Monitoring NSA in de VS en erbuiten, deel 9

quote:

Complaint laid over GCSB spy claims

The Green Party has laid a complaint with the Inspector-General of Intelligence and Security, saying the Government's electronic spy agency may have broken the law.

Investigative journalist Nicky Hager says the Government is spying on Pacific nations, and passing that information on to the United States.

His claims are based on information from the American whistle blower Edward Snowden.

Mr Hager said the Government Communications Security Bureau (GCSB) intercepted communications from countries such as Fiji, Tonga, Vanuatu and Samoa, and even nations as small as Tuvalu, Nauru and Kiribati,

Greens' co-leader Russel Norman said it was illegal for the GCSB to spy on New Zealand citizens and permanent residents, but many New Zealanders who live, holiday or work in Pacific Islands may have had their data intercepted by the spy agency.

He said if that was the case then the law may have been broken.

Prime Minister John Key insists the Government's spy agency has acted within the law though will not say how or explain any further.

"We do gather information and we do use our foreign intelligence services, but only within the law and the law forbids us other than in very minor circumstances, from gathering information about New Zealanders."

Mr Key said the GCSB had given him a 100 percent categorical assurance that New Zealanders' information was not gathered other than in circumstances where the law would specifically allow it.

He said he would absolutely not be talking at all about the agency's operational matters.

Mr Key said the Government could talk to Pacific leaders if they wished about actions that may or may not have occurred, but it would not be talking to the media or the public about it.

The Prime Minister of Samoa, Tuilaepa Sa'ilele, was not too bothered about the allegations.

"All our transactions with overseas Governments or organisations are transparent, and we have nothing to hide, so if [anything is] picked up by anybody that will increase the transparency of what we do here."

The Prime Minister of Tonga, Akilisi Pohiva said it would be a pity if trust had been breached between his country and New Zealand.

"But if New Zealand has good reason to believe that it is important for New Zealand Government to share such information with other partners, with other countries, it is entirely a matter for New Zealand to decide. Now remember Tonga is small, and we have nothing to hide - it may be a serious matter for superpowers."

quote:

Key says he won't quit if mass collection of Kiwis' communications proved

Prime Minister John Key says he would not resign if it is proved that the GCSB carries out mass collection of New Zealanders' communications.

Mr Key has always insisted he would quit if it was proved that New Zealanders were subject to mass surveillance.

He insists the GCSB has told him that it is not capable of doing mass surveillance and is not legally allowed to do it.

Late last week former GCSB boss Sir Bruce Ferguson told Radio New Zealand that there was mass collection of New Zealanders' data as part of spying operations in the Pacific.

Sir Bruce also maintained however that it was legal as it was collected inadvertently and that the information on Kiwis was not used.

When asked today about whether there was a difference between the terms "collection" and "surveillance", Mr Key responded by saying he was "sure the lawyers would tell you there is a difference".

When pressed further, he refused to comment, saying he wasn't going to go into the GCSB's operational details.

quote:

New Zealand Prime Minister Retracts Vow To Resign if Mass Surveillance Is Shown

quote:

Let me be clear: any statement that mass surveillance is not performed in New Zealand, or that the internet communications are not comprehensively intercepted and monitored, or that this is not intentionally and actively abetted by the GCSB, is categorically false. . . . The prime minister’s claim to the public, that “there is no and there never has been any mass surveillance” is false. The GCSB, whose operations he is responsible for, is directly involved in the untargeted, bulk interception and algorithmic analysis of private communications sent via internet, satellite, radio, and phone networks.

quote:

The NSA Has Taken Over the Internet Backbone. We're Suing to Get it Back.

Every time you email someone overseas, the NSA copies and searches your message. It makes no difference if you or the person you're communicating with has done anything wrong. If the NSA believes your message could contain information relating to the foreign affairs of the United States – because of whom you're talking to, or whom you're talking about – it may hold on to it for as long as three years and sometimes much longer.

A new ACLU lawsuit filed today challenges this dragnet spying, called "upstream" surveillance, on behalf of Wikimedia and a broad coalition of educational, human rights, legal, and media organizations whose work depends on the privacy of their communications. The plaintiffs include Amnesty International USA, the National Association of Criminal Defense Lawyers, and The Nation magazine, and many other organizations whose work is critical to the functioning of our democracy.

But the effect of the surveillance we're challenging goes far beyond these organizations. The surveillance affects virtually every American who uses the Internet to connect with people overseas – and many who do little more than email their friends or family or browse the web. And it should be disturbing to all of us, because free expression and intellectual inquiry will wither away if the NSA is looking over our shoulders while we're online.

The world first learned of the existence of upstream surveillance from whistleblower Edward Snowden's spying revelations in June 2013. Since then, official disclosures and media reports have shown that the NSA is routinely seizing and copying the communications of millions of ordinary Americans while they are traveling over the Internet. The NSA conducts this surveillance by tapping directly into the Internet backbone inside the United States – the network of high-capacity cables and switches that carry vast numbers of Americans' communications with each other and with the rest of the world. Once the NSA copies the communications, it searches the contents of almost all international text-based communications – and many domestic ones as well – for search terms relating to its "targets."

In short, the NSA has cast a massive dragnet over Americans' international communications.

Inside the United States, upstream surveillance is conducted under a controversial spying law called the FISA Amendments Act, which allows the NSA to target the communications of foreigners abroad and to intercept Americans' communications with those foreign targets. The main problem with the law is that it doesn't limit which foreigners can be targeted. The NSA's targets may include journalists, academics, government officials, tech workers, scientists, and other innocent people who are not connected even remotely with terrorism or suspected of any wrongdoing. The agency sweeps up Americans' communications with all of those targets.

And, as our lawsuit explains, the NSA is exceeding even the authority granted by the FISA Amendments Act. Rather than limit itself to monitoring Americans' communications with the foreign targets, the NSA is spying on everyone, trying to find out who might be talking or reading about those targets.

As a result, countless innocent people will be caught up in the NSA's massive net. For instance, a high school student in the U.S. working on a term paper might visit a foreign website to read a news story or download research materials. If those documents happen to contain an email address targeted by the NSA – like this news report does – chances are the communications will be intercepted and stored for further scrutiny. The same would be true if an overseas friend, colleague, or contact sent the student a copy of that news story in an email message.

As former NSA Director Michael Hayden recently put it, "[L]et me be really clear. NSA doesn't just listen to bad people. NSA listens to interesting people. People who are communicating information."

That doesn't sound like much of a limitation on the NSA's spying – and it's not. Like many Americans, the plaintiffs in our lawsuit communicate with scores of people overseas who the NSA likely finds "interesting." For instance, researchers at Human Rights Watch depend on foreign journalists, lawyers, political dissidents, and witnesses to human rights abuses for information crucial to their advocacy and reporting back home. Wikimedia communicates with millions of people abroad, many of whom read or contribute to Wikipedia, one of the largest repositories of human knowledge on earth. We know, thanks to Edward Snowden, that the NSA is interested in what some of those users are reading.

The fact that upstream surveillance is supposedly focused on international communications is hardly a saving grace. Americans spend more and more of their lives communicating over the Internet – and more and more of those communications are global in nature, whether we realize it or not. An email from a woman in Philadelphia to her mother in Phoenix might be routed through Canada without either one knowing it. Similarly, companies like Microsoft and Google often store backup copies of their U.S. customers' emails on servers overseas, again with hardly anyone the wiser. The NSA is peeking inside virtually all of these.

Our plaintiffs have had to go out of their way to take measures, sometimes at a high cost, to protect their communications from their own government. Despite these precautions, the chilling effect is palpable. NSA surveillance makes it harder for the plaintiffs to gather information from sources who believe that by sharing information over the Internet, they are also sharing it with the U.S. government and the intelligence agencies it partners with. The work of human rights and free-knowledge organizations is profoundly undermined by this unconstitutional surveillance, and we're all worse off.

Upstream surveillance flips the Constitution on its head. It allows the government to search everything first and ask questions later, making us all less free in the process. Our suit aims to stop this kind of surveillance. Please join our effort to reform the NSA.

quote:

The CIA Campaign to Steal Apple’s Secrets

quote:

RESEARCHERS WORKING with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept.

The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released.

By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.

The CIA declined to comment for this story.

The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store.

The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.

Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a “keylogger.”

Other presentations at the CIA conference have focused on the products of Apple’s competitors, including Microsoft’s BitLocker encryption system, which is used widely on laptop and desktop computers running premium editions of Windows.

The revelations that the CIA has waged a secret campaign to defeat the security mechanisms built into Apple’s devices come as Apple and other tech giants are loudly resisting pressure from senior U.S. and U.K. government officials to weaken the security of their products. Law enforcement agencies want the companies to maintain the government’s ability to bypass security tools built into wireless devices. Perhaps more than any other corporate leader, Apple’s CEO, Tim Cook, has taken a stand for privacy as a core value, while sharply criticizing the actions of U.S. law enforcement and intelligence agencies.

“If U.S. products are OK to target, that’s news to me,” says Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute. “Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”

Apple declined to comment for this story, instead pointing to previous comments Cook and the company have made defending Apple’s privacy record.

quote:

Plasterk wijst 'anti-spionageverdrag' af

quote:

Minister Plasterk (PvdA) van Binnenlandse Zaken wijst een zogenaamd 'anti-spionageverdrag' tussen Europese landen af. Hij heeft 'ernstige aarzelingen' bij een voorstel van de Raad van Europa dat voorziet in regels voor het bespioneren van Europese burgers en bevriende overheden. Dat blijkt uit een brief die Plasterk naar de Tweede Kamer heeft gestuurd.

quote:

New Zealand Used NSA System to Target Officials, Anti-Corruption Campaigner

New Zealand’s eavesdropping agency used an Internet mass surveillance system to target government officials and an anti-corruption campaigner on a neighboring Pacific island, according to a top-secret document.

Analysts from Government Communications Security Bureau, or GCSB, programmed the Internet spy system XKEYSCORE to intercept documents authored by the closest aides and confidants of the prime minister on the tiny Solomon Islands. The agency also entered keywords into the system so that it would intercept documents containing references to the Solomons’ leading anti-corruption activist, who is known for publishing government leaks on his website.

XKEYSCORE is run by the National Security Agency, and is used to analyze billions of emails, Internet browsing sessions and online chats that are collected from some 150 different locations worldwide. GCSB has gained access to XKEYSCORE because New Zealand is a member of the Five Eyes surveillance alliance alongside the United States, the United Kingdom, Canada, and Australia.

A number of GCSB’s XKEYSCORE targets are disclosed in a top-secret document that was obtained by The Intercept and New Zealand newspaper the Herald on Sunday. The document raises questions about the scope of the surveillance and offers an unprecedented insight into specific people monitored by New Zealand’s most secretive agency.

The targets list, dated from January 2013, was authored by a GCSB analyst. It is contained in a so-called “fingerprint,” a combination of keywords used to extract particular information from the vast quantities of intercepted data swept up by XKEYSCORE. None of the individuals named on the list appear to have any association with terrorism.

Most of the targets, in fact, had a prominent role in the Solomon Islands government. Their roles around the time of January 2013 suggest GCSB was interested in collecting information sent among the prime minister’s inner circle. The targets included: Barnabas Anga, the permanent secretary of the Ministry of Foreign Affairs and External Trade; Robert Iroga, chief of staff to the prime minister; Dr Philip Tagini, special secretary to the prime minister; Fiona Indu, senior foreign affairs official; James Remobatu, cabinet secretary; and Rose Qurusu, a Solomon Islands public servant.

The seventh person caught up in the GCSB’s surveillance sweep is the leading anti-corruption campaigner in the Solomon Islands, Benjamin Afuga. For several years he has run a popular Facebook group that exposes corruption, often publishing leaked information and documents from government whistleblowers. His organization, Forum Solomon Islands International, has an office next door to Transparency International in Honiara, the capital city of the Solomon Islands. GCSB analysts programmed XKEYSCORE so that it would intercept documents sent over the Internet containing the words “Forum Solomon Islands,” “FSII,” and “Benjamin Afuga.”

Each of the named targets was contacted by the Herald on Sunday prior to publication. Several were not reachable or did respond to a request for comment. Robert Iroga, who was the prime minister’s chief of staff at the time his name appeared on the list, criticized the surveillance and said it would paint a “pretty bad image” for New Zealand.

“I’m shocked to hear about the intrusion of the New Zealand government into the sovereign affairs of a country like ours,” Iroga said. “Any intervention in this way to get information from the Solomon Islands is highly condemned.”

Benjamin Afuga, the anti-corruption campaigner, said he was concerned the surveillance may have exposed some of the sources of the leaks he publishes online.

“I’m an open person – just like an open book,” Afuga said. “I don’t have anything else other than what I’m doing as a whistleblower and someone who exposes corruption. I don’t really understand what they are looking for. I have nothing to hide.”

A spokesman for Manasseh Sogavare, the recently elected prime minister of the Solomon Islands, said the issue would be addressed through “diplomatic channels.”

The Solomon Islands are about 2,300 miles north of New Zealand and have a population of some 550,000 people, according to United Nations figures. In the late 1990s and early 2000s the islands suffered from ethnic violence known as “The Tensions.” This led to the 2003 deployment to the Solomons of New Zealand, Australian and Pacific Island police and military peacekeepers. By January 2013, the date of the target list, both New Zealand and Australia were focused on withdrawing their forces from the island country and by the end of that year they were gone.

The XKEYSCORE list shows New Zealand was carrying out surveillance of several terms associated with militant groups on the island, such as “former tension militants,” and “malaita eagle force.” But with the security situation stabilized by 2013, it is unclear why New Zealand spies appear to have continued an expansive surveillance operation across the government, even tailoring XKEYSCORE to intercept information about an anti-corruption campaigner.

Andrew Little, leader New Zealand’s Labour Party, told the Herald on Sunday the surveillance was at odds with the country’s diplomatic relationship with the Solomons. “You would assume we have relations with government at the highest level and constructive dialogue,” he said.

The surveillance may have been part of a secret attempt to intercept information about The Truth and Reconciliation Commission, an inquiry that was set up by the Solomon Islands in the aftermath of the ethnic violence. The commission was modeled on South Africa’s post-apartheid process and launched by Bishop Desmond Tutu during a 2009 visit to the Solomons. The XKEYSCORE list includes the keywords “Truth and Reconciliation Commission,” “TRC,” and “trc report.” Moreover, Afuga, the targeted anti-corruption campaigner, worked with the commission as a project coordinator.

GCSB declined to comment for this story. In a statement, the agency’s acting director, Una Jagose, said: “The GCSB exists to protect New Zealand and New Zealanders. We have a foreign intelligence mandate. We don’t comment on speculation about matters that may or may not be operational. Everything we do is explicitly authorized and subject to independent oversight.”

A spokesman for New Zealand prime minister John Key also declined to comment. The spokesman said: “New Zealand’s intelligence agencies have been, and continue to be, a significant contributor to our national security and the security of New Zealanders at home and abroad.”

In recent weeks, The Intercept has published a series of stories about the extent of New Zealand’s surveillance in collaboration with the New Zealand Herald, the Herald on Sunday, and The Sunday Star-Times. Earlier disclosures, which were based on documents from NSA whistleblower Edward Snowden, have exposed the country’s broad surveillance across the Asia-Pacific. The revelations have shown how a surveillance base in the Waihopai Valley is funneling bulk data into the XKEYSCORE system and they have also exposed that New Zealand is targeting some its strongest trading partners for surveillance and then sharing the data with the NSA.

quote:

Federal police confirm they have accessed journalists' metadata

AFP reject comments by media union on scale of access, saying requests were ‘rare’, as debate over data retention bill intensifies

The Australian Federal Police have confirmed for the first time they have accessed journalists’ telecommunications metadata in the past 18 months, but said requests were “rare”.

They said they had received 13 referrals relating to alleged unauthorised disclosures by commonwealth officials, but in the “overwhelming majority” of those cases there was no need to access journalists’ metadata. Not all the referrals related to disclosures through the media.

The comments were made as part of a statement that rejected comments by Media, Entertainment and Arts Alliance chief executive Paul Murphy about how many times the AFP had accessed journalists’ metadata.

On Monday Murphy said that in a meeting with the AFP and other government officers the AFP “had been repeatedly asked to hunt down journalists’ sources by accessing journalists’ metadata and [AFP commissioner Andrew Colvin] confirmed that it is doing so”.

“The data retention bill will simply formalise these activities with no regard to the press freedom implications and presumably encourage at least 20 government agencies to go trawling through journalists’ metadata,” Murphy said.

The AFP said the statement was inaccurate and distorted the comments. But they also confirmed a small number of authorisations for access to journalists’ metadata had been made.

The release said: “Commissioner Colvin said that over the past 18 months, the AFP has received 13 referrals relating to the alleged unauthorised disclosure of commonwealth information in breach of section 70 of the Crimes Act.

“This offence specifically criminalises the activity of commonwealth officials who have released commonwealth information in contravention of their obligations, not journalists.”

“In the overwhelming majority of these investigations, no need was identified to conduct a metadata telecommunications inquiry on a journalist. AFP requests for accessing a journalist’s metadata are rare.”

Guardian Australia has previously reported that eight of these referrals related to stories about asylum seekers.

The AFP have confirmed that at least one of these referrals resulted in an investigation – into a story about the customs vessel Ocean Protector’s incursions into Indonesian waters – that is still under way.

The AFP did not disclose as part of the release of documents under freedom of information laws any information about whether journalists’ phone or web records had been accessed.

Journalists and politicians have tried in the past – unsuccessfully – to gain more information from the AFP on metadata requests issued relating to leak investigations.

Guardian Australia has lodged freedom of information requests and requests under the Privacy Act 1988 to determine whether authorisations have been made for reporters’ phone and web data.

The AFP has refused to confirm or deny the existence of any authorisations, citing the secrecy provisions of the Telecommunications (Interception and Access) Act 1979.

In February last year the independent senator Nick Xenophon requested in Senate estimates details of the number of metadata authorisations used in commonwealth disclosure investigations.

The AFP said at the time they were not required to provide information about specific authorisations.

They said: “This system is configured to record and store information contained in the authorisation and to produce reports on the total number of authorisations. Whilst the information is stored in the system, the system is not designed to report on particular crime types which are being investigated.”

The prime minister, Tony Abbott, agreed on Monday to amend the government’s data retention bill to provide an additional safeguard for journalists that would require a warrant to be sought for access to their metadata.

The MEAA and Greens senator Scott Ludlam have continued to voice concern about the data retention scheme.

On Tuesday a number of Labor backbenchers also spoke out in opposition to the data retention bill in a caucus meeting.

The government is yet to put forward amendments to the scheme to clarify how the warrant requirement for access to journalists’ metadata would operate.

quote:

Hacking BIOS Chips Isn’t Just the NSA’s Domain Anymore

The ability to hack the BIOS chip at the heart of every computer is no longer reserved for the NSA and other three-letter agencies. Millions of machines contain basic BIOS vulnerabilities that let anyone with moderately sophisticated hacking skills compromise and control a system surreptitiously, according to two researchers.

The revelation comes two years after a catalogue of NSA spy tools leaked to journalists in Germany surprised everyone with its talk about the NSA’s efforts to infect BIOS firmware with malicious implants.

The BIOS boots a computer and helps load the operating system. By infecting this core software, which operates below antivirus and other security products and therefore is not usually scanned by them, spies can plant malware that remains live and undetected even if the computer’s operating system were wiped and re-installed.

BIOS-hacking until now has been largely the domain of advanced hackers like those of the NSA. But researchers Xeno Kovah and Corey Kallenberg presented a proof-of-concept attack today at the CanSecWest conference in Vancouver, showing how they could remotely infect the BIOS of multiple systems using a host of new vulnerabilities that took them just hours to uncover. They also found a way to gain high-level system privileges for their BIOS malware to undermine the security of specialized operating systems like Tails—used by journalists and activists for stealth communications and handling sensitive data.

Although most BIOS have protections to prevent unauthorized modifications, the researchers were able to bypass these to reflash the BIOS and implant their malicious code.

Kovah and Kallenberg recently left MITRE, a government contractor that conducts research for the Defense Department and other federal agencies, to launch LegbaCore, a firmware security consultancy. They note that the recent discovery of a firmware-hacking tool by Kaspersky Lab researchers makes it clear that firmware hacking like their BIOS demo is something the security community should be focusing on.

Because many BIOS share some of the same code, they were able to uncover vulnerabilities in 80 percent of the PCs they examined, including ones from Dell, Lenovo and HP. The vulnerabilities, which they’re calling incursion vulnerabilities, were so easy to find that they wrote a script to automate the process and eventually stopped counting the vulns it uncovered because there were too many.

“There’s one type of vulnerability, which there’s literally dozens of instances of it in every given BIOS,” says Kovah. They disclosed the vulnerabilities to the vendors and patches are in the works but have not yet been released. Kovah says, however, that even when vendors have produced BIOS patches in the past, few people have applied them.

“Because people haven’t been patching their BIOSes, all of the vulnerabilities that have been disclosed over the last couple of years are all open and available to an attacker,” he notes. “We spent the last couple of years at MITRE running around to companies trying to get them to do patches. They think BIOS is out of sight out of mind [because] they don’t hear a lot about it being attacked in the wild.”

An attacker could compromise the BIOS in two ways—through remote exploitation by delivering the attack code via a phishing email or some other method, or through physical interdiction of a system. In that case, the researchers found that if they had physical access to a system they could infect the BIOS on some machines in just two minutes. This highlights just how quickly and easy it would be, for example, for a government agent or law enforcement officer with a moment’s access to a system to compromise it.

Their malware, dubbed LightEater, uses the incursion vulnerabilities to break into and hijack the system management mode to gain escalated privileges on the system. System management mode, or SMM, is an operations mode in Intel processors that firmware uses to do certain functions with high-level system privileges that exceed even administrative and root-level privileges, Kovah notes. Using this mode, they can rewrite the contents of the BIOS chip to install an implant that gives them a persistent and stealth foothold. From there, they can install root kits and steal passwords and other data from the system.

But more significantly, SMM gives their malware the ability to read all data and code that appears in a machine’s memory. This would allow their malware, Kovah points out, to subvert any computer using the Tails operating system—the security and privacy-oriented operating system Edward Snowden and journalist Glenn Greenwald used to handle NSA documents Snowden leaked. By reading data in memory, they could steal the encryption key of a Tails user to unlock encrypted data or swipe files and other content as it appears in memory. Tails is meant to be run from a secure USB flash drive or other removable media—so that conceivably it won’t be affected by viruses or other malware that may have infected the computer. It operates in the computer’s memory and once the operating system is shut down, Tails scrubs the RAM to erase any traces of its activity. But because the LightEater malware uses the system management mode to read the contents of memory, it can grab the data while in memory before it gets scrubbed and store it in a safe place from which it can later be exfiltrated. And it can do this while all the while remaining stealth.

“Our SMM attacker lives in a place nobody checks today to see if there’s an attacker,” Kovah says. “System management mode can read everyone’s RAM, but nobody can read System Management Mode’s RAM.”

Such an attack shows, he says, that the operating system Snowden chose to protect himself can’t actually protect him from the NSA or anyone else who can design an attack like LightEater.

quote:

New Zealand Spied on WTO Director Candidates

New Zealand launched a covert surveillance operation targeting candidates vying to be director general of the World Trade Organization, a top-secret document reveals.

In the period leading up to the May 2013 appointment, the country’s electronic eavesdropping agency programmed an Internet spying system to intercept emails about a list of high-profile candidates from Brazil, Costa Rica, Ghana, Indonesia, Jordan, Kenya, Mexico, and South Korea.

New Zealand’s trade minister Tim Groser was one of nine candidates in contention for the position at the WTO, a powerful international organization based in Geneva, Switzerland that negotiates trade agreements between nations. The surveillance operation, carried out by Government Communications Security Bureau, or GCSB, appears to have been part of a secret effort to help Groser win the job.

Groser ultimately failed to get the position.

A top-secret document obtained by The Intercept and the New Zealand Herald reveals how GCSB used the XKEYSCORE Internet surveillance system to collect communications about the WTO director general candidates.

XKEYSCORE is run by the National Security Agency and is used to analyze billions of emails, Internet browsing sessions and online chats that are vacuumed up from about 150 different locations worldwide. GCSB has gained access to XKEYSCORE because New Zealand is a member of the Five Eyes surveillance alliance alongside the United States, the United Kingdom, Canada and Australia.

The WTO spying document shows how the New Zealand agency created an XKEYSCORE targeting “fingerprint,” a combination of names and keywords used to extract particular information from the vast quantities of emails and other communications accessible through the system. The document reveals that a fingerprint was specially tailored to monitor the WTO candidates and was “used to sort traffic by priority,” looking for “keywords [as they] appear in the email_body.” It is stamped with a “last modified” date of 6 May 2013, about a week before the new director general was to be announced.

Two different intelligence searches were carried out by the GCSB staff as part of what they termed the “WTO Project.” First, they looked for emails referring to Groser, the WTO, the director general candidacy, and the surnames of the other candidates: Alan John Kwadwo Kyerematen (Ghana); Amina Mohamed (Kenya); Anabel González (Costa Rica); Herminio Blanco (Mexico); Mari Elka Pangestu (Indonesia); Taeho Bark (South Korea); Ahmad Thougan Hindawi (Jordan); and Roberto Carvalho de Azevêdo (Brazil).

Second, they zeroed in on the Indonesian candidate, Pangestu, that country’s former minister of trade and a professional economist. A separate XKEYSCORE fingerprint was created, headed “WTO DG Candidacy issues – focus on Indonesian candidate.” This was presumably because the New Zealand government was particularly concerned that the job might go to another Pacific candidate ahead of Groser.

The surveillance of Pangestu appears to have targeted all Internet communications (not just email) containing the name “Pangestu,” the words “Indonesia,” “WTO” and “candidacy,” and the other candidates’ names.

The searches had keyword instructions in English, French and Spanish – for instance “zealand”, “zelande” and “zelandia” – in order to catch communications from more countries. The intercepted messages were to be passed to the GCSB’s “trade team,” which would likely have had the job of collating intelligence for people in government involved in Groser’s bid for the WTO role.

The Intercept and the New Zealand Herald attempted to contact each of the named targets prior to publication. Several were not reachable or did not respond to a request for comment. A spokesman for the WTO had not responded to multiple requests for comment at time of publication (update below).

Bark, the South Korean candidate, said he had no inkling that he was the focus of surveillance during his bid for the director general role. He told the New Zealand Herald he had received no intelligence agency support as part of his own campaign. “It’s a different world for very advanced countries,” he said.

Bark, now an academic at Seoul National University and South Korea’s ambassador-at-large for international economy and trade, added that he was not “offended” by the spying because he didn’t think it had any impact on the outcome of his effort to get the WTO job. But he predicted others would be stung by the eavesdropping revelations. “The Indonesian candidate would be very upset,” he said.

International economic law expert Meredith Kolsky Lewis, who specializes in the WTO, said she was “a bit shocked” at the allegation New Zealand had spied on emails about the director general candidates.

“I’m a little surprised that New Zealand used the surveillance power available to it for this purpose,” Lewis said. “It’s possible those who ordered the surveillance wanted to know who other countries in the region supported.”

Andrew Little, leader of New Zealand’s Labour Party, criticized the surveillance and described it as “completely out of order.”

“It just seems outrageous,” Little said. “I would have thought that [to be] a misuse of our security and intelligence agencies. It seems to me right outside the mandate of the GCSB. It’s nothing to do with security threats.”

It was in late 2012 that Groser was nominated for the position at the WTO.

The New Zealand trade minister launched a lobbying campaign as part of his candidacy bid, traveling to Europe, the United States, Africa, the Caribbean and around the Pacific Islands in an effort to win support from members of the WTO’s general council, which includes representatives from 160 countries.

However, his campaign was unsuccessful. Brazil’s Azevêdo (pictured above) was appointed the WTO’s new director general on 14 May 2013.

Three weeks earlier, when it had become clear that Groser was not going to make the final shortlist, New Zealand’s prime minister, John Key, expressed his disappointment. “At the end of the day it was always going to be a long shot – so he gave it his best go with the support of the government,” Key said.

What the public didn’t know was that this support had included deploying the GCSB to spy on communications about the competitors.

At the time of the surveillance, prime minister Key was the minister in charge of the GCSB, raising the question of whether he knew about and personally sanctioned the electronic eavesdropping to help Groser.

A spokesman for Key declined to answer any questions about the WTO spying and instead issued a boilerplate response. “New Zealand’s intelligence agencies have been, and continue to be, a significant contributor to our national security and the security of New Zealanders at home and abroad,” the spokesman said.

Groser, reached by New Zealand Herald reporters late Saturday, said the government wouldn’t discuss “such leaks” because he claimed they were “often wrong, [and] they are deliberately timed to try and create political damage.” Asked if he knew the GCSB was conducting surveillance for him, he said: “I’ve got no comment to make whatsoever.”

GCSB also declined to comment on any of the specific revelations. In a statement, the agency’s acting director, Una Jagose, said: “The GCSB exists to protect New Zealand and New Zealanders. We have a foreign intelligence mandate. We don’t comment on speculation about matters that may or may not be operational. Everything we do is explicitly authorized and subject to independent oversight.”

Last week, The Intercept revealed that GCSB used XKEYSCORE to target top government officials and an anti-corruption campaigner in the Solomon Islands.

Earlier disclosures, which were based on documents from NSA whistleblower Edward Snowden, have exposed how New Zealand is funneling data into XKEYSCORE from a surveillance base in the Waihopai Valley and is spying on about 20 countries across the world, predominantly in the Asia-Pacific region, among them small Pacific islands and major trading partners including Japan, Vietnam, and China.

The Intercept is reporting details about New Zealand’s surveillance operations in collaboration with the New Zealand Herald, the Herald on Sunday, and the Sunday Star-Times.

Update, March 22, 2015 at 17:30 ET: Reached by phone Sunday, WTO spokesman Keith Rockwell told The Intercept he was “learning about this for the very first time” and said he would not comment on the New Zealand spying until he had looked closer at the details. “Tomorrow morning I’ll go into the office and we’ll discuss it and we’ll try to figure out what’s going on,” he said.

quote:

Britain’s Surveillance State

Edward Snowden exposed the extent of mass surveillance conducted not just by the United States but also by allies like Britain. Now, a committee of the British Parliament has proposed legal reforms to Britain’s intelligence agencies that are mostly cosmetic and would do little to protect individual privacy.

In a report published on March 12, the Intelligence and Security Committee acknowledged that agencies like MI5 collect, sift through and examine millions of communications. Most of this is legal, the committee said, and justified by national security. It proposed a new law that would tell people more about the kind of information the government collects about them but would not meaningfully limit mass surveillance. That is hardly sufficient for a system that needs strong new checks and balances.

Separately, a legal filing by the British government made public on Wednesday showed that its intelligence agencies maintain the right to hack into the computers, phones and other devices owned not just by suspected terrorists and criminals but also people who “are not intelligence targets in their own right.” The filing was published by Privacy International, one of several advocacy groups that have challenged government surveillance in court.

As things stand now, intelligence agencies can monitor vast amounts of communications and do so with only a warrant from a government minister to begin intercepting them. Lawmakers should limit the amount of data officials can sweep up and require them to obtain warrants from judges, who are more likely to push back against overly broad requests.

The parliamentary committee, however, did not see the need to limit data collection and concluded that ministers should continue to approve warrants because they are better than judges at evaluating diplomatic, political and public interests. That rationale ignores the fact that ministers are also less likely to deny requests from officials who directly report to them.

The committee’s acceptance of the status quo partly reflects the fact that Britons have generally been more accepting of intrusive government surveillance than Americans; security cameras, for instance, are ubiquitous in Britain. But the committee itself was far from impartial. Its nine members were all nominated by Prime Minister David Cameron, who has pushed for even greater surveillance powers.

After the attack against the French newspaper Charlie Hebdo in January, Mr. Cameron asked technology companies to help his government monitor encrypted communications and warned that those who refused to do so could be banned from doing business in Britain.

Parliament is unlikely to act on the committee’s report in its current form before the upcoming national election scheduled for May. In the meantime, legal cases challenging British surveillance practices filed by groups like Privacy International and Liberty are expected to end up at the European Court of Human Rights. In the past, that court has taken an expansive view of the individual’s right to privacy under the European Convention on Human Rights.

Governments certainly should have the ability to intercept communications to investigate crimes and terrorist plots. But lawmakers should place sensible limits on surveillance and require government officials to meet a high burden of proof before they are allowed to listen in on phone calls, read emails and troll through the web browsing histories of individuals.

quote:

Communication Security Establishment's cyberwarfare toolbox revealed

quote:

Top-secret documents obtained by the CBC show Canada's electronic spy agency has developed a vast arsenal of cyberwarfare tools alongside its U.S. and British counterparts to hack into computers and phones in many parts of the world, including in friendly trade countries like Mexico and hotspots like the Middle East.

The little known Communications Security Establishment wanted to become more aggressive by 2015, the documents also said.

Revelations about the agency's prowess should serve as a "major wakeup call for all Canadians," particularly in the context of the current parliamentary debate over whether to give intelligence officials the power to disrupt national security threats, says Ronald Deibert, director of the Citizen Lab, the respected internet research group at University of Toronto's Munk School of Global Affairs.

"These are awesome powers that should only be granted to the government with enormous trepidation and only with a correspondingly massive investment in equally powerful systems of oversight, review and public accountability," says Deibert.

Details of the CSE’s capabilities are revealed in several top-secret documents analyzed by CBC News in collaboration with The Intercept, a U.S. news website co-founded by Glenn Greenwald, the journalist who obtained the documents from U.S. whistleblower Edward Snowden.

quote:

Leave Facebook if you don't want to be spied on, warns EU

European Commission admits Safe Harbour framework cannot ensure privacy of EU citizens’ data when sent to the US by American internet firms

The European Commission has warned EU citizens that they should close their Facebook accounts if they want to keep information private from US security services, finding that current Safe Harbour legislation does not protect citizen’s data.

The comments were made by EC attorney Bernhard Schima in a case brought by privacy campaigner Maximilian Schrems, looking at whether the data of EU citizens should be considered safe if sent to the US in a post-Snowden revelation landscape.

“You might consider closing your Facebook account, if you have one,” Schima told attorney general Yves Bot in a hearing of the case at the European court of justice in Luxembourg.

When asked directly, the commission could not confirm to the court that the Safe Harbour rules provide adequate protection of EU citizens’ data as it currently stands.

The US no longer qualifies

The case, dubbed “the Facebook data privacy case”, concerns the current Safe Harbour framework, which covers the transmission of EU citizens’ data across the Atlantic to the US. Without the framework, it is against EU law to transmit private data outside of the EU. The case collects complaints lodged against Apple, Facebook, Microsoft, Microsoft-owned Skype and Yahoo.

Schrems maintains that companies operating inside the EU should not be allowed to transfer data to the US under Safe Harbour protections – which state that US data protection rules are adequate if information is passed by companies on a “self-certify” basis – because the US no longer qualifies for such a status.

The case argues that the US government’s Prism data collection programme, revealed by Edward Snowden in the NSA files, which sees EU citizens’ data held by US companies passed on to US intelligence agencies, breaches the EU’s Data Protection Directive “adequacy” standard for privacy protection, meaning that the Safe Harbour framework no longer applies.

Poland and a few other member states as well as advocacy group Digital Rights Ireland joined Schrems in arguing that the Safe Harbour framework cannot ensure the protection of EU citizens’ data and therefore is in violation of the two articles of the Data Protection Directive.

The commission, however, argued that Safe Harbour is necessary both politically and economically and that it is still a work in progress. The EC and the Ireland data protection watchdog argue that the EC should be left to reform it with a 13-point plan to ensure the privacy of EU citizens’ data.

“There have been a spate of cases from the ECJ and other courts on data privacy and retention showing the judiciary as being more than willing to be a disrupting influence,” said Paula Barrett, partner and data protection expert at law firm Eversheds. “Bringing down the safe harbour mechanism might seem politically and economically ill-conceived, but as the decision of the ECJ in the so-called ‘right to be forgotten’ case seems to reinforce that isn’t a fetter which the ECJ is restrained by.”

An opinion on the Safe Harbour framework from the ECJ is expected by 24 June.

Facebook declined to comment.

quote:

AP Exclusive: Before leak, NSA mulled ending phone program

WASHINGTON (AP) — The National Security Agency considered abandoning its secret program to collect and store American calling records in the months before leaker Edward Snowden revealed the practice, current and former intelligence officials say, because some officials believed the costs outweighed the meager counterterrorism benefits.

After the leak and the collective surprise around the world, NSA leaders strongly defended the phone records program to Congress and the public, but without disclosing the internal debate.

The proposal to kill the program was circulating among top managers but had not yet reached the desk of Gen. Keith Alexander, then the NSA director, according to current and former intelligence officials who would not be quoted because the details are sensitive. Two former senior NSA officials say they doubt Alexander would have approved it.

Still, the behind-the-scenes NSA concerns, which have not been reported previously, could be relevant as Congress decides whether to renew or modify the phone records collection when the law authorizing it expires in June.

The internal critics pointed out that the already high costs of vacuuming up and storing the “to and from” information from nearly every domestic landline call were rising, the system was not capturing most cellphone calls, and program was not central to unraveling terrorist plots, the officials said. They worried about public outrage if the program ever was revealed.

After the program was disclosed, civil liberties advocates attacked it, saying the records could give a secret intelligence agency a road map to Americans’ private activities. NSA officials presented a forceful rebuttal that helped shaped public opinion.

Responding to widespread criticism, President Barack Obama in January 2014 proposed that the NSA stop collecting the records, but instead request them when needed in terrorism investigations from telephone companies, which tend to keep them for 18 months.

Yet the president has insisted that legislation is required to adopt his proposal, and Congress has not acted. So the NSA continues to collect and store records of private U.S. phone calls for use in terrorism investigations under Section 215 of the Patriot Act. Many lawmakers want the program to continue as is.

Alexander argued that the program was an essential tool because it allows the FBI and the NSA to hunt for domestic plots by searching American calling records against phone numbers associated with international terrorists. He and other NSA officials support Obama’s plan to let the phone companies keep the data, as long as the government quickly can search it.

Civil liberties activists say it was never a good idea to allow a secret intelligence agency to store records of Americans’ private phone calls, and some are not sure the government should search them in bulk. They say government can point to only a single domestic terrorism defendant who was implicated by a phone records search under the program, a San Diego taxi driver who was convicted of raising $15,000 for a Somali terrorist group.

Some fault NSA for failing to disclose the internal debate about the program.

“This is consistent with our experience with the intelligence community,” said Rep. Justin Amash, R-Mich. “Even when we have classified briefings, it’s like a game of 20 questions and we can’t get to the bottom of anything.”

The proposal to halt phone records collection that was circulating in 2013 was separate from a 2009 examination of the program by NSA, sparked by objections from a senior NSA official, reported in November by The Associated Press. In that case, a senior NSA code breaker learned about the program and concluded it was wrong for the agency to collect and store American records. The NSA enlisted the Justice Department in an examination of whether the search function could be preserved with the records stores by the phone companies.

That would not work without a change in the law, the review concluded. Alexander, who retired in March 2014, opted to continue the program as is.

But the internal debate continued, current and former officials say, and critics within the NSA pressed their case against the program. To them, the program had become an expensive insurance policy with an increasing number of loopholes, given the lack of mobile data. They also knew it would be deeply controversial if made public.

By 2013, some NSA officials were ready to stop the bulk collection even though they knew they would lose the ability to search a database of U.S. calling records. As always, the FBI still would be able to obtain the phone records of suspects through a court order.

There was a precedent for ending collection cold turkey. Two years earlier, the NSA cited similar cost-benefit calculations when it stopped another secret program under which it was collecting Americans’ email metadata — information showing who was communicating with whom, but not the content of the messages. That decision was made public via the Snowden leaks.

Alexander believed that the FBI and the NSA were still getting crucial value out of the phone records program, in contrast to the email records program, former NSA officials say.

After the Snowden leaks, independent experts who looked at the program didn’t agree. A presidential task force examined NSA surveillance and recommended ending the phone records collection, saying it posed unacceptable privacy risks while doing little if anything to stop terrorism. The task force included Michael Morell, a former deputy CIA director, and Richard Clarke, a former White House counter terrorism adviser.

“We cannot discount the risk, in light of the lessons of our own history, that at some point in the future, high-level government officials will decide that this massive database of extraordinarily sensitive private information is there for the plucking,” the report said. Times, dates and numbers called can provide a window into a person’s activities and connections.

A separate inquiry by the Privacy and Civil Liberties Oversight Board concluded the same thing.

David Medine, chairman of that board, said the concerns raised internally by NSA officials were the same as theirs, yet when NSA officials came before the privacy board, they “put on a pretty strong defense for the program. Except their success stories didn’t pan out,” he said.

quote:

Dode na rampoging bij ingang NSA

Bij de toegangspoort van de Amerikaanse inlichtingendienst NSA is vandaag een dode gevallen nadat een automobilist de entree wilde rammen. Verder zouden er een of twee mensen gewond zijn, meldden Amerikaanse media.

Rond 09.30 uur probeerde de bestuurder de poort van het hoofdkantoor van de NSA in Fort Meade te rammen. Volgens NBC Washington zouden er twee mannen in de auto hebben gezeten, die verkleed waren als vrouwen. Ze wilden naar binnen bij het kantoor. Beide mannen zouden zijn geraakt door kogels van bewakers. Er lagen volgens de zender een geweer en drugs in de auto.

De NSA is bekend vanwege vele schandalen van de afgelopen jaren. Klokkenluider Edward Snowden lekte documenten, waardoor duidelijk werd dat de inlichtingendienst op soms buitensporige en vermoedelijk zelfs illegale wijze informatie vergaarde.

quote:

Pew Survey: Snowden Leaks Are Affecting the Way Americans View Privacy

quote:

It’s been nearly two years since former National Security Agency (NSA) contractor Edward Snowden first leaked to the Guardian that the NSA was spying on American citizens. A new survey from the Pew Research center finds that the revelations of the mass government surveillance programs has definitely impacted the way certain segments of the American population now view their privacy — but that hasn’t yet translated into behavior changes.

The survey found that a vast majority of respondents — 87 percent — had heard of the leaks in some way. Among them about a third, 34 percent, had actually modified their behaviors to protect their privacy from the government more, with 25 percent reporting they had modified the way they use different technologies “a great deal” or “somewhat.” Common reactions included changing their privacy settings on social media (17 percent), using social media less often (15 percent), avoiding certain apps (15 percent) and uninstalling apps (13 percent).

Meanwhile, 14 percent of the 475 respondents said they now speak in person more often than communicating online or over the phone. About 13 percent said they now avoid the use of certain terminology online.

quote:

Who Knows What Evils Lurk in the Shadows?

The story of the powerful spy agency most Canadians still don’t know, and the security bill that would expand its resources and reach

quote:

Charlie Hebdo. Ottawa. Peshawar. Westgate. Mumbai. Acts of terror such as these have become an unfortunate by-product of the hypermedia world in which we now live. Governments worldwide have responded to these incidents with a sense of urgency: new anti-terrorism laws and expanded law enforcement and intelligence capabilities.

Canada’s version is now before us as Bill C-51, an omnibus crime and anti-terrorism bill that introduces two new security laws and amends 15 existing laws, including the Criminal Code and the CSIS Act. C-51 sets out to counter not just “terrorism” but the vast undefined expanse C-51 describes as “threats to the security of Canada.” The Harper government has pushed variations of these laws unsuccessfully over years. But it was the Ottawa attacks, followed quickly by those in Paris, which created a window of political opportunity prior to federal elections to throw together the package. These measures are the most sweeping change of Canadian national security laws since the 2001 terror attacks on the United States (9/11). As the law is being debated, it is important that Canadians understand the full implications.

quote:

Edward Snowden issues 'call to arms' for tech companies in secret SXSW meeting

quote:

NSA whistleblower Edward Snowden was a highlight of last year's SXSW, where he gave one of his first public speeches. This year, Snowden was back at SXSW — but only a few people even knew it was happening. Snowden held a streamed question-and-answer session with roughly two dozen people from across the technology and policy world, which participant Sunday Yokubaitis, president of online privacy company Golden Frog, described as a "call to arms" for tech companies to foil spying with better privacy tools.

According to Yokubaitis, Snowden said that as policy reform lagged, companies should adopt more secure technology that could block surveillance altogether or make it too difficult to pursue en masse. A big focus was end-to-end encryption, which would mean no one (including companies) could see the contents of communications except the sender and recipient. "The low-hanging fruit is always [the] transit layer," he reportedly said. "It raises the cost. Every time we raise the cost, we force budgetary constraints." This is especially relevant as tools that are originally built for targeted use overseas slowly grow into broader programs. "We hope that they start with North Korea and by the time they end up in Ohio, they run out of budget."

Snowden described common security systems like SSL, meanwhile, as "critical infrastructure" that didn't receive enough investment and became vulnerable as a result. And if encryption isn't common enough, simply using it can mark a message as suspicious, which is part of the reason companies should be working on better encryption options. "Him saying that validates that companies should try and fill the holes, and not wait for policy," said Yokubaitis after the meeting.

quote:

The DEA Has Been Secretly Buying Hacking Tools From an Italian Company

quote:

The Drug Enforcement Administration has been buying spyware produced by the controversial Italian surveillance tech company Hacking Team since 2012, Motherboard has learned.

The software, known as Remote Control System or “RCS,” is capable of intercepting phone calls, texts, and social media messages, and can surreptitiously turn on a user’s webcam and microphone as well as collect passwords.

The DEA originally placed an order for the software in August of 2012, according to both public records and sources with knowledge of the deal.

The contract, which has not been previously revealed, shows that the FBI is not the only US government agency engaged in hacking tactics, but that the DEA has also been purchasing off-the-shelf malware that could be used to spy on suspected criminals.

This revelation comes just a week after USA Today uncovered a secret program with which the DEA collected the phone records of millions of Americans for more than 20 years, a program that pre-dated and inspired the NSA’s own bulk telephone collection program, suggesting that the drug agency is sort of a pioneer in the use of surveillance.

quote:

Security expert used Tor to collect government e-mail passwords

A security expert who exposed the passwords and login information for a number …

Last month, Swedish security specialist Dan Egerstad exposed the passwords and login information for 100 e-mail accounts on embassy and government servers. In a blog entry today, Egerstad disclosed his methodology. He collected the information by running a specialized packet sniffer on five Tor exit nodes operated by his organization, Deranged Security.

Tor is an onion routing service that facilitates anonymous Internet communication. Originally developed by the US Naval Research Laboratory and formerly funded by the Electronic Frontier Foundation, Tor is designed to protect users from traffic analysis and other kinds of network surveillance. It works by relaying connections through a series of distributed network servers. When a Tor user visits a web site, the IP address detected and logged by that site will be the IP address of one of the Tor nodes rather than the actual user. This makes it possible for users to obscure their identity under certain circumstances.

Unfortunately, many Tor users do not realize that all of their network traffic is being exposed to Tor exit nodes. Tor users who do not use encryption are broadly exposing themselves to identity theft. Egerstad was originally doing a study on e-mail encryption, but during the course of the research project, he decided to create the packet sniffer and expose sensitive e-mail login data in order to increase awareness of the fact that Tor exposes sensitive information when not used with encryption.

Egerstad believed that privately disclosing his findings to the organizations whose passwords he obtained would not convince them to change their practices. He also knew that it was only a matter of time before others with malicious intent would perform the same kind of experiment, so he felt that broad public disclosure was the only way he could generate enough attention to force people to think about the problem.

"Experience tells me that even if I would contact everyone on this list most are not going to listen," Egerstad wrote when he released the login information last month. "So f*** it! Here is everything you need to read classified email and f*** up some serious International business. Hopefully this will put light on the security problems that are never talked about and get at least this fixed with a speed that you never seen your government work before. As a Swedish citizen I can't give this information to anyone without getting into trouble, so instead I'm giving it to everyone."

After publicly releasing the information, Egerstad's site was taken down at the request of US law enforcement officials. After it was brought back earlier this week, Egerstad expressed frustration and pointed out that the information was already spreading across the Internet. Taking down Egerstad's site only served to silence his message about security and did not prevent dissemination of the sensitive data. "I've seen people saying that the US would be angry now that we forced foreign countries to tighten their security so NSA or whatever can't read their secrets any longer. To me it sounds like bulls*** taken out of a bad book but after this silly little stunt I'm reconsidering. Is there any reason you DO NOT want people to secure their systems?" asked Egerstad.

According to Egerstad, the information disclosed is only a fraction of what he collected. He continues to argue that the responsibility for exposing the login information rests on the organizations that failed to use encryption and that he simply drew attention to information that was essentially already public. "ToR isn't the problem, just use it for what it's made for," Egerstad notes. "[The system administrators for the organizations whose passwords were exposed] are responsible for giving away their own countries secrets to foreigners. I can't call it a mistake, this is pure stupidity and not forgivable!"

Egerstad also points out that very little is known about the intentions and activity of other Tor exit node operators, some of whom are already known to be associated with malicious hacker groups and foreign governments.

quote:

DA says Apple, Google software helps terrorists

Manhattan DA Cyrus Vance Jr. sounded a battle cry Sunday, calling on law-enforcement agencies to battle Apple and Google over software that makes it impossible for authorities to “decrypt” cellphones seized in criminal investigations.

The recently rolled-out “upgrades” haven’t attracted much general attention, which means police must start pressing elected officials to roll back the terrorist-friendly software, he said.
“Apple has created a phone that is dark, that cannot be accessed by law enforcement even when a court has authorized us to look at its contents,” Vance warned on “The Cats Roundtable” show on WNYM/970 AM.

“That’s going to be the terrorists’ communication device of choice.”

Google is also introducing software for its Android phones that police and prosecutors will be unable to trace.

Combined, the tech giants make up about 96 percent of the world cellphone market.

When it was launched Sept. 17, the Apple mobile operating system, iOS 8, drew criticism from several top law-enforcement officials, including US Attorney General Eric Holder and NYPD Commissioner Bill Bratton.

“It does a terrible disservice to the public, ultimately, and to law enforcement, initially,” Bratton said at the time.

“For them to consciously, for profit and gain, to thwart those legal constitutional efforts, shame on them.”

Apple and Google have defended their products, admitting consumer demand was a key consideration.

With older operating systems, the companies could “unlock” cellphone data at the request of law enforcement. With the new ones, only the phone owner can.

“For all devices running iOS 8.0 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess,” the company states on its Web site.

Vance said Apple and Google are playing with people’s safety.

“It’s going to affect our ability to protect New Yorkers,” he told the show’s host, former mayoral candidate John Catsimatidis.

“It’s also going to have national-security implications because a device that cannot be accessed by judicial warrant can be used by homegrown violent extremists and terrorists to communicate with each other.”

Vance urged law-enforcement leaders to lobby politicians.

“We need to get their [elected officials’] support to hold hearings on this issue,” Vance said.

quote:

White House releases report on NSA surveillance six years later

Basics of programme had been declassified, but report includes new details about the secrecy surrounding the collection of Americans’ emails and calls

With debate gearing up over the coming expiration of the Patriot Act surveillance law, the Obama administration on Saturday unveiled a six-year-old report examining the once-secret programme to collect information on Americans’ calls and emails.

The Office of the Director of National Intelligence (ODNI) publicly released the redacted report following a Freedom of Information Act lawsuit by the New York Times. The basics of the National Security Agency (NSA) programme already had been declassified, but the lengthy report includes some new details about the secrecy surrounding it.

After the programme was disclosed in 2013 by the former NSA contractor Edward Snowden, President Barack Obama and many lawmakers called for legislation to end that collection, but a bill to do so failed last year. Proponents had hoped that the expiration of the Patriot Act provisions would force consideration of such a measure.

A bipartisan group of House members has been working on such legislation, dubbed the USA Freedom Act. White House press secretary Josh Earnest said on Friday that Obama is pleased efforts are restarting in the House.

“Hopefully, the next place where Democrats and Republicans will turn their attention and try to work together is on this issue of putting in place important reforms to the Patriot Act,” Earnest said.

If no legislation is passed, the Patriot Act provisions will expire. That would affect not only the NSA surveillance but other programmes used by the FBI to investigate domestic crimes, which puts considerable pressure on lawmakers to pass some sort of extension.

President George W Bush authorised the “President’s Surveillance Program” (PSP) in the aftermath of the terrorist attacks on 11 September 2001. The review was completed in July 2009 by inspectors general from the Justice Department, Pentagon, CIA, NSA and ODNI.

They found that while many senior intelligence officials believe the programme filled a gap by increasing access to international communications, others, including FBI agents, CIA analysts and managers, “had difficulty evaluating the precise contribution of the PSP to counterterrorism efforts because it was most often viewed as one source among many available analytic and intelligence-gathering tools in these efforts”.

Critics of the phone records programme, which allows the NSA to hunt for communications between terrorists abroad and US residents, argue it has not proven to be an effective counterterrorism tool. They also say an intelligence agency has no business possessing the deeply personal records of Americans. Many favour a system under which the NSA can obtain court orders to query records held by the phone companies.

The Patriot Act expires on 1 June, and Senate Republicans have introduced a bill that would allow continued collection of call records of nearly every American. The legislation would reauthorise sections of the Patriot Act, including the provision under which the NSA requires phone companies to turn over the “to and from” records of most domestic landline calls.

quote:

Duitsers bespioneerden buurlanden voor Amerikanen, Merkel in verlegenheid

De Duitse geheime dienst heeft jarenlang in opdracht van de Amerikanen Europese buurlanden bespioneerd. Volgens een onderzoek dat is uitgevoerd in opdracht van de Duitse regering werden vanuit het Beierse Bad Aibling data, e-mails en telefoongegevens verzameld van onder meer de Franse wapenindustrie, hoge ambtenaren van het Franse ministerie van Buitenlandse Zaken en het presidentieel paleis en leden van de Europese Commissie.

De Duitse regering is door het onderzoek, dat gisteren uitlekte in de Süddeutsche Zeitung en via de tv-zenders NDR en WDR, ernstig in verlegenheid gebracht. Eind 2013 reageerde Duitsland nog woedend op het bericht dat de Amerikaanse veiligheidsdienst NSA onder andere de telefoon van bondskanselier Angela Merkel afluisterde.

Haar woordvoerder zei destijds dat er “een diep verschil van mening bestaat tussen Duitsland en de VS over de balans tussen veiligheid en inbreuk op burgerrechten”.

Illegale wapentransporten

De Verenigde Staten wilden volgens het uitgelekte onderzoek informatie over illegale wapenexporten. Daarom werden ook bedrijven in de gaten gehouden. Het zou in de meeste gevallen niet zijn gegaan om bedrijfsspionage.

De Frankfurter Allgemeine Zeitung, die de affaire relativeert, wijst op een lijst met e-mail- en IP-adressen die de Duitsers van de Amerikanen kregen, maar weigerden te onderzoeken.

Twee weken geleden zei minister van Binnenlandse Zaken Thomas de Maizière in antwoord op vragen in de Bondsdag dat er geen sprake is geweest van bedrijfsspionage. De oppositiepartij Die Linke concludeert nu dat De Maizière heeft gelogen en eist zijn aftreden.

De minister, die door boulevardkrant Bild al als Pinocchio met een lange neus wordt afgebeeld, noemde de beschuldigingen “niet waar”, maar kon weinig zeggen omdat het ging om “geheime” dan wel “uiterst geheime” informatie. “Het is daarom voor mij onmogelijk om openlijk op de verwijten en vragen te reageren”, zei De Maizière, die tussen 2005 en 2009 in Merkels Kanzleramt verantwoordelijk was voor de geheime diensten.

De voorzitter van de parlementaire onderzoekscommissie, Patrick Sensburg, een partijgenoot van De Maizière, vindt het veel te vroeg om over “aftreden” te spreken. Wel vraagt hij om inzage in de volledige lijst met zoektermen die de NSA aan zijn Duitse collega’s voorlegde.

quote:

AIVD-baas Bertholee: een schoothond van de NSA? Bullshit!

quote:

Rob Bertholee, baas van de Nederlandse Inlichtingenen veiligheidsdienst (AIVD), noemt het verwijt van klokkenluider Edward Snowden dat zijn dienst een schoothond van haar Amerikaanse evenknie is “absolute bullshit”. Tevens vindt hij dat de Nederlandse journalistiek teveel achter Snowden aan loopt.

Bertholee gaat vandaag voor het eerst publiekelijk in op de kritiek van Snowden op de AIVD.

quote:

"Ik zie iemand die vastzit in Moskou, geen kant uitkan en door de Amerikanen wordt beschouwd als een vijand van de staat. Dan denk ik: hoe komt zo iemand aan zoveel kennis en een schijnbaar diepgaande analyse over wat er in Nederland gebeurt?"

quote:

Aanpassing Patriot Act lijkt zekerheid

quote:

De omstreden Amerikaanse Patriot Act gaat waarschijnlijk aangepast worden. Volgens New York Times is er een meerderheid in de senaat voor het inperken van onbeperkt afluisteren door de inlichtingendienst NSA. Een congrescommissie heeft een voorstel aangenomen om de aanpassing van de Patriot Act mogelijk te maken en een meerderheid van republikeinen en democraten in de senaat zou die aanpassing steunen.

quote:

Why the U.S. should but won’t partner with hactivists Anonymous

For a barbaric movement grounded in early Islamic apocalyptic prophecies, what is perhaps most striking about the rapid rise of the Islamic State has been its use of modern technology. Leveraging the open nature and global reach of platforms such as Twitter, Facebook and YouTube, Islamic State has used social media to recruit young would-be jihadis, to build a global network of sympathetic followers, and to intimidate Western audiences with its brutality.

The scale of this digital propaganda network is vast. A recent study by the Brookings Institution found that in late 2014 there were at least 46,000 Twitter accounts used by Islamic State supporters, with an average of 1,000 followers each.

But why has the United States, which has at its disposal vast cyberwar capabilities, an ever-expanding surveillance state and significant leverage over, and goodwill of, the American companies that are hosting this content, proved unable to quiet the online reach of this network of insurgents?

One answer is that the open nature of the Internet, combined with the constraints that democratic states face engaging effectively within it, has limited the capability of the United States to fight back. And this tells us a tremendous amount about the shifting nature of power in the digital age.

In the absence of effective state action against the Islamic State online, Anonymous has taken up the digital war. Already this ad hoc network of hackers and activists has downed scores of Web pages and hacked into dozens of Twitter accounts that allegedly belong to Islamic State members. Much like in the early days of the Arab Spring, where hackers provided online assistance and offered protection to activists, Anonymous is stepping in where the state has limited capacity.

This has recently led to calls for the United States to partner with Anonymous to launch cyberattacks against the Islamic State, and even paying hactivists in bitcoin. This sounds audacious, but plausible. Western governments have long collaborated with unsavory actors with the aim of larger strategic goals — as it is said, the enemy of my enemy is my friend.

In theory, such a partnership could allow the Defense and State departments to overcome the constraints of their slow-moving, hierarchical, command-and-control systems. It could allow them to act more like a nimble startup than a legacy industrial corporation.

And it could be effective — we know that Anonymous hackers have been successful taking on a wide range of both established and emerging powers. In practice, however, there is substantial risk. As the failure of the clandestine USAID program to build a fake version of Twitter in Cuba to foster dissent demonstrates, states often stumble when they step into the murky world of online power.

But I would suggest there are other, more fundamental reasons, why the U.S. will never partner with Anonymous. This is because, at its core, Anonymous is different than the other perceived bad actors that government is more than willing to collaborate with. Anonymous represents a new form of decentralized power that challenges the very foundations of the state system.

First, the power structures that Anonymous embodies represent a fundamental threat to state dominance in the international system. The challenges that the state system were designed to solve — a lack of structure, instability, decentralized governance, loose and evolving ties — are precisely what makes groups like Anonymous powerful.

Legitimizing the type of decentralized, collaborative and anonymous power that Anonymous represents, therefore poses a threat to the hierarchical and state-led international system that the nation state depends on. This new form of power scares governments — so much so that they are willing to exert significant control over the network itself. As was revealed in the Snowden National Security Agency documents, the government wanted to collect it all, process it all, exploit it all, partner it all, sniff it all, know it all.

Second, over the course of modern history, we have placed tremendous power in the state. Whether it be through the justice system, the social welfare state or the military, government has been the primary enabler of collective action in our society. In exchange, we have put in place systems of accountability and laws to hold this power to account. For states seeking to fight new online powers, these norms of behavior make functioning effectively online at best difficult, and at worst counter to the expectations and laws governing their activities.

Third, the state is ultimately faced with a paradox — that the very attributes of the Internet that enable the Islamic State also enable the free enterprise and expression that make it arguably the most liberating technology in human history. The very real risk governments face is that in seeking to stop perceived nefarious actors online, they will also shut down the positive ones. Efforts by the NSA to break encryption, for example, won’t just help it fight illegal crypto-currencies, or Islamic State fighters using secure networking tools, but would also threaten the security of the online commerce sector. These efforts risk breaking the Internet.

For the U.S. government, partnering with Anonymous and legitimizing its structure is simply a bridge too far. And this limitation represents a crisis for state power in the digital age: One that curtails its ability to fight the online propaganda of a barbaric jihadist movement taking to Twitter to build its caliphate.

_{Taylor Owen is an assistant professor of digital media and global affairs at the University of British Columbia. He is the author of “Disruptive Power: The Crisis of the State in the Digital Age,” Oxford University Press, 2015. To comment, submit your letter to the editor at www.sfgate.com/submissions.}

quote:

Deprecating Non-Secure HTTP


Today we are announcing our intent to phase out non-secure HTTP.

There’s pretty broad agreement that HTTPS is the way forward for the web. In recent months, there have been statements from IETF, IAB (even the other IAB), W3C, and the US Government calling for universal use of encryption by Internet applications, which in the case of the web means HTTPS.

After a robust discussion on our community mailing list, Mozilla is committing to focus new development efforts on the secure web, and start removing capabilities from the non-secure web. There are two broad elements of this plan:

Setting a date after which all new features will be available only to secure websites
Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy.

For the first of these steps, the community will need to agree on a date, and a definition for what features are considered “new”. For example, one definition of “new” could be “features that cannot be polyfilled”. That would allow things like CSS and other rendering features to still be used by insecure websites, since the page can draw effects on its own (e.g., using <canvas>). But it would still restrict qualitatively new features, such as access to new hardware capabilities.

The second element of the plan will need to be driven by trade-offs between security and web compatibility. Removing features from the non-secure web will likely cause some sites to break. So we will have to monitor the degree of breakage and balance it with the security benefit. We’re also already considering softer limitations that can be placed on features when used by non-secure sites. For example, Firefox already prevents persistent permissions for camera and microphone access when invoked from a non-secure website. There have also been some proposals to limit the scope of non-secure cookies.

It should be noted that this plan still allows for usage of the “http” URI scheme in legacy content. With HSTS and the upgrade-insecure-requests CSP attribute, the “http” scheme can be automatically translated to “https” by the browser, and thus run securely.

Since the goal of this effort is to send a message to the web developer community that they need to be secure, our work here will be most effective if coordinated across the web community. We expect to be making some proposals to the W3C WebAppSec Working Group soon.

Thanks to the many people who participated in the mailing list discussion of this proposal. Let’s get the web secured!

Richard Barnes, Firefox Security Lead

Update (2015-05-01): Since there are some common threads in the comments, we’ve put together a FAQ document with thoughts on free certificates, self-signed certificates, and more.

Bron: blog.mozilla.org

quote:

No factual basis for suggesting Snowden GCSB docs 'fabricated' - PM office

The Prime Minister's office has said it has no factual basis for suggesting Edward Snowden documents which exposed GCSB secrets were "fabricated".

But it has also said some of those with access to the Snowden documents - apparently including journalist Glenn Greenwald - "have a track record of misrepresenting, misinterpreting and misunderstanding information".

The "fabrication" claim has been part of the Prime Minister's standard response to revelations of activities carried out by New Zealand's electronic eavesdropping agency.

Details of the GCSB's work have included spying on international diplomats in support of Trade Minister Tim Groser's bid to lead the World Trade Organisation, feeding information to Bangaladeshi security forces facing murder and torture allegations and sending "full take" communications data from the Pacific to the National Security Agency.

The stories - in a reporting partnership with journalist Nicky Hager and the Greenwald-founded news site The Intercept - showed New Zealand had a job-sharing role in international intelligence gathering for the Five Eyes group of nations, which also includes Australia, Canada, the United Kingdom and the US.

The Five Eyes intelligence gathering group is led by the US, with the other countries holding "second party" status.

Other nations outside the group are the "third party" or less partners.

The Herald sought any information held by the Prime Minister which informed him or his office over the alleged "fabrication".

The Prime Minister's chief of staff Wayne Eagleson said "no information has been identified". He said the PM's office had to refuse the request because the "information requested does not exist or cannot be found".

Asked for the basis of the claim, a spokeswoman for the Prime Minister said: "Given these documents were stolen and these people have a track record of misrepresenting, misinterpreting and misunderstanding information, as shown in the Moment of Truth, we can't discount that some of what is being put forward may be fabricated."

The high profile Moment of Truth event saw Greenwald make claims Snowden documents showed a cable tapping operation was underway to access all New Zealanders' communications. Documents presented as proof showed the operation was planned but there was nothing proving it went ahead.

The government said there was a plan but it had never gone ahead.

OIA request responses from the PM's office and the GCSB show response to the Snowden stories was scripted from the outset. In only a few circumstances to it deviate regardless of the issue raised.

Large chunks of communications were withheld with officials saying it would place at risk the "security and defence of New Zealand".

The only information released which appeared to shed light on the claims from the Snowden files was a summary of comments by a former GCSB advisor.

In an email from one unnamed official to another, it summarised comments by Dr Damien Rogers on TVNZ's Q&A. According to the summary, Dr Roger's had rejected claims of "mass surveillance" on the Pacific in favour of the terms "widespread, systematic monitoring".

The official commented on the description saying it was "not helpful and untrue".

Overview

What was the issue?
Top secret GCSB and NSA documents detailed the way the agencies operated.

How did the Prime Minister respond?
John Key refused to comment on "stolen" information which could be fabricated.

Was there a basis for the suggestion they were forgeries?
The PM's office has confirmed there was no basis to the claim.

Has any Snowden document been shown to be "fabricated"?
No, not in any of the countries in which there has been extensive reporting.

quote:

'Met hulp van NSA verijdelde aanslagen België bestonden niet'

Generaal-majoor Eddy Testelmans van de Belgische militaire inlichtingendienst SGR is de fout ingegaan met een uitspraak over verijdelde aanslagen. Testelmans beweerde in 2013 dat er drie aanslagen in België waren verijdeld dankzij informatie van de Amerikaanse geheime dienst NSA. Dat blijkt niet het geval, meldde de Belgische krant De Tijd vandaag.

'Als de NSA die info niet had doorgespeeld, hadden wij het niet geweten', zei Testelmans in 2013 in een interview met het magazine MO*. 'De details mag ik niet geven. Wel kan ik zeggen dat België waarschijnlijk voor zware incidenten behoed is gebleven.'

Testelmans baseerde zich daarbij op vertrouwelijke nota's die hij had gekregen van de NSA-top. Diezelfde informatie werd destijds ook gebruikt door de NSA om zich voor de Amerikaanse regering te verdedigen na de onthullingen van Snowden. Volgens De Tijd was het ook het doel van Testelmans om het werk van de Amerikaanse inlichtingendienst te verdedigen.

In een vertrouwelijk rapport van de toezichthouder voor de geheime diensten staat er een 'groot vertrouwen' is tussen de NSA en ADIV. Mogelijk heeft de NSA de inlichtingenchef daarom niet tegengesproken.

quote:

Angela Merkel under pressure to reveal all about US spying agreement

German chancellor’s reputation could be at stake as scandal grows over intelligence agency’s surveillance of European businesses and officials on behalf of NSA

Angela Merkel’s reputation as an unassailable chancellor is under threat amid mounting pressure for her to reveal how much she knew about a German-supported US spying operation on European companies and officials.

The onus on her government to deliver answers over the spying scandal has only increased with the Austrian government’s announcement that it has filed a legal complaint against an unnamed party over “covert intelligence to the detriment of Austria”.

EADS, now Airbus, one of the companies known to have been spied on by the BND – Germany’s foreign intelligence agency – is also taking legal action, saying it will file a complaint with prosecutors in Germany.

The BND stands accused of spying on behalf of America’s NSA on European companies such as EADS, as well as the French presidency and the EU commission. There are also suspicions that German government workers and journalists were spied on.

The Social Democrats (SPD), Merkel’s government partners, along with Germany’s federal public prosecutor, Harald Range, are demanding the release of a list of “selectors” – 40,000 search terms used in the spying operations – the results of which were passed on to the NSA.

“The list must be published and only then is clarification possible,” said Christine Lambrecht, parliamentary head of the SPD faction. Merkel has so far refused to allow its release. Her spokesman, Steffen Seibert, said she would make a decision on whether or not to do so only “once consultations with the American partners are completed”.

Thomas de Maizière, the interior minister and a close Merkel confidante, is under even more pressure than the chancellor over allegations he lied about what he knew of BND/NSA cooperation. On Wednesday he answered questions on the affair to a parliamentary committee investigating the row, but only in camera and in a bug-proof room. Among other alleged shortcomings over the affair, he stands accused of failing to act when the BND informed him of the espionage activities in 2008 when he was Merkel’s chief of staff. He has repeatedly been portrayed in the tabloid media with a Pinocchio nose.

Responding to journalists during a break in the proceedings, he once again vehemently denied the allegations. “As chief of staff in 2008, I learned nothing about search terms used by the US for the purposes of economic espionage in Germany,” he said. But he acknowledged knowing about American efforts to intensify the intelligence swapping, calling it “problematic cooperation”, and said the requests had been turned down by the BND.

On Wednesday evening the committee is due to question the incumbent chief of staff, Peter Altmaier.

The former BND chief, Gerhard Schindler, is due to speak before the separate NSA parliamentary committee – set up to investigate the activities of the US agency as revealed by Edward Snowden – on Thursday.

While Merkel appeared to have remained relatively unscathed by the scandal until now, an opinion poll showed that most Germans believed the trustworthiness of the three-times chancellor was now seriously at stake. 62% of Germans said her credibility was in doubt, according to the poll, carried out by the Insa institute, while 18% said it was not.

Merkel told Radio Bremen in an interview that she was prepared to speak out over the allegations to a parliamentary committee. “I will testify there and justify myself to them where it is required,” she told the broadcaster.

Sigmar Gabriel, the deputy chancellor and economy minister, who is also the leader of the SPD, upped the ante still further by relaying a conversation he had with Merkel in which he asked her twice if the government had evidence of economic espionage, and she said no. He added that if it emerged Germany had been involved in helping the NSA spy on companies, it would greatly strain relations between business and the government and “put a large burden on the trust the economy has in government behaviour”.

The scandal has already strained relations within Merkel’s grand coalition, with many observers commenting that Gabriel was seeing the affair as a chance to make political gains. Political observers were lining up to remark that the crisis is the single most critical of Merkel’s decade in government and could even lead to her and her government’s downfall.

But the scandal has its roots much further back than Merkel’s own government, harking to a time when Europe was gripped by the cold war. Both the US and the UK, as victors of the second world war who had Germany under close supervision, ran spying networks from Germany, most notably from Bad Aibling in Bavaria, the biggest listening station outside the US and Britain. Officially, the US withdrew its operations in 2004. But unofficially it stayed there under an agreement in which Germany agreed to hand over its intelligence findings in return for the highly sophisticated technology the US was able to provide. The events of 9/11 and the revelations that three of the pilots had lived in Germany undetected only served to increase the pressure the US was able to put on Germany that its presence was necessary.

Bad Aibling, officially now solely a BND listening facility, was the post used by the NSA in the current scandal.

The affair has underlined just how dependent Germany still is on the US and to a lesser extent the UK, on issues of intelligence and defence. Their desire for still-closer cooperation culminated in Operation Monkey Shoulder (named after a blend of three different types of malt whiskys) involving the BND, NSA and MI6, Spiegel recently revealed.

With such a background, the German government has to appear to be criticising the US at the same time as underlining the importance of cooperation.

Merkel, who appeared to be hugely at odds with the US government when it was revealed in 2013 that the NSA’s mass intelligence operation included tapping her mobile phone, has so far responded in a characteristically vague and flat manner. While acknowledging that allies should not spy on each other, she has stressed that spying’s most important role is to prevent terrorist attacks.

“The government will do everything to guarantee the ability of the intelligence services,” she said on Monday. “Taking terrorist threats into account, that ability is only possible in cooperation with other agencies. That very much includes the NSA, as well as others.”

Commenting on the crisis, Spiegel magazine called it the “biggest challenge that the ‘Merkel Regime’ has had to face”, and potentially the “turning point of her chancellorship”.

“She enjoys such trust because many Germans feel she looks after the country’s needs and their own very well. But the scandal … could cause the foundations of her power to crumble,” the magazine said.

quote:

Appeals Court Rules NSA Phone Program Not Authorized by Patriot Act

ACLU lawsuit argued the data collection should be stopped because it violates Americans’ privacy rights

quote:

A federal appeals court ruled Thursday the National Security Agency's controversial collection of millions of Americans' phone records isn't authorized by the Patriot Act, as the Bush and Obama administrations have long maintained.

quote:

NSA’s Bulk Collection of Phone Records Is Illegal, Appeals Court Says

quote:

A federal appeals court panel ruled on Thursday that the NSA’s bulk collection of metadata of phone calls to and from Americans is not authorized by Section 215 of the USA Patriot Act, throwing out the government’s legal justification for the surveillance program exposed by NSA whistleblower Edward Snowden nearly two years ago.

Judge Gerard E. Lynch, writing the opinion for the three-judge panel of the Second Circuit Court of Appeals in New York, described as “unprecedented and unwarranted” the government’s argument that the all-encompassing collection of phone records was allowed because it was “relevant” to an authorized investigation.

The case was brought by the American Civil Liberties Union, and ACLU attorney Alex Abdo told The Intercept, “This ruling should make clear, once and for all, that the NSA’s bulk collection of Americans’ phone records is unlawful. And it should cast into doubt the unknown number of other mass surveillance operations of the NSA that rely on a similarly flawed interpretation of the law.”

As Lynch wrote in the court’s opinion: “To obtain a § 215 order, the government must provide the FISC [Foreign Intelligence Surveillance Court] with ‘a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation (other than a threat assessment)’. ”

quote:

Of Snowden and the NSA, only one has acted unlawfully – and it’s not Snowden | World news | The Guardian

With the NSA’s bulk surveillance ruled illegal, the debate on the Patriot Act should be reinvigorated – with Edward Snowden free to join in

With the NSA’s bulk surveillance ruled illegal, the debate on the Patriot Act should be reinvigorated – with Edward Snowden free to join in

On 6 June 2013, the Guardian published a secret US court order against the phone company Verizon, ordering it on an “ongoing, daily basis” to hand over the call records of its millions of US customers to the NSA – just one of numerous orders enabling the government’s highly secret domestic mass surveillance program. Just days later the world learned the identity of the whistleblower who made the order public: Edward Snowden.

Now, almost two years later, a US court has vindicated Snowden’s decision, ruling that the bulk surveillance program went beyond what the law underpinning it allowed: the US government used section 215 of the Patriot Act to justify the program. A US court of appeals has ruled the law does not allow for a program so broad. In short, one of the NSA’s most famous and controversial surveillance programs has no legal basis.

Of Snowden and the NSA, only one has so far been found to have acted unlawfully – and it’s not Snowden. That surely must change the nature of the debate on civil liberties being had in America, and it should do so in a number of ways.

The first is the surprisingly thorny question of what to do with Snowden himself. The whistleblower is in his second year of exile, living in asylum in Russia, as he would surely face criminal prosecution should he return. The nature of the punishment – and pre-trial mistreatment – meted out to Chelsea Manning shows his fears are well founded.

But now the courts have ruled that Snowden’s flagship revelation, the very first and foremost of the programs he disclosed, has no legal basis, who now might challenge his status as a whistleblower?

Certainly not Judge Sack, who in his concurring opinion alongside today’s rulings acknowledged Snowden’s revelations led to this litigation, and likened his disclosures to Daniel Ellsberg’s famous “Pentagon Papers” leak.

If the US government seeks to jail someone who has shown its own security services acting unlawfully, its international reputation will deservedly take a beating. If the US wants moral authority to talk to other governments about whistleblowers and civil liberty, it needs to be brave: it needs to offer Snowden amnesty.

The other actions for the US executive and for Congress are broader. The court of appeals judges very deliberately chose not to consider the constitutionality of NSA bulk surveillance programs, as such questions are currently before Congress with the ongoing debate on how to reform the Patriot Act.

Congress should allow this ruling to reinvigorate that debate, and in a sense the ruling forces it to do so. If Congress want a law that allows phone surveillance on the scale of the NSA’s existing programs, it will have to explicitly create that: gone is the option of trying to push through something near the status quo with a fringe of reform.

For domestic bulk surveillance to continue and be legal, Congress must explicitly vote for it – and then, in time, the judicial branch will consider the constitutional case in earnest.

If Congress sincerely wishes to curb it, it now has substantial backing from the judicial branch to push forward and do that. Reformers finally have the jolt in the arm they needed to prevent the positive impact of Snowden’s revelations dribbling away.

The president could also use this ruling as an opportunity to consider his stance. The line endlessly aired by the administration and its officials is that all surveillance is legal. That line is no longer valid. Rather than just seeking a new script – or as is almost certain, merely appealing against the decision – this could be a great opportunity for some introspection. These surveillance programs are wildly expensive and have very few proven results. Why not look at which ones the US really needs, and whether old-fashioned targeted surveillance might not keep us all as safe (or safer), and freer too?

The final debate is one that is unlikely to happen, but should: the US needs to start considering the privacy and freedom of foreigners as well as its own citizens. The US public is rightly concerned about its government spying on them. But citizens of countries around the world, many of them US allies, are also rightly concerned about the US government spying on them.

Considering Americans and foreigners alike in these conversations would be a great moral stance – but pragmatically, it should also help Americans. If the US doesn’t care about the privacy of other countries, it shouldn’t expect foreign governments to care about US citizens. There’s something in this for everyone.

These are the debates we could be having, and should be having. The judiciary has spoken. The legislature is deliberating. The public is debating. And all of it is enabled thanks to information provided by Edward Snowden.

He should be free to join the conversation, in person.
Bron: www.theguardian.com

quote:

Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide

quote:

When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept.

We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”

quote:

Revealed: FBI violated its own rules while spying on Keystone XL opponents

quote:

The FBI breached its own internal rules when it spied on campaigners against the Keystone XL pipeline, failing to get approval before it cultivated informants and opened files on individuals protesting against the construction of the pipeline in Texas, documents reveal.

Internal agency documents show for the first time how FBI agents have been closely monitoring anti-Keystone activists, in violation of guidelines designed to prevent the agency from becoming unduly involved in sensitive political issues.

The hugely contentious Keystone XL pipeline, which is awaiting approval from the Obama administration, would transport tar sands oil from Canada to the Texas Gulf coast.

It has been strongly opposed for years by a coalition of environmental groups, including some involved in nonviolent civil disobedience who have been monitored by federal law enforcement agencies.

The documents reveal that one FBI investigation, run from its Houston field office, amounted to “substantial non-compliance” of Department of Justice rules that govern how the agency should handle sensitive matters.

One FBI memo, which set out the rationale for investigating campaigners in the Houston area, touted the economic advantages of the pipeline while labelling its opponents “environmental extremists”.

quote:

AIVD-baas had gelijk: Edward Snowden verdient tegenspel

Onderzoek waarom die ex-NSA’er vanuit Moskou enkel Amerikaanse vrienden tegen elkaar uitspeelt, betoogt ex-AIVD’er Kees Jan Dellebeke.

Geeft de Nederlandse geheime dienst de Amerikaanse inlichtingendiensten onbeperkte toegang tot eigen informatie? „Dat is echt absolute bullshit”, zei Rob Bertholee, directeur AIVD, op 1 mei in NRC. De interviewers hadden hem beweringen voorgelegd van Edward Snowden, de Amerikaan die in 2013 een berg documenten van zijn werkgever NSA openbaarde, de grootste inlichtingendienst van de VS. Bertholee heeft gelijk, maar in de publieke opinie werd het hem niet in dank afgenomen dat hij de naar Moskou gevluchte NSA’er afserveerde. Het leidde zelfs tot Kamervragen. „Deelt u de strategie van de AIVD om klokkenluider Snowden te isoleren en te stigmatiseren?”, vroeg Ronald van Raak (SP) aan de minister van Binnenlandse Zaken.

Als ex-AIVD’er sloeg ik de ophef met verbazing gade. Wonderlijk dat zoveel intelligente mensen blindelings geloven in de ‘goede bedoelingen’ van Snowden. Bertholee spoorde de journalistiek juist aan Snowden kritischer te onderzoeken en tegenspel te bieden. Natuurlijk, de AIVD beschikt over meer bronnen en is daarmee in het voordeel van journalisten en politici. Denk aan analyses van buitenlandse inlichtingendiensten over Snowden. De dienst wordt daarover regelmatig bijgepraat. Bertholees Ruslandspecialisten zullen zich ongetwijfeld verdiept hebben in de mogelijke rol die Poetins geheime dienst FSB in de affaire speelde.

Bertholee staat overigens niet alleen in zijn kritiek op de met Snowden dwepende pers. In universiteitskringen wordt de kritiekloze en hijgerige berichtgeving over Snowdens uitlatingen evenmin gewaardeerd. Zij vragen zich af waarom Snowden als geestelijk leider aanbeden wordt. Hij wordt aangehoord en geloofd: tegengas blijft uit, waarschijnlijk uit angst dat hij een interview zal weigeren.

quote:

#Anonymous Sweden hacks the #NSA, mentions of hack wiped from #Facebook, #LinkedIn

quote:

DⒶʀKᙡiNɢ ಠ_ರೃ , a Swede associated with Anonymous, has claimed a new, and rather relentless, hack of the US National Security Agency’s email server. Nothing so mundane as username/password combinations, the Pastebin of the hack lists the methodology and blow-by-blow of what worked, what didn’t, and what the hacker thinks of the NSA security (hint: not much). Turns out, the NSA doesn’t even maintain its own email server: they’ve outsourced that to Qwest.

quote:

Pirate Party activist and Cryptosphere contributor Raymond Johansen shared the original tweet to Facebook when the Paste had 327 views. The tweet contains a live link to the Pastebin, of course.

Within eight minutes, he reports, the Pastebin had been taken down. “THEN they read me laughing at them for even trying.” Someone posted a link to the Google cache of the missing paste in the comments on Facebook, at which point the paste apparently re-materialized. “Within a minute of that the original paste is back up AGAIN – the NSA realizing I am making them look like class fulz. THAT moment is the single most ROFL inducing PSML unavoidable moment of my life. It is Anonspeak for “we know we fckd lets unfck ourself” – all the while actually doublefcking themselves – royally.”

The paste may have been tampered with in the interim, says Johansen. “The [second] paste we saw, maybe 12 hours old, had strange garbage on the end. IMO it has been tinkered with and I myself will not visit that pastebin – because OpSec.”

“AnonIntelGroup posted ‘Bring the Lulz back!’ a week ago. ‘Mission accompli!’ – I would say.”

Within three hours of that, however, Johansen noticed that the Facebook post itself was missing from his timeline, missing from his Timeline Review, and had been removed from all the groups and pages to which he had shared it. Gone, too, were the comments. He then made a new post, explaining the elision, which was screenshotted and linked above. The Cryptosphere was able to confirm independently via email updates that the original post existed, and was subsequently scrubbed by Facebook.

quote:

Angela Merkel under pressure to reveal extent of German help for US spying | World news | The Guardian

German chancellor called on to divulge a list of targets, including the IP addresses of individual computers, tracked on behalf of the NSA

German chancellor called on to divulge a list of targets, including the IP addresses of individual computers, tracked on behalf of the NSA

The German chancellor, Angela Merkel, is coming under increasing pressure to divulge a list of targets, including the IP addresses of individual computers, that German intelligence tracked on behalf of the US National Security Agency (NSA).

Critics have accused Merkel’s staff of giving the BND foreign intelligence agency the green light to help the NSA spy on European firms and officials.

The scandal has strained relations between Merkel’s conservative Christian Democratic Union and its junior coalition partner, the Social Democrats, whose leader, Sigmar Gabriel, has publicly challenged her over the affair.

Gabriel told the German newspaper Bild am Sonntag that parliament needed to see the list, which contains names, search terms and IP addresses. The government has said it must consult the US before revealing the list, whose contents are thought crucial to establishing whether the BND was at fault in helping the NSA.

Gabriel, who is also Germany’s vice-chancellor, said: “Imagine if there were suspicions that the NSA had helped the BND to spy on American firms. Congress wouldn’t hesitate for a second before looking into the documents.”
Bron: www.theguardian.com

quote:

AIVD onderzoekt mogelijke spionage door Duitse inlichtingendienst | De afluisterpraktijken van de NSA

Minister Ronald Plasterk van Binnenlandse Zaken laat de inlichtingen- en veiligheidsdienst AIVD uitzoeken wat er waar is van beschuldigingen dat Duitse en Amerikaanse inlichtingendiensten onder meer internetverkeer richting Nederland hebben afgetapt. Plasterk zei dat vandaag in de marge van het vragenuur in de Tweede Kamer.
[/b]

De Oostenrijkse politicus Peter Pilz meldde de spionage door de Duitse dienst BND en de Amerikaanse NSA maandag aan het Duitse tijdschrift Der Spiegel. Behalve Nederlands internetverkeer zouden die diensten ook gegevens in Oostenrijk en Frankrijk hebben onderschept.

Mocht Pilz meer informatie hebben, dan wil de AIVD die graag inzien, zei Plasterk. Zodra de minister meer weet, zal hij de Tweede Kamer informeren. Hij noemde het 'in algemene zin onacceptabel' dat er in Nederland door buitenlandse diensten wordt gespioneerd.

Bron: Volkskrant

quote:

[quote]NSA neusde nog veel meer rond in Europa dan gedacht

De interesse van de Amerikaanse inlichtingendienst NSA in Europese bedrijven blijkt veel groter te zijn geweest dan tot nog toe werd aangenomen. Niet alleen bedrijven in de defensiesector zoals EADS en Eurocopter werden bespioneerd, ook andere firma's werden in de gaten gehouden.

Volgens het tijdschrift Der Spiegel is bij de Duitse inlichtingendienst BND, die hand-en-spandiensten verleent aan de NSA, een nieuwe lijst met zoektermen opgedoken waaruit de interesse valt op te maken. Op de lijst staan 459.000 zoektermen die in ieder geval in de periode 2005 - 2008 werden gebruikt.

Door het stof

De baas van de BND, Gerhard Schindler, ging gisteren door het stof. Hij gaf toe dat de door de NSA ingediende zoektermen waarmee door de BND verzamelde informatie wordt doorzocht, onvoldoende door zijn dienst tegen het licht zijn gehouden.

De nieuwe lijst brengt de Duitse inlichtingendienst echter ook op een ander punt in verlegenheid. Het zorgvuldig gecultiveerde beeld dat afluisterstation Bad Aibling zelfstandig opereerde zonder medeweten van het hoofdkantoor is niet langer houdbaar, schrijft Der Spiegel. De lijst komt van het hoofdkantoor in Pullach van de afdeling G10 die er juist op moet toezien dat Duitsers verschoond blijven van onwettige spionagepraktijken.

quote:

Security services' powers to be extended in wide-ranging surveillance bill | UK news | The Guardian


Surprise extension of bill’s scope beyond legislation to modernise law on tracking communications data was agreed only this week

The government is to introduce an investigatory powers bill that is far more wide-ranging than expected, including an extension of the powers of the security services in response to the surveillance disclosures by the NSA whistleblower Edward Snowden.

The legislation will include not only the expected snooper’s charter, enabling the tracking of everyone’s web and social media use, but also moves to strengthen the security services’ warranted powers for the bulk interception of the content of communications.

The surprise extension of the scope of the bill beyond legislation to “modernise the law” on tracking communications data was agreed within government only this week. It appears that David Cameron has decided to take advantage of his unexpected majority in the Commons to respond to Snowden’s disclosures by extending the powers of the security services.

The Home Office says the investigatory powers bill will “better equip law enforcement and intelligence agencies to meet their key operational requirements, and address the gap in these agencies’ ability to build intelligence and evidence where subjects of interest, suspects and vulnerable people have communicated online.”

Ministers promise to provide for “appropriate oversight arrangements and safeguards”, but there is no immediate detail on how the complex web of intelligence and surveillance commissioners and parliamentary oversight might be strengthened.

The government also promises that the legislation will respond to issues raised by David Anderson QC, the official reviewer of counter-terrorism legislation, in his assessment of bulk surveillance powers used by the police and security services under the Regulation of Investigatory Powers Act 2000.

Anderson delivered his report to Downing Street on 6 May, the day before the general election, and it is expected to be published in the next few days. Anderson has said his review considered the safeguards to privacy, issues of transparency and oversight as well as the powers needed to meet the challenge of changing technologies. He has said it was a “substantial piece of work” and included him travelling to Berlin, California, Washington DC, Brussels and Ottawa.

“The report won’t please everyone [indeed it may not please anybody]. But if it succeeds in informing the public and parliamentary debate on the future of the law from an independent perspective, it will have done its job,” he said on his blog.

Jim Killock, executive director of the Open Rights Group, said: “The government is signalling that it wants to press ahead with increased powers of data collection and retention for the police and GCHQ, spying on everyone, whether suspected of a crime or not.

“This is the return of the snooper’s charter, even as the ability to collect and retain data gets less and less workable. We should expect attacks on encryption, which protects all our security. Data collection will create vast and unnecessary expense.”

Renate Samson, chief executive of Big Brother Watch, said: “Whilst the title may have changed from a communications data bill to an investigatory powers bill, it will be interesting to see whether the content has radically changed.

“We have yet to see real evidence that there is a gap in the capability of law enforcement or the agencies’ ability to gain access to our communications data.”

The extended scope of the bill may follow some of the recommendations of the intelligence and security committee (ISC), which suggested in March that the entire existing surveillance legal framework should be replaced by a single new act of parliament.

The MPs and peers suggested that the new legislation should list every intrusive capability available to the security services and specify their purpose, authorisation procedure and what safeguards and oversight procedures exist for their use. This presumably extends to the kind of GCHQ bulk data collection programmes such as Temp0ra and Prism disclosed by Snowden.

The ISC said the introduction of the new communications data legislation was “critical”, but added that a new category of data called “communications data plus” should be established. It said this would acknowledge that some forms of communications data could reveal private information about a person’s habits, preferences or lifestyle choices, such as websites visited. “Such data is more intrusive and therefore should attract greater safeguards.” they recommended.

The other four Home Office bills are largely as trailed. The extremism bill will include powers to “strengthen the role of Ofcom so that tough measures can be taken against channels that broadcast extremist content”. This is despite warnings from Sajid Javid, the business secretary, that the initial proposals threatened free speech.

The bill also includes the introduction of employment checks enabling companies to find out whether an individual is an extremist so they can be barred from working with children. This is alongside already announced proposals for banning orders, extremism disruption orders and closure orders to be used against premises that are used to support extremism.

The immigration bill will create a new enforcement agency to tackle the worst cases of exploitation as well creating an offence of illegal working and enabling wages to be seized as proceeds of crime. Ministers promise to consult on the introduction of a visa levy on businesses that recruit overseas labour to fund extra apprenticeships for British and EU workers.

The five bills mean that the home secretary, Theresa May, will be one of the busiest cabinet ministers in parliament. Her policing and criminal justice bill will implement her mental health reforms, end the use of police bail for months or even years without judicial check, and introduce sanctions on professionals including social workers who fail to report or take action on child abuse.

Ministers have been silent on the sentencing aspects of this bill but the Conservative manifesto promised the introduction of short, sharp custodial sentences for persistent offenders. The new justice secretary, Michael Gove, may be looking again at this proposal.

The psychoactive substances bill or legislation to introduce a blanket ban on legal highs is to be introduced this week. It will criminalise the trade in legal highs with prison sentences of up to seven years but will not make personal possession a criminal offence. The legislation will distinguish between everyday psychoactive substances such as alcohol, tobacco, caffeine and some medicinal products and new designer drugs that imitate more traditional illegal substances.
Bron: www.theguardian.com

quote:

UK intelligence agencies should keep mass surveillance powers, report says | World news | The Guardian

Report by official reviewer of counter-terrorism laws also says ministers should be stripped of power to authorise surveillance warrants

UK intelligence agencies should be allowed to retain controversial intrusive powers to gather bulk communications data but ministers should be stripped of their powers to authorise surveillance warrants, according to a major report on British data law.

The 373-page report published on Thursday – A Question of Trust, by David Anderson QC – calls for government to adopt “a clean-slate” approach in legislating later this year on surveillance and interception by GCHQ and other intelligence agencies.

However, Downing Street hinted that David Cameron was unlikely to accept one of his key recommendations: shifting the power to agree to warrants from home and foreign secretaries to a proposed new judicial commissioner.

The prime minister’s spokeswoman said the authorities needed to be able “to respond quickly and effectively to threats of national security or serious crime”, which appears to suggest ministers are better positioned to do this than judges.

Related: A question of trust? Anderson report lays out tests for surveillance laws

Anderson’s report, commissioned by Cameron last year, comes in response to revelations two years ago by the US whistleblower Edward Snowden about the scale of government surveillance.

Anderson, introducing his report, said: “Modern communications networks can be used by the unscrupulous for purposes ranging from cyber-attack, terrorism and espionage to fraud, kidnap and child sexual exploitation. A successful response to these threats depends on entrusting public bodies with the powers they need to identify and follow suspects in a borderless online world.

“But trust requires verification. Each intrusive power must be shown to be necessary, clearly spelled out in law, limited in accordance with human rights standards and subject to demanding and visible safeguards.”

Related: House rejects NSA collection of phone records with vote to reform spy agency

GCHQ and other intelligence agencies are likely to be satisfied with the recommendations. GCHQ successfully fought to retain its bulk collection powers and Anderson agreed. In contrast with the UK, the US Congress last month placed curbs on bulk collection of phone records by the intelligence agencies.

Privacy campaigners also largely welcomed Anderson’s recommendation to scrap existing surveillance legislation – the Regulation of Investigatory Powers Act (Ripa), the proposed new judicial commissioner and other proposals.

Anderson said that the existing legislation had reached the end of its useful life. “Ripa, obscure since its inception, has been patched up so many times as to make it incomprehensible to all but a tiny band of initiates. A multitude of alternative powers, some of them without statutory safeguards, confuse the picture further. This state of affairs is undemocratic, unnecessary and – in the long run – intolerable.”

The new judicial body, the Independent Surveillance and Intelligence Commission, would be responsible for all surveillance warrants, according to the report.

There would be some new curbs on warrants, including “a tighter definition of the purposes for which it is sought, defined by operations or mission purposes”.

Anderson also proposed safeguards against snooping on journalists, lawyers and other groups. The report says that when communication data is sought from people handling privileged or confidential information, including doctors, lawyers, journalists, MPs or ministers, “special consideration and arrangements should be in place”.

As well as approving individual warrants, the judicial commissioner would also be responsible for a new bulk data collection warrant in limited circumstances. Anderson gives an example of bulk data collection under the heading of “attack planning by ISIL [Islamic State] in Iraq/Syria against the UK”. Anderson also makes clear that this would not affect existing programmes of communications data surveillance.

But the removal of the power to approve warrants from ministers may never fly. Ministers will argue that democratically elected politicians are better placed to make these decisions rather than judges who do not have access to up-to-date information on terrorist threats.

The home secretary, Theresa May, speaking in the Commons after the report was published, said she would publish a draft surveillance bill in the autumn and legislate before the end of 2016. She promised there would be a proper overhaul of investigatory powers legislation and not “simply rebranding existing law”.

She described the threats facing the UK as considerable. “In the face of such threats, we have a duty to ensure that the agencies whose job it is to keep us safe have the powers they need to do the job,” she said.

May was immediately questioned by David Davis, one of the leading Conservatives on civil liberties issues, who praised the report and the prospect of judicial control over warrants, saying that, with the exception of Zimbabwe, the UK has the world’s worst record in allowing politicians to authorise surveillance.

May said the government would consider the idea of transferring responsibility to judges. “I am not in a position to say whether the government will do one thing or another,” she said.

Related: No 10 hints it will reject key proposal in David Anderson's surveillance report - Politics live

The intelligence agencies, including GCHQ, have been expressing concern about the increasing use of encryption to protect privacy, with internet providers beginning to offer this as standard.

Anderson, in his report, does not propose legislating on the issue. He said few propose a master key to all communications be held by the state. “Far preferable, on any view, is a law-based system in which encryption keys are handed over [by service providers or by the users themselves] only after properly authorised requests.”

Anderson said he could not condone Snowden’s disclosure. National security had suffered, he added, but there had also been benefits from the disclosure of some of the intelligence agency capabilities.

“The opening up of the debate has, however, come at a cost to national security: the effect of the Snowden documents on the behaviour of some service providers and terrorists alike has, for the authorities, accentuated the problem of reduced coverage and rendered more acute the need for a remedy,” the report says.

Jo Glanville, director of English PEN, welcomed the report. “While we would have liked to see the recommendations go even further in relation to GCHQ’s bulk collection of data, we welcome the recommendations for judicial authorisation and the call for a rigorous assessment before any further powers are given to the intelligence services in a revived snooper’s charter.”

Eric King, the deputy director of Privacy International, said: “This is the final nail in the coffin for Ripa … David Anderson’s strong recommendations for improvement are the first step towards reform, and now the burden is on the government, parliament and civil society to ensure that reforms go further and ensure that once and for all, our police and intelligence agencies are brought under the rule of law.”
Bron: www.theguardian.com

quote:

U.K. newspaper tries to silence Glenn Greenwald criticism with copyright claim

quote:

Accused of publishing government propaganda against NSA whistleblower Edward Snowden, the Sunday Times is using copyright to hit back at its strongest critic.

In a paywalled feature published Sunday, titled “British spies betrayed to Russians and Chinese,” three authors, citing anonymous government sources, claim that “Russia and China have cracked the top-secret cache of files stolen by the fugitive U.S. whistleblower Edward Snowden.” In turn, the Times’s sources say, the U.K. had to relocate special agents around the world who were allegedly in harm’s way.

In an extremely critical takedown post, The Intercept’s Glenn Greenwald, the journalist Snowden first met with after fleeing the U.S., denied many of the details in the Times story. In particular, the Times claimed that Greenwald’s partner, David Miranda, met with Snowden in Moscow to receive more documents—a claim that’s since been deleted from the Times article.

Greenwald’s post also includes a screengrab of the Times’s layout—and that’s what the Times used to pounce on their high-profile critic. In a legal notice sent Monday, the paper cites the Digital Millennium Copyright Act (DMCA) and claims the Intercept is violating the Times’s copyright of “the typographical arrangement of the front page.”

“If Greenwald were selling a book of Great Covers of the Sunday Times, they'd have a case,” Parker Higgins, an activist at the Electronic Frontier Foundation who specializes in intellectual property, told the Daily Dot. “But this is grasping at straws and attempting to use the strictest takedown law available—copyright—just to silence criticism.”

There’s a long history of people accused of using online copyright law to censor critics; a recent smattering includes California mayors, lawyers, Drake’s label, and Ecuador. The Times didn’t respond to the Daily Dot’s question of just how frequently it issues those claims to other news outlets.

It’s not likely to have much effect on the Intercept’s story, though. When the Daily Dot asked Greenwald if he would abide the DMCA takedown, he simply responded “No.”

quote:

Jacob Appelbaum's legal disclosure from Google about Wikileaks Grand Jury investigation

quote:

This Google legal disclosure is 306 pages long. Holy cow.
^{Fri, Jun 19 2015 00:56:33}

quote:

Ten pages into this legal document and I'm convinced that I'm never going to return to my home country. What the actual fuck.
^{Fri, Jun 19 2015 01:04:49}

quote:

GCHQ's surveillance of two human rights groups ruled illegal by tribunal | UK news | The Guardian

Initial interceptions lawful but retention and examination of communications illegal, rules IPT in case brought following Edward Snowden revelations

GCHQ’s covert surveillance of two international human rights groups was illegal, the judicial tribunal responsible for handling complaints against the intelligence services has ruled.

The UK government monitoring agency retained emails for longer than it should have and violated its own internal procedures, according to a judgment by the investigatory powers tribunal (IPT). But it ruled that the initial interception was lawful in both cases.

The IPT upheld complaints by the Egyptian Initiative for Personal Rights and the South African non-profit Legal Resources Centre that their communications had been illegally retained and examined. The tribunal made “no determination” on claims brought other NGOs – including Amnesty International, Liberty and Privacy International – implying that either their emails and phone calls were not intercepted or that they were intercepted but by legal means.

The IPT ruling said: “[We are] concerned that steps should be taken to ensure that neither of the breaches of procedure referred to in this determination occurs again. For the avoidance of doubt, the tribunal makes it clear that it will be making a closed report to the prime minister.”

It is the first time that a court has revealed that British intelligence agencies have spied on foreign human rights groups.

Related: IPT ruling on GCHQ matters more for what it permits than what it rebukes

The case against the monitoring agency follows revelations by the US whistleblower Edward Snowden. It was brought by Privacy International, Liberty, Amnesty International, the American Civil Liberties Union and a number of other international human rights groups.

Welcoming the ruling, Eric King, deputy director of Privacy International, said: “If spying on human rights NGOs isn’t off limits for GCHQ, then what is? Clearly our spy agencies have lost their way. For too long they’ve been trusted with too much power, and too few rules for them to protect against abuse. How many more problems with GCHQ’s secret procedures have to be revealed for them to be brought under control?”

He added: “Trying to pass off such failings as technical, or significant changes in law as mere clarifications, has become a tiring defence for those who know the jig is up. The courts are begrudgingly helping to ensure that the sun is slowly setting on GCHQ’s wild west ways. Now we need parliament to step in to fix what should have been fixed a long time ago.”

In relation to the Egyptian Initiative for Personal Rights, the IPT found that “email communications ... were lawfully and proportionately intercepted and accessed ... However, the time limit for retention permitted under the internal policies of GCHQ, the intercepting agency, was overlooked in regard to the product of that interception, such that it was retained for materially longer than permitted under those policies.”

In respect of the Legal Resources Centre, the IPT said: “Communications from an [associated] email address ... were intercepted and selected for examination ... The tribunal is satisfied that the interception was lawful and proportionate and that the selection for examination was proportionate, but that the procedure laid down by GCHQ’s internal policies for selection of the communications for examination was in error not followed in this case.”

Janet Love, national director of the Legal Resources Centre, said it was “deeply concerned to learn that communications of our organisation have been subject to unlawful interception by GCHQ. As a public interest law firm, our communications are self-evidently confidential, and we consider this to be a serious breach of the rights of our organisation and the individuals concerned.

“We can no longer accept the conduct of the intelligence services acting under such a pernicious veil of secrecy, and we will be taking immediate action to try to establish more information. We urge the South African and British governments to cooperate with us in this regard. We are particularly grateful for Liberty’s efforts in spearheading this litigation and making it possible for this information to be brought to light.”

James Welch, legal director for Liberty, said: “Last year it was revealed that GCHQ were eavesdropping on sacrosanct lawyer-client conversations. Now we learn they’ve been spying on human rights groups. What kind of signal are British authorities sending to despotic regimes and those who risk their lives to challenge them all over the world? Who is being casual with human life now?”

Rachel Logan, UK legal programme director for Amnesty International, said: “[This] raises the wider question as to why the UK intelligence services were intercepting the communications of these two highly regarded human rights NGOs at all.

“Knowing that your mail has been read, or your calls have been listened to can stifle people into silence, leading to self-censorship. It is a clear interference with basic rights such as free expression and right to privacy.

“Today’s ruling in relation to Amnesty tells us nothing. We still don’t know if we’ve been spied on at all, if we have been the subject of any targeted spying, if the tribunal thought any spying – if it did happen – was necessary and proportionate, or even if they had an entirely different reason for telling us nothing.”

The legal challenge was the first of many GCHQ-related claims to be examined in detail by the IPT, which hears complaints against British intelligence agencies and government bodies that carry out surveillance under the Regulation of Investigatory Powers Act (Ripa).

The civil liberties organisations are concerned that their private communications may have been monitored under GCHQ’s electronic surveillance programme, Tempora, the existence of which was revealed by Snowden. They also complain that information obtained through the US National Security Agency’s Prism and Upstream programmes may have been shared with British intelligence services, sidestepping protections provided by the UK legal system.

During the hearing last summer, Matthew Ryder QC alleged that the intelligence services are constructing “vast databases” out of accumulated interceptions of emails.

“If two out of 10 organisations who applied to the IPT found their emails were being illegally monitored, human rights fear, how many others are being targeted? Unless people or organisations submit claims to the IPT, it is argued, how will they know whether their communications are being unlawfully monitored.”

A government spokesperson said: “We welcome the IPT’s confirmation that any interception by GCHQ in these cases was undertaken lawfully and proportionately, and that where breaches of policies occurred they were not sufficiently serious to warrant any compensation to be paid to the bodies involved.

“GCHQ takes procedure very seriously. It is working to rectify the technical errors identified by this case and constantly reviews its processes to identify and make improvements.”
Bron: www.theguardian.com

quote:

Controversial GCHQ Unit Engaged in Domestic Law Enforcement, Online Propaganda, Psychology Research

The spy unit responsible for some of the United Kingdom’s most controversial tactics of surveillance, online propaganda and deceit focuses extensively on traditional law enforcement and domestic activities — even though officials typically justify its activities by emphasizing foreign intelligence and counterterrorism operations.

Documents published today by The Intercept demonstrate how the Joint Threat Research Intelligence Group (JTRIG), a unit of the signals intelligence agency Government Communications Headquarters (GCHQ), is involved in efforts against political groups it considers “extremist,” Islamist activity in schools, the drug trade, online fraud and financial scams.

Though its existence was secret until last year, JTRIG quickly developed a distinctive profile in the public understanding, after documents from NSA whistleblower Edward Snowden revealed that the unit had engaged in “dirty tricks” like deploying sexual “honey traps” designed to discredit targets, launching denial-of-service attacks to shut down Internet chat rooms, pushing veiled propaganda onto social networks and generally warping discourse online.

Early official claims attempted to create the impression that JTRIG’s activities focused on international targets in places like Iran, Afghanistan and Argentina. The closest the group seemed to get to home was in its targeting of transnational “hacktivist” group Anonymous.

While some of the unit’s activities are focused on the claimed areas, JTRIG also appears to be intimately involved in traditional law enforcement areas and U.K.-specific activity, as previously unpublished documents demonstrate. An August 2009 JTRIG memo entitled “Operational Highlights” boasts of “GCHQ’s first serious crime effects operation” to shut down internet forums and to remove websites identifying police informants and members of a witness protection program. Another was “used to facilitate and execute online fraud.” The document also describes GCHQ advice provided “to assist the UK negotiating team on climate change.”

Particularly revealing is a fascinating 42-page document from 2011 detailing JTRIG’s activities. It provides the most comprehensive and sweeping insight to date into the scope of this unit’s extreme methods. Entitled “Behavioral Science Support for JTRIG’s Effects and Online HUMINT [Human Intelligence] Operations,” it describes the types of targets on which the unit focuses, the psychological and behavioral research it commissions and exploits, and its future organizational aspirations. It is authored by a psychologist, Mandeep K. Dhami.

Among other things, the document lays out the tactics the agency uses to manipulate public opinion, its scientific and psychological research into how human thinking and behavior can be influenced, and the broad range of targets that are traditionally the province of law enforcement rather than intelligence agencies.

JTRIG’s domestic and law enforcement operations are made clear. The report states that the controversial unit “currently collaborates with other agencies” including the Metropolitan police, Security Service (MI5), Serious Organised Crime Agency (SOCA), Border Agency, Revenue and Customs (HMRC), and National Public Order and Intelligence Unit (NPOIU). The document highlights that key JTRIG objectives include “providing intelligence for judicial outcomes”; monitoring “domestic extremist groups such as the English Defence League by conducting online HUMINT”; “denying, deterring or dissuading” criminals and “hacktivists”; and “deterring, disrupting or degrading online consumerism of stolen data or child porn.”

It touts the fact that the unit “may cover all areas of the globe.” Specifically, “operations are currently targeted at” numerous countries and regions including Argentina, Eastern Europe and the U.K.

JTRIG’s domestic operations fit into a larger pattern of U.K.-focused and traditional law enforcement activities within GCHQ.

Many GCHQ documents describing the “missions” of the “customers” for which it works make clear that the agency has a wide mandate far beyond national security, including providing help on intelligence to the Bank of England, to the Department for Children, Schools and Families on reporting of “radicalization,” to various departments on agriculture and whaling activities, to government financial divisions to enable good investment decisions, to police agencies to track suspected “boiler room fraud,” and to law enforcement agencies to improve “civil and family justice.”

Previous reporting on the spy agency established its focus on what it regards as political radicalism. Beyond JTRIG’s targeting of Anonymous, other parts of GCHQ targeted political activists deemed to be “radical,” even monitoring the visits of people to the WikiLeaks website. GCHQ also stated in one internal memo that it studied and hacked popular software programs to “enable police operations” and gave two examples of cracking decryption software on behalf of the National Technical Assistance Centre, one “a high profile police case” and the other a child abuse investigation.

Bron: firstlook.org

quote:

Popular Security Software Came Under Relentless NSA and GCHQ Attacks

The National Security Agency and its British counterpart, Government Communications Headquarters, have worked to subvert anti-virus and other security software in order to track users and infiltrate networks, according to documents from NSA whistleblower Edward Snowden.

The spy agencies have reverse engineered software products, sometimes under questionable legal authority, and monitored web and email traffic in order to discreetly thwart anti-virus software and obtain intelligence from companies about security software and users of such software. One security software maker repeatedly singled out in the documents is Moscow-based Kaspersky Lab, which has a holding registered in the U.K., claims more than 270,000 corporate clients, and says it protects more than 400 million people with its products.

British spies aimed to thwart Kaspersky software in part through a technique known as software reverse engineering, or SRE, according to a top-secret warrant renewal request. The NSA has also studied Kaspersky Lab’s software for weaknesses, obtaining sensitive customer information by monitoring communications between the software and Kaspersky servers, according to a draft top-secret report. The U.S. spy agency also appears to have examined emails inbound to security software companies flagging new viruses and vulnerabilities.

The efforts to compromise security software were of particular importance because such software is relied upon to defend against an array of digital threats and is typically more trusted by the operating system than other applications, running with elevated privileges that allow more vectors for surveillance and attack. Spy agencies seem to be engaged in a digital game of cat and mouse with anti-virus software companies; the U.S. and U.K. have aggressively probed for weaknesses in software deployed by the companies, which have themselves exposed sophisticated state-sponsored malware.

Anti-virus software is an ideal target for a would-be attacker, according to Joxean Koret, a researcher with Coseinc, a Singapore-based information security consultancy. “If you write an exploit for an anti-virus product you’re likely going to get the highest privileges (root, system or even kernel) with just one shot,” Koret told The Intercept in an email. “Anti-virus products, with only a few exceptions, are years behind security-conscious client-side applications like browsers or document readers. It means that Acrobat Reader, Microsoft Word or Google Chrome are harder to exploit than 90 percent of the anti-virus products out there.”

(Disclosure: One of the authors of this report, Morgan Marquis-Boire, spoke at a Kaspersky Lab event in Puerto Rico in 2013 and at another in London in 2014. He was not paid for either event, but the cost of his travel and accommodation were covered by the company.)

Bron: firstlook.org

quote:

Frankrijk roept ambassadeur VS op het matje om spionage



Frankrijk heeft de ambassadeur van de Verenigde Staten ontboden nadat gisteren bekend werd dat de NSA drie Franse presidenten heeft afgeluisterd. Dat melden Reuters en AFP op basis van Franse diplomatieke bronnen. President Hollande noemde de spionagepraktijken vandaag in een reactie “onacceptabel”.

Hollande had vanochtend zijn kabinet bijeengeroepen voor een spoedvergadering nadat documenten naar buiten kwamen op WikiLeaks waarin stond dat hijzelf en zijn voorgangers Sarkozy en Chirac tussen 2006 en 2012 door de Amerikaanse inlichtingendienst waren afgeluisterd. “Frankrijk tolereert geen handelingen die de veiligheid van ons land of van de beveiliging van onze belangen in gevaar brengt”, zei Hollande na afloop.

De president maakte tevens bekend dat Amerikaanse spionage van Franse belangen al wel eerder bekend waren bij de Franse autoriteiten. Uit de documenten zou blijken dat het afluisteren een maand na Hollande’s aantreden is gestopt. Volgens de Franse krant Libération - die het nieuws gisteren als eerste bracht - staan er geen staatsgeheimen in de gelekte documenten.

De VS kwamen gisteren naar buiten met een verklaring dat ze “zich niet richten en ook niet zullen richten op de communicatie van president Hollande”.

Het is niet voor het eerst dat bekend wordt dat de VS bondgenoten afluistert of heeft afgeluisterd. Eerder kwam naar buiten dat het mobieltje van bondskanselier Merkel werd afgetapt. In totaal zouden 122 regeringsleiders over de hele wereld zijn afgeluisterd.

quote:

Assange: Wikileaks heeft meer documenten over NSA-spionage



Klokkenluidersite Wikileaks heeft documenten in bezit die van groter politiek belang zijn dan de onthullingen, gisteren, over spionage van Franse presidenten door de Amerikaanse inlichtingendienst NSA. De economische en politieke belangen van Frankrijk alsook zijn soevereiniteit staan op het spel, zo waarschuwde Wikileaks-oprichter Julian Assange vanavond in een interview met de Franse tv-zender TF1.

Assange roept de Franse regering op nu in te grijpen. De “tijd is gekomen” voor Frankrijk om een parlementaire enquête in te stellen om de spionagepraktijken te onderzoeken en de schuldigen te vervolgen, zei hij. Uit de documenten zou onder meer blijken dat er sprake is geweest van economische spionage.

Volgens de documenten die via Mediapart en Libération werden gepubliceerd, werden Jacques Chirac (1995-2007), Nicolas Sarkozy (2007-2012) en François Hollande (2012-heden) gedurende zes jaar bespioneerd. Dit gebeurde tussen 2006 en mei 2012. Voor zover bekend stopte het afluisteren na de eerste maand dat Hollande als president was ingezworen. Welke informatie de NSA precies heeft verkregen is onduidelijk, maar het betrof in ieder geval geen staatsgeheimen.

Assange, die sinds 2012 schuilt in de Ecuadoraanse ambassade in Londen om uitlevering aan Zweden te vermijden, gaf zijn interview met TF1 vanuit de ambassade. Afgelopen vrijdag publiceerde Wikileaks al een reeks van tienduizenden vertrouwelijke Saoedische documenten. Daaruit bleek onder meer dat Nederland tevergeefs op het hoogste niveau heeft geprobeerd de immuniteit te laten opheffen van een Saoedische ex-ambassadeur die werd verdacht van mensenhandel.
Bron: NRC

quote:

NSA mag gesprekken tijdelijk weer afluisteren

quote:

De Amerikaanse inlichtingendienst NSA mag tijdelijk weer telefoongesprekken afluisteren. Het programma, onthuld door klokkenluider Edward Snowden, lag sinds 1 juni stil. Toen verliep de wet die het afluisteren mogelijk maakte. Een speciale spionagerechtbank heeft nu besloten dat de dienst zes maanden lang weer gegevens mag verzamelen.

quote:

GCHQ spied on Amnesty International, tribunal tells group in email | UK news | The Guardian

Human rights group denounces revelation as outrageous as after Investigatory Powers Tribunal says its communications have been illegally retained

The government’s electronic eavesdropping agency GCHQ spied illegally on Amnesty International, according to the tribunal responsible for handling complaints against the intelligence services.

Confirmation that surveillance took place emerged late on Wednesday, when the human rights group revealed that the Investigatory Powers Tribunal (IPT) sent it an email correcting an earlier judgment.

The extraordinary revision of a key detail in the ruling given on 22 June may alarm many supporters of Amnesty, who will want to know why it has been targeted.

In the original judgment, the IPT said that communications by the Egyptian Initiative for Personal Rights and the South African non-profit Legal Resources Centre had been illegally retained and examined.

In the email sent on Wednesday, the tribunal made it clear that it was Amnesty and not the Egyptian organisation that had been spied on – as well as the Legal Resources Centre in South Africa.

The breach of surveillance powers, under the Regulation of Investigatory Powers Act, related to retaining databases for longer than was permitted. Amnesty had been one of the claimants in the case, but in the original judgment the IPT made “no determination” on the organisation’s complaint – implying that either their emails and phone calls were not intercepted or that they were intercepted but by legal means.

Responding to the revelation, Salil Shetty, Amnesty International’s secretary general, said: “It’s outrageous that what has been often presented as being the domain of despotic rulers has been done on British soil, by the British government.

“How can we be expected to carry out our crucial work around the world if human rights defenders and victims of abuse can now credibly believe their confidential correspondence with us is likely to end up in the hands of governments?

“After 18 months of litigation and all the denials and subterfuge that entailed, we now have confirmation that we were in fact subjected to UK government mass surveillance. The revelation that the UK government has been spying on Amnesty International highlights the gross inadequacies in the UK’s surveillance legislation.

“If they hadn’t stored our communications for longer than they were allowed to, we would never even have known. What’s worse, this would have been considered perfectly lawful.”

The IPT email made no mention of when or why Amnesty International was spied on, or what was done with the information obtained. The organisation is calling for an independent inquiry into how and why a UK intelligence agency has been spying on human rights organisations.

Eric King, deputy director of Privacy International, which also took a similar case to the IPT, said: “Our system of oversight and remedy has fundamentally failed. The communications of one of the world’s leading human rights organisations – Amnesty International – were targeted by British spies, unlawfully, and our commissioners and courts failed to admit it, depriving individuals around the world of the validation and condemnation of, and redress for, unlawful government practices that is so desperately needed.

“Without Edward Snowden, without an 18-month legal battle, without an honest reckoning by whichever upstanding individual spotted and admitted this grave error, the unlawful conduct of the British intelligence agencies would never have been exposed by the very court charged with exposing it.

“Today’s farcical developments places into sharp relief the obvious problems with secret tribunals where only one side gets to see, and challenge, the evidence. Five experienced judges inspected the secret evidence, seemingly didn’t understand it, and wrote a judgement that turned out to be untrue. We need to know why and how this happened.

“Any confidence that our current oversight could keep GCHQ in check has evaporated. Only radical reforms will ensure this never happens again.”
Bron: www.theguardian.com

quote:

Duitse pers bespioneerd door Amerikaanse NSA | NU - Het laatste nieuws het eerst op NU.nl

Een journalist van het Duitse weekblad Der Spiegel is bespioneerd door de Amerikaanse NSA.

Dat heeft de Duitse veiligheidschef Günter Heiss gezegd tegen de parlementaire commissie die de activiteiten van de Amerikaanse veiligheidsdiensten in Duitsland onderzoekt, meldt Der Spiegel.

In 2011 waarschuwde de NSA Heiss dat een lid van zijn staf contacten onderhield met de journalist. Zij verdachten de plaatsvervanger van Heiss, Hans Josef Vorbeck, die later dat jaar werd overgeplaatst naar een andere functie.

Afluisteren

Der Spiegel was het eerste Duitse medium dat in 2013 berichtte over het afluisteren van de mobiele telefoon van bondskanselier Angela Merkel door de Amerikanen. Later werd bekend dat ook andere Duitse ministers werden afgeluisterd.

"Het voelt bitter dat de Amerikaanse geheime diensten journalisten in andere landen bespioneerden en hun bronnen verraadden aan de overheid", zei een Duitse journalist, die anoniem wenst te blijven, tegen CNN. "Dit is iets wat je kan verwachten in dictaturen zoals Rusland en China, maar niet in een democratie."

Der Spiegel heeft vrijdag aangifte gedaan wegens schending van de telecommunicatiegeheimhouding en vermoedens van spionageactiviteiten.

Bron: www.nu.nl

quote:

Hacking Team responds to data breach, issues public threats and denials

quote:

On Sunday evening, someone hijacked the Hacking Team account on Twitter and used it to announce that the company known for developing hacking tools was itself a victim of a devastating hack.

. Note: This story is a follow-up to the previous Hacking Team story. You should read both if you want to see things from the beginning. Also, a curated slideshow of contracts and other visuals is also available.

The hackers released a 400GB Torrent file with internal documents, source code, and email communications to the public at large. As researchers started to examine the leaked documents, the story developed and the public got its first real look into the inner workings of an exploit development firm.

Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies. However, their business has earned them a black mark from privacy and human rights organizations, as the company has been accused of selling tools and services to nations known for violent oppression.

Reporters Without Borders has listed the company on its Enemies of the Internet index due largely to Hacking Teams' business practices and their primary surveillance tool Da Vinci.

Sunday evening, documents circulating online, and documents shared by @SynAckPwn with Salted Hash, have linked Hacking Team to Egypt, Lebanon, Ethiopia, and Sudan.

The link to Sudan is especially newsworthy as the company previously stated they've never done business with the nation. There is a UN arms embargo on the Sudan, which is covered by EU and UK law. If they were doing business with the Sudanese government, Hacking Team could be in hot water.

In 2014, a Citizen Lab report revealed evidence that Hacking Team's RCS (Remote Control System) was being used by the Sudanese government, something the Italian company flat-out denied.

However, on Sunday a contract with Sudan, valued at 480,000 Euro, and dated July 2, 2012, was published as part of the 400GB cache. In addition, a maintenance list named Sudan as a customer, but one that was "not officially supported." Interestingly, Russia has the same designation.



Along with Russia and Sudan, there were other customers exposed by the breach including:

Egypt, Ethiopia, Morocco, Nigeria, Chile, Colombia

Ecuador, Honduras, Mexico, Panama, United States

Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea

Thailand, Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic

Germany, Hungary, Italy, Luxemburg, Poland, Spain

Switzerland, Bahrain, Oman, Saudi Arabia, UAE

quote:

Italiaans hackingschandaal groeit met de dag

quote:

Maar de Italianen werven ook klanten onder overheidsdiensten in Europa, de Verenigde Staten én in Nederland. Volgens journalist Brenno de Winter stond er voor afgelopen maandag een ontmoeting gepland met vertegenwoordigers van de Nationale Politie. Dat wil het bericht bevestigen noch ontkennen.

quote:

Hacking Team maakte woensdag bekend dat zijn software in handen kan zijn gevallen van criminelen en terroristen, omdat het bedrijf 'niet langer kan beheren wie er van de technologie gebruik kan maken'. Het spreekt van een 'extreem gevaarlijke situatie'.

quote:

Hacking Team Emails Expose Proposed Death Squad Deal, Secret U.K. Sales Push and Much More

quote:

Late Sunday, hackers dumped online a massive trove of emails and other documents obtained from the systems of Italian surveillance firm Hacking Team. The company’s controversial technology is sold to governments around the world, enabling them to infect smartphones and computers with malware to covertly record conversations and steal data.

For years, Hacking Team has been the subject of scrutiny from journalists and activists due to its suspected sales to despotic regimes. But the company has successfully managed to hide most of its dealings behind a wall of secrecy – until now.

For the last few days, I have been reading through the hacked files, which give remarkable insight into Hacking Team, its blasé attitude toward human rights concerns, and the extent of its spyware sales to government agencies on every continent. Adding to the work of my colleagues to analyze the 400 gigabyte trove of hacked data, here’s a selection of the notable details I have found so far:

quote:

NSA document: Israeli special forces assassinated top Syrian military official | World news | The Guardian

US intelligence describes how Brig Gen Mahmoud Suleiman, close adviser to Bashar al-Assad, was shot dead near Tartus in 2008 by ‘Israeli naval commandos’

US intelligence describes how Brig Gen Mahmoud Suleiman, close adviser to Bashar al-Assad, was shot dead near Tartus in 2008 by ‘Israeli naval commandos’

Evidence has emerged from leaked US signals intelligence intercepts that Israeli special forces were responsible for assassinating a senior Syrian military official who was a close adviser to President Bashar al-Assad.

Brig Gen Mahmoud Suleiman was shot dead on a beach near the northern Syrian port of Tartus in August 2008. The Guardian reported at the time that the seaside murder was perpetrated by a sniper firing from a yacht moored offshore.

Israel has never commented publicly on suspicions that it was involved. But newly revealed secret US intelligence documents state as a fact that Israeli special forces killed the general.

Related: Middle East: Top Assad aide assassinated at Syrian resort

The revelation comes from an internal National Security Agency document provided by the former NSA contractor Edward Snowden, and cited by the Intercept, edited by Glenn Greenwald. It said that a top-secret entry in the NSA’s internal version of Wikipedia, called Intellipedia, described the assassination by “Israeli naval commandos” near Tartus as the “first known instance of Israel targeting a legitimate (Syrian) government official”.

The details of the assassination were included in a “manhunting timeline” within the NSA’s intelligence repository, the Intercept said on Wednesday.

The US embassy in Damascus reported at the time that Israel was the most likely suspect, according to a secret cable released by WikiLeaks in 2010. Iranian media went public with that accusation from the start.

Suleiman was described by Syrian officials as dealing with defence and security issues in Assad’s private office in Damascus. Israeli and Syrian opposition sources claimed he worked as “liaison” with the Iranian-backed Lebanese group Hezbollah, Israel’s sworn enemy.

But a secret US government document several months earlier gave his precise job description: “Syrian special presidential adviser for arms procurement and strategic weapons.” It was also suggested that he was responsible for security at a Syrian nuclear facility bombed by Israel 11 months earlier.

The Intercept said that, according to three former US intelligence officers with extensive experience in the Middle East, the document’s classification markings indicate that the NSA learned of the assassination through surveillance. The information in the document was labelled “SI,” which means the intelligence was collected by monitoring communications signals.

It added that knowledge within the NSA about surveillance of Israeli military units is especially sensitive because the NSA has Israeli intelligence officers working jointly with its officers at NSA headquarters in Fort Meade, Maryland.

Syria’s tightly controlled official media did not report on the killing at the time. But Syrian sources confirmed that Suleiman was shot by a silenced weapon in the head and neck on a beach at al-Rimal al-Zahabiyeh resort near Tartus, where, like other privileged Syrians, he owned a chalet.

In September 2007, Israeli planes attacked and destroyed a suspected nuclear site at al-Kibar on the Euphrates river, apparently one of the special projects Suleiman managed “which may have have been unknown to the broader Syrian military leadership”, as the US embassy put it.

The Israeli assassination of Suleiman came less than six months after a joint Mossad-CIA team assassinated a senior Hezbollah operative in the heart of Damascus. US and Israeli involvement in that attack, which targeted the Hezbollah military commander Imad Mughniyeh, was first reported in detail by the Washington Post. The CIA had long sought Mughniyeh for his role in terrorist attacks against Americans, including the 1983 Marine barracks bombing in Beirut, which killed 241 American servicemen.

Neither the NSA nor a spokesperson for the Israeli prime minister Binyamin Netanyahu responded to requests for comment, the Intercept said.
Bron: www.theguardian.com

quote:

Pakistan tried to tap international web traffic via underwater cables, report says | World news | The Guardian

ISI spy agency sought access to data from ‘landing sites’ passing through Karachi, privacy group claims, in push to acquire digital espionage capacity to rival US

Pakistani intelligence sought to tap worldwide internet traffic via underwater cables that would have given the country a digital espionage capacity to rival the US, according to a report by Privacy International.

The report says the country’s Inter-Services Intelligence (ISI) agency hired intermediary companies to acquire spying toolkits from western and Chinese firms for domestic surveillance.

It also claims the ISI sought access to tap data from three of the four “landing sites” that pass through the country’s port city of Karachi, effectively giving it access to internet traffic worldwide.

Pakistan was in talks with a European company in 2013 to acquire the technology, but it is not clear whether the deal went through – a fact the rights organisation said was troubling.

“These cables are going to route data through various countries and regions,” Matthew Rice, an advocacy officer for Privacy International, said.

“Some will go from Europe to Africa and all the way to south-east Asia. From my reading that’s an explicit attempt to look at what’s going on.”

Traffic from North America and regional rival India would also be routed via the cables, he said.

Related: Boundless Informant: the NSA's secret tool to track global surveillance data

The report, based on what it called previously unpublished confidential documents, said the data collection sought in the ISI’s proposal “would rival some of the world’s most powerful surveillance programmes” including those of the US and Britain.

A spokesman for Pakistan’s military said he was not able to comment on the issue at the present time.

Last month Pakistani rights campaigners and opposition lawmakers urged Islamabad to protect the privacy of its citizens after leaked top-secret documents appeared to show British intelligence had gained access to almost all of the country’s internet users.

Pakistan is in the process of debating its own cybercrime bill, which rights campaigners say threatens to curtail freedom of expression and privacy in its current form.

Rights groups also expressed concern over a provision that allows the government to share intelligence with foreign spy agencies, such as the American National Security Agency, and a plan to force service providers to retain telephone and email records for up to a year.
Bron: www.theguardian.com

quote:

German government accuses news website of treason over leaks | World news | The Guardian

For the first time in more than 50 years journalists are facing treason charges, which is being denounced as an attack on the freedom of the press


Germany has opened a treason investigation into a news website a broadcaster said had reported on plans to increase state surveillance of online communications.

Related: Germany fights Facebook over real names policy

German media said it was the first time in more than 50 years journalists had faced treason charges, and some denounced the move as an attack on the freedom of the press.

“The federal prosecutor has started an investigation on suspicion of treason into the articles ... published on the internet blog Netzpolitik.org,” a spokeswoman for the prosecutor’s office said.

She added the move followed a criminal complaint by Germany’s domestic intelligence agency, the Office for the Protection of the Constitution (BfV), over articles about the BfV that appeared on the website on 25 February and 15 April. It said the articles had been based on leaked documents.

The public broadcaster ARD reported Netzpolitik.org had published an article on how the BfV was seeking extra funding to increase its online surveillance, and another about plans to set up a special unit to monitor social media, both based on leaked confidential documents.

The website specialises in internet politics, data protection, freedom of information and digital rights issues.

“This is an attack on the freedom of the press,” Netzpolitik.org journalist Andre Meister, targeted by the investigation along with editor-in-chief Markus Beckedahl, said in a statement. “We’re not going to be intimidated by this.”

Related: Germans greet influx of refugees with free food and firebombings

Michael Konken, head of the German press association, echoed the sentiment and called the probe “an unacceptable attempt to muzzle two critical journalists”.

In 1962 the defence minister, Franz Josef Strauss, was forced to resign after treason charges were brought against the news weekly Der Spiegel for a cover story alleging West Germany’s armed forces were unprepared to defend it against the communist threat in the cold war.

Beckedahl told the TV network N24: “I’m torn between feeling like this is an accolade and the thought that it could end up leading to jail.”

Bron: www.theguardian.com

quote:

Duitse minister van Justitie ontslaat hoofd Federaal Openbaar Ministerie



De Duitse minister van Justitie Heiko Maas (SPD) heeft het hoofd van het Federaal Openbaar Ministerie Harald Range (67) ontslagen in een hoog oplopende politieke affaire over persvrijheid.

Range (67) raakte in opspraak omdat hij twee journalisten de nieuwssite Netzpolitik.org beschuldigd heeft van landverraad. De site verspreidde eerder dit jaar op basis van interne documenten van geheime diensten informatie over hoe het internet in toenemende mate zou worden gemonitord door de Binnenlandse Veiligheidsdienst. Eerder had ook de Süddeutsche Zeitung hierover bericht, in samenwerking met de publieke zenders NDR en WDR. Netzpolitik.org publiceerde echter ook de onderliggende stukken van de geheime dienst.

De veiligheidsdienst deed bij Range aangifte van landverraad en van het openbaar maken van staatsgeheimen. Op dat delict staat ten minste een jaar celstraf, maar in het ergste geval levenslang. Volgens minister Maas vallen de documenten echter niet onder de noemer ‘staatsgeheim’ en is de publicatie afgedekt door de persvrijheid die in de grondwet van de Bondsrepubliek is vastgelegd. Hij werd hierin gisteren bijgevallen door de minister van Binnenlandse Zaken en door bondskanselier Angela Merkel (CDU).

Range werd overladen met kritiek van parlementariërs van de sociaaldemocratische regeringspartij SPD, waartoe ook Maas behoort. De linkse oppositiepartij Die Linke eiste zijn aftreden. Verschillende parlementariërs van regeringspartij CDU/CSU daarentegen spraken hun steun uit voor Range en het handelen van het OM.

Range koos vanochtend voor een frontale aanval op Maas. Hij verweet de minister van Justitie politieke invloed uit te oefenen en de onafhankelijkheid van de rechtspraak in gevaar te brengen. De opvolger van Range, die sowieso binnen enkele maanden met pensioen zou gaan, is de Beierse procureur-generaal Justitie Peter Frank.

Met het vertrek van Range is de affaire waarschijnlijk nog niet ten einde. De Berlijnse politicoloog Hajo Funke zei in een reactie op de actualiteitenzender Phoenix dat er nog meer politieke verwikkelingen te verwachten zijn.

Bron: NRC

quote:

AT&T's 'extraordinary, decades-long' relationship with NSA – report | US news | The Guardian

New York Times and ProPublica cite newly released NSA documents
Telecoms giant assisted with 'wiretapping United Nations headquarters'

The telecoms giant AT&T has had an “extraordinary, decades-long” relationship with the National Security Agency, it was reported on Saturday.

Citing newly disclosed NSA documents dating from 2003 to 2013, the New York Times said in a story published with ProPublica that AT&T was described as “highly collaborative” with an “extreme willingness to help” with government internet surveillance.

In June 2013, the former NSA contractor Edward Snowden leaked thousands of documents to media outlets including the Guardian. The following April, the Guardian and the Washington Post were awarded a Pulitzer prize for reporting on the story.

The new documents show that AT&T gave the NSA access to “billions of emails as they have flowed across its domestic networks”, the Times and ProPublica said. The reports also said AT&T provided “technical assistance” in “wiretapping all internet communications at the United Nations headquarters” in New York City.

The documents also show that the NSA’s budget for its relationship with AT&T was twice as large as that of the next-largest such programme, and that the company placed surveillance equipment in 17 of its US internet hubs.

Related: NSA collected Americans' email records in bulk for two years under Obama

The Times said the new documents did not name AT&T, but said analysis by its reporters and ProPublica revealed “a constellation of evidence” that pointed to the company.

The Times also pointed to the publication by the Guardian in June 2013 of a draft NSA inspector general report on email and internet data collection, under the codename Stellar Wind, which did not name AT&T or MCI, a company purchased by Verizon. The Times said the report “describes their market share in numbers that correspond to those two businesses, according to Federal Communications Commission reports”.

The Times quoted an AT&T spokesman, Brad Burns, as saying: “We do not voluntarily provide information to any investigating authorities other than if a person’s life is in danger and time is of the essence.”
Bron: www.theguardian.com

quote:

Laat minister Plasterk zijn 'Big Brother'-wet inslikken

quote:

Nederland dreigt uit de bocht te vliegen met het massaal bespioneren van zijn burgers. Slecht plan.
^{Door: Menso Heus, 'technology officer' en expert internetveiligheid bij Free Press Unlimited}

quote:

Met toestemming van de minister mogen de diensten voortaan al onze communicatie bespieden en analyseren: telefoonverkeer, e-mail, websites die we bezoeken, enzovoort. Dit alles, zonder dat we ook maar ergens van worden verdacht. De gegevens worden tot wel drie jaar bewaard en kunnen worden uitgewisseld met buitenlandse geheime diensten.

De wetgever vermijdt het woord angstvallig, maar het gaat hier klip en klaar om 'massa surveillance' van het type zoals Edward Snowden dat onthulde. In plaats van ons hiertegen te beschermen, wil de Nederlandse overheid er nu zelf gebruik van kunnen maken.

Het ongericht aftappen van de communicatie van onschuldige en onverdachte burgers is echter in strijd met de Grondwet, het Europees Verdrag voor de Rechten van de Mens, het Internationaal Verdrag inzake Burgerrechten en Politieke Rechten en jurisprudentie van het Europees Hof voor de Rechten van de Mens. Ook staat het haaks op de Universele Verklaring van de Rechten van de Mens van de VN.

quote:

Labour did too little to safeguard civil liberties, says Yvette Cooper

quote:

Labour leadership contender Yvette Cooper has issued a mea culpa over the last Labour government’s attitude towards civil liberties, saying it did not do enough to keep the state’s surveillance powers in check. In the latest sign of candidates trying to draw a line under the past, the shadow home secretary criticised the governments of Tony Blair and Gordon Brown for being “too reluctant to introduce checks and balances as strong as new terrorism powers”.

Both the Labour and Conservative parties also ignored the inadequacy of laws governing interception of communications – the Regulation of Investigatory Powers Act (Ripa) – for too long, she added.

Cooper told the Guardian that better protection of civil liberties would become a policy if she is elected as Labour’s leader next month. She said she would make it a priority to “break up concentrations of power” and launch a review of privacy in relation to private sector companies that hold a huge amount of personal data.

quote:

Super Stream Me stopt. Tim en Nicolaas waren er helemaal klaar mee

quote:

Het duurde precies 15 dagen, 1 uur en 25 minuten voordat Tim den Besten en Nicolaas Veul het beu waren hun leven live te streamen. De jongens droegen dag en nacht een camera bij zich en deelden hun leven met de rest van de wereld. Op de site van Super Stream Me zag je hun hartslag, exacte locatie en gemoedstoestand. We konden alles over ze te weten komen: hun telefoonnummer, bankgegevens en of ze masturbeerden.

quote:

Veul zag het als zijn werk om als televisiemaker de vraag te stellen waar hij oprecht nieuwsgierig naar was. “Dan moet je niet schromen om zelf met de billen bloot te gaan.” En dat deden ze. Letterlijk en figuurlijk. Nu is de koek op, de mannen zijn uitgeput, willen niet meer en kappen ermee.

quote:

Vooral het niet alleen kunnen zijn en daardoor geen rust hebben brak Den Besten op. “Dat heb ik nodig. Ik heb geleerd dat het heel belangrijk is om niet altijd gezien te worden. Gewoon in je raam te kunnen zitten en naar buiten te kijken.” Veul heeft een groot besef van privacy uit dit experiment gehaald. “Er is een quote van Snowden die zegt: ‘privacy gaat niet om wat je te verbergen hebt, maar om wat je te beschermen hebt’. Dat weet ik nu heel goed.”

quote:

'Deal over doorgifte data Europeanen aan VS is ongeldig'

quote:

Nationale toezichthouders zijn niet gebonden aan een beschikking van de Europese Commissie dat gegevens van Europeanen naar de VS gestuurd mogen worden omdat ze daar voldoende beschermd worden. Ze mogen die verzending opschorten, luidt een advies aan het Hof van Justitie van de Europese Unie (HvJEU).

quote:

De advocaat-generaal van het Europees Hof van Justitie schrijft in zijn advies zelfs dat de desbetreffende beschikking ongeldig is. Het HvjEU neemt het advies van de advocaat-generaal vrijwel altijd over. De zaak is aanhangig gemaakt door een Oostenrijker die er bezwaar tegen maakte dat de Ierse dochteronderneming van Facebook zijn gegevens doorspeelde aan servers in de Verenigde Staten. Hij betoogde dat de Snowden-onthullingen hadden aangetoond dat zijn data daar niet in veilige handen waren.

De Ierse toezichthouder wees het bezwaar van de hand met een verwijzing naar de beschikking van de Europese Commissie van 2002 over de Safe Harbour-afspraken, die zouden waarborgen dat de VS een voldoende niveau van bescherming van persoonsgegevens biedt. De zaak ging naar het High Court of Ireland, dat vervolgens van het HvJEU wilde weten of nationale autoriteiten zelf de mate van bescherming nog mogen onderzoeken en zo nodig de gegevensverstrekking mogen opschorten.

quote:

“Snowden Treaty” Calls for End to Mass Surveillance, Protections for Whistleblowers

Inspired by the disclosures of NSA whistleblower Edward Snowden, a campaign for a new global treaty against government mass surveillance was launched today in New York City.

Entitled the “The International Treaty on the Right to Privacy, Protection Against Improper Surveillance and Protection of Whistleblowers,” or, colloquially, the “Snowden Treaty,” an executive summary of the forthcoming treaty calls on signatories “to enact concrete changes to outlaw mass surveillance,” increase efforts to provide “oversight of state surveillance,” and “develop international protections for whistleblowers.”

At the event launching the treaty, Snowden spoke via a video link to say that the treaty was “the beginning of work that will continue for many years,” aimed at building popular pressure to convince governments to recognize privacy as a fundamental human right, and to provide internationally-guaranteed protections to whistleblowers who come forward to expose government corruption. Snowden also cited the threat of pervasive surveillance in the United States, stating that “the same tactics that the NSA and the CIA collaborated on in places like Yemen are migrating home to be used in the United States against common criminals and people who pose no threat to national security.”

The treaty is the brainchild of David Miranda, who was detained by British authorities at Heathrow airport in 2013, an experience that he described as galvanizing him towards greater political activism on this issue. Miranda is the partner of Glenn Greenwald, a founding editor of The Intercept who received NSA documents from Snowden. Authorities at Heathrow seized files and storage devices that Miranda was transporting for Greenwald. (The Press Freedom Litigation Fund of First Look Media, the publisher of the Intercept, is supporting Miranda’s lawsuit challenging his detention.)

Along with the activist organization Avaaz, Miranda began working on the treaty project last year. “We sat down with legal, privacy and technology experts from around the world and are working to create a document that will demand the right to privacy for people around the world,” Miranda said. Citing ongoing efforts by private corporations to protect themselves from spying and espionage, Miranda added that “we see changes happening, corporations are taking steps to protect themselves, and we need to take steps to protect ourselves too.”

The full text of the treaty has yet to be released, but it is envisioned as being the first international treaty that recognizes privacy as an inalienable human right, and creates legally-mandated international protections for individuals who are facing legal persecution for exposing corruption in their home countries. Its proponents hope to build momentum and convince both governments and multi-national organizations to adopt its tenets. Since the Snowden revelations there has been increasing public recognition of the threat to global privacy, with the United Nations announcing the appointment of its first Special Rapporteur on this issue in March, followed by calls for the creation of a new Geneva Convention on internet privacy.

Greenwald also spoke at the event, saying, “This campaign offers the opportunity to put pressure on governments to adopt a treaty that pushes back against mass surveillance, and also makes clear that individuals who expose corruption should not be subject to the retribution of political leaders.” Adding that many governments that make a show of supporting the dissidents of other countries tend to persecute their own whistleblowers, Greenwald added, “We need a lot of public pressure to say that mass surveillance should end, and that people who expose corruption should be entitled to international protections.”

Bron: theintercept.com

quote:

Privacy-folders met drone boven NSA-complex gedropt

quote:

Een gebouw van de geheime dienst loop je niet zomaar binnen. Toch wilden privacy-activisten het personeel in zo'n ondoordringbaar fort heel graag iets zeggen. Hun oplossing was een drone, die maandag duizenden flyers uitstrooide boven het Dagger Complex in het Duitse Darmstadt, een Amerikaanse militaire basis met een Europese vestiging van de NSA. Erop stond één simpele vraag: 'Klaar om je baan op te zeggen?'

quote:

Hof: Facebookdata Europeanen onvoldoende beschermd

quote:

De rechtszaak werd in augustus vorig jaar aangespannen tegen Facebook door de Oostenrijkse student en activist Max Schrems. Hij heeft sinds 2008 een account op Facebook en stapte naar de rechter na de onthullingen van Edward Snowden. Hieruit bleek dat Amerikaanse geheime diensten op grote schaal het internet 'afluisteren'.

quote:

NSA can break into encrypted Web and VPN connections due to a commonplace cryptographic mistake

Two researchers have found that the National Security Agency (NSA) of USA could have the technology to break into the 1024 bit Diffie-Hellman cryptographic key exchange due to a commonplace weakness. This means that NSA could be able to peer into a large amount of encrypted communications.

The researchers noted that one single prime is used to encrypt two-thirds of all virtual private networks (VPNs) and a quarter of secure shell (SSH) servers globally, two major security protocols used by a number of businesses. A second prime is used to encrypt “nearly 20 [percent]of the top million HTTPS websites.” This is a commonly used way of keeping data indecipherable for anyone except its intended recipient – almost anyone, that is.

“Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous,” researchers Alex Halderman and Nadia Heninger wrote in a blog post published Wednesday. “Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections.”

The problem is that many of these 1024-bit prime numbers are reused because of how (previously) inconceivably expensive it would be to break them. As noted above, the researchers found that one single prime number is used to encrypt two-thirds of all VPNs and a quarter of all SSH servers, two security measures used by businesses globally. Another is used to encrypt 18 percent of the “top million HTTPS websites.” That means that a single instance of the aforementioned year-long cracking effort could give the NSA access to all of this information.

“This isn’t a flaw in a particular protocol, it’s a property of the math [that]underlies Diffie-Hellman, which is part of the foundation of almost every important cryptographic protocol we use,” Halderman said. “It’s certainly not an overnight [fix]. One of the problems is that the standards behind any important protocols like the IPsec VPN protocol specify that everyone will use these particular primes that by virtue of being so lightly used are made weaker. I think it’s going to be years unfortunately before standards and implementations are widely updated to account for this threat.”

Bron: www.techworm.net

quote:

Facebook will warn you if the government is hacking your profile

A hacker or spammer can do some serious damage to your Facebook account — but what about the watchful eye of the government over your private messages?

Facebook said it will begin warning users if it detects a user's account is being targeted or compromised by a nation-state or a state-sponsored actor.

See also: What the massive government breach means for your personal data

"While we have always taken steps to secure accounts that we believe to have been compromised, we decided to show this additional warning if we have a strong suspicion that an attack could be government-sponsored," Facebook's Chief Security Officer Alex Stamos wrote in a blog post on Saturday. "We do this because these types of attacks tend to be more advanced and dangerous than others, and we strongly encourage affected people to take the actions necessary to secure all of their online accounts."

When Facebook has strong evidence that a government is intruding on a user's Facebook account, the company will send this warning:



Stamos added that Facebook likely won't be able to provide any additional explanation as to why it suspects a users's account has been targeted, but the message doesn't mean Facebook as a whole has been compromised. He also doesn't single out any particular state or government in the blog post.

If you receive the message above, you should enable two-factor authentication, which is under Login Approvals on Facebook. Stamos further suggests that users should "rebuild or replace" their computer system, as it's likely to be infected by malware.

In Facebook's last transparency report from November 2014, the company revealed that government requests for Facebook user data in the first half of 2014 increased 24% from the second half of 2013. However, those are formal requests, so they do not include attempts by governments or government-sponsored agents to obtain users' information without permission. It's difficult to estimate how often those incidents occur, though the mere fact that Facebook is now warning users about such attempts suggests they are not uncommon.
Bron: mashable.com

quote:

Investigatory powers bill: snooper's charter to remain firmly in place | World news | The Guardian

Legislation will enshrine security services’ licence to hack, bug and burgle their way across the web – with judicial oversight still to be determined


The key elements of the snooper’s charter, including the bulk collection and storage for 12 months of everyone’s personal data, tracking their use of the web, phones and social media, will remain firmly in place when the government publishes its new investigatory powers bill on Wednesday.

The legislation, to be introduced by the home secretary, Theresa May, will provide the security services with an explicit licence to “snoop on the web” for the first time.

Until the disclosures of the whistleblower Edward Snowden, these powers and mass surveillance programmes remained hidden in the complex undergrowth of the pre-digital age Regulation of Investigatory Powers Act 2000 (Ripa) and other arcane surveillance laws.

The new, comprehensive, surveillance legislation will provide the security services and police with access to personal web and phone data using bulk-collection powers and will also put on a fresh legal footing spies’ mass computer hacking, known as “computer network exploitation”.

Related: Lord Carlile criticises proposals for judges to approve spying warrants

In the runup to the bill’s publication May has made much of having removed some of the more contentious elements from her previous attempt to introduce the snooper’s charter in parliament, which was blocked by her Liberal Democrat coalition partners. So is this week’s new surveillance law a climbdown or is it still a snooper’s charter?

Internet and phone companies are expected to be required to keep the communications data of all their customers’ use of the web, their phones and social media for 12 months. This is not the content, which has to be authorised by a ministerial intercept warrant, but the who, what, where and when of everyone’s use of the web.

It is often the case that the “who sent what to whom from where” can be more useful to the security services and police than the actual content of messages because it can tell them a lot about an individual’s life, and represents hard evidence.

It is easy to lie in the writing of an instant message but far harder to lie over when and to whom it was sent. This is reflected in the fact that communications data can be used as evidence in court while information obtained via interception is not admissible and can only be used for intelligence.

The Home Office will pay the internet and phone companies an as-yet unspecified (but no doubt large) sum to store this data and to provide access to the security services and the police according to specified regimes.

The security and intelligence services will use the bulk collection of personal internet data by the web and phone companies as the basis of GCHQ’s powerful data-mining programs to generate intelligence data.

Related: Don’t be fooled by spook propaganda: the state still wants more licence to pry | Henry Porter

It is the activity of the hundreds of such programs that campaigners say amounts to the snooper’s charter invasion of privacy.

The police, who make the bulk of the 500,000 external requests for communications data each year, have a separate regime with approval at inspector or superintendent level depending on the kind of data being requested for use in crime investigations. This includes terrorism investigations but also stalking and missing persons cases.

The bill is expected to add a category of internet connection records that will allow the police to trace which websites a suspect has visited, but not the content of pages. This is expected to require judicial authorisation, which is likely to be in the form of a panel of specially trained retired judges and requests will have to be targeted and limited.

They may also be required to authorise police requests for the communications data of journalists, lawyers or other legally privileged professions.

A further 40 public bodies also get different levels of access but often will need a magistrate’s authorisation. But the vast majority of the 500,000 requests made each year will continue as now without the need for a judicial or ministerial warrant.

The home secretary has given up trying to force overseas web companies to meet British requests to hand over their customers’ data. She has also dropped her plan to get UK-based companies to keep “third party” data that passes over their networks if the US companies refused to cooperate.

Instead, May has decided to rely on the recommendations of Sir Nigel Sheinwald, the former British ambassador to Washington, who earlier this year told the government that the only way to solve this problem was to negotiate a new treaty with the US to secure a rapid response to requests.

When the prime minister visited Washington earlier this year he gave the impression that he wanted to ban encryption on the web, arguing that there should be no safe space for terrorists or paedophiles. Ministers have ruled out for now any such ban or restriction on encryption, which would have severely undermined Britain as a global business centre.

The bill will enshrine the security services’ licence to hack, bug and burgle their way across the web. Britain’s security services only officially admitted that they had worldwide powers to attack computers this year.

As a result of a court case, an innocuous-sounding “draft equipment interference code of practice” was published by the Home Office. This put into the public domain the rules and safeguards surrounding the use of computer hacking outside the UK by the security services for the first time.

Privacy campaigners said the powers outlined in the draft guidance detailed the powers of intelligence services to sweep up content of a computer or smartphone, listen to their phone calls, track their locations or even switch on the microphones or cameras on mobile phones. The last would allow them to record conversations near the phone or laptop and snap pictures of anyone nearby.

Theresa May faces strong parliamentary opposition to continued ministerial authorisation of the 2,400-a-year intercept warrants she currently signs. She has already offered a two-stage compromise by floating the idea of a judicial veto on her authorisations. She is also expected to announce that the fragmented system of five separate oversight commissioners is replaced with a single investigatory powers commissioner, who would be a senior judge, to hold the security services and police to account.

Bron: www.theguardian.com

quote:

My work at GCHQ and the surveillance myths that need busting | Comment is free | The Guardian

In a first for the Guardian, a GCHQ officer writes about its investigatory powers in the wake of the publication of Theresa May’s proposed new measures


Many words about GCHQ have appeared over the last two years – but rarely have they been GCHQ’s own words. We welcome the debate now under way in parliament and among the public about our work. We need public consent for what we do – we wouldn’t want to do our jobs without it. We want the debate to be informed by facts, not half-understood inferences. We do not expect to persuade everyone to support what we do, but GCHQ certainly does bear a responsibility to make sure the discussion about us is based in reality. I want to cover two particular topics frequently misunderstood: bulk interception and encryption.

The draft bill published on Wednesday responds to three independent reviews carried out into investigatory powers. The reviews were unanimous in their agreement that the powers currently available to the intelligence and security services remain essential. And while the courts have recently confirmed that the bulk interception regime was lawful, the reviewers concluded that the legal framework needed updating. We are confident that the draft bill places our powers on a clearer footing and strengthens safeguards and oversight to a world-leading standard.

The draft bill also enables GCHQ and our sister agencies to meet the challenges of technological advances. As the internet grows exponentially, and smartphones create an explosion in information, increasingly tech-savvy criminals and terrorists attempt to hide in the mass of data and the dark recesses of the web.

Our best – often our only – chance to detect them is to search and analyse datasets in which they might be found. All major UK counter-terrorism investigations of the last decade have relied on analysis of data collected at scale to understand and disrupt the threat. This is particularly critical when a threat emanates from overseas, where we and other agencies have fewer options to illuminate it. Many other aspects of our work depend on it too, including child exploitation, cybersecurity and serious crime.

In 2014, GCHQ analysis of bulk data uncovered a previously unknown individual in contact with Isis attack-planners in Syria. Although he tried to hide his activity, we were able to use bulk data to spot that he had travelled to Europe, where he planned to carry out an attack. The data was provided to the authorities in that country, enabling the successful disruption of the plot, including capturing the home-made bombs he had manufactured.

Use of these bulk data powers is not indiscriminate. GCHQ cannot and would not hoover up every piece of information. It would be illegal for us to carry out “mass surveillance”, nor would we want to, even if the law allowed it. And stringent access controls apply before analysts may examine any particular piece of data. We always focus on maximising the probability of identifying people who wish to do us harm. The scale of internet data is staggering compared to 10 years ago, so while the volume we scan may seem large, it is a minute slice of the whole.

Those with unfettered access to our operations have quickly dispelled the mass surveillance myth. David Anderson QC examined examples of cases reliant on bulk interception, interrogated our analysts and looked at our intelligence reports. He wrote: “They leave me in not the slightest doubt that bulk interception, as it is currently practised, has a valuable role to play in protecting national security.” The parliamentary intelligence and security committee stated: “Our inquiry has shown that the agencies do not have the legal authority, the resources, the technical capability, or the desire to intercept the communications of British citizens, or of the internet as a whole. GCHQ is not reading the emails of everyone in the UK.” Sir Anthony May, one of Britain’s most senior judges, conducted an investigation and asked the question whether we engage in random mass intrusion into the private affairs of innocent citizens. His answer was “emphatically no”.

There is another myth that badly needs busting, namely the idea that GCHQ is against encryption and would not disclose vulnerabilities in software. We live more and more of our lives online and it is right that companies which hold the personal data of their customers take the strongest steps to keep it secure. It is also right that people should be able to interact with their bank and other businesses with confidence. As well as being civil servants charged with a unique mission, our own staff live everyday lives where they, their family and their friends depend on the same secure technology as everyone else.

The draft bill essentially repeats what the law currently says about encryption.

We do not seek to ban encryption, we do not want mandatory “back doors” in products and we frequently warn companies about security vulnerabilities we find. On a daily basis we advise companies and public services about how to deal with specific cyber-attacks. No organisation does more to protect UK cybersecurity than GCHQ. In September 2015, Apple publicly credited CESG (the information assurance arm of GCHQ) with the detection of a vulnerability in its iOS operating system for iPhones and iPads which could have been exploited. That vulnerability has now been patched.

Dealing with encryption and analysing data at scale were crucial for GCHQ’s predecessors at Bletchley Park to succeed in their mission. Protecting life and liberty is our heritage, but it’s our current and future duty too. We need legislation and powers fit for the modern world to carry out that duty.

Bron: www.theguardian.com

quote:

Only 'tiny handful' of ministers knew of mass surveillance, Clegg reveals | Politics | The Guardian

Former deputy PM says he was astonished to learn how few cabinet members were aware of scale of UK spies’ reach into lives of British citizens

The majority of the UK cabinet were never told the security services had been secretly harvesting data from the phone calls, texts and emails of a huge number of British citizens since 2005, Nick Clegg has disclosed.

Clegg says he was informed of the practice by a senior Whitehall official soon after becoming David Cameron’s deputy in 2010, but that“only a tiny handful” of cabinet ministers were also told – likely to include the home secretary, the foreign secretary and chancellor. He said he was astonished to learn of the capability and asked for its necessity to be reviewed.

Related: The surveillance bill is flawed but at last we have oversight | Nick Clegg

The former deputy prime minister’s revelation in the Guardian again raises concerns about the extent to which the security services felt they were entitled to use broadly drawn legislative powers to carry out intrusive surveillance and keep this information from democratically elected politicians.

Related: Security and liberty: Theresa May’s surveillance plans | Letters from Lord West and others

The government finally admitted on Wednesday that the mass surveillance of British citizens began in 2001 after 9/11 and was stepped up in 2005, using powers under national security directions largely hidden in the 1984 Telecommunications Act.

It is not known if government law officers sanctioned the use of the act in this way, but it appears the intelligence and security committee responsible for parliamentary oversight was not informed, adding to the impression of a so-called deep state operating outside the scrutiny of parliament.

Clegg writes: “When I became deputy prime minister in 2010, I was the leader of a party that had been out of government for 65 years. There were a lot things that we had to re-learn, and a lot that was surprising and new.

“When a senior official took me aside and told me that the previous government had granted MI5 direct access to records of millions of phone calls made in the UK – a capability that only a tiny handful of senior cabinet ministers knew about – I was astonished that such a powerful capability had not been avowed to the public or to parliament and insisted that its necessity should be reviewed.

“That the existence of this previously top secret database was finally revealed in parliament by the home secretary on Wednesday, as part of a comprehensive new investigatory powers bill covering many other previously secret intelligence capabilities, speaks volumes about how far we’ve come in a few short years.”

He also contends that when the revelations of Edward Snowden hit, “the knee-jerk response within government was to play the man and ignore the ball”.

He writes: “Ministers simply didn’t understand – whatever concerns they may have had about Snowden’s own behaviour - the significance of the fact that the world now knew the government’s most closely guarded secrets. They refused to acknowledge that the democratisation of the security state had become inevitable.”

Related: Mass snooping and more – the measures in Theresa May's bill

Clegg claims the draft investigatory powers bill, published on Wednesday, has put the country within touching distance of a comprehensive set of laws covering every surveillance capability of the government. The draft bill, he argues, has been the result of the internal pressure applied by Liberal Democrat ministers inside the coalition government and the external debate generated by the Snowden revelations.

Giving his most detailed assessment of the specifics of the draft bill, he adopts a more sceptical attitude than the initial Labour frontbench reaction on Wednesday, saying many of the proposals are controversial and excessive.

He says the ability of GCHQ “to hack anything from handsets to whole networks is highly intrusive and needs to be much better understood before we can place it within appropriate constraints.

“The new, revised proposals on the storage of web browsing data remain problematic as the bill appears to call for the storage of vast quantities of data that go far beyond the operational requirements set out by the home secretary in the Commons.”

In common with some Tory MPs, he suggests: “The so called ‘double lock’ of judicial oversight appears to be nothing of the sort, as judges will have very little discretion when making decisions about individual warrants. And many will wish to question the access that the intelligence agencies have to our phone records.”

Bron: www.theguardian.com

quote:

Rechter deelt tik uit aan Amerikaanse veiligheidsdienst NSA | NOS

Een federale rechter in de Verenigde Staten heeft het verzamelen van metadata van telefoongesprekken "hoogstwaarschijnlijk ongrondwettelijk" genoemd. Hij deed dat in de zaak die een advocatenkantoor in Californië had aangespannen tegen de veiligheidsdienst NSA.

Twee jaar geleden kwamen de verregaande activiteiten van de NSA via klokkenluider Edward Snowden aan het licht. Er bleek onder meer dat de dienst op grote schaal metadata verzamelt, dus bijvoorbeeld informatie over wie met wie mailt of belt.

De rechter in de hoofdstad Washington heeft het in zijn vonnis over "een verlies aan grondwettelijke vrijheden". De NSA moet van hem onmiddellijk stoppen met het verzamelen van de gegevens van het advocatenkantoor.

De uitspraak is overigens vooral van symbolisch belang: het massasurveillanceprogramma van de NSA in zijn huidige vorm loopt over drie weken af. Op 29 november gaat de dienst over op een systeem waarbij het aftappen doelgerichter zal zijn.

Desondanks zijn privacy-activisten blij met de uitspraak. Edward Snowden spreekt op Twitter van een historisch besluit.

Bron: nos.nl

quote:

NSA Surveillance: A Resource Page

quote:

In June 2013, Glen Greenwald, then of The Guardian, broke the first of many stories detailing how the NSA gathers and stores information about innocent Americans. Since then, we have learned that U.S. intelligence agencies are gathering massive amounts of data from phone and internet companies, not just on Americans, but foreign leaders as well.

How and under what circumstances are U.S. intelligence agencies allowed to collect your data? Where does Americans' data go once they collect it? In this collection of resources, the Brennan Center sheds a much-needed light on how the government is collecting, sharing, and storing data that is not immediately relevant to counterterrorism efforts.

quote:

Paris is being used to justify agendas that had nothing to do with the attack | Trevor Timm | Comment is free | The Guardian

The Paris attackers weren’t Syrian, and they didn’t use encryption, but the US government is still using the carnage to justify attempts to ban them both

The aftermath of the Paris terrorist attacks has now devolved into a dark and dishonest debate about how we should respond: let’s ban encryption, even though there’s no evidence the terrorists used it to carry out their crime, and let’s ban Syrian refugees, even though the attackers were neither.

It’s hard to overstate how disgusting it has been to watch, as proven-false rumors continue to be the basis for the entire political response, and technology ignorance and full-on xenophobia now dominate the discussion.

Related: Donald Trump's bigotry against Muslims has safety implications we can't ignore | M Dove Kent

First, there’s the loud “we need to ban encryption” push that immediately spawned hundreds of articles and opinions strongly pushed by current and former intelligence officials the day or two after the attacks, despite the government quietly admitting there was no evidence that the attackers used encryption to communicate. It was a masterful PR coup: current and former intelligence officials got to sit through a series of fawning interviews on television where they were allowed to pin any of their failures on Edward Snowden and encryption – the bedrock of privacy and security for hundreds of millions of innocent people – with virtually no pushback, or any critical questions about their own conduct.

The entire encryption subject became a shiny scapegoat while the truth slowly trickled in: as of Tuesday, it was clear that American and/or French intelligence agencies had seven of the eight identified attackers on their radar prior to the attacks. The attackers used Facebook to communicate. The one phone found on the scene showed the terrorists had coordinated over unencrypted SMS text messages – just about the easiest form of communication to wiretap that exists today. (The supposed ringleader even did an interview in Isis’s English magazine in February bragging that he was already in Europe ready to attack.)

As an unnamed government official quoted by the Washington Post’s Brian Fung said, if surveillance laws are expanded the media will be partly to blame: “It seems like the media was just led around by the nose by law enforcement. [They are] taking advantage of a crisis where encryption hasn’t proven to have a role. It’s leading us in a less safe direction at a time when the world needs systems that are more secure.”

As dishonest as the “debate” over encryption has been, the dark descension of the Republican party into outright racism and cynically playing off the irrational fears of the public over the Syrian refugee crisis has been worse. We now know the attackers weren’t Syrian and weren’t even refugees. It was a cruel rumor or hoax that one was thought to have come through Europe with a Syrian passport system, but that was cleared up days ago. But in the world of Republican primaries, who cares about facts?

Virtually every Republican candidate has disavowed welcoming any refugees to the US, and they are now competing over who is more in favor of banning those who are fleeing the very terrorists that they claim to be so against.

It doesn’t matter that the US has a robust screening system that has seen over 750,000 refugees come to the United States without incident – the Republican-led House has now voted to grind the already intensive screening process to a virtual halt (they were disgracefully joined by many Democrats). Chris Christie said the US should refuse widows and orphans. Rand Paul introduced a law to bar the entire Muslim world from entering the US as refugees. Donald Trump has suggested he would digitally track every Muslim in the county.

As The Intercept’s Lee Fang documented in detail, the rhetoric spewing from the mouths of the Republican Party sounds almost word for word like the racists during World War II that wanted the US to refuse Jews on the basis that they might be secret Nazis.

Even the supposedly establishment Republicans have debased themselves with rhetoric that one can only hope that one day they regret. This video of Jeb Bush struggling to explain why he would create a religious litmus test for refugees and how families are going to “prove” they’re Christian is truly cringeworthy. As Barack Obama said in his admirable condemnation of Bush and others on Tuesday, such talk is “shameful” and “un-American.”

One can say a lot of awful things about Jeb’s brother, George W Bush, including that his disastrous wars that led to the Isis mess we are in now, but he did do one thing right: he was always willing to publicly speak out in favor of the vast majority of Muslims who are peaceful and abhor terrorism just like everyone else. As Chris Hayes noted, not a word of this touching speech Bush gave at an Islamic Center a week after 9/11 would ever be uttered by any of the Republican candidates today. Instead they compete over who can disparage and debase the Muslim community with the broadest brush stroke.

There are plenty of questions to ask in the aftermath of the attacks to learn how terrorism can better be prevented in the future. Instead public discourse has veered so far off-course that it’s hard to see when it will return.

Bron: www.theguardian.com

quote:

Telegraph Publishes The Dumbest Article On Encryption You'll Ever Read... Written By David Cameron's Former Speechwriter

Over the weekend, the Telegraph (which, really, is probably only the second or third worst UK tabloid), published perhaps the dumbest article ever on encryption, written by Clare Foges, who until recently, was a top speech writer for UK Prime Minister David Cameron (something left unmentioned in the article). The title of the article should give you a sense of its ridiculousness: Why is Silicon Valley helping the tech-savvy jihadists? I imagine her followups will including things like "Why is Detroit helping driving-savvy jihadists?" and "Why are farmers feeding food-savvy jihadists?"

quote:

Bron: www.techdirt.com

quote:

Einde aan telefonisch sleepnet NSA

Vanaf vandaag mag de Amerikaanse inlichtingendienst NSA niet meer ongericht al het telefoonverkeer in de VS in de gaten houden. Vanaf klokslag middernacht, 06.00 uur Nederlandse tijd, worden de bevoegdheden van de dienst flink ingeperkt.

Het is de grootste beperking van een inlichtingendienst sinds de aanslagen van 9/11. Voortaan mag de NSA niet meer willekeurig alle gegevens over telefoontjes verzamelen, maar moet er voor elke persoon of groep specifiek een gerechtelijk bevel worden aangevraagd. Dat is dan maximaal zes maanden geldig.

Bron: nos.nl