Moderators: Elvis, DrVolin, Jeff
by coffin_dodger » Mon Sep 09, 2013 10:28 am
How the NSA Accesses Smartphone Data
September 09, 2013 – 12:25 PM
The US intelligence agency NSA has been taking advantage of the smartphone boom. It has developed the ability to hack into iPhones, android devices and even the BlackBerry, previously believed to be particularly secure.
http://www.spiegel.de/international/wor ... 21161.html
by seemslikeadream » Tue Sep 10, 2013 8:14 am
NSA Affair: Germans Conduct Helicopter Flyover of US Consulate
By Matthias Gebauer
US Marines stand in front of the US General Consulate in Frankfurt, where a German helicopter recently conducted reconnaissance. Zoom
DPA
US Marines stand in front of the US General Consulate in Frankfurt, where a German helicopter recently conducted reconnaissance.
Under orders from Germany's domestic intelligence agency, a federal police helicopter conducted a flyover of the US Consulate in Frankfurt, the government in Berlin has confirmed. Officials were apparently searching for surveillance equipment.
The German government on Monday confirmed that a previously reported operation targeting potential American eavesdropping facilities located on German soil took place at the end of August. Both a spokesperson for Chancellor Angela Merkel and the Interior Ministry admitted on Monday that a Federal Police helicopter had conducted a low-altitude flyover of the United States Consulate in Frankfurt in order to take high-resolution photographs. The apparent aim of the mission was to identify suspected listening posts on the roof of the consulate.
ANZEIGE
According to the newsmagazine Focus, the Eurocopter circled over the US representation at an altitude of just 60 meters (200 feet). The magazine quoted an unnamed government official stating that Germany wanted to send a message to the Americans that it would not tolerate eavesdropping technologies on German soil. "The message to the American friends was meant to be: Stop. Germany strikes back!" The flyover was first reported last week by the Frankfurter Allgemeine Zeitung newspaper.
On Monday, the government in Berlin sought to play down the incident. The Interior Ministry said merely that the Office for the Protection of the Constitution, which had ordered the helicopter flyover, is responsible for the security of foreign installations in Germany, but also for defending the country from the spying activities of foreign countries. The spokeswoman refused to answer dozens of follow-up questions on whether the surveillance flight over the consulate had been a routine operation or whether it was a targeted search for hidden antennas. "I neither can nor want to provide any response," the spokeswoman said.
American Security Surprised by Action
But it doesn't appear there was anything routine about the Eurocopter mission -- if there had been, police would have almost surely notified the Americans beforehand. Instead, security personnel at the consulate appear to have been surprised by the flyover. They even took pictures as it happened during the morning of August 28. A short time afterwards, the deputy US ambassador telephoned with the German Foreign Ministry to discuss the issue. But what the ministry is now describing as an "information exchange," was apparently a complaint.
The flight appears to be connected to the revelations of vast US surveillance made by former intelligence service contractor Edward Snowden. According to the American whistleblower, the National Security Agency's (NSA) surveillance service has established secret eavesdropping posts at 80 US embassies and consulates around the world. In the internal documents exposed by Snowden, these are referred to as the "Special Collection Service". The papers also state that the bugging units should be kept secret from partner countries. If it were leaked, a document reads, this would "cause serious harm to relations between the US and a foreign government."
The response by domestic intelligence would seem to belie German government attempts to play down the surveillance affair. The report in Focus claims that the Frankfurt operation was ordered by Ronald Pofalla, Merkel's chief of staff and the German government point man for intelligence services. The politician, a member of Merkel's conservative CDU party, has made extensive public comments suggesting that the NSA affair has passed. But the report suggested he was furious at reports of spying technology at US diplomatic outposts in Germany.
The German government left open on Monday the question of whether the flyover had provided any clarity about the suspected eavesdropping technology. The spokesperson said that only relevant committees in the national parliament would be informed. Still, experts believe the move was intended more as a symbolic gesture that as a serious effort to try to find surveillance equipment. They believe that the Germans just want to show that if push comes to shove, they can also get more aggressive. One official spoke of a symbolic "shot across the bow."
NSA chief abruptly cancels cybersecurity keynote speech
By Kevin Collier on September 09, 2013 Email
General Keith Alexander apparently got pretty busy right after the world discovered that the National Security Agency, which he heads, has back doors built into much of the Internet's encryption.
He has cancelled his spot as a keynote speaker at a cybersecurity conference, three days before he was supposed to go on.
The Dutch telecommunication company KPN announced Saturday that Alexander, who was scheduled to speak at their Cybersecurity Congress, wasn't going to make it, citing pressure on his agenda.
Two days before, the world learned of one of the most damning NSA leaks yet: that the agency has much stronger abilities to break encryption than almost anyone realized, possibly built into many security companies' programs. Other leaks have alleged that the NSA shares intelligence with its equivalent agency in the Netherlands.
Alexander has fared rather poorly at hacker conferences since former NSA contractor Edward Snowden leaked a slew of agency documents. Def Con founder Jeff Moss formally uninvited Alexander in July, though he had been the keynote speaker the year before.
When Alexander spoke at the Black Hat conference two weeks later, the audience booed and heckled him, accusing him of lying to Congress and squandering its trust.
H/T Telecompaper | Photo by 1/25 Stryker Brigade Combat Team/Flickr
by seemslikeadream » Tue Sep 10, 2013 7:43 pm
NSA Phone Records Spying Said to Violate Rules for YearsBy Chris Strohm - Sep 10, 2013 5:13 PM CT
The National Security Agency for three years violated restrictions on surveillance of U.S. telephone records and misled judges on how the data was used, according to intelligence documents declassified today.
The agency on a daily basis checked a select list of phone numbers against databases containing millions of call records, without meeting the legal standard required for such scrutiny, according to documents released by Director of National Intelligence James Clapper to privacy groups today in response to lawsuits.
The violations occurred due to the use of complex technology and “a lack of shared understanding among various NSA components about how certain aspects of the complex architecture supporting the program functioned,” Clapper wrote in a statement accompanying the documents.
The Electronic Frontier Foundation, a privacy rights group in San Francisco, sued NSA to obtain the documents from a secret intelligence court. The latest disclosures show U.S. spying was broader and violated court and administrative rules more often than previously known. Lawmakers are considering new restraints on intelligence gathering programs.
“I think it’s pretty damning,” said Trevor Timm, a digital rights analyst with EFF. “This shows a larger pattern that a lot of times the NSA doesn’t alert the court to serious privacy violations, whether they are intentional or unintentional, for years down the road.”
Court Rules
The violations occurred between May 2006 and January 2009 and involved checks on as many as 16,000 phone numbers, including some based in the U.S., said two senior intelligence officials with direct knowledge of how the program operated. They asked not to be identified in order to speak about sensitive matters.
Intelligence officials notified the Foreign Intelligence Surveillance Court, which oversees intelligence gathering on Americans, on Jan. 15, 2009 of the violations, only days before President Barack Obama was sworn in.
Examples of violations include that a “significant” number of domestic telephone numbers were added to lists for heightened scrutiny without proper review, according to an Aug. 17, 2009 filing by the NSA with the court. The agency said it had remedied the violations through better training and technological fixes.
Between March 2009 and September 2009 the court required the NSA to get approval for each number it wanted to query. In September of that year the court approved revised procedures that allowed the program to continue, the official said.
‘Deeply Troubled’
Within three weeks, NSA reported that unauthorized personnel had been given access to some of the records. U.S. District Judge Reggie Walton, serving on the surveillance court, wrote of being “deeply troubled by the incidents.” He ordered the parties to appear at a hearing to assess whether to shut the surveillance program down. He didn’t take that step.
The NSA collects bulk phone records, such as numbers and call durations, under Section 215 of the USA Patriot Act, which allows the government to compel U.S. companies to turn over “any tangible thing” that is relevant to a terrorism investigation.
Under the law, the agency must have “reasonable, articulable suspicion” that a phone number is believed to be connected to a terrorist plot in order to query it against the larger database of records.
Between May 2006 and January 2009, NSA analysts would query the database with thousands of numbers on an “alert list,” the intelligence officials said. Those numbers didn’t meet the necessary legal standard, the officials said.
Alert List
The alert list grew from 3,980 in 2006 to 17,835 in 2009, one of the officials said. About 2,000 numbers on the list in 2009 met the necessary legal standard, the official said, meaning almost 16,000 didn’t. The alert list was shut down on Jan. 24, 2009, according to one of the declassified documents.
However, the NSA misled the court during those years by certifying that the necessary legal standard was being met for all numbers queried, the official said. Lawyers interacting with the court didn’t understand what was being done under the program, the official said.
It wasn’t the first time the NSA has acknowledged violations or that it misled the court.
The NSA said last month that some analysts deliberately ignored restrictions on their authority to spy on Americans multiple times in the past decade. Legal opinions declassified Aug. 21 revealed that the NSA intercepted as many as 56,000 electronic communications a year of Americans who weren’t suspected of having links to terrorism, before the secret court that oversees surveillance found the operation unconstitutional in 2011.
Misrepresented Scope
In a declassified legal opinion from October 2011, the court said the agency misrepresented the scope of surveillance operations three times in less than three years.
A May 2012 internal government audit found more than 2,700 violations involving NSA surveillance of Americans and foreigners over a one-year period. The audit was reported Aug. 16 by the Washington Post, citing documents provided by former NSA contractor Edward Snowden.
The extent of the phone metadata program was exposed in June by Snowden, now in Russia under temporary asylum. He revealed a classified legal order compelling Verizon Communications Inc. (VZ) to turn over the phone records of millions of customers to the NSA.
FOIA Lawsuit
The administration acknowledged the phone metadata program involves multiple telecommunications companies in an Aug. 9 description of how the program works, without naming any other participating companies.
Today’s disclosures were made in response to a judge’s order in a freedom of information lawsuit brought by San Francisco-based Electronic Frontier Foundation, a civil liberties group that sued the Justice Department in 2011 for records about what private information the government is collecting under the USA Patriot Act.
The group filed the lawsuit after the government didn’t respond to its requests to turn over documents describing its collection and surveillance efforts. In November the government asked U.S. District Judge Yvonne Gonzalez Rogers in Oakland, California, to toss the case, saying the EFF sought documents that were exempt from disclosure to protect national security.
The Justice Department said in a Sept. 5 court filing that it would release hundreds of pages to EFF, including orders and opinions of the surveillance court from January 2004 to June 2011 and other documents about the court’s work. Gonzalez gave the government until today to turn the information over.
‘Flawed Interpretation’
The government has collected “the details of every call made by every American” in violation of the Patriot Act, said Republican Representative Jim Sensenbrenner of Wisconsin, who helped write the 2001 law.
“The implications of this flawed interpretation are staggering,” Sensenbrenner wrote in a Sept. 6 letter to Attorney General Eric Holder. “The logic the administration uses for bulk collection would seem to support bulk collection of other personal data.”
Sensenbrenner also filed a legal brief Sept. 4 supporting a lawsuit by the American Civil Liberties Union against the bulk collection program. He questioned whether the program could be used to build a national database of gun owners and violate the constitutional rights of Americans to keep arms.
The National Rifle Association, the largest U.S. gun-rights lobbying group, also filed a legal brief supporting the ACLU’s motion for a preliminary injunction, which would halt the program until the case is decided.
The case is Electronic Frontier Foundation v. Department of Justice, 11-05221, U.S. District Court, Northern District of California (Oakland).
Glenn Greenwald @ggreenwald 1h
Lee Hamilton says: DOJ should indict James Clapper for lying to Congress http://www.heraldtimesonline.com/news/l ... df8af.html …
by seemslikeadream » Tue Sep 10, 2013 8:08 pm
In 2009, FISA Court Shut Down NSA Program for 6 Months Because It Had "Frequently and Systemically" Violated the Rules
—By Kevin Drum
| Tue Sep. 10, 2013 4:15 PM PDT
Last month we learned that in 2011 a FISA judge slammed the NSA for "the third instance in less than three years" in which an NSA surveillance program had been misrepresented to the court. Today, the Obama administration released a set of documents that describes one of the previous instances. It involves the NSA's collection of phone records, which are supposed to be governed by strict minimization procedures that prevent analysts from illegally accessing the records of U.S. persons who are not reasonably suspected of terrorist ties. But it turned out that for three years, from 2006 to 2009, NSA had been routinely breaking its own rules; had been routinely providing false affirmations to the court; and apparently had no one on their staff who even understood how their own systems worked. Here is Judge Reggie Walton's conclusion:
The NSA's explanation for how these violations occurred "strained credulity," Walton wrote, and because of that he shut down the phone record program entirely until the government put in place safeguards against abuse that satisfied him. Six months later, he finally allowed the program to retstart.
Josh Gerstein has more details here. The main takeaway, however, is the obvious one: no agency can perform oversight on itself. NSA was violating the court's rules for three years, and only discovered the problem because a spot check happened to turn up a violation, which in turn prompted them to do a broader investigation. That's no way to ensure compliance with legal and constitutional standards.
by seemslikeadream » Tue Sep 10, 2013 8:11 pm
The NSA's next move: silencing university professors?
A Johns Hopkins computer science professor blogs on the NSA and is asked to take it down. I fear for academic freedom
Jay Rosen
theguardian.com, Tuesday 10 September 2013 12.40 EDT
A computer user is silhouetted with a row of computer monitors at an internet cafe in China
On 9 September, Johns Hopkins University asked one of its professors to take down a blog post on the NSA. Photograph: AP
This actually happened yesterday:
A professor in the computer science department at Johns Hopkins, a leading American university, had written a post on his blog, hosted on the university's servers, focused on his area of expertise, which is cryptography. The post was highly critical of the government, specifically the National Security Agency, whose reckless behavior in attacking online security astonished him.
Professor Matthew Green wrote on 5 September:
I was totally unprepared for today's bombshell revelations describing the NSA's efforts to defeat encryption. Not only does the worst possible hypothetical I discussed appear to be true, but it's true on a scale I couldn't even imagine.
The post was widely circulated online because it is about the sense of betrayal within a community of technical people who had often collaborated with the government. (I linked to it myself.)
On Monday, he gets a note from the acting dean of the engineering school asking him to take the post down and stop using the NSA logo as clip art in his posts. The email also informs him that if he resists he will need a lawyer. The professor runs two versions of the same site: one hosted on the university's servers, one on Google's blogger.com service. He tells the dean that he will take down the site mirrored on the university's system but not the one on blogger.com. He also removes the NSA logo from the post. Then, he takes to Twitter.
The professor says he was told that someone at the Applied Physics Laboratory, a research institute with longstanding ties to the Department of Defense and the National Security Agency, determined that his blog post was hosting or linking to classified material, and sounded the alarm, which led to the takedown request from the dean. He says he thought Johns Hopkins University, his employer, had come down "on the wrong side of common sense and academic freedom", particularly since the only classified material he had linked to was from news reports in the Guardian, the New York Times and ProPublica.org – information available to the public.
Word gets around, and by late afternoon, the press starts asking questions. Now, Johns Hopkins is worried about how it looks in the media. The university bureaucracy scrambles the jets and comes up with a statement:
The university received information this morning that Matthew Green's blog contained a link or links to classified material and also used the NSA logo. For that reason, we asked professor Green to remove the Johns Hopkins-hosted mirror site for his blog Upon further review, we note that the NSA logo has been removed and that he appears to link to material that has been published in the news media. Interim Dean Andrew Douglas has informed professor Green that the mirror site may be restored.
So the university backs down, leaving many unanswered questions. Possibly, they will be addressed today. Here are some on my list:
Who was it in the Applied Physics Laboratory, with its close ties to the NSA, that raised the alarm about what a (very effective) critic of the NSA was writing ... and why?
Did that person hear first from the government and then contact the Johns Hopkins officials?
Why would an academic dean cave under pressure and send the takedown request without careful review, which would have easily discovered, for example, that the classified documents to which the blog post linked were widely available in the public domain?
Why is Johns Hopkins simultaneously saying that the event was internal to the university (that the request didn't come from the government) and that it doesn't know how the whole thing began? The dean of the engineering school doesn't know who contacted him about a professor's blog post? Really? The press office doesn't know how to get in touch with the dean? Seems unlikely. Johns Hopkins spokesman Dennis O'Shea told me this morning that university officials "were still trying to trace" the events back to their source. Clearly, there's a lot more to the story.
Matthew Green said the original request to take down his post could have referred to his Blogger.com site and the site hosted on Johns Hopkins servers. Since a request to unpublish your thoughts is one of the most extreme and threatening that any university can make of a faculty member, what kind of deliberation went into it? That Johns Hopkins backtracked so quickly after the press started asking questions suggests that the reasoning was pretty thin. But the request was momentous. These things don't fit together. What gives?
Dennis O'Shea told me the original concern was that Matthew Green's post might be "illegally linking to classified information". I asked him what law he was referring to. "I'm not saying that there was a great deal of legal analysis done," he replied. Obviously. But again: given the severity of the remedy – unpublishing an expert's post critical of the NSA – careful legal analysis was called for. Why was it missing?
In commenting critically on a subject he is expert in, and taking an independent stance that asks hard questions and puts the responsibility where it belongs, Matthew Green is doing exactly what a university faculty member is supposed to be doing. By putting his thoughts in a blog post that anyone can read and link to, he is contributing to a vital public debate, which is exactly what universities need to be doing more often. Instead of trying to get Matthew Green's blog off their servers, the deans should be trying to get more faculty into blogging and into the public arena. Who at Johns Hopkins is speaking up for these priorities? And why isn't the Johns Hopkins faculty roaring about this issue? (I teach at New York University, and I'm furious.)
Notice: Matthew Green didn't get any takedown request from Google. Only from Johns Hopkins. Think about what that means for the school. He's "their" professor, yet his work is safer on the servers of a private company than his own university. The institution failed in the clutch. That it rectified it later in the day is welcome news, but I won't be cheering until we have answers that befit a great institution like Johns Hopkins, where graduate education was founded on these shores.
And another thing: America's system of research universities is the best in the world. No one argues with that. It's one of biggest advantages this nation has. If it becomes captive to government and handmaiden to the surveillance state, that would be an economic and cultural crime of monstrous proportions. What happened to Matthew Green's blog post yesterday is no small matter.
by seemslikeadream » Sun Sep 15, 2013 3:06 pm
NSA disguised itself as Google to spy, say reports
If a recently leaked document is any indication, the US National Security Agency -- or its UK counterpart -- appears to have put on a Google suit to gather intelligence.
by Edward Moyer September 12, 2013 2:19 PM PDT
The flag of the NSA.
Here's one of the latest tidbits on the NSA surveillance scandal (which seems to be generating nearly as many blog items as there are phone numbers in the spy agency's data banks).
Earlier this week, Techdirt picked up on a passing mention in a Brazilian news story and a Slate article to point out that the US National Security Agency had apparently impersonated Google on at least one occasion to gather data on people. (Mother Jones subsequently pointed out Techdirt's point-out.)
Brazilian site Fantastico obtained and published a document leaked by Edward Snowden, which diagrams how a "man in the middle attack" involving Google was apparently carried out.
A technique commonly used by hackers, a MITM attack involves using a fake security certificate to pose as a legitimate Web service, bypass browser security settings, and then intercept data that an unsuspecting person is sending to that service. Hackers could, for example, pose as a banking Web site and steal passwords.
The article by Brazil's Fantastico mentions a hitherto unknown GCHQ spy program called "Flying Pig." This prompted a Twitter quip from Electronic Frontier Foundation attorney Kurt Opsahl: "PRISM, Flying Pig. Someone in the surveillance state has a thing for Pink Floyd album covers."
(Credit: Pig: Musiclipse.com; prism: Harvest, Capitol.)
The technique is particularly sly because the hackers then use the password to log in to the real banking site and then serve as a "man in the middle," receiving requests from the banking customer, passing them on to the bank site, and then returning requested info to the customer -- all the while collecting data for themselves, with neither the customer nor the bank realizing what's happening. Such attacks can be used against e-mail providers too.
It's not clear if the supposed attack in the Fantastico document was handled by the NSA or by its UK counterpart, the Government Communications Headquarters (GCHQ). The article by the Brazilian news agency says, "In this case, data is rerouted to the NSA central, and then relayed to its destination, without either end noticing."
"There have been rumors of the NSA and others using those kinds of MITM attacks," Mike Masnick writes on Techdirt, "but to have it confirmed that they're doing them against the likes of Google... is a big deal -- and something I would imagine does not make [Google] particularly happy."
Google provided a short statement to Mother Jones reporter Josh Harkinson in response to his questions on the matter: "As for recent reports that the US government has found ways to circumvent our security systems, we have no evidence of any such thing ever occurring. We provide our user data to governments only in accordance with the law." (The company is also trying to win the right to provide more transparency regarding government requests for data on Google users.)
CNET got a "no comment" from the NSA in response to our request for more information.
As TechDirt suggests, an MITM attack on the part of the NSA or GCHQ would hardly be a complete shock. The New York Times reported last week that the NSA has sidestepped common Net encryption methods in a number of ways, including hacking into the servers of private companies to steal encryption keys, collaborating with tech companies to build in back doors, and covertly introducing weaknesses into encryption standards.
It wouldn't be much of a stretch to obtain a fake security certificate to foil the Secure Sockets Layer (SSL) cryptographic protocol that's designed to verify the authenticity of Web sites and ensure secure Net communications.
Indeed, such attacks have been aimed at Google before, including in 2011, when a hacker broke into the systems of DigiNotar -- a Dutch company that issued Web security certificates -- and created more than 500 SSL certificates used to authenticate Web sites.
In any case, the purported NSA/GCHG impersonation of Google inspired a rather clever graphic by Mother Jones, one that might even impress the rather clever Doodlers at Google:
by seemslikeadream » Sun Sep 15, 2013 5:09 pm
NSA ‘Follow the Money’ branch spied on VISA customers, SWIFT transactions – report
Published time: September 15, 2013 19:31
Edited time: September 15, 2013 20:02
Reuters / Jason Reed
The NSA has been widely monitoring international banking and credit card transactions, a new report says referencing Edward Snowden’s leak. The agency targeted VISA customers and global financial service SWIFT and created its own money flows database.
Referring to information leaked by Edward Snowden, a former CIA employee and NSA contractor, German Der Spiegel reports that the surveillance was carried out by a branch called "Follow the Money" (FTM).
After the information on transactions was obtained, it was redirected to the NSA's own financial database, called "Tracfin".
According to the leaked documents, in 2011 the database contained 180 million records, with 84 per cent of those being credit card transactions details.
Among the millions of records, the NSA's Tracfin’s also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT). Used to conduct business operations “with speed, certainty and confidence”, this global financial service is used by more than 10,000 banking organizations in 212 countries.
The NSA spied on SWIFT on several levels, involving its "tailored access operations" division, according to the report in Der Spiegel. Reading "SWIFT printer traffic from numerous banks," was just one of the ways the NSA was accessing the information.
One of the NSA’s goals was to "collect, parse and ingest transactional data for priority credit card associations, focusing on priority geographic regions."
According to documents dated 2010, the agency was spying on large credit card companies’ customers, Der Spiegel adds. In particular, the NSA was getting access to transactions by VISA customers in Europe, the Middle East and Africa. Reportedly, speaking at an internal conference that year, NSA analysts described in detail how the search through the US company's complex transaction network for tapping possibilities was conducted.
However, when Der Spiegel reached VISA for a comment, its spokeswoman ruled out the possibility that data could be taken from company-run networks.
According to one of the documents, the UK's intelligence agency, GCHQ, admitted cooperation with the NSA to spy on the world finance system. In its report, concerning the legal perspectives on "financial data", it said that the collection, storage and sharing of politically sensitive data was a deep invasion of privacy and involved "bulk data" full of "rich personal information," much of which "is not about our targets."
by Joao » Tue Sep 17, 2013 1:26 pm
Experts see potential perils in Brazil push to break with US-centric Internet over NSA spying
Associated Press, Published: September 16 | Updated: Tuesday, September 17, 7:54 AM
RIO DE JANEIRO — Brazil plans to divorce itself from the U.S.-centric Internet over Washington’s widespread online spying, a move that many experts fear will be a potentially dangerous first step toward fracturing a global network built with minimal interference by governments.
President Dilma Rousseff ordered a series of measures aimed at greater Brazilian online independence and security following revelations that the U.S. National Security Agency intercepted her communications, hacked into the state-owned Petrobras oil company’s network and spied on Brazilians who entrusted their personal data to U.S. tech companies such as Facebook and Google.
The leader is so angered by the espionage that she’s considering cancelling a trip to Washington next month where she’s scheduled to be honored with a state dinner.
Internet security and policy experts say the Brazilian government’s reaction to information leaked by former NSA contractor Edward Snowden is understandable, but warn it could set the Internet on a course of Balkanization.
“The global backlash is only beginning and will get far more severe in coming months,” said Sascha Meinrath, director of the Open Technology Institute at the Washington-based New America Foundation think tank. “This notion of national privacy sovereignty is going to be an increasingly salient issue around the globe.”
While Brazil isn’t proposing to bar its citizens from U.S.-based Web services, it wants their data to be stored locally as the nation assumes greater control over Brazilians’ Internet use to protect them from NSA snooping.
The danger of mandating that kind of geographic isolation, Meinrath said, is that it could render inoperable popular software applications and services and endanger the Internet’s open, interconnected structure.
The effort by Latin America’s biggest economy to digitally isolate itself from U.S. spying not only could be costly and difficult, it could encourage repressive governments to seek greater technical control over the Internet to crush free expression at home, experts say.
In December, countries advocating greater “cyber-sovereignty” pushed for such control at an International Telecommunications Union meeting in Dubai, with Western democracies led by the United States and the European Union in opposition.
U.S. digital security expert Bruce Schneier says that while Brazil’s response is a rational reaction to NSA spying, it is likely to embolden “some of the worst countries out there to seek more control over their citizens’ Internet. That’s Russia, China, Iran and Syria.”
Rousseff says she intends to push for international rules on privacy and security in hardware and software during the U.N. General Assembly meeting later this month. Among Snowden revelations: the NSA has created backdoors in software and Web-based services.
Brazil is now pushing more aggressively than any other nation to end U.S. commercial hegemony on the Internet. More than 80 percent of online search, for example, is controlled by U.S.-based companies.
by seemslikeadream » Thu Sep 19, 2013 8:45 pm
NSA Sends Letter to Its ‘Extended’ Family to Reassure Them That They Will ‘Weather’ This ‘Storm’
By: Kevin Gosztola Thursday September 19, 2013 7:00 pm
The National Security Agency sent out a letter to all of its employees and affiliates, including contractors, that could be printed and shared with family, friends and colleagues. It was intended to reassure them that the NSA is not really the abusive and unchecked spying agency engaged in illegal activity that someone reading former NSA contractor Edward Snowden’s disclosures might think it happens to be.
The letter, sent on September 13, is signed by NSA Director Gen. Keith Alexander and NSA Deputy Director John Inglis, begins, “We are writing to you, our extended NSA/CSS family, in light of the unauthorized disclosure of classified information by a former contractor employee.”
If anyone was thinking of breaking up with the NSA family, the letter states, “We want to put the information you are reading and hearing about in the press into context and reassure you that this Agency and its workforce are deserving and appreciative of your support.”
“Some media outlets have sensationalized the leaks to the press in a way that has called into question our motives and wrongly cast doubt on the integrity and commitment of the extraordinary people who work here at NSA/CSS—your loved one(s),” the letter suggests. “It has been discouraging to see how our Agency frequently has been portrayed in the news as more of a rogue element than a national treasure.”
I don’t know what press publications the NSA regularly collects, intercepts and analyzes, but most of the press has questioned the motives of Edward Snowden, not the analysts working at the NSA.
This siege mentality seems more indicative of the fact that the NSA has been subject to uncharacteristic scrutiny in the past months that should have occurred when the NSA first began to employ the surveillance programs that have been exposed, like PRISM and the bulk data collection from telephone providers.
“For more than 6 decades, NSA/CSS has been responsible for protecting the United States and its allies through its information assurance and signals intelligence missions. All of the things we do to conduct our mission are lawful,” except for when the NSA monitored the calls of over a thousand Americans engaged in political activities between 1967 and 1973.
Except for when it was intercepting mail in the 1950s without distinguishing between messages from foreigners and Americans. Except for when it was involved in the 1960s in investigating “racial matters” or “student agitation” by activists in cooperation with the CIA and military intelligence agencies. Except for when it engaged in warrantless wiretapping, most recently after the September 11th attacks.
In case family members thought their loved one had no sense of what it means to respect privacy and protect civil liberties of US citizens, the directors declare, “In concert with our mission, NSA/CSS employees are trained from the first day on the job, and regularly thereafter, to respect the privacy and civil liberties of US citizens. We go to great lengths to achieve our goal of no mistakes.”
“However, we are human and, because the environment of law and technology within which we operate is so complex and dynamic, mistakes sometimes do occur.” Thousands of times per year they sometimes occur. Sometimes these “mistakes” involve incidents like adding 16,000 phone numbers improperly to an “alert list.” This is according to official documents like audits of the agency. Yet, the directors write, “Some of those reports have been leaked to the press and have been mischaracterized to portray us as irresponsible and careless; nothing could be further from the truth.”
As both Sen. Ron Wyden and Sen. Mark Udall have suggested, given the ineptitude of the NSA in being able to understand what it was doing with the bulk data collection program, how does it know if the program even kept Americans safe? Seems like it would be best to just end the program. (Plus, it would help the NSA achieve its goal of “no mistakes.”)
“There are some in the media who are taking the time to actually study the leaked material, and they have drawn conclusions that are very different from those who are in it for a quick headline,” the directors concede. Unfortunately, they are not talking about anyone like Marcy Wheeler.
The directors quote Lawfare’s editor-in-chief and frequent national security state apologist, Benjamin Wittes, who wrote a post chastising The Washington Post as well as President Barack Obama’s administration for how it was handling the leaks.
Shameful as it is that these documents were leaked, they actually should give the public great confidence both in NSA’s internal oversight mechanisms and in the executive and judicial oversight mechanisms outside the agency. They show no evidence of any intentional spying on Americans or abuse of civil liberties. They show a low rate of the sort of errors any complex system of technical collection will inevitably yield. They show robust compliance procedures on the part of the NSA. And they show an earnest, ongoing dialog with the FISA Court over the parameters of the agency’s legal authority and a commitment both to keeping the court informed of activities and to complying with its judgments on their legality. While it took a criminal act to make this record public, we are deeply proud of this record and make no apologies for it.
The above is what Wittes thought the Obama administration should have been saying about the leaks (though it is not clear in the letter if Alexander and Inglis realize this). So, essentially, this is an expression of how disappointed the NSA is with how the White House has not done enough to shield it from investigative journalists curious about what it really has been doing with its surveillance powers.
The letter cites propaganda the agency has peddled—that its actions have thwarted “54 different terrorist plots.” Inglis admitted during a hearing to Sen. Patrick Leahy that US bulk records phone spying had only been key in stopping one terrorist plot. But, this is about reassuring the family that everything is okay and going to be fine so did you know many American service members could have died without this unbounded surveillance? Some even have died.
“The NSA/CSS Memorial Wall lists the names of 171 cryptologists who have died in the line of duty since the Agency’s inception in 1952,” according to the letter.
What does that even mean? People die while working for us and put their lives on the line every day so don’t even think about criticizing our role in government? Or, for the families who are questioning whether their loved one is now a forever disgraced government employee, do not worry because they are working on collecting “intelligence” at great risk in some cases?
“More stories will appear,” the directors note, but rest assured the NSA will be working to “separate fact from fiction.” In fact, it appears employees will be coming home with some kind of kits of materials for family members to help them “understand that our activities are lawful, appropriate and effective.”
It concludes, “We have weathered storms before and we will weather this one together, as well.”
The entire letter is emblematic of the insular culture of people who have committed their lives to Top Secret America and have placed themselves above criticism by any person, whether they be in the halls of power, a media organization or a civil society group in this country.
It is not the NSA who has engaged in operations that infringe upon privacy with very little discernible proof that the programs have stopped numerous actual terrorist plots, who should be shamed. It is the press, who have convinced many Americans that the NSA is some kind of “rogue element.”
And, even though the NSA director built a replica of the bridge from starship Enterprise and called it the “Information Dominance Center” and that wholly perverts the values of peace and cooperation creator Gene Roddenberry intended to promote, it is not a “rogue element” but a “national treasure” that we all should shower with honor and praise.
by Joao » Wed Sep 25, 2013 1:11 am
The NSA wrote:Job Title: NSA Civil Liberties & Privacy Officer
Location: Fort George G. Meade, MD
Full/Part Time: Full-Time
Regular/Temporary: Regular
The NSA Civil Liberties & Privacy Officer (CLPO) is conceived as a completely new role, combining the separate responsibilities of NSA's existing Civil Liberties and Privacy (CL/P) protection programs under a single official. The CLPO will serve as the primary advisor to the Director of NSA for ensuring that privacy is protected and civil liberties are maintained by all of NSA's missions, programs, policies and technologies. This new position is focused on the future, designed to directly enhance decision making and to ensure that CL/P protections continue to be baked into NSA's future operations, technologies, tradecraft, and policies. The NSA CLPO will consult regularly with the Office of the Director of National Intelligence CLPO, privacy and civil liberties officials from the Department of Defense and the Department of Justice, as well as other U.S. government, private sector, public advocacy groups and foreign partners.
by seemslikeadream » Thu Sep 26, 2013 9:11 pm
Senators Push to Preserve N.S.A. Phone Surveillance
By CHARLIE SAVAGE
Published: September 26, 2013
WASHINGTON — The Senate Intelligence Committee appears to be moving toward swift passage of a bill that would “change but preserve” the once-secret National Security Agency program that is keeping logs of every American’s phone calls, Senator Dianne Feinstein, the California Democrat who leads the panel, said Thursday.
Ms. Feinstein, speaking at a rare public hearing of the committee, said she and the top Republican on the panel, Senator Saxby Chambliss of Georgia, are drafting a bill that would be marked up — meaning that lawmakers could propose amendments to it before voting it out of committee — as early as next week.
After the existence of the program became public by leaks from the former N.S.A. contractor Edward J. Snowden, critics called for it to be dismantled. Ms. Feinstein said her bill would be aimed at increasing public confidence in the program, which she said she believed was lawful.
The measure would require public reports of how often the N.S.A. had used the calling log database, she said. It would also reduce the number of years — currently five — that the domestic calling log data is kept before it is deleted. It would also require the N.S.A. to send lists of the phone numbers it searches, and its rationale for doing so, to the Foreign Intelligence Surveillance Court for review.
By contrast, a rival bill drafted by several committee members who are skeptics of government surveillance, including Senators Ron Wyden of Oregon and Mark Udall of Colorado, would ban the mass call log collection program.
That more extensive step is unlikely to pass the committee. Ms. Feinstein contended that “a majority of the committee” believed that the call log program was “necessary for our nation’s security.”
Ms. Feinstein said her bill with Mr. Chambliss would also require Senate confirmation of the N.S.A.’s director. At the same time, it would expand the N.S.A.’s powers to wiretap without warrants in the United States in one respect: when it is eavesdropping on a foreigner’s cellphone, and that person travels to the United States, the N.S.A. would be allowed to keep wiretapping for up to a week while it seeks court permission.
That step would remove the largest number of incidents in which the N.S.A. has deemed itself to have broken rules about surveillance in the United States. Those incidents were identified in a May 2012 audit leaked by Mr. Snowden.
The proposals pushed by Mr. Wyden and Mr. Udall would also ban the N.S.A. from warrantless searches of Americans’ information in the vast databases of communications it collects by targeting noncitizens abroad. And it would prohibit, when terrorism is not suspected, systematic searches of the contents of Americans’ international e-mails and text messages that are “about” a target rather than to or from that person.
Still, most of the senators on the Intelligence Committee, which had received briefings about the call log program and other surveillance even before Mr. Snowden’s leaks, used the hearing on Thursday to largely defend the programs and criticize the disclosures.
Mr. Chambliss suggested that people could die because of Mr. Snowden’s disclosures, and he pressed Gen. Keith Alexander, the N.S.A. director, to describe the program’s value.
“In my opinion,” General Alexander said, “if we had had that prior to 9/11, we would have known about the plot.”
Officials have struggled to identify terrorist attacks that would have been prevented by the call log program, which has existed in its current form since 2006. The clearest breakthrough attributed to the program was a case involving several San Diego men who were prosecuted for donating several thousand dollars to a terrorist group in Somalia.
Mr. Wyden pressed General Alexander about whether the N.S.A. had ever collected, or made plans to collect, bulk records about Americans’ locations based on cellphone tower data.
General Alexander replied that the N.S.A. is not doing so as part of the call log program, but that information pertinent to Mr. Wyden’s question was classified.
Unusual Senate hearing leads to testy questions about NSA cellphone spying
US intelligence officials sought to ally fears about NSA activities at a Senate hearing Thursday. But one senator came away wanting more answers about cellphone surveillance.
By Warren Richey, Staff writer / September 26, 2013
Senate Intelligence Committee Chairwoman Dianne Feinstein (D) of California talks with (from l.), Deputy Attorney General James Cole, National Security Agency Director Gen. Keith Alexander, and Director of National Intelligence James Clapper on Capitol Hill in Washington Thursday.
Top US intelligence officials tried to reassure senators and the American public on Thursday that the secret collection of telecommunications metadata and other surveillance techniques used by the National Security Agency had operated legally and within the bounds of constitutional protections....
by seemslikeadream » Thu Sep 26, 2013 9:25 pm
US intelligence chiefs urge Congress to preserve surveillance programs
Officials refuse to say in Senate testimony whether cell site data had ever been used to pinpoint an individual's location
Paul Lewis and Dan Roberts in Washington
theguardian.com, Thursday 26 September 2013 18.08 EDT
Senator Dianne Feinstein speaks with director of national intelligence James Clapper, NSA director general Keith Alexander and deputy attorney general James Cole. Photograph: James Reed/Reuters
US intelligence chiefs used an appearance before Congress on Thursday to urge lawmakers not to allow public anger over the extent of government surveillance to result in changes to the law that would impede them from preventing terrorist attacks.
General Keith Alexander, the director of the National Security Agency, conceded that disclosures by the whistleblower Edward Snowden "will change how we operate". But he urged senators, who are weighing a raft of reforms, to preserve the foundational attributes of a program that allows officials to collect the phone data of millions of American citizens.
In testy exchanges at the Senate intelligence committee, Alexander and the director of national intelligence, James Clapper, refused to say on the record where the NSA had ever sought to trawl cell site data, which pinpoints the location of individuals via their phones.
They were challenged by Democratic senator Ron Wyden who, as a member of the committee, has for years been privy to classified briefings that he cannot discuss in public. "You talk about the damage that has been done by disclosures, but any government official who thought this would never be disclosed was ignoring history. The truth always manages to come out," he said.
"The NSA leadership built an intelligence data collection system that repeatedly deceived the American people. Time and time again the American people were told one thing in a public forum, while intelligence agencies did something else in private."
Wyden and his fellow Democrat Mark Udall used the public hearing to press the intelligence chiefs on aspects of the top-secret surveillance infrastructure.
Asked by Udall whether it was the NSA's aim to collect the records of all Americans, Alexander replied: "I believe it is in the nation's best interest to put all the phone records into a lockbox – yes."
He would not be drawn on any past attempts or plans to store cell site data for security reasons. The NSA director evaded repeated questions from Wyden over whether the NSA had either collection of cell site phone data, or planned to do so. Alexander eventually replied: "What I don't want to do senator is put out in an unclassified form anything that is classified."
Alexander and Clapper also strongly criticised the media for over its publication of Snowden's disclosures, which they suggested had been misleading. Neither of the intelligence chiefs, nor any of the senators who criticised media reporting, indicated which news organisations or particular reports were misleading, or in what way.
Alexander said that while recent disclosures were likely to impact public perceptions of the NSA and "change how we operate", any diminution of the intelligence community's capabilities risked terrorist attacks on US territory.
He told the committee that over one seven-day period this month, 972 people had been killed in terrorist attacks in Kenya, Pakistan, Afghanistan, Syria, Yemen and Iraq. "We need these programs to ensure we don't have those same statistics here," he said.
Alexander said that violations of the rules governing surveillance powers were not common and "with very rare exceptions, are unintentional". Clapper also admitted to violations, saying "on occasion, we've made mistakes, some quite significant", but stressed those were inadvertent and the result of human or technical errors.
In a joint written submission with James Cole, the deputy attorney general, who also gave evidence to the committee, they said they were "open to a number of ideas that have been proposed in various forms" relating to the routine trawl of millions phone records of Americans under section 215 of the Patriot Act.
The trio said they would consider statutory restrictions on their ability to query the data they gather and disclosing publicly how often they use the system. However, there was no suggestion in the written submission that they would contemplate any infringement on the bulk collection and storage of the phone records, a proposal contained in bills being put forward in the House of Representatives and Senate.
"To be clear, we believe the manner in which the bulk telephony metadata collection program has been carried out is lawful, and existing oversight mechanisms protect both privacy and security," they stated.
The trio said they were also open to discussing legislation under which the foreign intelligence surveillance (Fisa) court would at its discretion solicit the views of some kind of independent figure in cases that raise broader civil liberties issues.
This falls short of the draft legislation calling for the appointment of a "constitutional advocate", which Wyden, Udall and other senators are pushing for in a bipartisan bill unveiled on Wednesday night.
At the start of the hearing, the Democratic chair of the committee, Diane Feinstein, outlined a separate bill she is introducing with Republican vice-chairman Saxby Chambliss.
Their proposed legislation broadly echoes the small tweaks the intelligence establishment says it will consider, but does not go further. Feinstein said their bill would change but preserve the program of collecting and storing phone records of Americans under section 215 of the Patriot Act.
She echoed criticisms of the media reporting of Snowden disclosures, said she was confident NSA surveillance programs were "lawful, effective and they are conducted under careful oversight". She asserted that the program by which intelligence officials secretly collect millions of phone metadata, and can be used to provide a detailed breakdown of an individual's movements life, was not a form of covert monitoring. "Much of the press has called this as surveillance program," she said. "It is not."
Chambliss said that "while we are here in large part because of the Snowden leaks", they had caused huge damage to the US and its interests and "would ultimately claim lives", something he said Snowden should be held to account for.
Feinstein and Chambliss are the two members of Congress who arguably have the biggest mandate to hold the intelligence establishment to account.
Their bill would not limit the collection of phone records, but rather introduce some restrictions on when intelligence officials are permitted to search the data, and requirements of the intelligence agencies to disclose how often they use the program.
It would also partly widen the powers of the NSA, allowing laws that authorise foreign spying to be continued for a period of time after targets enter US territory.
Mid-hearing on Thursday, Feinstein read out excerpts from an email she said she had received on her BlackBerry from the Obama administration, pertaining to the wording that might be used to describe a special advocate lawyer in the Fisa court.
Other senators on the committee criticised media reporting and argued the essence of the surveillance apparatus should be left in place. Republican senator Dan Coats said journalists were throwing "raw meat out there", suggesting the reporting was misleading the public. He cautioned against overreacting "for fear of the public saying, 'Oh, that headline makes me nervous.'"
Democrat Jay Rockefeller said that public misunderstandings risked dismantling a system of surveillance that has taken a decade to construct in the aftermath of the September 11 attacks. "You don't build a Roman fort and then build another one next door because you've made a mistake," he said.
Clapper responded that the agencies were finding ways to "counter the popular narrative".
by Allegro » Fri Sep 27, 2013 7:31 am
by seemslikeadream » Fri Sep 27, 2013 9:33 am
U.S. Misses Deadline in NSA 'Dragnet' Case, Has Excuse
By NICK DIVITO
MANHATTAN (CN) - The federal government wants more time to defend its massive domestic surveillance program against the ACLU's claims that it is an unconstitutional "dragnet" on the phone records of every American.
A brief opposing the ACLU's demands for a preliminary injunction was due Thursday, but the government said in a letter that night to U.S. District Judge William Pauley III that it needed more time.
Acknowledging that its request came at the "last minute," the government said it had already obtained the "plaintiffs' gracious consent." Thursday had also been the deadline for the ACLU to oppose a motion to dismiss. The government persuaded the ACLU to delay its filing because "fairness will best be served by keeping their respective submissions simultaneous."
"We anticipated making a timely filing this evening until, at approximately 7 p.m., we were made aware of one factual issue that needs to be explored before we will be in a position to finalize our papers, including supporting declarations," Assistant U.S. Attorney David Jones wrote.
His office did not immediately respond to a request for more information about what prompted the last-minute delay. Its defense of the spying has been unwavering, however, even in the face of unsealed rulings from the Foreign Intelligence Surveillance Court that blast the surveillance for its "flagrant violation" of privacy and the U.S. Constitution.
The government wants until Oct. 1 to file, with reply papers then due on Oct. 15.
It is unclear whether any delay would affect the trial scheduled for Nov. 1. The ACLU had wanted the injunction in advance of that date, stopping the National Security Agency's mass phone call-tracking program and quarantining its data.
The NSA's actions were revealed in May by Edward Snowden, who leaked to The Guardian and The Washington Post a secret court order that forced Verizon to "turn over, every day, metadata about the calls made by each of its subscribers over a three-month period ending on July 19, 2013."
This prompted the ACLU to file suit in June, calling the "dragnet" surveillance unconstitutional. It says the government collects information about every telephone call made by every American, including the time the call started and the length of each conversation.
The NSA then uses that data to create a "rich profile of every citizen as well as a comprehensive record of citizens' associations with one another," according to a 48-page memo of law supporting the ACLU's motion for a preliminary injunction.
Civil libertarians fear that the surveillance not only invades its privacy but "threatens to dissuade potential clients and others from contacting them, and compromises their ability to serve their clients' interests and their institutional missions."
In August, defendant James R. Clapper, director of National Intelligence, filed a 52-page motion to dismiss on the grounds that the Southern District of New York lacks jurisdiction to hear the case.
Clapper also claimed that the program defends the country from terrorism.
"National security investigations often have remarkable breadth, spanning long periods of time and multiple geographic regions to identify terrorist groups, their members, intended targets and means of attack, many of which are often unknown to the intelligence community at the offset," the government wrote in its memorandum of law in support of motion to dismiss the complaint.
Section 215 of the Patriot Act expanded the government's power to track tangible things upon showing reasonable grounds to believe they are relevant to an authorized investigation.
by seemslikeadream » Sat Sep 28, 2013 12:00 pm
Dianne Feinstein Accidentally Confirms That NSA Tapped The Internet Backbone
from the but-of-course dept
It's widely known that the NSA has taps connected to the various telco networks, thanks in large part to AT&T employee Mark Klein who blew the whistle on AT&T's secret NSA room in San Francisco. What was unclear was exactly what kind of access the NSA had. Various groups like the EFF and CDT have both been asking the administration to finally come clean, in the name of transparency, if they're tapping backbone networks to snarf up internet communications like email. So far, the administration has declined to elaborate. Back in August, when the FISA court declassified its ruling about NSA violations, the third footnote, though heavily redacted, did briefly discuss this "upstream" capability:
In short, "upstream" capabilities are tapping the backbone itself, via the willing assistance of the telcos (who still have remained mostly silent on all of this) as opposed to "downstream" collection, which requires going to the internet companies directly. The internet companies have been much more resistant to government attempts to get access to their accounts. And thus, it's a big question as to what exactly the NSA can collect via its taps on the internet backbone, and the NSA and its defenders have tried to remain silent on this point, as you can see from the redactions above.
However, as Kevin Bankston notes, during Thursday's Senate Intelligence Committee hearing, Dianne Feinstein more or less admitted that they get emails via "upstream" collection methods. As you can see in the following clip, Feinstein interrupts a discussion to read a prepared "rebuttal" to a point being made, and in doing so clearly says that the NSA can get emails via upstream collections:
Upstream collection... occurs when NSA obtains internet communications, such as e-mails, from certain US companies that operate the Internet background, i.e., the companies that own and operate the domestic telecommunications lines over which internet traffic flows.
She clearly means "backbone" rather than "background." She's discussing this in an attempt to defend the NSA's "accidental" collection of information it shouldn't have had. But that point is not that important. Instead, the important point is that she's now admitted what most people suspected, but which the administration has totally avoided admitting for many, many years since the revelations made by Mark Klein.
So, despite years of trying to deny that the NSA can collect email and other communications directly from the backbone (rather than from the internet companies themselves), Feinstein appears to have finally let the cat out of the bag, perhaps without realizing it.
Users browsing this forum: No registered users and 7 guests
