Monitoring NSA in de VS en erbuiten, deel 8

quote:

Rep. Mike Rogers Says Snowden’s To Blame For Russia’s Aggressive Actions Against Ukraine

quote:

House Intelligence Committee Chairman Mike Rogers said Sunday former National Security Agency contractor and fugitive Edward Snowden is “actually supporting in an odd way this very activity of brazen brutality and expansionism of Russia. He needs to understand that. And I think Americans need to understand that….”

quote:

6 Anti-NSA Technological Innovations That May Just Change the World

quote:

Rather than grovel and beg for the U.S. government to respect our privacy, these innovators have taken matters into their own hands, and their work may change the playing field completely.

People used to assume that the United States government was held in check by the constitution, which prohibits unreasonable searches and seizures and which demands due process in criminal investigations, but such illusions have evaporated in recent years. It turns out that the NSA considers itself above the law in every respect and feels entitled to spy on anyone anywhere in the world without warrants, and without any real oversight. Understandably these revelations shocked the average citizen who had been conditioned to take the government’s word at face value, and the backlash has been considerable. The recent “Today We Fight Back” campaign to protest the NSA’s surveillance practices shows that public sentiment is in the right place. Whether these kinds of petitions and protests will have any real impact on how the U.S. government operates is questionable (to say the least), however some very smart people have decided not to wait around and find out. Instead they’re focusing on making the NSA’s job impossible. In the process they may fundamentally alter the way the internet operates.

quote:

Put all these technologies together and what we see emerging is a new paradigm of communications where decentralized networks replace massive servers, and where social media giants like Facebook and Google may very well go the way of the dinosaur myspace. If you can’t beat them at their game, make their game irrelevant.

quote:

The House's NSA bill could allow more spying than ever. You call this reform?

Congress' serial fabricator has the audacity to call his new law the 'End Bulk Collection Act'. Obama's proposal isn't much better

^{Trevor Timm
theguardian.com, Tuesday 25 March 2014 13.07 GMT}

he White House and the House Intelligence Committee leaked dueling proposals last night that are supposedly aimed at ending the mass collection of all Americans’ phone records. But the devil is in the details, and when it comes to the National Security Agency’s unique ability to twist and distort the English language, the devil tends to wrap his horns around every word.

The House proposal, to be unveiled this morning by Reps Mike Rogers and Dutch Ruppersberger, is the more worrying of the two. Rogers has been the NSA’s most ardent defender in Congress and has a long history of distorting the truth and practicing in outright fabrication, whether in touting his committee’s alleged “oversight” or by way of his attempts to impugn the motives of the once again vindicated whistleblower who started this whole reform debate, former NSA contractor Edward Snowden.

As a general rule, whenever Mike Rogers (not to be confused with incoming NSA director Michael Rogers) claims a bill does something particular – like, say, protect your privacy – it's actually a fairly safe assumption that the opposite will end up true. His new bill seems to have the goal of trading government bulk collection for even more NSA power to search Americans’ data while it sits in the hands of the phone companies.

While the full draft of the bill isn’t yet public, the Guardian has seen a copy, and its description does not inspire confidence. Under the Rogers and Ruppersberger proposal, slyly named the “End Bulk Collection Act”, the telephone companies would hold on to phone data. But the government could search data from those companies based on "reasonable articulable suspicion" that someone is an agent of a foreign power, associated with an agent of a foreign power, or "in contact with, or known to, a suspected agent of a foreign power". The NSA’s current phone records program is restricted to a reasonable articulable suspicion of terrorism.

A judge would reportedly not have to approve the collection beforehand, and the language suggests the government could obtain the phone records on citizens at least two “hops” away from the suspect, meaning if you talked to someone who talked to a suspect, your records could be searched by the NSA. Coupled with the expanded “foreign power” language, this kind of law coming out of Congress could, arguably, allow the NSA to analyze more data of innocent Americans than it could before.

President Obama’s reported proposal sounds more promising, though we have even fewer details than the Intelligence Committee proposal. The administration’s plan would supposedly end the collection of phone records by the NSA, without requiring a dangerous new data retention mandate for the phone companies, while restricting analysis to the current rules around terrorism and, importantly, still requiring a judge to sign off on each phone-record search made to the phone companies – under what the New York Times described as "a new kind of court order".

This phone plan, apparently, represents Obama coming full-circle as his self-imposed deadline on NSA reform arrives Friday, when the court order authorizing bulk collection runs out. But there’s no indication that the president's plan would stop other types of bulk collection – such as internet or financial records – and there’s still a big question about what the NSA could do with the data they receive on innocent people two "hops" away from a suspect.

Critically, neither proposal touches the NSA’s under-reported and incredibly dangerous “corporate store”, at least that we know of. For years, the NSA has been allowed to search phone numbers up to three “hops” away from suspect, so long as it had “reasonable articulable suspicion” that the suspect was involved in terrorism. This was recently ratcheted down to two hops, but the hop-scotching method inevitably pulled millions of innocent people into the NSA’s dragnet.

The NSA insisted the database was only used for that sole purpose of monitoring someone within a couple degrees of separation from a suspect. However, it was only revealed recently that the NSA then dumps all of those numbers and connections – even those three hops away – into another database called “the corporate store”, where the NSA can do further analysis of your information and doesn't need “reasonable articulable suspicion” for anything. The Foreign Intelligence Surveillance Court has also exempted the corporate store from audit requirements about how often the vast database is searched.

The American Civil Liberties Union puts it like this:

. If, for some reason, your phone number happens to be within three hops of an NSA target, all of your calling records may be in the corporate store, and thus available for any NSA analyst to search at will.


This is bulk collection at its worst, and these new reforms aren't nearly good enough.

Rep James Sensenbrenner’s bill, the USA Freedom Act, would make a much stronger and more comprehensive bill than either new proposal – at least for those interested in real NSA reform. Sensenbrenner, who originally wrote the Patriot Act provision that the NSA re-interpreted in secret, called the House Intelligence proposal "a convoluted bill that accepts the administration's deliberate misinterpretations of the law". Although, even his bill could be strengthened to ensure bulk collection of Americans' records is no longer an option for the NSA, or any other government agency.

In the end, there's a simple way to stop all forms of bulk collection and mass surveillance: write a law expressly prohibiting it.

quote:

Petities VS eisen dat Edward Snowden niet vervolgd wordt

quote:

Aanhangers van de voormalige NSA-medewerker Edward Snowden hebben vandaag twee petities met meer dan 100.000 handtekeningen bij het Amerikaanse ministerie van Justitie afgeleverd. Ze eisen dat de klokkenluider, die het spionageprogramma van de Amerikaanse inlichtingendiensten heeft onthuld, zijn reispas terugkrijgt en in het buitenland niet verder vervolgd wordt.

quote:

'Britse regering wilde The Guardian sluiten'

quote:

De Britse regering heeft vorige zomer gedreigd The Guardian te sluiten als de krant zou doorgaan met onthullingen over de werkwijze van geheime diensten. Dat heeft adjunct-hoofdredacteur Paul Johnson van The Guardian gezegd in Dublin, meldde The Irish Times vandaag.

quote:

Nieuw sociaal netwerk MyApollo moet NSA-proof zijn

quote:

Bij Arroware in het Canadese Burlington werken ze al twee jaar aan een nieuw sociaal netwerk, dat zich van andere onderscheidt omdat het de bescherming van de privacy van zijn gebruikers als hoogste goed beschouwt. De zorgen over het schier eindeloze gegraai van data door de Amerikaanse spionagedienst NSA heeft internetters bewust gemaakt van hoe onbeschermd hun gegevens zijn, denkt oprichter en directeur Harvey Medcalf. MyApollo is deze week van start gegaan en de 27-jarig Medcalf doet een rondje Europa om de nieuwe dienst aan te prijzen.

'We zijn anders omdat we je foto's, documenten en berichten niet op centrale servers opslaan zoals Facebook of Google', legt Medcalf uit. MyApollo is gebaseerd op peer-to-peer-technologie, waarbij datapakketjes versleuteld en in losse brokjes over internet worden verstuurd. Elke computer die zich aansluit op zo'n netwerk levert een deel van de verbindingen en opslag die nodig zijn voor het dataverkeer, maar er is geen groot, centraal en kwetsbaar middelpunt.

quote:

Ruim 120 regeringsleiders spionagedoelwit van NSA

quote:

Meer dan 120 regeringsleiders en staatshoofden waren in ieder geval tot 2009 spionagedoelwit voor de Amerikaanse inlichtingendienst NSA. Alleen al over de Duitse bondskanselier Angela Merkel heeft de dienst meer dan 300 documenten bewaard.

quote:

Microsoft will no longer look through your Hotmail to investigate leaks

Company will call in law enforcement when privacy is at stake.

Amid widespread privacy concerns in the wake of a leak investigation, Microsoft has announced a change in the way it handles private customer accounts. Under the new policy, effective immediately, any investigation that suggests that Microsoft's services have been used to traffic stolen Microsoft intellectual property will no longer result in Microsoft accessing private account information. Instead, the investigation will be handed over to law enforcement agencies, and it will be for those agencies to demand access to necessary private information.

Microsoft general counsel Brad Smith also said that the company's terms of service will be updated to reflect this new policy in coming months.

Court documents last week revealed that Microsoft read private Hotmail e-mails of a blogger who received secret information from a disgruntled employee. Microsoft's terms of service, in common with those of Yahoo, Google, and Apple, give the company the legal right to access private information for such investigations. Nonetheless, the lack of transparency and oversight caused widespread alarm.

In the immediate aftermath of the outcry, Redmond announced that in the future, it would seek input from a former judge to determine whether accessing private data was justified and would include the number of such accesses in its periodic transparency reports.

The newly announced policy goes much further: now, any investigation that reveals the use of Microsoft's own services will be held to exactly the same legal and evidential standard as investigations that reveal the use of non-Microsoft services and the same oversight and transparency as Microsoft and others are demanding to be used in government investigations.

This is a solid response from the company and perhaps reflects the way attitudes have changed since the 2012 investigation. The question of access to personal data stored on cloud services has become a major concern in the wake of Edward Snowden's NSA leaks. The old policy may not have been exceptional, but it took an approach that's no longer palatable to many of today's customers.

quote:

NSA revelations 'changing how businesses store sensitive data'

Survey suggests many firms choosing more secure forms of storage over 'cloud computing' in light of Snowden's disclosures

The vast scale of online surveillance revealed by Edward Snowden is changing how businesses store commercially sensitive data, with potentially dramatic consequences for the future of the internet, according to a new study.

A survey of 1,000 business leaders from around the world has found that many are questioning their reliance on "cloud computing" in favour of more secure forms of data storage as the whistleblower's revelations continue to reverberate.

The moves by businesses mirror efforts by individual countries, such as Brazil and Germany, which are encouraging regional online traffic to be routed locally rather than through the US, in a move that could have a big impact on US technology companies such as Facebook and Google.

Daniel Castro, a senior analyst at the Information Technology and Innovation Foundation, said the study confirmed "anecdotal evidence that suggests US tech firms are going to be hit hard in the coming years by a global backlash against technology 'made in America'".

"The Snowden revelations have led to a paradigm shift in how IT decision-makers buy technology," he said. "Now companies are not just competing on price and quality, they are also competing on geography. This might be the final nail in the coffin for the vision of a global, borderless internet."

Ian Brown, from the Oxford Internet Institute, said the survey revealed a significant level of concern among business leaders: "We'll have to see over the next year how much impact this type of reaction has on the bottom line of US tech companies, but it will give them even more incentive to put pressure on the Obama administration and US Congress for significant surveillance reform."

The survey of 1,000 information and communications technology decision-makers from France, Germany, Hong Kong, the UK and the US was carried out by NTT Communications. It found that, following the Snowden revelations, almost 90% had changed the way they use the cloud – a storage service that allows data to be accessed from anywhere in the world but which is more susceptible to online surveillance.

The study also found that almost a third of those questioned were moving their company's data to locations where they "know it will be safe", and 16% said they had delayed or cancelled their contracts with cloud service providers.

Len Padilla, from NTT Communications in Europe, said: "Our findings show that the NSA allegations have hardened ICT decision-makers' attitudes towards cloud computing, whether it is modifying procurement policies, scrutinising potential suppliers or taking a heightened interest in where their data is stored."

The Guardian, and some of the world's other major media organisations, began disclosing details of the extent and reach of mass surveillance programmes run by Britain's eavesdropping centre, GCHQ, and its US equivalent, the National Security Agency, last year.

US technology firms have repeatedly raised concerns about the impact of the NSA revelations on their ability to operate around the world, and earlier this month Facebook's founder, Mark Zuckerberg, and Eric Schmidt, executive chairman of Google, met President Barack Obama to voice their concerns about the commercial impact of government surveillance programmes.

But Castro warned that it was not just the global firms that are being affected in the US. "This isn't something that just the big players have to worry about, it's the start-ups and mid-size companies too – across the board this backlash is going to hurt their bottom line."

And Brown said that pressure is now likely to be felt by the other governments as more businesses attempt to protect their data.

"As the US limits its own mass surveillance programmes, US firms will no doubt be asking pointed questions about the continuing surveillance activities of European and other governments," he said.

quote:

'NSA verzamelt 6 miljard metadata per dag'

De Amerikaanse geheime dienst NSA verzamelt 6 miljard metadata per dag. Daarbij gaat het om gegevens wie wanneer met wie belt, chat of e-mailt. Dat hebben journalisten van het Duitse weekblad Der Spiegel gemeld bij de presentatie van hun boek Der NSA-Komplex (Het NSA-complex).

Voor de publicatie hebben zij documenten geanalyseerd van klokkenluider Edward Snowden. De Amerikanen willen in kaart brengen wie contact heeft met wie en leggen daarvoor 'een puzzle met 100.000 delen', aldus een van de auteurs.

quote:

Exclusive: NSA infiltrated RSA security more deeply than thought - study

(Reuters) - Security industry pioneer RSA adopted not just one but two encryption tools developed by the U.S. National Security Agency, greatly increasing the spy agency's ability to eavesdrop on some Internet communications, according to a team of academic researchers.

Reuters reported in December that the NSA had paid RSA $10 million to make a now-discredited cryptography system the default in software used by a wide range of Internet and computer security programs. The system, called Dual Elliptic Curve, was a random number generator, but it had a deliberate flaw - or "back door" - that allowed the NSA to crack the encryption.

A group of professors from Johns Hopkins, the University of Wisconsin, the University of Illinois and elsewhere now say they have discovered that a second NSA tool exacerbated the RSA software's vulnerability.

The professors found that the tool, known as the "Extended Random" extension for secure websites, could help crack a version of RSA's Dual Elliptic Curve software tens of thousands of times faster, according to an advance copy of their research shared with Reuters.

While Extended Random was not widely adopted, the new research sheds light on how the NSA extended the reach of its surveillance under cover of advising companies on protection.

RSA, now owned by EMC Corp, did not dispute the research when contacted by Reuters for comment. The company said it had not intentionally weakened security on any product and noted that Extended Random did not prove popular and had been removed from RSA's protection software in the last six months.

"We could have been more skeptical of NSA's intentions," RSA Chief Technologist Sam Curry told Reuters. "We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure."

Curry declined to say if the government had paid RSA to incorporate Extended Random in its BSafe security kit, which also housed Dual Elliptic Curve.

An NSA spokeswoman declined to comment on the study or the intelligence agency's motives in developing Extended Random.

The agency has worked for decades with private companies to improve cybersecurity, largely through its Information Assurance Directorate. After the 9/11 attacks, the NSA increased surveillance, including inside the United States, where it had previously faced strict restrictions.

Documents leaked by former NSA contractor Edward Snowden showed that the agency also aimed to subvert cryptography standards. A presidential advisory group in December said that practice should stop, though experts looking at the case of Dual Elliptic Curve have taken some comfort in concluding that only the NSA could likely break it.

"It's certainly well-designed," said security expert Bruce Schneier, a frequent critic of the NSA. "The random number generator is one of the better ones."

RANDOM NUMBERS

Cryptography experts have long been suspicious of Dual Elliptic Curve, but the National Institute of Standards and Technology and RSA only renounced the technology after Snowden leaked documents about the back door last year.

That was also when the academic team set out to see if they could break Dual Elliptic Curve by replacing two government-issued points on the curve with their own. The professors plan to publish a summary of their study this week and present their findings at a conference this summer.

Random numbers are used to generate cryptographic keys - if you can guess the numbers, you can break the security of the keys. While no random number generator is perfect, some generators were viewed as more predictable than others.

In a Pentagon-funded paper in 2008, the Extended Random protocol was touted as a way to boost the randomness of the numbers generated by the Dual Elliptic Curve.

But members of the academic team said they saw little improvement, while the extra data transmitted by Extended Random before a secure connection begins made predicting the following secure numbers dramatically easier.

"Adding it doesn't seem to provide any security benefits that we can figure out," said one of the authors of the study, Thomas Ristenpart of the University of Wisconsin.

Johns Hopkins Professor Matthew Green said it was hard to take the official explanation for Extended Random at face value, especially since it appeared soon after Dual Elliptic Curve's acceptance as a U.S. standard.

"If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline," Green said.

The NSA played a significant role in the origins of Extended Random. The authors of the 2008 paper on the protocol were Margaret Salter, technical director of the NSA's defensive Information Assurance Directorate, and an outside expert named Eric Rescorla.

Rescorla, who has advocated greater encryption of all Web traffic, works for Mozilla, maker of the Firefox web browser. He and Mozilla declined to comment. Salter did not respond to requests for comment.

Though few companies appear to have embraced Extended Random, RSA did. The company built in support for the protocol in BSafe toolkit versions for the Java programming language about five years ago, when a preeminent Internet standards group - the Internet Engineering Task Force - was considering whether to adopt Extended Random as an industry standard. The IETF decided in the end not to adopt the protocol.

RSA's Curry said that if Dual Elliptic Curve had been sound, Extended Random would have made it better. "When we realized it was not likely to become a standard, we did not enable it in any other BSafe libraries," he added.

The academic researchers said it took about an hour to crack a free version of BSafe for Java using about $40,000 worth of computer equipment. It would have been 65,000 times faster in versions using Extended Random, dropping the time needed to seconds, according to Stephen Checkoway of Johns Hopkins.

The researchers said it took them less than 3 seconds to crack a free version of BSafe for the C programming language, even without Extended Random, because it already transmitted so many random bits before the secure connection began. And it was so inexpensive it could easily be scaled up for mass surveillance, the researchers said.

quote:

Revelations of N.S.A. Spying Cost U.S. Tech Companies

quote:

SAN FRANCISCO — Microsoft has lost customers, including the government of Brazil.

IBM is spending more than a billion dollars to build data centers overseas to reassure foreign customers that their information is safe from prying eyes in the United States government.

And tech companies abroad, from Europe to South America, say they are gaining customers that are shunning United States providers, suspicious because of the revelations by Edward J. Snowden that tied these providers to the National Security Agency’s vast surveillance program.

quote:

Brazil and the European Union, which had used American undersea cables for intercontinental communication, last month decided to build their own cables between Brazil and Portugal, and gave the contract to Brazilian and Spanish companies. Brazil also announced plans to abandon Microsoft Outlook for its own email system that uses Brazilian data centers.

quote:

NSA Blows Its Own Top Secret Program in Order to Propagandize

quote:

Over the last 40 years, the U.S. government has relied on extreme fear-mongering to demonize transparency. In sum, every time an unwanted whistleblower steps forward, we are treated to the same messaging: You’re all going to die because of these leakers and the journalists who publish their disclosures! Lest you think that’s hyperbole, consider this headline from last week based on an interview with outgoing NSA chief Keith Alexander:

quote:

But whenever it suits the agency to do so–meaning when it wants to propagandize on its own behalf–the NSA casually discloses even its most top secret activities in the very countries where such retaliation is most likely.

quote:

Leave aside how corrupted this rationale is: It would mean that no bad acts of the U.S. government should ever be reported, lest those disclosures make people angry and want to attack government agents. Indeed, that is the rationale that the Obama administration used to protect evidence of Bush-era torture from disclosure (to disclose torture photos, Obama said, would be to further inflame anti-American opinion and to put our troops in greater danger).

What is so extraordinary is that the NSAat exactly the same time it is telling news organizations that disclosing its collect-it-all activities will endanger its personnelruns to its favorite L.A. Times reporter and does exactly that, for no reason other than to make itself look good and to justify these activities. (Absolutely invaluable, retired Gen. David H. Petraeus, the former U.S. commander in Iraq, said.)

quote:

Inlichtingenbaas geeft voor het eerst spionage Amerikanen toe

quote:

Voor het eerst heeft James Clapper, het hoofd van de gezamenlijke Amerikaanse inlichtingendiensten, toegegeven dat analisten van de NSA naar gegevens hebben gezocht die betrekking hebben op Amerikanen. Dat schrijft The Washington Post.

quote:

Germany opens hearings on U.S. spying

BERLIN – A chapter in transatlantic relations that Washington would sooner forget got a new lease on life Thursday as German lawmakers opened their first parliamentary hearings into the Edward Snowden scandal.

Revelations of large-scale U.S. spying on Germans, up to and including Chancellor Angela Merkel, prompted an initial wave of outrage here last year. But now, the lengthy committee investigations could keep the spotlight on leaks by the former NSA contractor for a year or two to come.

The hearings also have the potential to provoke further antipathy. Indeed, a number of lawmakers here are now demanding safe passage to Berlin for Snowden — who is living in self-imposed exile in Moscow — to testify before the eight-person committee. Any such move would likely outrage the United States, which is seeking to take Snowden into custody.

Given the potential for angering Washington, analysts believe Merkel’s government will find a way to sidestep such a move. Nevertheless, the push to give Snowden his day here serves as another reminder that, even as the scandal appears to be dissipating in other parts of Europe, it remains at the top of the agenda in Germany.

“Mass surveillance of citizens will not be accepted,” Clemens Binninger, committee chairman from Merkel’s center-right Christian Democratic Union, said at the start of the hearings Thursday.

The committee is set to call dozens of witnesses and review piles of documents. But even its members appear to concede the limits of their effort, which is likely to be hampered by an anticipated lack of full cooperation by U.S. officials. It suggests that the hearings are being called at least in part for national catharsis and as an outlet for German rage.

Parliament’s airing of the evidence began Thursday, even as fresh revelations continue to stoke public anger. In recent days, Germany’s Der Spiegel magazine published further details from the Snowden leaks, including evidence of an NSA dossier on Merkel that allegedly included more than 300 intelligence reports. Though U.S. snooping on Merkel is not new, the reports served as a continuing reminder for an already-bitter German public.

In addition, the magazine documented the infiltration of German Internet firms by the British secret service, fueling an ever-expanding plot line here that the Americans were not the only friends eavesdropping on German targets. Indeed, outrage from the Snowden scandal has been far more muted in some parts of Europe, in part because of assumptions by the British, French and other Europeans that their own secret services are not wholly innocent either.

A growing sense of intelligence vulnerabilities here has generated an intensifying debate over whether Germany should begin to beef up its own intelligence operations, targeting allies and non-allies alike. Given Germany’s typical post-World War II knee-jerk reaction against anything that could be seen as provocative or aggressive, however, analysts say any such moves are likely to be long in coming, if at all.

“German foreign policy is focused on one topic — doing things in cooperation,” said Marcel Dickow, an international security expert at the German Institute for International and Security Affairs. “Obviously, even with the Snowden [revelations], spying on allies is going to be seen as something that undermines cooperation.”

However, the hearings could be just the beginning here.

A top German prosecutor is still weighing whether to open a criminal investigation into the affair, which could further damage ties between Washington and Berlin. And there is no mistaking the lingering anger of German lawmakers, particularly those clamoring to bring Snowden to Berlin to testify.

Such a move is considered a long shot, in part because it would create fresh tensions at a time when Europe and the United States are trying to maintain a common front on the Russian-Ukraine crisis. But some here seem to believe that bringing Snowden to Berlin is exactly the kind of thumb-nosing the Americans deserve.

Snowden is the “key to clarification of the NSA spying scandal,” Hans-Christian Ströbele, a politician from the Green Party who met with Snowden in Russia last October, told reporters in Berlin on Thursday.

quote:

Op donderdag 3 april 2014 20:03 schreef Schunckelstar het volgende:
ik snap niet waarom snowden perse daarheen zou moeten

quote:

The “Cuban Twitter” Scam Is a Drop in the Internet Propaganda Bucket

quote:

This week, the Associated Press exposed a secret program run by the U.S. Agency for International Development to create “a Twitter-like Cuban communications network” run through “secret shell companies” in order to create the false appearance of being a privately owned operation. Unbeknownst to the service’s Cuban users was the fact that “American contractors were gathering their private data in the hope that it might be used for political purposes”–specifically, to manipulate those users in order to foment dissent in Cuba and subvert its government. According to top-secret documents published today by The Intercept, this sort of operation is frequently discussed at western intelligence agencies, which have plotted ways to covertly use social media for ”propaganda,” “deception,” “mass messaging,” and “pushing stories.”

These ideas–discussions of how to exploit the internet, specifically social media, to surreptitiously disseminate viewpoints friendly to western interests and spread false or damaging information about targets–appear repeatedly throughout the archive of materials provided by NSA whistleblower Edward Snowden. Documents prepared by NSA and its British counterpart GCHQ–and previously published by The Intercept as well as some by NBC News–detailed several of those programs, including a unit devoted in part to “discrediting” the agency’s enemies with false information spread online.

quote:

U.S. knocks plans for European communication network

quote:

(Reuters) - The United States on Friday criticized proposals to build a European communication network to avoid emails and other data passing through the United States, warning that such rules could breach international trade laws.

In its annual review of telecommunications trade barriers, the office of the U.S. Trade Representative said impediments to cross-border data flows were a serious and growing concern.

It was closely watching new laws in Turkey that led to the blocking of websites and restrictions on personal data, as well as calls in Europe for a local communications network following revelations last year about U.S. digital eavesdropping and surveillance.

"Recent proposals from countries within the European Union to create a Europe-only electronic network (dubbed a 'Schengen cloud' by advocates) or to create national-only electronic networks could potentially lead to effective exclusion or discrimination against foreign service suppliers that are directly offering network services, or dependent on them," the USTR said in the report.

Germany and France have been discussing ways to build a European network to keep data secure after the U.S. spying scandal. Even German Chancellor Angela Merkel's cell phone was reportedly monitored by American spies.

The USTR said proposals by Germany's state-backed Deutsche Telekom to bypass the United States were "draconian" and likely aimed at giving European companies an advantage over their U.S. counterparts.

Deutsche Telekom has suggested laws to stop data traveling within continental Europe being routed via Asia or the United States and scrapping the Safe Harbor agreement that allows U.S. companies with European-level privacy standards access to European data. (www.telekom.com/dataprotection)

"Any mandatory intra-EU routing may raise questions with respect to compliance with the EU's trade obligations with respect to Internet-enabled services," the USTR said. "Accordingly, USTR will be carefully monitoring the development of any such proposals."

U.S. tech companies, the leaders in an e-commerce marketplace estimated to be worth up to $8 trillion a year, have urged the White House to undertake reforms to calm privacy concerns and fend off digital protectionism.

In the report, the USTR also criticized restrictions on Internet telephony in India and China, foreign investment limits in countries, including China, and efforts to increase the rates U.S. telecommunications operators must pay in order to connect long-distance calls in Pakistan, Fiji, Tonga and Uganda.

quote:

Snowden en Greenwald waarschuwen voor metadata

NSA-klokkenluider Edward Snowden en verslaggever Glenn Greenwald waarschuwen ervoor dat overheden meer inbreuk op de privacy doen door metadata te verzamelen dan door direct telefoongesprekken en e-mails af te tappen.

Metadata zijn gegevens over telefoongesprekken: welke nummers met elkaar bellen, wanneer en hoe lang. Bij metadata wordt de inhoud van een gesprek niet opgeslagen. 'Ze laten onze verbindingen zien, onze politieke verbintenissen en onze eigenlijke activiteiten', aldus Snowden.

Greenwald en Snowden spraken gisteren via een videoverbinding op een conferentie van Amnesty International in de Amerikaanse stad Chicago. Amnesty International voert campagne om een einde te maken aan de afluisterpraktijken van de Amerikaanse overheid. Vorig jaar bracht Snowden naar buiten dat zijn voormalige werkgever, veiligheidsdienst NSA, massaal telefoongesprekken afluistert en e-mails bekijkt.

Meer onthullingen
Snowden leeft in ballingschap in Rusland, als hij naar de Verenigde Staten komt kan hij gearresteerd worden. Greenwald schreef over de onthullingen en beloofde gisteren dat er binnen twee maanden nog meer komen.

'Ik hoop en geloof dat hoe meer we verslag doen en hoe meer mensen de omvang van het misbruik zien, en niet alleen de omvang van het toezicht, hoe meer mensen erom zullen geven', zei hij vanuit Brazilië.

quote:

CERF: Classified NSA Work Mucked Up Security For Early TCP/IP

Internet pioneer Vint Cerf says that he had access to cutting edge cryptographic technology in the mid 1970s that could have made TCP/IP more secure – too bad the NSA wouldn’t let him!

Did the National Security Agency, way back in the 1970s, allow its own priorities to stand in the way of technology that might have given rise to a more secure Internet? You wouldn’t be crazy to reach that conclusion after hearing an interview with Google Vice President and Internet Evangelist Vint Cerf on Wednesday.

As a graduate student in Stanford in the 1970s, Cerf had a hand in the creation of ARPANet, the world’s first packet-switched network. He later went on to work as a program manager at DARPA, where he funded research into packet network interconnection protocols that led to the creation of the TCP/IP protocol that is the foundation of the modern Internet.

Cerf is a living legend who has received just about every honor a technologist can: including the National Medal of Technology, the Turing Award and the Presidential Medal of Freedom. But he made clear in the Google Hangout with host Leo Laporte that the work he has been decorated for – TCP/IP, the Internet’s lingua franca – was at best intended as a proof of concept, and that only now – with the adoption of IPv6 – is it mature (and secure) enough for what Cerf called “production use.”

Specifically, Cerf said that given the chance to do it over again he would have designed earlier versions of TCP/IP to look and work like IPV6, the latest version of the IP protocol with its integrated network-layer security and massive 128 bit address space. IPv6 is only now beginning to replace the exhausted IPV4 protocol globally.

“If I had in my hands the kinds of cryptographic technology we have today, I would absolutely have used it,” Cerf said. (Check it out here)

Researchers at the time were working on the development of just such a lightweight but powerful cryptosystem. On Stanford’s campus, Cerf noted that Whit Diffie and Martin Hellman had researched and published a paper that described a public key cryptography system. But they didn’t have the algorithms to make it practical. (That task would fall to Ron Rivest, Adi Shamir and Leonard Adleman, who published the RSA algorithm in 1977).

Curiously enough, however, Cerf revealed that he did have access to some really bleeding edge cryptographic technology back then that might have been used to implement strong, protocol-level security into the earliest specifications of TCP/IP. Why weren’t they used, then? The culprit is one that’s well known now: the National Security Agency.

Cerf told host Leo Laporte that the crypto tools were part of a classified project he was working on at Stanford in the mid 1970s to build a secure, classified Internet for the National Security Agency.

“During the mid 1970s while I was still at Stanford and working on this, I also worked with the NSA on a secure version of the Internet, but one that used classified cryptographic technology. At the time I couldn’t share that with my friends,” Cerf said. “So I was leading this kind of schizoid existence for a while.”

Hindsight is 20:20, as the saying goes. Neither Cerf, nor the NSA nor anyone else could have predicted how much of our economy and that of the globe would come to depend on what was then a government backed experiment in computer networking. Besides, we don’t know exactly what the cryptographic tools Cerf had access to as part of his secure Internet research or how suitable (and scalable) they would have been.

And who knows, maybe too much security early on would have stifled the growth of the Internet in its infancy – keeping it focused on the defense and research community, but acting as an inhibitor to wider commercial adoption?

But the specter of the NSA acting in its own interest without any obvious interest in fostering the larger technology sector is one that has been well documented in recent months, as revelations by the former NSA contractor Edward Snowden revealed how the NSA worked to undermine cryptographic standards promoted by NIST and the firm RSA .

It’s hard to listen to Cerf lamenting the absence of strong authentication and encryption in the foundational protocol of the Internet, or to think about the myriad of online ills in the past two decades that might have been preempted with a stronger and more secure protocol and not wonder what might have been.

quote:

Why Human Rights Groups Attracted the NSA's Attention

Not content with spying on UNICEF or the World Health Organization, it appears that western intelligence agencies are specifically targeting the communications of human rights groups.

While talking via video link to the Parliamentary Assembly of Council of Europe (full video here), Edward Snowden was asked if the NSA or GCHQ were currently spying on groups such as Amnesty International and Human Rights Watch.

“Without question, yes, absolutely,” was his response. “The NSA has in fact specifically targeted the communications of either leaders or staff members in a number of purely civil or human rights organisation of the kind described.”

Although it wasn't directly addressed towards a specific organisation, both Amnesty and HRW published press releases condemning the actions.

“If it's true that the NSA spied on groups like Human Rights Watch and Amnesty International, it's outrageous, and indicative of the overreach that US laws allows to security agencies,” said Dinah PoKempner from Human Rights Watch. “Such actions would again show why the US needs to overhaul its system of indiscriminate surveillance.”

Unfortunately, this won't be much of a surprise to Amnesty, who last December raised concerns with the UK government that their communications had been unlawfully accessed by intelligence agencies. In a claim to the Investigatory Powers Tribunal, the group claimed a breach of the right to privacy and the right to freedom of expression, referencing the Human Rights Act of 1998.

But why would the NSA, a government body purportedly gathering intelligence for the sake of national security, be concerned in surveilling human rights groups?

One clear reason is to gain access to communications with sources. Global NGOs have contacts in Libya, Russia, China, and pretty much everywhere else in the world, and being able to read the emails of an NGO source in a country or government of interest could save the hassle of building up your own presence in the area.

This is what seems to have worried Michael Bochenek, the legal and policy director for Amnesty International. “This raises the very real possibility that our communications with confidential sources have been intercepted,” he said.

This approach isn't far fetched either. Al Jazeera—which, last time I checked, is a journalistic entity rather than a terrorist organisation—had its computer systems broken into by the NSA during George Bush's second term in office. The already encrypted information was then passed onto other departments for analysis, with the NSA saying that Al Jazeera had “high potential as sources of intelligence.” (The US Justice Department was also caught last year spying on the Associated Press.)

Another reason is that the campaigns carried out by human rights groups do pose a threat to the interests of those in power. Amnesty International UK is currently highlighting cases of damage caused by energy corporations, in particular Shell. The organisation refers to documents that “show, in detail, how the UK intervened to support Shell and Rio Tinto in high-profile US human rights court cases, following requests from companies.”

It appears that the UK government feels responsible for ensuring that these companies can carry on business as usual. According to government documents, government agencies tasked with business development “believe that the prosperity and potentially significant commercial considerations," justifying their support of corporations in the court room.

With environmentalists increasingly being viewed as a security threat, and the close relationship between government and private energy sectors, it's plausible that spying on those opposed to abusive industries would be occurring.

If the NSA are willing to break into a media outlet's internal communications for the purposes of gathering intel, or the British government continue to explicitly support third party interests, it would be naive to think they wouldn't deploy similar tactics in order to undermine the work of human rights organisations.

Assuming that Amnesty International and Human Rights Watch are some of the groups affected by this snooping, who else could be affected? An obvious example is the American Civil Liberties Union, who are heavily involved with all things anti-surveillance, and who count Snowden's lawyer among their staff. Knowing what their next big scoop might be, who a whistleblower in the waiting is, or even their plans to generate support for initiatives such as The Day We Fight Back would all be valuable to an intelligence agency that just wants to keep on spying.