Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged web-encryption

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
4More

Britain has passed the 'most extreme surveillance law ever passed in a democracy' | ZDNet - 0 views

www.zdnet.com/...-new-spying-powers-becomes-law surveillance state GCHQ UK snoopers'-charter legislation
shared by Paul Merrell on 20 Nov 16 - No Cached
  • It's 2016 going on 1984. The UK has just passed a massive expansion in surveillance powers, which critics have called "terrifying" and "dangerous".
  • The new law, dubbed the "snoopers' charter", was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government. Four years and a general election later -- May is now prime minister -- the bill was finalized and passed on Wednesday by both parliamentary houses. But civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government "document everything we do online". It's no wonder, because it basically does. The law will force internet providers to record every internet customer's top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand -- though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch.
  • Not only that, the law also gives the intelligence agencies the power to hack into computers and devices of citizens (known as equipment interference), although some protected professions -- such as journalists and medical staff -- are layered with marginally better protections. In other words, it's the "most extreme surveillance law ever passed in a democracy," according to Jim Killock, director of the Open Rights Group. The bill was opposed by representatives of the United Nations, all major UK and many leading global privacy and rights groups, and a host of Silicon Valley tech companies alike. Even the parliamentary committee tasked with scrutinizing the bill called some of its provisions "vague".
  • ...1 more annotation...
  • And that doesn't even account for the three-quarters of people who think privacy, which this law almost entirely erodes, is a human right. There are some safeguards, however, such as a "double lock" system so that the secretary of state and an independent judicial commissioner must agree on a decision to carry out search warrants (though one member of the House of Lords disputed that claim). A new investigatory powers commissioner will also oversee the use of the powers. Despite the uproar, the government's opposition failed to scrutinize any significant amendments and abstained from the final vote. Killock said recently that the opposition Labour party spent its time "simply failing to hold the government to account". But the government has downplayed much of the controversy surrounding the bill. The government has consistently argued that the bill isn't drastically new, but instead reworks the old and outdated Regulation of Investigatory Powers Act (RIPA). This was brought into law in 2000, to "legitimize" new powers that were conducted or ruled on in secret, like collecting data in bulk and hacking into networks, which was revealed during the Edward Snowden affair. Much of those activities were only possible thanks to litigation by one advocacy group, Privacy International, which helped push these secret practices into the public domain while forcing the government to scramble to explain why these practices were legal. The law will be ratified by royal assent in the coming weeks.
6More

Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say - NYTimes.com - 0 views

www.nytimes.com/...ernet-flaws-officials-say.html surveillance state Obama NSA NSA-backdoors exploits must-read Iranian-nukes-myth Stuxnet
shared by Paul Merrell on 13 Apr 14 - No Cached
  • Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday.But Mr. Obama carved a broad exception for “a clear national security or law enforcement need,” the officials said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons.
  • elements of the decision became evident on Friday, when the White House denied that it had any prior knowledge of the Heartbleed bug, a newly known hole in Internet security that sent Americans scrambling last week to change their online passwords. The White House statement said that when such flaws are discovered, there is now a “bias” in the government to share that knowledge with computer and software manufacturers so a remedy can be created and distributed to industry and consumers.Caitlin Hayden, the spokeswoman for the National Security Council, said the review of the recommendations was now complete, and it had resulted in a “reinvigorated” process to weigh the value of disclosure when a security flaw is discovered, against the value of keeping the discovery secret for later use by the intelligence community.“This process is biased toward responsibly disclosing such vulnerabilities,” she said.
  • One recommendation urged the N.S.A. to get out of the business of weakening commercial encryption systems or trying to build in “back doors” that would make it far easier for the agency to crack the communications of America’s adversaries. Tempting as it was to create easy ways to break codes — the reason the N.S.A. was established by Harry S. Truman 62 years ago — the committee concluded that the practice would undercut trust in American software and hardware products. In recent months, Silicon Valley companies have urged the United States to abandon such practices, while Germany and Brazil, among other nations, have said they were considering shunning American-made equipment and software. Their motives were hardly pure: Foreign companies see the N.S.A. disclosures as a way to bar American competitors.Continue reading the main story Continue reading the main story AdvertisementAnother recommendation urged the government to make only the most limited, temporary use of what hackers call “zero days,” the coding flaws in software like Microsoft Windows that can give an attacker access to a computer — and to any business, government agency or network connected to it. The flaws get their name from the fact that, when identified, the computer user has “zero days” to fix them before hackers can exploit the accidental vulnerability.
  • ...2 more annotations...
  • The N.S.A. made use of four “zero day” vulnerabilities in its attack on Iran’s nuclear enrichment sites. That operation, code-named “Olympic Games,” managed to damage roughly 1,000 Iranian centrifuges, and by some accounts helped drive the country to the negotiating table.Not surprisingly, officials at the N.S.A. and at its military partner, the United States Cyber Command, warned that giving up the capability to exploit undisclosed vulnerabilities would amount to “unilateral disarmament” — a phrase taken from the battles over whether and how far to cut America’s nuclear arsenal.“We don’t eliminate nuclear weapons until the Russians do,” one senior intelligence official said recently. “You are not going to see the Chinese give up on ‘zero days’ just because we do.” Even a senior White House official who was sympathetic to broad reforms after the N.S.A. disclosures said last month, “I can’t imagine the president — any president — entirely giving up a technology that might enable him some day to take a covert action that could avoid a shooting war.”
  • But documents released by Edward J. Snowden, the former N.S.A. contractor, make it clear that two years before Heartbleed became known, the N.S.A. was looking at ways to accomplish exactly what the flaw did by accident. A program code-named Bullrun, apparently named for the site of two Civil War battles just outside Washington, was part of a decade-long effort to crack or circumvent encryption on the web. The documents do not make clear how well it succeeded, but it may well have been more effective than exploiting Heartbleed would be at enabling access to secret data.The government has become one of the biggest developers and purchasers of information identifying “zero days,” officials acknowledge. Those flaws are big business — Microsoft pays up to $150,000 to those who find them and bring them to the company to fix — and other countries are gathering them so avidly that something of a modern-day arms race has broken out. Chief among the nations seeking them are China and Russia, though Iran and North Korea are in the market as well.
  • Paul Merrell on 13 Apr 14
     
    Note that this is only an elastic policy, not law. Also notice that NYT is now reporting as *fact* that the NSA did the cyber attack on the Iranian enrichment centrifuges. By any legal measure, if true that was an act of war, a war of aggression.  So why wasn't the American public informed that we were at war with Iran? 
5More

Leaked docs show spyware used to snoop on US computers | Ars Technica - 0 views

arstechnica.com/...-used-to-snoop-on-us-computers surveillance state Gamma-Group FinFisher zero-day-exploits Vupen-Security MSOffice MSIE Acrobat
shared by Paul Merrell on 10 Aug 14 - No Cached
  • Software created by the controversial UK-based Gamma Group International was used to spy on computers that appear to be located in the United States, the UK, Germany, Russia, Iran, and Bahrain, according to a leaked trove of documents analyzed by ProPublica. It's not clear whether the surveillance was conducted by governments or private entities. Customer e-mail addresses in the collection appeared to belong to a German surveillance company, an independent consultant in Dubai, the Bosnian and Hungarian Intelligence services, a Dutch law enforcement officer, and the Qatari government.
  • The leaked files—which were posted online by hackers—are the latest in a series of revelations about how state actors including repressive regimes have used Gamma's software to spy on dissidents, journalists, and activist groups. The documents, leaked last Saturday, could not be readily verified, but experts told ProPublica they believed them to be genuine. "I think it's highly unlikely that it's a fake," said Morgan Marquis-Bore, a security researcher who while at The Citizen Lab at the University of Toronto had analyzed Gamma Group's software and who authored an article about the leak on Thursday. The documents confirm many details that have already been reported about Gamma, such as that its tools were used to spy on Bahraini activists. Some documents in the trove contain metadata tied to e-mail addresses of several Gamma employees. Bill Marczak, another Gamma Group expert at the Citizen Lab, said that several dates in the documents correspond to publicly known events—such as the day that a particular Bahraini activist was hacked.
  • The leaked files contain more than 40 gigabytes of confidential technical material, including software code, internal memos, strategy reports, and user guides on how to use Gamma Group software suite called FinFisher. FinFisher enables customers to monitor secure Web traffic, Skype calls, webcams, and personal files. It is installed as malware on targets' computers and cell phones. A price list included in the trove lists a license of the software at almost $4 million. The documents reveal that Gamma uses technology from a French company called Vupen Security that sells so-called computer "exploits." Exploits include techniques called "zero days" for "popular software like Microsoft Office, Internet Explorer, Adobe Acrobat Reader, and many more." Zero days are exploits that have not yet been detected by the software maker and therefore are not blocked.
  • ...2 more annotations...
  • Many of Gamma's product brochures have previously been published by the Wall Street Journal and Wikileaks, but the latest trove shows how the products are getting more sophisticated. In one document, engineers at Gamma tested a product called FinSpy, which inserts malware onto a user's machine, and found that it could not be blocked by most antivirus software. Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft's Bitlocker.
  • The documents also describe a "country-wide" surveillance product called FinFly ISP which promises customers the ability to intercept Internet traffic and masquerade as ordinary websites in order to install malware on a target's computer. The most recent date-stamp found in the documents is August 2, coincidung with the first tweet by a parody Twitter account, @GammaGroupPR, which first announced the hack and may be run by the hacker or hackers responsible for the leak. On Reddit, a user called PhineasFisher claimed responsibility for the leak. "Two years ago their software was found being widely used by governments in the middle east, especially Bahrain, to hack and spy on the computers and phones of journalists and dissidents," the user wrote. The name on the @GammaGroupPR Twitter account is also "Phineas Fisher." GammaGroup, the surveillance company whose documents were released, is no stranger to the spotlight. The security firm F-Secure first reported the purchase of FinFisher software by the Egyptian State Security agency in 2011. In 2012, Bloomberg News and The Citizen Lab showed how the company's malware was used to target activists in Bahrain. In 2013, the software company Mozilla sent a cease-and-desist letter to the company after a report by The Citizen Lab showed that a spyware-infected version of the Firefox browser manufactured by Gamma was being used to spy on Malaysian activists.
10More

Take A Break From The Snowden Drama For A Reminder Of What He's Revealed So Far - Forbes - 0 views

www.forbes.com/...er-of-what-hes-revealed-so-far NSA-Patriot-Act-NDAA NSA-Whistleblower Edward-Snowden
shared by Gary Edwards on 26 Jun 13 - No Cached
  • Here’s a recap of Snowden’s leaked documents published so far, in my own highly subjective order of importance.
  • The publication of Snowden’s leaks began with a top secret order from the Foreign Intelligence Surveillance Court (FISC) sent to Verizon on behalf of the NSA, demanding the cell phone records of all of Verizon Business Network Services’ American customers for the three month period ending in July. The order, obtained by the Guardian, sought only the metadata of those millions of users’ calls–who called whom when and from what locations–but specifically requested Americans’ records, disregarding foreigners despite the NSA’s legal restrictions that it may only surveil non-U.S. persons. Senators Saxby Chambliss and Diane Feinstein defended the program and said it was in fact a three-month renewal of surveillance practices that had gone for seven years.
  • A leaked executive order from President Obama shows the administration asked intelligence agencies to draw up a list of potential offensive cyberattack targets around the world. The order, which suggests targeting “systems, processes and infrastructure” states that such offensive hacking operations “can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging.” The order followed repeated accusations by the U.S. government that China has engaged in state-sponsored hacking operations, and was timed just a day before President Obama’s summit with Chinese President Xi Jinping.
  • ...6 more annotations...
  • Another leaked slide deck revealed a software tool called Boundless Informant, which the NSA appears to use for tracking the origin of data it collects. The leaked materials included a map produced by the program showing the frequency of data collection in countries around the world. While Iran, Pakistan and Jordan appeared to be the most surveilled countries according to the map, it also pointed to significant data collection from the United States.
  • In a congressional hearing, NSA director Keith Alexander argued that the kind of surveillance of Americans’ data revealed in that Verizon order was necessary to for archiving purposes, but was rarely accessed and only with strict oversight from Foreign Intelligence Surveillance Court judges. But another secret document published by the Guardian revealed the NSA’s own rules for when it makes broad exceptions to its foreign vs. U.S. persons distinction, accessing Americans’ data and holding onto it indefinitely. Those exceptions include anytime Americans’ data is judged to be “significant foreign intelligence” information or information about a crime that has been or is about to be committed, any data “involved in the unauthorized disclosure of national security information,” or necessary to “assess a communications security vulnerability.” Any encrypted data that the NSA wants to crack can also be held indefinitely, regardless of whether its American or foreign origin.
  • Documents leaked to the Guardian revealed a five-year-old British intelligence scheme to tap transatlantic fiberoptic cables to gather data. A program known as Tempora, created by the U.K.’s NSA equivalent Government Communications Headquarters (GCHQ) has for the last 18 months been able to store huge amounts of that raw data for up to 30 days. Much of the data is shared with the NSA, which had assigned 250 analysts to sift through it as of May of last year.
  • Another GCHQ project revealed to the Guardian through leaked documents intercepted the communications of delegates to the G20 summit of world leaders in London in 2009. The scheme included monitoring the attendees’ phone calls and emails by accessing their Blackberrys, and even setting up fake Internet cafes that used keylogging software to surveil them.
  • Snowden showed the Hong Kong newspaper the South China Morning Post documents that it said outlined extensive hacking of Chinese and Hong Kong targets by the NSA since 2009, with 61,000 targets globally and “hundreds” in China. Other SCMP stories based on Snowden’s revelations stated that the NSA had gained access to the Chinese fiberoptic network operator Pacnet as well as Chinese mobile phone carriers, and had gathered large quantities of Chinese SMS messages.
  • The Guardian’s Glenn Greenwald has said that Snowden provided him “thousands” of documents, of which “dozens” are newsworthy. And Snowden himself has said he’d like to expose his trove of leaks to the global media so that each country’s reporters can decide whether “U.S. network operations against their people should be published.” So regardless of where Snowden ends up, expect more of his revelations to follow.
  • Gary Edwards on 26 Jun 13
     
    Nice tight summary
11More

The NSA Is Building the Country's Biggest Spy Center (Watch What You Say) | Threat Leve... - 0 views

www.wired.com/...1 Big Brother NSA Stellar Wind cryptography supercomputers surveillance
shared by Paul Merrell on 23 May 12 - No Cached
    • Paul Merrell
      Paul Merrell on 23 May 12
       
      There goes the neighborhood; the Feds are moving in. 
  • In the process—and for the first time since Watergate and the other scandals of the Nixon administration—the NSA has turned its surveillance apparatus on the US and its citizens. It has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. It has created a supercomputer of almost unimaginable speed to look for patterns and unscramble codes. Finally, the agency has begun building a place to store all the trillions of words and thoughts and whispers captured in its electronic net. And, of course, it’s all being done in secret.
  • According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.
  • ...8 more annotations...
  • as a 2007 Department of Defense report puts it, the Pentagon is attempting to expand its worldwide communications network, known as the Global Information Grid, to handle yottabytes (1024 bytes) of data. (A yottabyte is a septillion bytes—so large that no one has yet coined a term for the next higher magnitude.) It needs that capacity because, according to a recent report by Cisco, global Internet traffic will quadruple from 2010 to 2015, reaching 966 exabytes per year. (A million exabytes equal a yottabyte.
  • The data stored in Bluffdale will naturally go far beyond the world’s billions of public web pages. The NSA is more interested in the so-called invisible web, also known as the deep web or deepnet—data beyond the reach of the public. This includes password-protected data, US and foreign government communications, and noncommercial file-sharing between trusted peers.
  • The broad outlines of the so-called warrantless-wiretapping program have long been exposed—how the NSA secretly and illegally bypassed the Foreign Intelligence Surveillance Court, which was supposed to oversee and authorize highly targeted domestic eavesdropping; how the program allowed wholesale monitoring of millions of American phone calls and email. In the wake of the program’s exposure, Congress passed the FISA Amendments Act of 2008, which largely made the practices legal. Telecoms that had agreed to participate in the illegal activity were granted immunity from prosecution and lawsuits. What wasn’t revealed until now, however, was the enormity of this ongoing domestic spying program. For the first time, a former NSA official has gone on the record to describe the program, codenamed Stellar Wind, in detail.
  • one of the deepest secrets of the Stellar Wind program—again, never confirmed until now—was that the NSA gained warrantless access to AT&T’s vast trove of domestic and international billing records, detailed information about who called whom in the US and around the world. As of 2007, AT&T had more than 2.8 trillion records housed in a database at its Florham Park, New Jersey, complex. Verizon was also part of the program
  • the NSA succeeded in building an even faster supercomputer. “They made a big breakthrough,” says another former senior intelligence official, who helped oversee the program. The NSA’s machine was likely similar to the unclassified Jaguar, but it was much faster out of the gate, modified specifically for cryptanalysis and targeted against one or more specific algorithms, like the AES.
  • The breakthrough was enormous, says the former official, and soon afterward the agency pulled the shade down tight on the project, even within the intelligence community and Congress. “Only the chairman and vice chairman and the two staff directors of each intelligence committee were told about it,” he says. The reason? “They were thinking that this computing breakthrough was going to give them the ability to crack current public encryption.”
  • But the real competition will take place in the classified realm. To secretly develop the new exaflop (or higher) machine by 2018, the NSA has proposed constructing two connecting buildings, totaling 260,000 square feet, near its current facility on the East Campus of Oak Ridge. Called the Multiprogram Computational Data Center,
  • n the meantime Cray is working on the next step for the NSA, funded in part by a $250 million contract with the Defense Advanced Research Projects Agency. It’s a massively parallel supercomputer called Cascade, a prototype of which is due at the end of 2012. Its development will run largely in parallel with the unclassified effort for the DOE and other partner agencies. That project, due in 2013, will upgrade the Jaguar XT5 into an XK6, codenamed Titan, upping its speed to 10 to 20 petaflops.
9More

Brazil Looks to Break from U.S.-Centric Internet | TIME.com - 0 views

world.time.com/...reak-from-u-s-centric-internet surveillance state NSA NSA-blowback Brazil Internet-Balkanization
shared by Paul Merrell on 25 Sep 13 - No Cached
  • Brazil plans to divorce itself from the U.S.-centric Internet over Washington’s widespread online spying, a move that many experts fear will be a potentially dangerous first step toward fracturing a global network built with minimal interference by governments. President Dilma Rousseff ordered a series of measures aimed at greater Brazilian online independence and security following revelations that the U.S. National Security Agency intercepted her communications, hacked into the state-owned Petrobras oil company’s network and spied on Brazilians who entrusted their personal data to U.S. tech companies such as Facebook and Google. The leader is so angered by the espionage that on Tuesday she postponed next month’s scheduled trip to Washington, where she was to be honored with a state dinner. Internet security and policy experts say the Brazilian government’s reaction to information leaked by former NSA contractor Edward Snowden is understandable, but warn it could set the Internet on a course of Balkanization.
  • “The global backlash is only beginning and will get far more severe in coming months,” said Sascha Meinrath, director of the Open Technology Institute at the Washington-based New America Foundation think tank. “This notion of national privacy sovereignty is going to be an increasingly salient issue around the globe.” While Brazil isn’t proposing to bar its citizens from U.S.-based Web services, it wants their data to be stored locally as the nation assumes greater control over Brazilians’ Internet use to protect them from NSA snooping. The danger of mandating that kind of geographic isolation, Meinrath said, is that it could render inoperable popular software applications and services and endanger the Internet’s open, interconnected structure.
  • The effort by Latin America’s biggest economy to digitally isolate itself from U.S. spying not only could be costly and difficult, it could encourage repressive governments to seek greater technical control over the Internet to crush free expression at home, experts say. In December, countries advocating greater “cyber-sovereignty” pushed for such control at an International Telecommunications Union meeting in Dubai, with Western democracies led by the United States and the European Union in opposition.
  • ...5 more annotations...
  • Rousseff says she intends to push for international rules on privacy and security in hardware and software during the U.N. General Assembly meeting later this month. Among Snowden revelations: the NSA has created backdoors in software and Web-based services. Brazil is now pushing more aggressively than any other nation to end U.S. commercial hegemony on the Internet. More than 80 percent of online search, for example, is controlled by U.S.-based companies. Most of Brazil’s global Internet traffic passes through the United States, so Rousseff’s government plans to lay underwater fiber optic cable directly to Europe and also link to all South American nations to create what it hopes will be a network free of U.S. eavesdropping.
  • More communications integrity protection is expected when Telebras, the state-run telecom company, works with partners to oversee the launch in 2016 of Brazil’s first communications satellite, for military and public Internet traffic. Brazil’s military currently relies on a satellite run by Embratel, which Mexican billionaire Carlos Slim controls. Rousseff is urging Brazil’s Congress to compel Facebook, Google and all companies to store data generated by Brazilians on servers physically located inside Brazil in order to shield it from the NSA. If that happens, and other nations follow suit, Silicon Valley’s bottom line could be hit by lost business and higher operating costs: Brazilians rank No. 3 on Facebook and No. 2 on Twitter and YouTube. An August study by a respected U.S. technology policy nonprofit estimated the fallout from the NSA spying scandal could cost the U.S. cloud computing industry, which stores data remotely to give users easy access from any device, as much as $35 billion by 2016 in lost business.
  • Brazil also plans to build more Internet exchange points, places where vast amounts of data are relayed, in order to route Brazilians’ traffic away from potential interception. And its postal service plans by next year to create an encrypted email service that could serve as an alternative to Gmail and Yahoo!, which according to Snowden-leaked documents are among U.S. tech giants that have collaborated closely with the NSA. “Brazil intends to increase its independent Internet connections with other countries,” Rousseff’s office said in an emailed response to questions from The Associated Press on its plans. It cited a “common understanding” between Brazil and the European Union on data privacy, and said “negotiations are underway in South America for the deployment of land connections between all nations.” It said Brazil plans to boost investment in home-grown technology and buy only software and hardware that meet government data privacy specifications.
  • While the plans’ technical details are pending, experts say they will be costly for Brazil and ultimately can be circumvented. Just as people in China and Iran defeat government censors with tools such as “proxy servers,” so could Brazilians bypass their government’s controls. International spies, not just from the United States, also will adjust, experts said. Laying cable to Europe won’t make Brazil safer, they say. The NSA has reportedly tapped into undersea telecoms cables for decades. Meinrath and others argue that what’s needed instead are strong international laws that hold nations accountable for guaranteeing online privacy.
  • “There’s nothing viable that Brazil can really do to protect its citizenry without changing what the U.S. is doing,” he said. Matthew Green, a Johns Hopkins computer security expert, said Brazil won’t protect itself from intrusion by isolating itself digitally. It will also be discouraging technological innovation, he said, by encouraging the entire nation to use a state-sponsored encrypted email service. “It’s sort of like a Soviet socialism of computing,” he said, adding that the U.S. “free-for-all model works better.”
  • Paul Merrell on 25 Sep 13
     
    So both Brazil and the European Union are planning to boycott the U.S.-based cloud industry, seizing on the NSA's activities as legal grounds. Under the various GATT series of trade agreements, otherwise forbidden discriminatory actions taken that restrict trade in aid of national security are exempt from redress through the World Trade Organization Dispute Resolution Process. So the NSA voyeurs can add legalizing economic digital discrimination against the U.S. to its score card.
1More

Group Thinks Anonymity Should Be Baked Into the Internet Itself Using Tor - Slashdot - 0 views

tech.slashdot.org/...-the-internet-itself-using-tor surveillance state NSA Tor IETF internet internet freedom digital-privacy
shared by Paul Merrell on 29 Nov 13 - No Cached
  • "David Talbot writes at MIT Technology review that engineers on the Internet Engineering Task Force (IETF), an informal organization of engineers that changes Internet code and operates by rough consensus, have asked the architects of Tor to consider turning the technology into an Internet standard. If widely adopted, such a standard would make it easy to include the technology in consumer and business products ranging from routers to apps and would allow far more people to browse the Web without being identified by anyone who might be spying on Internet traffic. The IETF is already working to make encryption standard in all web traffic. Stephen Farrell believes that forging Tor into a standard that interoperates with other parts of the Internet could be better than leaving Tor as a separate tool that requires people to take special action to implement. 'I think there are benefits that might flow in both directions,' says Farrell. 'I think other IETF participants could learn useful things about protocol design from the Tor people, who've faced interesting challenges that aren't often seen in practice. And the Tor people might well get interest and involvement from IETF folks who've got a lot of experience with large-scale systems.' Andrew Lewman, executive director of Tor, says the group is considering it. 'We're basically at the stage of 'Do we even want to go on a date together?' It's not clear we are going to do it, but it's worth exploring to see what is involved. It adds legitimacy, it adds validation of all the research we've done.'"
6More

US websites should inform EU citizens about NSA surveillance, says report - 0 views

www.computerweekly.com/...t-NSA-surveillance-says-report surveillance state NSA NSA-blowback EU cloud computing whistle-blowers
shared by Paul Merrell on 27 Sep 13 - No Cached
  • All existing data sharing agreements between Europe and the US should be revoked, and US web site providers should prominently inform European citizens that their data may be subject to government surveillance, according to the recommendations of a briefing report for the European Parliament. The report was produced in response to revelations about the US National Security Agency (NSA) snooping on internet traffic, and aims to highlight the subsequent effect on European Union (EU) citizens' rights.
  • The report warns that EU data protection authorities have failed to understand the “structural shift of data sovereignty implied by cloud computing”, and the associated risks to the rights of EU citizens. It suggests “a full industrial policy for development of an autonomous European cloud computing capacity” should be set up to reduce exposure of EU data to NSA surveillance that is undertaken by the use of US legislation that forces US-based cloud providers to provide access to data they hold.
  • To put pressure on the US government, the report recommends that US websites should ask EU citizens for their consent before gathering data that could be used by the NSA. “Prominent notices should be displayed by every US web site offering services in the EU to inform consent to collect data from EU citizens. The users should be made aware that the data may be subject to surveillance by the US government for any purpose which furthers US foreign policy,” it said. “A consent requirement will raise EU citizen awareness and favour growth of services solely within EU jurisdiction. This will thus have economic impact on US business and increase pressure on the US government to reach a settlement.”
  • ...2 more annotations...
  • Other recommendations include the EU offering protection and rewards for whistleblowers, including “strong guarantees of immunity and asylum”. Such a move would be seen as a direct response to the plight of Edward Snowden, the former NSA analyst who leaked documents that revealed the extent of the NSA’s global internet surveillance programmes. The report also says that, “Encryption is futile to defend against NSA accessing data processed by US clouds,” and that there is “no technical solution to the problem”. It calls for the EU to press for changes to US law.
  • “It seems that the only solution which can be trusted to resolve the Prism affair must involve changes to the law of the US, and this should be the strategic objective of the EU,” it said. The report was produced for the European Parliament committee on civil liberties, justice and home affairs, and comes before the latest hearing of an inquiry into electronic mass surveillance of EU citizens, due to take place in Brussels on 24 September.
  • Paul Merrell on 27 Sep 13
     
    Yee-haw! E.U. sanctuary and rewards for NSA whistle-blowers. Mandatory warnings for customers of U.S. cloud services that their data may be turned over to the NSA. Pouring more gasoline on the NSA diplomatic fire. 
4More

Hacking Online Polls and Other Ways British Spies Seek to Control the Internet - The In... - 0 views

firstlook.org/...sh-spies-seek-control-internet surveillance state GCHQ dirty-tricks
shared by Paul Merrell on 16 Jul 14 - No Cached
  • The secretive British spy agency GCHQ has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, “amplif[y]” sanctioned messages on YouTube, and censor video content judged to be “extremist.” The capabilities, detailed in documents provided by NSA whistleblower Edward Snowden, even include an old standby for pre-adolescent prank callers everywhere: A way to connect two unsuspecting phone users together in a call.
  • he “tools” have been assigned boastful code names. They include invasive methods for online surveillance, as well as some of the very techniques that the U.S. and U.K. have harshly prosecuted young online activists for employing, including “distributed denial of service” attacks and “call bombing.” But they also describe previously unknown tactics for manipulating and distorting online political discourse and disseminating state propaganda, as well as the apparent ability to actively monitor Skype users in real-time—raising further questions about the extent of Microsoft’s cooperation with spy agencies or potential vulnerabilities in its Skype’s encryption. Here’s a list of how JTRIG describes its capabilities: • “Change outcome of online polls” (UNDERPASS) • “Mass delivery of email messaging to support an Information Operations campaign” (BADGER) and “mass delivery of SMS messages to support an Information Operations campaign” (WARPARTH) • “Disruption of video-based websites hosting extremist content through concerted target discovery and content removal.” (SILVERLORD)
  • • “Active skype capability. Provision of real time call records (SkypeOut and SkypetoSkype) and bidirectional instant messaging. Also contact lists.” (MINIATURE HERO) • “Find private photographs of targets on Facebook” (SPRING BISHOP) • “A tool that will permanently disable a target’s account on their computer” (ANGRY PIRATE) • “Ability to artificially increase traffic to a website” (GATEWAY) and “ability to inflate page views on websites” (SLIPSTREAM) • “Amplification of a given message, normally video, on popular multimedia websites (Youtube)” (GESTATOR) • “Targeted Denial Of Service against Web Servers” (PREDATORS FACE) and “Distributed denial of service using P2P. Built by ICTR, deployed by JTRIG” (ROLLING THUNDER)
  • ...1 more annotation...
  • • “A suite of tools for monitoring target use of the UK auction site eBay (www.ebay.co.uk)” (ELATE) • “Ability to spoof any email address and send email under that identity” (CHANGELING) • “For connecting two target phone together in a call” (IMPERIAL BARGE) While some of the tactics are described as “in development,” JTRIG touts “most” of them as “fully operational, tested and reliable.” It adds: “We only advertise tools here that are either ready to fire or very close to being ready.”
6More

NSA can eavesdrop on Americans' phone calls, documents show | Politics and Law - CNET News - 0 views

news.cnet.com/...ans-phone-calls-documents-show surveillance state NSA Clapper lies must-read
shared by Paul Merrell on 17 Aug 13 - No Cached
  • The National Security Agency has been secretly granted legal authority to operate a massive domestic eavesdropping system that vacuums up Americans' phone calls and Internet communications, newly leaked documents show. A pair of classified government documents (No. 1 and No. 2) signed by Attorney General Eric Holder and posted by the Guardian on Thursday show that NSA analysts are able to listen to Americans' intercepted phone calls without asking a judge for a warrant first. That appears to be at odds with what President Obama said earlier this week in defense of the NSA's surveillance efforts. "I can say unequivocally is that if you are a U.S. person, the NSA cannot listen to your telephone calls and the NSA cannot target your e-mails," Obama said. The new documents indicate, however, that NSA, CIA, and FBI analysts are granted broad access to data vacuumed up by the world's most powerful intelligence agency -- but are supposed to follow certain "targeting" and "minimization" procedures to limit the number of Americans who become individual targets of warrantless surveillance.
  • Analysts are expected to exercise "reasonable judgment" in determining which data to use, according to the documents, and "inadvertently acquired communications of or concerning a United States person may be retained no longer than five years." The documents also refer to "content repositories" that contain records of devices' "previous Internet activity," and say the NSA keeps records of Americans' "electronic communications accounts/addresses/identifiers" in an apparent effort to avoid targeting them in future eavesdropping efforts. The Holder procedures were blessed in advance by the secret Foreign Intelligence Surveillance Court, the Guardian reported, meaning that the judges would have issued a general order that authorizes the NSA to engage in warrantless surveillance as long as it's primarily aimed at foreign targets, subject to some limited judicial oversight. Today's disclosure jibes with what Edward Snowden, the former NSA contractor who leaked top-secret documents, alleged in an online chat earlier this week. Snowden said, referring to the contents of e-mail and phone calls, that "Americans' communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant."
  • On Sunday, Director of National Intelligence James Clapper released a carefully-worded statement in response to a CNET article and other reports questioning when intelligence analysts can listen to domestic phone calls. Clapper said: "The statement that a single analyst can eavesdrop on domestic communications without proper legal authorization is incorrect and was not briefed to Congress." Clapper's statement was viewed as a denial, but it wasn't. Today's disclosures reveal why: Because the Justice Department granted intelligence analysts "proper legal authorization" in advance through the Holder regulations. "The DNI has a history of playing games with wording, using terms with carefully obscured meanings to leave an impression different from the truth," Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation who has litigated domestic surveillance cases, told CNET earlier this week.
  • ...3 more annotations...
  • Jameel Jaffer, the American Civil Liberties Union's deputy legal director, said in a statement today that: After Congress enacted the FISA Amendments Act in 2008, we worried that the NSA would use the new authority to conduct warrantless surveillance of Americans' telephone calls and emails. These documents confirm many of our worst fears. The "targeting" procedures indicate that the NSA is engaged in broad surveillance of Americans' international communications. The "minimization" procedures that supposedly protect Americans' constitutional rights turn out to be far weaker than we imagined they could be. For example, the NSA claims the authority to collect and disseminate attorney-client communications -- and even, in some circumstances, to turn them over to Justice Department prosecutors. The government also claims the authority to retain Americans' purely domestic communications in certain situations.
  • The documents suggest there are some significant loopholes in domestic surveillance: if an NSA analyst reviews an intercepted communication and finds "evidence of a crime that has been, is being, or is about to be committed," it can be forwarded to the FBI or other federal law enforcement agencies. Another loophole is "a serious harm to life or property" -- which could sweep in intellectual property -- and "enciphered" data. Communications that contain "enciphered" data, which would likely include PGP but also could mean encrypted Web connections using SSL, may be kept indefinitely. Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications.
  • Section 702 of the FAA says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court, as long as minimization requirements and general procedures blessed by the court are followed.
4More

Michael Hayden talks to CNN about XKEYSCORE program. - 0 views

www.slate.com/...n_about_xkeyscore_program.html surveillance state NSA xKeyScore Deep Dive Hayden
shared by Paul Merrell on 17 Aug 13 - No Cached
  • Does the NSA really operate a vast database that allows its analysts to sift through millions of records showing nearly everything a user does on the Internet, as was recently reported? Yes, and people should stop worrying and learn to love it, according former NSA chief Gen. Michael Hayden. Last week, the Guardian published a series of leaked documents revealing new details about an NSA surveillance program called XKEYSCORE. The newspaper said that the program enabled the agency to “search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals,” and secret slides dated 2008 showed how people could be deemed a target for searching the Web for “suspicious stuff” or by using encryption. Following the disclosures, Hayden appeared on CNN to discuss the agency’s surveillance programs. The general, who directed the NSA from 1999 through 2005, was remarkably candid in his responses to Erin Burnett’s questions about the Guardian’s XKEYSCORE report. Was there any truth to claims that the NSA is sifting through millions of browsing histories and able to collect virtually everything users do on the Internet? “Yeah,” Hayden said. “And it's really good news.”
  • Not only that, Hayden went further. He revealed that the XKEYSCORE was “a tool that's been developed over the years, and lord knows we were trying to develop similar tools when I was at the National Security Agency.” The XKEYSCORE system, Hayden said, allows analysts to enter a “straight-forward question” into a computer and sift through the “oceans of data” that have been collected as part of foreign intelligence gathering efforts. How this process works was illustrated in the Guardian’s report. Analysts can enter search terms to sift through data and select from a drop-down menu a target’s “foreignness factor,” which is intended to minimize the warrantless surveillance of Americans. However, operating a vast electronic dragnet such as this is far from an exact science, and the NSA’s system of sifting data from the backbone of international Internet networks likely sometimes involves gobbling up information on Americans’ communications and online activity—whether it is done wittingly or not. Indeed, the NSA reportedly only needs to have 51 percent certainty that it is targeting a foreigner. And as leaked secret rules for the surveillance have shown, even if the NSA does “inadvertently” gather Americans’ communications, it can hold on to them if they are deemed valuable for vague “foreign intelligence” purposes or if the communications show evidence of a crime that has occurred or may occur in the future.
  • In the CNN interview, Hayden described XKEYSCORE as “really quite an achievement” and said that it enabled NSA spies to find the needle in the haystack. But his ardent defense of the system is unlikely to reassure civil liberties advocates. Having Hayden’s support is a rather dubious stamp of approval, particularly because he was responsible for leading the NSA’s illegal warrantless wiretapping program, which was initiated post-9/11 and exposed by the New York Times in 2005. Hayden later went on to lead the CIA from 2006 through 2009, where he oversaw the use of the waterboarding torture technique and the operation of a controversial black-site prison program that was eventually dismantled by President Obama. The former NSA chief retired in 2009, but he has since become a regular media commentator, using a recent column at CNN to blast Snowden for leaking the secret NSA documents and implying that he’d like to see the Guardian journalist Glenn Greenwald prosecuted as a “co-conspirator” for his role reporting the surveillance scoops.
  • Paul Merrell on 17 Aug 13
     
    Let's see, the entire U.S. military has been forbidden from reading The Guardian because the documents Edward Snowden leaked are still classified. But a former NSA chief can confirm their accuracy on CNN?  Surely, even as I write a grand jury is busy indicting him on Espionage Act charges? No? Smells like hypocrisy to me. 
9More

Cover Story: How NSA Spied on Merkel Cell Phone from Berlin Embassy - SPIEGEL ONLINE - 0 views

www.spiegel.de/...m-berlin-embassy-a-930205.html surveillance state NSA Obama Merkel U.S. Germany U.S. foreign policy NSA-blowback must-read lies
shared by Paul Merrell on 29 Oct 13 - No Cached
  • According to SPIEGEL research, United States intelligence agencies have not only targeted Chancellor Angela Merkel's cellphone, but they have also used the American Embassy in Berlin as a listening station. The revelations now pose a serious threat to German-American relations.
  • Research by SPIEGEL reporters in Berlin and Washington, talks with intelligence officials and the evaluation of internal documents of the US' National Security Agency and other information, most of which comes from the archive of former NSA contractor Edward Snowden, lead to the conclusion that the US diplomatic mission in the German capital has not merely been promoting German-American friendship. On the contrary, it is a nest of espionage. From the roof of the embassy, a special unit of the CIA and NSA can apparently monitor a large part of cellphone communication in the government quarter. And there is evidence that agents based at Pariser Platz recently targeted the cellphone that Merkel uses the most. The NSA spying scandal has thus reached a new level, becoming a serious threat to the trans-Atlantic partnership. The mere suspicion that one of Merkel's cellphones was being monitored by the NSA has led in the past week to serious tensions between Berlin and Washington.
  • A "top secret" classified NSA document from the year 2010 shows that a unit known as the "Special Collection Service" (SCS) is operational in Berlin, among other locations. It is an elite corps run in concert by the US intelligence agencies NSA and CIA. The secret list reveals that its agents are active worldwide in around 80 locations, 19 of which are in Europe -- cities such as Paris, Madrid, Rome, Prague and Geneva. The SCS maintains two bases in Germany, one in Berlin and another in Frankfurt. That alone is unusual. But in addition, both German bases are equipped at the highest level and staffed with active personnel. The SCS teams predominantly work undercover in shielded areas of the American Embassy and Consulate, where they are officially accredited as diplomats and as such enjoy special privileges. Under diplomatic protection, they are able to look and listen unhindered. They just can't get caught.
  • ...5 more annotations...
  • This would correspond to internal NSA documents seen by SPIEGEL. They show, for example, an SCS office in another US embassy -- a small windowless room full of cables with a work station of "signal processing racks" containing dozens of plug-in units for "signal analysis." On Friday, author and NSA expert James Bamford also visited SPIEGEL's Berlin bureau, which is located on Pariser Platz diagonally opposite the US Embassy. "To me, it looks like NSA eavesdropping equipment is hidden behind there," he said. "The covering seems to be made of the same material that the agency uses to shield larger systems." The Berlin-based security expert Andy Müller Maguhn was also consulted. "The location is ideal for intercepting mobile communications in Berlin's government district," he says, "be it technical surveillance of communication between cellphones and wireless cell towers or radio links that connect radio towers to the network."
  • Campbell refers to window-like indentations on the roof of the US Embassy. They are not glazed but rather veneered with "dielectric" material and are painted to blend into the surrounding masonry. This material is permeable even by weak radio signals. The interception technology is located behind these radio-transparent screens, says Campbell. The offices of SCS agents would most likely be located in the same windowless attic.
  • Wiretapping from an embassy is illegal in nearly every country. But that is precisely the task of the SCS, as is evidenced by another secret document. According to the document, the SCS operates its own sophisticated listening devices with which they can intercept virtually every popular method of communication: cellular signals, wireless networks and satellite communication. The necessary equipment is usually installed on the upper floors of the embassy buildings or on rooftops where the technology is covered with screens or Potemkin-like structures that protect it from prying eyes. That is apparently the case in Berlin, as well. SPIEGEL asked British investigative journalist Duncan Campbell to appraise the setup at the embassy. In 1976, Campbell uncovered the existence of the British intelligence service GCHQ. In his so-called "Echelon Report" in 1999, he described for the European Parliament the existence of the global surveillance network of the same name.
  • Apparently, SCS agents use the same technology all over the world. They can intercept cellphone signals while simultaneously locating people of interest. One antenna system used by the SCS is known by the affable code name "Einstein." When contacted by SPIEGEL, the NSA declined to comment on the matter. The SCS are careful to hide their technology, especially the large antennas on the roofs of embassies and consulates. If the equipment is discovered, explains a "top secret" set of classified internal guidelines, it "would cause serious harm to relations between the United States and a foreign government." According to the documents, SCS units can also intercept microwave and millimeter-wave signals. Some programs, such as one entitled "Birdwatcher," deal primarily with encrypted communications in foreign countries and the search for potential access points. Birdwatcher is controlled directly from SCS headquarters in Maryland.
  • With the growing importance of the Internet, the work of the SCS has changed. Some 80 branches offer "thousands of opportunities on the net" for web-based operations, according to an internal presentation. The organization is now able not only to intercept cellphone calls and satellite communication, but also to proceed against criminals or hackers. From some embassies, the Americans have planted sensors in communications equipment of the respective host countries that are triggered by selected terms.
  • Paul Merrell on 29 Oct 13
     
    A must-read article offering an in-depth, 3-page view of how badly the Snowden disclosures have poisoned trust between the U.S. and its NATO allies that are not favored members of the Five Eyes club. Details of NSA's surveillance operations in Germany and strong circumstantial evidence that Obama knew -- as recently as June 2013 -- of spy operations being conducted against hundreds of world leaders but denied it.  
3More

EFF Statement on Passage of Massie-Lofgren Amendment Regarding NSA Backdoors | Electron... - 0 views

www.eff.org/...ofgren-amendment-passing-house surveillance state NSA-reform legislation Defense-spending
shared by Paul Merrell on 20 Jun 14 - No Cached
  • Today, the US House of Representatives passed an amendment to the Defense Appropriations bill designed to cut funding for NSA backdoors. The amendment passed overwhelmingly with strong bipartisan support: 293 ayes, 123 nays, and 1 present. Currently, the NSA collects emails, browsing and chat history under Section 702 of the FISA Amendments Act, and searches this information without a warrant for the communications of Americans—a practice known as "backdoor searches." The amendment would block the NSA from using any of its funding from this Defense Appropriations Bill to conduct such warrantless searches. In addition, the amendment would prohibit the NSA from using its budget to mandate or request that private companies and organizations add backdoors to the encryption standards that are meant to keep you safe on the web. Mark Rumold, staff attorney for the Electronic Frontier Foundation, stated:
  • Tonight, the House of Representatives took an important first step in reining in the NSA. The House voted overwhelmingly to cut funding for two of the NSA's invasive surveillance practices: the warrantless searching of Americans' international communications, and the practice of requiring companies to install vulnerabilities in communications products or services. We applaud the House for taking this important first step, and we look forward to other elected officials standing up for our right to privacy. Digital rights organizations, including EFF, strongly supported the amendment. We and other organizations—including Free Press, Fight for the Future, Demand Progress, and Taskforce.is—helped to organize a grassroots campaign to promote the amendment. The day before the vote, we urged friends and members to call their members of Congress through the website ShuttheBackDoor.net. Thousands responded to the call to action. We extend our heartfelt thanks to everyone who spoke out on this issue. This is a great day in the fight to rein in NSA surveillance abuses, and we hope Congress will work to ensure this amendment is in the final version of the appropriations bill that is enacted.
  • Paul Merrell on 20 Jun 14
     
    Big majority in the House and it's in the Defense Spending act. That puts a lot of pressure on the Senate and if sustained in the Senate, makes it all but veto-proof.  
7More

US v. Comprehensive Drug Testing, Inc., 621 F. 3d 1162 - Court of Appeals, 9th Circuit ... - 0 views

scholar.google.com/scholar_case surveillance-state 4th Amendment bulk-collection future-investigations
shared by Paul Merrell on 05 Dec 14 - No Cached
  • Concluding Thoughts
  • This case well illustrates both the challenges faced by modern law enforcement in retrieving information it needs to pursue and prosecute wrongdoers, and the threat to the privacy of innocent parties from a vigorous criminal investigation. At the time of Tamura, most individuals and enterprises kept records in their file cabinets or similar physical facilities. Today, the same kind of data is usually stored electronically, often far from the premises. Electronic storage facilities intermingle data, making them difficult to retrieve without a thorough understanding of the filing and classification systems used—something that can often only be determined by closely analyzing the data in a controlled environment. Tamura involved a few dozen boxes and was considered a broad seizure; but even inexpensive electronic storage media today can store the equivalent of millions of pages of information. 1176*1176 Wrongdoers and their collaborators have obvious incentives to make data difficult to find, but parties involved in lawful activities may also encrypt or compress data for entirely legitimate reasons: protection of privacy, preservation of privileged communications, warding off industrial espionage or preventing general mischief such as identity theft. Law enforcement today thus has a far more difficult, exacting and sensitive task in pursuing evidence of criminal activities than even in the relatively recent past. The legitimate need to scoop up large quantities of data, and sift through it carefully for concealed or disguised pieces of evidence, is one we've often recognized. See, e.g., United States v. Hill, 459 F.3d 966 (9th Cir.2006).
  • This pressing need of law enforcement for broad authorization to examine electronic records, so persuasively demonstrated in the introduction to the original warrant in this case, see pp. 1167-68 supra, creates a serious risk that every warrant for electronic information will become, in effect, a general warrant, rendering the Fourth Amendment irrelevant. The problem can be stated very simply: There is no way to be sure exactly what an electronic file contains without somehow examining its contents—either by opening it and looking, using specialized forensic software, keyword searching or some other such technique. But electronic files are generally found on media that also contain thousands or millions of other files among which the sought-after data may be stored or concealed. By necessity, government efforts to locate particular files will require examining a great many other files to exclude the possibility that the sought-after data are concealed there. Once a file is examined, however, the government may claim (as it did in this case) that its contents are in plain view and, if incriminating, the government can keep it. Authorization to search some computer files therefore automatically becomes authorization to search all files in the same sub-directory, and all files in an enveloping directory, a neighboring hard drive, a nearby computer or nearby storage media. Where computers are not near each other, but are connected electronically, the original search might justify examining files in computers many miles away, on a theory that incriminating electronic data could have been shuttled and concealed there.
  • ...3 more annotations...
  • The advent of fast, cheap networking has made it possible to store information at remote third-party locations, where it is intermingled with that of other users. For example, many people no longer keep their email primarily on their personal computer, and instead use a web-based email provider, which stores their messages along with billions of messages from and to millions of other people. Similar services exist for photographs, slide shows, computer code and many other types of data. As a result, people now have personal data that are stored with that of innumerable strangers. Seizure of, for example, Google's email servers to look for a few incriminating messages could jeopardize the privacy of millions. It's no answer to suggest, as did the majority of the three-judge panel, that people can avoid these hazards by not storing their data electronically. To begin with, the choice about how information is stored is often made by someone other than the individuals whose privacy would be invaded by the search. Most people have no idea whether their doctor, lawyer or accountant maintains records in paper or electronic format, whether they are stored on the premises or on a server farm in Rancho Cucamonga, whether they are commingled with those of many other professionals 1177*1177 or kept entirely separate. Here, for example, the Tracey Directory contained a huge number of drug testing records, not only of the ten players for whom the government had probable cause but hundreds of other professional baseball players, thirteen other sports organizations, three unrelated sporting competitions, and a non-sports business entity—thousands of files in all, reflecting the test results of an unknown number of people, most having no relationship to professional baseball except that they had the bad luck of having their test results stored on the same computer as the baseball players.
  • Second, there are very important benefits to storing data electronically. Being able to back up the data and avoid the loss by fire, flood or earthquake is one of them. Ease of access from remote locations while traveling is another. The ability to swiftly share the data among professionals, such as sending MRIs for examination by a cancer specialist half-way around the world, can mean the difference between death and a full recovery. Electronic storage and transmission of data is no longer a peculiarity or a luxury of the very rich; it's a way of life. Government intrusions into large private databases thus have the potential to expose exceedingly sensitive information about countless individuals not implicated in any criminal activity, who might not even know that the information about them has been seized and thus can do nothing to protect their privacy. It is not surprising, then, that all three of the district judges below were severely troubled by the government's conduct in this case. Judge Mahan, for example, asked "what ever happened to the Fourth Amendment? Was it ... repealed somehow?" Judge Cooper referred to "the image of quickly and skillfully moving the cup so no one can find the pea." And Judge Illston regarded the government's tactics as "unreasonable" and found that they constituted "harassment." Judge Thomas, too, in his panel dissent, expressed frustration with the government's conduct and position, calling it a "breathtaking expansion of the `plain view' doctrine, which clearly has no application to intermingled private electronic data." Comprehensive Drug Testing, 513 F.3d at 1117.
  • Everyone's interests are best served if there are clear rules to follow that strike a fair balance between the legitimate needs of law enforcement and the right of individuals and enterprises to the privacy that is at the heart of the Fourth Amendment. Tamura has provided a workable framework for almost three decades, and might well have sufficed in this case had its teachings been followed. We have updated Tamura to apply to the daunting realities of electronic searches. We recognize the reality that over-seizing is an inherent part of the electronic search process and proceed on the assumption that, when it comes to the seizure of electronic records, this will be far more common than in the days of paper records. This calls for greater vigilance on the part of judicial officers in striking the right balance between the government's interest in law enforcement and the right of individuals to be free from unreasonable searches and seizures. The process of segregating electronic data that is seizable from that which is not must not become a vehicle for the government to gain access to data which it has no probable cause to collect.
  • Paul Merrell on 05 Dec 14
     
    From a Ninth U.S. Circuit Court of Appeals en banc ruling in 2010. The Court's holding was that federal investigators had vastly overstepped the boundaries of multiple subpoenas and a search warrant --- and the Fourth Amendment --- by seizing records of a testing laboratory and reviewing them for information not described in the warrant or the subpoenas. At issue in this particular case was the government's use of a warrant that found probable cause to believe that the records contained evidence that steroids had been found in the urine of ten major league baseball players but searched the seized records for urine tests of other baseball players. The Court upheld the lower courts' rulings that the government was required to return all records other than those relevant to the ten players identified in the warrant. (The government had instead used the records of other player's urine tests to issue subpoenas for evidence relevant to those players potential use of steroids.) This decision cuts very heavily against the notion that the Fourth Amendment allows the bulk collection of private information about millions of Americans with or without a warrantor court order on the theory that some of the records *may* later become relevant to a lawful investigation.   Or rephrased, here is the en banc decision of the largest federal court of appeals (as many judges as most other federal appellate courts combined), in direct disagreement with the FISA Court orders allowing bulk collection of telephone records and bulk "incidental" collection of Americans' telephone conversations on the theory that the records *might* become relevant to national security investigations. Yet none of the FISA judges in any of the FISA opinions published thus far even cited, let alone distinguished, this Ninth Circuit en banc decision. Which says a lot of the quality of the legal research performed by the FISA Court judges. However, this precedent is front and center in briefs filed with the Ni
‹ Previous 21 - 35 of 35
Showing 20 items per page