Group items tagged

The United Nations’ top official for counter-terrorism and human rights (known as the “Special Rapporteur”) issued a formal report to the U.N. General Assembly today that condemns mass electronic surveillance as a clear violation of core privacy rights guaranteed by multiple treaties and conventions. “The hard truth is that the use of mass surveillance technology effectively does away with the right to privacy of communications on the Internet altogether,” the report concluded. Central to the Rapporteur’s findings is the distinction between “targeted surveillance” — which “depend[s] upon the existence of prior suspicion of the targeted individual or organization” — and “mass surveillance,” whereby “states with high levels of Internet penetration can [] gain access to the telephone and e-mail content of an effectively unlimited number of users and maintain an overview of Internet activity associated with particular websites.” In a system of “mass surveillance,” the report explained, “all of this is possible without any prior suspicion related to a specific individual or organization. The communications of literally every Internet user are potentially open for inspection by intelligence and law enforcement agencies in the States concerned.”

Mass surveillance thus “amounts to a systematic interference with the right to respect for the privacy of communications,” it declared. As a result, “it is incompatible with existing concepts of privacy for States to collect all communications or metadata all the time indiscriminately.” In concluding that mass surveillance impinges core privacy rights, the report was primarily focused on the International Covenant on Civil and Political Rights, a treaty enacted by the General Assembly in 1966, to which all of the members of the “Five Eyes” alliance are signatories. The U.S. ratified the treaty in 1992, albeit with various reservations that allowed for the continuation of the death penalty and which rendered its domestic law supreme. With the exception of the U.S.’s Persian Gulf allies (Saudi Arabia, UAE and Qatar), virtually every major country has signed the treaty. Article 17 of the Covenant guarantees the right of privacy, the defining protection of which, the report explained, is “that individuals have the right to share information and ideas with one another without interference by the State, secure in the knowledge that their communication will reach and be read by the intended recipients alone.”

The report’s key conclusion is that this core right is impinged by mass surveillance programs: “Bulk access technology is indiscriminately corrosive of online privacy and impinges on the very essence of the right guaranteed by article 17. In the absence of a formal derogation from States’ obligations under the Covenant, these programs pose a direct and ongoing challenge to an established norm of international law.” The report recognized that protecting citizens from terrorism attacks is a vital duty of every state, and that the right of privacy is not absolute, as it can be compromised when doing so is “necessary” to serve “compelling” purposes. It noted: “There may be a compelling counter-terrorism justification for the radical re-evaluation of Internet privacy rights that these practices necessitate. ” But the report was adamant that no such justifications have ever been demonstrated by any member state using mass surveillance: “The States engaging in mass surveillance have so far failed to provide a detailed and evidence-based public justification for its necessity, and almost no States have enacted explicit domestic legislation to authorize its use.”

In August 2013, as evidence emerged of the active participation by New Zealand in the “Five Eyes” mass surveillance program exposed by Edward Snowden, the country’s conservative Prime Minister, John Key, vehemently denied that his government engages in such spying. He went beyond mere denials, expressly vowing to resign if it were ever proven that his government engages in mass surveillance of New Zealanders. He issued that denial, and the accompanying resignation vow, in order to reassure the country over fears provoked by a new bill he advocated to increase the surveillance powers of that country’s spying agency, Government Communications Security Bureau (GCSB) — a bill that passed by one vote thanks to the Prime Minister’s guarantees that the new law would not permit mass surveillance.

Since then, a mountain of evidence has been presented that indisputably proves that New Zealand does exactly that which Prime Minister Key vehemently denied — exactly that which he said he would resign if it were proven was done. Last September, we reported on a secret program of mass surveillance at least partially implemented by the Key government that was designed to exploit the very law that Key was publicly insisting did not permit mass surveillance. At the time, Snowden, citing that report as well as his own personal knowledge of GCSB’s participation in the mass surveillance tool XKEYSCORE, wrote in an article for The Intercept: Let me be clear: any statement that mass surveillance is not performed in New Zealand, or that the internet communications are not comprehensively intercepted and monitored, or that this is not intentionally and actively abetted by the GCSB, is categorically false. . . . The prime minister’s claim to the public, that “there is no and there never has been any mass surveillance” is false. The GCSB, whose operations he is responsible for, is directly involved in the untargeted, bulk interception and algorithmic analysis of private communications sent via internet, satellite, radio, and phone networks.

A series of new reports last week by New Zealand journalist Nicky Hager, working with my Intercept colleague Ryan Gallagher, has added substantial proof demonstrating GCSB’s widespread use of mass surveillance. An article last week in The New Zealand Herald demonstrated that “New Zealand’s electronic surveillance agency, the GCSB, has dramatically expanded its spying operations during the years of John Key’s National Government and is automatically funnelling vast amounts of intelligence to the US National Security Agency.” Specifically, its “intelligence base at Waihopai has moved to ‘full-take collection,’ indiscriminately intercepting Asia-Pacific communications and providing them en masse to the NSA through the controversial NSA intelligence system XKeyscore, which is used to monitor emails and internet browsing habits.” Moreover, the documents “reveal that most of the targets are not security threats to New Zealand, as has been suggested by the Government,” but “instead, the GCSB directs its spying against a surprising array of New Zealand’s friends, trading partners and close Pacific neighbours.” A second report late last week published jointly by Hager and The Intercept detailed the role played by GCSB’s Waihopai base in aiding NSA’s mass surveillance activities in the Pacific (as Hager was working with The Intercept on these stories, his house was raided by New Zealand police for 10 hours, ostensibly to find Hager’s source for a story he published that was politically damaging to Key).

“On 57 monitors that cover the walls of the center, operators zoomed and panned an array of roughly 200 police cameras perched across the city. They could dial up 800 more feeds from the city’s schools and traffic cameras, and they soon hope to add 400 more streams from cameras worn on officers’ bodies and from thousands from local businesses that have surveillance systems.” Though the intricate surveillance apparatus described above seems straight from a dystopic novel, it is actually the Washington Post’s recent description of the the visual data collection system employed by a local California police department. The police department in Fresno, California, has taken extreme measures to combat high rates of crime in the city. As the Post reports, Fresno’s Real Time Crime Center, buried deep in the police station’s headquarters, has developed as a response to what many police call increasing threats. The system, according to police officials, can “provide critical information that can help uncover terrorists or thwart mass shootings, ensure the safety of officers and the public, find suspects, and crack open cases” — a feature they say is increasingly important in the wake of events like the November terror attack in Paris and the San Bernardino shooting last month.

“Our officers are expected to know the unknown and see the unseen,” Fresno Chief of Police Jerry Dyer said. “They are making split-second decisions based on limited facts. The more you can provide in terms of intelligence and video, the more safely you can respond to calls.” Programs similar to the Real Time Crime Center have launched in New York, Houston, and Seattle over the course of the last decade. Nationwide, the use of Stingrays, data fusion centers, and aerial drone surveillance have broadened the access local police have to private information. In another example, the FBI is continually developing a comprehensive biometric database that local police access every day. “This is something that’s been building since September 11,” says Jennifer Lynch, a senior attorney at the Electronic Frontier Foundation. Like the problem of police militarization, Lynch traces the trend back to the Pentagon: “First funding went to the military to develop this technology, and now it has come back to domestic law enforcement. It’s the perfect storm of cheaper and easier-to-use technologies and money from state and federal governments to purchase it.”

While many of these programs may fail to shock Americans, one new software program takes police scrutiny of private citizens to a new level. Beware, a software tool produced by tech firm Intrado, not only surveils the data of the citizens of Fresno, the first city to test it — it calculates threat levels based on what it discovers. The software scours arrest records, property records, Deep Web searches, commercial databases, and social media postings. By this method, it was able to designate a man with a firearm and gang convictions involved in a real-time domestic violence dispute as the highest of three threat levels: a bright red ranking. Fresno police say the intelligence from Beware aided them, as the man eventually surrendered and officers found he was armed with a gun. Beware scours billions of data points to develop rankings for citizens, and though few recoil at the thought of catching criminals and miscreants, the program provides particular cause for concern because of both its invasiveness and its fallibility.

WASHINGTON -- The National Security Agency has been gathering records of online sexual activity and evidence of visits to pornographic websites as part of a proposed plan to harm the reputations of those whom the agency believes are radicalizing others through incendiary speeches, according to a top-secret NSA document. The document, provided by NSA whistleblower Edward Snowden, identifies six targets, all Muslims, as “exemplars” of how “personal vulnerabilities” can be learned through electronic surveillance, and then exploited to undermine a target's credibility, reputation and authority. The NSA document, dated Oct. 3, 2012, repeatedly refers to the power of charges of hypocrisy to undermine such a messenger. “A previous SIGINT" -- or signals intelligence, the interception of communications -- "assessment report on radicalization indicated that radicalizers appear to be particularly vulnerable in the area of authority when their private and public behaviors are not consistent,” the document argues. Among the vulnerabilities listed by the NSA that can be effectively exploited are “viewing sexually explicit material online” and “using sexually explicit persuasive language when communicating with inexperienced young girls.”

The Director of the National Security Agency -- described as "DIRNSA" -- is listed as the "originator" of the document. Beyond the NSA itself, the listed recipients include officials with the Departments of Justice and Commerce and the Drug Enforcement Administration. "Without discussing specific individuals, it should not be surprising that the US Government uses all of the lawful tools at our disposal to impede the efforts of valid terrorist targets who seek to harm the nation and radicalize others to violence," Shawn Turner, director of public affairs for National Intelligence, told The Huffington Post in an email Tuesday. Yet Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said these revelations give rise to serious concerns about abuse. "It's important to remember that the NSA’s surveillance activities are anything but narrowly focused -- the agency is collecting massive amounts of sensitive information about virtually everyone," he said. "Wherever you are, the NSA's databases store information about your political views, your medical history, your intimate relationships and your activities online," he added. "The NSA says this personal information won't be abused, but these documents show that the NSA probably defines 'abuse' very narrowly."

None of the six individuals targeted by the NSA is accused in the document of being involved in terror plots. The agency believes they all currently reside outside the United States. It identifies one of them, however, as a "U.S. person," which means he is either a U.S. citizen or a permanent resident. A U.S. person is entitled to greater legal protections against NSA surveillance than foreigners are. Stewart Baker, a one-time general counsel for the NSA and a top Homeland Security official in the Bush administration, said that the idea of using potentially embarrassing information to undermine targets is a sound one. "If people are engaged in trying to recruit folks to kill Americans and we can discredit them, we ought to," said Baker. "On the whole, it's fairer and maybe more humane" than bombing a target, he said, describing the tactic as "dropping the truth on them." Any system can be abused, Baker allowed, but he said fears of the policy drifting to domestic political opponents don't justify rejecting it. "On that ground you could question almost any tactic we use in a war, and at some point you have to say we're counting on our officials to know the difference," he said.

Recent revelations about the extent of surveillance by the U.S. National Security Agency come as no surprise to those with a technical background in the workings of digital communications. The leaked documents show how the NSA has taken advantage of the increased use of digital communications and cloud services, coupled with outdated privacy laws, to expand and streamline their surveillance programs. This is a predictable response to the shrinking cost and growing efficiency of surveillance brought about by new technology. The extent to which technology has reduced the time and cost necessary to conduct surveillance should play an important role in our national discussion of this issue.

What we have learned about the NSA’s capabilities suggests a move toward programmatic, automated surveillance previously unfathomable due to limitations of computing speed, scale, and cost. Technical advances have both reduced the barriers to surveillance and increased the NSA’s capacity for it. We need to remember that this is a trend with a firm lower bound. Once the cost of surveillance reaches zero we will be left with our outdated laws as the only protection. Whatever policy actions are taken as a result of the recent leaks should address the fact that technical barriers such as cost and speed offer dwindling protection from unwarranted government surveillance domestically and abroad.

Canada’s electronic surveillance agency is covertly monitoring vast amounts of Canadians’ emails as part of a sweeping domestic cybersecurity operation, according to top-secret documents. The surveillance initiative, revealed Wednesday by CBC News in collaboration with The Intercept, is sifting through millions of emails sent to Canadian government agencies and departments, archiving details about them on a database for months or even years. The data mining operation is carried out by the Communications Security Establishment, or CSE, Canada’s equivalent of the National Security Agency. Its existence is disclosed in documents obtained by The Intercept from NSA whistleblower Edward Snowden. The emails are vacuumed up by the Canadian agency as part of its mandate to defend against hacking attacks and malware targeting government computers. It relies on a system codenamed PONY EXPRESS to analyze the messages in a bid to detect potential cyber threats.

Last year, CSE acknowledged it collected some private communications as part of cybersecurity efforts. But it refused to divulge the number of communications being stored or to explain for how long any intercepted messages would be retained. Now, the Snowden documents shine a light for the first time on the huge scope of the operation — exposing the controversial details the government withheld from the public. Under Canada’s criminal code, CSE is not allowed to eavesdrop on Canadians’ communications. But the agency can be granted special ministerial exemptions if its efforts are linked to protecting government infrastructure — a loophole that the Snowden documents show is being used to monitor the emails. The latest revelations will trigger concerns about how Canadians’ private correspondence with government employees are being archived by the spy agency and potentially shared with police or allied surveillance agencies overseas, such as the NSA. Members of the public routinely communicate with government employees when, for instance, filing tax returns, writing a letter to a member of parliament, applying for employment insurance benefits or submitting a passport application.

Chris Parsons, an internet security expert with the Toronto-based internet think tank Citizen Lab, told CBC News that “you should be able to communicate with your government without the fear that what you say … could come back to haunt you in unexpected ways.” Parsons said that there are legitimate cybersecurity purposes for the agency to keep tabs on communications with the government, but he added: “When we collect huge volumes, it’s not just used to track bad guys. It goes into data stores for years or months at a time and then it can be used at any point in the future.” In a top-secret CSE document on the security operation, dated from 2010, the agency says it “processes 400,000 emails per day” and admits that it is suffering from “information overload” because it is scooping up “too much data.” The document outlines how CSE built a system to handle a massive 400 terabytes of data from Internet networks each month — including Canadians’ emails — as part of the cyber operation. (A single terabyte of data can hold about a billion pages of text, or about 250,000 average-sized mp3 files.)

On March 12, 2004, acting attorney general James B. Comey and the Justice Department’s top leadership reached the brink of resignation over electronic surveillance orders that they believed to be illegal. President George W. Bush backed down, halting secret foreign-intelligence-gathering operations that had crossed into domestic terrain. That morning marked the beginning of the end of STELLARWIND, the cover name for a set of four surveillance programs that brought Americans and American territory within the domain of the National Security Agency for the first time in decades. It was also a prelude to new legal structures that allowed Bush and then President Obama to reproduce each of those programs and expand their reach.What exactly STELLARWIND did has never been disclosed in an unclassified form. Which parts of it did Comey approve? Which did he shut down? What became of the programs when the crisis passed and Comey, now Obama’s expected nominee for FBI director, returned to private life?Authoritative new answers to those questions, drawing upon a classified NSA history of STELLARWIND and interviews with high-ranking intelligence officials, offer the clearest map yet of the Bush-era programs and the NSA’s contemporary U.S. operations.STELLARWIND was succeeded by four major lines of intelligence collection in the territorial United States, together capable of spanning the full range of modern telecommunications, according to the interviews and documents.

Two of the four collection programs, one each for telephony and the Internet, process trillions of “metadata” records for storage and analysis in systems called MAINWAY and MARINA, respectively. Metadata includes highly revealing information about the times, places, devices and participants in electronic communication, but not its contents. The bulk collection of telephone call records from Verizon Business Services, disclosed this month by the British newspaper the Guardian, is one source of raw intelligence for MAINWAY.The other two types of collection, which operate on a much smaller scale, are aimed at content. One of them intercepts telephone calls and routes the spoken words to a system called ­NUCLEON.For Internet content, the most important source collection is the PRISM project reported on June 6 by The Washington Post and the Guardian. It draws from data held by Google, Yahoo, Microsoft and other Silicon Valley giants, collectively the richest depositories of personal information in history.

The debate has focused on two of the four U.S.-based collection programs: PRISM, for Internet content, and the comprehensive collection of telephone call records, foreign and domestic, that the Guardian revealed by posting a classified order from the Foreign Intelligence Surveillance Court to Verizon Business Services.The Post has learned that similar orders have been renewed every three months for other large U.S. phone companies, including Bell South and AT&T, since May 24, 2006. On that day, the surveillance court made a fundamental shift in its approach to Section 215 of the Patriot Act, which permits the FBI to compel production of “business records” that are relevant to a particular terrorism investigation and to share those in some circumstances with the NSA. Henceforth, the court ruled, it would define the relevant business records as the entirety of a telephone company’s call database.The Bush administration, by then, had been taking “bulk metadata” from the phone companies under voluntary agreements for more than four years. The volume of information overwhelmed the MAINWAY database, according to a classified report from the NSA inspector general in 2009. The agency spent $146 million in supplemental counterterrorism funds to buy new hardware and contract support — and to make unspecified payments to the phone companies for “collaborative partnerships.”When the New York Times revealed the warrantless surveillance of voice calls, in December 2005, the telephone companies got nervous. One of them, unnamed in the report, approached the NSA with a request. Rather than volunteer the data, at a price, the “provider preferred to be compelled to do so by a court order,” the report said. Other companies followed suit. The surveillance court order that recast the meaning of business records “essentially gave NSA the same authority to collect bulk telephony metadata from business records that it had” under Bush’s asserted authority alone.

The UK intelligence agency GCHQ has repeatedly warned it fears a "damaging public debate" on the scale of its activities because it could lead to legal challenges against its mass-surveillance programmes, classified internal documents reveal.Memos contained in the cache disclosed by the US whistleblower Edward Snowden detail the agency's long fight against making intercept evidence admissible as evidence in criminal trials – a policy supported by all three major political parties, but ultimately defeated by the UK's intelligence community.Foremost among the reasons was a desire to minimise the potential for challenges against the agency's large-scale interception programmes, rather than any intrinsic threat to security, the documents show.

The papers also reveal that:• GCHQ lobbied furiously to keep secret the fact that telecoms firms had gone "well beyond" what they were legally required to do to help intelligence agencies' mass interception of communications, both in the UK and overseas.• GCHQ feared a legal challenge under the right to privacy in the Human Rights Act if evidence of its surveillance methods became admissible in court.• GCHQ assisted the Home Office in lining up sympathetic people to help with "press handling", including the Liberal Democrat peer and former intelligence services commissioner Lord Carlile, who this week criticised the Guardian for its coverage of mass surveillance by GCHQ and America's National Security Agency.The most recent attempt to make intelligence gathered from intercepts admissible in court, proposed by the last Labour government, was finally stymied by GCHQ, MI5 and MI6 in 2009.

Another top GCHQ priority in resisting the admission of intercepts as evidence was keeping secret the extent of the agency's co-operative relationships with telephone companies – including being granted access to communications networks overseas.In June, the Guardian disclosed the existence of GCHQ's Tempora internet surveillance programme. It uses intercepts on the fibre-optic cables that make up the backbone of the internet to gain access to vast swaths of internet users' personal data. The intercepts are placed in the UK and overseas, with the knowledge of companies owning either the cables or landing stations.The revelations of voluntary co-operation with some telecoms companies appear to contrast markedly with statements made by large telecoms firms in the wake of the first Tempora stories. They stressed that they were simply complying with the law of the countries in which they operated.

Top-secret documents reveal that the National Security Agency is dramatically expanding its ability to covertly hack into computers on a mass scale by using automated systems that reduce the level of human oversight in the process. The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware “implants.” The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks. The covert infrastructure that supports the hacking efforts operates from the agency’s headquarters in Fort Meade, Maryland, and from eavesdropping bases in the United Kingdom and Japan. GCHQ, the British intelligence agency, appears to have played an integral role in helping to develop the implants tactic.

The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands. To penetrate foreign computer networks and monitor communications that it did not have access to through other means, the NSA wanted to go beyond the limits of traditional signals intelligence, or SIGINT, the agency’s term for the interception of electronic communications. Instead, it sought to broaden “active” surveillance methods – tactics designed to directly infiltrate a target’s computers or network devices. In the documents, the agency describes such techniques as “a more aggressive approach to SIGINT” and says that the TAO unit’s mission is to “aggressively scale” these operations. But the NSA recognized that managing a massive network of implants is too big a job for humans alone.

“One of the greatest challenges for active SIGINT/attack is scale,” explains the top-secret presentation from 2009. “Human ‘drivers’ limit ability for large-scale exploitation (humans tend to operate within their own environment, not taking into account the bigger picture).” The agency’s solution was TURBINE. Developed as part of TAO unit, it is described in the leaked documents as an “intelligent command and control capability” that enables “industrial-scale exploitation.”

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages. For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks. The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.

According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance. The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.

Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.

The Information Awareness Office (IAO) was established by the Defense Advanced Research Projects Agency (DARPA) in January 2002 to bring together several DARPA projects focused on applying surveillance and information technology to track and monitor terrorists and other asymmetric threats to U.S. national security, by achieving Total Information Awareness (TIA). This would be achieved by creating enormous computer databases to gather and store the personal information of everyone in the United States, including personal e-mails, social networks, credit card records, phone calls, medical records, and numerous other sources, without any requirement for a search warrant.[1] This information would then be analyzed to look for suspicious activities, connections between individuals, and "threats".[2] Additionally, the program included funding for biometric surveillance technologies that could identify and track individuals using surveillance cameras, and other methods.[2] Following public criticism that the development and deployment of this technology could potentially lead to a mass surveillance system, the IAO was defunded by Congress in 2003. However, several IAO projects continued to be funded, and merely run under different names.[3][4][5][6]

The IAO was established after Admiral John Poindexter, former United States National Security Advisor to President Ronald Reagan, and SAIC executive Brian Hicks approached the US Department of Defense with the idea for an information awareness program after the attacks of September 11, 2001.[5] Poindexter and Hicks had previously worked together on intelligence-technology programs for the Defense Advanced Research Projects Agency. DARPA agreed to host the program and appointed Poindexter to run it in 2002. The IAO began funding research and development of the Total Information Awareness (TIA) Program in February 2003 but renamed the program the Terrorism Information Awareness Program in May that year after an adverse media reaction to the program's implications for public surveillance. Although TIA was only one of several IAO projects, many critics and news reports conflated TIA with other related research projects of the IAO, with the result that TIA came in popular usage to stand for an entire subset of IAO programs. The TIA program itself was the "systems-level" program of the IAO that intended to integrate information technologies into a prototype system to provide tools to better detect, classify, and identify potential foreign terrorists with the goal to increase the probability that authorized agencies of the United States could preempt adverse actions. As a systems-level program of programs, TIA's goal was the creation of a "counterterrorism information architecture" that integrated technologies from other IAO programs (and elsewhere, as appropriate). The TIA program was researching, developing, and integrating technologies to virtually aggregate data, to follow subject-oriented link analysis, to develop descriptive and predictive models through data mining or human hypothesis, and to apply such models to additional datasets to identify terrorists and terrorist groups.

Among the other IAO programs that were intended to provide TIA with component data aggregation and automated analysis technologies were the Genisys, Genisys Privacy Protection, Evidence Extraction and Link Discovery, and Scalable Social Network Analysis programs. On August 2, 2002, Dr. Poindexter gave a speech at DARPAtech 2002 entitled "Overview of the Information Awareness Office"[7] in which he described the TIA program. In addition to the program itself, the involvement of Poindexter as director of the IAO also raised concerns among some, since he had been earlier convicted of lying to Congress and altering and destroying documents pertaining to the Iran-Contra Affair, although those convictions were later overturned on the grounds that the testimony used against him was protected.

The Obama administration’s sweeping response to an alleged al Qaida plot – closing diplomatic posts in parts of Africa, the Middle East and Asia – suggests a terrorist organization that’s capable of striking virtually anywhere, not the one U.S. officials have depicted as a group that’s near defeat. Counterterrorism analysts said Monday that the U.S. government’s global response to a threat emanating from Yemen, home to al Qaida’s most active affiliate, was at odds with how dismissive President Barack Obama was in a speech in May, when he said that “not every collection of thugs that labels themselves as al Qaida will pose a credible threat to the United States.”That was only one of a series of public statements by Obama and his Cabinet members that played down the capabilities of al Qaida-linked groups. For at least the past two years, the administration has sought to reassure Americans that al Qaida is “on the run,” while counterterrorism experts were warning about the semiautonomous affiliates that have wreaked havoc in North Africa, Yemen, Iraq and Syria.

“The actions the administration is taking now are deeply inconsistent with the portrait of al Qaida strength the administration has been painting,” said Daveed Gartenstein-Ross, a counterterrorism specialist at the Foundation for Defense of Democracies, a Washington research institute.U.S. officials have been secretive about what precise information led to the worldwide travel advisory and embassy closings, but a Yemeni official told McClatchy on Sunday that authorities had intercepted “clear orders” from al Qaida leader Ayman Zawahiri to Nasir al Wuhayshi, the head of the affiliate in Yemen, to carry out an attack.

“It’s called politics. They know it’s not true,” said Aaron Zelin, who researches militants for the Washington Institute for Near East Policy and blogs about them at Jihadology.net. “The movement has grown over the past two years. The ideology is thriving.” Since the attacks last Sept. 11 on U.S. posts in the eastern Libyan city of Benghazi, the administration has dialed back some of that rhetoric and is now more careful to distinguish between “core al Qaida” – Zawahiri and his inner circle – and the resurgent affiliates in the Arabian Peninsula, North Africa, Iraq and Syria. At the White House on Monday, spokesman Jay Carney repeated that distinction, distancing the administration from some of the rosier language of the recent past. He insisted that the administration had made clear that al Qaida in the Arabian Peninsula was “of particular concern and has demonstrated both an interest in and a willingness to attempt serious attacks.”

Officials at the National Security Agency, intent on maintaining its dominance in intelligence collection, pledged last year to push to expand its surveillance powers, according to a top-secret strategy document.

In a February 2012 paper laying out the four-year strategy for the N.S.A.’s signals intelligence operations, which include the agency’s eavesdropping and communications data collection around the world, agency officials set an objective to “aggressively pursue legal authorities and a policy framework mapped more fully to the information age.” Written as an agency mission statement with broad goals, the five-page document said that existing American laws were not adequate to meet the needs of the N.S.A. to conduct broad surveillance in what it cited as “the golden age of Sigint,” or signals intelligence. “The interpretation and guidelines for applying our authorities, and in some cases the authorities themselves, have not kept pace with the complexity of the technology and target environments, or the operational expectations levied on N.S.A.’s mission,” the document concluded. Using sweeping language, the paper also outlined some of the agency’s other ambitions. They included defeating the cybersecurity practices of adversaries in order to acquire the data the agency needs from “anyone, anytime, anywhere.” The agency also said it would try to decrypt or bypass codes that keep communications secret by influencing “the global commercial encryption market through commercial relationships,” human spies and intelligence partners in other countries. It also talked of the need to “revolutionize” analysis of its vast collections of data to “radically increase operational impact.”

The N.S.A. document, titled “Sigint Strategy 2012-2016,” does not make clear what legal or policy changes the agency might seek. The N.S.A.’s powers are determined variously by Congress, executive orders and the nation’s secret intelligence court, and its operations are governed by layers of regulations. While asserting that the agency’s “culture of compliance” would not be compromised, N.S.A. officials argued that they needed more flexibility, according to the paper. Senior intelligence officials, responding to questions about the document, said that the N.S.A. believed that legal impediments limited its ability to conduct surveillance of terrorism suspects inside the United States. Despite an overhaul of national security law in 2008, the officials said, if a terrorism suspect who is under surveillance overseas enters the United States, the agency has to stop monitoring him until it obtains a warrant from the Foreign Intelligence Surveillance Court. “N.S.A.’s Sigint strategy is designed to guide investments in future capabilities and close gaps in current capabilities,” the agency said in a statement. “In an ever-changing technology and telecommunications environment, N.S.A. tries to get in front of issues to better fulfill the foreign-intelligence requirements of the U.S. government.”

Ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks, according to a four-month investigation by The Washington Post. Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else. Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or “minimized,” more than 65,000 such references to protect Americans’ privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S.residents.

In order to allow time for analysis and outside reporting, neither Snowden nor The Post has disclosed until now that he obtained and shared the content of intercepted communications. The cache Snowden provided came from domestic NSA operations under the broad authority granted by Congress in 2008 with amendments to the Foreign Intelligence Surveillance Act. FISA content is generally stored in closely controlled data repositories, and for more than a year, senior government officials have depicted it as beyond Snowden’s reach. The Post reviewed roughly 160,000 intercepted e-mail and instant-message conversations, some of them hundreds of pages long, and 7,900 documents taken from more than 11,000 online accounts.

Taken together, the files offer an unprecedented vantage point on the changes wrought by Section 702 of the FISA amendments, which enabled the NSA to make freer use of methods that for 30 years had required probable cause and a warrant from a judge. One program, code-named PRISM, extracts content stored in user accounts at Yahoo, Microsoft, Facebook, Google and five other leading Internet companies. Another, known inside the NSA as Upstream, intercepts data on the move as it crosses the U.S. junctions of global voice and data networks.

For more than six months, Edward Snowden’s revelations about the National Security Agency (NSA) have been pouring out from the Washington Post, the New York Times, the Guardian, Germany’s Der Spiegel, and Brazil’s O Globo, among other places.  Yet no one has pointed out the combination of factors that made the NSA’s expanding programs to monitor the world seem like such a slam-dunk development in Washington.  The answer is remarkably simple.  For an imperial power losing its economic grip on the planet and heading into more austere times, the NSA’s latest technological breakthroughs look like a bargain basement deal when it comes to projecting power and keeping subordinate allies in line -- like, in fact, the steal of the century.  Even when disaster turned out to be attached to them, the NSA’s surveillance programs have come with such a discounted price tag that no Washington elite was going to reject them.For well over a century, from the pacification of the Philippines in 1898 to trade negotiations with the European Union today, surveillance and its kissing cousins, scandal and scurrilous information, have been key weapons in Washington’s search for global dominion. Not surprisingly, in a post-9/11 bipartisan exercise of executive power, George W. Bush and Barack Obama have presided over building the NSA step by secret step into a digital panopticon designed to monitor the communications of every American and foreign leaders worldwide.

What exactly was the aim of such an unprecedented program of massive domestic and planetary spying, which clearly carried the risk of controversy at home and abroad? Here, an awareness of the more than century-long history of U.S. surveillance can guide us through the billions of bytes swept up by the NSA to the strategic significance of such a program for the planet’s last superpower. What the past reveals is a long-term relationship between American state surveillance and political scandal that helps illuminate the unacknowledged reason why the NSA monitors America’s closest allies.Not only does such surveillance help gain intelligence advantageous to U.S. diplomacy, trade relations, and war-making, but it also scoops up intimate information that can provide leverage -- akin to blackmail -- in sensitive global dealings and negotiations of every sort. The NSA’s global panopticon thus fulfills an ancient dream of empire. With a few computer key strokes, the agency has solved the problem that has bedeviled world powers since at least the time of Caesar Augustus: how to control unruly local leaders, who are the foundation for imperial rule, by ferreting out crucial, often scurrilous, information to make them more malleable.

The U.N. General Assembly unanimously adopted a resolution aimed at protecting the right to privacy against unlawful surveillance in the digital age on Wednesday in the most vocal global criticism of U.S. eavesdropping. Germany and Brazil introduced the resolution following a series of reports of U.S. surveillance, interception, and data collection abroad — including on Brazil's President Dilma Rousseff and German Chancellor Angela Merkel — that surprised and angered friends and allies. The resolution "affirms that the same rights that people have offline must also be protected online, including the right to privacy."

It calls on the 193 U.N. member states "to respect and protect the right to privacy, including in the context of digital communication," to take measures to end violations of those rights, and to prevent such violations including by ensuring that national legislation complies with international human rights law. It also calls on all countries "to review their procedures, practices and legislation regarding the surveillance of communications, their interception and collection of personal data, including mass surveillance, interception and collection, with a view to upholding the right to privacy of all their obligations under international human rights law." The resolution calls on U.N. members to establish or maintain independent and effective oversight methods to ensure transparency, when appropriate, and accountability for state surveillance of communications, their interception and collection of personal data.

General Assembly resolutions are not legally binding but they do reflect world opinion and carry political weight.

Last week’s post by Megan Graham is certainly a welcome contribution in explaining the implications of the Max Schrems case by the European Union Court of Justice, and specifically how it relates to the Safe Harbor arrangement between the US and the EU. Let me add a different perspective: Irrespective of its consequences for Safe Harbor, last week’s ruling is hugely important on a more general level, namely for the understanding of what the right to privacy entails in Europe and what this means for mass surveillance. Through its ruling in Max Schrems the EU’s highest court has established that: Mere access by public authorities to confidential or group-specific communications data constitutes an intrusion into the right to privacy, even without any further processing of that data; and While indiscriminate intrusion into “metadata” may constitute a particularly serious intrusion into the right to privacy, access to “content” data will affect the essence of the right to privacy.

These findings were made under Article 7 of the EU Charter of Fundamental Rights, a broad provision on the right to respect for one’s private life. This provision of the EU Charter, which is a part of the foundational treaty framework of the European Union, is almost identical to Article 8 of the European Convention on Human Rights, a treaty legally binding for broader Europe and routinely a part of domestic legal orders. It remains to be seen whether the guardian of the latter framework, the European Court of Human Rights, will also be courageous enough to determine that indiscriminate mass surveillance that provides access to “content” data breaches the essential core of the right to privacy. The highest EU court already took that bold step. One of the most important implications of identifying government access to content as breaching the essence of the right to privacy, is that it negates the need for a proportionality assessment. Measures that compromise the essence of privacy have already crossed a red line, and there is no need for any further “balancing” between privacy and security. Therefore, the Max Schrems ruling is a huge blow to many of the current methods of electronic mass surveillance, including those practiced by the US and several European countries (including the United Kingdom).

Several additional points from my earlier post in Verfassungsblog about this case are also worth noting. First, the EU court did not really dwell on the separate Article 8 provision of the EU Charter on Fundamental Rights, concerning the right to the protection of personal data. This was perhaps because that provision is triggered by the “processing” of data, while the general privacy (Article 7) impact comes into play through mere “access.” Another point is that while it was easy to establish the jurisdiction of the EU court over data transfers from Europe to Facebook’s servers in the US, it may be much harder to bring a case before that court concerning “upstream” methods of mass surveillance, such as the NSA’s tapping of transatlantic fiber optic telecommunications cables. Perhaps most importantly, the substantive ruling in the Schrems case is formulated in a way that it would apply to any method of mass surveillance that gives public authorities access to the content of ordinary people’s private communications, including communications intended for a group of people but not for the authorities. Hence, the ruling is a major contribution as to what the right to privacy substantively means in Europe.

In a secret test of mass surveillance technology, the Los Angeles County Sheriff's Department sent a civilian aircraft* over Compton, California, capturing high-resolution video of everything that happened inside that 10-square-mile municipality. Compton residents weren't told about the spying, which happened in 2012. "We literally watched all of Compton during the times that we were flying, so we could zoom in anywhere within the city of Compton and follow cars and see people," Ross McNutt of Persistence Surveillance Systems told the Center for Investigative Reporting, which unearthed and did the first reporting on this important story. The technology he's trying to sell to police departments all over America can stay aloft for up to six hours. Like Google Earth, it enables police to zoom in on certain areas. And like TiVo, it permits them to rewind, so that they can look back and see what happened anywhere they weren't watching in real time.  If it's adopted, Americans can be policed like Iraqis and Afghanis under occupation–and at bargain price

Sgt. Douglas Iketani acknowledges that his agency hid the experiment to avoid public opposition. "This system was kind of kept confidential from everybody in the public,"he said. "A lot of people do have a problem with the eye in the sky, the Big Brother, so to mitigate those kinds of complaints we basically kept it pretty hush hush." That attitude ought to get a public employee summarily terminated. 

The CIR story reports that no police department has yet purchased this technology, not because the law enforcement community is unwilling to conduct mass surveillance of their fellow citizens without first gaining the public's consent, but because the cameras aren't yet good enough to identify the faces of individuals. It's hard to imagine that next technological barrier won't be broken soon.

Secret documents reveal New Zealand has shared intelligence collected through covert surveillance with Bangladesh despite that country's security forces being implicated in extrajudicial killings, torture and other human rights abuses. The documents shine light on the major role played by the Government Communications Security Bureau (GCSB) in electronic spying operations conducted in the small South Asian nation. The surveillance has been used to aid the United States as part of its global counter-terrorism campaign, launched after the September 11 attacks in 2001. The New Zealand Herald analysed the documents in collaboration with US news website The Intercept, which obtained them from the NSA whistle-blower Edward Snowden.

The Bangladesh spying is revealed in an April 2013 US National Security Agency (NSA) report about its relationship with New Zealand. In a section called "What Partner Provides to NSA", it says "GCSB has been the lead for the intelligence community on the Bangladesh CT [Counter-Terrorism] target since 2004." The GCSB provides "one of the key SIGINT [signals intelligence] sources of [Bangladesh counter-terrorism] reporting to the US intelligence community."

The intelligence gathered by the GCSB staff was also being forwarded to foreign intelligence agencies, including Bangladesh's state intelligence agency. In recent years, human rights groups have issued several reports documenting Bangladeshi intelligence and security agencies' disregard for international prohibitions on torture and alleged involvement in politically motivated killings. In 2014, a case was filed in the International Criminal Court accusing the Bangladesh Government of committing crimes against humanity. The GCSB's surveillance operations in Bangladesh are among the most surprising and obscure yet revealed. Bangladesh barely registers in New Zealand foreign policy. The Ministry of Foreign Affairs and Trade website says: "Relations between New Zealand and Bangladesh remain friendly, although interaction is limited." Nonetheless, a New Zealand government source told the Herald that Bangladesh is the main focus of one of the GCSB's four analysis sections, called ICT, and has been for over a decade. ICT, the Transnational Issues section, was set up in April 2002 in the wake of the September 11 attacks to focus on terrorism threats.

Director of National Intelligence James Clapper has won the infamous Rosemary Award for worst open government performance in 2013, according to the citation published today by the National Security Archive at www.nsarchive.org. Despite heavy competition, Clapper's "No, sir" lie to Senator Ron Wyden's question: "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" sealed his receipt of the dubious achievement award, which cites the vastly excessive secrecy of the entire U.S. surveillance establishment. The Rosemary Award citation leads with what Clapper later called the "least untruthful" answer possible to congressional questions about the secret bulk collection of Americans' phone call data. It further cites other Clapper claims later proved false, such as his 2012 statement that "we don't hold data on U.S. citizens." But the Award also recognizes Clapper's fellow secrecy fetishists and enablers, including:

Gen. Keith Alexander, director of the NSA, for multiple Rose Mary Woods-type stretches, such as (1) claiming that the secret bulk collection prevented 54 terrorist plots against the U.S. when the actual number, according to the congressionally-established Privacy and Civil Liberties Oversight Board (PCLOB) investigation (pp. 145-153), is zero; (2) his 2009 declaration to the wiretap court that multiple NSA violations of the court's orders arose from differences over "terminology," an explanation which the chief judge said "strains credulity;" and (3) public statements by the NSA about its programs that had to be taken down from its website for inaccuracies (see Documents 78, 85, 87 in The Snowden Affair), along with public statements by other top NSA officials now known to be untrue (see "Remarks of Rajesh De," NSA General Counsel, Document 53 in The Snowden Affair).

Robert Mueller, former FBI director, for suggesting (as have Gen. Alexander and many others) that the secret bulk collection program might have been able to prevent the 9/11 attacks, when the 9/11 Commission found explicitly the problem was not lack of data points, but failing to connect the many dots the intelligence community already had about the would-be hijackers living in San Diego. The National Security Division lawyers at the Justice Department, for misleading their own Solicitor General (Donald Verrilli) who then misled (inadvertently) the U.S. Supreme Court over whether Justice let defendants know that bulk collection had contributed to their prosecutions. The same National Security Division lawyers who swore under oath in the Electronic Frontier Foundation's Freedom of Information Act lawsuit for a key wiretap court opinion that the entire text of the opinion was appropriately classified Top Secret/Sensitive Compartmented Information (release of which would cause "exceptionally grave damage" to U.S. national security). Only after the Edward Snowden leaks and the embarrassed governmental declassification of the opinion did we find that one key part of the opinion's text simply reproduced the actual language of the 4th Amendment to the U.S. Constitution, and the only "grave damage" was to the government's false claims.