Monitoring NSA in de VS en erbuiten, deel 8

quote:

Top Democrat on House intelligence panel offers new NSA reform plan

Top Democrat on House intelligence committee says details are still being worked on but proposal would end bulk collection

Supporters of a stalled congressional effort to end the National Security Agency’s bulk collection of Americans’ metadata are looking warily at an alternative proposal by a key NSA advocate purporting to seek the same goal.

This week, the top Democrat on the House intelligence committee, Congressman Dutch Ruppersberger, who represents the Maryland district home to the NSA’s Fort Meade headquarters, came out in favor of a remedy for the controversial surveillance.

Ruppersberger, in interviews with the Washington Post, National Journal and Politico, said he was working to craft a proposal that would require court orders for government requests for Americans’ phone records – perhaps on an individual basis – from the telephone companies, without requiring the companies to expand retention of their customer records beyond current practice.

It’s an idea that on its face aligns with what privacy advocates have wanted since the Guardian exposed the NSA bulk phone records collection in June, thanks to leaks from Edward Snowden.

But his idea also attracted suspicion. Not only has Ruppersberger been a staunch advocate for the NSA – and a fervent critic of Snowden – but his proposal would compete with the civil-libertarian alternative, the USA Freedom Act, that has 163 co-sponsors in both congressional chambers and would go further than Ruppersberger’s effort, as initially described.

Ruppersberger’s office concedes that the details of the proposal, which are crucial in the arcane world of surveillance authorities, are still being worked out – something giving privacy advocates pause.

On the other hand, sources said, Ruppersberger’s evolving position represents what one called a “huge step forward” toward an outright end to bulk domestic metadata collection. Ruppersberger’s credibility with the NSA might also be an asset for such an effort.

In a statement to the Guardian on Friday, Ruppersberger signaled that surveillance “reform” was necessary, framing it as critical to restoring confidence in the NSA.

“I believe that the Foreign Intelligence Surveillance Act must be reformed. We must improve the American public’s confidence in, and perception of, our national security programs, by increasing transparency, strengthening oversight, and safeguarding civil liberties,” Ruppersberger said.

“I also believe that any proposal to reform the Foreign Intelligence Surveillance Act must preserve critical intelligence tools that protect our country and its allies. I am concerned with any approach that would eliminate this important intelligence tool and make the country more vulnerable to terrorist attacks, without providing a workable alternative.”

Ruppersberger is a close partner of the intelligence committee’s chairman, congressman Mike Rogers of Michigan, who has earlier signaled outright opposition to taking the phone records database away from the NSA.

But several sources were skeptical of any effort that would move surveillance reform through the intelligence committees instead of the judiciary committees, which have been more concerned with privacy issues. The judiciary committee, which has yet to move on the USA Freedom Act, insists on primary legislative jurisdiction over surveillance law.

The Obama administration has yet to take an outright position on the USA Freedom Act, an ambivalence that several members of Congress consider the equivalent of a rejection several months after the bill was introduced.

On Thursday, Jim Sensenbrenner, a Wisconsin Republican on the judiciary committee, called on Ruppersberger to embrace the USA Freedom Act that Sensenbrenner co-authored.

“I urge him to cosponsor the USA Freedom Act. It strikes the proper balance between security and privacy, and I am confident it has the votes to pass,” Sensenbrenner said in a statement to which Ruppersberger has yet to respond.

With the details still undetermined in Ruppersberger’s proposal, it is difficult to know how far the new effort would go in requiring court-ordered individual suspicion to access phone records, as well as requiring a specific “relevance” connection to an ongoing terrorism investigation, as required in the Patriot Act and the proposed USA Freedom Act – without which, privacy advocates argue, would leave the door open to dubious searches of government records.

“This certainly doesn’t go as far as the USA Freedom Act,” said Michelle Richardson, the ACLU’s surveillance lobbyist.

“Of course, the devil will be in the details. We’re going to see if we can get an advance copy and talk to the sponsors.”

quote:

White House withholding over 9,000 docs in CIA torture probe

For the last five years, the White House has withheld over 9,000 top-secret documents from a Senate investigation of the CIA’s former detention and torture program. The report comes one day after the CIA was accused of interfering in the probe.

Though the White House has publicly supported the investigation into Bush-era torture, the Obama administration has routinely rejected requests by the Select Senate Committee on Intelligence to see the records, McClatchy news service reported Wednesday.

It is not clear how substantial the documents are for the investigation, yet the White House has shielded them without wielding the claim of executive privilege that has been used often by the Obama and George W. Bush administrations to cover CIA and other government secrets following the attacks of September 11, 2001.

The White House told McClatchy a “small percentage” of the 6.2 million pages of documents given to the Committee were “set aside because they raise executive branch confidentiality interests.” The White House added that it had worked with the Committee “to ensure access to the information necessary to review the CIA’s former program.”

Neither the CIA nor the Committee would offer comment to McClatchy.

On Tuesday, Committee chairwoman Sen. Dianne Feinstein (D) alleged that the CIA secretly removed classified documents from a computer system used by Congress in the torture probe. Feinstein claimed the CIA improperly searched a stand-alone computer network at the agency’s Langley, Virginia headquarters that was put in place so that Intelligence Committee staffers could view sensitive documents.

The CIA denied the allegations, and the White House has stood behind CIA leadership on the matter. Reuters reported Wednesday the White House had previously tried to alleviate the longstanding tension between the CIA and the Committee after both entities alleged the other spied on it. Yet the failure to assuage the feud led Sen. Feinstein to write several letters appealing to Obama’s chief legal adviser, Kathryn Ruemmler, seeking a resolution. Those attempts also fell short.

Feinstein made no mention of the 9,400 White House documents during her Tuesday speech on the Senate floor. The held materials came to the Committee’s attention in 2009, though it is not clear whether the White House had given the Democrat-led Committee access to them and then rescinded the collection. Why the documents have been kept from the Committee is yet unknown.

“The most nefarious explanation is that they are not privileged and the White House simply doesn’t want to hand them over,” said Elizabeth Goitein, the co-director of the Brennan Center for Justice’s Liberty and National Security Program at the New York University Law School.

“Executive privilege is generally asserted after negotiations and brinksmanship behind the scenes. People put on paper what they want to be formalized, and these negotiations by their very nature are very informal.”

The documents have been referenced in public. Most prominently was in August, when Committee member Mark Udall [D] pressed the administration’s Pentagon general counsel nominee, Stephen W. Preston, for an answer on how he, as former CIA general counsel, played a role in the agency’s protection of the documents.

Preston responded by saying that “a small percentage of the total number of documents was set aside for further review. The agency [CIA] has deferred to the White House and has not been substantially involved in subsequent discussions about the disposition of those documents.”

In her speech Tuesday, Feinsten also intimated that the Committee found sometime in 2010 that it had mysteriously lost access to materials it had previously had clearance to read.

“This was done without the knowledge or approval of committee members or staff and in violation of our written agreements,” she said, going on to say the “matter was resolved” after CIA evasion and a subsequent appeal to the White House.

The documents in questions are separate from materials compiled by an internal CIA review of around 6.2 million pages of emails, operational cables, and other secret documents made available to the Committee in a secret electronic reading room at the CIA’s Langley headquarters.

The Committee approved a final draft of the 6,300-page study in December 2012, yet the report has been kept from the public.

As for Senate Republicans, who long ago opted out of involvement in the CIA torture probe, the party’s top member on the Committee has cast doubt on Feinstein’s assertions.

“Although people speak as though we know all the pertinent facts surrounding this matter, the truth is, we do not,” said Sen. Saxby Chambliss.

“No forensics have been run on the CIA computers…at the CIA facility to know what actually happened,”he said Tuesday.

quote:

Revealed: the MoD's secret cyberwarfare programme

Multimillion pound project will look at how internet users can be influenced by social media and other psychological techniques

The Ministry of Defence is developing a secret, multimillion-pound research programme into the future of cyberwarfare, including how emerging technologies such as social media and psychological techniques can be harnessed by the military to influence people's beliefs.

Programmes ranging from studies into the role of online avatars to research drawing on psychological theories and the impact of live video-sharing are being funded by the MoD in partnership with arms companies, academics, marketing experts and thinktanks.

The Guardian has seen a list of those hired to deliver research projects, which have titles such as Understanding Online Avatars, Cognitive and Behaviour Concepts of Cyber Activities, and Novel Techniques for Public Sentiment and Perception Elicitation.

The projects are being awarded by a "centre of excellence" managed by BAE Systems, which has received about £20m-worth of MoD funding since 2012. The MoD plans to procure a further £10m-worth of research through the centre this year.

While the centre commissions a wide range of research, such as studies of alcohol consumption in the armed forces, a substantial stream of research comes under the heading of "information activities and outreach". The term is significant in that it has its roots in Britain's 2010 strategic defence review and national security strategy. Its aims include understanding the behaviour of internet users from different cultures, the influence of social media such as Twitter and Facebook and the psychological impact of increased online video usage on sites such as YouTube.

Typical targets, for now, would include groups of young internet users deemed at risk of being incited or recruited online to commit terrorism.

Dr Tim Stevens of Kings College London, who studies cyberwar and strategy, said there was increased state interest in the role of emergent technologies such as social media and the development of powerful psychological techniques to wield influence.

"The current furore over inter-state cyberwar is probably not where the game's at. What is far more likely is that states will seek to influence their own populations and others through so-called 'cyber' methods, which basically means the internet and the device du jour, currently smartphones and tablets," he said.

"With the advent of sophisticated data-processing capabilities (including big data), the big number-crunchers can detect, model and counter all manner of online activities just by detecting the behavioural patterns they see in the data and adjusting their tactics accordingly.

"Cyberwarfare of the future may be less about hacking electrical power grids and more about hacking minds by shaping the environment in which political debate takes place," he added.

The current MoD research drive in the area is being run by the Defence Human Capability Science and Technology Centre (DHCSTC), which is administered by BAE.

While most projects remain under wraps an insight into the area of research has been provided by a previous report commissioned by the MoD, and which has been released under the Freedom of Information Act. It examined how chatbots – computer programmes that make human-sounding small talk and which have been used in everything from customer relations to sex industry marketing – could take on military roles in intelligence and propaganda operations to influence targets.

The research into the programmes, which are designed to emulate human conversation and are familiar as "virtual assistants" on retailers' websites, envisages a future in which "an influence bot could be deployed in both covert and overt ways – on the web, in IM/chatrooms/forums or in virtual worlds".

"It could be a declared bot and fairly overt influence play, or pretend to be a human and conduct its influencing in less obvious ways," says the 2011 report by Daden, a technology group that develops chatbots for commercial and educational clients.

Daden also suggested chatbots could be used as "cyberbuddies" shadowing soldiers through their careers or as data-gatherers in digital environments such as chatrooms and forums, where they could "scout for targets, potentially analyse behaviour, and record and relay conversation".

The report cautions, however, that the barriers to their use in data-gathering and influence operations include ethical issues, adding that "the adverse effect that the unmasking of a non-declared bot would have on the subject, and their wider group needs to be carefully considered".

It says: "One approach, as in real life, is for the bot to withdraw if it thinks it may be compromised. In the early days, it may be better that the bot activity is declared and overt – in the same way as much broadcast and UK plc promotional activity."

BAE declined to provide a comment when contacted.

The projects

• Full Spectrum Targeting – a sophisticated new concept that is growing in influence at the MoD and measures future battlefields in social and cognitive terms rather than just physical spaces. Emphasis is put on identifying and co-opting influential individuals, controlling channels of information and destroying targets based on morale rather than military necessity. The £65,285 project is being delivered by the Change Institute (a London-based thinktank whose previous work includes carrying out research for the government into understanding Muslim ethnic communities), the BAE subsidiary, Detica and another defence and security-orientated company, Montvieux.

• Cognitive and Behaviour Concepts of Cyber Activities – £310,822 project being delivered by Baines Associates, a strategic marketing firm, i to i Research, a consultancy in "social and behavioural change", and universities including Northumbria, Kent and University College London.

• Innovation: Tools and Techniques for Influence Activities – a £28,474 project being delivered by the Change Institute, the University of Kent and QinetiQ, a company spun out of the MoD research department.

• Understanding Online Avatars – a £17,150 project being delivered by the Change Institute.

quote:

Small Drones Are a Bigger Privacy Threat Than the NSA, Says Senate Intel Chair

Dianne Feinstein has a bone to pick with drones, especially since she confronted one on her own lawn.

“I’m in my home and there’s a demonstration out front, and I go to peek out the window, and there’s a drone facing me,” the California Democratic senator recalled to correspondent Morley Safer on "60 Minutes" Sunday night.

Demonstrators from Code Pink, who were protesting NSA surveillance outside her house in July, said it was just a tiny pink toy helicopter.

The confusion points to the problems with understanding and regulating and at least defining drones: a drone and a remote-controlled helicopter are the same thing.

Big, armed capital-D Drones with creepy names like the Predator and the Reaper have earned a shadowy reputation because they've been used—largely in secret by the CIA—to dramatically extend the reach of the military (and through lawfare, extend the boundaries of what's lawful), within politically vacuous spaces. In a way, this use of Drones is not unlike the use of electronic surveillance by other parts of the intelligence community.

But for the purposes of privacy in America, drones are nothing fancier than flying remote controlled GoPro cameras.

“When is a drone picture a benefit to society? When does it become stalking? When does it invade privacy? How close to a home can a drone go?” Feinstein asked, listing off questions she had to Safer.

In an extra segment, Safer asked Feinstein if she believed that "the drones were the worst thing that could happen to our privacy ever."

"To a great extent that's the way I feel right now," she said, "because the drone can take pictures. The sophisticated drone, which isn't necessarily the drone that's going to be used by the average person from 17,000, 20,000 feet and you don't know it's there."

CODEPINK Surveils Feinstein for the Iraq War, Domestic Spying

quote:

The NSA's spying technology may not produce spectacular video, but both it and the drone involve potential intrusions on personal privacy. But Feinstein has said she sees drones as more risky to privacy than government internet surveillance because they are largely unregulated.

Privacy groups have challenged that view, criticizing what they've called Sen. Feinstein's contradictory views about government surveillance.

"I really wish the DiFi that just testified at #droneprivacy hearing could be chair of the Senate Intel Committee," Amie Stepanovich, the director of the Electronic Privacy Information Center, tweeted after a hearing in January.

quote:

NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls

The National Security Agency has built a surveillance system capable of recording “100 percent” of a foreign country’s telephone calls, enabling the agency to rewind and review conversations as long as a month after they take place, according to people with direct knowledge of the effort and documents supplied by former contractor Edward Snowden.

A senior manager for the program compares it to a time machine — one that can replay the voices from any call without requiring that a person be identified in advance for surveillance.

The voice interception program, called MYSTIC, began in 2009. Its RETRO tool, short for “retrospective retrieval,” and related projects reached full capacity against the first target nation in 2011. Planning documents two years later anticipated similar operations elsewhere.

In the initial deployment, collection systems are recording “every single” conversation nationwide, storing billions of them in a 30-day rolling buffer that clears the oldest calls as new ones arrive, according to a classified summary.

The call buffer opens a door “into the past,” the summary says, enabling users to “retrieve audio of interest that was not tasked at the time of the original call.” Analysts listen to only a fraction of 1 percent of the calls, but the absolute numbers are high. Each month, they send millions of voice clippings, or “cuts,” for processing and long-term storage.

At the request of U.S. officials, The Washington Post is withholding details that could be used to identify the country where the system is being employed or other countries where its use was envisioned.

No other NSA program disclosed to date has swallowed a nation’s telephone network whole. Outside experts have sometimes described that prospect as disquieting but remote, with notable implications for a growing debate over the NSA’s practice of “bulk collection” abroad.

Bulk methods capture massive data flows “without the use of discriminants,” as President Obama put it in January. By design, they vacuum up all the data they touch — meaning that most of the conversations collected by RETRO would be irrelevant to U.S. national security interests.

In the view of U.S. officials, however, the capability is highly valuable.

In a statement, Caitlin Hayden, spokeswoman for the National Security Council, declined to comment on “specific alleged intelligence activities.” Speaking generally, she said “new or emerging threats” are “often hidden within the large and complex system of modern global communications, and the United States must consequently collect signals intelligence in bulk in certain circumstances in order to identify these threats.”

NSA spokeswoman Vanee Vines, in an e-mailed statement, said that “continuous and selective reporting of specific techniques and tools used for legitimate U.S. foreign intelligence activities is highly detrimental to the national security of the United States and of our allies, and places at risk those we are sworn to protect.”

Some of the documents provided by Snowden suggest that high-volume eavesdropping may soon be extended to other countries, if it has not been already. The RETRO tool was built three years ago as a “unique one-off capability,” but last year’s secret intelligence budget named five more countries for which the MYSTIC program provides “comprehensive metadata access and content,” with a sixth expected to be in place by last October.

The budget did not say whether the NSA now records calls in quantity in those countries, or expects to do so. A separate document placed high priority on planning “for MYSTIC accesses against projected new mission requirements,” including “voice.”

Ubiquitous voice surveillance, even overseas, pulls in a great deal of content from Americans who telephone, visit and work in the target country. It may also be seen as inconsistent with Obama’s Jan. 17 pledge “that the United States is not spying on ordinary people who don’t threaten our national security,” regardless of nationality, “and that we take their privacy concerns into account.”

In a presidential policy directive, Obama instructed the NSA and other agencies that bulk acquisition may be used only to gather intelligence on one of six specified threats, including nuclear proliferation and terrorism. The directive, however, also noted that limits on bulk collection “do not apply to signals intelligence data that is temporarily acquired to facilitate targeted collection.”

The emblem of the MYSTIC program depicts a cartoon wizard with a telephone-headed staff. Among the agency’s bulk collection programs disclosed over the past year, its focus on the spoken word is unique. Most of the programs have involved the bulk collection of either metadata — which does not include content — or text, such as e-mail address books.

Telephone calls are often thought to be more ephemeral and less suited than text for processing, storage and search. Indeed, there are indications that the call-recording program has been hindered by the NSA’s limited capacity to store and transmit bulky voice files.

In the first year of its deployment, a program officer wrote that the project “has long since reached the point where it was collecting and sending home far more than the bandwidth could handle.”

Because of similar capacity limits across a range of collection programs, the NSA is leaping forward with cloud-based collection systems and a gargantuan new “mission data repository” in Utah. According to its overview briefing, the Utah facility is designed “to cope with the vast increases in digital data that have accompanied the rise of the global network.”

Christopher Soghoian, the principal technologist for the American Civil Liberties Union, said history suggests that “over the next couple of years they will expand to more countries, retain data longer and expand the secondary uses.”

Spokesmen for the NSA and the Office of Director of National Intelligence James R. Clapper Jr. declined to confirm or deny expansion plans or discuss the criteria for any change.

Based on RETRO’s internal reviews, the NSA has strong motive to deploy it elsewhere. In the documents and interviews, U.S. officials said RETRO is uniquely valuable when an analyst first uncovers a new name or telephone number of interest.

With up to 30 days of recorded conversations in hand, the NSA can pull an instant history of the subject’s movements, associates and plans. Some other U.S. intelligence agencies also have access to RETRO.

Highly classified briefings cite examples in which the tool offered high-stakes intelligence that would not have existed under traditional surveillance programs in which subjects were identified for targeting in advance. Unlike most of the government’s public claims about the value of controversial programs, the briefings supply names, dates, locations and fragments of intercepted calls in convincing detail.

Present and former U.S. officials, speaking on the condition of anonymity to provide context for a classified program, acknowledged that large numbers of conversations involving Americans would be gathered from the country where RETRO operates.

The NSA does not attempt to filter out their calls, defining them as communications “acquired incidentally as a result of collection directed against appropriate foreign intelligence targets.”

Until about 20 years ago, such incidental collection was unusual unless an American was communicating directly with a foreign intelligence target. In bulk collection systems, which are exponentially more capable than the ones in use throughout the Cold War, calls and other data from U.S. citizens and permanent residents are regularly ingested by the millions.

Under the NSA’s internal “minimization rules,” those intercepted communications “may be retained and processed” and included in intelligence reports. The agency generally removes the names of U.S. callers, but there are several broadly worded exceptions.

An independent group tasked by the White House to review U.S. surveillance policies recommended that incidentally collected U.S. calls and e-mails — including those obtained overseas — should nearly always “be purged upon detection.” Obama did not accept that recommendation.

Vines, in her statement, said the NSA’s work is “strictly conducted under the rule of law.”

RETRO and MYSTIC are carried out under Executive Order 12333, the traditional grant of presidential authority to intelligence agencies for operations outside the United States.

Since August, Sen. Dianne Feinstein (D-Calif.), the chairman of the Senate Intelligence Committee, and others on that panel have been working on plans to assert a greater oversight role for intelligence gathering abroad. Some legislators are now considering whether Congress should also draft new laws to govern those operations.

Experts say there is not much legislation that governs overseas intelligence work.

“Much of the U.S. government’s intelligence collection is not regulated by any statute passed by Congress,” said Timothy H. Edgar, the former director of privacy and civil liberties on Obama’s national security staff. “There’s a lot of focus on the Foreign Intelligence Surveillance Act, which is understandable, but that’s only a slice of what the intelligence community does.”

All surveillance must be properly authorized for a legitimate intelligence purpose, he said, but that “still leaves a gap for activities that otherwise basically aren’t regulated by law because they’re not covered by FISA.”

Beginning in 2007, Congress loosened 40-year-old restrictions on domestic surveillance because so much foreign data crossed U.S. territory. There were no comparable changes to protect the privacy of U.S. citizens and residents whose calls and e-mails now routinely cross international borders.

Vines noted that the NSA’s job is to “identify threats within the large and complex system of modern global communications,” where ordinary people share fiber-optic cables with legitimate intelligence targets.

For Peter Swire, a member of the president’s review group, the fact that Americans and foreigners use the same devices, software and networks calls for greater care to safeguard Americans’ privacy.

“It’s important to have institutional protections so that advanced capabilities used overseas don’t get turned against our democracy at home,” he said.

quote:

Hackers may leak Microsoft spying docs, grant Bill Gates's wish for 'intense debates'

quote:

There's always been a lot of information about your activities. Every phone number you dial, every credit-card charge you make. It's long since passed that a typical person doesn't leave footprints. But we need explicit rules. If you were in a divorce lawsuit 20 years ago, is that a public document on the Web that a nosy neighbor should be able to pull up with a Bing or Google search? When I apply for a job, should my speeding tickets be available? Well, I'm a bus driver, how about in that case? And society does have an overriding interest in some activities, like, "Am I gathering nuclear-weapons plans, and am I going to kill millions of people?" If we think there's an increasing chance of that, who do you trust? I actually wish we were having more intense debates about these things.

quote:

If it's an intense debate about surveillance and the cloud that Gates would like, then the Syrian Electronic Army may be about to grant that wish. SEA has twice hacked Microsoft in 2014, giving Microsoft a red face and a pair of black eyes. SEA hackers warned that Microsoft is "spying on people" and not to "use Microsoft emails (Hotmail, Outlook), They are monitoring your accounts and selling the data to the governments." The pro-Assad hackers vowed to deliver the digital dirt by publishing stolen documents that "prove" Microsoft spies on email for governments.

Shortly thereafter, Microsoft admitted that targeted phishing attacks allowed SEA to steal law enforcement documents.

If Gates really wants an intense debate, that may be about to happen (again) for Microsoft. Yesterday, the Syrian Electronic Army tweeted that it will soon leak the documents showing what Microsoft is paid for email surveillance.

quote:

Why Isn't the Fourth Amendment Classified as Top Secret?

quote:

Notice how much the Fourth Amendment tells our enemies. "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated," it states, "and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

The Framers are usually considered patriots. Yet they gave traitors and criminals in their midst such powerful knowledge about concealing evidence of skullduggery! Today every terrorist with access to a pocket Constitution is privy to the same text. And thanks to the Supreme Court's practice of publishing its opinions, al-Qaeda need only have an Internet connection to gain a very nuanced, specific understanding of how the Fourth Amendment is applied in individual cases, how it constrains law enforcement, and how to exploit those limits.

Such were my thoughts Friday at UCLA Law School, where Stewart Baker, an attorney who worked in the Department of Homeland Security during the Bush Administration, participated in a debate about Edward Snowden. Some of his remarks focused on the NSA whistleblower's professed desire to trigger a debate among Americans, many of whom think it's their right to weigh in on all policy controversies.

Baker disagrees.

quote:

The next step would be obvious. There are ways in which the First, Second, and Fifth Amendments help to inform terrorists too. The same goes for related case law. Think how much less terrorists and criminals alike would know if all constitutional law, indeed all law of any kind, were interpreted before a secret body like the FISA court, rather than in open court where anyone can listen. Until then, our judges and constitutional-law scholars will regularly be putting out information that could be useful to our enemies. Stopping them would create an undemocratic system in which prosecutorial and police abuse would often be essentially undiscoverable and unchallengeable, and would inevitably end in civil liberties abuses of millions of innocents. But if, like Baker, you're not much bothered by mass surveillance of innocents, perhaps that price isn't too high to pay.

quote:

After Snowden, Australia’s cops worry about people using crypto

quote:

Several Australian law enforcement agencies and the Australian Security Intelligence Organization (ASIO) have submitted proposals asking the country's senate for more surveillance power, and state police have even asked that the government move to log its citizens' Web browsing history.

Several months ago, on the heels of revelations that Australian Intelligence had been sharing surveillance information with its partners in foreign nations, the Australian Senate opened an inquiry into whether the country's Telecommunications (Interception and Access) Act of 1979 should be revised to better protect AU citizens' privacy. Unsurprisingly, the ASIO—along with Northern Territory, Western, and Victoria state police—has submitted commentary asking for more data retention and offering little in the way of more privacy protection.

In particular, the ASIO said that Snowden's leaks will make it more difficult for the organization to collect meaningful data about a person, so the organization should be given more leeway to perform its surveillance duties. In its proposal, the ASIO asserted that certain technological advances are detrimental to its spying on bad actors (a refrain that is not often heard, as it's generally accepted that technology is making it easier to spy on citizens).

quote:

Anonymous-OS 0.1 : Anonymous Hackers released their own Operating System

quote:

Anonymous Hackers released their own Operating System with name "Anonymous-OS", is Live is an ubuntu-based distribution and created under Ubuntu 11.10 and uses Mate desktop. You can create the LiveUSB with Unetbootin.

quote:

Update: Another Live OS for anonymity available called "Tails". Which is a live CD or live USB that aims at preserving your privacy and anonymity.It helps you to use the Internet anonymously almost anywhere you go and on any computer:all connections to the Internet are forced to go through the Tor network or to leave no trace on the computer you're using unless you ask it explicitly, or use state-of-the-art cryptographic tools to encrypt your files, email and instant messaging. You can Download Tail from Here

quote:

Facebook Fights Back Against the NSA Spy Machine

Mark Zuckerberg was apparently peeved enough to phone the President when he read recent reports that the NSA was using fake Facebook websites to intercept the social network’s traffic and infect private computers with surveillance software. But Joe Sullivan — the ex-federal prosecutor who now serves as Facebook’s chief security officer — says the company has now steeled its online services so that such a ploy is no longer possible.

“That particular attack is not viable,” the 45-year-old Sullivan told a room full of reporters yesterday at Facebook headquarters in Menlo Park, California. It hasn’t been viable, he explained, since the company rolled out what’s called SSL data encryption for all its web traffic, a process it completed in the summer of last year.

According to outside security researchers, there are still ways of working around Facebook’s encryption. But these methods are much harder to pull off, and Sullivan’s message was clear: The situation around the NSA’s surveillance campaigns isn’t quite as dire as many have painted it. Unlike his counterparts at places like Google and Microsoft, Sullivan says that the ongoing stream of revelations from NSA whistleblower Edward Snowden aren’t really that surprising, and he indicated that the leaked information has changed little about how his company approaches security.

Sullivan’s message stands in contrast to the one Zuckerberg unloaded on his Facebook page after his phoning the President. The Facebook founder expressed extreme frustration over the NSA’s practices, calling for sweeping changes to government policies. But the contrast isn’t that surprising. It very clearly shows the awkward situation that has engulfed companies like Facebook in the wake of Snowden’s revelations, which started tumbling out last summer. The giants of the web are certainly concerned over NSA surveillance — despite indications that they may have been complicit in some ways — and they’re actively fighting against it. But they must also reassure users that the situation is well in hand — that it’s safe to use their services today. This can be a difficult line to walk.

Certainly, the web’s largest operations — including Google, Yahoo, and Microsoft as well as Facebook — have now taken at least the basic steps needed to guard their online traffic against interlopers. Facebook not only uses SSL, or secure sockets layer, encryption to protect all data moving between its computer servers and virtually all of the than 1.2 billion people who use the social networking service. It has also installed technology that uses similarly hefty encryption techniques to protect information that flows between the massive data centers that underpin its online empire. This is just the sort of thing Snowden himself called for last week while appearing via video feed at a conference in Texas.

In using SSL to encode all data sent and received by its million of users, Facebook can indeed thwart the sort of fake-Facebook-server attack discussed in the press last week. As described, these attacks redirected users to NSA websites that looked exactly like Facebook by surreptitiously slipping certain internet addresses into their browsers. SSL encryption provides what is probably “solid” protection against such methods, says Nicholas Weaver, a staff researcher who specializes in network security at the International Computer Science Institute.

Weaver does acknowledge that attackers could compromise Facebook SSL encryption by somehow obtaining or creating fake encryption certificates, but he believes that such attacks are now unlikely. “That is very risky these days,” he says, pointing out that many companies are now on the lookout for such fake certificates.

It’s equally important that Facebook is now encrypting information as it moves between data centers. Documents released by Snowden have shown that the NSA has ways of tapping lines that connect the massive computing centers operated by the likes of Google and Facebook. Sullivan declined to say when Facebook had secured these lines, but he’s now confident this makes it much more difficult for agencies like the NSA to eavesdrop on Facebook data as it travels through network service providers outside of the company’s control. And Weaver agrees. Assuming the company’s encryption devices aren’t sabotaged, he says, the data is secure as it travels across the wire. “You’d need to break into the data center computers or the encryption devices themselves to access that data,” he says.

But Joe Sullivan’s rather sunny view of Facebook security doesn’t tell the whole story. Much of the rest of the web has yet to adopt similar encryption techniques, and there’s still so much we don’t know about what the NSA is capable of. It’s also worth noting that Facebook’s chief security officer sidestepped questions about future threats to the company’s operation, including the possibility of a quantum computer that could break current encryption techniques. In the Post-Snowden age, the giants of the web have certainly increased their security efforts. But there is always more to do.

quote:

Don't Fall For Misleading Story Being Spread By NSA Suggesting Tech Companies Lied About PRISM

quote:

I'm seeing a bunch of folks passing around a story by Spencer Ackerman at The Guardian, claiming that tech companies lied about their "denials" of PRISM. The story is incredibly misleading. Ackerman is one of the best reporters out there on the intelligence community, and I can't recall ever seeing a story that I think he got wrong, but this is one. But the storyline is so juicy, lots of folks, including the usual suspects are quick to pile on without bothering to actually look at the details, insisting that this is somehow evidence of the tech companies lying.

So, let's look at what actually happened.

quote:

Bondsdag gaat activiteiten NSA onderzoeken

De Duitse Bondsdag heeft vandaag besloten tot een parlementair onderzoek naar de activiteiten van de Amerikaanse National Security Agency (NSA) en andere buitenlandse inlichtingendiensten, waaronder het afluisteren van de mobiele telefoon van bondskanselier Angela Merkel.

Zowel de regeringspartijen als de oppositie stemden voor het onderzoek. Daarin wordt gekeken hoe breed en hoe diep de privécommunicatie van Duitsers door de Verenigde Staten en hun bondgenoten in het 'Five Eyes'-netwerk - Groot-Brittannië, Canada, Australië en Nieuw-Zeeland - werd bespioneerd en hoe veel Duitse functionarissen hiervan afwisten.

Het onderzoek begint volgende maand. Oppositielid Hans-Christian Ströbele wil dat ook NSA-klokkenluider Edward Snowden wordt gehoord, ook al zullen de VS daar waarschijnlijk bezwaar tegen makken. Snowden verblijft in Rusland, waar hij tijdelijk asiel heeft gekregen.

Het Duitse openbaar ministerie overweegt nog of het een strafrechtelijk onderzoek zal beginnen tegen de activiteiten van de NSA.

quote:

Hacked emails show what Microsoft charges the FBI for user data

Microsoft often charges the FBI's most secretive division hundreds of thousands of dollars a month to legally view customer information, according to documents allegedly hacked by the Syrian Electronic Army.

The SEA, a hacker group loyal to Syrian President Bashar al-Assad, is best known for hijacking Western media companies' social media accounts. (These companies include the Associated Press, CNN, NPR, and even the Daily Dot.) The SEA agreed to let the Daily Dot analyze the documents with experts before the group published them in full.

The documents consist of what appear to be invoices and emails between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU), and purport to show exactly how much money Microsoft charges DITU, in terms of compliance costs, when DITU provides warrants and court orders for customers' data.

In December 2012, for instance, Microsoft emailed DITU a PDF invoice for $145,100, broken down to $100 per request for information, the documents appear to show. In August 2013, Microsoft allegedly emailed a similar invoice, this time for $352,200, at a rate of $200 per request. The latest invoice provided, from November 2013, is for $281,000.

None of the technologists or lawyers consulted for this story thought that Microsoft would be in the wrong to charge the FBI for compliance, especially considering it's well within the company's legal right to charge "reasonable expenses." Instead, they said, the documents are more of an indication of just how frequently the government wants information on customers. Some of the DITU invoices show hundreds of requests per month.

For ACLU Principal Technologist Christopher Soghoian, the documents reiterated his stance that charging a small fee is a positive, in part because it creates more of a record of government tracking. In 2010, Soghoian actually chided Microsoft for not charging the Drug Enforcement Agency for turning over user records when instructed to by courts, noting that companies like Google and Yahoo did.

Nate Cardozo, a staff attorney for the Electronic Frontier Foundation, agreed, and told the Daily Dot the government should be transparent about how much it pays.

"Taxpayers should absolutely know how much money is going toward this," he said.

Compared with the National Security Agency, which has seen many of its programs exposed by former systems analyst Edward Snowden, DITU has a low profile. But it runs in the same circles. Multiple law enforcement and technology industry representatives described DITU to Foreign Policy as the FBI's liaison to the U.S.'s tech companies, and the agency's equivalent to the NSA.

To that note, DITU is mentioned as a little-noticed detail from Snowden slides that detail the NSA's notorious PRISM program, which allows it to collect users' communications from nine American tech companies, including Microsoft. One slide explicitly mentions DITU's role in getting data from those companies.

PRISM screengrab via freesnowden.is

It's impossible to fully verify the documents' authenticity without confirmation from someone with direct knowledge of Microsoft and DITU compliance practices, and those parties refused to comment. But there are multiple signs that indicate the documents are legitimate.

"I don’t see any indication that they’re not real," Cardozo said. "If I was going to fake something like this, I would try to fake it up a lot more sensational than this."

That the SEA twice attacked Microsoft with a phishing attack before leaking these documents is well documented. On Jan. 11, the day of the second attack, the SEA hijacked the company's blog and Twitter account. One representative told the Verge that day that it was part of a bigger plan: "We are making some distraction for Microsoft employees so we can success in our main mission," the hacker said.

In a blog post nearly two weeks later, Microsoft admitted: "[W]e have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen."

A source familiar with several of the email addresses of the Microsoft employees in the emails confirmed the addresses were authentic.

When reached for comment, the company reiterated its stance that it complies with government demands as required by law. A spokesperson added that "as pursuant to U.S. law, Microsoft is entitled to seek reimbursement for costs associated with compliance with a valid legal demands. ... To be clear, these reimbursements cover only a portion of the costs we actually incur to comply with legal orders."

A spokesperson for the FBI declined to comment and deferred questions to Microsoft, "given that SEA claims to have stolen the documents" from there.

Indeed, there's plenty of history for communications companies charging compliance costs for cooperating with intelligence agencies' request for people's information. The CIA pays AT&T more than $10 million annually for access to its phone records, government officials told the New York Times. The Guardian, referencing other documents provided by Snowden, has reported that the NSA paid millions to Microsoft and the other eight companies used in PRISM for compliance costs.

Only the earliest of the Microsoft invoices provided by the SEA, dated May 10, 2012, breaks down requests by type of legal request, and it shows them to all explicitly come legally, though nothing in the documents indicates the later invoices refer to illegal surveillance. User information by a subpoena costs $50, a court order $75, and a search warrant $100. The requests come from FBI offices all around the U.S.



Later invoices to DITU don't break down requests to subpoena and court order, though the format is otherwise similar, and costs begin to rise to $100 and $200 per request.

And though the costs vacillate slightly depending on the invoice, they appear to be roughly in line with industry standards. Ashkan Soltani, who coauthored a Yale study on how much it costs agencies like the FBI to track targets by tapping phone companies for their cellphone locations, said that the range of costs seen in the SEA documents—$50 to $200 per order to Microsoft—"did seem a fair cost."

The invoices don't make explicit the exact type of information Microsoft charges DITU to provide, which may account for the price changes.

The biggest suspicion espoused by the experts we spoke with was just how apparently easy it was for the SEA to acquire this sort of information. If the documents aren't forged, that means Microsoft and the FBI simply email invoices and references to a presumably classified process.

"I’m surprised that they’re doing it by email," Soltani said. "I thought it would be a more secure system."

quote:

NSA hacks system administrators, new leak reveals

In its quest to take down suspected terrorists and criminals abroad, the United States National Security Agency has adopted the practice of hacking the system administrators that oversee private computer networks, new documents reveal.

The Intercept has published a handful of leaked screenshots taken from an internal NSA message board where one spy agency specialist spoke extensively about compromising not the computers of specific targets, but rather the machines of the system administrators who control entire networks.

Journalist Ryan Gallagher reported that Edward Snowden, a former sys admin for NSA contractor Booz Allen Hamilton, provided The Intercept with the internal documents, including one from 2012 that’s bluntly titled “I hunt sys admins.”

According to the posts — some labeled “top secret” — NSA staffers should not shy away from hacking sys admins: a successful offensive mission waged against an IT professional with extensive access to a privileged network could provide the NSA with unfettered capabilities, the analyst acknowledged.

“Who better to target than the person that already has the ‘keys to the kingdom’?” one of the posts reads.

“They were written by an NSA official involved in the agency’s effort to break into foreign network routers, the devices that connect computer networks and transport data across the Internet,” Gallagher wrote for the article published late Thursday. “By infiltrating the computers of system administrators who work for foreign phone and Internet companies, the NSA can gain access to the calls and emails that flow over their networks.”

Since last June, classified NSA materials taken by Snowden and provided to certain journalists have exposed an increasing number of previously-secret surveillance operations that range from purposely degrading international encryption standards and implanting malware in targeted machines, to tapping into fiber-optic cables that transfer internet traffic and even vacuuming up data as its moved into servers in a decrypted state.

The latest leak suggests that some NSA analysts took a much different approach when tasked with trying to collect signals intelligence that otherwise might not be easily available. According to the posts, the author advocated for a technique that involves identifying the IP address used by the network’s sys admin, then scouring other NSA tools to see what online accounts used those addresses to log-in. Then by using a previously-disclosed NSA tool that tricks targets into installing malware by being misdirected to fake Facebook servers, the intelligence analyst can hope that the sys admin’s computer is sufficiently compromised and exploited.

Once the NSA has access to the same machine a sys admin does, American spies can mine for a trove of possibly invaluable information, including maps of entire networks, log-in credentials, lists of customers and other details about how systems are wired. In turn, the NSA has found yet another way to, in theory, watch over all traffic on a targeted network.

“Up front, sys admins generally are not my end target. My end target is the extremist/terrorist or government official that happens to be using the network some admin takes care of,” the NSA employee says in the documents.

When reached for comment by The Intercept, NSA spokesperson Vanee Vines said that, “A key part of the protections that apply to both US persons and citizens of other countries is the mandate that information be in support of a valid foreign intelligence requirement, and comply with US Attorney General-approved procedures to protect privacy rights.”

Coincidentally, outgoing-NSA Director Keith Alexander said last year that he was working on drastically cutting the number of sys admins at that agency by upwards of 90 percent — but didn’t say it was because they could be exploited by similar tactics waged by adversarial intelligence groups. Gen. Alexander’s decision came just weeks after Snowden — previously one of around 1,000 sys admins working on the NSA’s networks, according to Reuters — walked away from his role managing those networks with a trove of classified information.

quote:

British intelligence watchdog is like Yes Prime Minister, says MP

Spy services' monitor has staff of just two and was bewildered by Snowden affair

Britain's intelligence services had a system of oversight no better than that seen in the TV comedy Yes, Prime Minister, an MP said on Tuesday during a meeting of a Commons committee.

Julian Huppert, a Liberal Democrat, said the sitcom depicting ineffectual government was an appropriate comparison after it emerged that the intelligence services commissioner appearing before MPs worked only part-time, and operated with only one other staff member.

Huppert said: "Can I come back to this comparison between Britain and the US? I presume you are both familiar with Yes, Prime Minister. There is a line there where it says, 'Good Lord, no. Any hint of suspicion, you hold a full inquiry, have a chap straight out for lunch, ask him straight out if there is anything in it and if he says no, you have got to trust a chap's word'."

Other MPs on the home affairs select committee also questioned Sir Mark Waller, the intelligence services commissioner, as to whether there was adequate political and legal oversight of MI5, MI6 and the surveillance agency GCHQ, and suggested the existing system was not robust enough.

Waller, a former judge, had initially refused to attend the committee but had to relent after being summoned. But he told MPs that he thought he had adequate resources to do his job.

Keith Vaz, the committee chairman, said Waller was clearly a "decent man" but questioned whether there was a need for a full-time commissioner, with a bigger staff with more powers.

Waller disagreed, saying that the prospect of a former judge scrutinising applications for warrants was sufficient to ensure that the intelligences agencies behaved properly. He added that he admired the agencies' "ethos" and that a bigger bureaucracy could have a detrimental effect, interfering with the important work of the intelligence agencies.

The intelligence service commissioner oversees the "lawful use of intrusive powers" – surveillance as it is used by the intelligence agencies. Waller also revealed that 1,700 warrants were issued last year. He estimated he checked about 6% of them to ensure they complied with the law.

The committee is investigating counter-terrorism but its hearings have become increasingly dominated by the revelations by the whistleblower Edward Snowden about the extent of mass surveillance and whether there is sufficient political and legal oversight.

Waller had been in the job 18 months when he heard about the Snowden revelations last summer. His response, he said, was: "Crikey."

His initial fear had been that he had been duped by the intelligence agencies. "I wanted to know if I had been spoofed for 18 months," Waller said.

Waller, who looked ill at ease during much of the questioning, said he had gone to see GCHQ to see if there was anything to the allegations. He saw the deputy chief of the GCHQ and was satisfied the allegations were without foundation.

Vaz said: "And how did you satisfy yourself? It seems from your comment that you had a discussion with them."

Waller replied: "Certainly."

Vaz said: "You heard what they had to say."

Waller replied: "Certainly."

Vaz probed further: "And you accepted what they had to say?"

Waller: "Certainly."

"Is that it?" asked Vaz.

"Certainly," replied Waller.

Vaz added: "Just a discussion?"

Waller: "Certainly."

Vaz, in conclusion, said: "And that's the way you were satisfied that there was no circumventing UK law. You went down, you went to see them, you sat round the table, you had a chat?

Waller replied: "You've got to remember that I've done a whole period – a year and a half's inspection. I have got a very good idea as to what the ethos of this agency is. They know perfectly well that they have had to make out their case and the legality of their case, etc, and I have absolutely, clearly, accepted it."

The committee also heard BT has refused to deny it has handed over data on millions of customers in bulk to government agencies, such as GCHQ, a group of MPs has been told.

Big Brother Watch director Nick Pickles told the committee BT had provided "no substantive answer" to the question of whether they had handed over masses of customer data to the UK government.

Pickles told MPs he feared BT was providing data under section 94 of the Telecommunications Act, which gives the secretary of state broad powers to demand information from an individual or organisation in the interests of national security.

Waller was followed on the witness list by Conservative MP David Davis, who has long questioned the extent of surveillance and called for increased political oversight. Asked about the role of Waller and Sir Anthony May, the interception of communications commissioner, who also acts as a watchdog and recently gave evidence to the committee, Davis said: "I think the commissioners are good people doing impossible jobs." Davis called for a beefed-up intelligence committee that was chosen by the Commons.

quote:

Op zaterdag 22 maart 2014 14:49 schreef meth1745 het volgende:
Doe zo voort, Papierversnipperaar!

quote:

Op zaterdag 22 maart 2014 17:25 schreef gebrokenglas het volgende:

[..]

Inderdaad, tof dat iemand de informatie hieromtrent bijhoudt en aanvult.

quote:

'NSA bespioneerde leiding en telecombedrijven China'

De Amerikaanse geheime dienst NSA heeft de voormalige Chinese president Hu Jintao en Chinese banken en telecombedrijven bespioneerd. Dat blijkt uit documenten van de voormalige NSA-medewerker Edward Snowden, aldus de Amerikaanse krant The New York Times en het Duitse weekblad Der Spiegel.

De NSA had het vooral gemunt op de Chinese telecomgigant Huawei. De Amerikanen vreesden dat Huawei het Chinese leger en door Peking gesteunde hackers zou helpen bij het stelen van geheime informatie van Amerikaanse bedrijven en de Amerikaanse regering. De NSA ondernam daarom in 2009 zelf actie tegen Huawei. Het lukte de spionagedienst om in het computernetwerk van Huawei te infiltreren en documenten te kopiëren.

quote:

Some facts about how NSA stories are reported

quote:

Several members of the august “US Journalists Against Transparency” club are outraged by revelations in yesterday’s New York Times (jointly published by der Spiegel) that the NSA has been hacking the products of the Chinese tech company Huawei as well as Huawei itself at exactly the same time (and in exactly the same way) as the US Government has been claiming the Chinese government hacks. Echoing the script of national security state officials, these journalists argue that these revelations are unjustified, even treasonous, because this is the type of spying the NSA should be doing, and disclosure serves no public interest while harming American national security, etc. etc.

True to form, however, these beacons of courage refuse to malign the parties that actually made the choice to publish these revelations – namely, the reporters and editors of the New York Times – and instead use it to advance their relentless attack on Edward Snowden. To these journalists, there are few worse sins than “stealing” the secrets of the US government and leaking them to the press (just as was true in the WikiLeaks case, one must congratulate the US Government on its outstanding propaganda feat of getting its journalists to lead the war on those who bring transparency to the nation’s most powerful factions). But beyond the abject spectacle of anti-transparency journalists, these claims are often based on factually false assumptions about how these stories are reported, making it worthwhile once again to underscore some of the key facts governing this process:

quote:

Is Revealing Secrets Akin to Drunk Driving? Intelligence Official Says So

quote:

Former NSA Director: 'Shame On Us'

quote:

In a SPIEGEL interview, former NSA director Michael Hayden, 69, discusses revelations of US spying on Germany made public in documents leaked by Edward Snowden, surveillance against German leaders and tensions between Berlin and Washington.

quote:

Rep. Mike Rogers Says Snowden’s To Blame For Russia’s Aggressive Actions Against Ukraine

quote:

House Intelligence Committee Chairman Mike Rogers said Sunday former National Security Agency contractor and fugitive Edward Snowden is “actually supporting in an odd way this very activity of brazen brutality and expansionism of Russia. He needs to understand that. And I think Americans need to understand that….”

quote:

6 Anti-NSA Technological Innovations That May Just Change the World

quote:

Rather than grovel and beg for the U.S. government to respect our privacy, these innovators have taken matters into their own hands, and their work may change the playing field completely.

People used to assume that the United States government was held in check by the constitution, which prohibits unreasonable searches and seizures and which demands due process in criminal investigations, but such illusions have evaporated in recent years. It turns out that the NSA considers itself above the law in every respect and feels entitled to spy on anyone anywhere in the world without warrants, and without any real oversight. Understandably these revelations shocked the average citizen who had been conditioned to take the government’s word at face value, and the backlash has been considerable. The recent “Today We Fight Back” campaign to protest the NSA’s surveillance practices shows that public sentiment is in the right place. Whether these kinds of petitions and protests will have any real impact on how the U.S. government operates is questionable (to say the least), however some very smart people have decided not to wait around and find out. Instead they’re focusing on making the NSA’s job impossible. In the process they may fundamentally alter the way the internet operates.

quote:

Put all these technologies together and what we see emerging is a new paradigm of communications where decentralized networks replace massive servers, and where social media giants like Facebook and Google may very well go the way of the dinosaur myspace. If you can’t beat them at their game, make their game irrelevant.

quote:

The House's NSA bill could allow more spying than ever. You call this reform?

Congress' serial fabricator has the audacity to call his new law the 'End Bulk Collection Act'. Obama's proposal isn't much better

^{Trevor Timm
theguardian.com, Tuesday 25 March 2014 13.07 GMT}

he White House and the House Intelligence Committee leaked dueling proposals last night that are supposedly aimed at ending the mass collection of all Americans’ phone records. But the devil is in the details, and when it comes to the National Security Agency’s unique ability to twist and distort the English language, the devil tends to wrap his horns around every word.

The House proposal, to be unveiled this morning by Reps Mike Rogers and Dutch Ruppersberger, is the more worrying of the two. Rogers has been the NSA’s most ardent defender in Congress and has a long history of distorting the truth and practicing in outright fabrication, whether in touting his committee’s alleged “oversight” or by way of his attempts to impugn the motives of the once again vindicated whistleblower who started this whole reform debate, former NSA contractor Edward Snowden.

As a general rule, whenever Mike Rogers (not to be confused with incoming NSA director Michael Rogers) claims a bill does something particular – like, say, protect your privacy – it's actually a fairly safe assumption that the opposite will end up true. His new bill seems to have the goal of trading government bulk collection for even more NSA power to search Americans’ data while it sits in the hands of the phone companies.

While the full draft of the bill isn’t yet public, the Guardian has seen a copy, and its description does not inspire confidence. Under the Rogers and Ruppersberger proposal, slyly named the “End Bulk Collection Act”, the telephone companies would hold on to phone data. But the government could search data from those companies based on "reasonable articulable suspicion" that someone is an agent of a foreign power, associated with an agent of a foreign power, or "in contact with, or known to, a suspected agent of a foreign power". The NSA’s current phone records program is restricted to a reasonable articulable suspicion of terrorism.

A judge would reportedly not have to approve the collection beforehand, and the language suggests the government could obtain the phone records on citizens at least two “hops” away from the suspect, meaning if you talked to someone who talked to a suspect, your records could be searched by the NSA. Coupled with the expanded “foreign power” language, this kind of law coming out of Congress could, arguably, allow the NSA to analyze more data of innocent Americans than it could before.

President Obama’s reported proposal sounds more promising, though we have even fewer details than the Intelligence Committee proposal. The administration’s plan would supposedly end the collection of phone records by the NSA, without requiring a dangerous new data retention mandate for the phone companies, while restricting analysis to the current rules around terrorism and, importantly, still requiring a judge to sign off on each phone-record search made to the phone companies – under what the New York Times described as "a new kind of court order".

This phone plan, apparently, represents Obama coming full-circle as his self-imposed deadline on NSA reform arrives Friday, when the court order authorizing bulk collection runs out. But there’s no indication that the president's plan would stop other types of bulk collection – such as internet or financial records – and there’s still a big question about what the NSA could do with the data they receive on innocent people two "hops" away from a suspect.

Critically, neither proposal touches the NSA’s under-reported and incredibly dangerous “corporate store”, at least that we know of. For years, the NSA has been allowed to search phone numbers up to three “hops” away from suspect, so long as it had “reasonable articulable suspicion” that the suspect was involved in terrorism. This was recently ratcheted down to two hops, but the hop-scotching method inevitably pulled millions of innocent people into the NSA’s dragnet.

The NSA insisted the database was only used for that sole purpose of monitoring someone within a couple degrees of separation from a suspect. However, it was only revealed recently that the NSA then dumps all of those numbers and connections – even those three hops away – into another database called “the corporate store”, where the NSA can do further analysis of your information and doesn't need “reasonable articulable suspicion” for anything. The Foreign Intelligence Surveillance Court has also exempted the corporate store from audit requirements about how often the vast database is searched.

The American Civil Liberties Union puts it like this:

. If, for some reason, your phone number happens to be within three hops of an NSA target, all of your calling records may be in the corporate store, and thus available for any NSA analyst to search at will.


This is bulk collection at its worst, and these new reforms aren't nearly good enough.

Rep James Sensenbrenner’s bill, the USA Freedom Act, would make a much stronger and more comprehensive bill than either new proposal – at least for those interested in real NSA reform. Sensenbrenner, who originally wrote the Patriot Act provision that the NSA re-interpreted in secret, called the House Intelligence proposal "a convoluted bill that accepts the administration's deliberate misinterpretations of the law". Although, even his bill could be strengthened to ensure bulk collection of Americans' records is no longer an option for the NSA, or any other government agency.

In the end, there's a simple way to stop all forms of bulk collection and mass surveillance: write a law expressly prohibiting it.

quote:

Petities VS eisen dat Edward Snowden niet vervolgd wordt

quote:

Aanhangers van de voormalige NSA-medewerker Edward Snowden hebben vandaag twee petities met meer dan 100.000 handtekeningen bij het Amerikaanse ministerie van Justitie afgeleverd. Ze eisen dat de klokkenluider, die het spionageprogramma van de Amerikaanse inlichtingendiensten heeft onthuld, zijn reispas terugkrijgt en in het buitenland niet verder vervolgd wordt.

quote:

'Britse regering wilde The Guardian sluiten'

quote:

De Britse regering heeft vorige zomer gedreigd The Guardian te sluiten als de krant zou doorgaan met onthullingen over de werkwijze van geheime diensten. Dat heeft adjunct-hoofdredacteur Paul Johnson van The Guardian gezegd in Dublin, meldde The Irish Times vandaag.

quote:

Nieuw sociaal netwerk MyApollo moet NSA-proof zijn

quote:

Bij Arroware in het Canadese Burlington werken ze al twee jaar aan een nieuw sociaal netwerk, dat zich van andere onderscheidt omdat het de bescherming van de privacy van zijn gebruikers als hoogste goed beschouwt. De zorgen over het schier eindeloze gegraai van data door de Amerikaanse spionagedienst NSA heeft internetters bewust gemaakt van hoe onbeschermd hun gegevens zijn, denkt oprichter en directeur Harvey Medcalf. MyApollo is deze week van start gegaan en de 27-jarig Medcalf doet een rondje Europa om de nieuwe dienst aan te prijzen.

'We zijn anders omdat we je foto's, documenten en berichten niet op centrale servers opslaan zoals Facebook of Google', legt Medcalf uit. MyApollo is gebaseerd op peer-to-peer-technologie, waarbij datapakketjes versleuteld en in losse brokjes over internet worden verstuurd. Elke computer die zich aansluit op zo'n netwerk levert een deel van de verbindingen en opslag die nodig zijn voor het dataverkeer, maar er is geen groot, centraal en kwetsbaar middelpunt.

quote:

Ruim 120 regeringsleiders spionagedoelwit van NSA

quote:

Meer dan 120 regeringsleiders en staatshoofden waren in ieder geval tot 2009 spionagedoelwit voor de Amerikaanse inlichtingendienst NSA. Alleen al over de Duitse bondskanselier Angela Merkel heeft de dienst meer dan 300 documenten bewaard.

quote:

Microsoft will no longer look through your Hotmail to investigate leaks

Company will call in law enforcement when privacy is at stake.

Amid widespread privacy concerns in the wake of a leak investigation, Microsoft has announced a change in the way it handles private customer accounts. Under the new policy, effective immediately, any investigation that suggests that Microsoft's services have been used to traffic stolen Microsoft intellectual property will no longer result in Microsoft accessing private account information. Instead, the investigation will be handed over to law enforcement agencies, and it will be for those agencies to demand access to necessary private information.

Microsoft general counsel Brad Smith also said that the company's terms of service will be updated to reflect this new policy in coming months.

Court documents last week revealed that Microsoft read private Hotmail e-mails of a blogger who received secret information from a disgruntled employee. Microsoft's terms of service, in common with those of Yahoo, Google, and Apple, give the company the legal right to access private information for such investigations. Nonetheless, the lack of transparency and oversight caused widespread alarm.

In the immediate aftermath of the outcry, Redmond announced that in the future, it would seek input from a former judge to determine whether accessing private data was justified and would include the number of such accesses in its periodic transparency reports.

The newly announced policy goes much further: now, any investigation that reveals the use of Microsoft's own services will be held to exactly the same legal and evidential standard as investigations that reveal the use of non-Microsoft services and the same oversight and transparency as Microsoft and others are demanding to be used in government investigations.

This is a solid response from the company and perhaps reflects the way attitudes have changed since the 2012 investigation. The question of access to personal data stored on cloud services has become a major concern in the wake of Edward Snowden's NSA leaks. The old policy may not have been exceptional, but it took an approach that's no longer palatable to many of today's customers.

quote:

NSA revelations 'changing how businesses store sensitive data'

Survey suggests many firms choosing more secure forms of storage over 'cloud computing' in light of Snowden's disclosures

The vast scale of online surveillance revealed by Edward Snowden is changing how businesses store commercially sensitive data, with potentially dramatic consequences for the future of the internet, according to a new study.

A survey of 1,000 business leaders from around the world has found that many are questioning their reliance on "cloud computing" in favour of more secure forms of data storage as the whistleblower's revelations continue to reverberate.

The moves by businesses mirror efforts by individual countries, such as Brazil and Germany, which are encouraging regional online traffic to be routed locally rather than through the US, in a move that could have a big impact on US technology companies such as Facebook and Google.

Daniel Castro, a senior analyst at the Information Technology and Innovation Foundation, said the study confirmed "anecdotal evidence that suggests US tech firms are going to be hit hard in the coming years by a global backlash against technology 'made in America'".

"The Snowden revelations have led to a paradigm shift in how IT decision-makers buy technology," he said. "Now companies are not just competing on price and quality, they are also competing on geography. This might be the final nail in the coffin for the vision of a global, borderless internet."

Ian Brown, from the Oxford Internet Institute, said the survey revealed a significant level of concern among business leaders: "We'll have to see over the next year how much impact this type of reaction has on the bottom line of US tech companies, but it will give them even more incentive to put pressure on the Obama administration and US Congress for significant surveillance reform."

The survey of 1,000 information and communications technology decision-makers from France, Germany, Hong Kong, the UK and the US was carried out by NTT Communications. It found that, following the Snowden revelations, almost 90% had changed the way they use the cloud – a storage service that allows data to be accessed from anywhere in the world but which is more susceptible to online surveillance.

The study also found that almost a third of those questioned were moving their company's data to locations where they "know it will be safe", and 16% said they had delayed or cancelled their contracts with cloud service providers.

Len Padilla, from NTT Communications in Europe, said: "Our findings show that the NSA allegations have hardened ICT decision-makers' attitudes towards cloud computing, whether it is modifying procurement policies, scrutinising potential suppliers or taking a heightened interest in where their data is stored."

The Guardian, and some of the world's other major media organisations, began disclosing details of the extent and reach of mass surveillance programmes run by Britain's eavesdropping centre, GCHQ, and its US equivalent, the National Security Agency, last year.

US technology firms have repeatedly raised concerns about the impact of the NSA revelations on their ability to operate around the world, and earlier this month Facebook's founder, Mark Zuckerberg, and Eric Schmidt, executive chairman of Google, met President Barack Obama to voice their concerns about the commercial impact of government surveillance programmes.

But Castro warned that it was not just the global firms that are being affected in the US. "This isn't something that just the big players have to worry about, it's the start-ups and mid-size companies too – across the board this backlash is going to hurt their bottom line."

And Brown said that pressure is now likely to be felt by the other governments as more businesses attempt to protect their data.

"As the US limits its own mass surveillance programmes, US firms will no doubt be asking pointed questions about the continuing surveillance activities of European and other governments," he said.

quote:

'NSA verzamelt 6 miljard metadata per dag'

De Amerikaanse geheime dienst NSA verzamelt 6 miljard metadata per dag. Daarbij gaat het om gegevens wie wanneer met wie belt, chat of e-mailt. Dat hebben journalisten van het Duitse weekblad Der Spiegel gemeld bij de presentatie van hun boek Der NSA-Komplex (Het NSA-complex).

Voor de publicatie hebben zij documenten geanalyseerd van klokkenluider Edward Snowden. De Amerikanen willen in kaart brengen wie contact heeft met wie en leggen daarvoor 'een puzzle met 100.000 delen', aldus een van de auteurs.

quote:

Exclusive: NSA infiltrated RSA security more deeply than thought - study

(Reuters) - Security industry pioneer RSA adopted not just one but two encryption tools developed by the U.S. National Security Agency, greatly increasing the spy agency's ability to eavesdrop on some Internet communications, according to a team of academic researchers.

Reuters reported in December that the NSA had paid RSA $10 million to make a now-discredited cryptography system the default in software used by a wide range of Internet and computer security programs. The system, called Dual Elliptic Curve, was a random number generator, but it had a deliberate flaw - or "back door" - that allowed the NSA to crack the encryption.

A group of professors from Johns Hopkins, the University of Wisconsin, the University of Illinois and elsewhere now say they have discovered that a second NSA tool exacerbated the RSA software's vulnerability.

The professors found that the tool, known as the "Extended Random" extension for secure websites, could help crack a version of RSA's Dual Elliptic Curve software tens of thousands of times faster, according to an advance copy of their research shared with Reuters.

While Extended Random was not widely adopted, the new research sheds light on how the NSA extended the reach of its surveillance under cover of advising companies on protection.

RSA, now owned by EMC Corp, did not dispute the research when contacted by Reuters for comment. The company said it had not intentionally weakened security on any product and noted that Extended Random did not prove popular and had been removed from RSA's protection software in the last six months.

"We could have been more skeptical of NSA's intentions," RSA Chief Technologist Sam Curry told Reuters. "We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure."

Curry declined to say if the government had paid RSA to incorporate Extended Random in its BSafe security kit, which also housed Dual Elliptic Curve.

An NSA spokeswoman declined to comment on the study or the intelligence agency's motives in developing Extended Random.

The agency has worked for decades with private companies to improve cybersecurity, largely through its Information Assurance Directorate. After the 9/11 attacks, the NSA increased surveillance, including inside the United States, where it had previously faced strict restrictions.

Documents leaked by former NSA contractor Edward Snowden showed that the agency also aimed to subvert cryptography standards. A presidential advisory group in December said that practice should stop, though experts looking at the case of Dual Elliptic Curve have taken some comfort in concluding that only the NSA could likely break it.

"It's certainly well-designed," said security expert Bruce Schneier, a frequent critic of the NSA. "The random number generator is one of the better ones."

RANDOM NUMBERS

Cryptography experts have long been suspicious of Dual Elliptic Curve, but the National Institute of Standards and Technology and RSA only renounced the technology after Snowden leaked documents about the back door last year.

That was also when the academic team set out to see if they could break Dual Elliptic Curve by replacing two government-issued points on the curve with their own. The professors plan to publish a summary of their study this week and present their findings at a conference this summer.

Random numbers are used to generate cryptographic keys - if you can guess the numbers, you can break the security of the keys. While no random number generator is perfect, some generators were viewed as more predictable than others.

In a Pentagon-funded paper in 2008, the Extended Random protocol was touted as a way to boost the randomness of the numbers generated by the Dual Elliptic Curve.

But members of the academic team said they saw little improvement, while the extra data transmitted by Extended Random before a secure connection begins made predicting the following secure numbers dramatically easier.

"Adding it doesn't seem to provide any security benefits that we can figure out," said one of the authors of the study, Thomas Ristenpart of the University of Wisconsin.

Johns Hopkins Professor Matthew Green said it was hard to take the official explanation for Extended Random at face value, especially since it appeared soon after Dual Elliptic Curve's acceptance as a U.S. standard.

"If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline," Green said.

The NSA played a significant role in the origins of Extended Random. The authors of the 2008 paper on the protocol were Margaret Salter, technical director of the NSA's defensive Information Assurance Directorate, and an outside expert named Eric Rescorla.

Rescorla, who has advocated greater encryption of all Web traffic, works for Mozilla, maker of the Firefox web browser. He and Mozilla declined to comment. Salter did not respond to requests for comment.

Though few companies appear to have embraced Extended Random, RSA did. The company built in support for the protocol in BSafe toolkit versions for the Java programming language about five years ago, when a preeminent Internet standards group - the Internet Engineering Task Force - was considering whether to adopt Extended Random as an industry standard. The IETF decided in the end not to adopt the protocol.

RSA's Curry said that if Dual Elliptic Curve had been sound, Extended Random would have made it better. "When we realized it was not likely to become a standard, we did not enable it in any other BSafe libraries," he added.

The academic researchers said it took about an hour to crack a free version of BSafe for Java using about $40,000 worth of computer equipment. It would have been 65,000 times faster in versions using Extended Random, dropping the time needed to seconds, according to Stephen Checkoway of Johns Hopkins.

The researchers said it took them less than 3 seconds to crack a free version of BSafe for the C programming language, even without Extended Random, because it already transmitted so many random bits before the secure connection began. And it was so inexpensive it could easily be scaled up for mass surveillance, the researchers said.

quote:

Revelations of N.S.A. Spying Cost U.S. Tech Companies

quote:

SAN FRANCISCO — Microsoft has lost customers, including the government of Brazil.

IBM is spending more than a billion dollars to build data centers overseas to reassure foreign customers that their information is safe from prying eyes in the United States government.

And tech companies abroad, from Europe to South America, say they are gaining customers that are shunning United States providers, suspicious because of the revelations by Edward J. Snowden that tied these providers to the National Security Agency’s vast surveillance program.

quote:

Brazil and the European Union, which had used American undersea cables for intercontinental communication, last month decided to build their own cables between Brazil and Portugal, and gave the contract to Brazilian and Spanish companies. Brazil also announced plans to abandon Microsoft Outlook for its own email system that uses Brazilian data centers.

quote:

NSA Blows Its Own Top Secret Program in Order to Propagandize

quote:

Over the last 40 years, the U.S. government has relied on extreme fear-mongering to demonize transparency. In sum, every time an unwanted whistleblower steps forward, we are treated to the same messaging: You’re all going to die because of these leakers and the journalists who publish their disclosures! Lest you think that’s hyperbole, consider this headline from last week based on an interview with outgoing NSA chief Keith Alexander:

quote:

But whenever it suits the agency to do so–meaning when it wants to propagandize on its own behalf–the NSA casually discloses even its most top secret activities in the very countries where such retaliation is most likely.

quote:

Leave aside how corrupted this rationale is: It would mean that no bad acts of the U.S. government should ever be reported, lest those disclosures make people angry and want to attack government agents. Indeed, that is the rationale that the Obama administration used to protect evidence of Bush-era torture from disclosure (to disclose torture photos, Obama said, would be to further inflame anti-American opinion and to put our troops in greater danger).

What is so extraordinary is that the NSAat exactly the same time it is telling news organizations that disclosing its collect-it-all activities will endanger its personnelruns to its favorite L.A. Times reporter and does exactly that, for no reason other than to make itself look good and to justify these activities. (Absolutely invaluable, retired Gen. David H. Petraeus, the former U.S. commander in Iraq, said.)

quote:

Inlichtingenbaas geeft voor het eerst spionage Amerikanen toe

quote:

Voor het eerst heeft James Clapper, het hoofd van de gezamenlijke Amerikaanse inlichtingendiensten, toegegeven dat analisten van de NSA naar gegevens hebben gezocht die betrekking hebben op Amerikanen. Dat schrijft The Washington Post.

quote:

Germany opens hearings on U.S. spying

BERLIN – A chapter in transatlantic relations that Washington would sooner forget got a new lease on life Thursday as German lawmakers opened their first parliamentary hearings into the Edward Snowden scandal.

Revelations of large-scale U.S. spying on Germans, up to and including Chancellor Angela Merkel, prompted an initial wave of outrage here last year. But now, the lengthy committee investigations could keep the spotlight on leaks by the former NSA contractor for a year or two to come.

The hearings also have the potential to provoke further antipathy. Indeed, a number of lawmakers here are now demanding safe passage to Berlin for Snowden — who is living in self-imposed exile in Moscow — to testify before the eight-person committee. Any such move would likely outrage the United States, which is seeking to take Snowden into custody.

Given the potential for angering Washington, analysts believe Merkel’s government will find a way to sidestep such a move. Nevertheless, the push to give Snowden his day here serves as another reminder that, even as the scandal appears to be dissipating in other parts of Europe, it remains at the top of the agenda in Germany.

“Mass surveillance of citizens will not be accepted,” Clemens Binninger, committee chairman from Merkel’s center-right Christian Democratic Union, said at the start of the hearings Thursday.

The committee is set to call dozens of witnesses and review piles of documents. But even its members appear to concede the limits of their effort, which is likely to be hampered by an anticipated lack of full cooperation by U.S. officials. It suggests that the hearings are being called at least in part for national catharsis and as an outlet for German rage.

Parliament’s airing of the evidence began Thursday, even as fresh revelations continue to stoke public anger. In recent days, Germany’s Der Spiegel magazine published further details from the Snowden leaks, including evidence of an NSA dossier on Merkel that allegedly included more than 300 intelligence reports. Though U.S. snooping on Merkel is not new, the reports served as a continuing reminder for an already-bitter German public.

In addition, the magazine documented the infiltration of German Internet firms by the British secret service, fueling an ever-expanding plot line here that the Americans were not the only friends eavesdropping on German targets. Indeed, outrage from the Snowden scandal has been far more muted in some parts of Europe, in part because of assumptions by the British, French and other Europeans that their own secret services are not wholly innocent either.

A growing sense of intelligence vulnerabilities here has generated an intensifying debate over whether Germany should begin to beef up its own intelligence operations, targeting allies and non-allies alike. Given Germany’s typical post-World War II knee-jerk reaction against anything that could be seen as provocative or aggressive, however, analysts say any such moves are likely to be long in coming, if at all.

“German foreign policy is focused on one topic — doing things in cooperation,” said Marcel Dickow, an international security expert at the German Institute for International and Security Affairs. “Obviously, even with the Snowden [revelations], spying on allies is going to be seen as something that undermines cooperation.”

However, the hearings could be just the beginning here.

A top German prosecutor is still weighing whether to open a criminal investigation into the affair, which could further damage ties between Washington and Berlin. And there is no mistaking the lingering anger of German lawmakers, particularly those clamoring to bring Snowden to Berlin to testify.

Such a move is considered a long shot, in part because it would create fresh tensions at a time when Europe and the United States are trying to maintain a common front on the Russian-Ukraine crisis. But some here seem to believe that bringing Snowden to Berlin is exactly the kind of thumb-nosing the Americans deserve.

Snowden is the “key to clarification of the NSA spying scandal,” Hans-Christian Ströbele, a politician from the Green Party who met with Snowden in Russia last October, told reporters in Berlin on Thursday.

quote:

Op donderdag 3 april 2014 20:03 schreef Schunckelstar het volgende:
ik snap niet waarom snowden perse daarheen zou moeten

quote:

The “Cuban Twitter” Scam Is a Drop in the Internet Propaganda Bucket

quote:

This week, the Associated Press exposed a secret program run by the U.S. Agency for International Development to create “a Twitter-like Cuban communications network” run through “secret shell companies” in order to create the false appearance of being a privately owned operation. Unbeknownst to the service’s Cuban users was the fact that “American contractors were gathering their private data in the hope that it might be used for political purposes”–specifically, to manipulate those users in order to foment dissent in Cuba and subvert its government. According to top-secret documents published today by The Intercept, this sort of operation is frequently discussed at western intelligence agencies, which have plotted ways to covertly use social media for ”propaganda,” “deception,” “mass messaging,” and “pushing stories.”

These ideas–discussions of how to exploit the internet, specifically social media, to surreptitiously disseminate viewpoints friendly to western interests and spread false or damaging information about targets–appear repeatedly throughout the archive of materials provided by NSA whistleblower Edward Snowden. Documents prepared by NSA and its British counterpart GCHQ–and previously published by The Intercept as well as some by NBC News–detailed several of those programs, including a unit devoted in part to “discrediting” the agency’s enemies with false information spread online.

quote:

U.S. knocks plans for European communication network

quote:

(Reuters) - The United States on Friday criticized proposals to build a European communication network to avoid emails and other data passing through the United States, warning that such rules could breach international trade laws.

In its annual review of telecommunications trade barriers, the office of the U.S. Trade Representative said impediments to cross-border data flows were a serious and growing concern.

It was closely watching new laws in Turkey that led to the blocking of websites and restrictions on personal data, as well as calls in Europe for a local communications network following revelations last year about U.S. digital eavesdropping and surveillance.

"Recent proposals from countries within the European Union to create a Europe-only electronic network (dubbed a 'Schengen cloud' by advocates) or to create national-only electronic networks could potentially lead to effective exclusion or discrimination against foreign service suppliers that are directly offering network services, or dependent on them," the USTR said in the report.

Germany and France have been discussing ways to build a European network to keep data secure after the U.S. spying scandal. Even German Chancellor Angela Merkel's cell phone was reportedly monitored by American spies.

The USTR said proposals by Germany's state-backed Deutsche Telekom to bypass the United States were "draconian" and likely aimed at giving European companies an advantage over their U.S. counterparts.

Deutsche Telekom has suggested laws to stop data traveling within continental Europe being routed via Asia or the United States and scrapping the Safe Harbor agreement that allows U.S. companies with European-level privacy standards access to European data. (www.telekom.com/dataprotection)

"Any mandatory intra-EU routing may raise questions with respect to compliance with the EU's trade obligations with respect to Internet-enabled services," the USTR said. "Accordingly, USTR will be carefully monitoring the development of any such proposals."

U.S. tech companies, the leaders in an e-commerce marketplace estimated to be worth up to $8 trillion a year, have urged the White House to undertake reforms to calm privacy concerns and fend off digital protectionism.

In the report, the USTR also criticized restrictions on Internet telephony in India and China, foreign investment limits in countries, including China, and efforts to increase the rates U.S. telecommunications operators must pay in order to connect long-distance calls in Pakistan, Fiji, Tonga and Uganda.

quote:

Snowden en Greenwald waarschuwen voor metadata

NSA-klokkenluider Edward Snowden en verslaggever Glenn Greenwald waarschuwen ervoor dat overheden meer inbreuk op de privacy doen door metadata te verzamelen dan door direct telefoongesprekken en e-mails af te tappen.

Metadata zijn gegevens over telefoongesprekken: welke nummers met elkaar bellen, wanneer en hoe lang. Bij metadata wordt de inhoud van een gesprek niet opgeslagen. 'Ze laten onze verbindingen zien, onze politieke verbintenissen en onze eigenlijke activiteiten', aldus Snowden.

Greenwald en Snowden spraken gisteren via een videoverbinding op een conferentie van Amnesty International in de Amerikaanse stad Chicago. Amnesty International voert campagne om een einde te maken aan de afluisterpraktijken van de Amerikaanse overheid. Vorig jaar bracht Snowden naar buiten dat zijn voormalige werkgever, veiligheidsdienst NSA, massaal telefoongesprekken afluistert en e-mails bekijkt.

Meer onthullingen
Snowden leeft in ballingschap in Rusland, als hij naar de Verenigde Staten komt kan hij gearresteerd worden. Greenwald schreef over de onthullingen en beloofde gisteren dat er binnen twee maanden nog meer komen.

'Ik hoop en geloof dat hoe meer we verslag doen en hoe meer mensen de omvang van het misbruik zien, en niet alleen de omvang van het toezicht, hoe meer mensen erom zullen geven', zei hij vanuit Brazilië.

quote:

CERF: Classified NSA Work Mucked Up Security For Early TCP/IP

Internet pioneer Vint Cerf says that he had access to cutting edge cryptographic technology in the mid 1970s that could have made TCP/IP more secure – too bad the NSA wouldn’t let him!

Did the National Security Agency, way back in the 1970s, allow its own priorities to stand in the way of technology that might have given rise to a more secure Internet? You wouldn’t be crazy to reach that conclusion after hearing an interview with Google Vice President and Internet Evangelist Vint Cerf on Wednesday.

As a graduate student in Stanford in the 1970s, Cerf had a hand in the creation of ARPANet, the world’s first packet-switched network. He later went on to work as a program manager at DARPA, where he funded research into packet network interconnection protocols that led to the creation of the TCP/IP protocol that is the foundation of the modern Internet.

Cerf is a living legend who has received just about every honor a technologist can: including the National Medal of Technology, the Turing Award and the Presidential Medal of Freedom. But he made clear in the Google Hangout with host Leo Laporte that the work he has been decorated for – TCP/IP, the Internet’s lingua franca – was at best intended as a proof of concept, and that only now – with the adoption of IPv6 – is it mature (and secure) enough for what Cerf called “production use.”

Specifically, Cerf said that given the chance to do it over again he would have designed earlier versions of TCP/IP to look and work like IPV6, the latest version of the IP protocol with its integrated network-layer security and massive 128 bit address space. IPv6 is only now beginning to replace the exhausted IPV4 protocol globally.

“If I had in my hands the kinds of cryptographic technology we have today, I would absolutely have used it,” Cerf said. (Check it out here)

Researchers at the time were working on the development of just such a lightweight but powerful cryptosystem. On Stanford’s campus, Cerf noted that Whit Diffie and Martin Hellman had researched and published a paper that described a public key cryptography system. But they didn’t have the algorithms to make it practical. (That task would fall to Ron Rivest, Adi Shamir and Leonard Adleman, who published the RSA algorithm in 1977).

Curiously enough, however, Cerf revealed that he did have access to some really bleeding edge cryptographic technology back then that might have been used to implement strong, protocol-level security into the earliest specifications of TCP/IP. Why weren’t they used, then? The culprit is one that’s well known now: the National Security Agency.

Cerf told host Leo Laporte that the crypto tools were part of a classified project he was working on at Stanford in the mid 1970s to build a secure, classified Internet for the National Security Agency.

“During the mid 1970s while I was still at Stanford and working on this, I also worked with the NSA on a secure version of the Internet, but one that used classified cryptographic technology. At the time I couldn’t share that with my friends,” Cerf said. “So I was leading this kind of schizoid existence for a while.”

Hindsight is 20:20, as the saying goes. Neither Cerf, nor the NSA nor anyone else could have predicted how much of our economy and that of the globe would come to depend on what was then a government backed experiment in computer networking. Besides, we don’t know exactly what the cryptographic tools Cerf had access to as part of his secure Internet research or how suitable (and scalable) they would have been.

And who knows, maybe too much security early on would have stifled the growth of the Internet in its infancy – keeping it focused on the defense and research community, but acting as an inhibitor to wider commercial adoption?

But the specter of the NSA acting in its own interest without any obvious interest in fostering the larger technology sector is one that has been well documented in recent months, as revelations by the former NSA contractor Edward Snowden revealed how the NSA worked to undermine cryptographic standards promoted by NIST and the firm RSA .

It’s hard to listen to Cerf lamenting the absence of strong authentication and encryption in the foundational protocol of the Internet, or to think about the myriad of online ills in the past two decades that might have been preempted with a stronger and more secure protocol and not wonder what might have been.

quote:

Why Human Rights Groups Attracted the NSA's Attention

Not content with spying on UNICEF or the World Health Organization, it appears that western intelligence agencies are specifically targeting the communications of human rights groups.

While talking via video link to the Parliamentary Assembly of Council of Europe (full video here), Edward Snowden was asked if the NSA or GCHQ were currently spying on groups such as Amnesty International and Human Rights Watch.

“Without question, yes, absolutely,” was his response. “The NSA has in fact specifically targeted the communications of either leaders or staff members in a number of purely civil or human rights organisation of the kind described.”

Although it wasn't directly addressed towards a specific organisation, both Amnesty and HRW published press releases condemning the actions.

“If it's true that the NSA spied on groups like Human Rights Watch and Amnesty International, it's outrageous, and indicative of the overreach that US laws allows to security agencies,” said Dinah PoKempner from Human Rights Watch. “Such actions would again show why the US needs to overhaul its system of indiscriminate surveillance.”

Unfortunately, this won't be much of a surprise to Amnesty, who last December raised concerns with the UK government that their communications had been unlawfully accessed by intelligence agencies. In a claim to the Investigatory Powers Tribunal, the group claimed a breach of the right to privacy and the right to freedom of expression, referencing the Human Rights Act of 1998.

But why would the NSA, a government body purportedly gathering intelligence for the sake of national security, be concerned in surveilling human rights groups?

One clear reason is to gain access to communications with sources. Global NGOs have contacts in Libya, Russia, China, and pretty much everywhere else in the world, and being able to read the emails of an NGO source in a country or government of interest could save the hassle of building up your own presence in the area.

This is what seems to have worried Michael Bochenek, the legal and policy director for Amnesty International. “This raises the very real possibility that our communications with confidential sources have been intercepted,” he said.

This approach isn't far fetched either. Al Jazeera—which, last time I checked, is a journalistic entity rather than a terrorist organisation—had its computer systems broken into by the NSA during George Bush's second term in office. The already encrypted information was then passed onto other departments for analysis, with the NSA saying that Al Jazeera had “high potential as sources of intelligence.” (The US Justice Department was also caught last year spying on the Associated Press.)

Another reason is that the campaigns carried out by human rights groups do pose a threat to the interests of those in power. Amnesty International UK is currently highlighting cases of damage caused by energy corporations, in particular Shell. The organisation refers to documents that “show, in detail, how the UK intervened to support Shell and Rio Tinto in high-profile US human rights court cases, following requests from companies.”

It appears that the UK government feels responsible for ensuring that these companies can carry on business as usual. According to government documents, government agencies tasked with business development “believe that the prosperity and potentially significant commercial considerations," justifying their support of corporations in the court room.

With environmentalists increasingly being viewed as a security threat, and the close relationship between government and private energy sectors, it's plausible that spying on those opposed to abusive industries would be occurring.

If the NSA are willing to break into a media outlet's internal communications for the purposes of gathering intel, or the British government continue to explicitly support third party interests, it would be naive to think they wouldn't deploy similar tactics in order to undermine the work of human rights organisations.

Assuming that Amnesty International and Human Rights Watch are some of the groups affected by this snooping, who else could be affected? An obvious example is the American Civil Liberties Union, who are heavily involved with all things anti-surveillance, and who count Snowden's lawyer among their staff. Knowing what their next big scoop might be, who a whistleblower in the waiting is, or even their plans to generate support for initiatives such as The Day We Fight Back would all be valuable to an intelligence agency that just wants to keep on spying.