the Guardian, Germany’s Der Spiegel, and Brazil’s O Globo, among other places.  Yet no one has pointed out the combination of factors that made the NSA’s expanding programs to monitor the world seem like such a slam-dunk development in Washington.  The answer is remarkably simple.  For an imperial power losing its economic grip on the planet and heading into more austere times, the NSA’s latest technological breakthroughs look like a bargain basement deal when it comes to projecting power and keeping subordinate allies in line -- like, in fact, the steal of the century.  Even when disaster turned out to be attached to them, the NSA’s surveillance programs have come with such a discounted price tag that no Washington elite was going to reject them.

What exactly was the aim of such an unprecedented program of massive domestic and planetary spying, which clearly carried the risk of controversy at home and abroad? Here, an awareness of the more than century-long history of U.S. surveillance can guide us through the billions of bytes swept up by the NSA to the strategic significance of such a program for the planet’s last superpower. What the past reveals is a long-term relationship between American state surveillance and political scandal that helps illuminate the unacknowledged reason why the NSA monitors America’s closest allies. Not only does such surveillance help gain intelligence advantageous to U.S. diplomacy, trade relations, and war-making, but it also scoops up intimate information that can provide leverage -- akin to blackmail -- in sensitive global dealings and negotiations of every sort. The NSA’s global panopticon thus fulfills an ancient dream of empire. With a few computer key strokes, the agency has solved the problem that has bedeviled world powers since at least the time of Caesar Augustus: how to control unruly local leaders, who are the foundation for imperial rule, by ferreting out crucial, often scurrilous, information to make them more malleable.

Once upon a time, such surveillance was both expensive and labor intensive. Today, however, unlike the U.S. Army’s shoe-leather surveillance during World War I or the FBI’s break-ins and phone bugs in the Cold War years, the NSA can monitor the entire world and its leaders with only 100-plus probes into the Internet’s fiber optic cables. This new technology is both omniscient and omnipresent beyond anything those lacking top-secret clearance could have imagined before the Edward Snowden revelations began.  Not only is it unimaginably pervasive, but NSA surveillance is also a particularly cost-effective strategy compared to just about any other form of global power projection. And better yet, it fulfills the greatest imperial dream of all: to be omniscient not just for a few islands, as in the Philippines a century ago, or a couple of countries, as in the Cold War era, but on a truly global scale. In a time of increasing imperial austerity and exceptional technological capability, everything about the NSA’s surveillance told Washington to just “go for it.”  This cut-rate mechanism for both projecting force and preserving U.S. global power surely looked like a no-brainer, a must-have bargain for any American president in the twenty-first century -- before new NSA documents started hitting front pages weekly, thanks to Snowden, and the whole world began returning the favor.

Snowden: That’s the key—to maintain the garden of liberty, right? This is a generational thing that we must all do continuously. We only have the rights that we protect. It doesn’t matter what we say or think we have. It’s not enough to believe in something; it matters what we actually defend. So when we think in the context of the last decade’s infringements upon personal liberty and the last year’s revelations, it’s not about surveillance. It’s about liberty. When people say, “I have nothing to hide,” what they’re saying is, “My rights don’t matter.” Because you don’t need to justify your rights as a citizen—that inverts the model of responsibility. The government must justify its intrusion into your rights. If you stop defending your rights by saying, “I don’t need them in this context” or “I can’t understand this,” they are no longer rights. You have ceded the concept of your own rights. You’ve converted them into something you get as a revocable privilege from the government, something that can be abrogated at its convenience. And that has diminished the measure of liberty within a society.

From the very beginning, I said there are two tracks of reform: there’s the political and the technical. I don’t believe the political will be successful, for exactly the reasons you underlined. The issue is too abstract for average people, who have too many things going on in their lives. And we do not live in a revolutionary time. People are not prepared to contest power. We have a system of education that is really a sort of euphemism for indoctrination. It’s not designed to create critical thinkers. We have a media that goes along with the government by parroting phrases intended to provoke a certain emotional response—for example, “national security.” Everyone says “national security” to the point that we now must use the term “national security.” But it is not national security that they’re concerned with; it is state security. And that’s a key distinction. We don’t like to use the phrase “state security” in the United States because it reminds us of all the bad regimes. But it’s a key concept, because when these officials are out on TV, they’re not talking about what’s good for you. They’re not talking about what’s good for business. They’re not talking about what’s good for society. They’re talking about the protection and perpetuation of a national state system. I’m not an anarchist. I’m not saying, “Burn it to the ground.” But I’m saying we need to be aware of it, and we need to be able to distinguish when political developments are occurring that are contrary to the public interest. And that cannot happen if we do not question the premises on which they’re founded. And that’s why I don’t think political reform is likely to succeed. [Senators] Udall and Wyden, on the intelligence committee, have been sounding the alarm, but they are a minority.

The Nation: Every president—and this seems to be confirmed by history—will seek to maximize his or her power, and will see modern-day surveillance as part of that power. Who is going to restrain presidential power in this regard? Snowden: That’s why we have separate and co-equal branches. Maybe it will be Congress, maybe not. Might be the courts, might not. But the idea is that, over time, one of these will get the courage to do so. One of the saddest and most damaging legacies of the Bush administration is the increased assertion of the “state secrets” privilege, which kept organizations like the ACLU—which had cases of people who had actually been tortured and held in indefinite detention—from getting their day in court. The courts were afraid to challenge executive declarations of what would happen. Now, over the last year, we have seen—in almost every single court that has had this sort of national-security case—that they have become markedly more skeptical. People at civil-liberties organizations say it’s a sea change, and that it’s very clear judges have begun to question more critically assertions made by the executive. Even though it seems so obvious now, it is extraordinary in the context of the last decade, because courts had simply said they were not the best branch to adjudicate these claims—which is completely wrong, because they are the only nonpolitical branch. They are the branch that is specifically charged with deciding issues that cannot be impartially decided by politicians. The power of the presidency is important, but it is not determinative. Presidents should not be exempted from the same standards of reason and evidence and justification that any other citizen or civil movement should be held to.

The Senate Judiciary Committee held an open hearing today on the FISA Amendments Act, the law that ostensibly authorizes the digital surveillance of hundreds of millions of people both in the United States and around the world. Section 702 of the law, scheduled to expire next year, is designed to allow U.S. intelligence services to collect signals intelligence on foreign targets related to our national security interests. However—thanks to the leaks of many whistleblowers including Edward Snowden, the work of investigative journalists, and statements by public officials—we now know that the FISA Amendments Act has been used to sweep up data on hundreds of millions of people who have no connection to a terrorist investigation, including countless Americans. What do we mean by “countless”? As became increasingly clear in the hearing today, the exact number of Americans impacted by this surveillance is unknown. Senator Franken asked the panel of witnesses, “Is it possible for the government to provide an exact count of how many United States persons have been swept up in Section 702 surveillance? And if not the exact count, then what about an estimate?”

Elizabeth Goitein, the Brennan Center director whose articulate and thought-provoking testimony was the highlight of the hearing, noted that at this time an exact number would be difficult to provide. However, she asserted that an estimate should be possible for most if not all of the government’s surveillance programs. None of the other panel participants—which included David Medine and Rachel Brand of the Privacy and Civil Liberties Oversight Board as well as Matthew Olsen of IronNet Cybersecurity and attorney Kenneth Wainstein—offered an estimate. Today’s hearing reaffirmed that it is not only the American people who are left in the dark about how many people or accounts are impacted by the NSA’s dragnet surveillance of the Internet. Even vital oversight committees in Congress like the Senate Judiciary Committee are left to speculate about just how far-reaching this surveillance is. It's part of the reason why we urged the House Judiciary Committee to demand that the Intelligence Community provide the public with a number. 

The lack of information makes rigorous oversight of the programs all but impossible. As Senator Franken put it in the hearing today, “When the public lacks even a rough sense of the scope of the government’s surveillance program, they have no way of knowing if the government is striking the right balance, whether we are safeguarding our national security without trampling on our citizens’ fundamental privacy rights. But the public can’t know if we succeed in striking that balance if they don’t even have the most basic information about our major surveillance programs."  Senator Patrick Leahy also questioned the panel about the “minimization procedures” associated with this type of surveillance, the privacy safeguard that is intended to ensure that irrelevant data and data on American citizens is swiftly deleted. Senator Leahy asked the panel: “Do you believe the current minimization procedures ensure that data about innocent Americans is deleted? Is that enough?”  David Medine, who recently announced his pending retirement from the Privacy and Civil Liberties Oversight Board, answered unequivocally:

The government and police regularly use location data pulled off of cell phone towers to put criminals at the scenes of crimes—often without a warrant. Well, an appeals court ruled today that the practice is unconstitutional, in one of the strongest judicial defenses of technology privacy rights we've seen in a while.  The United States Court of Appeals for the Eleventh Circuit ruled that the government illegally obtained and used Quartavious Davis's cell phone location data to help convict him in a string of armed robberies in Miami and unequivocally stated that cell phone location information is protected by the Fourth Amendment. "In short, we hold that cell site location information is within the subscriber’s reasonable expectation of privacy," the court ruled in an opinion written by Judge David Sentelle. "The obtaining of that data without a warrant is a Fourth Amendment violation."

In Davis's case, police used his cell phone's call history against him to put him at the scene of several armed robberies. They obtained a court order—which does not require the government to show probable cause—not a warrant, to do so. From now on, that'll be illegal. The decision applies only in the Eleventh Circuit, but sets a strong precedent for future cases.

Indeed, the decision alone is a huge privacy win, but Sentelle's strong language supporting cell phone users' privacy rights is perhaps the most important part of the opinion. Sentelle pushed back against several of the federal government's arguments, including one that suggested that, because cell phone location data based on a caller's closest cell tower isn't precise, it should be readily collectable.  "The United States further argues that cell site location information is less protected than GPS data because it is less precise. We are not sure why this should be significant. We do not doubt that there may be a difference in precision, but that is not to say that the difference in precision has constitutional significance," Sentelle wrote. "That information obtained by an invasion of privacy may not be entirely precise does not change the calculus as to whether obtaining it was in fact an invasion of privacy." The court also cited the infamous US v. Jones Supreme Court decision that held that attaching a GPS to a suspect's car is a "search" under the Fourth Amendment. Sentelle suggested a cell phone user has an even greater expectation of location privacy with his or her cell phone use than a driver does with his or her car. A car, Sentelle wrote, isn't always with a person, while a cell phone, these days, usually is.

A top secret document retrieved by American whistleblower Edward Snowden reveals Canada has set up covert spying posts around the world and conducted espionage against trading partners at the request of the U.S. National Security Agency. The leaked NSA document being reported exclusively by CBC News reveals Canada is involved with the huge American intelligence agency in clandestine surveillance activities in “approximately 20 high-priority countries."

Sections of the document with the highest classification make it clear in some instances why American spymasters are particularly keen about enlisting their Canadian counterparts, the Communications Security Establishment Canada. "CSEC shares with the NSA their unique geographic access to areas unavailable to the U.S," the document says. The briefing paper describes a "close co-operative relationship" between the NSA and its Canadian counterpart, the Communications Security Establishment Canada, or CSEC — a relationship "both sides would like to see expanded and strengthened. "The intelligence exchange with CSEC covers worldwide national and transnational targets."

The briefing notes make it clear that Canada plays a very robust role in intelligence-gathering around the world in a way that has won respect from its American equivalents.

In a seminal decision updating and consolidating its previous jurisprudence on surveillance, the Grand Chamber of the European Court of Human Rights took a sideways swing at mass surveillance programs last week, reiterating the centrality of “reasonable suspicion” to the authorization process and the need to ensure interception warrants are targeted to an individual or premises. The decision in Zakharov v. Russia — coming on the heels of the European Court of Justice’s strongly-worded condemnation in Schrems of interception systems that provide States with “generalised access” to the content of communications — is another blow to governments across Europe and the United States that continue to argue for the legitimacy and lawfulness of bulk collection programs. It also provoked the ire of the Russian government, prompting an immediate legislative move to give the Russian constitution precedence over Strasbourg judgments. The Grand Chamber’s judgment in Zakharov is especially notable because its subject matter — the Russian SORM system of interception, which includes the installation of equipment on telecommunications networks that subsequently enables the State direct access to the communications transiting through those networks — is similar in many ways to the interception systems currently enjoying public and judicial scrutiny in the United States, France, and the United Kingdom. Zakharov also provides a timely opportunity to compare the differences between UK and Russian law: Namely, Russian law requires prior independent authorization of interception measures, whereas neither the proposed UK law nor the existing legislative framework do.

The decision is lengthy and comprises a useful restatement and harmonization of the Court’s approach to standing (which it calls “victim status”) in surveillance cases, which is markedly different from that taken by the US Supreme Court. (Indeed, Judge Dedov’s separate but concurring opinion notes the contrast with Clapper v. Amnesty International.) It also addresses at length issues of supervision and oversight, as well as the role played by notification in ensuring the effectiveness of remedies. (Marko Milanovic discusses many of these issues here.) For the purpose of the ongoing debate around the legitimacy of bulk surveillance regimes under international human rights law, however, three particular conclusions of the Court are critical.

The Court took issue with legislation permitting the interception of communications for broad national, military, or economic security purposes (as well as for “ecological security” in the Russian case), absent any indication of the particular circumstances under which an individual’s communications may be intercepted. It said that such broadly worded statutes confer an “almost unlimited degree of discretion in determining which events or acts constitute such a threat and whether that threat is serious enough to justify secret surveillance” (para. 248). Such discretion cannot be unbounded. It can be limited through the requirement for prior judicial authorization of interception measures (para. 249). Non-judicial authorities may also be competent to authorize interception, provided they are sufficiently independent from the executive (para. 258). What is important, the Court said, is that the entity authorizing interception must be “capable of verifying the existence of a reasonable suspicion against the person concerned, in particular, whether there are factual indications for suspecting that person of planning, committing or having committed criminal acts or other acts that may give rise to secret surveillance measures, such as, for example, acts endangering national security” (para. 260). This finding clearly constitutes a significant threshold which a number of existing and pending European surveillance laws would not meet. For example, the existence of individualized reasonable suspicion runs contrary to the premise of signals intelligence programs where communications are intercepted in bulk; by definition, those programs collect information without any consideration of individualized suspicion. Yet the Court was clearly articulating the principle with national security-driven surveillance in mind, and with the knowledge that interception of communications in Russia is conducted by Russian intelligence on behalf of law enforcement agencies.

The last time the main parties got together in a closed room, did a deal and told the country there was a need to act urgently, we were on the edge of abandoning 300 years of press freedom.This time our privacy is under threat. In the name of security, the Government is fast-tracking legislation through Parliament that will allow it to collect huge quantities of our personal data. We would do well to remember the advice of Ben Franklin: ‘Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.’

The Government has engineered a ‘theatrical emergency’ – in this case terrorism and hidden paedophile rings – to ram the Data Retention and Investigatory Powers Bill through Parliament without proper debate. It is an insult to the supremacy of Parliament, to democracy and to the trust of the public.It was April 8 when the European Court of Justice struck down the Data Retention Directive for being incompatible with human rights. The Home Office has had time to put an alternative in place, so the excuses for why the legislation is being  fast-tracked are laughable.

It is a sad state of affairs when European courts are a greater defender of our ancient rights than Parliament and Her Majesty’s Government. Even the German Supreme Court overturned its far less invasive data collection laws for violating the privacy rights of German citizens. How far we have slipped, this birthplace of democracy, that our own judicial safeguards stand by while our hard-fought rights are stripped from us by a Government that has lost its sense of proportion in its fear of making a mistake.

Just as the Bush administration and the U.S. media re-labelled “torture” with the Orwellian euphemism “enhanced interrogation techniques” to make it more palatable, the governments and media of the Five Eyes surveillance alliance are now attempting to re-brand “mass surveillance” as “bulk collection” in order to make it less menacing (and less illegal). In the past several weeks, this is the clearly coordinated theme that has arisen in the U.S., UK, Canada, Australia and New Zealand as the last defense against the Snowden revelations, as those governments seek to further enhance their surveillance and detention powers under the guise of terrorism.

This manipulative language distortion can be seen perfectly in yesterday’s white-washing report of GCHQ mass surveillance from the servile rubber-stamp calling itself “The Intelligence and Security Committee of the UK Parliament (ISC)”(see this great Guardian Editorial this morning on what a “slumbering” joke that “oversight” body is). As Committee Member MP Hazel Blears explained yesterday (photo above), the Parliamentary Committee officially invoked this euphemism to justify the collection of billions of electronic communications events every day. The Committee actually acknowledged for the first time (which Snowden documents long ago proved) that GCHQ maintains what it calls “Bulk Personal Datasets” that contain “millions of records,” and even said about pro-privacy witnesses who testified before it: “we recognise their concerns as to the intrusive nature of bulk collection.” That is the very definition of “mass surveillance,” yet the Committee simply re-labelled it “bulk collection,” purported to distinguish it from “mass surveillance,” and thus insist that it was all perfectly legal.

This re-definition game goes as follows: yes, we vacuum up and store literally as much of the internet as we possibly can. Then we analyze all the data about what you’re doing, with whom you’re speaking, and who your network of associates is. Based on that analysis of all of you and your activities, we then read the communications that we want (with virtually no checks and concealing from you what percentage of it we’re reading), and store as much of the rest of it as technology permits for future trolling. But don’t worry: we’re only reading the Bad People’s emails. So run along then: no mass surveillance here. Just bulk collection! It’s not mass surveillance, but “enhanced collection techniques.”  One of the many facts that made the re-defining of “torture” so corrupt and indisputably invalid was that there was long-standing law making clear that exactly these interrogation techniques used by the U.S. government were torture and thus illegal. The same is true of this obscene attempt to re-define “mass surveillance” as nothing more than mere innocent “bulk collection.”

The first (and thus far only) roll-back of post-9/11 surveillance authorities was implemented over the weekend: The National Security Agency shuttered its program for collecting and holding the metadata of Americans’ phone calls under Section 215 of the Patriot Act. While bulk collection under Section 215 has ended, the government can obtain access to this information under the procedures specified in the USA Freedom Act. Indeed, some experts have argued that the Agency likely has access to more metadata because its earlier dragnet didn’t cover cell phones or Internet calling. In addition, the metadata of calls made by an individual in the United States to someone overseas and vice versa can still be collected in bulk — this takes place abroad under Executive Order 12333. No doubt the NSA wishes that this was the end of the surveillance reform story and the Paris attacks initially gave them an opening. John Brennan, the Director of the CIA, implied that the attacks were somehow related to “hand wringing” about spying and Sen. Tom Cotton (R-Ark.) introduced a bill to delay the shut down of the 215 program. Opponents of encryption were quick to say: “I told you so.”

But the facts that have emerged thus far tell a different story. It appears that much of the planning took place IRL (that’s “in real life” for those of you who don’t have teenagers). The attackers, several of whom were on law enforcement’s radar, communicated openly over the Internet. If France ever has a 9/11 Commission-type inquiry, it could well conclude that the Paris attacks were a failure of the intelligence agencies rather than a failure of intelligence authorities. Despite the passage of the USA Freedom Act, US surveillance authorities have remained largely intact. Section 702 of the FISA Amendments Act — which is the basis of programs like PRISM and the NSA’s Upstream collection of information from Internet cables — sunsets in the summer of 2017. While it’s difficult to predict the political environment that far out, meaningful reform of Section 702 faces significant obstacles. Unlike the Section 215 program, which was clearly aimed at Americans, Section 702 is supposedly targeted at foreigners and only picks up information about Americans “incidentally.” The NSA has refused to provide an estimate of how many Americans’ information it collects under Section 702, despite repeated requests from lawmakers and most recently a large cohort of advocates. The Section 215 program was held illegal by two federal courts (here and here), but civil attempts to challenge Section 702 have run into standing barriers. Finally, while two review panels concluded that the Section 215 program provided little counterterrorism benefit (here and here), they found that the Section 702 program had been useful.

There is, nonetheless, some pressure to narrow the reach of Section 702. The recent decision by the European Court of Justice in the safe harbor case suggests that data flows between Europe and the US may be restricted unless the PRISM program is modified to protect the information of Europeans (see here, here, and here for discussion of the decision and reform options). Pressure from Internet companies whose business is suffering — estimates run to the tune of $35 to 180 billion — as a result of disclosures about NSA spying may also nudge lawmakers towards reform. One of the courts currently considering criminal cases which rely on evidence derived from Section 702 surveillance may hold the program unconstitutional either on the basis of the Fourth Amendment or Article III for the reasons set out in this Brennan Center report. A federal district court in Colorado recently rejected such a challenge, although as explained in Steve’s post, the decision did not seriously explore the issues. Further litigation in the European courts too could have an impact on the debate.

The US government's prosecution of a South Korean businessman accused of illegally selling technology used in aircraft and missiles to Iran was dealt a devastating blow by a federal judge. The judge ruled Friday that the authorities illegally seized the businessman's computer at Los Angeles International Airport as he was to board a flight home. The authorities who were investigating Jae Shik Kim exercised the border exception rule that allows the authorities to seize and search goods and people—without court warrants—along the border and at airport international terminals. US District Court judge Amy Berman Jackson of the District of Columbia noted that the Supreme Court has never directly addressed the issue of warrantless computer searches at an international border crossing, but she ruled (PDF) the government used Kim's flight home as an illegal pretext to seize his computer. Authorities then shipped it 150 miles south to San Diego where the hard drive was copied and examined for weeks, but the judge said the initial seizure "surely cannot be justified." After considering all of the facts and authorities set forth above, then, the Court finds, under the totality of the unique circumstances of this case, that the imaging and search of the entire contents of Kim’s laptop, aided by specialized forensic software, for a period of unlimited duration and an examination of unlimited scope, for the purpose of gathering evidence in a pre-existing investigation, was supported by so little suspicion of ongoing or imminent criminal activity, and was so invasive of Kim’s privacy and so disconnected from not only the considerations underlying the breadth of the government’s authority to search at the border, but also the border itself, that it was unreasonable.

"The government points to its plenary authority to conduct warrantless searches at the border. It posits that a laptop computer is simply a 'container' that was examined pursuant to this authority, and it submits that the government’s unfettered right to search cargo at the border to protect the homeland is the beginning and end of the matter," the judge wrote. Evidence discovered on his computer of his alleged involvement in the conspiracy that won an indictment is now suppressed, and it cannot be used against him according to the ruling. The authorities took the man's computer in 2012 for national security reasons but allowed him to board his flight home. The government did not comment on the decision. Judge Berman Jackson questioned whether the border search exception should apply to laptops because they carry much more private information than, say, a briefcase. Judge Jackson cited last year's Supreme Court case, known as Riley, in which the justices ruled unanimously that the authorities generally may not search the mobile phones of those they arrest unless they have a court warrant.

The Supreme Court said that "Modern cell phones, as a category, implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet, or a purse. A conclusion that inspecting the contents of an arrestee’s pockets works no substantial additional intrusion on privacy beyond the arrest itself may make sense as applied to physical items, but any extension of that reasoning to digital data has to rest on its own bottom." Seizing on that high court opinion, Judge Berman Jackson wrote: Applying the Riley framework, the national security concerns that underlie the enforcement of export control regulations at the border must be balanced against the degree to which Kim’s privacy was invaded in this instance. And as was set forth above, while the immediate national security concerns were somewhat attenuated, the invasion of privacy was substantial: the agents created an identical image of Kim’s entire computer hard drive and gave themselves unlimited time to search the tens of thousands of documents, images, and emails it contained, using an extensive list of search terms, and with the assistance of two forensic software programs that organized, expedited, and facilitated the task. Based upon the testimony of both Special Agent Hamako and Special Agent Marshall, the Court concludes that wherever the Supreme Court or the Court of Appeals eventually draws the precise boundary of a routine border search, or however either Court ultimately defines a forensic – as opposed to a conventional – computer search, this search was qualitatively and quantitatively different from a routine border examination, and therefore, it was unreasonable given the paucity of grounds to suspect that criminal activity was in progress.

Cass Sunstein has long been one of Barack Obama’s closest confidants.  Often mentioned as a likely Obama nominee to the Supreme Court, Sunstein is currently Obama’s head of the Office of Information and Regulatory Affairs where, among other things, he is responsible for “overseeing policies relating to privacy, information quality, and statistical programs.”  In 2008, while at Harvard Law School, Sunstein co-wrote a truly pernicious paper proposing that the U.S. Government employ teams of covert agents and pseudo-”independent” advocates to “cognitively infiltrate” online groups and websites — as well as other activist groups — which advocate views that Sunstein deems “false conspiracy theories” about the Government.  This would be designed to increase citizens’ faith in government officials and undermine the credibility of conspiracists.  The paper’s abstract can be read, and the full paper downloaded, here. Sunstein advocates that the Government’s stealth infiltration should be accomplished by sending covert agents into “chat rooms, online social networks, or even real-space groups.”  He also proposes that the Government make secret payments to so-called “independent” credible voices to bolster the Government’s messaging (on the ground that those who don’t believe government sources will be more inclined to listen to those who appear independent while secretly acting on behalf of the Government).   This program would target those advocating false “conspiracy theories,” which they define to mean: “an attempt to explain an event or practice by reference to the machinations of powerful people, who have also managed to conceal their role.”  Sunstein’s 2008 paper was flagged by this blogger, and then amplified in an excellent report by Raw Story‘s Daniel Tencer.

There’s no evidence that the Obama administration has actually implemented a program exactly of the type advocated by Sunstein, though in light of this paper and the fact that Sunstein’s position would include exactly such policies, that question certainly ought to be asked.  Regardless, Sunstein’s closeness to the President, as well as the highly influential position he occupies, merits an examination of the mentality behind what he wrote.  This isn’t an instance where some government official wrote a bizarre paper in college 30 years ago about matters unrelated to his official powers; this was written 18 months ago, at a time when the ascendancy of Sunstein’s close friend to the Presidency looked likely, in exactly the area he now oversees.  Additionally, the government-controlled messaging that Sunstein desires has been a prominent feature of U.S. Government actions over the last decade, including in some recently revealed practices of the current administration, and the mindset in which it is grounded explains a great deal about our political class.  All of that makes Sunstein’s paper worth examining in greater detail.

Initially, note how similar Sunstein’s proposal is to multiple, controversial stealth efforts by the Bush administration to secretly influence and shape our political debates.  The Bush Pentagon employed teams of former Generals to pose as “independent analysts” in the media while secretly coordinating their talking points and messaging about wars and detention policies with the Pentagon.  Bush officials secretly paid supposedly “independent” voices, such as Armstrong Williams and Maggie Gallagher, to advocate pro-Bush policies while failing to disclose their contracts.  In Iraq, the Bush Pentagon hired a company, Lincoln Park, which paid newspapers to plant pro-U.S. articles while pretending it came from Iraqi citizens.  In response to all of this, Democrats typically accused the Bush administration of engaging in government-sponsored propaganda — and when it was done domestically, suggested this was illegal propaganda.  Indeed, there is a very strong case to make that what Sunstein is advocating is itself illegal under long-standing statutes prohibiting government ”propaganda” within the U.S., aimed at American citizens: As explained in a March 21, 2005 report by the Congressional Research Service, “publicity or propaganda” is defined by the U.S. Government Accountability Office (GAO) to mean either (1) self-aggrandizement by public officials, (2) purely partisan activity, or (3) “covert propaganda.”  By covert propaganda, GAO means information which originates from the government but is unattributed and made to appear as though it came from a third party.

Another burst of sunlight permeated the National Security Agency's black box of domestic surveillance last week.According to the New York Times, the NSA is searching the content of virtually every email that comes into or goes out of the United States without a warrant. To accomplish this astonishing invasion of Americans' privacy, the NSA reportedly is making a copy of nearly every international email. It then searches that cloned data, keeping all of the emails containing certain keywords and deleting the rest – all in a matter of seconds.

The NSA appears to believe this general monitoring of our electronic communications is justified because the entire process takes, in one official's words, "a small number of seconds". Translation: the NSA thinks it can intercept and then read Americans' emails so long as the intrusion is swift, efficient and silent.That is not how the fourth amendment works.Whether the NSA inspects and retains these messages for years, or only searches through them once before moving on, the invasion of Americans' privacy is real and immediate. There is no "five-second rule" for fourth amendment violations: the US constitution does not excuse these bulk searches simply because they happen in the blink of an eye.The government claims that this program is authorized by a surveillance statute passed in 2008 that allows the government to target foreigners for surveillance. Although the government has frequently defended that law as a necessary tool in gathering foreign intelligence, the government has repeatedly misled the public about the extent to which the statute implicates Americans' communications.

There should no longer be any doubt: the US government has for years relied upon its authority to collect foreigners' communications as a useful cover for its sweeping surveillance of Americans' communications. The surveillance program revealed last week confirms that the interception of American communications under this law is neither "targeted" at foreigners (in any ordinary sense of that word) nor "inadvertent", as officials have repeatedly claimed.Last week's revelations are a disturbing harbinger of future surveillance. Two months ago, this newspaper reported that the US government has been forcing American telecommunications companies to turn over the call records of every one of their customers "on an ongoing daily basis", to allow the NSA to later search those records when it has a reason to do so. The government has since defended the program, in part on the theory that Americans' right to privacy is not implicated by the initial acquisition of their phone records, only by their later searching.That legal theory is extraordinarily dangerous because it would allow the NSA to acquire virtually all digital information today simply because it might possibly become relevant tomorrow. The surveillance program revealed by the New York Times report goes one step further still. No longer is the government simply collecting information now so that the data is available to search, should a reasonable suspicion arise at some point in the future; the NSA is searching everything now – in real time and without suspicion – merely on the chance that it finds something of interest.

From recent talks and discussions in Germany I conclude that the U.S. is losing more and more support and sympathies. The admiration of earlier times has turned into disgust. While a lot of higher politicians and some journalists still cling to some (well paid) myth of U.S. friendship the party base in all political parties as well as the general public has changed its opinion. The NSA spying headlines are only one, though important issue. Consider how you would feel about such an intrusive "ally": German intelligence employee arrested on suspicion of spying for US on Bundestag NSA committee NSA whistleblowers testify in Bundestag inquiry, disclose ‘totalitarian’ surveillance Germany NSA's main target, claims ex-staffer Irked by N.S.A., Germany Cancels Deal With Verizon German parliament drops US telecom firm Verizon over links to NSA spying NSA Turned Germany Into Its Largest Listening Post in Europe Report: NSA targeted German privacy activist NSA targets Tor administrators and people searching for privacy tools, reports claim The German constitution, as interpreted by the constitutional court, defines privacy as a basic human right. That the U.S. is so casually violating the basic human rights of all German citizens is met with utter disgust. Even the paid and trained Atlantic Council (a U.S. lobby) trolls in German news-site comments have problem defending this issue.

From recent talks and discussions in Germany I conclude that the U.S. is losing more and more support and sympathies. The admiration of earlier times has turned into disgust. While a lot of higher politicians and some journalists still cling to some (well paid) myth of U.S. friendship the party base in all political parties as well as the general public has changed its opinion. The NSA spying headlines are only one, though important issue. Consider how you would feel about such an intrusive "ally": German intelligence employee arrested on suspicion of spying for US on Bundestag NSA committee NSA whistleblowers testify in Bundestag inquiry, disclose ‘totalitarian’ surveillance Germany NSA's main target, claims ex-staffer Irked by N.S.A., Germany Cancels Deal With Verizon German parliament drops US telecom firm Verizon over links to NSA spying NSA Turned Germany Into Its Largest Listening Post in Europe Report: NSA targeted German privacy activist NSA targets Tor administrators and people searching for privacy tools, reports claim The German constitution, as interpreted by the constitutional court, defines privacy as a basic human right. That the U.S. is so casually violating the basic human rights of all German citizens is met with utter disgust. Even the paid and trained Atlantic Council (a U.S. lobby) trolls in German news-site comments have problem defending this issue.

But the NSA spying is not the only problem. The economic breakdown after 2008 clearly had its roots in the United States and is, in Germany, blamed on lax U.S. regulations. And while Germany itself pressed for a change in government in Ukraine the outbreak of violence, the bloody coup and the fighting in the east is considered as "Fuck the EU" U.S. intervention in European affairs. It may still take a decade or more but my sense is that the U.S.-German alliance in on its way to an unfriendly divorce. Something that 15 years ago seemed unthinkable.

Does the National Security Agency (NSA) have the authority to collect and keep all encrypted Internet traffic for as long as is necessary to decrypt that traffic? That was a question first raised in June 2013, after the minimization procedures governing telephone and Internet records collected under Section 702 of the Foreign Intelligence Surveillance Act were disclosed by Edward Snowden. The issue quickly receded into the background, however, as the world struggled to keep up with the deluge of surveillance disclosures. The Intelligence Authorization Act of 2015, which passed Congress this last December, should bring the question back to the fore. It established retention guidelines for communications collected under Executive Order 12333 and included an exception that allows NSA to keep ‘incidentally’ collected encrypted communications for an indefinite period of time. This creates a massive loophole in the guidelines. NSA’s retention of encrypted communications deserves further consideration today, now that these retention guidelines have been written into law. It has become increasingly clear over the last year that surveillance reform will be driven by technological change—specifically by the growing use of encryption technologies. Therefore, any legislation touching on encryption should receive close scrutiny.

Section 309 of the intel authorization bill describes “procedures for the retention of incidentally acquired communications.” It establishes retention guidelines for surveillance programs that are “reasonably anticipated to result in the acquisition of [telephone or electronic communications] to or from a United States person.” Communications to or from a United States person are ‘incidentally’ collected because the U.S. person is not the actual target of the collection. Section 309 states that these incidentally collected communications must be deleted after five years unless they meet a number of exceptions. One of these exceptions is that “the communication is enciphered or reasonably believed to have a secret meaning.” This exception appears to be directly lifted from NSA’s minimization procedures for data collected under Section 702 of FISA, which were declassified in 2013. 

While Section 309 specifically applies to collection taking place under E.O. 12333, not FISA, several of the exceptions described in Section 309 closely match exceptions in the FISA minimization procedures. That includes the exception for “enciphered” communications. Those minimization procedures almost certainly served as a model for these retention guidelines and will likely shape how this new language is interpreted by the Executive Branch. Section 309 also asks the heads of each relevant member of the intelligence community to develop procedures to ensure compliance with new retention requirements. I expect those procedures to look a lot like the FISA minimization guidelines.

Privacy advocates pressed Barack Obama to end the bulk collection of Americans’ communications data at a series of meetings at the White House on Thursday, seizing their final chance to convince him of the need for meaningful reform of sweeping surveillance practices. A key US senator left one meeting at the White House with the impression that President Obama has yet to decide on specific reforms. “The debate is clearly fluid,” senator Ron Wyden of Oregon, a longtime critic of bulk surveillance, told the Guardian after the meeting. “My sense is the president, and the administration, is wrestling with these issues,” Wyden said. Other groups were meeting presidential aides on Thursday afternoon, including the representatives of the American Civil Liberties Union, the Electronic Privacy Information Center (Epic) and the Open Technology Institute. Expectations were mounting that Obama will propose changing the National Security Agency’s controversial database of all domestic phone call records.

Wyden, a member of the Senate intelligence committee, said he viewed the coming days and weeks, ahead of an announcement by Obama about the future scope of surveillance, to be decisive for the debate triggered by NSA whistleblower Edward Snowden.  “What I’d say to Americans is that the future of these programs is being determined now,” Wyden said. “For those like me, who believe that security and liberty are not mutually exclusive, this is the time to weigh in.”

Speaking after the meeting with legislators, White House spokesman Jay Carney described the conversation as an opportunity for Obama to “solicit their input”, rather than brief them on his decisions about the future scope of surveillance activities.  The White House held meetings on Wednesday with the leadership of the intelligence agencies, including NSA director Keith Alexander and director of national intelligence James Clapper, as well as with Obama’s privacy and civil liberties advisory group. On Friday, Obama’s staff is expected to meet representatives of major technology firms, ostensibly to continue deliberations.  Shortly before the legislators’ meeting began, two of the attendees, House intelligence committee leaders Mike Rogers of Michigan and Dutch Ruppersberger of Maryland, issued a statement describing a classified Defense Department report that they said alleged that Snowden’s leaks –which they said totaled 1.7m intelligence files and impacted intelligence operations of all military branches – could “gravely impact” US national security. 

When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies. It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data. Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”

The full story about GCHQ’s infiltration of Belgacom, however, has never been told. Key details about the attack have remained shrouded in mystery—and the scope of the attack unclear. Now, in partnership with Dutch and Belgian newspapers NRC Handelsblad and De Standaard, The Intercept has pieced together the first full reconstruction of events that took place before, during, and after the secret GCHQ hacking operation. Based on new documents from the Snowden archive and interviews with sources familiar with the malware investigation at Belgacom, The Intercept and its partners have established that the attack on Belgacom was more aggressive and far-reaching than previously thought. It occurred in stages between 2010 and 2011, each time penetrating deeper into Belgacom’s systems, eventually compromising the very core of the company’s networks.

When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies. It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data. Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”