Monitoring NSA in de VS en erbuiten, deel 8

quote:

Top Democrat on House intelligence panel offers new NSA reform plan

Top Democrat on House intelligence committee says details are still being worked on but proposal would end bulk collection

Supporters of a stalled congressional effort to end the National Security Agency’s bulk collection of Americans’ metadata are looking warily at an alternative proposal by a key NSA advocate purporting to seek the same goal.

This week, the top Democrat on the House intelligence committee, Congressman Dutch Ruppersberger, who represents the Maryland district home to the NSA’s Fort Meade headquarters, came out in favor of a remedy for the controversial surveillance.

Ruppersberger, in interviews with the Washington Post, National Journal and Politico, said he was working to craft a proposal that would require court orders for government requests for Americans’ phone records – perhaps on an individual basis – from the telephone companies, without requiring the companies to expand retention of their customer records beyond current practice.

It’s an idea that on its face aligns with what privacy advocates have wanted since the Guardian exposed the NSA bulk phone records collection in June, thanks to leaks from Edward Snowden.

But his idea also attracted suspicion. Not only has Ruppersberger been a staunch advocate for the NSA – and a fervent critic of Snowden – but his proposal would compete with the civil-libertarian alternative, the USA Freedom Act, that has 163 co-sponsors in both congressional chambers and would go further than Ruppersberger’s effort, as initially described.

Ruppersberger’s office concedes that the details of the proposal, which are crucial in the arcane world of surveillance authorities, are still being worked out – something giving privacy advocates pause.

On the other hand, sources said, Ruppersberger’s evolving position represents what one called a “huge step forward” toward an outright end to bulk domestic metadata collection. Ruppersberger’s credibility with the NSA might also be an asset for such an effort.

In a statement to the Guardian on Friday, Ruppersberger signaled that surveillance “reform” was necessary, framing it as critical to restoring confidence in the NSA.

“I believe that the Foreign Intelligence Surveillance Act must be reformed. We must improve the American public’s confidence in, and perception of, our national security programs, by increasing transparency, strengthening oversight, and safeguarding civil liberties,” Ruppersberger said.

“I also believe that any proposal to reform the Foreign Intelligence Surveillance Act must preserve critical intelligence tools that protect our country and its allies. I am concerned with any approach that would eliminate this important intelligence tool and make the country more vulnerable to terrorist attacks, without providing a workable alternative.”

Ruppersberger is a close partner of the intelligence committee’s chairman, congressman Mike Rogers of Michigan, who has earlier signaled outright opposition to taking the phone records database away from the NSA.

But several sources were skeptical of any effort that would move surveillance reform through the intelligence committees instead of the judiciary committees, which have been more concerned with privacy issues. The judiciary committee, which has yet to move on the USA Freedom Act, insists on primary legislative jurisdiction over surveillance law.

The Obama administration has yet to take an outright position on the USA Freedom Act, an ambivalence that several members of Congress consider the equivalent of a rejection several months after the bill was introduced.

On Thursday, Jim Sensenbrenner, a Wisconsin Republican on the judiciary committee, called on Ruppersberger to embrace the USA Freedom Act that Sensenbrenner co-authored.

“I urge him to cosponsor the USA Freedom Act. It strikes the proper balance between security and privacy, and I am confident it has the votes to pass,” Sensenbrenner said in a statement to which Ruppersberger has yet to respond.

With the details still undetermined in Ruppersberger’s proposal, it is difficult to know how far the new effort would go in requiring court-ordered individual suspicion to access phone records, as well as requiring a specific “relevance” connection to an ongoing terrorism investigation, as required in the Patriot Act and the proposed USA Freedom Act – without which, privacy advocates argue, would leave the door open to dubious searches of government records.

“This certainly doesn’t go as far as the USA Freedom Act,” said Michelle Richardson, the ACLU’s surveillance lobbyist.

“Of course, the devil will be in the details. We’re going to see if we can get an advance copy and talk to the sponsors.”

quote:

White House withholding over 9,000 docs in CIA torture probe

For the last five years, the White House has withheld over 9,000 top-secret documents from a Senate investigation of the CIA’s former detention and torture program. The report comes one day after the CIA was accused of interfering in the probe.

Though the White House has publicly supported the investigation into Bush-era torture, the Obama administration has routinely rejected requests by the Select Senate Committee on Intelligence to see the records, McClatchy news service reported Wednesday.

It is not clear how substantial the documents are for the investigation, yet the White House has shielded them without wielding the claim of executive privilege that has been used often by the Obama and George W. Bush administrations to cover CIA and other government secrets following the attacks of September 11, 2001.

The White House told McClatchy a “small percentage” of the 6.2 million pages of documents given to the Committee were “set aside because they raise executive branch confidentiality interests.” The White House added that it had worked with the Committee “to ensure access to the information necessary to review the CIA’s former program.”

Neither the CIA nor the Committee would offer comment to McClatchy.

On Tuesday, Committee chairwoman Sen. Dianne Feinstein (D) alleged that the CIA secretly removed classified documents from a computer system used by Congress in the torture probe. Feinstein claimed the CIA improperly searched a stand-alone computer network at the agency’s Langley, Virginia headquarters that was put in place so that Intelligence Committee staffers could view sensitive documents.

The CIA denied the allegations, and the White House has stood behind CIA leadership on the matter. Reuters reported Wednesday the White House had previously tried to alleviate the longstanding tension between the CIA and the Committee after both entities alleged the other spied on it. Yet the failure to assuage the feud led Sen. Feinstein to write several letters appealing to Obama’s chief legal adviser, Kathryn Ruemmler, seeking a resolution. Those attempts also fell short.

Feinstein made no mention of the 9,400 White House documents during her Tuesday speech on the Senate floor. The held materials came to the Committee’s attention in 2009, though it is not clear whether the White House had given the Democrat-led Committee access to them and then rescinded the collection. Why the documents have been kept from the Committee is yet unknown.

“The most nefarious explanation is that they are not privileged and the White House simply doesn’t want to hand them over,” said Elizabeth Goitein, the co-director of the Brennan Center for Justice’s Liberty and National Security Program at the New York University Law School.

“Executive privilege is generally asserted after negotiations and brinksmanship behind the scenes. People put on paper what they want to be formalized, and these negotiations by their very nature are very informal.”

The documents have been referenced in public. Most prominently was in August, when Committee member Mark Udall [D] pressed the administration’s Pentagon general counsel nominee, Stephen W. Preston, for an answer on how he, as former CIA general counsel, played a role in the agency’s protection of the documents.

Preston responded by saying that “a small percentage of the total number of documents was set aside for further review. The agency [CIA] has deferred to the White House and has not been substantially involved in subsequent discussions about the disposition of those documents.”

In her speech Tuesday, Feinsten also intimated that the Committee found sometime in 2010 that it had mysteriously lost access to materials it had previously had clearance to read.

“This was done without the knowledge or approval of committee members or staff and in violation of our written agreements,” she said, going on to say the “matter was resolved” after CIA evasion and a subsequent appeal to the White House.

The documents in questions are separate from materials compiled by an internal CIA review of around 6.2 million pages of emails, operational cables, and other secret documents made available to the Committee in a secret electronic reading room at the CIA’s Langley headquarters.

The Committee approved a final draft of the 6,300-page study in December 2012, yet the report has been kept from the public.

As for Senate Republicans, who long ago opted out of involvement in the CIA torture probe, the party’s top member on the Committee has cast doubt on Feinstein’s assertions.

“Although people speak as though we know all the pertinent facts surrounding this matter, the truth is, we do not,” said Sen. Saxby Chambliss.

“No forensics have been run on the CIA computers…at the CIA facility to know what actually happened,”he said Tuesday.

quote:

Revealed: the MoD's secret cyberwarfare programme

Multimillion pound project will look at how internet users can be influenced by social media and other psychological techniques

The Ministry of Defence is developing a secret, multimillion-pound research programme into the future of cyberwarfare, including how emerging technologies such as social media and psychological techniques can be harnessed by the military to influence people's beliefs.

Programmes ranging from studies into the role of online avatars to research drawing on psychological theories and the impact of live video-sharing are being funded by the MoD in partnership with arms companies, academics, marketing experts and thinktanks.

The Guardian has seen a list of those hired to deliver research projects, which have titles such as Understanding Online Avatars, Cognitive and Behaviour Concepts of Cyber Activities, and Novel Techniques for Public Sentiment and Perception Elicitation.

The projects are being awarded by a "centre of excellence" managed by BAE Systems, which has received about £20m-worth of MoD funding since 2012. The MoD plans to procure a further £10m-worth of research through the centre this year.

While the centre commissions a wide range of research, such as studies of alcohol consumption in the armed forces, a substantial stream of research comes under the heading of "information activities and outreach". The term is significant in that it has its roots in Britain's 2010 strategic defence review and national security strategy. Its aims include understanding the behaviour of internet users from different cultures, the influence of social media such as Twitter and Facebook and the psychological impact of increased online video usage on sites such as YouTube.

Typical targets, for now, would include groups of young internet users deemed at risk of being incited or recruited online to commit terrorism.

Dr Tim Stevens of Kings College London, who studies cyberwar and strategy, said there was increased state interest in the role of emergent technologies such as social media and the development of powerful psychological techniques to wield influence.

"The current furore over inter-state cyberwar is probably not where the game's at. What is far more likely is that states will seek to influence their own populations and others through so-called 'cyber' methods, which basically means the internet and the device du jour, currently smartphones and tablets," he said.

"With the advent of sophisticated data-processing capabilities (including big data), the big number-crunchers can detect, model and counter all manner of online activities just by detecting the behavioural patterns they see in the data and adjusting their tactics accordingly.

"Cyberwarfare of the future may be less about hacking electrical power grids and more about hacking minds by shaping the environment in which political debate takes place," he added.

The current MoD research drive in the area is being run by the Defence Human Capability Science and Technology Centre (DHCSTC), which is administered by BAE.

While most projects remain under wraps an insight into the area of research has been provided by a previous report commissioned by the MoD, and which has been released under the Freedom of Information Act. It examined how chatbots – computer programmes that make human-sounding small talk and which have been used in everything from customer relations to sex industry marketing – could take on military roles in intelligence and propaganda operations to influence targets.

The research into the programmes, which are designed to emulate human conversation and are familiar as "virtual assistants" on retailers' websites, envisages a future in which "an influence bot could be deployed in both covert and overt ways – on the web, in IM/chatrooms/forums or in virtual worlds".

"It could be a declared bot and fairly overt influence play, or pretend to be a human and conduct its influencing in less obvious ways," says the 2011 report by Daden, a technology group that develops chatbots for commercial and educational clients.

Daden also suggested chatbots could be used as "cyberbuddies" shadowing soldiers through their careers or as data-gatherers in digital environments such as chatrooms and forums, where they could "scout for targets, potentially analyse behaviour, and record and relay conversation".

The report cautions, however, that the barriers to their use in data-gathering and influence operations include ethical issues, adding that "the adverse effect that the unmasking of a non-declared bot would have on the subject, and their wider group needs to be carefully considered".

It says: "One approach, as in real life, is for the bot to withdraw if it thinks it may be compromised. In the early days, it may be better that the bot activity is declared and overt – in the same way as much broadcast and UK plc promotional activity."

BAE declined to provide a comment when contacted.

The projects

• Full Spectrum Targeting – a sophisticated new concept that is growing in influence at the MoD and measures future battlefields in social and cognitive terms rather than just physical spaces. Emphasis is put on identifying and co-opting influential individuals, controlling channels of information and destroying targets based on morale rather than military necessity. The £65,285 project is being delivered by the Change Institute (a London-based thinktank whose previous work includes carrying out research for the government into understanding Muslim ethnic communities), the BAE subsidiary, Detica and another defence and security-orientated company, Montvieux.

• Cognitive and Behaviour Concepts of Cyber Activities – £310,822 project being delivered by Baines Associates, a strategic marketing firm, i to i Research, a consultancy in "social and behavioural change", and universities including Northumbria, Kent and University College London.

• Innovation: Tools and Techniques for Influence Activities – a £28,474 project being delivered by the Change Institute, the University of Kent and QinetiQ, a company spun out of the MoD research department.

• Understanding Online Avatars – a £17,150 project being delivered by the Change Institute.

quote:

Small Drones Are a Bigger Privacy Threat Than the NSA, Says Senate Intel Chair

Dianne Feinstein has a bone to pick with drones, especially since she confronted one on her own lawn.

“I’m in my home and there’s a demonstration out front, and I go to peek out the window, and there’s a drone facing me,” the California Democratic senator recalled to correspondent Morley Safer on "60 Minutes" Sunday night.

Demonstrators from Code Pink, who were protesting NSA surveillance outside her house in July, said it was just a tiny pink toy helicopter.

The confusion points to the problems with understanding and regulating and at least defining drones: a drone and a remote-controlled helicopter are the same thing.

Big, armed capital-D Drones with creepy names like the Predator and the Reaper have earned a shadowy reputation because they've been used—largely in secret by the CIA—to dramatically extend the reach of the military (and through lawfare, extend the boundaries of what's lawful), within politically vacuous spaces. In a way, this use of Drones is not unlike the use of electronic surveillance by other parts of the intelligence community.

But for the purposes of privacy in America, drones are nothing fancier than flying remote controlled GoPro cameras.

“When is a drone picture a benefit to society? When does it become stalking? When does it invade privacy? How close to a home can a drone go?” Feinstein asked, listing off questions she had to Safer.

In an extra segment, Safer asked Feinstein if she believed that "the drones were the worst thing that could happen to our privacy ever."

"To a great extent that's the way I feel right now," she said, "because the drone can take pictures. The sophisticated drone, which isn't necessarily the drone that's going to be used by the average person from 17,000, 20,000 feet and you don't know it's there."

CODEPINK Surveils Feinstein for the Iraq War, Domestic Spying

quote:

The NSA's spying technology may not produce spectacular video, but both it and the drone involve potential intrusions on personal privacy. But Feinstein has said she sees drones as more risky to privacy than government internet surveillance because they are largely unregulated.

Privacy groups have challenged that view, criticizing what they've called Sen. Feinstein's contradictory views about government surveillance.

"I really wish the DiFi that just testified at #droneprivacy hearing could be chair of the Senate Intel Committee," Amie Stepanovich, the director of the Electronic Privacy Information Center, tweeted after a hearing in January.

quote:

NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls

The National Security Agency has built a surveillance system capable of recording “100 percent” of a foreign country’s telephone calls, enabling the agency to rewind and review conversations as long as a month after they take place, according to people with direct knowledge of the effort and documents supplied by former contractor Edward Snowden.

A senior manager for the program compares it to a time machine — one that can replay the voices from any call without requiring that a person be identified in advance for surveillance.

The voice interception program, called MYSTIC, began in 2009. Its RETRO tool, short for “retrospective retrieval,” and related projects reached full capacity against the first target nation in 2011. Planning documents two years later anticipated similar operations elsewhere.

In the initial deployment, collection systems are recording “every single” conversation nationwide, storing billions of them in a 30-day rolling buffer that clears the oldest calls as new ones arrive, according to a classified summary.

The call buffer opens a door “into the past,” the summary says, enabling users to “retrieve audio of interest that was not tasked at the time of the original call.” Analysts listen to only a fraction of 1 percent of the calls, but the absolute numbers are high. Each month, they send millions of voice clippings, or “cuts,” for processing and long-term storage.

At the request of U.S. officials, The Washington Post is withholding details that could be used to identify the country where the system is being employed or other countries where its use was envisioned.

No other NSA program disclosed to date has swallowed a nation’s telephone network whole. Outside experts have sometimes described that prospect as disquieting but remote, with notable implications for a growing debate over the NSA’s practice of “bulk collection” abroad.

Bulk methods capture massive data flows “without the use of discriminants,” as President Obama put it in January. By design, they vacuum up all the data they touch — meaning that most of the conversations collected by RETRO would be irrelevant to U.S. national security interests.

In the view of U.S. officials, however, the capability is highly valuable.

In a statement, Caitlin Hayden, spokeswoman for the National Security Council, declined to comment on “specific alleged intelligence activities.” Speaking generally, she said “new or emerging threats” are “often hidden within the large and complex system of modern global communications, and the United States must consequently collect signals intelligence in bulk in certain circumstances in order to identify these threats.”

NSA spokeswoman Vanee Vines, in an e-mailed statement, said that “continuous and selective reporting of specific techniques and tools used for legitimate U.S. foreign intelligence activities is highly detrimental to the national security of the United States and of our allies, and places at risk those we are sworn to protect.”

Some of the documents provided by Snowden suggest that high-volume eavesdropping may soon be extended to other countries, if it has not been already. The RETRO tool was built three years ago as a “unique one-off capability,” but last year’s secret intelligence budget named five more countries for which the MYSTIC program provides “comprehensive metadata access and content,” with a sixth expected to be in place by last October.

The budget did not say whether the NSA now records calls in quantity in those countries, or expects to do so. A separate document placed high priority on planning “for MYSTIC accesses against projected new mission requirements,” including “voice.”

Ubiquitous voice surveillance, even overseas, pulls in a great deal of content from Americans who telephone, visit and work in the target country. It may also be seen as inconsistent with Obama’s Jan. 17 pledge “that the United States is not spying on ordinary people who don’t threaten our national security,” regardless of nationality, “and that we take their privacy concerns into account.”

In a presidential policy directive, Obama instructed the NSA and other agencies that bulk acquisition may be used only to gather intelligence on one of six specified threats, including nuclear proliferation and terrorism. The directive, however, also noted that limits on bulk collection “do not apply to signals intelligence data that is temporarily acquired to facilitate targeted collection.”

The emblem of the MYSTIC program depicts a cartoon wizard with a telephone-headed staff. Among the agency’s bulk collection programs disclosed over the past year, its focus on the spoken word is unique. Most of the programs have involved the bulk collection of either metadata — which does not include content — or text, such as e-mail address books.

Telephone calls are often thought to be more ephemeral and less suited than text for processing, storage and search. Indeed, there are indications that the call-recording program has been hindered by the NSA’s limited capacity to store and transmit bulky voice files.

In the first year of its deployment, a program officer wrote that the project “has long since reached the point where it was collecting and sending home far more than the bandwidth could handle.”

Because of similar capacity limits across a range of collection programs, the NSA is leaping forward with cloud-based collection systems and a gargantuan new “mission data repository” in Utah. According to its overview briefing, the Utah facility is designed “to cope with the vast increases in digital data that have accompanied the rise of the global network.”

Christopher Soghoian, the principal technologist for the American Civil Liberties Union, said history suggests that “over the next couple of years they will expand to more countries, retain data longer and expand the secondary uses.”

Spokesmen for the NSA and the Office of Director of National Intelligence James R. Clapper Jr. declined to confirm or deny expansion plans or discuss the criteria for any change.

Based on RETRO’s internal reviews, the NSA has strong motive to deploy it elsewhere. In the documents and interviews, U.S. officials said RETRO is uniquely valuable when an analyst first uncovers a new name or telephone number of interest.

With up to 30 days of recorded conversations in hand, the NSA can pull an instant history of the subject’s movements, associates and plans. Some other U.S. intelligence agencies also have access to RETRO.

Highly classified briefings cite examples in which the tool offered high-stakes intelligence that would not have existed under traditional surveillance programs in which subjects were identified for targeting in advance. Unlike most of the government’s public claims about the value of controversial programs, the briefings supply names, dates, locations and fragments of intercepted calls in convincing detail.

Present and former U.S. officials, speaking on the condition of anonymity to provide context for a classified program, acknowledged that large numbers of conversations involving Americans would be gathered from the country where RETRO operates.

The NSA does not attempt to filter out their calls, defining them as communications “acquired incidentally as a result of collection directed against appropriate foreign intelligence targets.”

Until about 20 years ago, such incidental collection was unusual unless an American was communicating directly with a foreign intelligence target. In bulk collection systems, which are exponentially more capable than the ones in use throughout the Cold War, calls and other data from U.S. citizens and permanent residents are regularly ingested by the millions.

Under the NSA’s internal “minimization rules,” those intercepted communications “may be retained and processed” and included in intelligence reports. The agency generally removes the names of U.S. callers, but there are several broadly worded exceptions.

An independent group tasked by the White House to review U.S. surveillance policies recommended that incidentally collected U.S. calls and e-mails — including those obtained overseas — should nearly always “be purged upon detection.” Obama did not accept that recommendation.

Vines, in her statement, said the NSA’s work is “strictly conducted under the rule of law.”

RETRO and MYSTIC are carried out under Executive Order 12333, the traditional grant of presidential authority to intelligence agencies for operations outside the United States.

Since August, Sen. Dianne Feinstein (D-Calif.), the chairman of the Senate Intelligence Committee, and others on that panel have been working on plans to assert a greater oversight role for intelligence gathering abroad. Some legislators are now considering whether Congress should also draft new laws to govern those operations.

Experts say there is not much legislation that governs overseas intelligence work.

“Much of the U.S. government’s intelligence collection is not regulated by any statute passed by Congress,” said Timothy H. Edgar, the former director of privacy and civil liberties on Obama’s national security staff. “There’s a lot of focus on the Foreign Intelligence Surveillance Act, which is understandable, but that’s only a slice of what the intelligence community does.”

All surveillance must be properly authorized for a legitimate intelligence purpose, he said, but that “still leaves a gap for activities that otherwise basically aren’t regulated by law because they’re not covered by FISA.”

Beginning in 2007, Congress loosened 40-year-old restrictions on domestic surveillance because so much foreign data crossed U.S. territory. There were no comparable changes to protect the privacy of U.S. citizens and residents whose calls and e-mails now routinely cross international borders.

Vines noted that the NSA’s job is to “identify threats within the large and complex system of modern global communications,” where ordinary people share fiber-optic cables with legitimate intelligence targets.

For Peter Swire, a member of the president’s review group, the fact that Americans and foreigners use the same devices, software and networks calls for greater care to safeguard Americans’ privacy.

“It’s important to have institutional protections so that advanced capabilities used overseas don’t get turned against our democracy at home,” he said.

quote:

Hackers may leak Microsoft spying docs, grant Bill Gates's wish for 'intense debates'

quote:

There's always been a lot of information about your activities. Every phone number you dial, every credit-card charge you make. It's long since passed that a typical person doesn't leave footprints. But we need explicit rules. If you were in a divorce lawsuit 20 years ago, is that a public document on the Web that a nosy neighbor should be able to pull up with a Bing or Google search? When I apply for a job, should my speeding tickets be available? Well, I'm a bus driver, how about in that case? And society does have an overriding interest in some activities, like, "Am I gathering nuclear-weapons plans, and am I going to kill millions of people?" If we think there's an increasing chance of that, who do you trust? I actually wish we were having more intense debates about these things.

quote:

If it's an intense debate about surveillance and the cloud that Gates would like, then the Syrian Electronic Army may be about to grant that wish. SEA has twice hacked Microsoft in 2014, giving Microsoft a red face and a pair of black eyes. SEA hackers warned that Microsoft is "spying on people" and not to "use Microsoft emails (Hotmail, Outlook), They are monitoring your accounts and selling the data to the governments." The pro-Assad hackers vowed to deliver the digital dirt by publishing stolen documents that "prove" Microsoft spies on email for governments.

Shortly thereafter, Microsoft admitted that targeted phishing attacks allowed SEA to steal law enforcement documents.

If Gates really wants an intense debate, that may be about to happen (again) for Microsoft. Yesterday, the Syrian Electronic Army tweeted that it will soon leak the documents showing what Microsoft is paid for email surveillance.

quote:

Why Isn't the Fourth Amendment Classified as Top Secret?

quote:

Notice how much the Fourth Amendment tells our enemies. "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated," it states, "and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

The Framers are usually considered patriots. Yet they gave traitors and criminals in their midst such powerful knowledge about concealing evidence of skullduggery! Today every terrorist with access to a pocket Constitution is privy to the same text. And thanks to the Supreme Court's practice of publishing its opinions, al-Qaeda need only have an Internet connection to gain a very nuanced, specific understanding of how the Fourth Amendment is applied in individual cases, how it constrains law enforcement, and how to exploit those limits.

Such were my thoughts Friday at UCLA Law School, where Stewart Baker, an attorney who worked in the Department of Homeland Security during the Bush Administration, participated in a debate about Edward Snowden. Some of his remarks focused on the NSA whistleblower's professed desire to trigger a debate among Americans, many of whom think it's their right to weigh in on all policy controversies.

Baker disagrees.

quote:

The next step would be obvious. There are ways in which the First, Second, and Fifth Amendments help to inform terrorists too. The same goes for related case law. Think how much less terrorists and criminals alike would know if all constitutional law, indeed all law of any kind, were interpreted before a secret body like the FISA court, rather than in open court where anyone can listen. Until then, our judges and constitutional-law scholars will regularly be putting out information that could be useful to our enemies. Stopping them would create an undemocratic system in which prosecutorial and police abuse would often be essentially undiscoverable and unchallengeable, and would inevitably end in civil liberties abuses of millions of innocents. But if, like Baker, you're not much bothered by mass surveillance of innocents, perhaps that price isn't too high to pay.

quote:

After Snowden, Australia’s cops worry about people using crypto

quote:

Several Australian law enforcement agencies and the Australian Security Intelligence Organization (ASIO) have submitted proposals asking the country's senate for more surveillance power, and state police have even asked that the government move to log its citizens' Web browsing history.

Several months ago, on the heels of revelations that Australian Intelligence had been sharing surveillance information with its partners in foreign nations, the Australian Senate opened an inquiry into whether the country's Telecommunications (Interception and Access) Act of 1979 should be revised to better protect AU citizens' privacy. Unsurprisingly, the ASIO—along with Northern Territory, Western, and Victoria state police—has submitted commentary asking for more data retention and offering little in the way of more privacy protection.

In particular, the ASIO said that Snowden's leaks will make it more difficult for the organization to collect meaningful data about a person, so the organization should be given more leeway to perform its surveillance duties. In its proposal, the ASIO asserted that certain technological advances are detrimental to its spying on bad actors (a refrain that is not often heard, as it's generally accepted that technology is making it easier to spy on citizens).

quote:

Anonymous-OS 0.1 : Anonymous Hackers released their own Operating System

quote:

Anonymous Hackers released their own Operating System with name "Anonymous-OS", is Live is an ubuntu-based distribution and created under Ubuntu 11.10 and uses Mate desktop. You can create the LiveUSB with Unetbootin.

quote:

Update: Another Live OS for anonymity available called "Tails". Which is a live CD or live USB that aims at preserving your privacy and anonymity.It helps you to use the Internet anonymously almost anywhere you go and on any computer:all connections to the Internet are forced to go through the Tor network or to leave no trace on the computer you're using unless you ask it explicitly, or use state-of-the-art cryptographic tools to encrypt your files, email and instant messaging. You can Download Tail from Here

quote:

Facebook Fights Back Against the NSA Spy Machine

Mark Zuckerberg was apparently peeved enough to phone the President when he read recent reports that the NSA was using fake Facebook websites to intercept the social network’s traffic and infect private computers with surveillance software. But Joe Sullivan — the ex-federal prosecutor who now serves as Facebook’s chief security officer — says the company has now steeled its online services so that such a ploy is no longer possible.

“That particular attack is not viable,” the 45-year-old Sullivan told a room full of reporters yesterday at Facebook headquarters in Menlo Park, California. It hasn’t been viable, he explained, since the company rolled out what’s called SSL data encryption for all its web traffic, a process it completed in the summer of last year.

According to outside security researchers, there are still ways of working around Facebook’s encryption. But these methods are much harder to pull off, and Sullivan’s message was clear: The situation around the NSA’s surveillance campaigns isn’t quite as dire as many have painted it. Unlike his counterparts at places like Google and Microsoft, Sullivan says that the ongoing stream of revelations from NSA whistleblower Edward Snowden aren’t really that surprising, and he indicated that the leaked information has changed little about how his company approaches security.

Sullivan’s message stands in contrast to the one Zuckerberg unloaded on his Facebook page after his phoning the President. The Facebook founder expressed extreme frustration over the NSA’s practices, calling for sweeping changes to government policies. But the contrast isn’t that surprising. It very clearly shows the awkward situation that has engulfed companies like Facebook in the wake of Snowden’s revelations, which started tumbling out last summer. The giants of the web are certainly concerned over NSA surveillance — despite indications that they may have been complicit in some ways — and they’re actively fighting against it. But they must also reassure users that the situation is well in hand — that it’s safe to use their services today. This can be a difficult line to walk.

Certainly, the web’s largest operations — including Google, Yahoo, and Microsoft as well as Facebook — have now taken at least the basic steps needed to guard their online traffic against interlopers. Facebook not only uses SSL, or secure sockets layer, encryption to protect all data moving between its computer servers and virtually all of the than 1.2 billion people who use the social networking service. It has also installed technology that uses similarly hefty encryption techniques to protect information that flows between the massive data centers that underpin its online empire. This is just the sort of thing Snowden himself called for last week while appearing via video feed at a conference in Texas.

In using SSL to encode all data sent and received by its million of users, Facebook can indeed thwart the sort of fake-Facebook-server attack discussed in the press last week. As described, these attacks redirected users to NSA websites that looked exactly like Facebook by surreptitiously slipping certain internet addresses into their browsers. SSL encryption provides what is probably “solid” protection against such methods, says Nicholas Weaver, a staff researcher who specializes in network security at the International Computer Science Institute.

Weaver does acknowledge that attackers could compromise Facebook SSL encryption by somehow obtaining or creating fake encryption certificates, but he believes that such attacks are now unlikely. “That is very risky these days,” he says, pointing out that many companies are now on the lookout for such fake certificates.

It’s equally important that Facebook is now encrypting information as it moves between data centers. Documents released by Snowden have shown that the NSA has ways of tapping lines that connect the massive computing centers operated by the likes of Google and Facebook. Sullivan declined to say when Facebook had secured these lines, but he’s now confident this makes it much more difficult for agencies like the NSA to eavesdrop on Facebook data as it travels through network service providers outside of the company’s control. And Weaver agrees. Assuming the company’s encryption devices aren’t sabotaged, he says, the data is secure as it travels across the wire. “You’d need to break into the data center computers or the encryption devices themselves to access that data,” he says.

But Joe Sullivan’s rather sunny view of Facebook security doesn’t tell the whole story. Much of the rest of the web has yet to adopt similar encryption techniques, and there’s still so much we don’t know about what the NSA is capable of. It’s also worth noting that Facebook’s chief security officer sidestepped questions about future threats to the company’s operation, including the possibility of a quantum computer that could break current encryption techniques. In the Post-Snowden age, the giants of the web have certainly increased their security efforts. But there is always more to do.

quote:

Don't Fall For Misleading Story Being Spread By NSA Suggesting Tech Companies Lied About PRISM

quote:

I'm seeing a bunch of folks passing around a story by Spencer Ackerman at The Guardian, claiming that tech companies lied about their "denials" of PRISM. The story is incredibly misleading. Ackerman is one of the best reporters out there on the intelligence community, and I can't recall ever seeing a story that I think he got wrong, but this is one. But the storyline is so juicy, lots of folks, including the usual suspects are quick to pile on without bothering to actually look at the details, insisting that this is somehow evidence of the tech companies lying.

So, let's look at what actually happened.

quote:

Bondsdag gaat activiteiten NSA onderzoeken

De Duitse Bondsdag heeft vandaag besloten tot een parlementair onderzoek naar de activiteiten van de Amerikaanse National Security Agency (NSA) en andere buitenlandse inlichtingendiensten, waaronder het afluisteren van de mobiele telefoon van bondskanselier Angela Merkel.

Zowel de regeringspartijen als de oppositie stemden voor het onderzoek. Daarin wordt gekeken hoe breed en hoe diep de privécommunicatie van Duitsers door de Verenigde Staten en hun bondgenoten in het 'Five Eyes'-netwerk - Groot-Brittannië, Canada, Australië en Nieuw-Zeeland - werd bespioneerd en hoe veel Duitse functionarissen hiervan afwisten.

Het onderzoek begint volgende maand. Oppositielid Hans-Christian Ströbele wil dat ook NSA-klokkenluider Edward Snowden wordt gehoord, ook al zullen de VS daar waarschijnlijk bezwaar tegen makken. Snowden verblijft in Rusland, waar hij tijdelijk asiel heeft gekregen.

Het Duitse openbaar ministerie overweegt nog of het een strafrechtelijk onderzoek zal beginnen tegen de activiteiten van de NSA.

quote:

Hacked emails show what Microsoft charges the FBI for user data

Microsoft often charges the FBI's most secretive division hundreds of thousands of dollars a month to legally view customer information, according to documents allegedly hacked by the Syrian Electronic Army.

The SEA, a hacker group loyal to Syrian President Bashar al-Assad, is best known for hijacking Western media companies' social media accounts. (These companies include the Associated Press, CNN, NPR, and even the Daily Dot.) The SEA agreed to let the Daily Dot analyze the documents with experts before the group published them in full.

The documents consist of what appear to be invoices and emails between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU), and purport to show exactly how much money Microsoft charges DITU, in terms of compliance costs, when DITU provides warrants and court orders for customers' data.

In December 2012, for instance, Microsoft emailed DITU a PDF invoice for $145,100, broken down to $100 per request for information, the documents appear to show. In August 2013, Microsoft allegedly emailed a similar invoice, this time for $352,200, at a rate of $200 per request. The latest invoice provided, from November 2013, is for $281,000.

None of the technologists or lawyers consulted for this story thought that Microsoft would be in the wrong to charge the FBI for compliance, especially considering it's well within the company's legal right to charge "reasonable expenses." Instead, they said, the documents are more of an indication of just how frequently the government wants information on customers. Some of the DITU invoices show hundreds of requests per month.

For ACLU Principal Technologist Christopher Soghoian, the documents reiterated his stance that charging a small fee is a positive, in part because it creates more of a record of government tracking. In 2010, Soghoian actually chided Microsoft for not charging the Drug Enforcement Agency for turning over user records when instructed to by courts, noting that companies like Google and Yahoo did.

Nate Cardozo, a staff attorney for the Electronic Frontier Foundation, agreed, and told the Daily Dot the government should be transparent about how much it pays.

"Taxpayers should absolutely know how much money is going toward this," he said.

Compared with the National Security Agency, which has seen many of its programs exposed by former systems analyst Edward Snowden, DITU has a low profile. But it runs in the same circles. Multiple law enforcement and technology industry representatives described DITU to Foreign Policy as the FBI's liaison to the U.S.'s tech companies, and the agency's equivalent to the NSA.

To that note, DITU is mentioned as a little-noticed detail from Snowden slides that detail the NSA's notorious PRISM program, which allows it to collect users' communications from nine American tech companies, including Microsoft. One slide explicitly mentions DITU's role in getting data from those companies.

PRISM screengrab via freesnowden.is

It's impossible to fully verify the documents' authenticity without confirmation from someone with direct knowledge of Microsoft and DITU compliance practices, and those parties refused to comment. But there are multiple signs that indicate the documents are legitimate.

"I don’t see any indication that they’re not real," Cardozo said. "If I was going to fake something like this, I would try to fake it up a lot more sensational than this."

That the SEA twice attacked Microsoft with a phishing attack before leaking these documents is well documented. On Jan. 11, the day of the second attack, the SEA hijacked the company's blog and Twitter account. One representative told the Verge that day that it was part of a bigger plan: "We are making some distraction for Microsoft employees so we can success in our main mission," the hacker said.

In a blog post nearly two weeks later, Microsoft admitted: "[W]e have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen."

A source familiar with several of the email addresses of the Microsoft employees in the emails confirmed the addresses were authentic.

When reached for comment, the company reiterated its stance that it complies with government demands as required by law. A spokesperson added that "as pursuant to U.S. law, Microsoft is entitled to seek reimbursement for costs associated with compliance with a valid legal demands. ... To be clear, these reimbursements cover only a portion of the costs we actually incur to comply with legal orders."

A spokesperson for the FBI declined to comment and deferred questions to Microsoft, "given that SEA claims to have stolen the documents" from there.

Indeed, there's plenty of history for communications companies charging compliance costs for cooperating with intelligence agencies' request for people's information. The CIA pays AT&T more than $10 million annually for access to its phone records, government officials told the New York Times. The Guardian, referencing other documents provided by Snowden, has reported that the NSA paid millions to Microsoft and the other eight companies used in PRISM for compliance costs.

Only the earliest of the Microsoft invoices provided by the SEA, dated May 10, 2012, breaks down requests by type of legal request, and it shows them to all explicitly come legally, though nothing in the documents indicates the later invoices refer to illegal surveillance. User information by a subpoena costs $50, a court order $75, and a search warrant $100. The requests come from FBI offices all around the U.S.



Later invoices to DITU don't break down requests to subpoena and court order, though the format is otherwise similar, and costs begin to rise to $100 and $200 per request.

And though the costs vacillate slightly depending on the invoice, they appear to be roughly in line with industry standards. Ashkan Soltani, who coauthored a Yale study on how much it costs agencies like the FBI to track targets by tapping phone companies for their cellphone locations, said that the range of costs seen in the SEA documents—$50 to $200 per order to Microsoft—"did seem a fair cost."

The invoices don't make explicit the exact type of information Microsoft charges DITU to provide, which may account for the price changes.

The biggest suspicion espoused by the experts we spoke with was just how apparently easy it was for the SEA to acquire this sort of information. If the documents aren't forged, that means Microsoft and the FBI simply email invoices and references to a presumably classified process.

"I’m surprised that they’re doing it by email," Soltani said. "I thought it would be a more secure system."

quote:

NSA hacks system administrators, new leak reveals

In its quest to take down suspected terrorists and criminals abroad, the United States National Security Agency has adopted the practice of hacking the system administrators that oversee private computer networks, new documents reveal.

The Intercept has published a handful of leaked screenshots taken from an internal NSA message board where one spy agency specialist spoke extensively about compromising not the computers of specific targets, but rather the machines of the system administrators who control entire networks.

Journalist Ryan Gallagher reported that Edward Snowden, a former sys admin for NSA contractor Booz Allen Hamilton, provided The Intercept with the internal documents, including one from 2012 that’s bluntly titled “I hunt sys admins.”

According to the posts — some labeled “top secret” — NSA staffers should not shy away from hacking sys admins: a successful offensive mission waged against an IT professional with extensive access to a privileged network could provide the NSA with unfettered capabilities, the analyst acknowledged.

“Who better to target than the person that already has the ‘keys to the kingdom’?” one of the posts reads.

“They were written by an NSA official involved in the agency’s effort to break into foreign network routers, the devices that connect computer networks and transport data across the Internet,” Gallagher wrote for the article published late Thursday. “By infiltrating the computers of system administrators who work for foreign phone and Internet companies, the NSA can gain access to the calls and emails that flow over their networks.”

Since last June, classified NSA materials taken by Snowden and provided to certain journalists have exposed an increasing number of previously-secret surveillance operations that range from purposely degrading international encryption standards and implanting malware in targeted machines, to tapping into fiber-optic cables that transfer internet traffic and even vacuuming up data as its moved into servers in a decrypted state.

The latest leak suggests that some NSA analysts took a much different approach when tasked with trying to collect signals intelligence that otherwise might not be easily available. According to the posts, the author advocated for a technique that involves identifying the IP address used by the network’s sys admin, then scouring other NSA tools to see what online accounts used those addresses to log-in. Then by using a previously-disclosed NSA tool that tricks targets into installing malware by being misdirected to fake Facebook servers, the intelligence analyst can hope that the sys admin’s computer is sufficiently compromised and exploited.

Once the NSA has access to the same machine a sys admin does, American spies can mine for a trove of possibly invaluable information, including maps of entire networks, log-in credentials, lists of customers and other details about how systems are wired. In turn, the NSA has found yet another way to, in theory, watch over all traffic on a targeted network.

“Up front, sys admins generally are not my end target. My end target is the extremist/terrorist or government official that happens to be using the network some admin takes care of,” the NSA employee says in the documents.

When reached for comment by The Intercept, NSA spokesperson Vanee Vines said that, “A key part of the protections that apply to both US persons and citizens of other countries is the mandate that information be in support of a valid foreign intelligence requirement, and comply with US Attorney General-approved procedures to protect privacy rights.”

Coincidentally, outgoing-NSA Director Keith Alexander said last year that he was working on drastically cutting the number of sys admins at that agency by upwards of 90 percent — but didn’t say it was because they could be exploited by similar tactics waged by adversarial intelligence groups. Gen. Alexander’s decision came just weeks after Snowden — previously one of around 1,000 sys admins working on the NSA’s networks, according to Reuters — walked away from his role managing those networks with a trove of classified information.

quote:

British intelligence watchdog is like Yes Prime Minister, says MP

Spy services' monitor has staff of just two and was bewildered by Snowden affair

Britain's intelligence services had a system of oversight no better than that seen in the TV comedy Yes, Prime Minister, an MP said on Tuesday during a meeting of a Commons committee.

Julian Huppert, a Liberal Democrat, said the sitcom depicting ineffectual government was an appropriate comparison after it emerged that the intelligence services commissioner appearing before MPs worked only part-time, and operated with only one other staff member.

Huppert said: "Can I come back to this comparison between Britain and the US? I presume you are both familiar with Yes, Prime Minister. There is a line there where it says, 'Good Lord, no. Any hint of suspicion, you hold a full inquiry, have a chap straight out for lunch, ask him straight out if there is anything in it and if he says no, you have got to trust a chap's word'."

Other MPs on the home affairs select committee also questioned Sir Mark Waller, the intelligence services commissioner, as to whether there was adequate political and legal oversight of MI5, MI6 and the surveillance agency GCHQ, and suggested the existing system was not robust enough.

Waller, a former judge, had initially refused to attend the committee but had to relent after being summoned. But he told MPs that he thought he had adequate resources to do his job.

Keith Vaz, the committee chairman, said Waller was clearly a "decent man" but questioned whether there was a need for a full-time commissioner, with a bigger staff with more powers.

Waller disagreed, saying that the prospect of a former judge scrutinising applications for warrants was sufficient to ensure that the intelligences agencies behaved properly. He added that he admired the agencies' "ethos" and that a bigger bureaucracy could have a detrimental effect, interfering with the important work of the intelligence agencies.

The intelligence service commissioner oversees the "lawful use of intrusive powers" – surveillance as it is used by the intelligence agencies. Waller also revealed that 1,700 warrants were issued last year. He estimated he checked about 6% of them to ensure they complied with the law.

The committee is investigating counter-terrorism but its hearings have become increasingly dominated by the revelations by the whistleblower Edward Snowden about the extent of mass surveillance and whether there is sufficient political and legal oversight.

Waller had been in the job 18 months when he heard about the Snowden revelations last summer. His response, he said, was: "Crikey."

His initial fear had been that he had been duped by the intelligence agencies. "I wanted to know if I had been spoofed for 18 months," Waller said.

Waller, who looked ill at ease during much of the questioning, said he had gone to see GCHQ to see if there was anything to the allegations. He saw the deputy chief of the GCHQ and was satisfied the allegations were without foundation.

Vaz said: "And how did you satisfy yourself? It seems from your comment that you had a discussion with them."

Waller replied: "Certainly."

Vaz said: "You heard what they had to say."

Waller replied: "Certainly."

Vaz probed further: "And you accepted what they had to say?"

Waller: "Certainly."

"Is that it?" asked Vaz.

"Certainly," replied Waller.

Vaz added: "Just a discussion?"

Waller: "Certainly."

Vaz, in conclusion, said: "And that's the way you were satisfied that there was no circumventing UK law. You went down, you went to see them, you sat round the table, you had a chat?

Waller replied: "You've got to remember that I've done a whole period – a year and a half's inspection. I have got a very good idea as to what the ethos of this agency is. They know perfectly well that they have had to make out their case and the legality of their case, etc, and I have absolutely, clearly, accepted it."

The committee also heard BT has refused to deny it has handed over data on millions of customers in bulk to government agencies, such as GCHQ, a group of MPs has been told.

Big Brother Watch director Nick Pickles told the committee BT had provided "no substantive answer" to the question of whether they had handed over masses of customer data to the UK government.

Pickles told MPs he feared BT was providing data under section 94 of the Telecommunications Act, which gives the secretary of state broad powers to demand information from an individual or organisation in the interests of national security.

Waller was followed on the witness list by Conservative MP David Davis, who has long questioned the extent of surveillance and called for increased political oversight. Asked about the role of Waller and Sir Anthony May, the interception of communications commissioner, who also acts as a watchdog and recently gave evidence to the committee, Davis said: "I think the commissioners are good people doing impossible jobs." Davis called for a beefed-up intelligence committee that was chosen by the Commons.

quote:

Op zaterdag 22 maart 2014 14:49 schreef meth1745 het volgende:
Doe zo voort, Papierversnipperaar!

quote:

Op zaterdag 22 maart 2014 17:25 schreef gebrokenglas het volgende:

[..]

Inderdaad, tof dat iemand de informatie hieromtrent bijhoudt en aanvult.

quote:

'NSA bespioneerde leiding en telecombedrijven China'

De Amerikaanse geheime dienst NSA heeft de voormalige Chinese president Hu Jintao en Chinese banken en telecombedrijven bespioneerd. Dat blijkt uit documenten van de voormalige NSA-medewerker Edward Snowden, aldus de Amerikaanse krant The New York Times en het Duitse weekblad Der Spiegel.

De NSA had het vooral gemunt op de Chinese telecomgigant Huawei. De Amerikanen vreesden dat Huawei het Chinese leger en door Peking gesteunde hackers zou helpen bij het stelen van geheime informatie van Amerikaanse bedrijven en de Amerikaanse regering. De NSA ondernam daarom in 2009 zelf actie tegen Huawei. Het lukte de spionagedienst om in het computernetwerk van Huawei te infiltreren en documenten te kopiëren.

quote:

Some facts about how NSA stories are reported

quote:

Several members of the august “US Journalists Against Transparency” club are outraged by revelations in yesterday’s New York Times (jointly published by der Spiegel) that the NSA has been hacking the products of the Chinese tech company Huawei as well as Huawei itself at exactly the same time (and in exactly the same way) as the US Government has been claiming the Chinese government hacks. Echoing the script of national security state officials, these journalists argue that these revelations are unjustified, even treasonous, because this is the type of spying the NSA should be doing, and disclosure serves no public interest while harming American national security, etc. etc.

True to form, however, these beacons of courage refuse to malign the parties that actually made the choice to publish these revelations – namely, the reporters and editors of the New York Times – and instead use it to advance their relentless attack on Edward Snowden. To these journalists, there are few worse sins than “stealing” the secrets of the US government and leaking them to the press (just as was true in the WikiLeaks case, one must congratulate the US Government on its outstanding propaganda feat of getting its journalists to lead the war on those who bring transparency to the nation’s most powerful factions). But beyond the abject spectacle of anti-transparency journalists, these claims are often based on factually false assumptions about how these stories are reported, making it worthwhile once again to underscore some of the key facts governing this process:

quote:

Is Revealing Secrets Akin to Drunk Driving? Intelligence Official Says So

quote:

Former NSA Director: 'Shame On Us'

quote:

In a SPIEGEL interview, former NSA director Michael Hayden, 69, discusses revelations of US spying on Germany made public in documents leaked by Edward Snowden, surveillance against German leaders and tensions between Berlin and Washington.