Monitoring NSA in de VS en erbuiten, deel 9

quote:

Op zaterdag 4 oktober 2014 14:02 schreef xepera9 het volgende:
Goed bezig, Papierversnipperaar.

Ik las dit vandaag:
RT: Germany handed law-protected private data to NSA for years

[..]

Duitstalig: http://www.sueddeutsche.de/thema/NSA

quote:

Plasterk houdt hoeveelheid afluisteroperaties AIVD geheim

Minister Ronald Plasterk (Binnenlandse Zaken) wil niet bekendmaken hoeveel personen door de Algemene Inlichtingendienst en Veiligheidsdienst (AIVD) zijn afgeluisterd en bij hoeveel operaties de afluisterbevoegdheid wordt ingezet.

De Commissie van Toezicht betreffende de Inlichtingen- en Veiligheidsdiensten (CTIVD) had deze getallen opgenomen in een rapport (pdf) over het functioneren van de AIVD.

Plasterk besloot echter om de getallen onleesbaar te maken in de uiteindelijk gepubliceerde versie van het rapport, omdat deze te veel inzicht geven in de werkwijze van de inlichtingendienst.

In een brief aan de Tweede Kamer (pdf) stelt Plasterk dinsdag dat de informatie "zich niet leent voor openbaarmaking, zeker wanneer die vanaf nu over meerdere jaren zou worden verstrekt". De 'Commissie Stiekem', bestaande uit alle fractieleiders van de Tweede Kamer, krijgt wel inzicht in de cijfers.

De CTIVD ging van september 2012 tot en met augustus 2013 na hoe de AIVD de afluisterbevoegdheid inzet. Uit het rapport wordt wel duidelijk dat in het onderzochte jaar 11 procent meer personen werden afgeluisterd dan een jaar eerder.

Veiligheid

Ook schrijft de toezichthouder over de "bevoegdheid tot selectie van sigint", waarmee de AIVD bijvoorbeeld activiteit op telefoonnummers of e-mailadressen in de gaten kan houden. Er worden "duizenden" van zulke adressen in de gaten gehouden, stelt de CTIVD.

Burgerrechtenbeweging Bits of Freedom is ontevreden met de geheimhouding van de gegevens, en wil deze via een verzoek op de Wet openbaarheid van bestuur (Wob) alsnog duidelijkheid krijgen.

"De CTIVD kan zelf beter dan minister Plasterk bepalen of dit de nationale veiligheid raakt", aldus Ton Siedsma van Bits of Freedom.

D66-Kamerlid Gerard Schouw zegt te willen weten waarom de cijfers zijn achtergehouden. Hij noemt dit "wonderlijk" en zegt zich af te vragen of dit neerkomt op censuur van de toezichthouder.

Geheimhouding

De Commissie concludeert dat de AIVD in het onderzochte jaar meermaals onrechtmatig heeft gehandeld. Zo zijn tweemaal gesprekken afgeluisterd met 'verschoningsgerechtigden', bijvoorbeeld artsen en advocaten die recht hebben op geheimhouding van communicatie met cliënten. Ook is twee keer te lang afgeluisterd.

Bij een afluisteroperatie naar iemand die samenwerkte met de AIVD, is minister Plasterk niet op de hoogte gebracht van deze samenwerking. Volgens de Commissie was dit "essentieel" voor de beoordeling van het afluisterverzoek en had dat dus wel moeten gebeuren.

Verder gaat de CTIVD in op de mogelijkheid van de AIVD om een gehele organisatie in de gaten te houden, de zogenoemde 'organisatielast'. Hierbij kunnen nieuwe leden van een organisatie worden afgeluisterd zonder dat daar opnieuw toestemming voor hoeft te worden gevraagd aan de minister.

Deze organisatielast is één keer ingezet tegen een groep mensen die volgens de wet niet kan worden gezien als een organisatie, stelt de CTIVD. Ook vindt de Commissie het onduidelijk in welke gevallen mensen kunnen worden toegevoegd aan de organisatielast.

Identiteiten

Het is volgens de Commissie illegaal om in bulk verzamelde gegevens te doorzoeken op zoek naar potentiële doelwitten. Een wetswijziging moet hier verandering in brengen, maar ondertussen doet de AIVD dit al wel.

De CTIVD wil daarom dat het gebruik van de data wordt beperkt tot het vaststellen van identiteiten en het bepalen van de relevantie voor een bepaald onderzoek. Ook moet goed worden geregistreerd welke communicatie is ingezien en wat de uitkomst was.

"Het is hoog tijd dat er een wetswijziging komt, zodat de Kamer zich kan uitlaten over dit soort kwesties", zegt Siedsma van Bits of Freedom.

Minister Plasterk zegt alle aanbeveligen van de Commssie aan te nemen. In sommige gevallen is de werkwijze van de AIVD al aangepast, of wordt de organisatie gevraagd om een betere werkwijze te formuleren.

quote:

Reporter Radio naar rechter om tapgegevens AIVD

quote:

Reporter Radio stapt naar de rechter omdat minister van Binnenlandse Zaken Ronald Plasterk (PvdA) weigert vrij te geven hoeveel mensen door de AIVD worden afgeluisterd.

quote:

Politie breekt met spyware op afstand in computers in

De Nederlandse politie dringt met spyware op afstand computers binnen. De wet wordt erg opgerekt, zeggen deskundigen.

quote:

In een brief aan de Tweede Kamer erkent minister Opstelten van Veiligheid en Justitie voor het eerst deze praktijk. Volgens hem mag de politie 'op afstand een computersysteem betreden en gegevensbestanden in beslag nemen'.

Dat is gebeurd 'in een aantal strafzaken waarin het ging om zeer ernstige feiten', schrijft hij in antwoord op vragen van SP-kamerlid Sharon Gesthuizen. Over de precieze werkwijze en effectiviteit wil Opstelten niets zeggen.

De minister reageert hiermee op onthullingen dat de Nederlandse politie het spionageprogramma FinFisher zou gebruiken. In augustus werd de producent van die software, Gamma Intenational, door activisten gehackt. Uit de buitgemaakte bestanden bleek de Landelijke Eenheid van de politie een van de klanten. FinFisher is ook gebruikt door de overheid in Bahrein om dissidenten in de gaten te houden. In het VPRO-programma Tegenlicht, aanstaande zondag, figureert FinFisher als bedrijf dat bugs verkoopt om in computers in te breken.

quote:

EE, Vodafone and Three give police mobile call records at click of a mouse

Three of UK’s big four mobile phone networks are providing customer data to police forces automatically through Ripa

Three of the UK’s four big mobile phone networks have made customers’ call records available at the click of a mouse to police forces through automated systems, a Guardian investigation has revealed.

EE, Vodafone and Three operate automated systems that hand over customer data “like a cash machine”,as one phone company employee described it.

Eric King, deputy director of Privacy International, a transparency watchdog, said: “If companies are providing communications data to law enforcement on automatic pilot, it’s as good as giving police direct access [to individual phone bills].”

O2, by contrast, is the only major phone network requiring staff to review all police information requests, the company said.

Mobile operators must by law store a year of call records of all of their customers, which police forces and other agencies can then access without a warrant using the controversial Regulation of Investigatory Powers Act (Ripa).

Ripa is the interception law giving authority to much of GCHQ’s mass surveillance. The law was again under the spotlight recently after it was used to identify sources of journalists from at least two national newspapers, the Sun and the Mail on Sunday.

Documents from software providers and conversations with mobile companies staff reveal how automatic this system has become, with the “vast majority” of records demanded by police delivered through automated systems, without the involvement of any phone company staff.

The Home Office argues communications data is “a critical tool” and its use of Ripa was “necessary and proportionate”.

Despite politicians’ assurances that the UK laws requiring phone companies to keep records would not create a state database of private communications, critics argue that the practice comes very close to doing so. King warned that “widespread, automatic access of this nature” meant the UK telecoms industry “essentially already provides law enforcement with the joined-up databases they claimed they didn’t have when pushing for the ‘snooper’s charter’.”

In the automated systems used by the phone companies, police officers seeking phone records must gain permission from another officer on the same force, who then enters the details into an online form. That mirrors the US Prism programme, revealed by Edward Snowden, which in effect created a backdoor into the products of US tech corporations. In the vast majority of cases, the information is then delivered without any further human role.

One document prepared by Charter Systems, which sells the type of software used by police forces to connect with mobile phone companies, explains the automated process saves “32 minutes” of human time per application.

“Charter Systems have worked in partnership with the Home Office and Detica [a firm providing data interception for security services and the police, now called BAE Systems Applied Intelligence].

to develop a solution that links directly to all CSPs [communication service providers, a term covering phone companies],” it states. The document explains the system produces “an automated solution for gathering electronic data information. The new solution saves time and effort for the authority in requesting and receiving ever increasing amounts of data.”

The systems were so interconnected, a separate sales document produce by Charter reveals, that “[d]ata can be retrieved from multiple CSPs in one request”.

Privacy groups reacted angrily to the details of how little day-to-day scrutiny records requests receive, warning that the automation of the system removes even the limited oversight ability – the right to refer requests to oversight agencies – phone networks have over Ripa requests.

“We urgently need clarity on just how unquestioning the relationship between telecommunications companies and law enforcement has become,” said King. “It’s crucial that each individual warrant for communications data is independently reviewed by the companies who receive them and challenged where appropriate to ensure the privacy of their customers is not being inappropriately invaded.”

Privacy advocates are also concerned that the staff within phone companies who deal with Ripa and other requests are often in effect paid by the Home Office – a fact confirmed by several networks – and so may, in turn, be less willing to challenge use of surveillance powers.

Several mobile phone networks confirmed the bulk of their queries were handled without human intervention. “We do have an automated system,” said a spokesman for EE, the UK’s largest network, which also operates Orange and T-Mobile. “[T]he vast majority of Ripa requests are handled through the automated system.” The spokesman added the system was subject to oversight, with monthly reports being sent to the law enforcement agency requesting the data, and annual reports going to the interception commissioner and the Home Office.

A spokesman for Vodafone said the company processed requests in a similar way. “The overwhelming majority of the Ripa notices we receive are processed automatically in accordance with the strict framework set out by Ripa and underpinned by the code of practice,” he said. “Even with a manual process, we cannot look behind the demand to determine whether it is properly authorised.”

A spokesman for Three, which is also understood to use a largely automated system, said the company was simply complying with legal requirements. “We take both our legal obligations and customer privacy seriously,” he said. “Three works with the government and does no more or less than is required or allowed under the established legal framework.”

Unlike the other networks, O2 said it did manually review all of its Ripa requests. “We have a request management system with which the law enforcement agencies can make their requests to us,” said the O2 spokeswoman. “All O2 responses are validated by the disclosure team to ensure that each request is lawful and the data provided is commensurate with the request.

Mike Harris, director of the Don’t Spy On Us campaign, said the automated systems posed a serious threat to UK freedom of expression. “How do we know that the police through new Home Office systems aren’t making automated requests that reveal journalist’s sources or even the private contacts of politicians?” he said.

“Edward Snowden showed that both the NSA and GCHQ had backdoor access to our private information stored on servers. Now potentially the police have access too, when will Parliament stand up and protect our fundamental civil liberties?”

A spokesman for the Home Office declined to respond to specific queries about the use of automatic systems to retrieve call records, but defended police forces’ use of Ripa. “Communications data is an absolutely critical tool used by police and other agencies to investigate crime, preserve national security and protect the public,” he said in a statement.

“This data is stored by communications service providers themselves and can only be acquired by public authorities under the Regulation of Investigatory Powers Act 2000 on a case by case basis, and where it is necessary and proportionate to do so.

“The acquisition of communications data under RIPA is subject to stringent safeguards in existing legislation and is independently overseen by the Interception of Communications Commissioner.”

quote:

Second leaker in US intelligence, says Glenn Greenwald

Citizenfour, new film on spying whistleblower Edward Snowden, shows journalist Greenwald discussing other source

The investigative journalist Glenn Greenwald has found a second leaker inside the US intelligence agencies, according to a new documentary about Edward Snowden that premiered in New York on Friday night.

Towards the end of filmmaker Laura Poitras’s portrait of Snowden – titled Citizenfour, the label he used when he first contacted her – Greenwald is seen telling Snowden about a second source.

Snowden, at a meeting with Greenwald in Moscow, expresses surprise at the level of information apparently coming from this new source. Greenwald, fearing he will be overheard, writes the details on scraps of paper.

The specific information relates to the number of the people on the US government’s watchlist of people under surveillance as a potential threat or as a suspect. The figure is an astonishingt 1.2 million.

The scene comes after speculation in August by government officials, reported by CNN, that there was a second leaker. The assessment was made on the basis that Snowden was not identified as usual as the source and because at least one piece of information only became available after he ceased to be an NSA contractor and went on the run.

The two-hour documentary was the highlight of the New York Film Festival.

quote:

Edward Snowden: state surveillance in Britain has no limits

quote:

UK intelligence agencies need stronger oversight, says David Blunkett

Former home secretary tells committee continued secrecy is undermining public confidence in wake of Snowden revelations

The former home secretary David Blunkett has called for stronger oversight of the UK’s intelligence agencies and warned that the “old-fashioned paternalism” of secrecy based on perceived security interests was undermining public confidence in their activities.

Blunkett called for the legal framework on mass surveillance to be updated on a regular basis and for judicial oversight to be made much more robust and transparent.

The Labour MP’s call came during only the second public evidence session ever held by the intelligence and security committee. Its inquiry into security and privacy was set up following the disclosures by Edward Snowden of the scale of the bulk collection of personal data by GCHQ and the NSA.

The committee heard evidence from the heads of the intelligence agencies earlier this year – its first public evidence session. The inquiry is to take evidence in public from Nick Clegg and Yvette Cooper on Wednesday and from the home secretary, Theresa May, on Thursday. Half of May’s two-hour session will be held in secret.

The chair of the Equality and Human Rights Commission, Baroness Onora O’Neill, told the committee’s MPs and peers that the privacy implications of big data and data mining were such that “the Stasi would have loved it. Thank god they didn’t have it.”

Blunkett, who as home secretary oversaw the introduction of the complex rules surrounding the use of the 2000 Regulation of Investigatory Powers Act (Ripa), which legislates surveillance, warned the committee that it was no longer good enough for the security services to argue that “we know and you mustn’t know” to maintain public confidence in their activities.

He said Britain’s most sophisticated opponents already had a good idea of the capacity of the UK’s security services, and in some cases were ahead of them. Blunkett said it was necessary to tell the public about the methods of the security services to reassure them and to secure their consent: “That is the essence of a free democracy,” he said. “Therefore ensuring people feel comfortable and know enough about what we are doing to feel it is in their interests.

“Sometimes we have to be more sophisticated than saying ‘we can’t tell you anything because it might be a danger’. That actually undermines confidence and consent. It is real old-fashioned paternalism because it is ‘we know but you mustn’t know’.”

Blunkett said the need to update Ripa, which has been described as an “analogue law in a digital age”, was obvious. He reflected that when he first introduced the regulations surrounding the law they were already out of date and needed a ‘second go’.”

Blunkett said the legal framework surrounding surveillance needed updating “each fixed-term parliament” if it was to continue to command public confidence “because people are pushing the boundaries all the time.”

Blunkett also called for a much stronger judicial oversight regime saying the secretive Investigatory Powers Tribunal , which is the only court that can hear complaints of illegal surveillance or human rights breaches by the security services, was in need of a radical overhaul.

“The Investigatory Powers Tribunal needs to be ramped up completely. People need to know a lot more about it. It needs to be a lot more transparent and it needs to demonstrate that it is worth having,” said the former home secretary.

quote:

Op dinsdag 14 oktober 2014 17:59 schreef polderturk het volgende:
Zou Snowden ooit de nobelprijs voor de vrede gegund worden?

quote:

UN Report Finds Mass Surveillance Violates International Treaties and Privacy Rights

quote:

The United Nations’ top official for counter-terrorism and human rights (known as the “Special Rapporteur”) issued a formal report to the U.N. General Assembly today that condemns mass electronic surveillance as a clear violation of core privacy rights guaranteed by multiple treaties and conventions. “The hard truth is that the use of mass surveillance technology effectively does away with the right to privacy of communications on the Internet altogether,” the report concluded.

Central to the Rapporteur’s findings is the distinction between “targeted surveillance” — which “depend[s] upon the existence of prior suspicion of the targeted individual or organization” — and “mass surveillance,” whereby “states with high levels of Internet penetration can [] gain access to the telephone and e-mail content of an effectively unlimited number of users and maintain an overview of Internet activity associated with particular websites.” In a system of “mass surveillance,” the report explained, “all of this is possible without any prior suspicion related to a specific individual or organization. The communications of literally every Internet user are potentially open for inspection by intelligence and law enforcement agencies in the States concerned.”

Mass surveillance thus “amounts to a systematic interference with the right to respect for the privacy of communications,” it declared. As a result, “it is incompatible with existing concepts of privacy for States to collect all communications or metadata all the time indiscriminately.”

In concluding that mass surveillance impinges core privacy rights, the report was primarily focused on the International Covenant on Civil and Political Rights, a treaty enacted by the General Assembly in 1966, to which all of the members of the “Five Eyes” alliance are signatories. The U.S. ratified the treaty in 1992, albeit with various reservations that allowed for the continuation of the death penalty and which rendered its domestic law supreme. With the exception of the U.S.’s Persian Gulf allies (Saudi Arabia, UAE and Qatar), virtually every major country has signed the treaty.

Article 17 of the Covenant guarantees the right of privacy, the defining protection of which, the report explained, is “that individuals have the right to share information and ideas with one another without interference by the State, secure in the knowledge that their communication will reach and be read by the intended recipients alone.”

quote:

FBI director attacks tech companies for embracing new modes of encryption

James Comey says data encryption could deprive police and intelligence companies of potentially live-saving information

The director of the FBI savaged tech companies for their recent embrace of end-to-end encryption and suggested rewriting laws to ensure law enforcement access to customer data in a Thursday speech.

James Comey said data encryption such as that employed on Apple’s latest mobile operating system would deprive police and intelligence companies of potentially life-saving information, even when judges grant security agencies access through a warrant.

“Criminals and terrorists would like nothing more than for us to miss out,” he said. Technologists have found such statements reminiscent of the “Crypto Wars” of the 1990s, an earlier period in which the US government warned about encryption constraining law enforcement.

Framing his speech at the Brookings Institution as kickstarting a “dialogue” and insisting he was not a “scare-monger”, Comey said “encryption threatens to lead us all to a very, very dark place.”

Comey also posed as a question “whether companies not subject currently to Calea should be required to build lawful intercept capabilities for law enforcement,” something he contended would not “expand” FBI authorities.” Calea is a 1994 surveillance law mandating that law enforcement and intelligence agencies have access to telecommunications data, which Comey described as archaic in the face of technological innovation.

“I’m hoping we can now start a dialogue with Congress on updating it,” Comey said.

Privacy advocates contend Comey is demagoguing the issue.

It took a June supreme court ruling, they point out, for law enforcement to abandon its contention that it did not require warrants at all to search through smartphones or tablets, and add that technological vulnerabilities can be exploited by hackers and foreign intelligence agencies as the US government. Additionally, the FBI and police retain access to data saved remotely in the so-called “cloud” – where much data syncs for storage from devices like Apple’s – for which companies like Apple keep the encryption keys.

Comey, frequently referring to “bad guys” using encryption, argued access to the cloud is insufficient.

“Uploading to the cloud doesn’t include all the stored data on the bad guy’s phone,” he said.

“It’s the people who are most worried what’s on the device who will be most likely to avoid the cloud.”

Tech companies contend that their newfound adoption of encryption is a response to overarching government surveillance, much of which occurs either without a warrant, subject to a warrant broad enough to cover indiscriminate data collection, or under a gag order following a non-judicial subpoena. Comey did not mention such subpoenas, often in the form of National Security Letters, in his remarks.

The National Security Agency, whistleblower Edward Snowden revealed, accesses customer information in transit between Google and Yahoo data centers, as one of its surveillance tools.

“The people who are criticizing this are the ones who should have expected this,” Google CEO Eric Schmidt said last week.

Christopher Soghoian, the chief technologist for the American Civil Liberties Union, called Comey’s speech “disappointing”.

“What was missing from his remarks was an acknowledgement that when Congress passed Calea in 1994, they explicitly protected the rights of companies that wanted to build encryption into their products – encryption with no backdoors, encryption with no keys that are held by the company,” Soghoian said.

“So if he wants to get what he’s describing, not only is he talking about expanding Calea to technology companies and not just communications companies, but to be successful, he would have to remove that provision of Calea, and that would be a major and negative step.”

Comey praised Apple and Google as run by “good people” and said he recognized their embrace of encryption responded to “perceive[d]” market pressures in the wake of Snowden’s disclosures. But Comey suggested that end-to-end mobile device encryption amounted to a safe haven for criminals.

“Are we no longer a country that is passionate both about the rule of law and about their being no zones in this country beyond the reach of that rule of law? Have we become so mistrustful of government and law enforcement in particular that we are willing to let bad guys walk away, willing to leave victims in search of justice?” he said.

Comey acknowledged that the Snowden disclosures caused “justifiable surprise” among the public about the breadth of government surveillance, but hoped to mitigate it through greater transparency and advocacy.

Yet the FBI keeps significant aspects of its surveillance reach hidden even from government oversight bodies. Intelligence officials said in a June letter to a US senator that the FBI does not tally how often it searches through NSA’s vast hoards of international communications, without warrants, for Americans’ identifying information.

Comey frequently described himself as being technologically unprepared to offer specific solutions, and said he meant to begin a conversation, even at the risk of putting American tech companies at a competitive disadvantage.

“Where we may get is to a place where the US, through its Congress, says, ‘You know what, we need to force this on American companies,’ and maybe they’ll take a hit. Someone in some other country will say, ‘Ah, we sell a phone that even with lawful authority people can’t get into.’ But that we as a society are willing to have American companies take that hit. That’s why we have to have this conversation,” Comey said.

quote:

Apple defies FBI and offers encryption by default on new operating system

New version of Mac OS X will encrypt users’ hard drives unless they explicitly decline, in spite of pleas by the FBI not to

The latest version of Apple’s operating system for desktop and laptop computers, Mac OS X 10.10 “Yosemite”, encourages users to turn on the company’s FileVault disk encryption, as the company hardens its pro-security stance.

The decision to encourage encryption, so that users must opt out – rather than opting in as has been the case since FileVault was introduced in 2003 – shows the company refusing to back down to pressure from the US government to restrict the availability of cryptographic tools to the public.

On Thursday, the FBI’s director, James Comey, decried the company’s decision to offer similar tools on mobile devices running iOS 8.

“With Apple’s new operating system, the information stored on many iPhones and other Apple devices will be encrypted by default,” Comey told the Brookings Institute in Washington DC. “Shortly after Apple’s announcement, Google announced plans to follow suit with its Android operating system. This means the companies themselves won’t be able to unlock phones, laptops, and tablets to reveal photos, documents, email, and recordings stored within.”

Comey continued: “At the outset, Apple says something that is reasonable – that it’s not that big a deal … Apple argues, for example, that its users can back up and store much of their data in ‘the cloud’ and that the FBI can still access that data with lawful authority. But uploading to the cloud doesn’t include all of the stored data on a bad guy’s phone, which has the potential to create a black hole for law enforcement.”

But despite Comey’s pleas, the company shipped Yosemite with the FileVault option intact. The install process for the new operating system asks users if they would “like to use FileVault to encrypt the disk” on their Macs. Ticked by default are two boxes, “Turn on FileVault disk encryption” and “Allow my iCloud account to unlock my disk”.

That means that unless the user actively declines the offer, their hard drives will be encrypted.

Unlike a standard password-protected computer, which leaves the contents of a hard-drive accessible to anyone with the patience to remove the drive, FileVault encrypts the entire contents of a device at disk level, rendering it impossible for anyone without the login password to access the data on the computer.

While the FBI has condemned Apple’s new commitment to security, civil liberties organisations have welcomed the decision. “We applaud tech leaders like Apple and Google that are unwilling to weaken security for everyone to allow the government yet another tool in its already vast surveillance arsenal,” said the American Civil Liberties Union’s Laura Murphy following Comey’s speech. “We hope that others in the tech industry follow their lead and realize that customers put a high value on privacy, security and free speech.”

Users on older versions of Mac OS X can still enable FileVault, but must dig into the operating system’s settings to do so; the feature is buried under the Security & Privacy option in the system preferences. Windows users have long had access to a similar tool, also not enabled by default, called BitLocker, which can be turned on using Windows Explorer. It is not yet known whether Microsoft will make BitLocker use opt-out in its forthcoming Windows 10 release, expect next year and presently in developer testing.

quote:

Senior NSA official moonlighting for private cybersecurity firm

- Patrick Dowd recruited by former NSA director Keith Alexander
- Unusual for US official to work for private, for-profit company

The former director of the National Security Agency has enlisted the US surveillance giant’s current chief technology officer for his lucrative cybersecurity business venture, an unusual arrangement undercutting Keith Alexander’s assurances he will not profit from his connections to the secretive, technologically sophisticated agency.

Patrick Dowd continues to work as a senior NSA official while also working part time for Alexander’s IronNet Cybersecurity, a firm reported to charge up to $1m a month for advising banks on protecting their data from hackers. It is exceedingly rare for a US official to be allowed to work for a private, for-profit company in a field intimately related to his or her public function.

Reuters, which broke the story of Dowd’s relationship with IronNet, reported that the NSA is reviewing the business deal.

Since retiring from the NSA in March and entering the burgeoning field of cybersecurity consulting, Alexander has vociferously defended his ethics against charges of profiting off of his NSA credentials. Alexander was the founding general in charge of US Cyber Command, the first military command charged with defending Defense Department data and attacking those belonging to adversaries. Both positions provide Alexander with unique and marketable insights into cybersecurity.

His final year as the agency’s longest serving director was characterised by reacting to Edward Snowden’s disclosures – and the embarrassment of presiding over the largest data breach in the agency’s history – and publicly urging greater cybersecurity cooperation between the agency and financial institutions.

“I’m a cyber guy. Can’t I go to work and do cyber stuff?” Alexander told the Associated Press in August.

Alexander, whose adult life was spent in uniform, intends to file patents for what he has described obliquely as a new forecasting model for detecting network intrusions. His assurance prompted speculation that the retired general is profiting from technical sophistication that competitors who do not have a US intelligence pedigree cannot hope to replicate.

Alexander portrayed Dowd’s unusual joint positions with the NSA and IronNet as a way for the public to keep benefitting from Dowd’s expertise, while saying less about how Alexander will profit from the same skill set.

“I just felt that his leaving the government was the wrong thing for NSA and our nation,” Alexander told Reuters.

The NSA, whose operations are almost entirely secret, has long been criticised for its close corporate ties. One long-serving official, William Black Jr, left the agency for Science Applications International Corporation, before returning in 2000 as deputy director.

While Black was in his senior position, SAIC won an NSA contract to develop a data-mining programme, called Trailblazer, that was never implemented, despite a cost of over $1bn. Whistleblowers have charged that Trailblazer killed a more privacy-protective system called ThinThread.

Black, however, did not serve simultaneously at the NSA and SAIC.

Compounding the potential financial conflicts at the NSA, Buzzfeed reported that the home of chief of its Signals Intelligence Directorate, Teresa Shea, has a signals-intelligence consulting firm operating out of it. The firm is run by her husband James, who also works for a signals-intelligence firm that Buzzfeed said appears to do business with the NSA; and Teresa Shea runs an “office and electronics” business that lists a Beechcraft plane among its assets.

quote:

Whisper chief executive answers privacy revelations: 'We're not infallible'

quote:

The chief executive of the “anonymous” social media app Whisper broke his silence late on Saturday, saying he welcomed the debate sparked by Guardian US revelations about his company’s tracking of users and declaring “we realise that we’re not infallible”.

Michael Heyward’s statement was his first public response to a series of articles published in the Guardian which revealed how Whisper monitors the whereabouts of users of an app he has in the past described as “the safest place on the internet”.

Whisper hosts 2.6 million messages a day posted through its app, which promises users a place to “anonymously share your thoughts and secrets” and has billed itself as a platform for whistleblowers.

The Guardian’s disclosures, which were based on a visit to Whisper’s headquarters and detailed conversations with its executives, prompted privacy experts to call for a federal inquiry into the company.

Heyward, who stayed silent for more than 48 hours, came under intense pressure to respond to the controversy. His statement was posted on a blog late on Saturday.

Unlike other Whisper representatives, who have strongly denied the disclosures, Heyward did not dispute the accuracy of the Guardian’s reporting. But he insisted his company was founded on “honesty and transparency” and indicated Whisper would take firm action against employees who breach those values.

“Above all else, we always strive to do right by our users,” he said. “We have zero tolerance for any employee who violates that trust.”

Heyward expressed “dismay” that the Guardian, which had previously collaborated with Whisper on three small projects, “published a series of stories questioning our commitment to your privacy”.

“While we’re disappointed with the Guardian’s approach, we welcome the discussion,” Heyward said. “We realise that we’re not infallible, and that reasonable people can disagree about a new and quickly evolving area like online anonymity.”

In formal responses to the Guardian’s reports, Whisper had insisted it “does not follow or track users”. Heyward, however, said only that Whisper does not “actively” track users.

The 27-year-old CEO’s remarks contrast with those of his editor-in-chief, Neetzan Zimmerman, who mounted an offensive immediately after the reports were published, accusing Guardian journalists of fabricating quotes and denouncing the reports as “a pack of vicious lies”.

The Guardian witnessed how Zimmerman’s editorial team monitors the movements of certain users during a three-day visit to the company’s California headquarters to explore the possibility of future editorial collaboration. Two Guardian reporters were given access to Whisper’s back-end tools and spoke extensively with company executives.

Zimmerman’s team uses an in-house mapping tool to research the movements of users who have opted into geolocation services, using GPS data which is “fuzzed” to be accurate within 500 metres of where messages are posted. The reporters witnessed how Zimmerman’s team tried to determine the “veracity” of potentially newsworthy users by researching their location, sifting through their trail of previous posts and and tracing their movements over time.

When researching users who had disabled geolocation services – preventing the company from accessing their GPS-based data – Whisper executives explained how the editorial team instead relied on IP data to work out a targeted user’s approximate location.

Zimmerman contested the Guardian’s detailed account of those practices, saying it was “100% false” and “a 100% lie” to say the editorial team ever accessed rough location data for people who have opted out. “When I specifically say that they are lying, that’s what I mean – that does not happen, and it simply can’t happen,” he told the tech news site Gigaom.

However, Whisper’s senior vice-president, Eric Yellin, had already acknowledged the practice, telling the Guardian before the stories were published: “We occasionally look at user IP addresses internally to determine very approximate locations.” The admission was made in an email exchange about the location-tracking practices of Whisper’s editorial team.

Heyward acknowledged in his statement on Saturday that Whisper collects IP data which can infer rough location data but did not specify how that information is used – except to say it is sometimes shared with law enforcement. Heyward also acknowledged that Whisper does look at the past activity of some users on the app to “assess the authenticity” of their posts.

Heyward also responded to the Guardian’s disclosure that Whisper was sharing user information with a suicide prevention study run by the Pentagon, based on smartphones the social media app can pinpoint to military bases. Users had not been told about the research. Heyward said Whisper was “proudly working with organisations to lower suicide rates, including the Department of Defense’s Suicide Prevention Office”. He added: “We can’t wait to establish more of these relationships and effect real change.”

The Guardian also revealed on Thursday that Whisper was developing a version of its app to comply with Chinese censorship laws, and indefinitely archiving data, including messages users may think they have deleted, in a database. Heyward’s statement did not address those disclosures.

His company had built media partnerships with the cable TV channel Fusion and the online news website Buzzfeed, and was searching for new partners. Heyward said a key part of Whisper’s mission was to “shine a light” on important social issues, and his blogpost linked to stories that have been published on Buzzfeed. “We look forward to continuing this important work with our partners,” Heyward said.

Both Buzzfeed and Fusion have suspended their partnerships with the social media app in the wake of the Guardian’s revelations.

Heyward said changes to Whisper’s terms of use and privacy policy were “not related” to the Guardian’s reporting. Whisper rewrote its terms of service on Monday – four days after learning the Guardian planned to publish details about its business practices.

Heyward said these changes were finalised in July and were due to be published in October, along with a new website. Heyward did not mention the update to Whisper’s terms of service that occurred in September. Explaining the decision to change the terms of service, again, on Monday, he said: “Our communications with the Guardian made it clear that our users would benefit from seeing them sooner”.

quote:

‘Crypto wars’ return to Congress

FBI Director James Comey has launched a new “crypto war” by asking Congress to update a two-decade old law to make sure officials can access information from people’s cell phones and other communication devices.

The call is expected to trigger a major Capitol Hill fight about whether or not tech companies need to give the government access to their users.

“It's going to be a tough fight for sure,” Rep. James Sensenbrenner (R-Wis.), the Patriot Act’s original author, told The Hill in a statement.

He argues Apple and other companies are taking the privacy of consumers into their own hands because Congress has failed to pass legislation in response to public anger over the National Security Agency’s surveillance programs.

“While Director Comey says the pendulum has swung too far toward privacy and away from law enforcement, he fails to acknowledge that Congress has yet to pass any significant privacy reforms,” he added. “Because of this failure, businesses have taken matters into their own hands to protect their consumers and their bottom lines.”

Comey argues that trend will make it harder to solve crimes.

“If this becomes the norm, I suggest to you that homicide cases could be stalled, suspects walked free, child exploitation not discovered and prosecuted,” he said last week.

Comey is asking that Congress update the Communications Assistance for Law Enforcement Act (CALEA), a 1994 law that required telephone companies make it possible for federal officials to wiretap their users.

Many new mobile applications and other modern devices aren’t included under the law, however, making it difficult if not impossible for police to get a suspect’s records — even with a warrant.

Forcing companies to put in a “back door” to give officials access would also open them up to hackers in China and Russia, opponents claim, as well as violate Americans’ privacy rights.

Comey claimed the FBI was not looking for a “back door” into people’s devices.

“We want to use the front door with clarity and transparency,” he said.

But for critics, that’s a distinction without a difference.

“The notion that it’s not a back door; it’s a front door — that’s just wordplay,” said Bruce Schneier, a computer security expert and fellow at Harvard’s Berkman Center for Internet and Society. “It just makes no sense.”

It was reminiscent, he said, of the mid-1990s debate over the “Clipper Chip,” an electronic chip that federal officials wanted to insert in devices allowing them to get access to people’s communications. In the end, Congress did not require that companies use that chip in their technology.

Similar arguments have emerged every few years, as technology has gotten better and government agents have feared being left behind.

“This is the third or fourth replay,” said Greg Nojeim, senior counsel at the Center for Democracy and Technology. “So far Congress has done the right thing and stood aside when companies are given the latitude they need to make communications devices and services more secure.”

Early indications are that it could be an uphill push for the FBI.

“I’d be surprised if more than a handful of members would support the idea of backdooring Americans’ personal property,” Sen. Ron Wyden (D-Ore.), who would staunchly oppose the measure, said in a statement shared with The Hill.

Rep. Darrell Issa (R-Calif.), the chairman of the House Oversight Committee, on Friday tweeted that the administration would be making a “tough sell” by pushing an update to CALEA.

“To FBI Director Comey and the [administration] on criticisms of legitimate businesses using encryption: you reap what you sow,” he wrote.

Rep. Zoe Lofgren (D-Calif.) predicted that any bill would have “zero chance” of passing.

Earlier this year, she and Rep. Thomas Massie (R-Ky.) introduced a measure to the defense spending bill banning the National Security Agency from using “backdoor” searches to spy on Americans through a legal provision targeting foreigners. That measure overwhelmingly passed the House 293-123.

While the NSA’s spying is different from the FBI’s requested updated to CALEA, the spirit is the same, she said.

“I think the public would not support it, certainly industry would not support it, civil liberties groups would not support it,” Lofgren told The Hill. “I think [Comey is] a sincere guy, but there’s just no way this is going to happen.”

Still, the FBI is unlikely to drop the pressure, especially if tech companies keep putting a focus on their privacy protections.

“This is a long-term discussion that has been coming and I expect to continue,” said Carl Szabo, a lobbyist for NetChoice, a trade group for online businesses including Google, eBay and Yahoo.

As for the chances of a CALEA update, he is opposed but isn’t assuming the FBI will stand down.

“I never underestimate anything,” he said.

“I always think that there is a chance, even if it’s not as sweeping as installing a front door master key on every mobile device, it could be installing a small backdoor.”

quote:

Ministers should assess UK surveillance warrants, says Philip Hammond

Foreign secretary rejects judicial scrutiny, saying political judgment is required to assess validity of GCHQ operations

The foreign secretary, Philip Hammond, on Thursday rejected suggestions that judges should approve electronic surveillance warrants, arguing that only ministers could exercise the political judgment necessary to ensure that such surveillance was necessary and proportionate.

Hammond was giving evidence to parliament’s intelligence and security committee, which is reviewing the need for new oversight legislation to regulate the UK’s electronic espionage agency, GCHQ, in the light of the revelations on bulk data collection made by the former US intelligence contractor Edward Snowden.

Hammond told the committee that GCHQ’s bulk collection of private data from emails, internet activity and telephone usage did not amount to mass surveillance because the state did not have the resources to trawl through the huge volume of information involved, and because of legal safeguards on how the data was used.

“There’s also a very important safeguard provided by the culture within the agencies, which is the exact opposite of what some movies might like to suggest,” he said.

“The agencies are extremely cautious, extremely focused on their responsibility to maintain the culture of proportionality and necessity in everything they do. And there is an atmosphere … which is very far from a gung-ho approach. It is very cautious, very measured.”

Hammond – who oversees the work of GCHQ and the Secret Intelligence Service, MI6 – confirmed that any email or internet search that went through a foreign server was treated as an external communication and therefore subject to a different clause in the Intelligence Services Act. That in turn allows the foreign secretary to authorise much broader examination by the intelligence agencies than is the case with domestic communications. However, he insisted that once it becomes clear someone on British soil is party to the communication, there is a legal mechanism that once more narrows the scope of warrant.

Privacy and civil rights groups have argued that, in light of the Snowden revelations, all electronic surveillance warrants should go before a judge to ensure the phenomenal power available to government as a result of modern surveillance technology should be subject to some form of judicial constraint. Hammond countered that judges would assess surveillance warrant requests primarily from a legal standpoint. Only an elected official could properly apply political judgment on the necessity and proportionality of an eavesdropping operation.

The foreign secretary said that in issuing surveillance warrants he was subject not just to legal but also to political constraints, which were narrower.

“Perhaps it is a feature of the times that we live in, but I’m sure I can speak for all my colleagues who sign warrants that we all have, in the back of our minds, that at some point in the future we will – not might be, but will – be appearing before some inquiry or tribunal or court to account for the decisions we’ve made,” Hammond said.

Mike Harris, the campaign director of Don’t Spy on Us, a coalition of privacy and digital rights advocacy groups, argued that ministers should indeed make political judgments on warrants, but their decisions should then be reviewed by judges.

“The safeguards he talks about are not safeguards at all. It is very hard to tell in practice who is a UK-based party to a communication,” Harris said. “This comes in the context of an absence of judicial oversight and a lack of scrutiny from parliament and an under-resourcing of the intelligence commissioners, so in effect the public can’t be certain that the reassurances from the minister are upheld in any way by intelligence agencies.”

quote:

Former NSA Official: Anyone Who 'Justified' Snowden's Leaks Shouldn't Be Allowed A Gov't Job

quote:

A few days ago, the FTC announced that it had appointed Ashkan Soltani as its chief technology officer. Soltani is a well-known (and often outspoken) security researcher who has worked at the FTC in the past. Nothing about this appointment should be all that surprising or even remotely controversial. However, recently, Soltani had been doing a lot of journalism work, as a media consultant at the Washington Post helping Barton Gellman and other reporters really understand the technical and security aspects of the Snowden documents. His name has appeared as a byline in a number of stories about the documents, detailing what is really in those documents, and how they can impact your privacy.

Apparently, this has upset the usual crew of former NSA officials.

Let's start with former NSA director Michael Hayden. The publication FedScoop heard the news about Soltani, and decided to ask Hayden and other NSA-types their thoughts. You can tell by the opening paragraph what angle FedScoop is digging for with its article:

quote:

The Really Dark Internet

quote:

Deception and Propaganda in Social Media

A year after the revelations by Edward Snowden, more or less everybody is aware of the astonishing extent of online surveillance. An outcome of this increased awareness is the development of various protective measures, including encryption practices, privacy protection measures as well as the development of anonymised platforms, such as Kwikdesk, an anonymous and ephemeral version of Twitter. However, other aspects of state and corporate control of social media have received less attention. In the face of rising inequality and increasing political mobilisation from the bottom, the ruling class must pro-actively defend the current power structures and a way to do this includes not only surveillance, but also deception and propaganda in social media. The really dark Internet is a reference to this layer of surveillance and disinformation – the spread of false information which intends to undermine, confuse, disrupt, and eventually defuse any socio-political action that threatens to unsettle the status quo.

With surveillance a given, we must now begin to learn about strategies and tactics of deception and disinformation, coming from states, reactionary and fascist political groupings, and corporations.

While a lot has been written on the signal intelligence contents of the NSA documents, less is known about the kinds of human intelligence used by government agencies and corporations. In a leaked NSA presentation which would have made Goebbels proud, a British spy agency – the Joint Threat Research Intelligence Group (JTRIG) – explicitly refers to its digital propaganda tactics: the circulation of false information aimed at destroying the reputation of its targets and the use of insights from the social sciences in order to manipulate online communications in line with their political objectives.

The presentation goes on to list techniques for dissimulation or ‘hiding the real’ through ‘masking, repackaging, and dazzling’, and for simulation, or ‘showing the false’ through ‘mimicking, inventing and decoying’; it goes on to refer to techniques for managing attention, infiltrating networks, planting ruses and causing disruption. The aim is to build ‘cyber-magicians’, who can confuse and manipulate ‘targets’. The presentation concludes by estimating that ‘by 2013 JTRIG will have a staff of 150+, fully trained’. Though we cannot be sure of the status of such plans following the leaks, it would be naïve to assume that they have been dropped.
- See more at: http://theoccupiedtimes.org/?p=13166#sthash.2yopTRUk.dpuf

twitter:

AnonyOps twitterde op dinsdag 28-10-2014 om 14:45:06 The FBI has reportedly raided the home of a "2nd Snowden". Watch how they treat them for an example of how they would have treated Snowden reageer retweet

quote:

Feds identify suspected 'second leaker' for Snowden reporters

The FBI recently searched a government contractor's home, but some officials worry the Justice Department has lost its 'appetite' for leak cases

The FBI has identified an employee of a federal contracting firm suspected of being the so-called "second leaker" who turned over sensitive documents about the U.S. government's terrorist watch list to a journalist closely associated with ex-NSA contractor Edward Snowden, according to law enforcement and intelligence sources who have been briefed on the case.

The FBI recently executed a search of the suspect's home, and federal prosecutors in Northern Virginia have opened up a criminal investigation into the matter, the sources said.

But the case has also generated concerns among some within the U.S. intelligence community that top Justice Department officials — stung by criticism that they have been overzealous in pursuing leak cases — may now be more reluctant to bring criminal charges involving unauthorized disclosures to the news media, the sources said. One source, who asked not to be identified because of the sensitivity of the matter, said there was concern "there is no longer an appetite at Justice for these cases."

Marc Raimondi, a spokesman for the Justice Department, declined to comment on the investigation into the watch-list leak, citing department rules involving pending cases.

As for the department's overall commitment to pursue leak cases, he added: "We're certainly going to follow the evidence wherever it leads us and take appropriate action."

Another source familiar with the case said: "Investigators are continuing to pursue it, but are not ready to charge yet."

The case in question involves an Aug. 5 story published by The Intercept, an investigative website co-founded by Glenn Greenwald, the reporter who first published sensitive NSA documents obtained from Snowden.

Headlined "Barack Obama's Secret Terrorist-Tracking System, by the Numbers," the story cited a classified government document showing that nearly half the people on the U.S. government's master terrorist screening database had "no recognized terrorist affiliation."

The story, co-authored by Jeremy Scahill and Ryan Devereaux, was accompanied by a document "obtained from a source in the intelligence community" providing details about the watch-listing system that were dated as late as August 2013, months after Snowden fled to Hong Kong and revealed himself as the leaker of thousands of top secret documents from the NSA.

This prompted immediate speculation that there was a "second leaker" inside the U.S. intelligence community providing material to Greenwald and his associates.

That point is highlighted in the last scene of the new documentary about Snowden released this weekend, called "Citizenfour," directed by filmmaker Laura Poitras, a co-founder with Greenwald and Scahill of The Intercept.

Greenwald tells a visibly excited Snowden about a new source inside the U.S. intelligence community who is leaking documents. Greenwald then scribbles notes to Snowden about some of the details, including one briefly seen about the U.S. drone program and another containing a reference to the number of Americans on the watch list.

"The person is incredibly bold," Snowden says. Replies Greenwald: "It was motivated by what you did."

In an interview on the radio show "Democracy Now," Scahill, who also briefly appears in "Citizenfour," says the new source described in the film provided him with a document that "outlines the rulebook for placing people on a variety of watch lists." The source is "an extremely principled and brave whistleblower" who made his disclosures "at great personal risk," Scahill says in the interview.

Contacted Monday, Scahill declined any comment about his source, but said neither he nor The Intercept had been notified by federal officials about the investigation. He added, however, that he is not surprised to learn of the probe: "The Obama administration in my view is conducting a war against whistleblowers and ultimately against independent journalism."

John Cook, editor of The Intercept, said the website's stories had revealed "crucial information" about the excesses of the U.S. watch-listing system. "Any attempt to criminalize the public release of those stories benefits only those who exercise virtually limitless power in secret with no accountability," he told Yahoo News.

Sources familiar with the investigation say the disclosures prompted the National Counterterrorism Center to file a "crimes report" with the Justice Department — an official notification that classified material has been compromised and a violation of federal law may have taken place.

The documents in question disclose multiple details about how federal intelligence agencies provide entries and track suspects on the Terrorist Identities Datamart Environment, or TIDE — a master database with over 1 million names that provides the basis for watch-listing individuals and placing them on "no fly" lists when there are sufficient links to terrorism.

One document is stamped as "Secret" and "NOFORN," meaning it cannot be shared with foreign governments. These, however, are far less sensitive than some of the NSA materials leaked by Snowden.

During Obama's first five years as president, the Justice Department and the U.S. military brought seven criminal prosecutions for national security leaks — more than twice as many as all previous presidents put together.

But the Obama administration's aggressive anti-leak efforts triggered a firestorm of criticism last year after disclosures that, in pursuing these cases, prosecutors had secretly subpoenaed phone records from the Associated Press and filed a search warrant identifying a Fox News reporter as a potential "co-conspirator" under the Espionage Act for his efforts to coax information from a confidential source.

Since September of last year, when a former FBI agent pleaded guilty to disclosing details about an al-Qaida bomb plot to the AP, the Justice Department has brought no further leak cases. Attorney General Eric Holder — who sources say was personally stung by the criticism — has also unveiled new "guidelines" that restrict how the Justice Department would seek information from the news media in leak cases.

Holder, who recently announced his plans to step down, also appeared to signal that he was eager to avoid further confrontations with the press when he was asked whether he would seek to incarcerate New York Times reporter James Risen if he refused to testify in an upcoming trial of a former CIA officer accused of leaking him information about a covert effort to disrupt Iran's nuclear program. Risen has vowed he will never testify about a confidential source.

"As long as I am attorney general, no reporter who is doing his job will go to jail," Holder said at a meeting with news media representatives when asked about the Risen case.

But Steve Aftergood, who closely tracks government secrecy efforts, said, "It's an open question at this point whether the administration will indict any other leakers or pursue other prosecutions."

He noted that, despite Holder's comments, Justice Department prosecutors had yet to formally inform a federal judge whether they will call Risen at the trial of the former CIA officer — a move that could result in a direct confrontation with the reporter if he is asked to identify his source.

"These leaks are taken extremely seriously," he said. If prosecutors have sufficient evidence against the suspected new leaker, "I don't think they will let it slide."

quote:

GCHQ views data without a warrant, government admits

GCHQ’s secret ‘arrangements’ for accessing bulk material revealed in documents submitted to UK surveillance watchdog

British intelligence services can access raw material collected in bulk by the NSA and other foreign spy agencies without a warrant, the government has confirmed for the first time.

GCHQ’s secret “arrangements” for accessing bulk material are revealed in documents submitted to the Investigatory Powers Tribunal, the UK surveillance watchdog, in response to a joint legal challenge by Privacy International, Liberty and Amnesty International. The legal action was launched in the wake of the Edward Snowden revelations published by the Guardian and other news organisations last year.

The government’s submission discloses that the UK can obtain “unselected” – meaning unanalysed, or raw intelligence – information from overseas partners without a warrant if it was “not technically feasible” to obtain the communications under a warrant and if it is “necessary and proportionate” for the intelligence agencies to obtain that information.

The rules essentially permit bulk collection of material, which can include communications of UK citizens, provided the request does not amount to “deliberate circumvention” of the Regulation of Investigatory Powers Act (Ripa), which governs much of the UK’s surveillance activities.

This point – that GCHQ does not regard warrants as necessary in all cases – is explicitly spelled out in the document. “[A] Ripa interception warrant is not as a matter of law required in all cases in which unanalysed intercepted communications might be sought from a foreign government,” it states. The rules also cover communicationsdata sent unsolicited to the UK agencies.

Campaigners say that this contrasts with assurances by parliament’s Intelligence and Security Committee in July last year that a warrant signed by a minister was in place whenever GCHQ obtained intelligence from the US.

The data can then be stored for up to two years, the same duration as information collected directly by the agency. This can be extended unilaterally if a senior official believes it to be necessary and proportionate for national security purposes.

Privacy International, one of several advocacy groups mounting legal challenges against GCHQ and NSA surveillance, said the revelation should cast further doubts on legal safeguards in the UK.

“We now know that data from any call, internet search, or website you visited over the past two years could be stored in GCHQ’s database and analysed at will, all without a warrant to collect it in the first place,” said deputy director Eric King. “It is outrageous that the government thinks mass surveillance, justified by secret “arrangements” that allow for vast and unrestrained receipt and analysis of foreign intelligence material is lawful.”

The group also said information obtained through these overseas “arrangements” was treated as if it were targeted surveillance, removing a requirement under UK law not to search for UK citizens and residents in such data troves. This means that British citizens could, in theory, be subject to warrantless monitoring by GCHQ.

Amnesty International and Liberty, the co-complainants in the IPT case, echoed Privacy International’s call for reform of surveillance safeguards.

“It is time the government comes clean on such crucial issues for people’s privacy as the sharing of communications intercepts with foreign governments,” said Amnesty International director of law and policy Mike Bostock. “Secret rules are woefully inadequate.”

Liberty’s legal director James Welsh said the tribunal submissions contradicted public statements from the government.

“The line the Government took at the hearing was that there were adequate safeguards, they just couldn’t be made public,” he said. “Leaving aside whether secret safeguards can ever be adequate, this reluctantly-made disclosure suggests otherwise.”

Last week, the foreign secretary, Phillip Hammond, told parliament’s Intelligence and Security Committee he expected that minister who signed surveillance warrants would likely have to justify themselves in front of a public inquiry at some point in the future.

“I’m sure I can speak for all of my colleague who sign warrants that we all have, in the back of our minds, that at some point in the future we will – not might be, but will – be appearing before some inquiry or tribunal or court accounting for the decisions that we’ve made and essentially accounting for the way we’ve applied the proportionality and necessity tests,” he said.

Hammond was also criticised for some of his answers to the committee, with experts suggesting the foreign secretary appeared not to understand the legal framework for the warrants he was signing , following a mischaracterisation of which types of communication would or would not require individual warrants.

quote:

FBI demands new powers to hack into computers and carry out surveillance

Agency requests rule change but civil liberties groups say ‘extremely invasive’ technique amounts to unconstitutional power grab

The FBI is attempting to persuade an obscure regulatory body in Washington to change its rules of engagement that would grant it significant new powers to hack into and carry out surveillance of computers throughout the US and around the world.

Civil liberties groups warn that the proposed rule change amounts to a power grab by the agency that would ride roughshod over strict limits to searches and seizures laid out under the fourth amendment of the US constitution, as well as violating first amendment privacy rights. They have protested that the FBI is seeking to transform its cyber capabilities with minimal public debate and with no congressional oversight.

The regulatory body to which the Department of Justice has applied to make the rule change, the advisory committee on criminal rules, will meet for the first time on November 5 to discuss the issue. The panel will be addressed by a slew of technology experts and privacy advocates concerned about the possible ramifications were the proposals allowed to go into effect next year.

“This is a giant step forward for the FBI’s operational capabilities, without any consideration of the policy implications. To be seeking these powers at a time of heightened international concern about US surveillance is an especially brazen and potentially dangerous move,” said Ahmed Ghappour, an expert in computer law at UC Hastings college of the law who will be addressing next week’s hearing.

The proposed operating changes related to rule 41 of the federal rules of criminal procedure, the terms under which the FBI is allowed to conduct searches under court-approved warrants. Under existing wording, warrants have to be highly focused on specific locations where suspected criminal activity is occurring and approved by judges located in that same district.

But under the proposed amendment, a judge can issue a warrant that would allow the FBI to hack into any computer, no matter where it is located. The change is designed specifically to help federal investigators carry out surveillance on computers that have been “anonymized” – that is, their location has been hidden using tools such as Tor.

The amendment inserts a clause that would allow a judge to issue warrants to gain “remote access” to computers “located within or outside that district” (emphasis added) in cases in which the “district where the media or information is located has been concealed through technological means”. The expanded powers to stray across district boundaries would apply to any criminal investigation, not just to terrorist cases as at present.

Were the amendment to be granted by the regulatory committee the FBI would have the green light to unleash its capabilities – known as “network investigative techniques” – on computers across America and beyond. The techniques involve clandestinely installing malicious software, or malware, onto a computer that in turn allows federal agents effectively to control the machine, downloading all its digital contents, switching its camera or microphone on or off, and even taking over other computers in its network.

“This is an extremely invasive technique,” said Chris Soghoian, principal technologist of the American Civil Liberties Union, who will also be addressing the hearing. “We are talking here about giving the FBI the green light to hack into any computer in the country or around the world.”

A glimpse into the kinds of operations that could multiply under the new powers was gained this week when Soghoian discovered from documents obtained by the Electronic Frontier Foundation that in 2007 the FBI had faked an Associated Press story as a ruse to insert malware into the computer of a US-based bomb plot suspect. The revelation prompted angry responses from the AP and from the Seattle Times, whose name was also invoked in the documents, though the FBI said it had not in the end imitated the newspaper.

Civil liberties and privacy groups are particularly alarmed that the FBI is seeking such a huge step up in its capabilities through such an apparently backdoor route. Soghoian said of next week’s meeting: “This should not be the first public forum for discussion of an issue of this magnitude.”

Jennifer Granick, director of civil liberties at the Stanford center for internet and society, said that “this is an investigative technique that we haven’t seen before and we haven’t thrashed out the implications. It absolutely should not be done through a rule change – it has to be fully debated publicly, and Congress must be involved.”

Ghappour has also highlighted the potential fall-out internationally were the amendment to be approved. Under current rules, there are no fourth amendment restrictions to US government surveillance activities in other countries as the US constitution only applies to domestic territory.

However, the US government does accept that it should only carry out clandestine searches abroad where the fourth amendment’s “basic requirement of reasonableness” applies. In a letter setting out its case for the Rule 41 reform, the department of justice states that new warrants issued to authorise FBI hacking into computers whose location was unknown would “support the reasonableness of the search”.

Ghappour fears that such a statement amounts to “possibly the broadest expansion of extraterritorial surveillance power since the FBI’s inception”. He told the Guardian that “for the first time the courts will be asked to issue warrants allowing searches outside the country”.

He warned that the diplomatic consequences could be serious, with short-term FBI investigations undermining the long-term international relationship building of the US state department. “In the age of cyber attacks, this sort of thing can scale up pretty quickly.”

Another insight into the expansive thrust of US government thinking in terms of its cyber ambitions was gleaned recently in the prosecution of Ross Ulbricht, the alleged founder of the billion-dollar drug site the Silk Road. Experts suspect that the FBI hacked into the Silk Road server, that was located in Reykjavik, Iceland, though the agency denies that.

In recent legal argument, US prosecutors claimed that even if they had hacked into the server without a warrant, it would have been justified as “a search of foreign property known to contain criminal evidence, for which a warrant was not necessary”.

quote:

Brazil Is Keeping Its Promise to Avoid the U.S. Internet

Brazil was not bluffing last year, when it said that it wanted to disconnect from the United States-controlled internet due to the NSA's obscenely invasive surveillance tactics. The country is about to stretch a cable from the northern city of Fortaleza all the way to Portugal, and they've vowed not to use a single U.S. vendor to do it.

At first glance, Brazil's plan to disconnect from the U.S. internet just seemed silly. The country was not happy when news emerged that the NSA's tentacles stretched all the way down to Brazil. And the country was especially not happy when news emerged that the NSA had been spying on the Brazilian government's email for years. But really, what are you gonna do?

Brazil made a bunch of bold promises, ranging in severity from forcing companies like Facebook and Google to move their servers inside Brazilian borders, to building a new all-Brazilian email system—which they've already done. But the first actionable opportunity the country was presented with is this transatlantic cable, which had been in the works since 2012 but is only just now seeing construction begin. And with news that the cable plan will not include American vendors, it looks like Brazil is serious; it's investing $185 million on the cable project alone. And not a penny of that sum will go to an American company.

The implications of Brazil distancing itself from the US internet are huge. It's not necessarily a big deal politically, but the economic consequences could be tremendously destructive. Brazil has the seventh largest economy in the world, and it continues to grow. So when Brazil finally does divorce Uncle Sam—assuming things continue at this rate—a huge number of contracts between American companies and Brazil will simply disappear. On the whole, researchers estimate that the United States could lose about $35 billion due to security fears. That's a lot of money.

We knew there would be backlash to the Snowden leaks, but it's not just political; Edward Snowden cost the United States a lot of money, even if that wasn't his plan. Yet here we are, waving goodbye to information technology revenues from one of the world's largest countries. Still, that's a small price to pay for knowing just how little privacy we've had all along.

quote:

GCHQ chief accuses US tech giants of becoming terrorists' 'networks of choice'

New director of UK eavesdropping agency accuses US tech firms of becoming ‘networks of choice’ for terrorists

Privacy has never been “an absolute right”, according to the new director of GCHQ, who has used his first public intervention since taking over at the helm of Britain’s surveillance agency to accuse US technology companies of becoming “the command and control networks of choice” for terrorists.

Robert Hannigan said a new generation of freely available technology has helped groups like Islamic State (Isis) to hide from the security services and accuses major tech firms of being “in denial”, going further than his predecessor in seeking to claim that the leaks of Edward Snowden have aided terror networks.

GCHQ and sister agencies including MI5 cannot tackle those challenges without greater support from the private sector, “including the largest US technology companies which dominate the web”, Hannigan argued in an opinion piece written for the Financial Times just days into his new job.

Arguing that GCHQ needed to enter into the debate about privacy, Hannigan said: “I think we have a good story to tell. We need to show how we are accountable for the data we use to protect people, just as the private sector is increasingly under pressure to show how it filters and sells its customers’ data.

“GCHQ is happy to be part of a mature debate on privacy in the digital age. But privacy has never been an absolute right and the debate about this should not become a reason for postponing urgent and difficult decisions.”

Hannigan, who was born in Gloucestershire, not far from GCHQ’s base, has advised the prime minister on counter-terrorism, intelligence and security policy, goes on to take aim at the role of major technology companies. A senior Foreign Office official, Hannigan succeeded Sir Iain Lobban at the Cheltenham-based surveillance agency.

While not naming any company in particular, the GCHQ director writes: “To those of us who have to tackle the depressing end of human behaviour on the internet, it can seem that some technology companies are in denial about its misuse.

“I suspect most ordinary users of the internet are ahead of them: they have strong views on the ethics of companies, whether on taxation, child protection or privacy; they do not want the media platforms they use with their friends and families to facilitate murder or child abuse.”

Hannigan asserts that the members of the public “know” the internet grew out of the values of western democracy and insists that customers of the technology firms he criticises would be “comfortable with a better, more sustainable relationship between the agencies and the technology companies.”

Heading towards the 25th anniversary of the creation of the world wide web, he calls for a “new deal” between democratic governments and the technology companies in the area of protecting citizens.

“It should be a deal rooted in the democratic values we share. That means addressing some uncomfortable truths. Better to do it now than in the aftermath of greater violence.”

In the same piece, Hannigan says Isis differs from its predecessors in the security of its communications, presenting an even greater challenge to the security services.

He writes: “Terrorists have always found ways of hiding their operations. But today mobile technology and smartphones have increased the options available exponentially.

“Techniques for encrypting messages or making them anonymous which were once the preserve of the most sophisticated criminals or nation states now come as standard. These are supplemented by freely available programs and apps adding extra layers of security, many of them proudly advertising that they are ‘Snowden approved’. There is no doubt that young foreign fighters have learnt and benefited from the leaks of the past two years.”

Among the advocates of privacy protection who reacted to Hannigan’s comments, the deputy director of Privacy International, Eric King, said: “It’s disappointing to see GCHQ’s new director refer to the internet – the greatest tool for innovation, access to education and communication humankind has ever known – as a command-and-control network for terrorists.”

King added: “Before he condemns the efforts of companies to protect the privacy of their users, perhaps he should reflect on why there has been so much criticism of GCHQ in the aftermath of the Snowden revelations. GCHQ’s dirty games – forcing companies to handover their customers’ data under secret orders, then secretly tapping the private fibre optic cables between the same companies’ data centres anyway – have lost GCHQ the trust of the public, and of the companies who services we use. Robert Hannigan is right, GCHQ does need to enter the public debate about privacy - but attacking the internet isn’t the right way to do it.”

The Electronic Frontier Foundation (EFF) meanwhile rejected the notion that an agreement between companies and governments was needed.

Jillian York, director of international free expression at EFF said: “A special “deal” between governments and companies isn’t necessary - law enforcement can conduct open source intelligence on publicly-posted content on social networks, and can already place legal requests with respect to users. Allowing governments special access to private content is not only a violation of privacy, it may also serve to drive terrorists underground, making the job of law enforcement even more difficult.”

Welcoming Hannigan’s participation in the public debate, the Labour Party MP Tom Watson said it helped to map out where we should draw the line on privacy and helps the same agencies “to rebuild their legitimacy post-Snowden”.

But he added: “I hope they do not confuse the use of public propaganda through social media by extremists with the use of the covert communications. It is illogical to say that because Isis use Twitter, all our metadata should be collected without warrant.”

Hannigan’s comments come after the director of the FBI, James Comey, called for “a regulatory or legislative fix” for technology companies’ expanding use of encryption to protect user privacy.

Reacting last month to the introduction of strong default encryption by Apple and Google on their latest mobile operating systems, Comey said “the post-Snowden pendulum has swung too far in one direction - in a direction of fear and mistrust.”

“Justice may be denied because of a locked phone or an encrypted hard drive,” said Comey. Without a compromise, “homicide cases could be stalled, suspects could walk free, and child exploitation victims might not be identified or recovered.”

quote:

Federal Judge Says Public Has a Right to Know About FBI’s Facial Recognition Database

A federal judge has ruled that the FBI's futuristic facial-recognition database is deserving of scrutiny from open-government advocates because of the size and scope of the surveillance technology.

U.S. District Judge Tanya Chutkan said the bureau's Next Generation Identification program represents a "significant public interest" due to concerns regarding its potential impact on privacy rights and should be subject to rigorous transparency oversight.

"There can be little dispute that the general public has a genuine, tangible interest in a system designed to store and manipulate significant quantities of its own biometric data, particularly given the great numbers of people from whom such data will be gathered," Chutkan wrote in an opinion released late Wednesday.

Her ruling validated a Freedom of Information Act lawsuit filed by the Electronic Privacy Information Center that last year made a 2010 government report on the database public and awarded the group nearly $20,000 in attorneys' fees. That government report revealed the FBI's facial-recognition technology could fail up to 20 percent of the time. Privacy groups believe that failure rate may be even higher, as a search can be considered successful if the correct suspect is listed within the top 50 candidates.

"The opinion strongly supports the work of open-government organizations and validates their focus on trying to inform the public about government surveillance programs," said Jeramie Scott, national security counsel with EPIC.

Privacy groups, including EPIC, have long assailed Next Generation Identification, which they argue could be used as an invasive means of tracking that collects images of people suspected of no wrongdoing. The program—a biometric database that includes iris scans and palm prints along with facial recognition—became "fully operational" this summer, despite not undergoing an internal review, known as a Privacy Impact Assessment, since 2008. Government officials have repeatedly pledged they would complete a new privacy audit.

FBI Director James Comey has told Congress that the database would not collect or store photos of ordinary citizens, and instead is designed to "find bad guys by matching pictures to mug shots." But privacy groups contend that the images could be shared among the FBI and other agencies, including the National Security Agency, and even with state motor-vehicle departments.

In his testimony, given in June, Comey did not completely refute that database information could potentially be shared with states, however.

Government use of facial-recognition technology has undergone increasing scrutiny in recent years, as systems once thought to exist only in science fiction movies have become reality. TheNew York Times reported on leaks from Edward Snowden revealing that the NSA intercepts "millions of images per day" across the Internet as part of an intelligence-gathering program that includes a daily cache of some 55,000 "facial-recognition quality images."

The Justice Department did not immediately return a request for comment regarding whether it will appeal Chutkan's decision.

quote:

IAB Statement on Internet Confidentiality

IAB Statement on Internet Confidentiality

In 1996, the IAB and IESG recognized that the growth of the Internet
depended on users having confidence that the network would protect
their private information. RFC 1984 documented this need. Since that
time, we have seen evidence that the capabilities and activities of
attackers are greater and more pervasive than previously known. The IAB
now believes it is important for protocol designers, developers, and
operators to make encryption the norm for Internet traffic. Encryption
should be authenticated where possible, but even protocols providing
confidentiality without authentication are useful in the face of
pervasive surveillance as described in RFC 7258.

Newly designed protocols should prefer encryption to cleartext operation.
There may be exceptions to this default, but it is important to recognize
that protocols do not operate in isolation. Information leaked by one
protocol can be made part of a more substantial body of information
by cross-correlation of traffic observation. There are protocols which
may as a result require encryption on the Internet even when it would
not be a requirement for that protocol operating in isolation.

We recommend that encryption be deployed throughout the protocol stack
since there is not a single place within the stack where all kinds of
communication can be protected.

The IAB urges protocol designers to design for confidential operation by
default. We strongly encourage developers to include encryption in their
implementations, and to make them encrypted by default. We similarly
encourage network and service operators to deploy encryption where it is
not yet deployed, and we urge firewall policy administrators to permit
encrypted traffic.

We believe that each of these changes will help restore the trust users
must have in the Internet. We acknowledge that this will take time and
trouble, though we believe recent successes in content delivery networks,
messaging, and Internet application deployments demonstrate the
feasibility of this migration. We also acknowledge that many network
operations activities today, from traffic management and intrusion
detection to spam prevention and policy enforcement, assume access to
cleartext payload. For many of these activities there are no solutions
yet, but the IAB will work with those affected to foster development of
new approaches for these activities which allow us to move to an Internet
where traffic is confidential by default.

quote:

Judge threatens detective with contempt for declining to reveal cellphone tracking methods

Baltimore prosecutors withdrew key evidence in a robbery case Monday rather than reveal details of the cellphone tracking technology police used to gather it.

The surprise turn in Baltimore Circuit Court came after a defense attorney pressed a city police detective to reveal how officers had tracked his client.

City police Det. John L. Haley, a member of a specialized phone tracking unit, said officers did not use the controversial device known as a stingray. But when pressed on how phones are tracked, he cited what he called a "nondisclosure agreement" with the FBI.

"You don't have a nondisclosure agreement with the court," Baltimore Circuit Judge Barry G. Williams replied. Williams threatened to hold Haley in contempt if he did not respond. Prosecutors decided to withdraw the evidence instead.

The tense exchange during a motion to suppress evidence in the robbery trial of 16-year-old Shemar Taylor was the latest confrontation in a growing campaign by defense attorneys and advocates for civil liberties nationwide to get law enforcement to provide details of their phone tracking technology, and how and when they use it.

Law enforcement officials in Maryland and across the country say they are prohibited from discussing the technology at the direction of the federal government, which has argued that knowledge of the devices would jeopardize investigations.

"Courts are slowly starting to grapple with these issues," said Nathan Freed Wessler, an attorney with the American Civil Liberties Union who is tracking stingray cases. "What we're talking about is basic information about a very commonly used police tool, but because of the extreme secrecy that police have tried to invoke, there are not many court decisions about stingrays."

Defense attorney Joshua Insley still believes that police used a stingray to find Taylor. He cited a letter in which prosecutors said they were prohibited by the Department of Justice from disclosing information about methods used in their investigation.

The portable device was developed for the military to help zero in on cellphones. It mimics a cellphone tower to force nearby phones to connect to it.

Records shows that the Baltimore Police Department purchased a stingray for $133,000 in 2009.

Some critics say the use of such technology might be appropriate, with court approval, to help law enforcement locate a suspect. But in the secrecy surrounding its use, they say, it's not always clear that law enforcement officials have secured the necessary approval, or stayed within their bounds.

They also express concern for the privacy of other cellphones users whose data are caught up in a search.

In the case before the court Monday, two teens are accused of robbing a Papa John's pizza delivery driver at gunpoint in April.

Police say phone records show that the phone that was used to call in the delivery was also used to make and receive hundreds of calls to and from Taylor's phone. Police believe the first phone belonged to Taylor's co-defendant. They say Taylor confessed after he was arrested.

Taylor is being tried as an adult. The other suspect is being tried as a juvenile.

In court Monday, the robbery detective who prepared the warrant to search Taylor's home testified that members of the department's Advanced Technical Team did a "ride-by" — described in court papers as "sophisticated technical equipment" — to determine one of the phones was inside the home. Detective Alan Savage said he did not know what technology or techniques the unit employs.

The defense then called Haley to the stand. He said police can use data from the cellphone companies to locate phones in real time.

Insley asked Haley whether police can ascertain a phone's location "independently," without the help of a phone company. Haley said yes.

When asked how, he balked.

"I wouldn't be able to get into that," Haley said.

Insley tried again later. Haley responded that police can get GPS location data from phone companies.

"Then there's equipment we would use that I'm not going to discuss that would aid us in that investigation," Haley said.

Williams, the judge, instructed Haley to answer the question. Haley invoked the nondisclosure agreement.

"I can't. I'm sorry. I can't," Haley said.

Williams called Insley's question "appropriate," and threatened to hold Haley in contempt if he did not answer.

Haley demurred again, and Assistant State's Attorney Patrick R. Seidel conferred with other prosecutors in court to observe the hearing.

Finally, Seidel said prosecutors would drop all evidence found during the search of the home — including, authorities have said, a .45-caliber handgun and the cellphone. The prosecutor said the state would continue to pursue the charges.

Wessler, of the ACLU, said Williams was right to ignore the nondisclosure agreement with the FBI.

"You can't contract out of constitutional disclosure obligations," Wessler said. "A secret written agreement does not invalidate the Maryland public records law [and] does not invalidate due process requirements of giving information to a criminal defendant."

Attorneys say they have suspected for years that police were employing secret methods to track cellphones. But only recently have they begun to find what they believe are clear examples.

Police and prosecutors in another case ran into a similar problem in September, when they were asked to reveal how a cellphone was tracked.

Sgt. Scott Danielczyk, another member of the Advanced Technical Team, testified in that home invasion case — also before Judge Williams — that police used data from a court order to track a cellphone to the general area of the 1400 block of E. Fayette St.

Danielczyk and three other members of the unit were tasked to "facilitate finding it," he testified, and determined the phone was in the possession of someone on a bus.

Williams asked how Danielczyk concluded the phone was being carried by the suspect.

"Um, we had information that he had the property on him," the officer said.

Williams pressed.

"This kind of goes into Homeland Security issues, your honor," Danielczyk said.

"If it goes into Homeland Security issues, then the phone doesn't come in," Williams said. "I mean, this is simple. You can't just stop someone and not give me a reason."

In that case, too, the phone evidence is no longer in play. Prosecutors are proceeding without it.

quote:

The Irrelevance of the U.S. Congress in Stopping NSA Mass Surveillance: What Matters Instead

quote:

The “USA Freedom Act” – which its proponents were heralding as “NSA reform” despite its suffocatingly narrow scope – died in the august U.S. Senate last night when it attracted only 58 of the 60 votes needed to close debate. All Democratic and independent Senators except one (Bill Nelson of Florida) voted in favor, as did three tea-party GOP Senators (Ted Cruz, Mike Lee and Dean Heller). One GOP Senator, Rand Paul, voted against it on the ground that it did not go nearly far enough in reining in the NSA. On Monday, the White House issued a statement “strongly supporting” the bill.

The “debate” among the Senators that preceded the vote was darkly funny and deeply boring, in equal measure. The black humor was due to the way one GOP Senator after the next – led by ranking Senate Intelligence Committee member Saxby Chambliss (pictured above) – stood up and literally screeched about 9/11 and ISIS over and over and over, and then sat down as though they had made a point. Their scary script was unveiled earlier that morning by a Wall Street Journal op-ed by former Bush Attorney General Mike Mukasey and former CIA and NSA Director Mike Hayden warning that NSA reform would make the terrorists kill you; it appeared under this Onion-like headline:



So the pro-NSA Republican Senators were actually arguing that if the NSA were no longer allowed to bulk-collect the communication records of Americans inside the U.S., then ISIS would kill you and your kids. But because they were speaking in an empty chamber and only to their warped and insulated D.C. circles and sycophantic aides, there was nobody there to cackle contemptuously or tell them how self-evidently moronic it all was. So they kept their Serious Faces on like they were doing The Nation’s Serious Business, even though what was coming out of their mouths sounded like the demented ramblings of a paranoid End is Nigh cult.

quote:

There is a real question about whether the defeat of this bill is good, bad, or irrelevant. To begin with, it sought to change only one small sliver of NSA mass surveillance (domestic bulk collection of phone records under section 215 of the Patriot Act) while leaving completely unchanged the primary means of NSA mass surveillance, which takes place under section 702 of the FISA Amendments Act, based on the lovely and quintessentially American theory that all that matters are the privacy rights of Americans (and not the 95% of the planet called “non-Americans”).

There were some mildly positive provisions in the USA Freedom Act: the placement of “public advocates” at the FISA court so that someone contests the claims of the US Government; the prohibition on the NSA holding Americans’ phone records, requiring instead that they obtain FISA court approval before seeking specific records from the telecoms (which already hold those records for at least 18 months); and reducing the agency’s “contact chaining” analysis from three hops to two. One could reasonably argue (as the ACLU and EFF did) that, though woefully inadequate, the bill was a net-positive as a first step toward real reform, but one could also reasonably argue, as Marcy Wheeler has with characteristic insight, that the bill is so larded with ambiguities and fundamental inadequacies that it would forestall better options and advocates for real reform should thus root for its defeat.

When pro-privacy members of Congress first unveiled the bill many months ago, it was actually a good bill: real reform. But the White House worked very hard – in partnership with the House GOP – to water that bill down so severely that what the House ended up passing over the summer did more to strengthen the NSA than rein it in, which caused even the ACLU and EFF to withdraw their support. The Senate bill rejected last night was basically a middle ground between that original, good bill and the anti-reform bill passed by the House.

All of that illustrates what is, to me, the most important point from all of this: the last place one should look to impose limits on the powers of the U.S. Government is . . . the U.S. Government. Governments don’t walk around trying to figure out how to limit their own power, and that’s particularly true of empires.

quote:

Those who like to claim that nothing has changed from the NSA revelations simply ignore the key facts that negate that claim, including the serious harm to the U.S. tech sector from these disclosures, driven by the newfound knowledge that U.S. companies are complicit in mass surveillance. Obviously, tech companies don’t care at all about privacy, but they care a lot about that.

quote:

Increased individual encryption use is a serious impediment to NSA mass surveillance: far stronger than any laws the U.S. Congress might pass. Aside from the genuine difficulty the agency has in cracking well-used encryption products, increased usage presents its own serious problem. Right now, the NSA – based on the warped mindset that anyone who wants to hide what they’re saying from the NSA is probably a Bad Person – views “encryption usage” as one of its key factors in determining who is likely a terrorist. But that only works if 10,000 people around the world use encryption. Once that number increases to 1 million, and then to 10 million, and then to default usage, the NSA will no longer be able to use encryption usage as a sign of Bad People. Rather than being a red flag, encryption will simply be a brick wall: one that individuals have placed between the snooping governments and their online activities. That is a huge change, and it is coming.

quote:

Smartphone encryption could lead to death of a child, government claims

quote:

'Brits telecombedrijf was betrokken bij afluisterschandaal NSA'

Een groot telecombedrijf uit Groot-Brittannië heeft een belangrijke rol gespeeld in het afluisterschandaal rond de Amerikaanse inlichtingendiensten NSA, dat werd onthuld door Edward Snowden.

Dat meldt het Britse Channel 4 News.

Het zou gaan om een bedrijf dat in juli 2012 is overgenomen door Vodafone: Cable and Wireless.

De Britse tv-zender zou door Snowden gelekte documenten hebben ingezien. Daaruit blijkt dat het bedrijf onderdeel was van een geheim project, waarvoor bedrijven grote hoeveelheden internetverkeer verzamelden: een kwart van dat verkeer loopt door het Verenigd Koninkrijk.

De Britse inlichtingendienst GCHQ zou volgens Channel 4 News met particuliere bedrijven zoals Cable and Wireless een soort geheime vennootschappen hebben ontwikkeld. De bedrijven werden vermeld onder codenamen. Zo heette Cable and Wireless 'Gerontic'.

Het bedrijf zou de GCHQ onder andere hebben geholpen bij het testen van afluisterapparatuur. Cable and Wireless zou zelfs een medewerker van de Britse inlichtingendienst in voltijd-dienst hebben.

Ook zou het bedrijf ervoor hebben gezorgd dat Britse spionnen de privé-communicatie van miljoenen internetgebruikers over de hele wereld konden verzamelen.

Vodafone

In een reactie benadrukte Vodafone dat de GCHQ nooit directe toegang tot haar netwerk is verleend. Volgens het telecombedrijf had de inlichtingendienst enkel toegang tot de klantengegevens kunnen krijgen met toestemming van Vodafone zelf. Dat zou ook gelden voor andere telecombedrijven.

quote:

Plasterk: diensten moeten kabelgebonden data kunnen onderscheppen

Het kabinet wil de bevoegdheden van de inlichtingendiensten verruimen. Ook communicatie via de kabel zou in de toekomst massaler mogen worden onderschept. Wel moet dat doelgericht en stapsgewijs gebeuren.

quote:

Met het langverwachte voorstel geeft het kabinet gevolg aan de commissie-Dessens, die in december vorig jaar concludeerde dat de huidige spionagewet achterhaald is. Daarin wordt onderscheid gemaakt tussen kabelgebonden en draadloze communicatie. Nu mag het verkeer alleen in het laatste geval (als het via satellieten of portofoons verloopt) in 'bulk' worden onderschept. Dit terwijl 90 procent van de communicatie tegenwoordig via de kabel gaat (denk aan communicatie via internet en smartphone). Dat onderscheid zal straks verdwijnen.

NSA

De verruiming zal door privacyvoorvechters met argusogen worden bekeken. Hiermee krijgen de Nederlandse diensten AIVD en MIVD wettelijke mogelijkheden die enigszins lijken op de praktijken van de Amerikaanse inlichtingendienst NSA, die zijn sleepnetten ongebreideld over de wereld kon uitwerpen.

quote:

'Geen bewijs voor aftappen telefoon Merkel'

quote:

In juni begon een commissie een onderzoek naar de praktijken. 'De uitkomst is nul. Het is hete lucht. Er zijn geen feiten', aldus de bron binnen Openbaar Ministerie.

quote:

Edward Snowden: state surveillance in Britain has no limits

Whistleblower and former NSA analyst says UK regulation allows GCHQ snooping to go beyond anything seen in US

The UK authorities are operating a surveillance system where “anything goes” and their interceptions are more intrusive to people’s privacy than has been seen in the US, Edward Snowden said.

Speaking via Skype at the Observer Ideas festival, held in central London, the whistleblower and former National Security Agency specialist, said there were “really no limits” to the GCHQ’s surveillance capabilities.

He said: “In the UK … is the system of regulation where anything goes. They collect everything that might be interesting. It’s up to the government to justify why it needs this. It’s not up to you to justify why it doesn’t … This is where the danger is, when we think about … evidence being gathered against us but we don’t have the opportunity to challenge that in courts. It undermines the entire system of justice.”

He also said he thought that the lack of coverage by the UK papers of the story, or the hostile coverage of it, other than by the Guardian, “did a disservice to the public”.

His appearance at the festival on Sunday marked the end of a weekend of almost frenetic social activity by his highly reclusive standards: he appeared at two public events and was the absent star of Laura Poitras’ documentary, Citizenfour, which premiered in New York on Friday.

Collectively, the events revealed a more rounded, human, portrait of the former NSA analyst than had been seen before, and offered a few telling glimpses of what his life was now like in Moscow.

The coverage revealed that Snowden does not drink alcohol, has never been drunk, and that he misses his “old beat-up car”. He also revealed that he has got a job, working on “a very significant grant for a foundation” on a project “for the benefit of the press and journalists working in threatened areas”.

Poitras’ documentary included the revelation that his girlfriend, Lindsay Mills, had joined him in Moscow, and at the New Yorker festival on Saturday he was asked by a member of the audience if “she had been mad” at him given that he had left without warning to find a refuge.

She was not “entirely pleased” he said. “But at the same time it was an incredible reunion because she understood and that meant a lot to me. Although she had a very, very, challenging year. and I leave it to her to discuss that when and if she is ever ready. It was a meeting I’ll never forget.”

A member of the audience at Observer Ideas pointed out that he had been living in paradise with a dancer for a girlfriend and asked, are you mad? He laughed and talked about all the things that he had given up: his job, his home, his family. “And I can’t return to the home country and that’s a lot to give up.”

But, he said: “What kind of world do we want to live in? Do you want to live in a world in which governments make decisions behind closed doors? And when you ask me, I say no.”

He also issued his strongest warning yet about how Silicon Valley firms were compromising the privacy of the public. Google and Facebook, he said, were “dangerous services”. His strongest condemnation was against Dropbox and urged erasure of it from computers. It encrypted your data, he told the audience, but kept the key and would give that to any government which asked.

The irony of the fact that he was appearing via Google Hangout and Skype was not lost on the audience. Later, he said: “No kidding, right? I’m about to disconnect this machine and toss it into a fire, though.”

His more serious point was that he said he believed the battle against the intrusions of big corporations into privacy was a much harder battle to win than the governments’.

He said later: “The unexplored elephant is the corporations – so privileged, so powerful in access, so unregulated – [and] are then tapped by the government.[…] I don’t think it’s unreasonable to think that major corporations have a hand in setting government policy today. Certainly in the US, given our campaign finance issues.”

quote:

Ecuadorean President Correa’s computers hacked, blamed on US spy agencies

quote:

Hackers targeted and hacked Ecuador President Rafael Correa’s computers and internet systems on 20th November. Telesur, the official Ecuadorian press agency said that the attacks were carried out through out the day on 2oth November. Meanwhile President Correa has alleged that American spy agencies are behind the attacks.

quote:

He accused the US of “systematic, high-tech” cyber-attacks on his private internet accounts and computers which according to him were was traced back to American servers.

quote:

Though President Correa gave very few details in the Twitter posts except the fact that they were systematic attacks with high technology and very huge resources, the Latin media was more forthcoming on this issue. Telesur said that the attacks carried on throughout all of last Thursday, November 20, and that they are an American effort. Another paper which carries President weekly broadcast called Citizen Link no.399 stated,

twitter:

koenrh twitterde op zondag 23-11-2014 om 21:41:58 Q&A with Laura Poitras, Sarah Harrison, Jacob Appelbaum after the Dutch premiere of Citizenfour. #IDFA http://t.co/1qcppLVOwO reageer retweet

quote:

Latest Snowden leak shows UK, US behind Regin malware, attacked European Union

Blame the British and American spy agencies for the latest state-sponsored malware attack, say reporters at The Intercept.

The publication, which in the wake of Glenn Greenwald's departure from The Guardian continued to publish documents leaked by Edward Snowden, said on Monday the recently discovered malware, known as Regin, was used against targets in the European Union.

One of those targets included Belgian telecommunications company Belgacom, which had its networks broken into by the British spy agency the Government Communications Headquarters (GCHQ).

Regin was first publicly talked about over the weekend after Symantec discovered the "sophisticated" malware, though is understood to have been in circulation since 2008.

Compared to Stuxnet, the state-sponsored malware whose creators have never been confirmed, the recently-discovered trojan steals data from machines and networks it infects, disguised as Microsoft software.

Some began to point the finger at Russia and China, but these were quickly discounted by industry experts. Others suspected the U.S. and Israel — a deal already exists that allows the Middle Eastern allied state to access raw and "unchecked" U.S. collected intelligence.

They weren't far off. According to Monday's report, the U.S. working in conjunction with Britain, a European member state (though perhaps not for much longer) attacked Belgacom using the Regin malware.

Though the Belgacom hack was disclosed by Snowden's leaks, the malware used had never been revealed.

The new details from The Intercept show how GCHQ embarked upon its "hacking mission," known as Operation Socialist, by accessing Belgacom's networks in 2010. By targeting engineers through a faked LinkedIn page, GCHQ was able to get deep inside the Internet provider to steal data.

One of Belgacom's main clients was the European Commission, the European Parliament, and the European Council of member state leaders.

Exactly how member states of the European Union — there are 28 of them including the U.K. — will react to one of its own member states launching a successful hacking attack against their executive body, remains unknown.

But while members of the Parliament and Commission staff have, over the years, seen the U.S. as one of the greatest threats to the region's data protection and privacy policies, they should have been looking a little closer to home.

twitter:

e3i5 twitterde op dinsdag 25-11-2014 om 15:15:43 Wow. Full list of undersea fibre optic cables GCHQ is accessing has been published. http://t.co/hsMtCcMHiC http://t.co/ZqpJpkXpqA reageer retweet

quote:

Snowden-Leaks: How Vodafone-Subsidiary Cable & Wireless Aided GCHQ’s Spying Efforts

quote:

Previously unpublished documents show how the UK telecom firm Cable & Wireless, acquired by Vodafone in 2012, played a key role in establishing one of the Government Communications Headquarters’ (GCHQ) most controversial surveillance programs.

A joint investigation by NDR, WDR, Süddeutsche Zeitung and Channel 4 based on documents leaked by whistleblower Edward Snowden, reveals that Cable & Wireless actively shaped and provided the most data to GCHQ mass surveillance programs, and received millions of pounds in compensation. The documents also suggest that Cable & Wireless assisted GCHQ in breaking into a competitor’s network.

In response to these allegations, Vodafone said that an internal investigation found no evidence of unlawful conduct, but the company would not deny it happened.

"What we have in the UK is a system based on warrants, where we receive a lawful instruction from an agency or authority to allow them to have access to communications data on our network. We have to comply with that warrant and we do and there are processes for us to do that which we’re not allowed to talk about because the law constrains us from revealing these things. We don’t go beyond what the law requires” a Vodafone spokesperson told Channel 4.

In August 2013 Süddeutsche Zeitung and NDR first named Vodafone as one of the companies assisting the GCHQ. Reports that Vodafone secretly provided customer data to intelligence agencies damaged the company’s relation to German customers. Few months later Der Spiegel reported that the NSA had spied on Chancellor Angela Merkel, whose cell phone was on a Vodafone contract.

This could be a coincidence. No evidence suggests that Vodafone was involved in the “Merkelphone” scandal. But unlike Facebook, Yahoo, or other companies forced to cooperate with the intelligence services, Vodafone has yet to challenge the GCHQ publicly. Konstantin von Notz, a German member of the Bundestag for the Green Party, urges Vodafone to take legal action: „A company such as Vodafone, which has responsibility for so many customers, has to take a clear stand against these data grabs.“

Similarly, Vodafone has provided no explanation as to why GCHQ discussed “potential new deployment risks identified by GERONTIC” in June 2008. According to the Snowden-documents “GERONTIC” was the GCHQ codename for Cable & Wireless, and after acquisition in 2012 (at least for a while) presumably for Vodafone.

quote:

German loophole allows BND spy agency to snoop on own people

Intelligence agency can legally intercept calls and emails from Germans working abroad for foreign firms, MPs discover

German MPs examining the surveillance activities the US National Security Agency have found a legal loophole that allows the Berlin’s foreign intelligence agency to spy on its own citizens.

The agency, known by its German acronym BND, is not usually allowed to intercept communications made by Germans or German companies, but a former BND lawyer told parliament this week that citizens working abroad for foreign companies were not protected.

The German government confirmed on Saturday that work-related calls or emails were attributed to the employer. As a result, if the employer is foreign, the BND could legally intercept them.

Opposition politicians have accused Angela Merkel’s government of pretending to be outraged about alleged spying by the NSA while condoning illegal surveillance itself.

The revelation comes after a BND employee was arrested in July on suspicion of selling secret documents to a CIA contact. Rather than report the contact to their allied German counterparts, the US spy agency was reported to have paid the agent ¤25,000 (£20,000) for 218 documents classified as confidential or top secret.

The incident prompted Germany to consider stepping up its counter-espionage efforts. Possible measures include monitoring the intelligence activities of nominal Nato allies such as the US, Britain and France, and expelling US agents from Germany.

In June the BND officially revealed some of its worst-kept secrets by acknowledging that half a dozen facilities are in fact spy stations.

The agency had for decades maintained that it had nothing to do with sites bearing cryptic names such as the Ionosphere Institute, but amateur sleuths long suspected their true identities and posted them online.

At a ceremony in the Bavarian town of Bad Aibling, the agency’s chief, Gerhard Schindler, officially attached the BND’s logo to the entrance of a site previously called the Telecommunications Traffic Office of the German Armed Force.

The facility features several giant golf ball-shaped radio domes commonly used for eavesdropping on radio, data and phone traffic.

quote:

UK Police Accidentally Sent Documents Admitting To Spying On Journalists To Newspaper, Asked Not To Publish

UK police in Cleveland accidentally sent documents revealing that it has used controversial anti-terror laws to spy on journalists who had not committed any crimes to an area newspaper.

The Cleveland Police “erroneously” sent information to industry paper the Press Gazette indicating that it had used the Regulation of Investigatory Powers Act (RIPA) to obtain telecommunications data while searching for a journalist’s source.

The publication reports that police asked them to delete the documents but says they were unwilling to do so because, “there is a strong public interest in disclosing it.”

RIPA, which regulates how authorities can intercept and monitor communications, is under increased scrutiny as it has emerged that at least four other U.K. police forces have used it to seize telecommunications data while hunting for journalists’ sources. The journalists affected have not been accused of any criminal wrongdoing.

Earlier this week it emerged that after the Metropolitan Police used RIPA to try and access the details of a single journalist in March after wireless carrier Vodafone accidentally provided the phone records of more than 1,500 users. Rather than deleting the data, the department analyzed it in a spreadsheet and stored it for seven months.”

In another incident, a local council used RIPA to follow and spy on a journalist meeting a source at a café as she investigated “allegations of wrongdoing within the council’s environmental services department,” ultimately “scuppering” her investigation.

Testifying before the Home Affairs Select Committee, the National Union of Journalists has also condemned police use of RIPA as “systemic,” arguing that it risks doing “irreparable damage.”

There is now an ongoing investigation into misuse of the Act by the Interception of Communications Commissioner’s Office (IOCCO), which is to be published in January 2015.

quote:

Amazon’s frightening CIA partnership: Capitalism, corporations and our massive new surveillance state

When Internet retailer and would-be 21st century overlord Amazon.com kicked WikiLeaks off its servers back in 2010, the decision was not precipitated by men in black suits knocking on the door of one of Jeff Bezos’ mansions at 3 a.m., nor were any company executives awoken by calls from gruff strangers suggesting they possessed certain information that certain individuals lying next to them asking “who is that?” would certainly like to know.

Corporations, like those who lead them, are amoral entities, legally bound to maximize quarterly profits. And rich people, oft-observed desiring to become richer, may often be fools, but when it comes to making money even the most foolish executive knows there’s more to be made serving the corporate state than giving a platform to those accused of undermining national security.

The whistle-blowing website is “putting innocent people in jeopardy,” Amazon said in a statement released 24 hours after WikiLeaks first signed up for its Web hosting service. And the company wasn’t about to let someone use their servers for “securing and storing large quantities of data that isn’t rightfully theirs,” even if much of that data, leaked by Army private Chelsea Manning, showed that its rightful possessors were covering up crimes, including the murder of innocent civilians from Yemen to Iraq.

The statement was over the top — try as it might, not even the government has been able to point to a single life lost due to Manning’s disclosures — but, nonetheless, Amazon’s capitalist apologists on the libertarian right claimed the big corporation had just been victimized by big bad government. David Henderson, a research fellow at Stanford University’s Hoover Institution, explained that those calling for a boycott of Amazon were out of line, as the real enemy was “megalomaniacal Senator Joe Lieberman,” who had earlier called on Amazon to drop WikiLeaks (and is, admittedly, a rock-solid choice for a villain).

“The simple fact is that we live in a society whose governments are so big, so powerful, so intrusive, and so arbitrary, that we have to be very careful in dealing with them,” Henderson wrote. That Amazon itself cited a purported violation of its terms of service to kick WikiLeaks off its cloud was “a lie,” according to Henderson, meant to further protect Amazon from state retribution. Did it make him happy? No, of course not. “But boycotting one of the government’s many victims? No way.”

But Amazon was no victim. Henderson, like many a libertarian, fundamentally misreads the relationship between corporations and the state, creating a distinction between the two that doesn’t really exist outside of an intro-to-economics textbook. The state draws up the charter that gives corporations life, granting them the same rights as people — more rights, in fact, as a corporate person can do what would land an actual person in prison with impunity or close to it, as when Big Banana was caught paying labor organizer-killing, right-wing death squads in Colombia and got off with a fine.

Corporations are more properly understood not as victims of the state, but its for-profit accomplices. Indeed, Amazon was eager to help the U.S. government’s campaign against a website that — thanks almost entirely to Chelsea Manning — had exposed many embarrassing acts of U.S. criminality across the globe: the condoning of torture by U.S. allies in Iraq; the sexual abuse of young boys by U.S. contractors in Afghanistan; the cover-up of U.S. airstrikes in Yemen, including one that killed 41 civilians, 21 of them children. The decision to boot WikiLeaks was, in fact, one that was made internally, no pressure from the deep state required.

“I consulted people I knew fairly high up in the State Department off the record, and they said that they did not have to put pressure … on Amazon for that to happen,” said Robert McChesney, a professor of communication at the University of Illinois, in an appearance on “Democracy Now!.” “It was not a difficult sell.”

And it paid off. A little more than a year later, Amazon was awarded a generous $600 million contract from the CIA to build a cloud computing service that will reportedly “provide all 17 [U.S.] intelligence agencies unprecedented access to an untold number of computers for various on-demand computing, analytic, storage, collaboration and other services.” As The Atlantic noted, and as former NSA contractor Edward Snowden revealed, these same agencies collect “billions and perhaps trillions of pieces of metadata, phone and Internet records, and other various bits of information on an annual basis.”

That is to say: On Amazon’s servers will be information on millions of people that the intelligence community has no right to possess — Director of National Intelligence James Clapper initially denied the intelligence community was collecting such data for a reason — which is used to facilitate corporate espionage and drone strikes that don’t just jeopardize innocent lives, but have demonstrably ended hundreds of them.

Instead of helping expose U.S. war crimes, then, Amazon’s cloud service could be used to facilitate them, for which it will be paid handsomely — which was, in all likelihood, the whole point of the company proving itself a good corporate citizen by disassociating itself from an organization that sought to expose its future clients in the intelligence community.

“We look forward to a successful relationship with the CIA,” Amazon said in a 2013 statement after winning that long-sought contract (following a protracted battle for it with a similarly eager tech giant, IBM).

If it were more honest, Amazon might have said “We look forward to a successful relationship with the [coup d’état-promoting, drone-striking, blood-stained] CIA.”

And if it were more honest, Amazon could have said the same thing in 2010.

So long as there are giant piles of money to be made by systematically violating the privacy of the public (the CIA and NSA together enjoy a budget of over $25 billion), corporations will gladly lie in the same bed as those who created them, which is, yes, gross. Protecting consumer privacy is at best an advertising slogan, not a motivating principle for entities whose sole responsibility to shareholders is to maximize quarterly profits. This isn’t an admission of defeat — and when companies fear state-sanctioned invasions of privacy will cost them customers in the private sector or contracts with foreign states, they do sometimes roll back their participation — but a call to recognize the true villain: If we desire more than just an iPhone with encryption, we must acknowledge the issue is not just a few individual megalomaniacs we call senators, but a system called capitalism that systemically encourages this behavior.

In the 1970s, following the resignation of President Richard Nixon, the Church Committee exposed rampant spying on dissidents that was illegal even according to the loose legal standards of the time. Speeches were made, reforms were demanded and new laws were passed. The abuses, it was claimed, were relegated to history. What happened next? Look around: The total surveillance we enjoy today, enabled by high-tech military contractors including AT&T and Google and Verizon and every other nominally private tech company that capitalism encourages to value profits over privacy — a public-private partnership that grants those in power a means of spying on the powerless beyond the wildest dreams of any 20th century totalitarian. Sure, ostensibly communist states can of course be quite awful too, but the difference is that, in capitalist nations, the citizens actually place the eavesdropping devices in their own homes.

Now, whether the reforms of the 1970s were inadequate or were just plain ignored by those who were to be reformed is sort of beside the point; the status quo is what it is and, at least if one values privacy and the ability to organize and engage in political discussion and search the Internet without fear a spy agency or one of its contractors is monitoring it all in real-time, it sure isn’t good. So when groups such as the Electronic Frontier Foundation and progressive magazines such as The Nation call for “another Church Committee,” the question we ought to ask them is: “Fucking really?”

Abolishing capitalism is indeed a utopian goal, but when corporations routinely go above and beyond their legal duties to serve the state — granting police and intelligence agencies access to their customers’ data without so much as a judge’s rubberstamp on a warrant — expecting meaningful change from a few hearings or legislative reforms will only leave the reformers disappointed to find their efforts have just led to dystopia. So long as there’s money to be made serving the corporate state, that is what corporations will do; there’s no need to resort to conspiracy for it’s right there in their corporate. And that’s not to be defeatist, but to suggest we ought to try a different approach: we ought to be organizing to put a stop to public-private partnerships altogether.

Right-wing libertarians and other defenders of capitalism are absolutely right when they say that the profit motive is a mighty motive indeed — and that’s precisely why we should seek to remove it; to take away even just the prospect of a federal contract. If the demands of privacy advocates are limited by myopic concerns of what’s politically possible here and now, all they will have to show for their advocacy will be a false sense of achievement. The problem isn’t, as some imagine it, a state spying without appropriate limits, but the fact that capitalism erases the distinction between public and private, making it so non-state actors gleefully act as the state’s eyes and ears. This isn’t about just Google or the government, but both: the capitalist state. And until we start recognizing that and saying as much, the result of our efforts will be more of the same.

quote:

Snowden geëerd met alternatieve Nobelprijs

quote:

De Amerikaanse klokkenluider Edward Snowden is maandag in Stockholm geëerd met de alternatieve Nobelprijs, de Right Livelihood Award 2014. Snowden, die politiek asiel in Rusland heeft gekregen, was bij de ceremonie niet aanwezig.

quote:

Operation Auroragold

How the NSA Hacks Cellphone Networks Worldwide

quote:

In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages.

For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks.

The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.

According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance.

The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers.

Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.

One high-profile surveillance target is the GSM Association, an influential U.K.-headquartered trade group that works closely with large U.S.-based firms including Microsoft, Facebook, AT&T, and Cisco, and is currently being funded by the U.S. government to develop privacy-enhancing technologies.

Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.

quote:

Witness: German intelligence helped NSA to tap Internet hub

A German parliamentary inquiry has been told that German intelligence fed America's NSA filtered data from an Internet hub in Frankfurt, after clearance from Berlin. The "Eikonal" project ended in 2008.

A witness told a German parliamentary inquiry on Thursday that America's NSA was fed filtered data from an internet exchange point in Frankfurt, after an OK from the Chancellery in Berlin.

The Eikonal project leader within Germany's BND foreign intelligence agency - identified only as S.L. - said the exchange's own operator had legal doubts, but was convinced once confirmation came from the-then chancellery.

Germany's federal intelligence service (BND) delivered filtered information from 2004 until 2008, when the "Americans saw that we could not extract anything more for them," said the witness, who was quoted by Germany's main news agency DPA.

Over that period, Germany was first governed by a center-left coalition headed by Social Democrat Chancellor Gerhard Schröder, and from October 2005 by Chancellor Angela's first grand coalition cabinet.

Anchored in Germany's constitution are strict data privacy laws in reaction to the Hitler dictatorship and Stasi eavesdropping in former communist East Germany.

The project leader said the BND used NSA equipment and know-how to tap the hub's lines, including telephone calls, for data which passed through multiple "cascade" filters and then to a BND/NSA facility at Bad Aibling near Munich.

Several hundred items were eventually forwarded each year to the NSA after checking by staff to make sure data about Germans had been removed

In October, the newspaper Süddeutsche Zeitung in an investigative report said these filters had not worked sufficiently to filter out all data on Germans.

Mass NSA monitoring of mobile phone operators

The website The Intercept claimed on Thursday that papers from the US whistleblower Edward Snowden showed that the NSA spied on hundreds of mobile phone operators.

In an operation codenamed "AURORAGOLD," the NSA kept watch on 1200 email accounts of operators, looking for security weaknesses in their systems, gleaned especially when they exchanged advice on roaming for customers abroad.

During 2012, information was gathered in this way from more than 70 percent of the mobile operators worldwide, The Intercept said, adding the newly known factor was the mass scale of the observation.

Last year, it emerged that the NSA - deciphering the widely used GSM wireless standard - had tapped into one of Merkel's mobile phones.

quote:

Anonymous Releases Video, Claims It Shows Warrantless Wiretapping By Police

quote:

Stingray Warrentless Wiretap by CPD on Activists

quote:

A video released by hacker collective Anonymous purports to show evidence of warrantless wiretapping in Chicago during a #blacklivesmatter protest. According to the video, a vehicle moved through the streets during protests, listening in on conversations.

The video (shared in its entirety below) opens with a scene of President Barack Obama addressing the nation. “Nobody is listening to your telephone calls,” he assures viewers. It goes on to show specific promises and assurances, quotes from the NSA, stating that no one will be subject to wiretapping without a warrant.

quote:

Op donderdag 31 juli 2014 22:02 schreef Papierversnipperaar het volgende:
Oh ja, de CIA en dat rapport over martelen:

[..]

[..]

Het artikel gaat verder.

quote:

House chair warns violence abroad would follow Senate torture report release

quote:

The chairman of the House intelligence committee said on Sunday the release of a Senate report examining the use of torture by the CIA a decade ago will cause violence and deaths abroad.

Representative Mike Rogers, a Michigan Republican, is regularly briefed on intelligence analyses. He told CNN that the US intelligence community had assessed that the release of the report would be used by extremists to incite violence.

The Senate intelligence committee is poised to release the first public accounting of the CIA’s use of torture on al-Qaida detainees held in secret facilities in Europe and Asia in the years after the terrorist attacks of 11 September 2001. It will come in the form of a 480-page executive summary of the 6,200-page report by Democrats on the committee, who spent six years reviewing millions of secret CIA documents.

On Friday, secretary of state John Kerry urged the senator in charge of the report to consider the timing of its release.

quote:

Judge: Give NSA unlimited access to digital data

quote:

The U.S. National Security Agency should have an unlimited ability to collect digital information in the name of protecting the country against terrorism and other threats, an influential federal judge said during a debate on privacy.

“I think privacy is actually overvalued,” Judge Richard Posner, of the U.S. Court of Appeals for the Seventh Circuit, said during a conference about privacy and cybercrime in Washington, D.C., Thursday.

“Much of what passes for the name of privacy is really just trying to conceal the disreputable parts of your conduct,” Posner added. “Privacy is mainly about trying to improve your social and business opportunities by concealing the sorts of bad activities that would cause other people not to want to deal with you.”

Congress should limit the NSA’s use of the data it collects—for example, not giving information about minor crimes to law enforcement agencies—but it shouldn’t limit what information the NSA sweeps up and searches, Posner said. “If the NSA wants to vacuum all the trillions of bits of information that are crawling through the electronic worldwide networks, I think that’s fine,” he said.

In the name of national security, U.S. lawmakers should give the NSA “carte blanche,” Posner added. “Privacy interests should really have very little weight when you’re talking about national security,” he said. “The world is in an extremely turbulent state—very dangerous.”

twitter:

ggreenwald twitterde op maandag 08-12-2014 om 13:41:07 Why isn't Judge Richard Posner putting all his emails and call transcripts online? What warped acts is he hiding?? https://t.co/NQYaml9jzk reageer retweet

quote:

Lone US senator attempts to block bill challenging government secrecy

quote:

New legislation designed to challenge the ingrained secrecy of the US government and open up federal agencies to greater public scrutiny is on the verge of collapse after a single Democratic senator, Jay Rockefeller of West Virginia, effectively blocked its passage.

The Foia Improvement Act of 2014 has cleared all its major procedural hurdles with unanimous support in both the House of Representatives and the Senate judiciary committee. Its overwhelming bipartisan backing has offered a rare glimmer of hope in an otherwise gridlocked Congress.

But unless Rockefeller agrees to drop his last-minute objections to the legislation by the end of Monday, its chances of coming to a vote by the end of this Congress are all but dead. The bill, which has been two years in the making, is backed by more than 70 good governance organisations and is seen as a critical step towards a more open and accountable flow of public information.

quote:

Mass surveillance exposed by Snowden ‘not justified by fight against terrorism’

Report by Nils Mui¸nieks, commissioner for human rights at the Council of Europe, says ‘secret, massive and indiscriminate’ intelligence work is contrary to rule of law

The “secret, massive and indiscriminate” surveillance conducted by intelligence services and disclosed by the former US intelligence contractor Edward Snowden cannot be justified by the fight against terrorism, the most senior human rights official in Europe has warned.

In a direct challenge to the United Kingdom and other states, Nils Mui¸nieks, the commissioner for human rights at the Council of Europe, calls for greater transparency and stronger democratic oversight of the way security agencies monitor the internet. He also said that so-called Five Eyes intelligence-sharing treaty between the UK, US, Australia, New Zealand and Canada should be published.

“Suspicionless mass retention of communications data is fundamentally contrary to the rule of law … and ineffective,” the Latvian official argues in a 120-page report, The Rule of Law on the Internet in the Wider Digital World. “Member states should not resort to it or impose compulsory retention of data by third parties.”

As human rights commissioner, Mui¸nieks has the power to intervene as a third party in cases sent to the European court of human rights (ECHR) in Strasbourg. His report is published the week after the UK’s Investigatory Powers Tribunal (IPT) found that the legal regime governing mass surveillance of the internet by the monitoring agency GCHQ is “human rights compliant”.

In his report, Mui¸nieks wrote: “In connection with the debate on the practices of intelligence and security services prompted by Edward Snowden’s revelations, it is becoming increasingly clear that secret, massive and indiscriminate surveillance programmes are not in conformity with European human rights law and cannot be justified by the fight against terrorism or other important threats to national security. Such interferences can only be accepted if they are strictly necessary and proportionate to a legitimate aim.”

The civil liberties organisations which brought the claim in the IPT case are planning to appeal against the ruling to the ECHR - a case in which the commissioner could participate.

Mui¸nieks told the Guardian: ”I’m interested in weighing in on such cases about surveillance. Surveillance has gone beyond the bounds of the rule of law and democratic oversight needs to be more robust.

“We have seen examples where there’s a clear lack of oversight of security: the first was black sites, torture and rendition; the second was the revelations about mass surveillance. I want to influence the working of the court and its thinking.

“These recommendations [in the report] are my interpretation of basic human rights principles. The court often refers to my work in their judgments. There’s no substantial case law in internet-related issues so far.

“The UK is a country we are watching closely on these issues. It has a huge influence on whether or not the rule of law will prevail in the digital environment. All of these data sharing agreements should be as transparent as possible so we can assess the extent to which they are abiding by the law. Our right to privacy has been compromised on a regular basis and on a mass scale. I find that very worrying.”

Mui¸nieks said he expects to visit the UK next year and examine the UK’s record on surveillance. Asked about the IPT ruling, he commented: “I would note that very few complaints to this tribunal have been upheld in the last few years which raises many questions for me.”

He supported calls for publication of the so-called Five Eyes treaty that authorises intelligence sharing between the UK, US, Australia, Canada and New Zealand as a contribution to greater transparency. A case requesting its release has already been lodged at the ECHR.

His report contained a number of recommendations including:

• No states … European or otherwise, should access data stored in another country without the express consent of the other country or countries involved unless there is a clear, explicit and sufficiently circumscribed legal basis in international law for such access.

• Member states should ensure that their law-enforcement agencies do not obtain data from servers and infrastructure in another country under informal arrangements.

• [Countries] should stop relying on private companies that control the internet and the wider digital environment to impose restrictions that are in violation of the state’s human rights obligations.

• The activities of national security and intelligence agencies [should be brought within] an overarching legal framework. Until there is increased transparency on the rules under which these services operate their activities cannot be assumed to be in accordance with the rule of law.

• States should ensure that effective democratic oversight over national security services is in place. For effective democratic oversight, a culture of respect for human rights and the rule of law should be promoted, in particular among security service officers.

The Council of Europe, which has 47 member states including the UK, Russia and Turkey, is the body that oversees the European court of human rights in Strasbourg.

quote:

Philip Hammond ‘confused’ about extent of UK surveillance powers

Foreign secretary accused by campaigners of not understanding warrants he has been signing into force

Philip Hammond has been criticised for not understanding the legislation surrounding government powers to sweep up and analyse huge volumes of electronic communications such as email.

Eric King, from rights group Privacy International, said the foreign secretary appeared “confused” while giving evidence to parliament’s intelligence and security committee. The committee is reviewing the need for new legislation to regulate the UK’s electronic espionage agency, GCHQ, in light of revelations on bulk data collection by Edward Snowden, a former contractor for US intelligence.

The accusation follows a judgment on Friday that ruled the Tempora programme, for which Hammond signed the warrants, was legal, despite widespread concern from human rights groups.

“It is clear that he [Hammond] is unfortunately confused about the effect of the warrants he is signing into force, how they deal with British communications and the difference between so-called internal communications and external communications,” said King. “This is one of the huge problems with having ministers sign warrants.”

Campaigners say that in testimony to the intelligence and security committee in October, Hammond appeared not to understand the details of how the warrants he was signing worked – including whether or not they allowed the interception of communications of UK residents.

During the session, Hammond – who oversees the work of GCHQ and the foreign intelligence agency MI6 – initially appeared to say that any email exchange in which either the sender or recipient was based in the UK was treated as an internal communication and therefore any government agency wanting to access it was subject to stricter controls under the Regulation of Investigatory Powers Act (Ripa).

Later he said that if either sender or recipient were outside the UK it was an external communication and therefore subject to a different warrant, which allows the foreign secretary to authorise much broader examination by the intelligence agencies than is the case with UK-based communications.

King queried the detail of Hammond’s evidence: “If you listened to him on what Ripa does, it seems the article 8, section 4 warrants don’t ever collect UK communications and instead are exclusively for foreign to foreign communications. However, that is false on two grounds: article 8, section 4 warrants, while targeting external communications, expressly include UK to foreign, or foreign to UK and as such UK communications routinely get swept up as part of them,” he said.

“Secondly, the idea you need a more targeted article 8, section 1 warrant to intercept information about someone in the UK has not been true for a long time, and plainly wrong in the face of GCHQ programs like Tempora that are automatically intercepting, filtering and analysing a huge number of our communications on a daily basis.”

The issue of what can be intercepted under such “one-end foreign” warrants is a complicated one in the online era. If, for example, two people living in the UK send each other an email using Gmail, that may clearly seem to be a domestic communication which would need an individual warrant. However, if the intelligence services define it as each person communicating with Google’s servers in Ireland, the communication can be defined as one-end foreign, and mass-intercepted.

Privacy and civil rights groups have argued that, in light of the Snowden revelations, all electronic surveillance warrants should go before a judge to ensure the huge power available to government as a result of modern surveillance technology should be subject to some form of judicial constraint.

King said: “Hammond’s clear confusion is the predictable outcome of a legal framework that depends upon secret interpretations and that obscures the reality of the powers it grants. The fact that those signing the Ripa warrants do not understand how it works underlines the need for a new law governing surveillance powers, a law which provides for a judicial process to ensure these warrants are being issued lawfully, with proper consideration and due understanding.”

During the session, Hammond said judges would assess surveillance warrant requests primarily from a legal standpoint and that only an elected official could properly apply political judgment on the necessity and proportionality of an eavesdropping operation.

A spokesman for the Foreign Office said: “The UK has one of the strongest legal and regulatory frameworks in the world for intelligence. Legislation around the use of warrants is naturally a technical area. That is why the foreign secretary went to great lengths to explain their use to the committee.”

quote:

Operation Socialist

The Inside Story of How British Spies Hacked Belgium’s Largest Telco

quote:

When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies.

It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data.

Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”

The full story about GCHQ’s infiltration of Belgacom, however, has never been told. Key details about the attack have remained shrouded in mystery—and the scope of the attack unclear.

Now, in partnership with Dutch and Belgian newspapers NRC Handelsblad and De Standaard, The Intercept has pieced together the first full reconstruction of events that took place before, during, and after the secret GCHQ hacking operation.

Based on new documents from the Snowden archive and interviews with sources familiar with the malware investigation at Belgacom’s networks, The Intercept and its partners have established that the attack on Belgacom was more aggressive and far-reaching than previously thought. It occurred in stages between 2010 and 2011, each time penetrating deeper into Belgacom’s systems, eventually compromising the very core of the company’s networks.

quote:

Sophia in ‘t Veld, a Dutch politician who chaired the European Parliament’s recent inquiry into mass surveillance exposed by Snowden, told The Intercept that she believes the British government should face sanctions if the latest disclosures are proven.

“Compensating Belgacom should be the very least it should do,” int’ Veld said. “But I am more concerned about accountability for breaking the law, violating fundamental rights, and eroding our democratic systems.”

quote:

Last month, The Intercept confirmed Regin as the malware found on Belgacom’s systems during the clean-up operation.

The spy bug was described by security researchers as one of the most sophisticated pieces of malware ever discovered, and was found to have been targeting a host of telecommunications networks, governments, and research organizations, in countries such as Germany, Iran, Brazil, Russia, and Syria, as well as Belgium.

GCHQ has refused to comment on Regin, as has the NSA, and Belgacom. But Snowden documents contain strong evidence, which has not been reported before, that directly links British spies to the malware.

Aside from showing extensive details about how the British spies infiltrated the company and planted malware to successfully steal data, GCHQ documents in the Snowden archive contain codenames that also appear in samples of the Regin malware found on Belgacom’s systems, such as “Legspin” and “Hopscotch.”

One GCHQ document about the use of hacking methods references the use of “Legspin” to exploit computers. Another document describes “Hopscotch” as part of a system GCHQ uses to analyze data collected through surveillance.

Ronald Prins, director of the computer security company Fox-IT, has studied the malware, and played a key role in the analysis of Belgacom’s infected networks.

“Documents from Snowden and what I’ve seen from the malware can only lead to one conclusion,” Prins told The Intercept. “This was used by GCHQ.”

quote:

A Journalist-Agitator Facing Prison Over a Link

Barrett Brown makes for a pretty complicated victim. A Dallas-based journalist obsessed with the government’s ties to private security firms, Mr. Brown has been in jail for a year, facing charges that carry a combined penalty of more than 100 years in prison.

Professionally, his career embodies many of the conflicts and contradictions of journalism in the digital era. He has written for The Guardian, Vanity Fair and The Huffington Post, but as with so many of his peers, the line between his journalism and his activism is nonexistent. He has served in the past as a spokesman of sorts for Anonymous, the hacker collective, although some members of the group did not always appreciate his work on its behalf.

In 2007, he co-wrote a well-received book, “Flock of Dodos: Behind Modern Creationism, Intelligent Design and the Easter Bunny,” and over time, he has developed an expertise in the growing alliance between large security firms and the government, arguing that the relationship came at a high cost to privacy.

From all accounts, including his own, Mr. Brown, now 32, is a real piece of work. He was known to call some of his subjects on the phone and harass them. He has been public about his struggles with heroin and tends to see conspiracies everywhere he turns. Oh, and he also threatened an F.B.I. agent and his family by name, on a video, and put it on YouTube, so there’s that.

But that’s not the primary reason Mr. Brown is facing the rest of his life in prison. In 2010, he formed an online collective named Project PM with a mission of investigating documents unearthed by Anonymous and others. If Anonymous and groups like it were the wrecking crew, Mr. Brown and his allies were the people who assembled the pieces of the rubble into meaningful insights.

Project PM first looked at the documents spilled by the hack of HBGary Federal, a security firm, in February 2011 and uncovered a remarkable campaign of coordinated disinformation against advocacy groups, which Mr. Brown wrote about in The Guardian, among other places.

Peter Ludlow, a professor of philosophy at Northwestern and a fan of Mr. Brown’s work, wrote in The Huffington Post that, “Project PM under Brown’s leadership began to slowly untangle the web of connections between the U.S. government, corporations, lobbyists and a shadowy group of private military and infosecurity consultants.”

In December 2011, approximately five million e-mails from Stratfor Global Intelligence, an intelligence contractor, were hacked by Anonymous and posted on WikiLeaks. The files contained revelations about close and perhaps inappropriate ties between government security agencies and private contractors. In a chat room for Project PM, Mr. Brown posted a link to it.

Among the millions of Stratfor files were data containing credit cards and security codes, part of the vast trove of internal company documents. The credit card data was of no interest or use to Mr. Brown, but it was of great interest to the government. In December 2012 he was charged with 12 counts related to identity theft. Over all he faces 17 charges — including three related to the purported threat of the F.B.I. officer and two obstruction of justice counts — that carry a possible sentence of 105 years, and he awaits trial in a jail in Mansfield, Tex.

According to one of the indictments, by linking to the files, Mr. Brown “provided access to data stolen from company Stratfor Global Intelligence to include in excess of 5,000 credit card account numbers, the card holders’ identification information, and the authentication features for the credit cards.”

Because Mr. Brown has been closely aligned with Anonymous and various other online groups, some of whom view sowing mayhem as very much a part of their work, his version of journalism is tougher to pin down and, sometimes, tougher to defend.

But keep in mind that no one has accused Mr. Brown of playing a role in the actual stealing of the data, only of posting a link to the trove of documents.

Journalists from other news organizations link to stolen information frequently. Just last week, The New York Times, The Guardian and ProPublica collaborated on a significant article about the National Security Agency’s effort to defeat encryption technologies. The article was based on, and linked to, documents that were stolen by Edward J. Snowden, a private contractor working for the government who this summer leaked millions of pages of documents to the reporter Glenn Greenwald and The Guardian along with Barton Gellman of The Washington Post.

By trying to criminalize linking, the federal authorities in the Northern District of Texas — Mr. Brown lives in Dallas — are suggesting that to share information online is the same as possessing it or even stealing it. In the news release announcing the indictment, the United States attorney’s office explained, “By transferring and posting the hyperlink, Brown caused the data to be made available to other persons online, without the knowledge and authorization of Stratfor and the card holders.”

And the magnitude of the charges is confounding. Jeremy Hammond, a Chicago man who pleaded guilty to participating in the actual hacking of Stratfor in the first place, is facing a sentence of 10 years.

Last week, Mr. Brown and his lawyers agreed to an order that allows him to continue to work on articles, but not say anything about his case that is not in the public record.

Speaking by phone on Thursday, Charles Swift, one of his lawyers, spoke carefully.

“Mr. Brown is presumed innocent of the charges against him and in support of the presumption, the defense anticipates challenging both the legal assumptions and the facts that underlie the charges against him,” he said.

Others who are not subject to the order say the aggressive set of charges suggests the government is trying to send a message beyond the specifics of the case.

“The big reason this matters is that he transferred a link, something all of us do every single day, and ended up being charged for it,” said Jennifer Lynch, a staff lawyer at the Electronic Frontier Foundation, an advocacy group that presses for Internet freedom and privacy. “I think that this administration is trying to prosecute the release of information in any way it can.”

There are other wrinkles in the case. When the F.B.I. tried to serve a warrant on Mr. Brown in March 2012, he was at his mother’s house. The F.B.I. said that his mother tried to conceal his laptop and it charged her with obstruction of justice. (She pleaded guilty in March of this year and is awaiting sentencing.)

The action against his mother enraged Mr. Brown and in September 2012 he made a rambling series of posts to YouTube in which he said he was in withdrawal from heroin addiction. He proceeded to threaten an F.B.I. agent involved in the arrest, saying, “I don’t say I’m going to kill him, but I am going to ruin his life and look into his (expletive) kids ... How do you like them apples?”

The feds did not like them apples. After he was arrested, a judge ruled he was “a danger to the safety of the community and a risk of flight.” In the video, Mr. Brown looks more like a strung-out heroin addict than a threat to anyone, but threats are threats, especially when made against the F.B.I.

“The YouTube video was a mistake, a big one,” said Gregg Housh, a friend of Mr. Brown’s who first introduced him to the activities of Anonymous. “But it is important to remember that the majority of the 105 years he faces are the result of linking to a file. He did not and has not hacked anything, and the link he posted has been posted by many, many other news organizations.”

At a time of high government secrecy with increasing amounts of information deemed classified, other routes to the truth have emerged, many of them digital. News organizations in receipt of leaked documents are increasingly confronting tough decisions about what to publish, and are defending their practices in court and in the court of public opinion, not to mention before an administration determined to aggressively prosecute leakers.

In public statements since his arrest, Mr. Brown has acknowledged that he made some bad choices. But punishment needs to fit the crime and in this instance, much of what has Mr. Brown staring at a century behind bars seems on the right side of the law, beginning with the First Amendment of the Constitution.

quote:

Techbedrijven sluiten monsterverbond in privacyrechtszaak VS

De Amerikaanse softwaregigant Microsoft eist met machtige bondgenoten als Apple, Amazon en Cisco dat de Amerikaanse overheid geen toegang krijgt tot e-mails van Europese klanten van het bedrijf. De technologiebedrijven hebben het gerechtshof in New York verzocht om de gegevens uit de handen van de Amerikaanse regering te houden.

Ook bekende nieuwsaanbieders als Fox News, CNN en de The Washington Post hebben hun steun voor Microsoft uitgesproken. De softwaregigant heeft inmiddels meer dan twintig grote bedrijven aan zijn zijde, bericht persbureau Reuters.

De rechtszaak in New York gaat over de vraag of Microsoft de Amerikaanse overheid toegang moet verlenen tot e-mails van een aantal Europese klanten, die op servers in Ierland zijn opgeslagen. De regering eist toegang tot de e-mails omdat ze informatie zouden opleveren voor een drugszaak. Microsoft weigert dit. In Ierland opgeslagen gegevens vallen onder Europese wetgeving, aldus het bedrijf, en die data kunnen alleen worden bemachtigd met tussenkomst van de lokale autoriteiten.

De Amerikaanse overheid vindt een dergelijke tussenkomst niet nodig, omdat Microsoft-werknemers in Amerika de gegevens zo kunnen opvragen zonder daarvoor naar Ierland te hoeven. Een lagere rechtbank heeft de regering eerder dit jaar in het gelijk gesteld, waarna Microsoft bij het hof in beroep is gegaan.

Weglopende klanten

Voor Microsoft en andere techbedrijven is hun winstgevendheid in het geding. Sinds de onthullingen van klokkenluider Edward Snowden maken meer mensen zich zorgen over de bescherming van hun gegevens. Zowel private als zakelijke klanten van Microsoft en Apple zouden weleens kunnen weglopen als ze weten dat de Amerikaanse overheid hun bestanden zomaar kan inzien.

Grote ict-bedrijven bieden steeds meer clouddiensten aan waarbij niet alleen e-mails maar ook foto's en andere bestanden op bedrijfsservers worden opgeslagen. Ook tot deze gegevens kan de Amerikaanse regering toegang eisen.

De mediabedrijven die Microsoft steunen zijn vooral bang dat de nieuwsgierigheid van de regering de nieuwsgaring in gevaar brengt. Bronnen zullen zich wel twee keer achter de oren krabben voordat ze informatie door durven te spelen, zo is de gedachte, als ze weten dat de overheid bij alle e-mails van de journalisten kan.

quote:

Snowden bekritiseert nieuwe Nederlandse wet

quote:

De Amerikaanse klokkenluider Edward Snowden heeft vanuit Moskou een gloedvol pleidooi gehouden tegen de uitbreiding van surveillancebevoegdheden van de Nederlandse veiligheidsdiensten. Hij deed dat middels een videoverbinding tijdens de uitreiking van de Big Brother Awards in de Amsterdamse Stadsschouwburg.

quote:

ACLU accuses NSA of using holiday lull to ‘minimise impact’ of documents

Released on Christmas Eve, the documents are heavily redacted versions of reports by the NSA to the President’s Intelligence Oversight Board

The National Security Agency used the holiday lull to “minimise the impact” of a tranche of documents by releasing them on Christmas Eve, the American Civil Liberties Union (ACLU) said on Friday.

The documents, which were released in response to a legal challenge by the ACLU under the Freedom of Information Act, are heavily – in some places totally –redacted versions of reports by the NSA to the President’s Intelligence Oversight Board dating back to 2007.

A court ordered the documents released this past summer, and a 22 December deadline for that release was agreed upon, according to Patrick Toomey, a staff attorney at the ACLU’s national security project, because the NSA said it needed “six or seven months” to complete its review and redaction process.

A spokesperson for the NSA said that the 22 December deadline, “which was agreed to by all parties,” was met.

But according to Toomey, the ACLU didn’t receive the documents until “late in the day on the 23rd” – the NSA sent them by FedEx late on the 22nd – and the NSA didn’t publicly release them until Christmas Eve. “I certainly think the NSA would prefer to have the documents released right ahead of the holidays in order to have less public attention on what they contain,” Toomey said.

The redactions on the document are extreme, and their omissions tantalising. One entry, from the 4th quarter of 2008, reads: “On [redacted] [redacted] used the US SIGINT System (USSS) to locate [redacted] believed to be kidnapped [redacted] The selectors were tasked before authorization was obtained from NSA. After the NSA Office of General Counsel (OGC) denied the authorization request, [redacted] was found. He had not been kidnapped.”

Another reads: “On [redacted] during an experimental collection and processing effort, NSA analysts collected [several lines of text redacted.] The messages were deleted [redacted] when the error was identified.”

Many entries are erased entirely, which means the documents reveal very little about how individuals who misuse the data were disciplined by the NSA, or how quickly errors were resolved.

But, according to Toomey, they speak to a total picture of a “large number of different compliance violations. We don’t know how many.”

He said the documents deepen the picture of the nature and extent of compliance violations by analysts working for the NSA.

“There are certain portions of the documents that really vindicate some of the things [Edward] Snowden said when he first described the NSA surveillance in terms of the ability of analysts to conduct queries – without authorisation – of raw internet traffic,” Toomey said.

Among the items redacted are sections detailing the total number of violations reported, with many ending up like this entry from 2013 “On [redacted] occasions during the fourth quarter, selectors were incorrectly tasked because of typographical errors.”

This makes the scale of the problem difficult to gauge. Toomey said the ACLU would continue to sue for the release of those numbers.

“More generally,” Toomey said, “just the range of different compliance violations makes it clear that at every step of the NSA’s collection of information there are vulnerabilities that leave the privacy of Americans at risk.”

A spokesperson for the NSA declined to answer the question of why Christmas Eve was chosen as a release date. A statement on the agency’s website which accompanied the documents’ release said: “These materials show, over a sustained period of time, the depth and rigor of NSA’s commitment to compliance.”

“By emphasizing accountability across all levels of the enterprise, and transparently reporting errors and violations to outside oversight authorities,” the statement concluded, “NSA protects privacy and civil liberties while safeguarding the nation and our allies.”

quote:

How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID

quote:

The online anonymity network Tor is a high-priority target for the National Security Agency. The work of attacking Tor is done by the NSA's application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world.

According to a top-secret NSA presentation provided by the whistleblower Edward Snowden, one successful technique the NSA has developed involves exploiting the Tor browser bundle, a collection of programs designed to make it easy for people to install and use the software. The trick identifies Tor users on the Internet and then executes an attack against their Firefox web browser.

The NSA refers to these capabilities as CNE, or computer network exploitation.

The first step of this process is finding Tor users. To accomplish this, the NSA relies on its vast capability to monitor large parts of the Internet. This is done via the agency's partnership with US telecoms firms under programs codenamed Stormbrew, Fairview, Oakstar and Blarney.

The NSA creates "fingerprints" that detect HTTP requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool that NSA boasts allows its analysts to see "almost everything" a target does on the Internet.

Using powerful data analysis tools with codenames such as Turbulence, Turmoil and Tumult, the NSA automatically sifts through the enormous amount of Internet traffic that it sees, looking for Tor connections.

Last month, Brazilian TV news show Fantastico showed screenshots of an NSA tool that had the ability to identify Tor users by monitoring Internet traffic.

The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other web users. On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.

After identifying an individual Tor user on the Internet, the NSA uses its network of secret Internet servers to redirect those users to another set of secret Internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems.

Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term, and continues to provide eavesdropping information back to the NSA.

quote:

David Cameron seeks cooperation of US president over encryption crackdown

quote:

David Cameron is to urge Barack Obama to pressure internet firms such as Twitter and Facebook to do more to cooperate with Britain’s intelligence agencies as they seek to track the online activities of Islamist extremists.

As he becomes the first European leader to meet the president after the multiple shootings in Paris last week, the prime minister will seek to win Obama’s support for his plans to secure a new legal framework to deny terrorists a “safe space”.

The prime minister arrives after he proposed earlier this week that British intelligence agencies have the power to break the encrypted communications of suspected terrorists and insisting that the likes of Twitter and Facebook do more to cooperate with Britain’s GCHQ eavesdropping centre.

Cameron will demand that US internet companies store – and then be prepared to hand over – data and content needed by the intelligence agencies “to keep us safe” when he meets the president for talks in the Oval Office on Friday morning.

A government source said: “The prime minister’s objective here is to get the US companies to cooperate with us more, to make sure that our intelligence agencies get the information they need to keep us safe. That will be his approach in the discussion with President Obama – how can we work together to get them to cooperate more, what is the best approach to encourage them to do more.”

quote:

Theresa May: police need greater access to communications data - video

quote:

Theresa May says UK police and intelligence agencies should have greater access to communications data in order to locate terror suspects. The home secretary criticises her coalition colleagues for blocking the communications data bill in 2012. She says the counter-terrorist investigation in Paris following the massacre at Charlie Hebdo likely involved the use of communications data

quote:

Secret US cybersecurity report: encryption vital to protect private data

Newly uncovered Snowden document contrasts with British PM’s vow to crack down on encrypted messaging after Paris attacks

A secret US cybersecurity report warned that government and private computers were being left vulnerable to online attacks from Russia, China and criminal gangs because encryption technologies were not being implemented fast enough.

The advice, in a newly uncovered five-year forecast written in 2009, contrasts with the pledge made by David Cameron this week to crack down on encryption use by technology companies.

In the wake of the Paris terror attacks, the prime minister said on Monday there should be “no means of communication” that British authorities could not access. Cameron will use his visit to the US, which started on Thursday , to urge Barack Obama to apply more pressure to tech giants, such as Apple, Google and Facebook, who have been expanding encrypted messaging for their millions of users since the revelations of mass NSA surveillance by the whistleblower Edward Snowden.

The document from the US National Intelligence Council, which reports directly to the US director of national intelligence, made clear that encryption was the “best defence” for computer users to protect private data.

Part of the cache given to the Guardian by Snowden, the paper was published in 2009 and gives a five-year forecast on the “global cyber threat to the US information infrastructure”. It covers communications, commercial and financial networks, and government and critical infrastructure systems. It was shared with GCHQ and made available to the agency’s staff through its intranet.

One of the biggest issues in protecting businesses and citizens from espionage, sabotage and crime – hacking attacks are estimated to cost the global economy up to $400bn a year – was a clear imbalance between the development of offensive versus defensive capabilities, “due to the slower than expected adoption … of encryption and other technologies”, it said.

An unclassified table accompanying the report states that encryption is the “[b]est defense to protect data”, especially if made particularly strong through “multi-factor authentication” – similar to two-step verification used by Google and others for email – or biometrics. These measures remain all but impossible to crack, even for GCHQ and the NSA.

The report warned: “Almost all current and potential adversaries – nations, criminal groups, terrorists, and individual hackers – now have the capability to exploit, and in some cases attack, unclassified access-controlled US and allied information systems.”

It further noted that the “scale of detected compromises indicates organisations should assume that any controlled but unclassified networks of intelligence, operational or commercial value directly accessible from the internet are already potentially compromised by foreign adversaries”.

The primary adversaries included Russia, whose “robust” operations teams had “proven access and tradecraft”, it said. By 2009, China was “the most active foreign sponsor of computer network intrusion activity discovered against US networks”, but lacked the sophistication or range of capabilities of Russia. “Cyber criminals” were another of the major threats, having “capabilities significantly beyond those of all but a few nation states”.

The report had some cause for optimism, especially in the light of Google and other US tech giants having in the months prior greatly increased their use of encryption efforts. “We assess with high confidence that security best practices applied to target networks would prevent the vast majority of intrusions,” it concluded.

Official UK government security advice still recommends encryption among a range of other tools for effective network and information defence. However, end-to-end encryption – which means only the two people communicating with each other, and not the company carrying the message, can decode it – is problematic for intelligence agencies as it makes even warranted collection considerably more difficult.

The latest versions of Apple and Google’s mobile operating systems are encrypted by default, while other popular messaging services, such as WhatsApp and Snapchat, also use encryption. This has prompted calls for action against such strong encryption from ministers and officials.

Speaking on Monday, Cameron asked: “In our country, do we want to allow a means of communication between people which we cannot read?”

The previous week, a day after the attack on the Charlie Hebdo office in Paris, the MI5 chief, Andrew Parker, called for new powers and warned that new technologies were making it harder to track extremists.

In November, the head of GCHQ, Robert Hannigan, said US social media giants had become the “networks of choice” for terrorists.

Chris Soghoian, principal senior policy analyst at the American Civil Liberties Union, said attempts by the British government to force US companies to weaken encryption faced many hurdles.

“The trouble is these services are already being used by hundreds of millions of people. I guess you could try to force tech companies to be less secure but then they would be less secure against attacks for anyone,” he said. “I guess they could ban the iPhone or say you can’t use Google’s services in the UK but that wouldn’t go down well.”

GCHQ and the NSA are responsible for cybersecurity in the UK and US respectively. This includes working with technology companies to audit software and hardware for use by governments and critical infrastructure sectors.

Such audits uncover numerous vulnerabilities which are then shared privately with technology companies to fix issues that could otherwise have caused serious damage to users and networks. However, both agencies also have intelligence-gathering responsibilities under which they exploit vulnerabilities in technology to monitor targets. As a result of these dual missions, they are faced with weighing up whether to exploit or fix a vulnerability when a product is used both by targets and innocent users.

The Guardian, New York Times and ProPublica have previously reported the intelligence agencies’ broad efforts to undermine encryption and exploit rather than reveal vulnerabilities. This prompted Obama’s NSA review panel to warn that the agency’s conflicting missions caused problems, and so recommend that its cyber-security responsibilities be removed to prevent future issues.

Another newly discovered document shows GCHQ acting in a similarly conflicted manner, despite the agencies’ private acknowledgement that encryption is an essential part of protecting citizens against cyber-attacks.

The 2008 memo was addressed to the then foreign secretary, David Miliband, and classified with one of the UK’s very highest restrictive markings: “TOP SECRET STRAP 2 EYES ONLY”. It is unclear why such a document was posted to the agency’s intranet, which is available to all agency staff, NSA workers, and even outside contractors.

The memo requested a renewal of the legal warrant allowing GCHQ to “modify” commercial software in violation of licensing agreements. The document cites examples of software the agency had hacked, including commonly used software to run web forums, and website administration tools. Such software are widely used by companies and individuals around the world.

The document also said the agency had developed “capability against Cisco routers”, which would “allow us to re-route selected traffic across international links towards GCHQ’s passive collection systems”.

GCHQ had also been working to “exploit” the anti-virus software Kaspersky, the document said. The report contained no information on the nature of the vulnerabilities found by the agency.

Security experts regularly say that keeping software up to date and being aware of vulnerabilities is vital for businesses to protect themselves and their customers from being hacked. Failing to fix vulnerabilities leaves open the risk that other governments or criminal hackers will find the same security gaps and exploit them to damage systems or steal data, raising questions about whether GCHQ and the NSA neglected their duty to protect internet systems in their quest for more intelligence.

A GCHQ spokesman said: “It is long-standing policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the parliamentary intelligence and security committee.

“All our operational processes rigorously support this position. In addition, the UK’s interception regime is entirely compatible with the European convention on human rights.”

quote:

'Britse inlichtingendienst onderschept e-mails journalisten'

De Britse inlichtingendienst GCHQ heeft e-mails van journalisten bij belangrijke internationale media onderschept, bewaard en gepubliceerd.

Dat meldt The Guardian op basis van nieuwe documenten van klokkenluider Edward Snowden. De e-mails werden onderschept als onderdeel van een "testoefening" en op het intranet van de GCHQ geplaatst.

De GCHQ onderschepte e-mails van journalisten van onder andere de BBC, Reuters, The Guardian, The New York Times, Le Monde, The Sun, NBC en de Washington Post. De e-mails variëren van persberichten aan media tot onderlinge communicatie tussen journalisten over potentiële verhalen.

Volgens de documenten onderschepte de Britse geheime dienst op een dag in november van 2008 binnen 10 minuten zo'n 70.000 e-mails van journalisten. Dit lukte de GCHQ door het aftappen van de de onderzeese glasvezelkabels.

Ook worden onderzoeksjournalisten als "een bedreiging" voor de geheime diensten gezien, samen met terroristen en hackers, zo blijkt uit de documenten.

Cameron

Meer dan honderd journalisten, waaronder velen van de internationale media die door de GCHQ zijn afgetapt, hebben een open brief aan de Britse premier David Cameron gestuurd. In deze brief protesteren journalisten tegen het afluisteren van hun communicatie.

Na de aanslagen in Parijs wil Cameron het bij wet mogelijk maken om communicatie die niet door de Britse inlichtingendiensten kan worden uitgelezen aan banden te leggen. Volgens de journalisten gaat dit tegen de persvrijheid in.

quote:

Edward Snowden: AIVD en MIVD lopen aan de leiband NSA

Nederlandse inlichtingendiensten AIVD en MIVD lopen aan de leiband van de Amerikaanse NSA. Ze zijn 'uitermate volgzaam' en worden als 'ondergeschikten' gezien. Dat vertelt Edward Snowden, die voor zowel de Amerikaanse inlichtingendienst NSA als voor de CIA werkte, in een interview met de Volkskrant en Nieuwsuur.

Snowden: 'De Nederlanders werken voor de Amerikanen. Ze doen wat wij ze vertellen wat ze moeten doen. Ze worden niet gewaardeerd vanwege hun capaciteiten, maar vanwege de vrije doorgang die ze bieden. Daarvoor gebruikt de NSA ze.'

Morgen verschijnt in de Volkskrant en op Volkskrant.nl een uitgebreid interview met Edward Snowden, die in 2013 tienduizenden staatsgeheimen openbaarde van de Amerikaanse inlichtingendienst NSA en momenteel in Moskou verblijft.

Nieuwsuur zal vanavond de beelden uitzenden. Edward Snowden spreekt onder meer over de nieuwe Nederlandse inlichtingenwet, de roep om nieuwe afluisterbevoegdheden na de aanslagen in Parijs en zijn persoonlijke situatie in Moskou.

quote:

UN needs agency for data protection, European commissioner tells Davos

Edward Snowden’s revelations about digital monitoring have pushed data security high up the agenda at Davos this year

A new UN agency for data protection and data security is needed to protect the confidential and personal information of citizens around the world, the European commissioner for digital economy told delegates at the World Economic Forum on Thursday.

Günther Oettinger said the recent Sony hack, which exposed swaths of confidential and personal information, had shown Europe the need to radically reshape the way data is used.

“We are in a digital revolution, and we need a data revolution in parallel,” Oettinger said in a panel alongside Sir Tim Berners Lee, the inventor of the world wide web, and Yahoo’s boss, Marissa Mayer. He said the stream of revelations following Sony’s data breach had shown that Brussels must take a lead in restoring trust in tech companies.

Edward Snowden’s revelations about the extent to which government agencies have been intercepting their citizens’ digital communications have pushed data security high up the agenda at Davos this year.

Mayer told Davos that Yahoo had immediately changed the way it handled and encrypted data when the Snowden revelations came to light. Asked how Yahoo would handle a request for data access from an oppressive regime, she replied: “What we have seen from the Snowden allegations is that whether they’re coming through the official channels or not to access the data, they’re accessing the data.”

Berners-Lee said that the battle between privacy and security should not be a pendulum, swinging between giving agencies yet more or less access to data. At the moment, he warned, there is no way of testing what someone does with data if granted permission to obtain it through the courts.

“I want to break out of that pendulum,” he said. “So let’s go down the way of accountability, so we can say yes, you can have the data, but I’m going to talk to the people who are overseeing you about how you use it.”

Berners-Lee told delegates that the tech industry needed to pay more attention to whether its actions were actually good for users. He cited the example of applications that sprung up to let iPhone users turn on the flashlight. Many would then immediately request access to other applications to access data.

“Their whole model is to steal data, and build models, and not help you at all,” Berners-Lee said. But the man who created the first protocols that underpin the web more than 25 years ago warned that a new architecture would be needed to guarantee privacy.

Oettinger said the first priority was to ensure that companies and organisations in Europe were properly transparent, before then pushing on for a credible global common understanding on the issue. “We need a UN agency for data protection and data security,” he declared.

Oettinger outlined a two-pronged approach, where governments implement clear, pragmatic regulation, and the technology industry designs products that actually guarantee users’ privacy.

Michael Fries, the president and CEO of cable giant Liberty Global, questioned Oettinger’s vision for a new global deal on data.

“It is not possible in the near term. I think it’s going to take several years,” Fries warned.

Bosses of technology companies also asserted that there was a social good for technology. Sheryl Sandberg, the boss of Facebook, said technology “gives voice to someone who has traditionally not had that”. She said giving women access to technology in developing countries was more beneficial than men as they passed the knowledge on to their children.

“Women will not have the same opportunity to participate as men, it takes an active and different role than we’ve had before,” she said to applause. But, she said the only way to make access available was to make it cheaper. “Sixty percent of the internet today is not in English,” she said, which showed that it lacked diversity.

Eric Schmidt, the chief executive of Google, said improving broadband, and making it more accessible, would solve “almost all of the problems we face”.

quote:

'Encryptie dwingt spionnen tot moreel onethisch gedrag'

Wanneer meer mensen hun berichten gaan versleutelen om afluisteraars en meelezers te dwarsbomen dwingt dat inlichtingendiensten in een 'moreel slechtere positie', zo zei een voormalig topman van de Britse spionagedienst GCHQ deze week.

Het is een opmerkelijk argument om het gebruik van encryptie terug te dringen. De redenering is vergelijkbaar met de waarschuwing dat inbrekers meer schade aanrichten als je de deur op slot doet.

En met de formulering dat spionnen zich straks wellicht slechter gaan gedragen erkende Sir David Omand, baas van de GCHQ in de jaren negentig, impliciet dat spionnen zich nu ook al slecht gedragen.

Encryptie

Encryptie is het belangrijkste middel om veilig berichten te versturen of veilig gesprekken te voeren. Letters en geluiden worden digitaal verhaspeld tot een onbegrijpelijke brij van tekens, die alleen met een speciale sleutel door de ontvanger te ontcijferen is. Vroeger was deze geheimtaal vooral iets voor militairen, maar sinds de onthullingen van Edward Snowden hebben ook bedrijven en burgers er veel belangstelling voor.

Whatsapp werkt ermee, Google en Apple werken ermee (zelf kunnen ze wel gewoon blijven meekijken), en er zijn handige programmaatjes waarmee iedereen zijn e-mail kan versleutelen. Ook nieuwe mobieltjes zoals de Blackphone gebruiken standaard encryptie.

Last

Eind vorig jaar bleek uit documenten van Edward Snowden dat de NSA en GCHQ veel last hebben van encryptie. Het populaire PGP (pretty good privacy), dat bijvoorbeeld gebruikt wordt om e-mail te versleutelen, hadden ze in elk geval twee jaar geleden nog niet gekraakt.

De 'oplossing' voor geheime diensten is om dan niet meer de communicatie te onderscheppen, maar de 'endpoints', de computers en telefoons te hacken van waaruit de berichten worden verstuurd.

Ouderwetse surveillance

'De inlichtingendiensten zullen het niet opgeven', zei Omand tijdens een debat bij de London School of Economics. 'Nu zullen ze dichter bij de slechteriken moeten zien te komen.'

Dat betekent enerzijds meer ouderwetse surveillance, zoals het schaduwen en afluisteren van huiskamers. Anderzijds betekent het ook meer zogeheten computer network exploitation: het binnendringen in de apparaten van de doelwitten. De NSA heeft al toegang tot zeker 50 duizend netwerken, bleek eind 2013 uit documenten van Snowden.

'Je kunt zeggen dat we dan gerichter zullen gaan werken, maar in termen van privacy - we zullen meer nevenschade aanrichten - zullen we waarschijnlijk in een moreel slechtere positie eindigen dan eerst.'

quote:

Mass surveillance is fundamental threat to human rights, says European report

Europe’s top rights body says scale of NSA spying is ‘stunning’ and suggests UK powers may be at odds with rights convention

Europe’s top rights body has said mass surveillance practices are a fundamental threat to human rights and violate the right to privacy enshrined in European law.

The parliamentary assembly of the Council of Europe says in a report that it is “deeply concerned” by the “far-reaching, technologically advanced systems” used by the US and UK to collect, store and analyse the data of private citizens. It describes the scale of spying by the US National Security Agency, revealed by Edward Snowden, as “stunning”.

The report also suggests that British laws that give the monitoring agency GCHQ wide-ranging powers are incompatible with the European convention on human rights. It argues that British surveillance may be at odds with article 8, the right to privacy, as well as article 10, which guarantees freedom of expression, and article 6, the right to a fair trial.

“These rights are cornerstones of democracy. Their infringement without adequate judicial control jeopardises the rule of law,” it says.

There is compelling evidence that US intelligence agencies and their allies are hoovering up data “on a massive scale”, the report says. US-UK operations encompass “numerous persons against whom there is no ground for suspicion of any wrongdoing,” it adds.

The assembly is made up of delegates from 47 member states, including European Union and former Soviet countries. It is due to debate the report’s recommendations on Tuesday.

Though the recommendations are not binding on governments, the European court of human rights looks to the assembly for broad inspiration, and occasionally cites it in its rulings.

Several British surveillance cases are currently before the Strasbourg court. Amnesty International, the American Civil Liberties Union, Privacy International and Liberty all argue that GCHQ’s mass collection of data infringes European law. In December the UK’s investigatory powers tribunal (IPT) dismissed their complaint.

The 35-page assembly report, written by a Dutch MP, Pieter Omtzigt, begins with a quote from the Russian novelist Alexander Solzhenitysn: “Our freedom is built on what others do not know of our existences”. It says the knowledge that states do engage in mass surveillance has a “chilling effect” on the exercise of basic freedoms.

It says the assembly is deeply worried by the fact that intelligence agencies have deliberately weakened internet security by creating back doors and systematically exploiting weakness in security standards and implementation. Back doors can easily be exploited by “terrorists and cyber-terrorists or other criminals”, it says, calling for a greater use of encryption.

Another concern is the use of “secret laws, secret courts and secret interpretations of such laws” to justify mass surveillance. Typically, these laws “are very poorly scrutinised”.

The assembly acknowledges there is a need for “effective targeted surveillance of suspected terrorists and organised criminals”. But citing independent reviews carried out in the US, it says there is little evidence that mass surveillance has stopped terrorist attacks. It notes: “Instead, resources that might prevent attacks are diverted to mass surveillance, leaving potentially dangerous persons free to act.”

There is no mention of the recent attacks in Paris by three jihadist terrorists who shot dead 17 people. All three were known to the French authorities, who had them under surveillance but discontinued eavesdropping last summer. David Cameron has argued that the Paris attacks show that British spies need further surveillance powers. The report implicitly rejects this conclusion.

The assembly has been taking evidence on mass surveillance since last year. In April Snowden spoke to delegates via a video link from Moscow. He revealed that the NSA had specifically targeted non-governmental organisations and other civil groups, both in the US and internationally.

Snowden’s decision to leak documents to the Guardian and other media organisations in June 2013, was courageous, Omtzigt said, and had “triggered public debate on the protection of privacy”. American officials, meanwhile, turned down an invitation to address the assembly, the MP said.

The draft report will be debated in committee and by the full assembly later this year.

It calls for:

• Collection of personal data without consent only if court-ordered on the basis of reasonable suspicion.

• Stronger parliamentary/judicial control of the intelligence services.

• Credible protection for whistleblowers (like Snowden) who expose wrongdoing by spy agencies.

• An international “codex” of rules governing intelligence sharing that national agencies could opt into.

Governments are free to implement or ignore the recommendations. However, if they reject them they have to explain why. They usually reply within six months.

The report says that Europe’s intelligence services work closely with their American counterparts. It says the Netherlands, for example, intercepted vast amounts of Somali telephone traffic in order to combat piracy, and shared it with the NSA. Denmark has collaborated with the US on surveillance since the late 1990s.

The relationship between the NSA and the BND, Germany’s foreign intelligence agency, has been “intimate” for the past 13 years. Revelations that the NSA spied on Angela Merkel’s mobile phone may have strained relations, but Germany still hosts several major NSA sites, including the NSA’s European headquarters in Stuttgart.

According to Omtzigt, surveillance powers have grown, and political oversight has diminished. Political leaders have lost control over their own intelligence agencies. The result is a “runaway surveillance machine”. Moreover, most politicians can no longer understand the immensely technical programmes involved, the report says.

The MP cites the case of James Clapper, the US director of national intelligence, who in April 2013 told the Senate that the NSA didn’t “wittingly” collect data on millions of Americans. Clapper later apologised for giving an untrue answer. “I still do not want to believe that he lied,” Omtzigt writes, adding that much intelligence work has been outsourced to private companies.

The assembly sent a letter to the German, British and US authorities asking whether they colluded with each other – in other words, got round laws preventing domestic spying by getting a third party to do it for them. The Germans and British denied this; the US failed to reply.

The report concludes that the UK response was probably true, given extensive British laws that already allow practically unlimited spying. The new Data Retention and Investigatory Powers Act – Drip, for short – passed in July, allows the wide-ranging collection of personal data, in particular metadata, the report says. “There seems to be little need for circumvention any more,” it concludes.

quote:

Secret ‘BADASS’ Intelligence Program Spied on Smartphones

quote:

British and Canadian spy agencies accumulated sensitive data on smartphone users, including location, app preferences, and unique device identifiers, by piggybacking on ubiquitous software from advertising and analytics companies, according to a document obtained by NSA whistleblower Edward Snowden.

The document, included in a trove of Snowden material released by Der Spiegel on January 17, outlines a secret program run by the intelligence agencies called BADASS. The German newsweekly did not write about the BADASS document, attaching it to a broader article on cyberwarfare. According to The Intercept‘s analysis of the document, intelligence agents applied BADASS software filters to streams of intercepted internet traffic, plucking from that traffic unencrypted uploads from smartphones to servers run by advertising and analytics companies.

Programmers frequently embed code from a handful of such companies into their smartphone apps because it helps them answer a variety of questions: How often does a particular user open the app, and at what time of day? Where does the user live? Where does the user work? Where is the user right now? What’s the phone’s unique identifier? What version of Android or iOS is the device running? What’s the user’s IP address? Answers to those questions guide app upgrades and help target advertisements, benefits that help explain why tracking users is not only routine in the tech industry but also considered a best practice.

For users, however, the smartphone data routinely provided to ad and analytics companies represents a major privacy threat. When combined together, the information fragments can be used to identify specific users, and when concentrated in the hands of a small number of companies, they have proven to be irresistibly convenient targets for those engaged in mass surveillance. Although the BADASS presentation appears to be roughly four years old, at least one player in the mobile advertising and analytics space, Google, acknowledges that its servers still routinely receive unencrypted uploads from Google code embedded in apps.

For spy agencies, this smartphone monitoring data represented a new, convenient way of learning more about surveillance targets, including information about their physical movements and digital activities. It also would have made it possible to design more focused cyberattacks against those people, for example by exploiting a weakness in a particular app known to be used by a particular person. Such scenarios are strongly hinted at in a 2010 NSA presentation, provided by agency whistleblower Edward Snowden and published last year in The New York Times, Pro Publica, and The Guardian. That presentation stated that smartphone monitoring would be useful because it could lead to “additional exploitation” and the unearthing of “target knowledge/leads, location, [and] target technology.”

The 2010 presentation, along with additional documents from Britain’s intelligence service Government Communications Headquarters, or GCHQ, showed that the intelligence agencies were aggressively ramping up their efforts to see into the world of mobile apps. But the specifics of how they might distill useful information from the torrent of internet packets to and from smartphones remained unclear.

quote:

Researchers Link Regin to Malware Disclosed in Recent Snowden Documents

Researchers at Kaspersky Lab have discovered shared code and functionality between the Regin malware platform and a similar platform described in a newly disclosed set of Edward Snowden documents 10 days ago by Germany’s Der Spiegel.

The link, found in a keylogger called QWERTY allegedly used by the so-called Five Eyes, leads them to conclude that the developers of each platform are either the same, or work closely together.

“Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its source codes, we conclude the QWERTY malware developers and the Regin developers are the same or working together,” wrote Kaspersky Lab researchers Costin Raiu and Igor Soumenkov today in a published report on the Securelist blog.

The Der Spiegel article describes how the U.S National Security Agency, the U.K.’s GCHQ and the rest of the Five Eyes are allegedly developing offensive Internet-based capabilities to attack computer networks managing the critical infrastructure of its adversaries.

The new Snowden documents, disclosed by Laura Poitras and a collection of eight security and privacy technologists and experts, also include an overview of a malware platform called WARRIORPRIDE. Within WARRIORPRIDE is QWERTY, a module that logs keystrokes from compromised Windows machines; Der Spiegel said the malware is likely several years old and has likely already been replaced.

The magazine released QWERTY to the public upon publication of its article. It describes QWERTY’s structure as “simple” and said there is a core driver called QWERTYKM that interacts with the Windows keyboard manager, and a QWERTYLP library which logs and stores keystrokes for analysis. Der Spiegel said after its examination of binary files, various components and libraries it’s likely there’s a connection between WARRIORPRIDE and the Australian Signals Directorate, an Aussie government intelligence agency.

Kaspersky researchers Raiu and Soumenkov said after analysis that the QWERTY malware is identical in functionality to a particular Regin plugin.

Raiu and Soumenkov said researchers took apart the QWERTY module and found three binaries and configuration files. One binary called 20123.sys is a kernel mode component of the QWERTY keylogger that was built from source code also found in a Regin module, a plug-in called 50251.

In a report published today, side-by-side comparisons of the respective source code shows they are close to identical, sharing large chunks of code. The researchers said that one piece of code in particular references plug-ins from the Regin platform and is used in QWERTY and its Regin counterpart. It addresses a Regin plug-in, called 50225, that is responsible for kernel-mode hooking, the Kaspersky researchers said.

“This is solid proof that the QWERTY plugin can only operate as part of the Regin platform, leveraging the kernel hooking functions from plugin 50225,” Raiu and Soumenkov wrote.

“As an additional proof that both modules use the same software platform, we can take a look at functions exported by ordinal 1 of both modules,” they also wrote. “They contain the startup code that can be found in any other plugin of Regin, and include the actual plugin number that is registered within the platform to allow further addressing of the module. This only makes sense if the modules are used with the Regin platform orchestrator.”

The Regin malware platform was disclosed in late November by Kaspersky Lab and it was quickly labeled one of the most advanced espionage malware platforms ever studied, surpassing even Stuxnet and Flame in complexity. The platform is used to steal secrets from government agencies, research institutions, banks and can even be tweaked to attack GSM telecom network operators.

Last week, Kaspersky researchers published another Regin report, this one describing two standalone modules used for lateral movement and to establish a backdoor in order to move data off compromised machines. The modules, named Hopscotch and Legspin, have also likely been retired given they were developed perhaps more than a decade ago.

quote:

Snowden Files Show Canada Spy Agency Runs Global Internet Watch: CBC

OTTAWA — Canada's electronic spy agency has been intercepting and analyzing data on up to 15 million file downloads daily as part of a global surveillance program, according to a report published on Wednesday.

Critics said the revelations, made in 2012 documents obtained by former U.S. spy agency contractor Edward Snowden and leaked to journalists, showed much more oversight was needed over Canada's Communications Security Establishment (CSE).

The documents are the first indication from the Snowden files showing Canada had its own globe-spanning Internet surveillance in a bid to counter extremists.

The covert dragnet, nicknamed Levitation, has covered allied countries and trading partners such as the United States, Britain, Brazil, Germany, Spain and Portugal, the report by CBC News and news website The Intercept said. The Intercept, which includes journalist Glenn Greenwald, obtained the documents from Snowden.

Brazil’s government, which fell out with Washington in 2013 over revelations that the U.S. National Security Agency, Snowden's former employer, had eavesdropped on President Dilma Roussef, criticized the reported Canadian spying.

“Brazil regrets and repudiates all unauthorized espionage on foreign officials by intelligence agencies,” the Foreign Ministry said in a statement emailed to Reuters on Wednesday. It said Brazil has sought to enhance Internet privacy and security through international governance agreements.

A U.S. intelligence official declined to comment.

The Canadian Broadcasting Corporation News (CBC) report said the CSE nets what it said the agency calls 350 "interesting download events" each month.

CSE is a secretive body, which like the NSA, monitors electronic communication and helps protect national computer networks. It is not allowed to target Canadians or Canadian corporations.

In the past, CSE has faced allegations that it has improperly intercepted Canadians' phone conversations and emails. CSE says it has safeguards in place to protect any information about Canadians it might inadvertently collect.

An independent watchdog monitors CSE, but the watchdog's powers are limited. A spokesman said it is reviewing CSE's use of metadata but declined to say if it would include the latest reports in the process.

Opposition parties moved in Parliament last October to give the CSE watchdog a more robust role but were defeated by the governing Conservatives.

Among CSE's hauls, the eavesdropping program has discovered a German hostage video and an uploaded document that revealed the hostage strategy of an al-Qaeda wing in North Africa, the CBC said.

The agency did not confirm the report, saying in a statement that "CSE's foreign signals intelligence has played a vital role in uncovering foreign-based extremists' efforts to attract, radicalize, and train individuals to carry out attacks".

The Snowden documents show the agency has sifted through 10 million to 15 million uploads a day of videos, music documents and other files hosted by 102 file-sharing websites.

Canada is part of the Five Eyes intelligence sharing network, along with the United States, Britain, Australia and New Zealand.

In 2013, Brazil's Rousseff demanded an explanation from Canada after a media report, also based on Snowden documents, said CSE spied on the South American country's mines and energy ministry.

Canadian security expert Wesley Wark said Levitation might well be covered by CSE's foreign intelligence mandate, but questioned its effectiveness.

"Does this massive trawling of free download sites aimed at detecting terrorist communications or identities really deliver useful intelligence?" asked Wark, a University of Ottawa professor, noting CSE had talked of only two successes.

In 2013, the CBC cited other Snowden documents that it said showed Canada had allowed the NSA to conduct widespread surveillance during the 2010 Group of 20 summit in Toronto.

Last August, the government watchdog said CSE should tighten its procedures for handling the private calls and emails it intercepts.

"These are powerful capabilities in the hands of the state that in effect monitor all of our digital actions," said Ron Deibert, director of the Canada Centre for Global Security Studies. "They collect it all; are we confident that they are not going to abuse it?"

quote:

Paus en Snowden maken kans op Nobelprijs voor Vrede

quote:

Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise

quote:

The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents.

In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . . get access to the emails themselves,” reads one top secret 2010 National Security Agency document.

These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.

quote:

Britse inlichtingendienst mocht Amerikaanse data NSA niet gebruiken

De Britse inlichtingendienst GCHQ heeft mensenrechtenwetgeving geschonden door gegevens te verwerken die werden verzameld door de Amerikaanse NSA.

Dat heeft het Investigatory Powers Tribunal (IPT), een rechtbank die toezicht houdt op de Britse geheime diensten, vrijdag geoordeeld (pdf).

Het is voor het eerst in het vijftienjarige bestaan van het IPT dat ten nadele van een inlichtingendienst wordt geoordeeld, zo stelt Privacy International, een van de aanklagers in de zaak.

Vóór december 2014 was het gebruik van NSA-gegevens illegaal, omdat de regels rond de Britse toegang tot onder meer het Prism-programma van de VS geheim waren. Pas na onthullingen van klokkenluider Edward Snowden kwam dit in de openbaarheid.

Openbaar

Sinds december 2014 is het gebruik van NSA-gegevens door GCHQ wel toegestaan, oordeelde de rechtbank eerder. Sindsdien zijn de regels rond deze gegevensuitwisseling openbaar gemaakt.

De zaak draaide om gebruik van gegevens die worden verzameld via Prism en het spionageprogramma Upstream. Via Prism verzamelt de NSA gegevens van grote internetbedrijven als Google, Microsoft en Apple. Upstream verzamelt gegevens via internationale glasvezelkabels.

Door de geheimhouding rond deze spionageprogramma's werd een deel van de zaak in besloten sessies gehoord, zonder dat de betrokken privacyorganisaties hierbij aanwezig mochten zijn.

Privacy International zegt de rechtbank te zullen vragen om bevestiging dat communicatie voor december 2014 illegaal is verzameld, en te vragen om verwijdering van de gegevens.

Massasurveillance

"Het oordeel van vandaag bevestigt wat velen al lange tijd zeggen: in het afgelopen decennium hebben GCHQ en de NSA met een illegaal massasurveillanceprogramma een effect gehad op miljoenen mensen over de hele wereld", zegt Eric King, vice-directeur van Privacy International, in een verklaring.

"Maar er moet meer worden gedaan. De enige reden dat de deelrelatie tussen de NSA en GCHQ vandaag nog legaal is, is omdat de overheid zich op het laatste moment inzette om voorheen geheime 'regelingen' te openbaren. Dat is duidelijk niet genoeg om een blijvende, gigantische maas in de wet te repareren. We hopen dat het Europees Hof besluit om in het voordeel van privacy te oordelen, in plaats van voor ongecontroleerde staatsmacht."

Het Europees Hof heeft al aangekondigd GCHQ-zaken te willen behandelen die eerder door het IPT zijn afgehandeld.

Waarborgen

"Het IPT-oordeel van vandaag bevestigt opnieuw dat de processen en waarborgen rond het delen van inlichtingen volledig adequaat waren" stelt GCHQ in een reactie. "Het gaat enkel om de hoeveelheid details over die processen en waarborgen die in het publieke domein moeten zijn."

"Van nature moet veel van het werk van GCHQ geheim blijven. Maar we werken samen met de rest van de overheid om het publieke begrip over ons werk te verbeteren, evenals het sterke wettelijke en beleidsraamwerk dat ons werk onderbouwt."

quote:

Nieuw kabinetsvoorstel 'heel schadelijk' voor digitale infrastructuur

quote:

Het kabinet wil inlichtingendiensten AIVD en MIVD de mogelijkheid geven om ongericht informatie te verzamelen via internetkabels. Meer dan negentig procent van de telecommunicatie gaat inmiddels via kabels. Komende week debatteert de Tweede Kamer erover. Goslings: 'Dit voorstel is heel schadelijk voor de belangrijke internationale positie van AMS-IX en de Nederlandse digitale infrastructuur. Een positie waar de Nederlandse regering zelf op wil voortborduren: dit is tenslotte de sector waar de groei vandaan komt, ook in termen van hoogwaardige werkgelegenheid.'

quote:

Thank Snowden: Internet Industry Now Considers The Intelligence Community An Adversary, Not A Partner

quote:

We already wrote about the information sharing efforts coming out of the White House cybersecurity summit at Stanford today. That's supposedly the focus of the event. However, there's a much bigger issue happening as well: and it's the growing distrust between the tech industry and the intelligence community. As Bloomberg notes, the CEOs of Google, Yahoo and Facebook were all invited to join President Obama at the summit and all three declined. Apple's CEO Tim Cook will be there, but he appears to be delivering a message to the intelligence and law enforcement communities, if they think they're going to get him to drop the plan to encrypt iOS devices by default:

quote:

CBP maakt gehakt van wetsvoorstel bewaarplicht

quote:

Het College Bescherming Persoonsgegevens is zeer kritisch over een wetswijziging waarmee het kabinet wil blijven doorgaan met het bewaren van telecomgegevens. Volgens een vandaag uitgebracht advies zou minister Opstelten van Veiligheid en Justitie het wetsvoorstel niet moeten indienen.

quote:

'De opsporingsautoriteiten hebben jaren ervaring opgedaan, maar het is kennelijk niet mogelijk gebleken een systematische onderbouwing te leveren van de noodzaak van deze bewaarplicht.'

quote:

NSA hackte in Nederland gevestigd bedrijf

quote:

Voor het eerst is er bewijs dat de Amerikaanse inlichtingendienst NSA een in Nederland gevestigd bedrijf heeft gehackt. Met de buitgemaakte gegevens kunnen de Amerikanen buitenlands telefoonverkeer zonder medeweten van het betreffende land of de provider ontcijferen en afluisteren.

quote:

The Great SIM Heist

quote:

American Airlines Strands Luggage From Multiple Flights In Miami; Blames 'Technical Issue'

quote:

MIA may be the airport code for Miami International Airport, but it’s also the state of luggage for hundreds -- if not thousands -- of passengers flying on American Airlines out of Miami on Friday: missing in action.

An apparent “technical issue” with its baggage conveyor belts at Miami International Airport prevented American Airlines from loading any planes with checked luggage on Friday. For eight hours, the airline let its flights depart sans bags, but did not notify passengers of the issue. Instead, most passengers discovered when they reached their destinations that their luggage hadn’t.

Even then, American Airlines did not explicitly alert customers of the glitch, according to accounts from several passengers contacted by International Business Times. Travelers waited at luggage carousels in airports around the world, only to be greeted by empty belts where their bags should have been.

“The conveyor belt system in Miami had some kind of breakdown this morning,” American Airlines spokesman Joshua Freed told International Business Times. “It meant the passenger bags couldn’t move through the system for several hours.” Freed would not specify how many flights were affected.

In a later statement emailed to IBTimes, Freed wrote, “The system was back online this afternoon and we are working to reunite those bags with our passengers. Should a customer have a question about their delayed bag, they can work with the baggage service office at their destination or call 1-800-535-5225.”

When asked why American Airlines let flights depart from Miami without passengers’ checked luggage, Freed said, “What would you expect them to do? We had to get passengers to where they were going.”

But many passengers were frustrated with the lack of communication from American Airlines. Pulitzer-winning journalist Glenn Greenwald, who helped break the Edward Snowden story, was on a flight from Miami to Los Angeles that was affected by the baggage snafu. On Friday afternoon, he tweeted the news to his 471,000 followers.

twitter:

PiracyParty twitterde op maandag 23-02-2015 om 06:13:27 The #Oscars2015 winner Citizen Four full length movie. Thank you #Snowden <3 #PiracyParty http://t.co/Ig36YkgpB3 reageer retweet

quote:

Plasterk: Nederland acccepteert geen inbraak door buitenlandse diensten

quote:

'Voor Nederland is het niet acceptabel als buitenlandse diensten hier de wet overtreden. Als we dat aantreffen, nemen we maatregelen', zei minister Plasterk vandaag in de Kamer. D66-Kamerlid Gerard Schouw stelde vragen naar aanleiding van berichtgeving in de Volkskrant over een inbraak bij simkaartbedrijf Gemalto, dat ook Nederlandse simkaarten produceert. De Amerikaanse en Britse inlichtingendiensten NSA en GCHQ zouden via toegang tot die simkaarten Nederlandse telefoongesprekken kunnen afluisteren.

Plasterk kon het bericht 'bevestigen noch ontkennen'. Hij stelde dat reeds over deze zaak met de bevriende inlichtingendiensten contact is geweest, maar dat hij daar niet publiekelijk over kan spreken. Wel wil hij de Tweede Kamer daarover in vertrouwen informeren in de zogeheten 'commissie-stiekem'.

quote:

The Government Refuses to Prove Snowden Damaged National Security

quote:

Did Edward Snowden actually damage national security? There's no way in hell to tell from official documents released to the press—they've been thoroughly redacted to the point of uselessness.

Well, that's not true: They're useful in showing that the government isn't exactly eager to reveal concrete proof that the revelations about its surveillance abuses have harmed America.

The idea that Snowden has jeopardized national security and the lives of troops is the linchpin for arguments that the ex-NSA contractor is a treasonous villain, not a whistleblower. That's why Vice sought out proof of this jeopardy in government documents:

quote:

Conservative Audience Laughs as Former NSA Chief Refers to Himself as an ‘Unrelenting Libertarian’

quote:

For a second year in a row, the Conservative Action Political Conference hosted a debate on the National Security Agency’s surveillance programs.

This morning, in a stinging rebuke similar to audience jeering of former Gov. Jim Gilmore’s seething criticism of Ed Snowden at last year’s CPAC, former NSA director Michael Hayden received an earful when he awkwardly declared that he is a libertarian.

Referring to his co-panelist Fox News’ Andrew Napolitano as an “an unrelenting libertarian,” Hayden continued, “So am I.”

As Mediaite pointed out, Hayden was quickly mocked by the audience with sustained booing and at least two people yelling, “no, you’re not!”

One person’s laughter was so loud that it is audible on C-SPAN’s video of the event.

Though Hayden went on to cast his defense of domestic spying as a his duty in the pursuit of liberty and homeland security, he also has a direct stake in the debate over surveillance — and it doesn’t make him any more disposed to the libertarian side of that debate.

Hayden is a principal with the Chertoff Group, a consulting firm for the multi-billion dollar cyber security and intelligence industry. He is also on the board of Alion Science and Technology, a military contractor that does intelligence and techical work. For that part-time gig he has been paid approximately $336,500 over the last four years, according to reports filed with the Securities and Exchange Commission.

quote:

British refusal to cooperate with spy inquiry causes row in Germany

Committee under pressure to censor disclosures about UK activity after Downing Street threatens to break off intelligence-sharing with Berlin

Downing Street and the German chancellery are embroiled in a worsening dispute over intelligence-sharing and the covert counter-terrorism campaign because of conflicts arising from the surveillance scandals surrounding the US National Security Agency and Britain’s GCHQ.

According to German newspaper reports citing government and intelligence officials in Berlin, the Bundestag’s inquiry into the NSA controversy is being jeopardised by Britain’s refusal to cooperate and its threats to break off all intelligence-sharing with Berlin should the committee reveal any UK secrets.

The weekly magazine Focus reported last month that a national security aide to David Cameron had written to Peter Altmaier, Angela Merkel’s chief of staff, refusing all requests for help in the inquiry and warning that Britain would cease supplying terrorism-related intelligence to the Germans unless Berlin yielded.

It emerged during the NSA revelations that the Americans had hacked into Merkel’s mobile phone, generating outrage in Germany and feeding growing anti-American sentiment.

Internationally, the BND, Germany’s foreign intelligence service, is viewed as less than vigorous. In the secret war on terror, the Germans are said to be dependent on signals intelligence from the British and the Americans.

Gerhard Schindler, head of the BND, was recalled from holiday and has briefed senior government officials and parliamentary leaders on what Munich’s Süddeutsche Zeitung termed on Tuesday a burgeoning crisis.

“The British possibly want to cover up that they are spying on Germany, not only on countering terror,” the newspaper said. “[Merkel’s] chancellery is baffled as to why the British are being so stubborn … Why are the British so set on escalation?

“It’s particularly hot for the British because often it’s about straightforward spying, as well as terrorism hunting. This would definitely be against the European spirit on the continent, perhaps a breach of the European treaties.”

The letter from Downing Street to Berlin was sent at the end of January and triggered a row in Germany when it was leaked to the press. Schindler and aides to Merkel tried to talk MPs on the committee into censoring disclosures about UK activity. That displeased committee members even from the government ranks, and two Greens MPs are threatening to take the issue to Germany’s supreme court in Karlsruhe.

Information already available to the committee from German sources is said to reveal operational details of UK activities, encryption methods, codes and decoding techniques.

“The British are horrified that these things could become public via the committee,” a source, said to be a senior German government official, told Focus. An intelligence official was quoted as saying: “We would be blind without the signals intelligence from the Americans and the British. Virtually all important tips on countering terror in this country have come from the Anglo-American services.”

The Americans are said to be deciding on a case-by-case basis whether to collaborate with the German inquiry and whether to supply requested materials, while the British simply say no to all requests, the Süddeutsche reported, citing committee sources.

“We can’t just exclude Great Britain,” Patrick Sensburg, the Christian Democrat MP chairing the committee, told the newspaper. “Then the Americans will write a similar letter tomorrow and we will have to give up.”

Drawing on government sources, the newspaper said: “The federal government sees the cable from London as an unconcealed threat. Since the threatening letter arrived, it’s been one crisis meeting after another in the chancellery.”

quote:

China verdedigt 'NSA-achtige' plannen

China is woensdag in de verdediging geschoten na flinke kritiek op onderdelen van een nieuwe anti-terreurwet. Door die wet zouden buitenlandse techbedrijven hun encryptiesleutels moeten overhandigen aan de Chinese overheid.

China kondigde de nieuwe regels in januari al aan. Volgens het land zijn de nieuwe regels belangrijk om staats- en bedrijfsgeheimen te beveiligen.

Een Chinese overheidswoordvoerster stelt dat veel westerse landen, waaronder de VS, vergelijkbare zaken eisen van bedrijven. Dus ook van Chinese bedrijven die in die landen actief zijn.

De plannen zijn volgens het Chinese staatspersbureau Xinhua bovendien "anders dan wat de VS heeft gedaan: de geheime diensten geen strobreed in de weg leggen en terrorismebestrijding laten verworden tot paranoïde spionage".

De plannen konden eerder deze week rekenen op felle kritiek. De Amerikaanse president Barack Obama zei eerder deze week dat de nieuwe regels moeten buitenlandse bedrijven dwingen al hun gevoelige data moeten overhandigen, zodat de Chinese overheid de gebruikers van de diensten in de gaten kan houden.

Ook de Duitse ambassadeur in Peking waarschuwde dat bedrijven zich minder snel geneigd zouden voelen zich te vestigen in China.

quote:

New Zealand spying on Pacific allies for 'Five Eyes' and NSA, Snowden files show

Secret papers show NZ spy agency GCSB is collecting calls and internet traffic in bulk and sending it to the US National Security Agency

New Zealand is spying indiscriminately on its allies in the Pacific region and sharing the information with the US and the other “Five Eyes” alliance states, according to documents from the whistleblower Edward Snowden.

The secret papers, published by the New Zealand Herald, show that the New Zealand Government Communications Security Bureau (GCSB) collects phone calls and internet communications in bulk in the region at its Waihopai Station intercept facility in the South Island.

Since a 2009 upgrade, Waihopai has been capable of “full take” collection of both content and metadata intercepted by satellite, the documents showed. The data is then channelled into the XKeyscore database run by the US National Security Agency, where it also becomes available to agencies in each of the “Five Eyes” countries: the US, Britain, Canada, Australia and New Zealand.

A leaked NSA memo credits the GCSB with providing “valuable access not otherwise available to satisfy US intelligence requirement”.

The papers – published by the Herald as part of a joint reporting operation with New Zealand investigative journalist Nicky Hager and the Intercept website co-edited by Glenn Greenwald – echo similar revelations from the earlier Snowden documents showing that Britain and the US had been spying on friendly neighbours in countries in the European Union and Latin America.

The regional surveillance conducted from the base covers Tuvalu, Nauru, Kiribati, Vanuatu and the Solomon Islands. New Caledonia and French Polynesia, both French overseas territories, are also among the listed countries. Although Samoa, Fiji, Tonga and Vanuatu are named, much of their data is now transmitted via undersea cable links that are not susceptible to Waihopai’s intercept satellites.

The revelations are particularly likely to test relations between New Zealand and Fiji, the island nation headed by Frank Bainimarama, the army chief-turned-prime minister. Following elections in Fiji in 2014, the countries have moved towards resuming full diplomatic links for the first time since the military coup led by Bainimarama in 2006.

Andrew Little, the leader of the NZ opposition Labour party, said that while he accepted the need for security agencies to protect national interests, he was “stunned at the breadth of the information that’s been collected”.

In an interview with Radio New Zealand, Little said: “It doesn’t seem to be targeted around particular threats, whether there just seems to be a hoovering of all this information and supplying it to the United States. I can’t see that that’s within the security mandate of the GCSB.”

The NZ prime minister, John Key, refused to comment on the specific revelations, saying via a spokesperson: “The Snowden documents were taken some time ago and many are old, out of date, and we can’t discount that some of what is being put forward may even be fabricated.”

Key later told reporters: “Some of the information is incorrect, some of it is out of date, and some of the assumptions are just plain wrong.

“We do have the GCSB and it is a foreign intelligence service, it does gather foreign intelligence that’s in the best interests of New Zealand and the protection of New Zealanders.”

He said successive governments had used the GCSB to gather foreign intelligence.

“Where we gather intelligence, particularly if a friend is involved, it isn’t to harm that country,” he said.

“It’s often to support or assist them.”

On Wednesday, before the publication of the documents, Key said it was a “bizarre time to be coming out making the case that New Zealand either gathers and shares information or gets information from other intelligence agencies”, adding: “Well, of course we do, and we do that to keep New Zealanders safe. We’re in the situation where we’ve got Isil reaching out to cause harm to New Zealanders, I think New Zealanders would expect me to share information.”

A GCSB spokesperson refused to comment on “speculation”, telling the Herald: “Everything we do is explicitly authorised and subject to independent oversight.”

The Samoan prime minister, Tuilaepa Sailele Malielegaoi, said he was not worried about the information in the documents.

“I don’t have any strong feelings about the allegations of spying,” he said.

Hager told the Guardian the first stories contained “by no means the most dramatic revelations” from the New Zealand-related Snowden documents.

“We spent months digging into the Snowden archive, writing lots of stories from them … We’re going to be spacing out stories over the next while based on some really interesting information,” he said.

The first New-Zealand-specific documents from the Snowden files were revealed by Greenwald in September 2014, when the journalist visited New Zealand at the invitation of Kim Dotcom, the internet tycoon sought for extradition by the US over alleged copyright-related offences. Greenwald then said the documents proved New Zealand had embarked on a mass surveillance programme called Speargun, which centred on a tap into the undersea Southern Cross cable, New Zealand’s primary internet link with the rest of the world.

Key responded by declassifying documents that he said showed the government had considered a programme for “mass protection”, but rejected the proposal. Greenwald’s allegations were “simply wrong” and “based on incomplete information”.

“There is not, and never has been, mass surveillance of New Zealanders undertaken by the GCSB,” he said.

Key branded Greenwald “Dotcom’s little henchman” and “a loser”. Greenwald in turn called Key’s attacks “adolescent” and “reckless”.

Key later acknowledged, however, that Snowden’s claim that internet data from New Zealand was easily accessible via XKeyScore “may well be right”, saying: “I don’t run the NSA any more than I run any other foreign intelligence agency or any other country”.