Group items tagged

It's 2016 going on 1984. The UK has just passed a massive expansion in surveillance powers, which critics have called "terrifying" and "dangerous".

The new law, dubbed the "snoopers' charter", was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government. Four years and a general election later -- May is now prime minister -- the bill was finalized and passed on Wednesday by both parliamentary houses. But civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government "document everything we do online". It's no wonder, because it basically does. The law will force internet providers to record every internet customer's top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand -- though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch.

Not only that, the law also gives the intelligence agencies the power to hack into computers and devices of citizens (known as equipment interference), although some protected professions -- such as journalists and medical staff -- are layered with marginally better protections. In other words, it's the "most extreme surveillance law ever passed in a democracy," according to Jim Killock, director of the Open Rights Group. The bill was opposed by representatives of the United Nations, all major UK and many leading global privacy and rights groups, and a host of Silicon Valley tech companies alike. Even the parliamentary committee tasked with scrutinizing the bill called some of its provisions "vague".

The British government has admitted that its practice of spying on confidential communications between lawyers and their clients was a breach of the European Convention on Human Rights (ECHR). Details of the controversial snooping emerged in November: lawyers suing Blighty over its rendition of two Libyan families to be tortured by the late and unlamented Gaddafi regime claimed Her Majesty's own lawyers seemed to have access to the defense team's emails. The families' briefs asked for a probe by the secretive Investigatory Powers Tribunal (IPT), a move that led to Wednesday's admission. "The concession the government has made today relates to the agencies' policies and procedures governing the handling of legally privileged communications and whether they are compatible with the ECHR," a government spokesman said in a statement to the media, via the Press Association. "In view of recent IPT judgments, we acknowledge that the policies applied since 2010 have not fully met the requirements of the ECHR, specifically Article 8. This includes a requirement that safeguards are made sufficiently public."

The guidelines revealed by the investigation showed that MI5 – which handles the UK's domestic security – had free reign to spy on highly private and sensitive lawyer-client conversations between April 2011 and January 2014. MI6, which handles foreign intelligence, had no rules on the matter either until 2011, and even those were considered void if "extremists" were involved. Britain's answer to the NSA, GCHQ, had rules against such spying, but they too were relaxed in 2011. "By allowing the intelligence agencies free rein to spy on communications between lawyers and their clients, the Government has endangered the fundamental British right to a fair trial," said Cori Crider, a director at the non-profit Reprieve and one of the lawyers for the Libyan families. "For too long, the security services have been allowed to snoop on those bringing cases against them when they speak to their lawyers. In doing so, they have violated a right that is centuries old in British common law. Today they have finally admitted they have been acting unlawfully for years."

Crider said it now seemed probable that UK snoopers had been listening in on the communications over the Libyan case. The British government hasn't admitted guilt, but it has at least acknowledged that it was doing something wrong – sort of. "It does not mean that there was any deliberate wrongdoing on the part of the security and intelligence agencies, which have always taken their obligation to protect legally privileged material extremely seriously," the government spokesman said. "Nor does it mean that any of the agencies' activities have prejudiced or in any way resulted in an abuse of process in any civil or criminal proceedings. The agencies will now work with the independent Interception of Communications Commissioner to ensure their policies satisfy all of the UK's human rights obligations." So that's all right, then.

President Barack Obama sought Wednesday to reassure Europeans outraged over U.S. surveillance programs that his government isn't sifting through their emails or eavesdropping on their telephone calls. He acknowledged that the programs haven't always worked as intended, saying "we had to tighten them up." Obama said once-secret U.S. surveillance programs that became public knowledge after a government contractor leaked details about them are meant to improve America's understanding of what is happening around the world. He sought to allay the concerns of Europeans upset by the thought that their personal communications may have been swept up in the U.S. government's massive data collection operations. "I can give assurances to the publics in Europe and around the world that we're not going around snooping at people's emails or listening to their phone calls," Obama said at a news conference with Prime Minister Fredrik Reinfeldt on his first visit as president to Sweden. "What we try to do is to target very specifically areas of concern." Leaks by former National Security Agency contractor Edward Snowden about U.S. surveillance programs sparked outrage overseas, particularly among Europeans who place a premium on personal privacy and civil liberties and recall life under governments that routinely spied on them. The NSA program was the first question he received from the Swedish press.

Obama said additional changes to the programs may be required because of advances in technology. He said his national security team along with an independent board is reviewing everything to strike the right balance between the government's surveillance needs and civil liberties. "There may be situations in which we're gathering information just because we can that doesn't help us with our national security, but does raise questions in terms of whether we're tipping over into being too intrusive with respect to the ... the interactions of other governments," Obama said. "We are consulting with the (European Union) in this process; we are consulting with other countries in this process and finding out from them what are their areas of specific concern and trying to align what we do in a way that, I think, alleviates some of the public concerns that people may have."

NoScript NoScript is a free extension for Mozilla-based web browsers, including Firefox. It blocks executable web content by default. This blocking includes JavaScript, Java, Flash and Silverlight. You can whitelist sites if you want to use such content on a site-by-site basis. Or, if you choose, you can make all sites active by default and choose to blacklist sites you think might be dangerous. A visual button tells you if active content has been blocked on the current site.

GCHQ’s bulk surveillance of electronic communications has scooped up emails to and from journalists working for some of the US and UK’s largest media organisations, analysis of documents released by whistleblower Edward Snowden reveals. Emails from the BBC, Reuters, the Guardian, the New York Times, Le Monde, the Sun, NBC and the Washington Post were saved by GCHQ and shared on the agency’s intranet as part of a test exercise by the signals intelligence agency. The disclosure comes as the British government faces intense pressure to protect the confidential communications of reporters, MPs and lawyers from snooping.

Senior editors and lawyers in the UK have called for the urgent introduction of a freedom of expression law amid growing concern over safeguards proposed by ministers to meet concerns over the police use of surveillance powers linked to the Regulation of Investigatory Powers Act 2000 (Ripa). More than 100 editors, including those from all the national newspapers, have signed a letter, coordinated by the Society of Editors and Press Gazette, to the UK prime minister, David Cameron, protesting at snooping on journalists’ communications. In the wake of terror attacks on the Charlie Hebdo offices and a Jewish grocer in Paris, Cameron has renewed calls for further bulk-surveillance powers, such as those which netted these journalistic communications.

The journalists’ communications were among 70,000 emails harvested in the space of less than 10 minutes on one day in November 2008 by one of GCHQ’s numerous taps on the fibre-optic cables that make up the backbone of the internet. The communications, which were sometimes simple mass-PR emails sent to dozens of journalists but also included correspondence between reporters and editors discussing stories, were retained by GCHQ and were available to all cleared staff on the agency intranet. There is nothing to indicate whether or not the journalists were intentionally targeted. The mails appeared to have been captured and stored as the output of a then-new tool being used to strip irrelevant data out of the agency’s tapping process. New evidence from other UK intelligence documents revealed by Snowden also shows that a GCHQ information security assessment listed “investigative journalists” as a threat in a hierarchy alongside terrorists or hackers.

Last week saw revelations [1] that the FBI and the National Security Agency have been collecting Americans’ phone records en masse and that the agencies have access to data from nine tech companies.  But secrecy around the programs has meant even basic questions are still unanswered. Here’s what we still don’t know:

BRUSSELS — Amid a growing outcry over American snooping on foreigners that threatens to cloud European-U.S. trade talks and President Barack Obama’s visit to Berlin, the European Union’s top justice official has demanded in unusually sharp terms that the United States reveal what its intelligence is doing with personal information of Europeans gathered under the Prism surveillance program revealed last week.

Viviane Reding, the Union’s combative commissioner of justice, told Attorney General Eric Holder in a letter sent on Monday evening that individual citizens of European countries had the right to know whether their personal information had been part of intelligence gathering “on a large scale.” In the letter, seen Tuesday by the International Herald Tribune, she also asked what avenues were available to Europeans to find out whether they had been spied on, and whether they would be treated similarly to U.S. citizens in such cases. “Given the gravity of the situation and the serious concerns expressed in public opinion on this side of the Atlantic, you will understand that I will expect swift and concrete answers,” Mrs. Reding wrote.

Speaking for a continent where snooping carries ghastly echoes of fascist or communist regimes, Mrs. Reding challenged Mr. Holder to answer a list of detailed questions by Friday, when they are expected to speak face-to-face in Dublin at a ministerial meeting scheduled before the Prism spy operation came to light. In Berlin, where Mr. Obama will speak next week before the Brandenburg Gate, privacy is a highly sensitive political issue and the Prism revelations have stirred a furor. “You can be sure that this will be one of the things the chancellor addresses when President Obama is in Germany,” said Steffen Seibert, spokesman for Angela Merkel, who grew up in the former Communist East.

Almost 15 years ago, as I was just finishing a book about the relationship between the Net (we called it “cyberspace” then) and civil liberties, a few ideas seemed so obvious as to be banal: First, life would move to the Net. Second, the Net would change as it did so. Gone would be simple privacy, the relatively anonymous default infrastructure for unmonitored communication; in its place would be a perpetually monitored, perfectly traceable system supporting both commerce and the government. That, at least, was the future that then seemed most likely, as business raced to make commerce possible and government scrambled to protect us (or our kids) from pornographers, and then pirates, and now terrorists. But another future was also possible, and this was my third, and only important point: Recognizing these obvious trends, we just might get smart about how code (my shorthand for the technology of the Internet) regulates us, and just possibly might begin thinking smartly about how we could embed in that code the protections that the Constitution guarantees us. Because—and here was the punchline, the single slogan that all 724 people who read that book remember—code is law. And if code is law, then we need to be as smart about how code regulates us as we are about how the law does so.

There is, after all, something hopeful about a future that was smart about encoding our civil liberties. It could, in theory at least, be better. Better at protecting us from future Nixons, better at securing privacy, and better at identifying those keen to commit crime.

But what astonishes me is that today, more than a decade into the 21st century, the world has remained mostly oblivious to these obvious points about the relationship between law and code. That’s the bit in the Edward Snowden interview that is, to me, the most shocking. As he explained to Glenn Greenwald: The NSA specially targets the communications of everyone. It ingests them by default. It collects them in its system, and it filters them and it analyzes them and it measures them and it stores them for periods of time simply because that’s the easiest and the most efficient and most valuable way to achieve these ends ... Not all analysts have the ability to target everything. But I sitting at my desk certainly had the authority to wiretap anyone—from you [the reporter, Glenn Greenwald], to your accountant, to a federal judge, to even the president if I had a personal email. We don’t know yet whether Snowden is telling the truth. Lots of people have denied specifics, and though his interview is compelling, just now, we literally don’t know. But what we do know are the questions that ought to be asked in response to his claims. And specifically, this: Is it really the case that the government has entrusted our privacy to the good judgment of private analysts? Are there really no code-based controls for assuring that specific surveillance is specifically justified? And what is the technology for assuring that rogues paid by our government can’t use data collected by our government for purposes that none within our government would openly and publicly defend?

America's National Security Agency (NSA) is apparently spying on Germany more than previously believed. Secret documents from the US intelligence service, which have been viewed by SPIEGEL journalists, reveal that the NSA systematically monitors and stores a large share of the country's telephone and Internet connection data. Internal NSA statistics indicate that the agency stores data from around half a billion communications connections in Germany each month. This data includes telephone calls, emails, mobile-phone text messages and chat transcripts. The metadata -- or information about which call or data connections were made and when -- is then stored at the NSA's headquarters in Fort Meade, near Washington, DC.

The documents show for the first time the scope of American surveillance in Germany. Previously, it had only been clear that Germany had been one of the major targets of NSA spying. A map published by the Guardian shows that Germany is on a par with targets such as China, Iraq and Saudi Arabia in terms of the intensity of electronic snooping. For weeks now, new details have emerged from documents collected by whistleblower Edward Snowden about the NSA's Prism and Britain's Tempora digital spying programs. The statistics, which SPIEGEL has also seen, show that data is collected from Germany on normal days for up to 20 million telephone calls and 10 million Internet data exchanges. Last Christmas Eve, it collected data on around 13 million phone calls and about half as many online exchanges. On the busiest days, such as January 7 of this year, the information gathered spiked to nearly 60 million communication connections under surveillance.

The NSA, it turns out, is more active in Germany than in any other of the EU's 27 member states. By comparison, during the same time frame, the Americans only recorded data on an average of 2 million connections in France each day. The documents also show that the NSA is primarily interested in important Internet hubs in southern and western Germany. Frankfurt, for example, plays an important role in the global Internet infrastructure, and the city is listed as a central base for the country. One top secret document also states that while Germany may be a partner, it is still also a target of the NSA's electronic snooping. According to the document, Germany is a so-called "3rd party foreign partner." The only countries that are explicitly excluded from spying attacks are Australia, Canada, New Zealand and the UK. "We can, and often do, target the signals of most 3d party foreign partners," a slide from an internal presentation states.

The British government can tap into the cables carrying the world’s web traffic at will and spy on what people are doing on some of the world’s most popular social media sites, including YouTube, all without the knowledge or consent of the companies.Documents taken from the National Security Agency by Edward Snowden and obtained by NBC News detail how British cyber spies demonstrated a pilot program to their U.S. partners in 2012 in which they were able to monitor YouTube in real time and collect addresses from the billions of videos watched daily, as well as some user information, for analysis. At the time the documents were printed, they were also able to spy on Facebook and Twitter.

Called “Psychology A New Kind of SIGDEV" (Signals Development), the presentation includes a section that spells out “Broad real-time monitoring of online activity” of YouTube videos, URLs “liked” on Facebook, and Blogspot/Blogger visits. The monitoring program is called “Squeaky Dolphin.”Experts told NBC News the documents show the British had to have been either physically able to tap the cables carrying the world’s web traffic or able to use a third party to gain physical access to the massive stream of data, and would be able to extract some key data about specific users as well.

The National Security Agency created a "secret backdoor" so its massive databases could be searched for the contents of U.S. citizens' confidential phone calls and e-mail messages without a warrant, according to the latest classified documents leaked by Edward Snowden. A report in the Guardian on Friday quoted Sen. Ron Wyden, an Oregon Democrat who serves on the Senate Intelligence Committee, as saying the secret rule offers a loophole allowing "warrantless searches for the phone calls or emails of law-abiding Americans." That appears to confirm what Rep. Jerrold Nadler, a New York Democrat, said in June after receiving a classified briefing from administration officials a few days earlier on the extent of the NSA's domestic surveillance operations. If the NSA wants "to listen to the phone," an analyst's decision is sufficient, without any other legal authorization required, Nadler said he had been told during the briefing. "I was rather startled," said Nadler, an attorney who serves on the House Judiciary Committee.

FBI Director Robert Mueller responded by assuring Nadler, according to a transcript of the hearing, that to "listen to the phone," the government would need "a particularized order" from the Foreign Intelligence Surveillance Court -- a claim that is contradicted by today's Guardian report and other documents. Mueller has been succeeded by James Comey, who was confirmed last month by the Senate. In response to a CNET article at the time, Director of National Intelligence James Clapper released a statement saying: "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress." Clapper never elaborated, however, on what "proper" authorization would be. Today's top-secret document leaked by Snowden reveals that "procedures approved on 3 October 2011 now allow for use of certain United States person names and identifiers as query terms when reviewing collected FAA 702 data."

FAA 702 is a reference to section 702 of a 2008 law that amended the Foreign Intelligence Surveillance Act. Those amendments created a warrantless surveillance process that could be employed by NSA analysts, but Congress never intended it to be used domestically against American citizens: A congressional report accompanying the law claimed it allows electronic surveillance only of "persons located outside the United States in order to acquire foreign intelligence information." In reality, though, the Obama Justice Department has devised secret interpretations of FAA 702 carving out loopholes in what were intended to be strict privacy safeguards. One loophole revealed in June shows that NSA, CIA, and FBI analysts are granted broad access to data vacuumed up by the world's most powerful intelligence agency -- but are supposed to follow certain "targeting" and "minimization" procedures to limit the number of Americans who become individual targets of warrantless surveillance.

Representative Mike Rogers (R-Michigan) was defiant today in the face of accusations that he had installed a small digital camera in the women's bathroom in his office at the Capitol. "This is just politics," said the ten-term Congressman. "I would argue the fact that we haven't had any women come forward with any specificity arguing that their privacy has been violated, clearly indicates, in ten years, clearly indicates that something must be doing right. Somebody must be doing something exactly right." When reporters asked how women would know to complain — the spycam, funded by the government, was expertly hidden — Rogers asserted that was the point. "You can't have your privacy violated if you don't know your privacy is violated," said Rogers.

Rogers went on to explain that the nation's Capitol — which has housed figures like former Congressman Bob Filner and former Senator Bob Packwood — presents known dangers to women, and that the spycam is calculated to make certain they are protected from those dangers. “If the women knew exactly what that spycam was about, they would be applauding and popping champagne corks. It’s a good thing. it keeps the women safe. It keeps the Capitol safe," Rogers asserted. Rogers then abruptly concluded the interview, threatening to sue reporters if they wrote about it.

As fast as it can, Google is sealing up cracks in its systems that Edward J. Snowden revealed the N.S.A. had brilliantly exploited. It is encrypting more data as it moves among its servers and helping customers encode their own emails. Facebook, Microsoft and Yahoo are taking similar steps.

After years of cooperating with the government, the immediate goal now is to thwart Washington — as well as Beijing and Moscow. The strategy is also intended to preserve business overseas in places like Brazil and Germany that have threatened to entrust data only to local providers. Google, for example, is laying its own fiber optic cable under the world’s oceans, a project that began as an effort to cut costs and extend its influence, but now has an added purpose: to assure that the company will have more control over the movement of its customer data.

A year after Mr. Snowden’s revelations, the era of quiet cooperation is over. Telecommunications companies say they are denying requests to volunteer data not covered by existing law. A.T.&T., Verizon and others say that compared with a year ago, they are far more reluctant to cooperate with the United States government in “gray areas” where there is no explicit requirement for a legal warrant.

Just last week we wrote about the growing number of legal challenges to GCHQ spying. Now here's another one, from The Bureau of Investigative Journalism, which is concerned about how blanket surveillance threatens the workings of a free press: The Bureau of Investigative Journalism is asking a European court to rule on whether UK legislation properly protects journalists' sources and communications from government scrutiny and mass surveillance.

The United States faces a tough task undoing the damage inflicted by allegations it has spied on leaders of allied countries, Russian Prime Minister Dmitry Medvedev said.

Reports that the US National Security Agency tapped German Chancellor Angela Merkel's cellphone and conducted widespread electronic snooping in nations such as France, Italy, Spain and elsewhere have sparked anger among American allies."It's not very pleasant when you are spied on ... so the leaders are angry. I understand them," Medvedev told Reuters in an interview on Thursday.Medvedev suggested such spying was not unusual, but he added that "it is assumed that it is not done in such an absolutely cynical way"."Can the situation be calmed? I think it's possible. But to be honest, no assurances will help here," he said. "What can you say in this situation? 'Sorry, we won't do it anymore' or 'We will not try to listen in on you'? Nobody will believe it."

The snooping scandal is a result of disclosures of U.S. secrets made to media organisations by Edward Snowden, a former National Security Agency contractor who fled the United States and has been living in asylum in Russia since August.Spy scandals strained relations between Russia and the United States during Medvedev's 2008-2012 presidency and have continued to do so since Vladimir Putin returned to the Kremlin last year.Former KGB spy Putin said Russia would shelter Snowden only if he stopped harming the United States, but the president ignored U.S. pleas to send the American home to face espionage charges.The decision to grant Snowden asylum seemed to underscore Putin's accusations that the United States preaches to the world about rights and freedoms it does not uphold at home.A German lawmaker said he met Snowden in Moscow on Thursday and that the former NSA contractor was willing to come to assist investigations into alleged U.S. surveillance of Merkel.

On March 12, 2004, acting attorney general James B. Comey and the Justice Department’s top leadership reached the brink of resignation over electronic surveillance orders that they believed to be illegal. President George W. Bush backed down, halting secret foreign-intelligence-gathering operations that had crossed into domestic terrain. That morning marked the beginning of the end of STELLARWIND, the cover name for a set of four surveillance programs that brought Americans and American territory within the domain of the National Security Agency for the first time in decades. It was also a prelude to new legal structures that allowed Bush and then President Obama to reproduce each of those programs and expand their reach.What exactly STELLARWIND did has never been disclosed in an unclassified form. Which parts of it did Comey approve? Which did he shut down? What became of the programs when the crisis passed and Comey, now Obama’s expected nominee for FBI director, returned to private life?Authoritative new answers to those questions, drawing upon a classified NSA history of STELLARWIND and interviews with high-ranking intelligence officials, offer the clearest map yet of the Bush-era programs and the NSA’s contemporary U.S. operations.STELLARWIND was succeeded by four major lines of intelligence collection in the territorial United States, together capable of spanning the full range of modern telecommunications, according to the interviews and documents.

Two of the four collection programs, one each for telephony and the Internet, process trillions of “metadata” records for storage and analysis in systems called MAINWAY and MARINA, respectively. Metadata includes highly revealing information about the times, places, devices and participants in electronic communication, but not its contents. The bulk collection of telephone call records from Verizon Business Services, disclosed this month by the British newspaper the Guardian, is one source of raw intelligence for MAINWAY.The other two types of collection, which operate on a much smaller scale, are aimed at content. One of them intercepts telephone calls and routes the spoken words to a system called ­NUCLEON.For Internet content, the most important source collection is the PRISM project reported on June 6 by The Washington Post and the Guardian. It draws from data held by Google, Yahoo, Microsoft and other Silicon Valley giants, collectively the richest depositories of personal information in history.

The debate has focused on two of the four U.S.-based collection programs: PRISM, for Internet content, and the comprehensive collection of telephone call records, foreign and domestic, that the Guardian revealed by posting a classified order from the Foreign Intelligence Surveillance Court to Verizon Business Services.The Post has learned that similar orders have been renewed every three months for other large U.S. phone companies, including Bell South and AT&T, since May 24, 2006. On that day, the surveillance court made a fundamental shift in its approach to Section 215 of the Patriot Act, which permits the FBI to compel production of “business records” that are relevant to a particular terrorism investigation and to share those in some circumstances with the NSA. Henceforth, the court ruled, it would define the relevant business records as the entirety of a telephone company’s call database.The Bush administration, by then, had been taking “bulk metadata” from the phone companies under voluntary agreements for more than four years. The volume of information overwhelmed the MAINWAY database, according to a classified report from the NSA inspector general in 2009. The agency spent $146 million in supplemental counterterrorism funds to buy new hardware and contract support — and to make unspecified payments to the phone companies for “collaborative partnerships.”When the New York Times revealed the warrantless surveillance of voice calls, in December 2005, the telephone companies got nervous. One of them, unnamed in the report, approached the NSA with a request. Rather than volunteer the data, at a price, the “provider preferred to be compelled to do so by a court order,” the report said. Other companies followed suit. The surveillance court order that recast the meaning of business records “essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had” under Bush’s asserted authority alone.

One of those senators, Mark Udall, D-Colo., challenged the head of the NSA, Gen. Keith Alexander, on just how far his agency could go when gathering those records. "Is it the goal of the NSA to collect the phone records of all Americans?" Udall asked at Thursday's hearing. "Yes, I believe it is in the nation's best interest to put all the phone records into a lockbox that we could search when the nation needs to do it. Yes," Alexander replied. Udall's counterpart on the committee in proposing more stringent limits, Sen. Ron Wyden, D-Ore., asked Alexander whether the NSA had ever collected or made plans to collect Americans' cellphone signals to track the movements of individual callers. Alexander answered both times that the NSA was not collecting such data and would have to ask for court approval if it wanted to. Questioned further, he cited a classified version of the letter that was sent to senators and said, "What I don't want to do ... is put out in an unclassified forum anything that's classified." Wyden promised to keep asking.