Group items tagged

The National Security Agency is secretly intercepting, recording, and archiving the audio of virtually every cell phone conversation on the island nation of the Bahamas. According to documents provided by NSA whistleblower Edward Snowden, the surveillance is part of a top-secret system – code-named SOMALGET – that was implemented without the knowledge or consent of the Bahamian government. Instead, the agency appears to have used access legally obtained in cooperation with the U.S. Drug Enforcement Administration to open a backdoor to the country’s cellular telephone network, enabling it to covertly record and store the “full-take audio” of every mobile call made to, from and within the Bahamas – and to replay those calls for up to a month. SOMALGET is part of a broader NSA program called MYSTIC, which The Intercept has learned is being used to secretly monitor the telecommunications systems of the Bahamas and several other countries, including Mexico, the Philippines, and Kenya. But while MYSTIC scrapes mobile networks for so-called “metadata” – information that reveals the time, source, and destination of calls – SOMALGET is a cutting-edge tool that enables the NSA to vacuum up and store the actual content of every conversation in an entire country.

All told, the NSA is using MYSTIC to gather personal data on mobile calls placed in countries with a combined population of more than 250 million people. And according to classified documents, the agency is seeking funding to export the sweeping surveillance capability elsewhere. The program raises profound questions about the nature and extent of American surveillance abroad. The U.S. intelligence community routinely justifies its massive spying efforts by citing the threats to national security posed by global terrorism and unpredictable rival nations like Russia and Iran. But the NSA documents indicate that SOMALGET has been deployed in the Bahamas to locate “international narcotics traffickers and special-interest alien smugglers” – traditional law-enforcement concerns, but a far cry from derailing terror plots or intercepting weapons of mass destruction.

By targeting the Bahamas’ entire mobile network, the NSA is intentionally collecting and retaining intelligence on millions of people who have not been accused of any crime or terrorist activity. Nearly five million Americans visit the country each year, and many prominent U.S. citizens keep homes there, including Sen. Tom Harkin (D-Iowa), Bill Gates, and Oprah Winfrey.

Warning of an erosion of confidence in the products of the U.S. technology industry, John Chambers, the CEO of networking giant Cisco Systems, has asked President Obama to intervene to curtail the surveillance activities of the National Security Agency. In a letter dated May 15 (obtained by Re/code and reprinted in full below), Chambers asked Obama to create “new standards of conduct” regarding how the NSA carries out its spying operations around the world. The letter was first reported by The Financial Times. The letter follows new revelations, including photos, published in a book based on documents leaked by former NSA contractor Edward Snowden alleging that the NSA intercepted equipment from Cisco and other manufacturers and loaded them with surveillance software. The photos, which have not been independently verified, appear to show NSA technicians working with Cisco equipment. Cisco is not said to have cooperated in the NSA’s efforts.

The FBI is attempting to persuade an obscure regulatory body in Washington to change its rules of engagement in order to seize significant new powers to hack into and carry out surveillance of computers throughout the US and around the world. Civil liberties groups warn that the proposed rule change amounts to a power grab by the agency that would ride roughshod over strict limits to searches and seizures laid out under the fourth amendment of the US constitution, as well as violate first amendment privacy rights. They have protested that the FBI is seeking to transform its cyber capabilities with minimal public debate and with no congressional oversight. The regulatory body to which the Department of Justice has applied to make the rule change, the advisory committee on criminal rules, will meet for the first time on November 5 to discuss the issue. The panel will be addressed by a slew of technology experts and privacy advocates concerned about the possible ramifications were the proposals allowed to go into effect next year.

“This is a giant step forward for the FBI’s operational capabilities, without any consideration of the policy implications. To be seeking these powers at a time of heightened international concern about US surveillance is an especially brazen and potentially dangerous move,” said Ahmed Ghappour, an expert in computer law at University of California, Hastings college of the law, who will be addressing next week’s hearing. The proposed operating changes related to rule 41 of the federal rules of criminal procedure, the terms under which the FBI is allowed to conduct searches under court-approved warrants. Under existing wording, warrants have to be highly focused on specific locations where suspected criminal activity is occurring and approved by judges located in that same district. But under the proposed amendment, a judge can issue a warrant that would allow the FBI to hack into any computer, no matter where it is located. The change is designed specifically to help federal investigators carry out surveillance on computers that have been “anonymized” – that is, their location has been hidden using tools such as Tor.

Were the amendment to be granted by the regulatory committee, the FBI would have the green light to unleash its capabilities – known as “network investigative techniques” – on computers across America and beyond. The techniques involve clandestinely installing malicious software, or malware, onto a computer that in turn allows federal agents effectively to control the machine, downloading all its digital contents, switching its camera or microphone on or off, and even taking over other computers in its network.

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages. For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks. The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.

According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance. The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.

Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.

here’s yet another tantalizing clue that the National Security Agency and its “Five Eyes” allies are behind a poweful cyber-espionage tool called Regin, used to spy on friend and enemy alike. That’s the conclusion Russian cybersecurity firm Kaspersky drew after examining the source code of Regin and an innocuously-named spying tool called QWERTY. It’s an appropriate monicker. The malware, known as a keylogger,  vacuums up anything typed on a computer keyboard and sends it back to the programmer controlling it. The crucial clue Kaspersky found is that QWERTY “can only operate as part of the Regin platform.” After tracking Regin across 14 countries for years, Kaspersky and technology firm Symantec identified it in November 2014.  At the time, Symantec said Regin’s “capabilities and the level of resources behind [it] indicate that it is one of the main cyberespionage tools used by a nation state.” 

Though neither company said it, suspicion immediately arose that the NSA and its allies had created Regin. It immediately drew comparisons with Stuxnet, the joint U.S.-Israeli computer worm used to damage Iranian nuclear centrifuges in Natanz in 2009. Unlike Stuxnet’s narrow mission of sabotage, Regin is designed for spying in a wide set of environments. It hides in plain sight, disguised as ordinary Microsoft software.

The new evidence further points to the Five Eyes. The German news magazine Der Spiegel has a trove of documents from NSA whistleblower Edward Snowden, which included the source code. Der Spiegel gave Kaspersky the code to examine: The new analysis provides clear proof that Regin is in fact the cyber-attack platform belonging to the Five Eyes alliance, which includes the U.S., Britain, Canada, Australia and New Zealand. Neither Kaspersky nor Symantec commented directly on the likely creator of Regin. But there can be little room left for doubt regarding the malware’s origin. Der Spiegel pointed to five elements they believe suggest Five Eyes authorship: the presence of QWERTY in Snowden’s files, its use in the Belgacom hack by Britain’s GCHQ, references to the sport of cricket in the code, structural similarities to tools outlined in other Snowden documents, and targets consistent with other Five Eyes tools and campaigns.

In the age of ubiquitous government surveillance, the only way citizens can protect their privacy online is through encryption. Historically, this has been extremely difficult for mere mortals; just watch the video Edward Snowden made to teach Glenn Greenwald how to encrypt his emails to see how confusing it gets. But all of this is quickly changing as high-quality, user-friendly encryption software becomes available. App maker Open Whisper Systems took an important step in this direction today with the release of a major new version of its Signal encrypted calling app for iPhones and iPads. The new version, Signal 2.0, folds in support for encrypted text messages using a protocol called TextSecure, meaning users can communicate using voice and text while remaining confident nothing can be intercepted in transit over the internet. That may not sound like a particularly big deal, given that other encrypted communication apps are available for iOS, but Signal 2.0 offers something tremendously useful: peace of mind. Unlike other text messaging products, Signal’s code is open source, meaning it can be inspected by experts, and the app also supports forward secrecy, so if an attacker steals your encryption key, they cannot go back and decrypt messages they may have collected in the past.

Signal is also one special place on the iPhone where users can be confident all their communications are always fully scrambled. Other apps with encryption tend to enter insecure modes at unpredictable times — unpredictable for many users, at least. Apple’s iMessage, for example, employs strong encryption, but only when communicating between two Apple devices and only when there is a proper data connection. Otherwise, iMessage falls back on insecure SMS messaging. iMessage also lacks forward secrecy and inspectable source code. Signal also offers the ability for power users to verify the identity of the people they’re talking to, confirming that the encryption isn’t under attack. With iMessage, you just have to take Apple’s word for it. Strong, reliable, predictably-applied encryption is especially important at a time when the world just found out, via a report by The Intercept, that American and British spies hacked into the world’s largest SIM card manufacturer and stole the encryption keys that are used to protect communication between handsets and cell phone towers. With these keys, spies can eavesdrop on phone calls and texts just by passively listening to the airwaves.

iPhone users can find Signal here. For Android users, the product is, at the moment, split into two apps: TextSecure for private texting and RedPhone for private voice calls. “We’re working towards a single unified Signal app for Android, iPhone and the desktop,” says Marlinspike. It’s important to keep in mind that no technology is 100 percent secure, and an encrypted messaging app can only be as secure as the device you install it on. Intelligence agencies and other hackers can still exploit security bugs that have not been fixed, known as zero day exploits, to take over smartphones and bypass the encryption that privacy apps employ. But apps like Signal go a long way to making mass surveillance of billions of innocent people infeasible.

The Maldives has said it acted alone to expel a Russian national suspected by the US of being one of the world’s most prolific traffickers of stolen credit cards. President Abdulla Yameen denied a claim by Moscow that the United States had abducted Roman Seleznev from the Maldives and taken him to the American territory of Guam. Yameen told reporters that Maldives police, acting on an Interpol arrest warrant, had moved against 30-year-old Seleznev during the weekend.

he US Justice Department said on Monday that Seleznev was arrested and taken to Guam, although the details of his seizure were not known. He is charged with hacking into retail computer systems and installing malicious software to steal credit card numbers in a scheme that operated between October 2009 and February 2011. Seleznev and his partners stole over 200,000 credit card numbers, with bank losses from the scheme estimated at over US$1.1 million, according to a 2011 indictment.

The Russian foreign ministry said Seleznev’s detention was a “hostile step”, adding that Russian diplomatic missions had not been notified of his arrest.

The Senate Intelligence Committee recently introduced the Cybersecurity Information Sharing Act of 2014. It’s the fourth time in four years that Congress has tried to pass "cybersecurity" legislation. Unfortunately, the newest Senate bill is one of the worst yet. Cybersecurity bills aim to facilitate information sharing between companies and the government, but they always seem to come with broad immunity clauses for companies, vague definitions, and aggressive spying powers. Given such calculated violence to users' privacy rights, it’s no surprise that these bills fail every year. What is a surprise is that the bills keep coming back from the dead. Last year, President Obama signed Executive Order 13636 (EO 13636) directing the Department of Homeland Security (DHS) to expand current information sharing programs that are far more privacy protective than anything seen in recent cybersecurity bills. Despite this, members of Congress like Rep. Mike Rogers and Senator Dianne Feinstein keep on introducing bills that would destroy these privacy protections and grant new spying powers to companies.

Aside from its redundancy, the Senate's bill grants two new authorities to companies. First, the bill authorizes companies to launch countermeasures for a "cybersecurity purpose" against a "cybersecurity threat." "Cybersecurity purpose" is so broadly defined that it means almost anything related to protecting (including physically protecting) an information system, which can be a computer or software. The same goes for a "cybersecurity threat," which includes anything that "may result" in an unauthorized effort to impact the availability of the information system. Combined, the two definitions could be read by companies to permit attacks on machines that unwittingly contribute to network congestion. The countermeasures clause will increasingly militarize the Internet—a prospect that may appeal to some "active defense" (aka offensive) cybersecurity companies, but does not favor the everyday user. Second, the bill adds a new authority for companies to monitor information systems to protect an entity's rights or property. Here again, the broad definitions could be used in conjunction with the monitoring clause to spy on users engaged in potentially innocuous activity. Once collected, companies can then share the information, which is also called “cyber threat indicators,” freely with government agencies like the NSA.

Such sharing will occur because under this bill, DHS would no longer be the lead agency making decisions about the cybersecurity information received, retained, or shared to companies or within the government. Its new role in the bill mandates DHS send information to agencies like the NSA—"in real-time and simultaneous[ly]." DHS is even barred from "delay[ing]" or "interfer[ing]" with the information, which ensures that DHS's current privacy protections won’t be applied to the information. The provision is ripe for improper and over-expansive information sharing. This leads to a question: What stops your sensitive personal information from being shared by companies to the government? Almost nothing. Companies must only remove personally identifiable information if the information is known to be US person information and not directly related to the threat. Such a willful blindness approach is inappropriate. Further, the bill does not even impose this weak minimization requirement on information shared by, and within, the government (including federal, state, local, and tribal governments) thereby allowing the government to share information containing personally identifiable information. The bill should require deletion of all information not directly related to a threat.

June 25, 2014. A final number for real US GDP growth in the first quarter of 2014 was released today. The number is not the 2.6% growth rate predicted by the know-nothing economists in January of this year. The number is a decline in GDP of -2.9 percent. The negative growth rate of -2.9 percent is itself an understatement. This number was achieved by deflating nominal GDP with an understated measure of inflation. During the Clinton regime, the Boskin Commission rigged the inflation measure in order to cheat Social Security recipients out of their cost-of-living adjustments. Anyone who purchases food, fuel, or anything knows that inflation is much higher than the officially reported number. It is possible that the drop in first quarter real GDP is three times the official number. Regardless, the difference is large between the January forecast of +2.6 percent growth and the decline as of the end of March of -2.9 percent.

Any economist who is real and unpaid by Wall Street, the government, or the Establishment knew that the +2.6 percent forecast was a crock. Americans’ incomes have not grown except for the one percent, and the only credit growth is in student loans, as those many who cannot find jobs mistakenly turn to “education is the answer.” In an economy based on consumer demand, the absence of income and credit growth means no economic growth. The US economy cannot grow because corporations pushed by Wall Street have moved the US economy offshore. US manufactured products are made offshore. Look at the labels on your clothes, your shoes, your eating and cooking utensils, your computers, whatever. US professional jobs such as software engineering have been moved offshore. An economy with an offshored economy is not an economy. All of this happened in full view, while well-paid free market shills declared that Americans were benefiting from giving America’s middle class jobs to China and India.

An official decline of -2.9 percent in the first quarter implies a second quarter GDP decline. Two declines in a row is the definition of recession. Imagine the consequences of a recession. It means that years of unprecedented Quantitative Easing failed to revive the economy. It means that years of Keynesian fiscal deficits failed to revive the economy. Neither fiscal nor monetary policy worked. What then can revive the economy? Nothing except to force the return of the economy that the anti-American corporations moved offshore. This would require credible government. Unfortunately, the US government has been losing credibility since the second term of the Clinton regime. It has none left.

Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept. Regin was found on infected internal computer systems and email servers at Belgacom, a partly state-owned Belgian phone and internet provider, following reports last year that the company was targeted in a top-secret surveillance operation carried out by British spy agency Government Communications Headquarters, industry sources told The Intercept. The malware, which steals data from infected systems and disguises itself as legitimate Microsoft software, has also been identified on the same European Union computer systems that were targeted for surveillance by the National Security Agency.

The hacking operations against Belgacom and the European Union were first revealed last year through documents leaked by NSA whistleblower Edward Snowden. The specific malware used in the attacks has never been disclosed, however.

“Is this related to what we talked about before?” Bencsáth said, referring to a previous discussion they’d had about testing new services the company planned to offer customers. “No, something else,” Bartos said. “Can you come now? It’s important. But don’t tell anyone where you’re going.” Bencsáth wolfed down the rest of his lunch and told his colleagues in the lab that he had a “red alert” and had to go. “Don’t ask,” he said as he ran out the door. A while later, he was at Bartos’ office, where a triage team had been assembled to address the problem they wanted to discuss. “We think we’ve been hacked,” Bartos said.

They found a suspicious file on a developer’s machine that had been created late at night when no one was working. The file was encrypted and compressed so they had no idea what was inside, but they suspected it was data the attackers had copied from the machine and planned to retrieve later. A search of the company’s network found a few more machines that had been infected as well. The triage team felt confident they had contained the attack but wanted Bencsáth’s help determining how the intruders had broken in and what they were after. The company had all the right protections in place—firewalls, antivirus, intrusion-detection and -prevention systems—and still the attackers got in.

Bencsáth was a teacher, not a malware hunter, and had never done such forensic work before. At the CrySyS Lab, where he was one of four advisers working with a handful of grad students, he did academic research for the European Union and occasional hands-on consulting work for other clients, but the latter was mostly run-of-the-mill cleanup work—mopping up and restoring systems after random virus infections. He’d never investigated a targeted hack before, let alone one that was still live, and was thrilled to have the chance. The only catch was, he couldn’t tell anyone what he was doing. Bartos’ company depended on the trust of customers, and if word got out that the company had been hacked, they could lose clients. The triage team had taken mirror images of the infected hard drives, so they and Bencsáth spent the rest of the afternoon poring over the copies in search of anything suspicious. By the end of the day, they’d found what they were looking for—an “infostealer” string of code that was designed to record passwords and other keystrokes on infected machines, as well as steal documents and take screenshots. It also catalogued any devices or systems that were connected to the machines so the attackers could build a blueprint of the company’s network architecture. The malware didn’t immediately siphon the stolen data from infected machines but instead stored it in a temporary file, like the one the triage team had found. The file grew fatter each time the infostealer sucked up data, until at some point the attackers would reach out to the machine to retrieve it from a server in India that served as a command-and-control node for the malware.

Concluding Thoughts

This case well illustrates both the challenges faced by modern law enforcement in retrieving information it needs to pursue and prosecute wrongdoers, and the threat to the privacy of innocent parties from a vigorous criminal investigation. At the time of Tamura, most individuals and enterprises kept records in their file cabinets or similar physical facilities. Today, the same kind of data is usually stored electronically, often far from the premises. Electronic storage facilities intermingle data, making them difficult to retrieve without a thorough understanding of the filing and classification systems used—something that can often only be determined by closely analyzing the data in a controlled environment. Tamura involved a few dozen boxes and was considered a broad seizure; but even inexpensive electronic storage media today can store the equivalent of millions of pages of information. 1176*1176 Wrongdoers and their collaborators have obvious incentives to make data difficult to find, but parties involved in lawful activities may also encrypt or compress data for entirely legitimate reasons: protection of privacy, preservation of privileged communications, warding off industrial espionage or preventing general mischief such as identity theft. Law enforcement today thus has a far more difficult, exacting and sensitive task in pursuing evidence of criminal activities than even in the relatively recent past. The legitimate need to scoop up large quantities of data, and sift through it carefully for concealed or disguised pieces of evidence, is one we've often recognized. See, e.g., United States v. Hill, 459 F.3d 966 (9th Cir.2006).

This pressing need of law enforcement for broad authorization to examine electronic records, so persuasively demonstrated in the introduction to the original warrant in this case, see pp. 1167-68 supra, creates a serious risk that every warrant for electronic information will become, in effect, a general warrant, rendering the Fourth Amendment irrelevant. The problem can be stated very simply: There is no way to be sure exactly what an electronic file contains without somehow examining its contents—either by opening it and looking, using specialized forensic software, keyword searching or some other such technique. But electronic files are generally found on media that also contain thousands or millions of other files among which the sought-after data may be stored or concealed. By necessity, government efforts to locate particular files will require examining a great many other files to exclude the possibility that the sought-after data are concealed there. Once a file is examined, however, the government may claim (as it did in this case) that its contents are in plain view and, if incriminating, the government can keep it. Authorization to search some computer files therefore automatically becomes authorization to search all files in the same sub-directory, and all files in an enveloping directory, a neighboring hard drive, a nearby computer or nearby storage media. Where computers are not near each other, but are connected electronically, the original search might justify examining files in computers many miles away, on a theory that incriminating electronic data could have been shuttled and concealed there.

Today EFF is pleased to announce Let’s Encrypt, a new certificate authority (CA) initiative that we have put together with Mozilla, Cisco, Akamai, IdenTrust, and researchers at the University of Michigan that aims to clear the remaining roadblocks to transition the Web from HTTP to HTTPS.Although the HTTP protocol has been hugely successful, it is inherently insecure. Whenever you use an HTTP website, you are always vulnerable to problems, including account hijacking and identity theft; surveillance and tracking by governments, companies, and both in concert; injection of malicious scripts into pages; and censorship that targets specific keywords or specific pages on sites. The HTTPS protocol, though it is not yet flawless, is a vast improvement on all of these fronts, and we need to move to a future where every website is HTTPS by default.With a launch scheduled for summer 2015, the Let’s Encrypt CA will automatically issue and manage free certificates for any website that needs them. Switching a webserver from HTTP to HTTPS with this CA will be as easy as issuing one command, or clicking one button.

The biggest obstacle to HTTPS deployment has been the complexity, bureaucracy, and cost of the certificates that HTTPS requires. We’re all familiar with the warnings and error messages produced by misconfigured certificates. These warnings are a hint that HTTPS (and other uses of TLS/SSL) is dependent on a horrifyingly complex and often structurally dysfunctional bureaucracy for authentication.

The need to obtain, install, and manage certificates from that bureaucracy is the largest reason that sites keep using HTTP instead of HTTPS. In our tests, it typically takes a web developer 1-3 hours to enable encryption for the first time. The Let’s Encrypt project is aiming to fix that by reducing setup time to 20-30 seconds. You can help test and hack on the developer preview of our Let's Encrypt agent software or watch a video of it in action here:

Facebook teamed up with several corporate “friends” to adapt Facebook’s in-house software to identify cyber threats and their source with other corporations. Countering cyber threats sounds positive while there are serious questions about transparency when smaller, independent media fall victim to major corporation’s unwillingness to reveal the source of attacks resulted in websites being closed for hours or days. Transparency, yes, but for whom? Among the companies Facebook is teaming up with are Printerest, Tumblr, Twitter, Yahoo, Drpbox and Bit.ly, reports Susanne Posel at Occupy Corporatism. The stated goal of “Threat Exchange” is to locate malware, the source domains, the IP addresses which are involved as well as the nature of the malware itself.

While the platform may be useful for major corporations, who can afford buying the privilege to join the club, the initiative does little to nothing to protect smaller, independent media from being targeted with impunity. The development prompts the question “Cyber security for whom?” The question is especially pertinent because identifying a site as containing malware, whether it is correct or not, will result in the site being added to Google’s so-called “Safe Browsing List”.

An article written by nsnbc editor-in-chief Christof Lehmann entitled “Censorship Alert: The Alternative Media are getting harassed by the NSA” provides several examples which raise serious questions about the lack of transparency when independent media demand information about either real or alleged malware content on their media’s websites. An alleged malware content in a java script that had been inserted via the third-party advertising company MadAdsMedia resulted in the nsnbc website being closed down and added to Google’s Safe Browsing list. The response to nsnbc’s request to send detailed information about the alleged malware and most importantly, about the source, was rejected. MadAdsMedia’s response to a renewed request was to stop serving advertisements to nsnbc from one day to the other, stating that nsnbc could contact another company, YieldSelect, which is run by the same company. Shell Games? SiteLock, who partners with most western-based web hosting providers, including BlueHost, Hostgator and many others contacted nsnbc warning about an alleged malware threat. SiteLock refused to provide detailed information.

The Drug Enforcement Administration is collecting information about more than just license plates with the tracking system revealed by the American Civil Liberties Union. Documents released by the ACLU this morning show that the DEA is also using the license plate readers (LPRs) on which this system relies to capture photographs of a vehicles’ passengers. The images can then be run through facial recognition software. This is meant to give the DEA more context about the people whose movements it’s tracking with this program, which gathers data from more than 100 LPRs managed by an unknown number of police departments around the country to aid in their investigations. The program was originally meant to assist with civil asset forfeiture cases, but it has since expanded to assist departments approved by the El Paso Intelligence Center with investigations into murders, rapes, and other crimes, the Wall Street Journal reports.

Previous reports indicated that the DEA was collecting license plate information about “millions” of Americans. That figure might be low if it didn’t account for the number of plates collected versus the number of people in a vehicle when these images are taken. Either way, this program represents a clear violation of privacy for many Americans, most of whom didn’t know the DEA could collect this information. As I wrote before: The result is a national surveillance program with an unknown number of contributors offering up location data about millions of Americans; all to a database used by an untold number of police departments without any public oversight regarding their searches.

That’s a problem. Backchannel reported in December that police have used their access to license plate readers to stalk former colleagues, and IB Times revealed earlier this month that Gov. Chris Christie (R-NJ) used location data to smear a political rival. Perhaps the DEA will support the program by claiming that learning who is in a vehicle isn’t much different from learning where the vehicle was going — it could all be considered metadata, and the government considers that information to be fair game.

Suppose that by enacting a particular law we'd increase the U.S. Gross Domestic Product. But almost all that growth would go to the richest 1 percent. The rest of us could buy some products cheaper than before. But those gains would be offset by losses of jobs and wages.This is pretty much what "free trade" has brought us over the last two decades.I used to believe in trade agreements. That was before the wages of most Americans stagnated and a relative few at the top captured just about all the economic gains.

The biggest things big American corporations sell overseas are ideas, designs, franchises, brands, engineering solutions, instructions, and software.Google, Apple, Uber, Facebook, Walmart, McDonalds, Microsoft, and Pfizer, for example, are making huge profits all over the world.But those profits don't depend on American labor -- apart from a tiny group of managers, designers, and researchers in the U.S.

According to Economic Policy Institute, the North American Free Trade Act cost U.S. workers almost 700,000 jobs, thereby pushing down American wages.

The United States has found a way to permanently embed surveillance and sabotage tools in computers and networks it has targeted in Iran, Russia, Pakistan, China, Afghanistan and other countries closely watched by American intelligence agencies, according to a Russian cybersecurity firm.In a presentation of its findings at a conference in Mexico on Monday, Kaspersky Lab, the Russian firm, said that the implants had been placed by what it called the “Equation Group,” which appears to be a veiled reference to the National Security Agency and its military counterpart, United States Cyber Command.

It linked the techniques to those used in Stuxnet, the computer worm that disabled about 1,000 centrifuges in Iran’s nuclear enrichment program. It was later revealed that Stuxnet was part of a program code-named Olympic Games and run jointly by Israel and the United States.Kaspersky’s report said that Olympic Games had similarities to a much broader effort to infect computers well beyond those in Iran. It detected particularly high infection rates in computers in Iran, Pakistan and Russia, three countries whose nuclear programs the United States routinely monitors.

Some of the implants burrow so deep into the computer systems, Kaspersky said, that they infect the “firmware,” the embedded software that preps the computer’s hardware before the operating system starts. It is beyond the reach of existing antivirus products and most security controls, Kaspersky reported, making it virtually impossible to wipe out.

12 August 1988  Cover, pages 10-12   Somebody's  listening  . . . and they don't give a damn about personal privacy or commercial confidence. Project 415 is a top-secret new global surveillance system. It can tap into a billion calls a year in the UK alone. Inside Duncan Campbell on how spying entered the 21st century . . .  They've got it taped In the booming surveillance industry they spy on whom they wish, when they wish, protected by barriers of secrecy, fortified by billions of pounds worth of high, high technology. Duncan Campbell reports from the United States on the secret Anglo-American plan for a global electronic spy system for the 21st century capable of listening in to most of us most of the time   American, British and Allied intelligence agencies are soon to embark on a massive, billion-dollar expansion of their global electronic surveillance system. According to information given recently in secret to the US Congress, the surveillance system will enable the agencies to monitor and analyse civilian communications into the 21st century. Identified for the moment as Project P415, the system will be run by the US National Security Agency (NSA). But the intelligence agencies of many other countries will be closely involved with the new network, including those from Britain, Australia, Germany and Japan--and, surprisingly, the People's Republic of China. New satellite stations and monitoring centres are to be built around the world, and a chain of new satellites launched, so that NSA and its British counterpart, the Government Communications Headquarters (GCHQ) at Cheltenham, may keep abreast of the burgeoning international telecommunications traffic.

Both the new and existing surveillance systems are highly computerised. They rely on near total interception of international commercial and satellite communications in order to locate the telephone or other messages of target individuals. Last month, a US newspaper, the Cleveland Plain Dealer, revealed that the system had been used to target the telephone calls of a US Senator, Strom Thurmond. The fact that Thurmond, a southern Republican and usually a staunch supporter of the Reagan administration, is said to have been a target has raised fears that the NSA has restored domestic, electronic, surveillance programmes. These were originally exposed and criticised during the Watergate investigations, and their closure ordered by President Carter. After talking to the NSA, Thurmond later told the Plain Dealer that he did not believe the allegation. But Thurmond, a right-wing Republican, may have been unwilling to rock the boat. Staff members of the Permanent Select Committee on Intelligence said that staff were "digging into it" despite the "stratospheric security classification" of all the systems involved. The Congressional officials were first told of the Thurmond interception by a former employee of the Lockheed Space and Missiles Corporation, Margaret Newsham, who now lives in Sunnyvale, California. Newsham had originally given separate testimony and filed a lawsuit concerning corruption and mis-spending on other US government "black" projects. She has worked in the US and Britain for two corporations which manufacture signal intelligence computers, satellites and interception equipment for NSA, Ford Aerospace and Lockheed. Citing a special Executive Order signed by President Reagan. she told me last month that she could not and would not discuss classified information with journalists. But according to Washington sources (and the report in the Plain Dealer, she informed a US Congressman that the Thurmond interception took place at Menwith Hill, and that she p

A secret listening agreement, called UKUSA (UK-USA), assigns parts of the globe to each participating agency. GCHQ at Cheltenham is the co-ordinating centre for Europe, Africa and the Soviet Union (west of the Ural Mountains). The NSA covers the rest of the Soviet Union and most of the Americas. Australia--where another station in the NSA listening network is located in the outback--co-ordinates the electronic monitoring of the South Pacific, and South East Asia.

Silicon Valley and a bipartisan group of lawmakers are lining up against the Obama administration, criticizing what they see as a lack of support for total online privacy.The steady rise of sophisticated privacy techniques such as encryption and anonymity software has put the government in a difficult position — trying to support the right to privacy while figuring out how to prevent people from evading law enforcement.ADVERTISEMENT“The technologies are evolving in ways that potentially make this trickier,” President Obama said during a January news conference with British Prime Minister David Cameron.The conundrum has led to a heated debate in Washington: Should law enforcement have guaranteed access to data?

The Obama administration — from officials with FBI and the National Security Agency (NSA) to the president himself — has come out in favor of some form of guaranteed access while still endorsing strong encryption.“If we get into a situation in which the technologies do not allow us at all to track somebody that we're confident is a terrorist,” Obama said, “that's a problem.”What shape that access takes, however, is unclear.“The dialogue that we're engaged in is designed to make sure that all of us feel confident that if there is an actual threat out there, our law enforcement and our intelligence officers can identify that threat and track that threat at the same time that our governments are not going around phishing into whatever text you might be sending on your smartphone,” Obama said. “And I think that's something that can be achieved.”Privacy hawks on Capitol Hill aren’t buying it.

“I don’t think much of that,” Rep. Joe Barton (R-Texas), co-founder of the Congressional Bipartisan Privacy Caucus, told The Hill. “We have a huge homeland security apparatus with almost unlimited authority to — with some sort of a reasonable suspicion — check almost any type of communication, whether it’s voice, Internet, telephonic, electronic, you name it.”“Those were positions that did not receive rave reviews here in Silicon Valley,” said Rep. Zoe Lofgren (D-Calif.), whose district includes parts of tech-heavy San Jose.Many believe the administration’s stance is inherently at odds with robust digital protection.“In order to fully implement what he's suggesting, you would need one of two things,” Lofgren said.One would be installing so-called “backdoors” in encryption — an access point known only to law enforcement agencies. Security experts find this concept abhorrent, since cyber crooks or foreign intelligence agencies would likely exploit it.

Washington continues making an international fool of herself by her inability to effectively counter the impression around the world that Russia, spending less than 10% of the Pentagon annually on defense, has managed to do more against ISIS in Syria in six weeks than the mighty US Air Force bombing campaign has done in almost a year and half. One aspect that bears attention is the demonstration by the Russian military of new technologies that belie the widely-held Western notion that Russia is little more than a backward oil and raw material commodity exporter. Recent reorganization of the Russian state military industrial complex as well as reorganization of the Soviet-era armed forces under Defense Minister Sergey Shoigu’s term are visible in the success so far of Russia’s ISIS and other terror strikes across Syria. Clearly Russian military capabilities have undergone a sea-change since the Soviet Cold War era. In war there are never winners. Yet Russia has been in an unwanted war with Washington de facto since the George W. Bush Administration announced its lunatic plan to place what they euphemistically term “Ballistic Missile Defense” missiles and advanced radar in Poland, Czech Republic, Romania and Turkey after 2007. Without going into detail, BMD technologies are the opposite of defensive. They instead make a pre-emptive war highly likely. Of course the radioactive ash heap in such an exchange would be first and foremost the EU countries foolish enough to invite US BMD to their soil.

What the Russian General Staff has managed, since the precision air campaign began September 30, has stunned western defense planners with Russian technological feats not expected. Two specific technologies are worth looking at more closely: The Russian Sukoi SU-34 fighter-bomber and what is called the Bumblebee hyperbaric mortar weapon.

The plane responsible for some of the most damaging strikes on ISIS and other terror enclaves in Syria is manufactured by the Russian state aircraft industry under the name Sukhoi SU-34. As the Russian news agency RIA Novosti described the aircraft, “The Su-34 is meant to deliver a sufficiently large ordnance load to a predetermined area, hit the target accurately and take evasive action against pursuing enemy planes.” The plane is also designed to deal with enemy fighters in aerial combat such as the US F-16. The SU-34 made a first test flight in 1990 as the collapse of the Soviet Union and the chaos of the Yeltsin years caused many delays. Finally in 2010 the plane was in full production. According to a report in US Defense Industry Daily, among the SU-34 features are: • 8 ton ordnance load which can accommodate precision-guided weapons, as well as R-73/AA-11 Archer and R-77/AA-12 ‘AMRAAMSKI’ missiles and an internal 30mm GSh-301 gun. • Maximum speed of Mach 1.8 at altitude.