Skip to main content

Home/ Socialism and the End of the American Dream/ Group items matching ""all digital communications"" in title, tags, annotations or url

Group items matching
in title, tags, annotations or url

Sort By: Relevance | Date Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

If GCHQ wants to improve national security it must fix our technology | Technology | theguardian.com - 0 views

www.theguardian.com/...q-national-security-technology

surveillance state cyberwar vulnerabilities secure-computing Doctorow

shared by Paul Merrell on 10 Apr 14 - No Cached
  • In a recent column, security expert Bruce Schneier proposed breaking up the NSA – handing its offensive capabilities work to US Cyber Command and its law enforcement work to the FBI, and terminating its programme of attacking internet security. In place of this, Schneier proposed that “instead of working to deliberately weaken security for everyone, the NSA should work to improve security for everyone.” This is a profoundly good idea for reasons that may not be obvious at first blush.People who worry about security and freedom on the internet have long struggled with the problem of communicating the urgent stakes to the wider public. We speak in jargon that’s a jumble of mixed metaphors – viruses, malware, trojans, zero days, exploits, vulnerabilities, RATs – that are the striated fossil remains of successive efforts to come to grips with the issue. When we do manage to make people alarmed about the stakes, we have very little comfort to offer them, because Internet security isn’t something individuals can solve.
  • I remember well the day this all hit home for me. It was nearly exactly a year ago, and I was out on tour with my novel Homeland, which tells the story of a group of young people who come into possession of a large trove of government leaks that detail a series of illegal programmes through which supposedly democratic governments spy on people by compromising their computers.
  • I explained the book’s premise, and then talked about how this stuff works in the real world. I laid out a parade of awfuls, including a demonstrated attack that hijacked implanted defibrillators from 10 metres’ distance and caused them to compromise other defibrillators that came into range, implanting an instruction to deliver lethal shocks at a certain time in the future. I talked about Cassidy Wolf, the reigning Miss Teen USA, whose computer had been taken over by a “sextortionist” who captured nude photos of her and then threatened to release them if she didn’t perform live sex shows for him. I talked about the future of self-driving cars, smart buildings, implanted hearing aids and robotic limbs, and explained that the world is made out of computers that we put our bodies into, and that we put inside our bodies.These computers are badly secured. What’s more, governments and their intelligence agencies are actively working to undermine the security of our computers and networks. This was before the Snowden revelations, but we already knew that governments were buying “zero-day vulnerabilities” from security researchers. These are critical bugs that can be leveraged to compromise entire systems. Until recently, the normal response to the discovery of one of these “vulns” was to report them to the vendor so they could be repaired.
  • ...6 more annotations...
  • But spy-agencies and law-enforcement have created a bustling marketplace for “zero-days,” which are weaponised for the purpose of attacking the computers and networks of “bad guys”. The incentives have shifted, and now a newly discovered bug had a good chance of remaining unpatched and live in the field because governments wanted to be able to use it to hack their enemies.
  • Last year, when I finished that talk in Seattle, a talk about all the ways that insecure computers put us all at risk, a woman in the audience put up her hand and said, “Well, you’ve scared the hell out of me. Now what do I do? How do I make my computers secure?”And I had to answer: “You can’t. No one of us can. I was a systems administrator 15 years ago. That means that I’m barely qualified to plug in a WiFi router today. I can’t make my devices secure and neither can you. Not when our governments are buying up information about flaws in our computers and weaponising them as part of their crime-fighting and anti-terrorism strategies. Not when it is illegal to tell people if there are flaws in their computers, where such a disclosure might compromise someone’s anti-copying strategy.But: If I had just stood here and spent an hour telling you about water-borne parasites; if I had told you about how inadequate water-treatment would put you and everyone you love at risk of horrifying illness and terrible, painful death; if I had explained that our very civilisation was at risk because the intelligence services were pursuing a strategy of keeping information about pathogens secret so they can weaponise them, knowing that no one is working on a cure; you would not ask me ‘How can I purify the water coming out of my tap?’”
  • Because when it comes to public health, individual action only gets you so far. It doesn’t matter how good your water is, if your neighbour’s water gives him cholera, there’s a good chance you’ll get cholera, too. And even if you stay healthy, you’re not going to have a very good time of it when everyone else in your country is striken and has taken to their beds.If you discovered that your government was hoarding information about water-borne parasites instead of trying to eradicate them; if you discovered that they were more interested in weaponising typhus than they were in curing it, you would demand that your government treat your water-supply with the gravitas and seriousness that it is due.The public health analogy is suprisingly apt here. The public health threat-model is in a state of continuous flux, because our well-being is under continuous, deliberate attack from pathogens for whom we are, at best, host organisms, and at worst, dinner. Evolution drives these organisms to a continuously shifting array of tactics to slide past our defenses.Public health isn’t just about pathogens, either – its thorniest problems are about human behaviour and social policy. HIV is a blood-borne disease, but disrupting its spread requires changes to our attitudes about sex, pharmaceutical patents, drugs policy and harm minimisation. Almost everything interesting about HIV is too big to fit on a microscope slide.
  • And so it is for security: crypto is awesome maths, but it’s just maths. Security requires good password choice, good password management, good laws about compelled crypto disclosure, transparency into corporate security practices, and, of course, an end to the governmental practice of spending $250M/year on anti-security sabotage through the NSA/GCHQ programmes Bullrun and Edgehill.
  • But for me, the most important parallel between public health and internet security is their significance to our societal wellbeing. Everything we do today involves the internet. Everything we do tomorrow will require the internet. If you live near a nuclear power plant, fly in airplanes, ride in cars or trains, have an implanted pacemaker, keep money in the bank, or carry a phone, your safety and well-being depend on a robust, evolving, practice of network security.This is the most alarming part of the Snowden revelations: not just that spies are spying on all of us – that they are actively sabotaging all of our technical infrastructure to ensure that they can continue to spy on us.There is no way to weaken security in a way that makes it possible to spy on “bad guys” without making all of us vulnerable to bad guys, too. The goal of national security is totally incompatible with the tactic of weakening the nation’s information security.
  • “Virus” has been a term of art in the security world for decades, and with good reason. It’s a term that resonates with people, even people with only a cursory grasp of technology. As we strive to make the public and our elected representatives understand what’s at stake, let’s expand that pathogen/epidemiology metaphor. We’d never allow MI5 to suppress information on curing typhus so they could attack terrorists by infecting them with it. We need to stop allowing the NSA and GCHQ to suppress information on fixing bugs in our computers, phones, cars, houses, planes, and bodies.If GCHQ wants to improve the national security of the United Kingdom – if the NSA want to impove the American national security – they should be fixing our technology, not breaking it. The technology of Britons and Americans is under continuous, deadly attack from criminals, from foreign spies, and from creeps. Our security is better served by armouring us against these threats than it is by undermining security so that cops and spies have an easier time attacking “bad guys.”
Paul Merrell

In Keeping Grip on Data Pipeline, Obama Does Little to Reassure Industry - NYTimes.com - 0 views

www.nytimes.com/...ttle-to-reassure-industry.html

surveillance state NSA Obama Obama-speech sound-of-silence

shared by Paul Merrell on 18 Jan 14 - No Cached
  • Google, which briefly considered moving all of its computer servers out of the United States last year after learning how they had been penetrated by the National Security Agency, was looking for a public assurance from President Obama that the government would no longer secretly suck data from the company’s corner of the Internet cloud.Microsoft was listening to see if Mr. Obama would adopt a recommendation from his advisers that the government stop routinely stockpiling flaws in its Windows operating system, then using them to penetrate some foreign computer systems and, in rare cases, launch cyberattacks.
  • Intel and computer security companies were eager to hear Mr. Obama embrace a commitment that the United States would never knowingly move to weaken encryption systems. They got none of that.
  • Perhaps the most striking element of Mr. Obama’s speech on Friday was what it omitted: While he bolstered some protections for citizens who fear the N.S.A. is downloading their every dial, tweet and text message, he did nothing, at least yet, to loosen the agency’s grip on the world’s digital pipelines. White House officials said that Mr. Obama was committed to studying the complaints by American industry that the revelations were costing them billions of dollars in business overseas, by giving everyone from the Germans to the Brazilians to the Chinese an excuse to avoid American hardware and cloud services. “The most interesting part of this speech was not how the president weighed individual privacy against the N.S.A.,” said Fred H. Cate, the director of the Center of Applied Cybersecurity Research at Indiana University, “but that he said little about what to do about the agency’s practice of vacuuming up everything it can get its hands on.”
  • ...4 more annotations...
  • In fact, behind the speech lies a struggle Mr. Obama nodded at but never addressed head on. It pits corporations that view themselves as the core of America’s soft power around the world — the country’s economic driver and the guardians of its innovative edge — against an intelligence community 100,000 strong that regards its ability to peer into any corner of the digital world, and manipulate it if necessary, as crucial to the country’s security.In public, the coalition was polite if unenthusiastic about the president’s speech. His proposals, the companies said in a statement, “represent positive progress on key issues,” even while “crucial details remain to be addressed on these issues, and additional steps are needed on other important issues.” But in the online chat rooms that users and employees of those services inhabit each day, the president’s words were mocked. “If they really cared about the security of US infrastructure, they’d divulge the vulnerabilities they found or bought from the black market that exploit the security of these systems, so those systems can be fixed, and no one else can exploit them with these exploits,” wrote a user called “higherpurpose” on Hacker News.
  • In an interview, a senior administration official acknowledged that the administration had weighed what the president could say in public about the delicate problems of encryption, or the N.S.A.’s use of “zero day” flaws in software, the name for security holes that have never been seen before. It is a subject the intelligence agencies have refused to discuss in public, and Mr. Obama determined that it was both too secret, and too fluid, to discuss in the speech, officials said.In response to questions, the White House said the president had asked his special assistant for cybersecurity, Michael Daniel, and the president’s office of science and technology policy to study a recent advisory panel’s recommendation that the government get out of the business of corrupting the encryption systems created by American companies.
  • It will not be an easy task. One of the recent disclosures, first reported by Reuters, indicated that the N.S.A. paid millions of dollars to RSA, a major encryption firm, to incorporate a deliberately weakened algorithm into some of its products, giving the government a “back door” to read whatever it wanted. But when the advisory panel concluded that the United States should not “in any way subvert, weaken or make vulnerable generally available commercial software,” the intelligence agencies protested.“Some in the intelligence community saw that as a call for the N.S.A. to get out of cryptography, which is the reason they were created,” the senior official said. He added: “We’ve said that we are very much supportive of U.S. industry and making sure that U.S. industry remains competitive, and able to produce really good products. And N.S.A. has been out there saying they have no interest in breaking encryption that guards global commerce.”
  • But as Mr. Obama himself acknowledged, the United States has a credibility problem that will take years to address. The discovery that it had monitored the cellphone of Chancellor Angela Merkel of Germany, or that it has now found a way to tap into computers around the world that are completely disconnected from the Internet — using covert radio waves — only fuels the argument that American products cannot be trusted.That argument, heard these days from Berlin to Mexico City, may only be an excuse for protectionism. But it is an excuse that often works.
Paul Merrell

N.S.A. Devises Radio Pathway Into Computers - NYTimes.com - 1 views

www.nytimes.com/...not-connected-to-internet.html

surveillance state NSA NSA-capabilities air-gap-penetration must-read

shared by Paul Merrell on 16 Jan 14 - No Cached
  • The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those machines and can also create a digital highway for launching cyberattacks.While most of the software is inserted by gaining access to computer networks, the N.S.A. has increasingly made use of a secret technology that enables it to enter and alter data in computers even if they are not connected to the Internet, according to N.S.A. documents, computer experts and American officials.The technology, which the agency has used since at least 2008, relies on a covert channel of radio waves that can be transmitted from tiny circuit boards and USB cards inserted surreptitiously into the computers. In some cases, they are sent to a briefcase-size relay station that intelligence agencies can set up miles away from the target.
  • The radio frequency technology has helped solve one of the biggest problems facing American intelligence agencies for years: getting into computers that adversaries, and some American partners, have tried to make impervious to spying or cyberattack. In most cases, the radio frequency hardware must be physically inserted by a spy, a manufacturer or an unwitting user.
  • The N.S.A. and the Pentagon’s Cyber Command have implanted nearly 100,000 “computer network exploits” around the world, but the hardest problem is getting inside machines isolated from outside communications.
  • ...8 more annotations...
  • the program, code-named Quantum, has also been successful in inserting software into Russian military networks and systems used by the Mexican police and drug cartels, trade institutions inside the European Union, and sometime partners against terrorism like Saudi Arabia, India and Pakistan, according to officials and an N.S.A. map that indicates sites of what the agency calls “computer network exploitation.”“What’s new here is the scale and the sophistication of the intelligence agency’s ability to get into computers and networks to which no one has ever had access before,” said James Andrew Lewis, the cybersecurity expert at the Center for Strategic and International Studies in Washington. “Some of these capabilities have been around for a while, but the combination of learning how to penetrate systems to insert software and learning how to do that using radio frequencies has given the U.S. a window it’s never had before.”
  • A program named Treasure Map tried to identify nearly every node and corner of the web, so that any computer or mobile device that touched it could be located.
  • Over the past two months, parts of the program have been disclosed in documents from the trove leaked by Edward J. Snowden, the former N.S.A. contractor. A Dutch newspaper published the map of areas where the United States has inserted spy software, sometimes in cooperation with local authorities, often covertly. Der Spiegel, a German newsmagazine, published the N.S.A.'s catalog of hardware products that can secretly transmit and receive digital signals from computers, a program called ANT. The New York Times withheld some of those details, at the request of American intelligence officials, when it reported, in the summer of 2012, on American cyberattacks on Iran.
  • A 2008 map, part of the Snowden trove, notes 20 programs to gain access to big fiber-optic cables — it calls them “covert, clandestine or cooperative large accesses” — not only in the United States but also in places like Hong Kong, Indonesia and the Middle East. The same map indicates that the United States had already conducted “more than 50,000 worldwide implants,” and a more recent budget document said that by the end of last year that figure would rise to about 85,000. A senior official, who spoke on the condition of anonymity, said the actual figure was most likely closer to 100,000.
  • The N.S.A.'s efforts to reach computers unconnected to a network have relied on a century-old technology updated for modern times: radio transmissions.In a catalog produced by the agency that was part of the Snowden documents released in Europe, there are page after page of devices using technology that would have brought a smile to Q, James Bond’s technology supplier.
  • One, called Cottonmouth I, looks like a normal USB plug but has a tiny transceiver buried in it. According to the catalog, it transmits information swept from the computer “through a covert channel” that allows “data infiltration and exfiltration.” Another variant of the technology involves tiny circuit boards that can be inserted in a laptop computer — either in the field or when they are shipped from manufacturers — so that the computer is broadcasting to the N.S.A. even while the computer’s user enjoys the false confidence that being walled off from the Internet constitutes real protection.The relay station it communicates with, called Nightstand, fits in an oversize briefcase, and the system can attack a computer “from as far away as eight miles under ideal environmental conditions.” It can also insert packets of data in milliseconds, meaning that a false message or piece of programming can outrace a real one to a target computer. Similar stations create a link between the target computers and the N.S.A., even if the machines are isolated from the Internet.
  • Computers are not the only targets. Dropoutjeep attacks iPhones. Other hardware and software are designed to infect large network servers, including those made by the Chinese.Most of those code names and products are now at least five years old, and they have been updated, some experts say, to make the United States less dependent on physically getting hardware into adversaries’ computer systems.
  • But the Stuxnet strike does not appear to be the last time the technology was used in Iran. In 2012, a unit of the Islamic Revolutionary Guards Corps moved a rock near the country’s underground Fordo nuclear enrichment plant. The rock exploded and spewed broken circuit boards that the Iranian news media described as “the remains of a device capable of intercepting data from computers at the plant.” The origins of that device have never been determined.
  • Paul Merrell on 16 Jan 14
     
    Even radio transceivers emplanted in USB jacks. So now to be truly secure, we need not only an air gap but also a Faraday cage protecting the air gap. 
Paul Merrell

Surveillance Revelations Shake U.S.-German Ties - NYTimes.com - 0 views

www.nytimes.com/...ions-shake-us-german-ties.html

surveillance state NSA UN embassies Germany

shared by Paul Merrell on 26 Aug 13 - No Cached
  • Continuing revelations, based on documents leaked by Edward J. Snowden, of sweeping American digital surveillance around the world are rattling the close ties between the United States and Germany.
  • Evidence that the United States has been spying extensively on its allies as well as on its enemies has been among the most significant revelations from Mr. Snowden, along with widespread government surveillance of the telephone and digital communications of American citizens without warrants. The Der Spiegel article on Sunday was not the first to reveal American eavesdropping at the United Nations, which many diplomats have assumed for years was taking place. But it added extensive new detail to what had previously been reported, and it may compound the frictions developing between the United States and its allies over the issue — especially with Germany, where Chancellor Angela Merkel is in the midst of an election campaign. Top German officials traveled to Washington this month to press an unusual demand: to negotiate a new formal agreement with the United States that neither side will spy on the other.
  • In a country scarred by Nazi and Communist pasts, the issue is prompting not just a debate about privacy and data protection, but also demands from German officials that the Berlin-Washington security partnership be put on a new footing. The latest of the Snowden revelations came on Sunday, when the German newsmagazine Der Spiegel published a report, citing documents Mr. Snowden obtained while he worked as a contractor for the National Security Agency, that said the agency had succeeded in tapping into videoconferences at the United Nations in New York, into the European Union’s mission to the United Nations, and into other diplomatic missions around the world.
  • ...1 more annotation...
  • the eavesdropping described in the Snowden documents would have violated agreements that the United States has made. The report said that the N.S.A. succeeded last year in cracking an encrypted video teleconferencing system at the United Nations, and even stumbled across Chinese spies who were apparently invading the same communications system. The magazine also published a floor plan, evidently from N.S.A. files, of the third floor of the European mission to the United Nations on Third Avenue in New York, showing the locations of offices and computer servers. Der Spiegel suggested that the spying on allies and the United Nations made President Obama’s defense of surveillance programs as a counterterrorism effort seem misleading at best.
  • Paul Merrell on 26 Aug 13
     
    See also further information in the Der Spiegel article at http://tinyurl.com/m2okg6e (translation required).
Paul Merrell

Popular Security Software Came Under Relentless NSA and GCHQ Attacks - The Intercept - 0 views

firstlook.org/...nsa-gchq-targeted-kaspersky

surveillance state NSA GCHQ anti-virus-software

shared by Paul Merrell on 23 Jun 15 - No Cached
  • The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden. The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products. British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.
  • The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.
  • The requested warrant, provided under Section 5 of the U.K.’s 1994 Intelligence Services Act, must be renewed by a government minister every six months. The document published today is a renewal request for a warrant valid from July 7, 2008 until January 7, 2009. The request seeks authorization for GCHQ activities that “involve modifying commercially available software to enable interception, decryption and other related tasks, or ‘reverse engineering’ software.”
  • ...9 more annotations...
  • The NSA, like GCHQ, has studied Kaspersky Lab’s software for weaknesses. In 2008, an NSA research team discovered that Kaspersky software was transmitting sensitive user information back to the company’s servers, which could easily be intercepted and employed to track users, according to a draft of a top-secret report. The information was embedded in “User-Agent” strings included in the headers of Hypertext Transfer Protocol, or HTTP, requests. Such headers are typically sent at the beginning of a web request to identify the type of software and computer issuing the request.
  • According to the draft report, NSA researchers found that the strings could be used to uniquely identify the computing devices belonging to Kaspersky customers. They determined that “Kaspersky User-Agent strings contain encoded versions of the Kaspersky serial numbers and that part of the User-Agent string can be used as a machine identifier.” They also noted that the “User-Agent” strings may contain “information about services contracted for or configurations.” Such data could be used to passively track a computer to determine if a target is running Kaspersky software and thus potentially susceptible to a particular attack without risking detection.
  • Another way the NSA targets foreign anti-virus companies appears to be to monitor their email traffic for reports of new vulnerabilities and malware. A 2010 presentation on “Project CAMBERDADA” shows the content of an email flagging a malware file, which was sent to various anti-virus companies by François Picard of the Montréal-based consulting and web hosting company NewRoma. The presentation of the email suggests that the NSA is reading such messages to discover new flaws in anti-virus software. Picard, contacted by The Intercept, was unaware his email had fallen into the hands of the NSA. He said that he regularly sends out notification of new viruses and malware to anti-virus companies, and that he likely sent the email in question to at least two dozen such outfits. He also said he never sends such notifications to government agencies. “It is strange the NSA would show an email like mine in a presentation,” he added.
  • The NSA presentation goes on to state that its signals intelligence yields about 10 new “potentially malicious files per day for malware triage.” This is a tiny fraction of the hostile software that is processed. Kaspersky says it detects 325,000 new malicious files every day, and an internal GCHQ document indicates that its own system “collect[s] around 100,000,000 malware events per day.” After obtaining the files, the NSA analysts “[c]heck Kaspersky AV to see if they continue to let any of these virus files through their Anti-Virus product.” The NSA’s Tailored Access Operations unit “can repurpose the malware,” presumably before the anti-virus software has been updated to defend against the threat.
  • The Project CAMBERDADA presentation lists 23 additional AV companies from all over the world under “More Targets!” Those companies include Check Point software, a pioneering maker of corporate firewalls based Israel, whose government is a U.S. ally. Notably omitted are the American anti-virus brands McAfee and Symantec and the British company Sophos.
  • As government spies have sought to evade anti-virus software, the anti-virus firms themselves have exposed malware created by government spies. Among them, Kaspersky appears to be the sharpest thorn in the side of government hackers. In the past few years, the company has proven to be a prolific hunter of state-sponsored malware, playing a role in the discovery and/or analysis of various pieces of malware reportedly linked to government hackers, including the superviruses Flame, which Kaspersky flagged in 2012; Gauss, also detected in 2012; Stuxnet, discovered by another company in 2010; and Regin, revealed by Symantec. In February, the Russian firm announced its biggest find yet: the “Equation Group,” an organization that has deployed espionage tools widely believed to have been created by the NSA and hidden on hard drives from leading brands, according to Kaspersky. In a report, the company called it “the most advanced threat actor we have seen” and “probably one of the most sophisticated cyber attack groups in the world.”
  • Hacks deployed by the Equation Group operated undetected for as long as 14 to 19 years, burrowing into the hard drive firmware of sensitive computer systems around the world, according to Kaspersky. Governments, militaries, technology companies, nuclear research centers, media outlets and financial institutions in 30 countries were among those reportedly infected. Kaspersky estimates that the Equation Group could have implants in tens of thousands of computers, but documents published last year by The Intercept suggest the NSA was scaling up their implant capabilities to potentially infect millions of computers with malware. Kaspersky’s adversarial relationship with Western intelligence services is sometimes framed in more sinister terms; the firm has been accused of working too closely with the Russian intelligence service FSB. That accusation is partly due to the company’s apparent success in uncovering NSA malware, and partly due to the fact that its founder, Eugene Kaspersky, was educated by a KGB-backed school in the 1980s before working for the Russian military.
  • Kaspersky has repeatedly denied the insinuations and accusations. In a recent blog post, responding to a Bloomberg article, he complained that his company was being subjected to “sensationalist … conspiracy theories,” sarcastically noting that “for some reason they forgot our reports” on an array of malware that trace back to Russian developers. He continued, “It’s very hard for a company with Russian roots to become successful in the U.S., European and other markets. Nobody trusts us — by default.”
  • Documents published with this article: Kaspersky User-Agent Strings — NSA Project CAMBERDADA — NSA NDIST — GCHQ’s Developing Cyber Defence Mission GCHQ Application for Renewal of Warrant GPW/1160 Software Reverse Engineering — GCHQ Reverse Engineering — GCHQ Wiki Malware Analysis & Reverse Engineering — ACNO Skill Levels — GCHQ
Paul Merrell

FBI Flouts Obama Directive to Limit Gag Orders on National Security Letters - The Intercept - 0 views

firstlook.org/...ders-national-security-letters

surveillance state FBI NSLs litigation 1st Amendment civil-liberties

shared by Paul Merrell on 24 Feb 15 - No Cached
  • Despite the post-Snowden spotlight on mass surveillance, the intelligence community’s easiest end-run around the Fourth Amendment since 2001 has been something called a National Security Letter. FBI agents can demand that an Internet service provider, telephone company or financial institution turn over its records on any number of people — without any judicial review whatsoever — simply by writing a letter that says the information is needed for national security purposes. The FBI at one point was cranking out over 50,000 such letters a year; by the latest count, it still issues about 60 a day. The letters look like this:
  • Recipients are legally required to comply — but it doesn’t stop there. They also aren’t allowed to mention the order to anyone, least of all the person whose data is being searched. Ever. That’s because National Security Letters almost always come with eternal gag orders. Here’s that part:
  • That means the NSL process utterly disregards the First Amendment as well. More than a year ago, President Obama announced that he was ordering the Justice Department to terminate gag orders “within a fixed time unless the government demonstrates a real need for further secrecy.” And on Feb. 3, when the Office of the Director of National Intelligence announced a handful of baby steps resulting from its “comprehensive effort to examine and enhance [its] privacy and civil liberty protections” one of the most concrete was — finally — to cap the gag orders: In response to the President’s new direction, the FBI will now presumptively terminate National Security Letter nondisclosure orders at the earlier of three years after the opening of a fully predicated investigation or the investigation’s close. Continued nondisclosures orders beyond this period are permitted only if a Special Agent in Charge or a Deputy Assistant Director determines that the statutory standards for nondisclosure continue to be satisfied and that the case agent has justified, in writing, why continued nondisclosure is appropriate.
  • ...6 more annotations...
  • Despite the use of the word “now” in that first sentence, however, the FBI has yet to do any such thing. It has not announced any such change, nor explained how it will implement it, or when. Media inquiries were greeted with stalling and, finally, a no comment — ostensibly on advice of legal counsel. “There is pending litigation that deals with a lot of the same questions you’re asking, out of the Ninth Circuit,” FBI spokesman Chris Allen told me. “So for now, we’ll just have to decline to comment.” FBI lawyers are working on a court filing for that case, and “it will address” the new policy, he said. He would not say when to expect it.
  • There is indeed a significant case currently before the federal appeals court in San Francisco. Oral arguments were in October. A decision could come any time. But in that case, the Electronic Frontier Foundation (EFF), which is representing two unnamed communications companies that received NSLs, is calling for the entire NSL statute to be thrown out as unconstitutional — not for a tweak to the gag. And it has a March 2013 district court ruling in its favor. “The gag is a prior restraint under the First Amendment, and prior restraints have to meet an extremely high burden,” said Andrew Crocker, a legal fellow at EFF. That means going to court and meeting the burden of proof — not just signing a letter. Or as the Cato Institute’s Julian Sanchez put it, “To have such a low bar for denying persons or companies the right to speak about government orders they have been served with is anathema. And it is not very good for accountability.”
  • In a separate case, a wide range of media companies (including First Look Media, the non-profit digital media venture that produces The Intercept) are supporting a lawsuit filed by Twitter, demanding the right to say specifically how many NSLs it has received. But simply releasing companies from a gag doesn’t assure the kind of accountability that privacy advocates are saying is required by the Constitution. “What the public has to remember is a NSL is asking for your information, but it’s not asking it from you,” said Michael German, a former FBI agent who is now a fellow with the Brennan Center for Justice. “The vast majority of these things go to the very large telecommunications and financial companies who have a large stake in maintaining a good relationship with the government because they’re heavily regulated entities.”
  • So, German said, “the number of NSLs that would be exposed as a result of the release of the gag order is probably very few. The person whose records are being obtained is the one who should receive some notification.” A time limit on gags going forward also raises the question of whether past gag orders will now be withdrawn. “Obviously there are at this point literally hundreds of thousands of National Security Letters that are more than three years old,” said Sanchez. Individual review is therefore unlikely, but there ought to be some recourse, he said. And the further back you go, “it becomes increasingly implausible that a significant percentage of those are going to entail some dire national security risk.” The NSL program has a troubled history. The absolute secrecy of the program and resulting lack of accountability led to systemic abuse as documented by repeated inspector-general investigations, including improperly authorized NSLs, factual misstatements in the NSLs, improper requests under NSL statutes, requests for information based on First Amendment protected activity, “after-the-fact” blanket NSLs to “cover” illegal requests, and hundreds of NSLs for “community of interest” or “calling circle” information without any determination that the telephone numbers were relevant to authorized national security investigations.
  • Obama’s own hand-selected “Review Group on Intelligence and Communications Technologies” recommended in December 2013 that NSLs should only be issued after judicial review — just like warrants — and that any gag should end within 180 days barring judicial re-approval. But FBI director James Comey objected to the idea, calling NSLs “a very important tool that is essential to the work we do.” His argument evidently prevailed with Obama.
  • NSLs have managed to stay largely under the American public’s radar. But, Crocker says, “pretty much every time I bring it up and give the thumbnail, people are shocked. Then you go into how many are issued every year, and they go crazy.” Want to send me your old NSL and see if we can set a new precedent? Here’s how to reach me. And here’s how to leak to me.
Paul Merrell

Canada Casts Global Surveillance Dragnet Over File Downloads - The Intercept - 0 views

firstlook.org/...e-levitation-mass-surveillance

surveillance state Canada CSE NSA-targets downloads

shared by Paul Merrell on 29 Jan 15 - No Cached
  • Canada’s leading surveillance agency is monitoring millions of Internet users’ file downloads in a dragnet search to identify extremists, according to top-secret documents. The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files. The revelations about the spying initiative, codenamed LEVITATION, are the first from the trove of files provided by National Security Agency whistleblower Edward Snowden to show that the Canadian government has launched its own globe-spanning Internet mass surveillance system. According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA. (The Canadian agency was formerly known as “CSEC” until a recent name change.)
  • The latest disclosure sheds light on Canada’s broad existing surveillance capabilities at a time when the country’s government is pushing for a further expansion of security powers following attacks in Ottawa and Quebec last year. Ron Deibert, director of University of Toronto-based Internet security think tank Citizen Lab, said LEVITATION illustrates the “giant X-ray machine over all our digital lives.” “Every single thing that you do – in this case uploading/downloading files to these sites – that act is being archived, collected and analyzed,” Deibert said, after reviewing documents about the online spying operation for CBC News. David Christopher, a spokesman for Vancouver-based open Internet advocacy group OpenMedia.ca, said the surveillance showed “robust action” was needed to rein in the Canadian agency’s operations.
  • In a top-secret PowerPoint presentation, dated from mid-2012, an analyst from the agency jokes about how, while hunting for extremists, the LEVITATION system gets clogged with information on innocuous downloads of the musical TV series Glee. CSE finds some 350 “interesting” downloads each month, the presentation notes, a number that amounts to less than 0.0001 per cent of the total collected data. The agency stores details about downloads and uploads to and from 102 different popular file-sharing websites, according to the 2012 document, which describes the collected records as “free file upload,” or FFU, “events.” Only three of the websites are named: RapidShare, SendSpace, and the now defunct MegaUpload.
  • ...3 more annotations...
  • “The specific uses that they talk about in this [counter-terrorism] context may not be the problem, but it’s what else they can do,” said Tamir Israel, a lawyer with the University of Ottawa’s Canadian Internet Policy and Public Interest Clinic. Picking which downloads to monitor is essentially “completely at the discretion of CSE,” Israel added. The file-sharing surveillance also raises questions about the number of Canadians whose downloading habits could have been swept up as part of LEVITATION’s dragnet. By law, CSE isn’t allowed to target Canadians. In the LEVITATION presentation, however, two Canadian IP addresses that trace back to a web server in Montreal appear on a list of suspicious downloads found across the world. The same list includes downloads that CSE monitored in closely allied countries, including the United Kingdom, United States, Spain, Brazil, Germany and Portugal. It is unclear from the document whether LEVITATION has ever prevented any terrorist attacks. The agency cites only two successes of the program in the 2012 presentation: the discovery of a hostage video through a previously unknown target, and an uploaded document that contained the hostage strategy of a terrorist organization. The hostage in the discovered video was ultimately killed, according to public reports.
  • LEVITATION does not rely on cooperation from any of the file-sharing companies. A separate secret CSE operation codenamed ATOMIC BANJO obtains the data directly from internet cables that it has tapped into, and the agency then sifts out the unique IP address of each computer that downloaded files from the targeted websites. The IP addresses are valuable pieces of information to CSE’s analysts, helping to identify people whose downloads have been flagged as suspicious. The analysts use the IP addresses as a kind of search term, entering them into other surveillance databases that they have access to, such as the vast repositories of intercepted Internet data shared with the Canadian agency by the NSA and its British counterpart Government Communications Headquarters. If successful, the searches will return a list of results showing other websites visited by the people downloading the files – in some cases revealing associations with Facebook or Google accounts. In turn, these accounts may reveal the names and the locations of individual downloaders, opening the door for further surveillance of their activities.
  • Canada’s leading surveillance agency is monitoring millions of Internet users’ file downloads in a dragnet search to identify extremists, according to top-secret documents. The covert operation, revealed Wednesday by CBC News in collaboration with The Intercept, taps into Internet cables and analyzes records of up to 15 million downloads daily from popular websites commonly used to share videos, photographs, music, and other files. The revelations about the spying initiative, codenamed LEVITATION, are the first from the trove of files provided by National Security Agency whistleblower Edward Snowden to show that the Canadian government has launched its own globe-spanning Internet mass surveillance system. According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA. (The Canadian agency was formerly known as “CSEC” until a recent name change.)
Paul Merrell

In Hearing on Internet Surveillance, Nobody Knows How Many Americans Impacted in Data Collection | Electronic Frontier Foundation - 0 views

www.eff.org/...w-many-americans-impacted-data

surveillance state NSA 702 FISA legislation backdoor-serches stats

shared by Paul Merrell on 29 May 16 - No Cached
  • The Senate Judiciary Committee held an open hearing today on the FISA Amendments Act, the law that ostensibly authorizes the digital surveillance of hundreds of millions of people both in the United States and around the world. Section 702 of the law, scheduled to expire next year, is designed to allow U.S. intelligence services to collect signals intelligence on foreign targets related to our national security interests. However—thanks to the leaks of many whistleblowers including Edward Snowden, the work of investigative journalists, and statements by public officials—we now know that the FISA Amendments Act has been used to sweep up data on hundreds of millions of people who have no connection to a terrorist investigation, including countless Americans. What do we mean by “countless”? As became increasingly clear in the hearing today, the exact number of Americans impacted by this surveillance is unknown. Senator Franken asked the panel of witnesses, “Is it possible for the government to provide an exact count of how many United States persons have been swept up in Section 702 surveillance? And if not the exact count, then what about an estimate?”
  • Elizabeth Goitein, the Brennan Center director whose articulate and thought-provoking testimony was the highlight of the hearing, noted that at this time an exact number would be difficult to provide. However, she asserted that an estimate should be possible for most if not all of the government’s surveillance programs. None of the other panel participants—which included David Medine and Rachel Brand of the Privacy and Civil Liberties Oversight Board as well as Matthew Olsen of IronNet Cybersecurity and attorney Kenneth Wainstein—offered an estimate. Today’s hearing reaffirmed that it is not only the American people who are left in the dark about how many people or accounts are impacted by the NSA’s dragnet surveillance of the Internet. Even vital oversight committees in Congress like the Senate Judiciary Committee are left to speculate about just how far-reaching this surveillance is. It's part of the reason why we urged the House Judiciary Committee to demand that the Intelligence Community provide the public with a number. 
  • The lack of information makes rigorous oversight of the programs all but impossible. As Senator Franken put it in the hearing today, “When the public lacks even a rough sense of the scope of the government’s surveillance program, they have no way of knowing if the government is striking the right balance, whether we are safeguarding our national security without trampling on our citizens’ fundamental privacy rights. But the public can’t know if we succeed in striking that balance if they don’t even have the most basic information about our major surveillance programs."  Senator Patrick Leahy also questioned the panel about the “minimization procedures” associated with this type of surveillance, the privacy safeguard that is intended to ensure that irrelevant data and data on American citizens is swiftly deleted. Senator Leahy asked the panel: “Do you believe the current minimization procedures ensure that data about innocent Americans is deleted? Is that enough?”  David Medine, who recently announced his pending retirement from the Privacy and Civil Liberties Oversight Board, answered unequivocally:
  • ...2 more annotations...
  • Senator Leahy, they don’t. The minimization procedures call for the deletion of innocent Americans’ information upon discovery to determine whether it has any foreign intelligence value. But what the board’s report found is that in fact information is never deleted. It sits in the databases for 5 years, or sometimes longer. And so the minimization doesn’t really address the privacy concerns of incidentally collected communications—again, where there’s been no warrant at all in the process… In the United States, we simply can’t read people’s emails and listen to their phone calls without court approval, and the same should be true when the government shifts its attention to Americans under this program. One of the most startling exchanges from the hearing today came toward the end of the session, when Senator Dianne Feinstein—who also sits on the Intelligence Committee—seemed taken aback by Ms. Goitein’s mention of “backdoor searches.” 
  • Feinstein: Wow, wow. What do you call it? What’s a backdoor search? Goitein: Backdoor search is when the FBI or any other agency targets a U.S. person for a search of data that was collected under Section 702, which is supposed to be targeted against foreigners overseas. Feinstein: Regardless of the minimization that was properly carried out. Goitein: Well the data is searched in its unminimized form. So the FBI gets raw data, the NSA, the CIA get raw data. And they search that raw data using U.S. person identifiers. That’s what I’m referring to as backdoor searches. It’s deeply concerning that any member of Congress, much less a member of the Senate Judiciary Committee and the Senate Intelligence Committee, might not be aware of the problem surrounding backdoor searches. In April 2014, the Director of National Intelligence acknowledged the searches of this data, which Senators Ron Wyden and Mark Udall termed “the ‘back-door search’ loophole in section 702.” The public was so incensed that the House of Representatives passed an amendment to that year's defense appropriations bill effectively banning the warrantless backdoor searches. Nonetheless, in the hearing today it seemed like Senator Feinstein might not recognize or appreciate the serious implications of allowing U.S. law enforcement agencies to query the raw data collected through these Internet surveillance programs. Hopefully today’s testimony helped convince the Senator that there is more to this topic than what she’s hearing in jargon-filled classified security briefings.
  • Paul Merrell on 29 May 16
     
    The 4th Amendment: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and *particularly describing the place to be searched, and the* persons or *things to be seized."* So much for the particularized description of the place to be searched and the thngs to be seized.  Fah! Who needs a Constitution, anyway .... 
Paul Merrell

From Paris to Boston, Terrorists Were Already Known to Authorities - 0 views

theintercept.com/...e-already-known-to-authorities

war & peace terrorism™ surveillance state failures

shared by Paul Merrell on 22 Nov 15 - No Cached
  • WHENEVER A TERRORIST ATTACK OCCURS, it never takes long for politicians to begin calling for more surveillance powers. The horrendous attacks in Paris last week, which left more than 120 people dead, are no exception to this rule. In recent days, officials in the United Kingdom and the United States have been among those arguing that more surveillance of Internet communications is necessary to prevent further atrocities. The case for expanded surveillance of communications, however, is complicated by an analysis of recent terrorist attacks. The Intercept has reviewed 10 high-profile jihadi attacks carried out in Western countries between 2013 and 2015 (see below), and in each case some or all of the perpetrators were already known to the authorities before they executed their plot. In other words, most of the terrorists involved were not ghost operatives who sprang from nowhere to commit their crimes; they were already viewed as a potential threat, yet were not subjected to sufficient scrutiny by authorities under existing counterterrorism powers. Some of those involved in last week’s Paris massacre, for instance, were already known to authorities; at least three of the men appear to have been flagged at different times as having been radicalized, but warning signs were ignored.
  • In the aftermath of a terrorist atrocity, government officials often seem to talk about surveillance as if it were some sort of panacea, a silver bullet. But what they always fail to explain is how, even with mass surveillance systems already in place in countries like France, the United States, and the United Kingdom, attacks still happen. In reality, it is only possible to watch some of the people some of the time, not all of the people all of the time. Even if you had every single person in the world under constant electronic surveillance, you would still need a human being to analyze the data and assess any threats in a timely fashion. And human resources are limited and fallible.
Paul Merrell

DOJ Seeks Removal Of Restrictions On Computer Search Warrants - 0 views

www.mintpressnews.com/...190535

surveillance state digital-privacy remote-computer-search 4th Amendment

shared by Paul Merrell on 13 May 14 - No Cached
  • The Justice Department recently submitted proposed new rules on the procedures and practices of the department’s agencies and bureaus. Among the suggested changes is a modification of the Federal Rules of Criminal Procedure Rule 41(b), which empowers a federal court to issue a warrant allowing the federal government to conduct a search of a computer or computer network involved in a criminal investigation. Under current regulations, a warrant issued by a federal court is only valid in that court’s district. As there are 94 federal judicial districts, investigating a widespread attack may require either petitioning dozens of district courts or acting extrajudicially by not seeking a warrant. An extrajudicial investigation, however, cannot be used if criminal convictions are sought, as evidence gathered in this manner is not typically admissible in court. The Justice Department is seeking to make remote access warrants to search, seize and copy electronic information valid for all federal districts.
  • The Justice Department argues that due to the sophistication of cyber-criminals, an offending computer or computer cluster can sit in a district separate from the district where the hackers that infected the target computer anonymously are and separate from the investigators’ district. “Criminals are using multiple computers in many districts simultaneously as part of complex criminal schemes, and effectively investigating and disrupting these schemes often requires remote access to Internet-connected computers in many different districts,” wrote then-acting Assistant Attorney General Mythili Raman in a September letter to the Advisory Committee on the Criminal Rules. “Botnets are a significant threat to the public: they are used to conduct large-scale denial of service attacks, steal personal and financial data, and distribute malware designed to invade the privacy of users of the host computers,” Raman continued. In the letter, Raman cited an investigation of a child porn site that uses The Onion Router Network, or Tor, to anonymize its traffic. The Justice Department argues that it knows the site’s hosting server location, but without a warrant local to the server, the department is prevented from retrieving the server’s user records — including IP and MAC addresses. In most cases, however, law enforcement do not know the physical location of the site’s server, making it impossible to request a specific warrant.
  • In these cases, the Justice Department could request a blanket warrant. This would allow the department to set up a “zero-day” attack on the server — an attack exploiting a manufacturer-unknown or -permitted security flaw, allowing access to the system’s operating software. However, a Texas judge denied the FBI access to such a warrant, saying the Justice Department’s use of “zero-day” attacks in its investigation exposes the public and the target to unknown risks. One typical type of a “zero-day” attack is an infected email that could affect a large number of innocent people if the target used a public computer to access his email. The FBI planned to install a Remote Administration Tool, or RAT, which would distribute such emails in a partially-targeted spam mail distribution. Last year, Federal Magistrate Judge Stephen Smith of the Houston Division of the Southern District of Texas ruled that this was a gross overreach of investigatory intrusion, blocking the plan temporarily. A “zero-day” attack has the potential to activate and control the targeted computer’s peripherals, such as webcams and microphones.
  • ...2 more annotations...
  • Following this ruling, based on the assumptions that federal law enforcement fundamentally act in good faith and that there may be a legitimate need for remote exploitation of computer data, the Justice Department sought to introduce changes to the rules that would overcome Smith’s objections. The proposed change to Rule 41(b) would allow magistrate judges “… to issue a warrant to use remote access to search electronic storage media and to seize electronically stored information located within or outside that district.” The Justice Department has indicated that it wants warrants permitting multiple computers to be searched at the same time, as well as permission to search all of the email and social media accounts accessible from a single computer. Such access would constitute a violation of the Electronic Communications Privacy Act, as the government, under the act, must make demonstrate probable cause to each targeted service provider and obtain and serve a warrant for each service provider. A warrant to search every account active on a computer would be actively bypassing the act’s numerous safeguards.
  • Privacy advocates fear that this rule change would allow prosecutors and the Justice Department to seek out magistrates likely to give them their requested warrants, creating a situation in which the federal government could have a “warrant shop” with just one judge for the whole of the nation. In light of allegations of federal government over-policing — including revelations of aggressive domestic and international electronic spying by the FBI and the National Security Agency — many advocates argue that an examination of the federal government’s commitment to the Fourth Amendment is needed. “The proposed amendment would significantly expand the government’s authority to conduct remote searches of electronic storage media,” the American Civil Liberties Union wrote in a memorandum early last month. “It would also expand the government’s power to engage in computer hacking in the course of criminal investigations, including through the use of malware and other techniques that pose a risk to internet security and that raise Fourth Amendment and policy concerns. “In light of these concerns, the ACLU recommends that the Advisory Committee exercise extreme caution before granting the government new authority to remotely search individuals’ electronic data.” The rules are scheduled to be discussed at the meeting of the Judiciary’s Committee on Rules of Practice and Procedure later this month.
  • Paul Merrell on 13 May 14
     
    The proposed rule change is at pp. 499-501 here. http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#page499 (very large PDF).  This is not just about the government being granted permission to exploit vulnerabilities unknown to the computer owner; the issue arose in a case where the government sought judicial permission to implant a Trojan Horse in a suspect's computer. Moreover, the proposed rule goes far beyond the confines of that case, purporting to authorize the government to skip merrily along searching computers not specified in the warrant, along the purported botnet. To put the icing on the cake, the government wants to be relieved from the requirement that they apply for a warrant in the district in which the computer to be searched is located. ("Oh, Goody! Let's start shopping around for the judges we like instead of the ones we are now required to persuade. What? The Mississippi judge refused to sign the warrant? Oh well, let's try it with that other judge we like, the one in Gnome, Alaska.") In other words, what the government seeks is authority for "general warrants," the very evil that the 4th Amendment was designed to outlaw. Even more outrageously, the proposed rule provides in part: "For a warrant to use remote access to search electronic storage media and seize or copy electronically stored information, the officer must make reasonable efforts to serve a copy of the warrant on the person whose property *was* searched or whose information *was* seized or copied. Service may be accomplished by any means, including electronic means, reasonably calculated to reach that person." Not the use of the past tense "was." So after they have drained your computer of all its data, they may permissibly install a batch file that will display a copy of the warrant on your monitor the next time you boot your computer. With a big red lipstick imprint of a kiss imprinted in the warrant's bottom margin, no doubt
  • Paul Merrell on 13 May 14
     
    The proposed rule change is at pp. 499-501 here. http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#page499 (very large PDF).  This is not just about the government being granted permission to exploit vulnerabilities unknown to the computer owner; the issue arose in a case where the government sought judicial permission to implant a Trojan Horse in a suspect's computer. Moreover, the proposed rule goes far beyond the confines of that case, purporting to authorize the government to skip merrily along searching computers not specified in the warrant, along the purported botnet. To put the icing on the cake, the government wants to be relieved from the requirement that they apply for a warrant in the district in which the computer to be searched is located. In other words, what the government seeks is authority for "general warrants," the very evil that the 4th Amendment was designed to outlaw. Even more outrageously, the proposed rule provides in part: "For a warrant to use remote access to search electronic storage media and seize or copy electronically stored information, the officer must make reasonable efforts to serve a copy of the warrant on the person whose property *was* searched or whose information *was* seized or copied. Service may be accomplished by any means, including electronic means, reasonably calculated to reach that person." Not the use of the past tense "was." So after they have drained your computer of all its data, they may permissibly install a batch file that will display a copy of the warrant on your monitor the next time you boot your computer. With a big red lipstick imprint of a kiss imprinted at the bottom.  To be continued after this is intially posted to Diigo so the content isn't cut off.   
Paul Merrell

Wyden Statement at Senate Intelligence Committee's Open Hearing | Press Releases | U.S. Senator Ron Wyden - 0 views

www.wyden.senate.gov/...igence-committees-open-hearing

surveillance state Senate-investigation Wyden Clapper Comey Brennan lies NSA CIA FBI must-read

shared by Paul Merrell on 31 Jan 14 - No Cached
  • U.S. Senator Ron Wyden (D-Ore.) delivered the following statement prior to questioning senior Intelligence Community officials during the Senate Intelligence Committee’s open hearing. Wyden is a senior member of the Intelligence committee. “The men and women of America’s intelligence agencies are overwhelmingly dedicated professionals and they deserve to have leadership that is trusted by the American people. Unfortunately, that trust has been seriously undermined by senior officials’ reckless reliance on secret interpretations of the law and battered by years of misleading and deceptive statements that senior officials made to the American people. These statements did not protect sources and methods that were useful in fighting terror. Instead they hid bad policy choices and violations of the liberties of the American people. For example, the director of the NSA said publicly that the NSA doesn’t hold data on U.S. citizens. That was obviously untrue.  Justice Department officials testified that section 215 of the Patriot Act is analogous to grand jury subpoena authority. And that deceptive statement was made on multiple occasions. Officials also suggested that the NSA doesn’t have the authority to read Americans’ emails without a warrant but the FISA court opinions declassified last August showed that wasn’t true either.
  • The statement and subsequent questions may be viewed below or here:
  • Paul Merrell on 31 Jan 14
     
    Ron Wyden comes out swinging at a Senate hearing, giving 3 examples of lies about digital surveillance told to Congress by intelligence officials and DoJ. Then he presses DNI Clapper, CIA head Brennan, and FBI head Comey to provide by dates certain written public answers to a series of questions that he had previously asked in writing but never received answers on. All three said they would provide the answers, Clapper within 30 days and the other two within 7 days.  The questions themselves are extremely important, about the government's interpretation of legal authorities to conduct warrantless searches and in the case of the CIA, whether it is subject to the Computer Fraud and Abuse Act. That Act provides for criminal penalties and civil damages for accessing a "protected computer" (essentially any computer connected to the internet, whether in the U.S. or abroad) or activating any command or installing any malware on a protected computer. See generally, http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act That question suggests that Wyden and his staff are boring into issues involving the government breaking into computers to access private data. Another question asked whether the government claimed the authority to access private data stored in the cloud without a warrant.  This is a short video well worth the watching time.
Paul Merrell

Ed Markey letters from cellphone companies: How often AT&T, T-mobile give the government customer data. - 0 views

www.slate.com/..._often_at_t_t_mobile_give.html

surveillance state Cell-phone-tracking law-enforcement

shared by Paul Merrell on 11 Dec 13 - No Cached
  • Cellphones are the spies in our pockets, gathering information about whom we befriend, what we say, where we go, and what we read. That’s why Sen. Edward Markey, D-Mass., recently asked the nation’s major cellphone companies to disclose how frequently they receive requests from law enforcement for customer call records—including the content of communications, numbers dialed, websites visited, and location data. Sometimes police have a warrant, sometimes they don’t. Seven companies provided information in response to the inqury. The letters Markey received, which were covered today in the Boston Globe, Washington Post, and New York Times, show that the quantity of requests for these records is staggering. T-Mobile and AT&T together received nearly 600,000 requests for customer information in 2012. AT&T has to employ more than 100 full-time workers to process them. And police demand for our call records is growing rapidly, with requests to Verizon doubling in the last five years.
  • he companies keep records of where you have traveled in the past and can track you in real time—so law enforcement can do it, too. In some ways having a police officer track you in real time electronically is even worse, because you never know when it’s happening. Historical records can be even more sensitive than real-time tracking, stretching back for months or even years, and reveal your daily routine and every deviation from it.
  • Unfortunately, according to the companies’ letters, some of them appear to be handing over the content of our digital communications without a warrant. AT&T discloses stored texts or voicemails that are older than 180 days old with a subpoena—no court supervision or probable cause required. In one bright spot, T-Mobile requires a warrant for texts and voicemails. The letters also show that in its search for evidence about a handful of guilty people, law enforcement often obtains the data of hundreds or thousands of innocent people. For example, through a technique known as “tower dumps,” law enforcement agents can see all of the cellphones using a particular tower in a given time range. There were approximately 9,000 tower dumps reported in 2012 (with not all companies reporting). What happens to that data? Could it be used for future investigations? No one really knows, because there are no clear policies in place, and the people whose data is turned over are never notified.
  • Paul Merrell on 11 Dec 13
     
    Note that this is about requests from *law enforcement," not from the federal spy agencies. 
Paul Merrell

Internet Giants Erect Barriers to Spy Agencies - NYTimes.com - 0 views

www.nytimes.com/...-barriers-to-spy-agencies.html

surveillance-state NSA-reform DIY-reform internet-hardening digital-privacy

shared by Paul Merrell on 08 Jun 14 - No Cached
  • As fast as it can, Google is sealing up cracks in its systems that Edward J. Snowden revealed the N.S.A. had brilliantly exploited. It is encrypting more data as it moves among its servers and helping customers encode their own emails. Facebook, Microsoft and Yahoo are taking similar steps.
  • After years of cooperating with the government, the immediate goal now is to thwart Washington — as well as Beijing and Moscow. The strategy is also intended to preserve business overseas in places like Brazil and Germany that have threatened to entrust data only to local providers. Google, for example, is laying its own fiber optic cable under the world’s oceans, a project that began as an effort to cut costs and extend its influence, but now has an added purpose: to assure that the company will have more control over the movement of its customer data.
  • A year after Mr. Snowden’s revelations, the era of quiet cooperation is over. Telecommunications companies say they are denying requests to volunteer data not covered by existing law. A.T.&T., Verizon and others say that compared with a year ago, they are far more reluctant to cooperate with the United States government in “gray areas” where there is no explicit requirement for a legal warrant.
  • ...8 more annotations...
  • Eric Grosse, Google’s security chief, suggested in an interview that the N.S.A.'s own behavior invited the new arms race.“I am willing to help on the purely defensive side of things,” he said, referring to Washington’s efforts to enlist Silicon Valley in cybersecurity efforts. “But signals intercept is totally off the table,” he said, referring to national intelligence gathering.“No hard feelings, but my job is to make their job hard,” he added.
  • Hardware firms like Cisco, which makes routers and switches, have found their products a frequent subject of Mr. Snowden’s disclosures, and their business has declined steadily in places like Asia, Brazil and Europe over the last year. The company is still struggling to convince foreign customers that their networks are safe from hackers — and free of “back doors” installed by the N.S.A. The frustration, companies here say, is that it is nearly impossible to prove that their systems are N.S.A.-proof.
  • Many point to an episode in 2012, when Russian security researchers uncovered a state espionage tool, Flame, on Iranian computers. Flame, like the Stuxnet worm, is believed to have been produced at least in part by American intelligence agencies. It was created by exploiting a previously unknown flaw in Microsoft’s operating systems. Companies argue that others could have later taken advantage of this defect.Worried that such an episode undercuts confidence in its wares, Microsoft is now fully encrypting all its products, including Hotmail and Outlook.com, by the end of this year with 2,048-bit encryption, a stronger protection that would take a government far longer to crack. The software is protected by encryption both when it is in data centers and when data is being sent over the Internet, said Bradford L. Smith, the company’s general counsel.
  • Mr. Smith also said the company was setting up “transparency centers” abroad so that technical experts of foreign governments could come in and inspect Microsoft’s proprietary source code. That will allow foreign governments to check to make sure there are no “back doors” that would permit snooping by United States intelligence agencies. The first such center is being set up in Brussels.Microsoft has also pushed back harder in court. In a Seattle case, the government issued a “national security letter” to compel Microsoft to turn over data about a customer, along with a gag order to prevent Microsoft from telling the customer it had been compelled to provide its communications to government officials. Microsoft challenged the gag order as violating the First Amendment. The government backed down.
  • In Washington, officials acknowledge that covert programs are now far harder to execute because American technology companies, fearful of losing international business, are hardening their networks and saying no to requests for the kind of help they once quietly provided.Continue reading the main story Robert S. Litt, the general counsel of the Office of the Director of National Intelligence, which oversees all 17 American spy agencies, said on Wednesday that it was “an unquestionable loss for our nation that companies are losing the willingness to cooperate legally and voluntarily” with American spy agencies.
  • In one slide from the disclosures, N.S.A. analysts pointed to a sweet spot inside Google’s data centers, where they could catch traffic in unencrypted form. Next to a quickly drawn smiley face, an N.S.A. analyst, referring to an acronym for a common layer of protection, had noted, “SSL added and removed here!”
  • Facebook and Yahoo have also been encrypting traffic among their internal servers. And Facebook, Google and Microsoft have been moving to more strongly encrypt consumer traffic with so-called Perfect Forward Secrecy, specifically devised to make it more labor intensive for the N.S.A. or anyone to read stored encrypted communications.One of the biggest indirect consequences from the Snowden revelations, technology executives say, has been the surge in demands from foreign governments that saw what kind of access to user information the N.S.A. received — voluntarily or surreptitiously. Now they want the same.
  • The latest move in the war between intelligence agencies and technology companies arrived this week, in the form of a new Google encryption tool. The company released a user-friendly, email encryption method to replace the clunky and often mistake-prone encryption schemes the N.S.A. has readily exploited.But the best part of the tool was buried in Google’s code, which included a jab at the N.S.A.'s smiley-face slide. The code included the phrase: “ssl-added-and-removed-here-; - )”
Paul Merrell

Do We Really Want a New World War With Russia? | New Eastern Outlook - 0 views

m.journal-neo.org/...nt-a-new-world-war-with-russia

war & peace Russia weaponos SU-34 electronic-countermeasures Bumblebees

shared by Paul Merrell on 16 Nov 15 - No Cached
  • Washington continues making an international fool of herself by her inability to effectively counter the impression around the world that Russia, spending less than 10% of the Pentagon annually on defense, has managed to do more against ISIS in Syria in six weeks than the mighty US Air Force bombing campaign has done in almost a year and half. One aspect that bears attention is the demonstration by the Russian military of new technologies that belie the widely-held Western notion that Russia is little more than a backward oil and raw material commodity exporter. Recent reorganization of the Russian state military industrial complex as well as reorganization of the Soviet-era armed forces under Defense Minister Sergey Shoigu’s term are visible in the success so far of Russia’s ISIS and other terror strikes across Syria. Clearly Russian military capabilities have undergone a sea-change since the Soviet Cold War era. In war there are never winners. Yet Russia has been in an unwanted war with Washington de facto since the George W. Bush Administration announced its lunatic plan to place what they euphemistically term “Ballistic Missile Defense” missiles and advanced radar in Poland, Czech Republic, Romania and Turkey after 2007. Without going into detail, BMD technologies are the opposite of defensive. They instead make a pre-emptive war highly likely. Of course the radioactive ash heap in such an exchange would be first and foremost the EU countries foolish enough to invite US BMD to their soil.
  • What the Russian General Staff has managed, since the precision air campaign began September 30, has stunned western defense planners with Russian technological feats not expected. Two specific technologies are worth looking at more closely: The Russian Sukoi SU-34 fighter-bomber and what is called the Bumblebee hyperbaric mortar weapon.
  • The plane responsible for some of the most damaging strikes on ISIS and other terror enclaves in Syria is manufactured by the Russian state aircraft industry under the name Sukhoi SU-34. As the Russian news agency RIA Novosti described the aircraft, “The Su-34 is meant to deliver a sufficiently large ordnance load to a predetermined area, hit the target accurately and take evasive action against pursuing enemy planes.” The plane is also designed to deal with enemy fighters in aerial combat such as the US F-16. The SU-34 made a first test flight in 1990 as the collapse of the Soviet Union and the chaos of the Yeltsin years caused many delays. Finally in 2010 the plane was in full production. According to a report in US Defense Industry Daily, among the SU-34 features are: • 8 ton ordnance load which can accommodate precision-guided weapons, as well as R-73/AA-11 Archer and R-77/AA-12 ‘AMRAAMSKI’ missiles and an internal 30mm GSh-301 gun. • Maximum speed of Mach 1.8 at altitude.
  • ...8 more annotations...
  • • 3,000 km range, extensible to “over 4,000 km” with the help of additional drop tanks. The SU-34 can also refuel in mid-air. • It can fly in TERCOM (Terrain Contour Matching) mode for low-level flight, and has software to execute a number of difficult maneuvers. • Leninets B004 phased array multimode X-band radar, which interleaves terrain-following radar and other modes.
  • Clearly the aircraft is impressive as it has demonstrated against terrorist centers in Syria. Now, however, beginning this month it will add a “game-changer” in the form of a new component. Speaking at the Dubai Air Show on November 12, Igor Nasenkov, the First Deputy General Director of the Radio-Electronic Technologies Concern (KRET) announced that this month, that is in the next few days, SUKHOI SU-34 fighter-bombers will become electronic warfare aircraft as well. Nasenkov explained that the new Khibiny aircraft electronic countermeasures (ECM) systems, installed on the wingtips, will give the SU-34 jets electronic warfare capabilities to launch effective electronic countermeasures against radar systems, anti-aircraft missile systems and airborne early warning and control aircraft. KRET is a holding or group of some 95 Russian state electronic companies formed in 2009 under the giant Russian state military industry holding, Rostec.
  • Russia’s advances in what is euphemistically termed in military jargon, Electronic Counter Measures or ECM, is causing some sleepless nights for the US Pentagon top brass to be sure. In the battles in eastern pro-Russian Ukraine earlier this year, as well as in the Black Sea, and now in Syria, according to ranking US military sources, Russia deployed highly-effective ECM technologies like the Krasukha-4, to successfully jam hostile radar and aircraft. Lt. General Ben Hodges, Commander of US Army Europe (USAREUR) describes Russian ECM capabilities used in Ukraine as “eye-watering,” suggesting some US and NATO officers are more than slightly disturbed by what they see. Ronald Pontius, deputy to Army Cyber Command’s chief, Lt. Gen. Edward Cardon, told a conference in October that, “You can’t but come to the conclusion that we’re not making progress at the pace the threat demands.” In short, Pentagon planners have been caught flat-footed for all the trillions of wasted US taxpayer dollars in recent years thrown at the military industry.
  • During the critical days of the March 2014 Crimean citizens’ referendum vote to appeal for status within Russia, New York Times reporters then in Crimea reported the presence of Russian electronic jamming systems, known as R-330Zh Zhitel, manufactured by Protek in Voronezh, Russia. That state-of-the-art technology was believed to have been used to prevent the Ukrainian Army from invading Crimea before the referendum. Russian forces in Crimea, where Russia had a legal basing agreement with Kiev, reportedly were able to block all communication of Kiev military forces, preventing a Crimean bloodbath. Washington was stunned.
  • Thereafter, in April, 2014, one month after the accession of Crimea into the Russian Federation, President Obama ordered the USS Donald Cook into the Black Sea waters just off Crimea, the home port of Russia’s Black Sea Fleet, to “reassure” EU states of US resolve. Donald Cook was no ordinary guided missile destroyer. It had been refitted to be one of four ships as part of Washington’s Aegis Ballistic Missile Defense System aimed at Russia’s nuclear arsenal. USS Donald Cook boldly entered the Black Sea on April 8 heading to Russian territorial waters. On April 12, just four days later, the US ship inexplicably left the area of the Crimean waters of the Black Sea for a port in NATO-member Romania. From there it left the Black Sea entirely. A report on April 30, 2014 in Russian newspaper Rossiyskaya Gazeta Online titled, “What Frightened the American Destroyer,” stated that while the USS Donald Cook was near Crimean (Russian by that time) waters, a Russian Su-24 Frontal Aviation bomber conducted a flyby of the destroyer. The Rossiyskaya Gazeta went on to write that the Russian SU-24 “did not have bombs or missiles onboard. One canister with the Khibin electronic warfare complex was suspended under the fuselage.” As it got close to the US destroyer, the Khibins turned off the USS Donald Cook’s “radar, combat control circuits, and data transmission system – in short, they turned off the entire Aegis just like we turn off a television by pressing the button on the control panel. After this, the Su-24 simulated a missile launch at the blind and deaf ship. Later, it happened once again, and again – a total of 12 times.”
  • While the US Army denied the incident as Russian propaganda, the fact is that USS Donald Cook never approached Russian Black Sea waters again. Nor did NATO ships that replaced it in the Black Sea. A report in 2015 by the US Army’s Foreign Military Studies Office assessed that Russia, “does indeed possess a growing EW capability, and the political and military leadership understand the importance…Their growing ability to blind or disrupt digital communications might help level the playing field when fighting against a superior conventional foe.” Now new Russian Khibini Electronic Counter Measure systems are being installed on the wingtips of Russia’s SUKHOI SU-34 fighter-bombers going after ISIS in Syria.
  • A second highly-advanced new Russian military technology that’s raising more than eyebrows in US Defense Secretary ‘Ash’ Carter’s Pentagon is Russia’s new Bumblebee which Russia’s military classifies as a flamethrower. In reality it is a highly advanced thermobaric weapon which launches a warhead that uses a combination of an explosive charge and highly combustible fuel. When the rocket reaches the target, the fuel is dispersed in a cloud that is then detonated by the explosive charge. US Military experts recently asked by the US scientific and engineering magazine Popular Mechanics to evaluate the Bumblebee stated that, “the resulting explosion is devastating, radiating a shockwave and fireball up to six or seven meters in diameter.” The US experts noted that the Bumblebee is “especially useful against troops in bunkers, trenches, and even armored vehicles, as the dispersing gas can enter small spaces and allow the fireball to expand inside. Thermobarics are particularly devastating to buildings — a thermobaric round entering a structure can literally blow up the building from within with overpressure.”
  • We don’t go into yet another new highly secret Russian military technology recently subject of a Russian TV report beyond a brief mention, as little is known. It is indicative of what is being developed as Russia prepares for the unthinkable from Washington. The “Ocean Multipurpose System: Status-6” is a new Russian nuclear submarine weapons system designed to bypass NATO radars and any existing missile defense systems, while causing heavy damage to “important economic facilities” along the enemy’s coastal regions. Reportedly the Status-6 will cause what the Russian military terms, “assured unacceptable damage” to an adversary force. They state that its detonation “in the area of the enemy coast” (say, New York or Boston or Washington?) would result in “extensive zones of radioactive contamination” that would ensure that the region would not be used for “military, economic, business or other activity for a long time.” Status-6 reportedly is a massive torpedo, designated as a “self-propelled underwater vehicle.” It has a range of up to 10 thousand kilometers and can operate at a depth of up to 1,000 meters. At a November 10 meeting with the Russian military chiefs, Vladimir Putin stated that Russia would counter NATO’s US-led missile shield program through “new strike systems capable of penetrating any missile defenses.” Presumably he was referring to Status-6.
  • Paul Merrell on 16 Nov 15
     
    Not to mentiont that Russia has deployed its S-400 surface to air defense system to Syria, which is 2 generations later than the currently deployed U.S. Patriot systems. The S-400 can knock down aircraft or missiles flying up to 90,000 feet and travels at over 17,000 mph, very near Earth escape velocity. It has a lateral range of nearly 300 miles.
Paul Merrell

The Agency That Could Be Big Brother - New York Times - 0 views

www.nytimes.com/...25bamford.html

surveillance state NSA digital-privacy Bamford 2005

shared by Paul Merrell on 15 Jun 14 - No Cached
  • December 25, 2005
  • DEEP in a remote, fog-layered hollow near Sugar Grove, W.Va., hidden by fortress-like mountains, sits the country's largest eavesdropping bug. Located in a "radio quiet" zone, the station's large parabolic dishes secretly and silently sweep in millions of private telephone calls and e-mail messages an hour. Run by the ultrasecret National Security Agency, the listening post intercepts all international communications entering the eastern United States. Another N.S.A. listening post, in Yakima,Wash., eavesdrops on the western half of the country. A hundred miles or so north of Sugar Grove, in Washington, the N.S.A. has suddenly taken center stage in a political firestorm. The controversy over whether the president broke the law when he secretly ordered the N.S.A. to bypass a special court and conduct warrantless eavesdropping on American citizens has even provoked some Democrats to call for his impeachment. According to John E. McLaughlin, who as the deputy director of the Central Intelligence Agency in the fall of 2001 was among the first briefed on the program, this eavesdropping was the most secret operation in the entire intelligence network, complete with its own code word - which itself is secret.
  • But the agency is still struggling to adjust to the war on terror, in which its job is not to monitor states, but individuals or small cells hidden all over the world. To accomplish this, the N.S.A. has developed ever more sophisticated technology that mines vast amounts of data. But this technology may be of limited use abroad. And at home, it increases pressure on the agency to bypass civil liberties and skirt formal legal channels of criminal investigation. Originally created to spy on foreign adversaries, the N.S.A. was never supposed to be turned inward. Thirty years ago, Senator Frank Church, the Idaho Democrat who was then chairman of the select committee on intelligence, investigated the agency and came away stunned. "That capability at any time could be turned around on the American people," he said in 1975, "and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn't matter. There would be no place to hide." He added that if a dictator ever took over, the N.S.A. "could enable it to impose total tyranny, and there would be no way to fight back."
  • ...3 more annotations...
  • Before the Sept. 11 attacks, the N.S.A. normally eavesdropped on a small number of American citizens or resident aliens, often a dozen or less, while the F.B.I., whose low-tech wiretapping was far less intrusive, requested most of the warrants from FISA. Despite the low odds of having a request turned down, President Bush established a secret program in which the N.S.A. would bypass the FISA court and begin eavesdropping without warrant on Americans. This decision seems to have been based on a new concept of monitoring by the agency, a way, according to the administration, to effectively handle all the data and new information. At the time, the buzzword in national security circles was data mining: digging deep into piles of information to come up with some pattern or clue to what might happen next. Rather than monitoring a dozen or so people for months at a time, as had been the practice, the decision was made to begin secretly eavesdropping on hundreds, perhaps thousands, of people for just a few days or a week at a time in order to determine who posed potential threats. Those deemed innocent would quickly be eliminated from the watch list, while those thought suspicious would be submitted to the FISA court for a warrant. In essence, N.S.A. seemed to be on a classic fishing expedition, precisely the type of abuse the FISA court was put in place to stop.At a news conference, President Bush himself seemed to acknowledge this new tactic. "FISA is for long-term monitoring," he said. "There's a difference between detecting so we can prevent, and monitoring.
  • In 2002, it was revealed that the Pentagon had launched Total Information Awareness, a data mining program led by John Poindexter, a retired rear admiral who had served as national security adviser under Ronald Reagan and helped devise the plan to sell arms to Iran and illegally divert the proceeds to rebels in Nicaragua. Total Information Awareness, known as T.I.A., was intended to search through vast data bases, promising to "increase the information coverage by an order-of-magnitude." According to a 2002 article in The New York Times, the program "would permit intelligence analysts and law enforcement officials to mount a vast dragnet through electronic transaction data ranging from credit card information to veterinary records, in the United States and internationally, to hunt for terrorists." After press reports, the Pentagon shut it down, and Mr. Poindexter eventually left the government. But according to a 2004 General Accounting Office report, the Bush administration and the Pentagon continued to rely heavily on data-mining techniques. "Our survey of 128 federal departments and agencies on their use of data mining," the report said, "shows that 52 agencies are using or are planning to use data mining. These departments and agencies reported 199 data-mining efforts, of which 68 are planned and 131 are operational." Of these uses, the report continued, "the Department of Defense reported the largest number of efforts."
  • "I don't want to see this country ever go across the bridge," Senator Church said. "I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision, so that we never cross over that abyss. That is the abyss from which there is no return." James Bamford is the author of "Puzzle Palace" and"Body of Secrets: Anatomy of the Ultra-Secret National Security Agency."
  • Paul Merrell on 15 Jun 14
     
    James Bamford's 2005 article in The New York Times that raised public awareness of what the Bush-II administration had done by bypass the FISA Court. 
Paul Merrell

Lawmakers vow to constrain NSA from collecting U.S. phone records - latimes.com - 0 views

www.latimes.com/...cords-20131222,0,6798521.story

surveillance state NSA NSA-blowback NSA-reform legislation

shared by Paul Merrell on 24 Dec 13 - No Cached
  • The drive to end the bulk collection of phone records by the National Security Agency is gaining strength, as Senate Democrats said Sunday that Congress will change the law to ban the practice if President Obama does not do it first. “It’s time to have real reform, not a veneer of reform,” said Sen. Mark Udall (D-Colo.), a longtime critic of the NSA. “We have got to rebuild the American people’s trust in our intelligence community so we can be safe,” he said on ABC’s "This Week." “But we don’t do that by bulk data collection that violates the privacy of Americans. That’s unconstitutional, and has shown to not be effective.” Last week, a federal judge said the routine collection of the dialing records is probably unconstitutional, and a panel appointed by President Obama recommended a major change. “We believe the government shouldn’t hold this data any longer,” Michael Morrell, a former acting director of the CIA and a panel member, said on CBS’ "Face the Nation." He said the phone records could be held by the phone companies or by another private group. Then, the government would “need a court order every time they wanted to query that data,” he said. Despite the need for reforms, Morrell said the original purpose of the program still makes sense. He said it is crucial the NSA and the FBI can move quickly if there is reason to believe that a “terrorist overseas is talking to someone in the United States.”
  • But the government does not need to collect and store all of these dialing records, he said, so long as they are held in private hands. Senate Judiciary Committee Chairman Patrick J. Leahy (D-Vt.) said he will press ahead in January to pass a bill that forbids the NSA from collecting phone records. He is sponsoring the USA Freedom Act with former House Judiciary Committee Chairman F. James Sensenbrenner (R-Wis.) to close what they now see as a loophole in the law.
  • Paul Merrell on 24 Dec 13
     
    Wrong approach, in my opinion. None of the NSA reform measures so far take aim at the problem's roots. Those are unwarranted government secrecy, lack of reviewability by the courts at the request of the affected public, and no clear definition of digital privacy rights. Make something illegal for the NSA to do and DoD will just transfer those responsibilities to another of its agencies or farm it out to one of the other 5 Eyes nations to perform for them.   
Paul Merrell

NSA phone surveillance program likely unconstitutional, federal judge rules | World news | theguardian.com - 0 views

www.theguardian.com/...-likely-unconstitutional-judge

surveillance state NSA call-metadata litigation 4th Amendment constitutional law NSA-blowback

shared by Paul Merrell on 17 Dec 13 - No Cached
  • A federal judge in Washington ruled on Monday that the bulk collection of Americans’ telephone records by the National Security Agency is likely to violate the US constitution, in the most significant legal setback for the agency since the publication of the first surveillance disclosures by the whistleblower Edward Snowden. Judge Richard Leon declared that the mass collection of metadata probably violates the fourth amendment, which prohibits unreasonable searches and seizures, and was "almost Orwellian" in its scope. In a judgment replete with literary swipes against the NSA, he said James Madison, the architect of the US constitution, would be "aghast" at the scope of the agency’s collection of Americans' communications data. The ruling, by the US district court for the District of Columbia, is a blow to the Obama administration, and sets up a legal battle that will drag on for months, almost certainly destined to end up in the supreme court. It was welcomed by campaigners pressing to rein in the NSA, and by Snowden, who issued a rare public statement saying it had vindicated his disclosures. It is also likely to influence other legal challenges to the NSA, currently working their way through federal courts.
  • In Monday’s ruling, the judge concluded that the pair's constitutional challenge was likely to be successful. In what was the only comfort to the NSA in a stinging judgment, Leon put the ruling on hold, pending an appeal by the government. Leon expressed doubt about the central rationale for the program cited by the NSA: that it is necessary for preventing terrorist attacks. “The government does not cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack,” he wrote.
  • Leon’s opinion contained stern and repeated warnings that he was inclined to rule that the metadata collection performed by the NSA – and defended vigorously by the NSA director Keith Alexander on CBS on Sunday night – was unconstitutional. “Plaintiffs have a substantial likelihood of showing that their privacy interests outweigh the government’s interest in collecting and analysing bulk telephony metadata and therefore the NSA’s bulk collection program is indeed an unreasonable search under the fourth amendment,” he wrote. Leon said that the mass collection of phone metadata, revealed by the Guardian in June, was "indiscriminatory" and "arbitrary" in its scope. "The almost-Orwellian technology that enables the government to store and analyze the phone metadata of every telephone user in the United States is unlike anything that could have been conceived in 1979," he wrote, referring to the year in which the US supreme court ruled on a fourth amendment case upon which the NSA now relies to justify the bulk records program.
  • ...5 more annotations...
  • In a statement, Snowden said the ruling justified his disclosures. “I acted on my belief that the NSA's mass surveillance programs would not withstand a constitutional challenge, and that the American public deserved a chance to see these issues determined by open courts," he said in comments released through Glenn Greenwald, the former Guardian journalist who received leaked documents from Snowden. "Today, a secret program authorised by a secret court was, when exposed to the light of day, found to violate Americans’ rights. It is the first of many.”
  • In his ruling, Judge Leon expressly rejected the government’s claim that the 1979 supreme court case, Smith v Maryland, which the NSA and the Obama administration often cite to argue that there is no reasonable expectation of privacy over metadata, applies in the NSA’s bulk-metadata collection. The mass surveillance program differs so much from the one-time request dealt with by the 1979 case that it was of “little value” in assessing whether the metadata dragnet constitutes a fourth amendment search.
  • In a decision likely to influence other federal courts hearing similar arguments from the ACLU, Leon wrote that the Guardian’s disclosure of the NSA’s bulk telephone records collection means that citizens now have standing to challenge it in court, since they can demonstrate for the first time that the government is collecting their phone data.
  • Leon also struck a blow for judicial review of government surveillance practices even when Congress explicitly restricts the ability of citizens to sue for relief. “While Congress has great latitude to create statutory schemes like Fisa,” he wrote, referring to the seminal 1978 surveillance law, “it may not hang a cloak of secrecy over the constitution.”
  • In his ruling on Monday, Judge Leon predicted the process would take six months. He urged the government to take that time to prepare for an eventual defeat. “I fully expect that during the appellate process, which will consume at least the next six months, the government will take whatever steps necessary to prepare itself to comply with this order when, and if, it is upheld,” wrote Leon in his opinion. “Suffice it to say, requesting further time to comply with this order months from now will not be well received and could result in collateral sanctions.”
  • Paul Merrell on 17 Dec 13
     
    This is the case I thought was the weakest because of poor drafting in the complaint. The judge noted those issues in dismissing the plaintiffs' claims under the Administrative Procedures Act, but picked his way through what remained to find sufficient allegations to support the 4th Amendment challenge. Because he ruled for the plaintiffs on the 4th Amendment count, the judge did not reach the plaintiffs' arguments under the First and Fifth Amendments. This case is about cellphone call metadata, which the FISA Court has been ordering cell phone companies to provide every day, with the orders updated every 90 days. The judge's 68-page opinion is at https://ecf.dcd.uscourts.gov/cgi-bin/show_public_doc?2013cv0881-40 (cleaner copy than the Guardian's, which was apparently faxed). Notably, the judge, Richard Leon, is a Bush II appointee and one of the plaintiffs is a prominent conservative civil libertarian lawyer. The other plaintiff is the father of an NSA cryptologist who worked closely with SEAL Team 6 and was killed along with members of that team when their helicopter crashed in Afghanistan. I'll add some more in a comment. But digital privacy is not yet dead.
  • Paul Merrell on 17 Dec 13
     
    Unfortunately, DRM is not dead yet either and the court's PDF file is locked. No easy copying of its content. If you want to jump directly to the discussion of 4th Amendment issues, go to page 35. That way, you can skip past all the dreary discussion of the Administrative Procedures Act claim and you won't miss much that's memorable. In ruling on the plaintiffs' standing to raise the 4th Amendment claim, Judge Leon postulated two possible search issues: [i] the bulk daily collection of metadata and its retention in the database for five years; and [ii] the analysis of that data through the NSA's querying process. The judge had no difficulty with the first issue; it definitely qualifies as a search. But the judge rejected the plaintiffs' argument on the second type (which was lame), demonstrating that at least one federal judge understands how computers work. The government's filings indicated that a "seed" telephone number or other identifier is used as the query string. Judge Leon figured out for himself from this fact that the NSA of necessity had to compare that number or identifier to every number or identifier in its database looking for a match. The judge concluded that the plaintiffs' metadata --- indeed everyone's metadata --- had to be searched for comparison purposes *every* time the NSA analysts ran any query against the database. See his incisive discussion at pp. 39-41. So having established that two searches were involved, one every time the NSA queried the database, the judge moved on to the next question, whether "the plaintiffs had a reasonable expectation of privacy that is violated when the Government indiscriminately collects their telephony metadata along with the metadata of hundreds of millions of other citizens without any particularized suspicion of wrongdoing, retains that metadata for five years, and then queries, analyzes, and investigates that data without prior judicial approval of the investigative targets." pg. 43. More later
Paul Merrell

Silicon Valley spars with Obama over 'backdoor' surveillance | TheHill - 0 views

thehill.com/...ama-over-backdoor-surveillance

surveillance state NSA encryption-backdoors Obama

shared by Paul Merrell on 27 Mar 15 - No Cached
  • Silicon Valley and a bipartisan group of lawmakers are lining up against the Obama administration, criticizing what they see as a lack of support for total online privacy.The steady rise of sophisticated privacy techniques such as encryption and anonymity software has put the government in a difficult position — trying to support the right to privacy while figuring out how to prevent people from evading law enforcement.ADVERTISEMENT“The technologies are evolving in ways that potentially make this trickier,” President Obama said during a January news conference with British Prime Minister David Cameron.The conundrum has led to a heated debate in Washington: Should law enforcement have guaranteed access to data?
  • The Obama administration — from officials with FBI and the National Security Agency (NSA) to the president himself — has come out in favor of some form of guaranteed access while still endorsing strong encryption.“If we get into a situation in which the technologies do not allow us at all to track somebody that we're confident is a terrorist,” Obama said, “that's a problem.”What shape that access takes, however, is unclear.“The dialogue that we're engaged in is designed to make sure that all of us feel confident that if there is an actual threat out there, our law enforcement and our intelligence officers can identify that threat and track that threat at the same time that our governments are not going around phishing into whatever text you might be sending on your smartphone,” Obama said. “And I think that's something that can be achieved.”Privacy hawks on Capitol Hill aren’t buying it.
  • “I don’t think much of that,” Rep. Joe Barton (R-Texas), co-founder of the Congressional Bipartisan Privacy Caucus, told The Hill. “We have a huge homeland security apparatus with almost unlimited authority to — with some sort of a reasonable suspicion — check almost any type of communication, whether it’s voice, Internet, telephonic, electronic, you name it.”“Those were positions that did not receive rave reviews here in Silicon Valley,” said Rep. Zoe Lofgren (D-Calif.), whose district includes parts of tech-heavy San Jose.Many believe the administration’s stance is inherently at odds with robust digital protection.“In order to fully implement what he's suggesting, you would need one of two things,” Lofgren said.One would be installing so-called “backdoors” in encryption — an access point known only to law enforcement agencies. Security experts find this concept abhorrent, since cyber crooks or foreign intelligence agencies would likely exploit it.
  • ...1 more annotation...
  • The second would be to have a third-party company hold all user data, with some sort of agreement to disclose information to the government, Lofgren said.“I think actually the trend line is in a different direction, which is encryption that is not accessible to the companies that provide it, either,” she added.  Major tech companies like Apple have done exactly that, claiming that even they can’t unlock data on newer devices.
Paul Merrell

'Iran can't covertly produce atomic bomb' - US intelligence chief - RT News - 0 views

rt.com/...an-bomb-clapper-assessment-174

Iranian nukes myth Israel

shared by Paul Merrell on 14 Mar 13 - No Cached
  • Iran cannot produce enough highly-enriched uranium for a nuclear weapon without being found out by the international community, the US National Intelligence Director told Congress. He also countered claims Tehran had decided to build an atomic bomb.
  • Developments in Iran’s nuclear capabilities intended to “enhance its security, prestige, and regional influence” would ultimately “give the Islamic Republic the ability to develop a nuclear weapon,” US National Intelligence Director James Clapper told a Senate panel during an annual report on global threats on Tuesday.Despite these advances, "we assess Iran could not divert safeguarded material and produce a weapon-worth of WGU (weapons-grade uranium) before this activity is discovered," he continued.Clapper further said “we do not know if Iran will eventually decide to build nuclear weapons.”
  • His assessment reiterated last year’s analysis from intelligence agencies stating “Iran’s nuclear decision-making is guided by a cost-benefit approach” which had subsequently precluded efforts to build a bomb.“…We have not changed our assessment that Iran prefers to avoid direct confrontation with the United States because regime preservation is its top priority,” he continued.
  • ...2 more annotations...
  • "Iran plans to declare in the UN that it will never go after nuclear bombs,” the semi-official Mehr news agency quotes Vice President Mohammed Reza Rahimi as saying.
  • On Tuesday Israeli President Shimon Peres told the European Parliament that the Iranian regime was "the greatest danger to peace in the world.""Nobody threatens Iran," the Jewish Chronicle cites him as saying. "Iran threatens others."Israel has long pushed the White House to use military force to halt Iran’s suspected nuclear weapons program, demands which have mostly been rejected by the Obama administration.
  • Paul Merrell on 14 Mar 13
     
    Let's keep in mind that Iran and its predecessor governments have not launched an offensive war in some 300 years. But despite the unchanged consensus of all U.S. intelligence agencies that Iran has made no decision to build nuclear weapons, Gallup informs us that 99 percent of the U.S. public believes Iran is attempting to do so. An Israeli/fellow traveler propaganda triumph in the U.S.
Paul Merrell

Edward Snowden comes forward as source of NSA leaks - The Washington Post - 0 views

www.washingtonpost.com/...2-a73e-826d299ff459_print.html

security state NSA digital surveillance leaks

shared by Paul Merrell on 10 Jun 13 - No Cached
  • A 29-year-old man who says he is a former undercover CIA employee said Sunday that he was the principal source of recent disclosures about ­top-secret National Security Agency programs, exposing himself to possible prosecution in an acknowledgment that had little if any precedent in the long history of U.S. intelligence leaks. Edward Snowden, a tech specialist who has contracted for the NSA and works for the consulting firm Booz Allen Hamilton, unmasked himself as a source after a string of stories in The Washington Post and the Guardian that detailed previously unknown U.S. surveillance programs. He said he disclosed secret documents in response to what he described as the systematic surveillance of innocent citizens.In an interview Sunday, Snowden said he is willing to face the consequences of exposure.“I’m not going to hide,” Snowden told The Post from Hong Kong, where he has been staying. “Allowing the U.S. government to intimidate its people with threats of retaliation for revealing wrongdoing is contrary to the public interest.”
  • Asked whether he believes that his disclosures will change anything, he said: “I think they already have. Everyone everywhere now understands how bad things have gotten — and they’re talking about it. They have the power to decide for themselves whether they are willing to sacrifice their privacy to the surveillance state.”Snowden said nobody had been aware of his actions, including those closest to him. He said there was no single event that spurred his decision to leak the information, but he said President Obama has failed to live up to his pledges of transparency.“My sole motive is to inform the public as to that which is done in their name and that which is done against them,” he said in a note that accompanied the first document he leaked to The Post.The Guardian was the first to publicly identify Snowden, at his request.The White House said late Sunday that it would not have any comment on the matter.
  • In a brief statement, a spokesman for the Office of the Director of National Intelligence said the intelligence community is “reviewing the damage” the leaks have done. “Any person who has a security clearance knows that he or she has an obligation to protect classified information and abide by the law,” said the spokesman, Shawn Turner.Snowden said he is seeking “asylum from any countries that believe in free speech and oppose the victimization of global privacy,” but the law appears to provide for his extradition from Hong Kong, a semiautonomous territory of China, to the United States.
  • ...2 more annotations...
  • Snowden’s name surfaced as top intelligence officials in the Obama administration and Congress pushed back against the journalists responsible for revealing the existence of sensitive surveillance programs and called for an investigation into the leaks.Clapper, in an interview with NBC that aired Saturday night, condemned the leaker’s actions but also sought to spotlight the journalists who first reported the programs, calling their disclosures irresponsible and full of “hyperbole.” Earlier Saturday, he issued a statement accusing the media of a “rush to publish.”“For me, it is literally — not figuratively — literally gut-wrenching to see this happen because of the huge, grave damage it does to our intelligence capabilities,” Clapper said.
  • A chief critic of the efforts, Sen. Rand Paul (R-Ky.), said he is considering filing a lawsuit against the government and called on 10 million Americans to join in.“I’m going to be asking all the Internet providers and all of the phone companies, ask your customers to join me in a class-action lawsuit,” Paul said on “Fox News Sunday.”
  • Paul Merrell on 10 Jun 13
     
    A new national hero springs forth, Edward Snowden. In related news, those who conduct surveillance for the government seem to object for some reason to being surveilled themselves. 
« First ‹ Previous 61 - 80 of 90 Next ›
Showing 20 items per page