Monitoring NSA in de VS en erbuiten, deel 9

quote:

Op zaterdag 4 oktober 2014 14:02 schreef xepera9 het volgende:
Goed bezig, Papierversnipperaar.

Ik las dit vandaag:
RT: Germany handed law-protected private data to NSA for years

[..]

Duitstalig: http://www.sueddeutsche.de/thema/NSA

quote:

Plasterk houdt hoeveelheid afluisteroperaties AIVD geheim

Minister Ronald Plasterk (Binnenlandse Zaken) wil niet bekendmaken hoeveel personen door de Algemene Inlichtingendienst en Veiligheidsdienst (AIVD) zijn afgeluisterd en bij hoeveel operaties de afluisterbevoegdheid wordt ingezet.

De Commissie van Toezicht betreffende de Inlichtingen- en Veiligheidsdiensten (CTIVD) had deze getallen opgenomen in een rapport (pdf) over het functioneren van de AIVD.

Plasterk besloot echter om de getallen onleesbaar te maken in de uiteindelijk gepubliceerde versie van het rapport, omdat deze te veel inzicht geven in de werkwijze van de inlichtingendienst.

In een brief aan de Tweede Kamer (pdf) stelt Plasterk dinsdag dat de informatie "zich niet leent voor openbaarmaking, zeker wanneer die vanaf nu over meerdere jaren zou worden verstrekt". De 'Commissie Stiekem', bestaande uit alle fractieleiders van de Tweede Kamer, krijgt wel inzicht in de cijfers.

De CTIVD ging van september 2012 tot en met augustus 2013 na hoe de AIVD de afluisterbevoegdheid inzet. Uit het rapport wordt wel duidelijk dat in het onderzochte jaar 11 procent meer personen werden afgeluisterd dan een jaar eerder.

Veiligheid

Ook schrijft de toezichthouder over de "bevoegdheid tot selectie van sigint", waarmee de AIVD bijvoorbeeld activiteit op telefoonnummers of e-mailadressen in de gaten kan houden. Er worden "duizenden" van zulke adressen in de gaten gehouden, stelt de CTIVD.

Burgerrechtenbeweging Bits of Freedom is ontevreden met de geheimhouding van de gegevens, en wil deze via een verzoek op de Wet openbaarheid van bestuur (Wob) alsnog duidelijkheid krijgen.

"De CTIVD kan zelf beter dan minister Plasterk bepalen of dit de nationale veiligheid raakt", aldus Ton Siedsma van Bits of Freedom.

D66-Kamerlid Gerard Schouw zegt te willen weten waarom de cijfers zijn achtergehouden. Hij noemt dit "wonderlijk" en zegt zich af te vragen of dit neerkomt op censuur van de toezichthouder.

Geheimhouding

De Commissie concludeert dat de AIVD in het onderzochte jaar meermaals onrechtmatig heeft gehandeld. Zo zijn tweemaal gesprekken afgeluisterd met 'verschoningsgerechtigden', bijvoorbeeld artsen en advocaten die recht hebben op geheimhouding van communicatie met cliënten. Ook is twee keer te lang afgeluisterd.

Bij een afluisteroperatie naar iemand die samenwerkte met de AIVD, is minister Plasterk niet op de hoogte gebracht van deze samenwerking. Volgens de Commissie was dit "essentieel" voor de beoordeling van het afluisterverzoek en had dat dus wel moeten gebeuren.

Verder gaat de CTIVD in op de mogelijkheid van de AIVD om een gehele organisatie in de gaten te houden, de zogenoemde 'organisatielast'. Hierbij kunnen nieuwe leden van een organisatie worden afgeluisterd zonder dat daar opnieuw toestemming voor hoeft te worden gevraagd aan de minister.

Deze organisatielast is één keer ingezet tegen een groep mensen die volgens de wet niet kan worden gezien als een organisatie, stelt de CTIVD. Ook vindt de Commissie het onduidelijk in welke gevallen mensen kunnen worden toegevoegd aan de organisatielast.

Identiteiten

Het is volgens de Commissie illegaal om in bulk verzamelde gegevens te doorzoeken op zoek naar potentiële doelwitten. Een wetswijziging moet hier verandering in brengen, maar ondertussen doet de AIVD dit al wel.

De CTIVD wil daarom dat het gebruik van de data wordt beperkt tot het vaststellen van identiteiten en het bepalen van de relevantie voor een bepaald onderzoek. Ook moet goed worden geregistreerd welke communicatie is ingezien en wat de uitkomst was.

"Het is hoog tijd dat er een wetswijziging komt, zodat de Kamer zich kan uitlaten over dit soort kwesties", zegt Siedsma van Bits of Freedom.

Minister Plasterk zegt alle aanbeveligen van de Commssie aan te nemen. In sommige gevallen is de werkwijze van de AIVD al aangepast, of wordt de organisatie gevraagd om een betere werkwijze te formuleren.

quote:

Reporter Radio naar rechter om tapgegevens AIVD

quote:

Reporter Radio stapt naar de rechter omdat minister van Binnenlandse Zaken Ronald Plasterk (PvdA) weigert vrij te geven hoeveel mensen door de AIVD worden afgeluisterd.

quote:

Politie breekt met spyware op afstand in computers in

De Nederlandse politie dringt met spyware op afstand computers binnen. De wet wordt erg opgerekt, zeggen deskundigen.

quote:

In een brief aan de Tweede Kamer erkent minister Opstelten van Veiligheid en Justitie voor het eerst deze praktijk. Volgens hem mag de politie 'op afstand een computersysteem betreden en gegevensbestanden in beslag nemen'.

Dat is gebeurd 'in een aantal strafzaken waarin het ging om zeer ernstige feiten', schrijft hij in antwoord op vragen van SP-kamerlid Sharon Gesthuizen. Over de precieze werkwijze en effectiviteit wil Opstelten niets zeggen.

De minister reageert hiermee op onthullingen dat de Nederlandse politie het spionageprogramma FinFisher zou gebruiken. In augustus werd de producent van die software, Gamma Intenational, door activisten gehackt. Uit de buitgemaakte bestanden bleek de Landelijke Eenheid van de politie een van de klanten. FinFisher is ook gebruikt door de overheid in Bahrein om dissidenten in de gaten te houden. In het VPRO-programma Tegenlicht, aanstaande zondag, figureert FinFisher als bedrijf dat bugs verkoopt om in computers in te breken.

quote:

EE, Vodafone and Three give police mobile call records at click of a mouse

Three of UK’s big four mobile phone networks are providing customer data to police forces automatically through Ripa

Three of the UK’s four big mobile phone networks have made customers’ call records available at the click of a mouse to police forces through automated systems, a Guardian investigation has revealed.

EE, Vodafone and Three operate automated systems that hand over customer data “like a cash machine”,as one phone company employee described it.

Eric King, deputy director of Privacy International, a transparency watchdog, said: “If companies are providing communications data to law enforcement on automatic pilot, it’s as good as giving police direct access [to individual phone bills].”

O2, by contrast, is the only major phone network requiring staff to review all police information requests, the company said.

Mobile operators must by law store a year of call records of all of their customers, which police forces and other agencies can then access without a warrant using the controversial Regulation of Investigatory Powers Act (Ripa).

Ripa is the interception law giving authority to much of GCHQ’s mass surveillance. The law was again under the spotlight recently after it was used to identify sources of journalists from at least two national newspapers, the Sun and the Mail on Sunday.

Documents from software providers and conversations with mobile companies staff reveal how automatic this system has become, with the “vast majority” of records demanded by police delivered through automated systems, without the involvement of any phone company staff.

The Home Office argues communications data is “a critical tool” and its use of Ripa was “necessary and proportionate”.

Despite politicians’ assurances that the UK laws requiring phone companies to keep records would not create a state database of private communications, critics argue that the practice comes very close to doing so. King warned that “widespread, automatic access of this nature” meant the UK telecoms industry “essentially already provides law enforcement with the joined-up databases they claimed they didn’t have when pushing for the ‘snooper’s charter’.”

In the automated systems used by the phone companies, police officers seeking phone records must gain permission from another officer on the same force, who then enters the details into an online form. That mirrors the US Prism programme, revealed by Edward Snowden, which in effect created a backdoor into the products of US tech corporations. In the vast majority of cases, the information is then delivered without any further human role.

One document prepared by Charter Systems, which sells the type of software used by police forces to connect with mobile phone companies, explains the automated process saves “32 minutes” of human time per application.

“Charter Systems have worked in partnership with the Home Office and Detica [a firm providing data interception for security services and the police, now called BAE Systems Applied Intelligence].

to develop a solution that links directly to all CSPs [communication service providers, a term covering phone companies],” it states. The document explains the system produces “an automated solution for gathering electronic data information. The new solution saves time and effort for the authority in requesting and receiving ever increasing amounts of data.”

The systems were so interconnected, a separate sales document produce by Charter reveals, that “[d]ata can be retrieved from multiple CSPs in one request”.

Privacy groups reacted angrily to the details of how little day-to-day scrutiny records requests receive, warning that the automation of the system removes even the limited oversight ability – the right to refer requests to oversight agencies – phone networks have over Ripa requests.

“We urgently need clarity on just how unquestioning the relationship between telecommunications companies and law enforcement has become,” said King. “It’s crucial that each individual warrant for communications data is independently reviewed by the companies who receive them and challenged where appropriate to ensure the privacy of their customers is not being inappropriately invaded.”

Privacy advocates are also concerned that the staff within phone companies who deal with Ripa and other requests are often in effect paid by the Home Office – a fact confirmed by several networks – and so may, in turn, be less willing to challenge use of surveillance powers.

Several mobile phone networks confirmed the bulk of their queries were handled without human intervention. “We do have an automated system,” said a spokesman for EE, the UK’s largest network, which also operates Orange and T-Mobile. “[T]he vast majority of Ripa requests are handled through the automated system.” The spokesman added the system was subject to oversight, with monthly reports being sent to the law enforcement agency requesting the data, and annual reports going to the interception commissioner and the Home Office.

A spokesman for Vodafone said the company processed requests in a similar way. “The overwhelming majority of the Ripa notices we receive are processed automatically in accordance with the strict framework set out by Ripa and underpinned by the code of practice,” he said. “Even with a manual process, we cannot look behind the demand to determine whether it is properly authorised.”

A spokesman for Three, which is also understood to use a largely automated system, said the company was simply complying with legal requirements. “We take both our legal obligations and customer privacy seriously,” he said. “Three works with the government and does no more or less than is required or allowed under the established legal framework.”

Unlike the other networks, O2 said it did manually review all of its Ripa requests. “We have a request management system with which the law enforcement agencies can make their requests to us,” said the O2 spokeswoman. “All O2 responses are validated by the disclosure team to ensure that each request is lawful and the data provided is commensurate with the request.

Mike Harris, director of the Don’t Spy On Us campaign, said the automated systems posed a serious threat to UK freedom of expression. “How do we know that the police through new Home Office systems aren’t making automated requests that reveal journalist’s sources or even the private contacts of politicians?” he said.

“Edward Snowden showed that both the NSA and GCHQ had backdoor access to our private information stored on servers. Now potentially the police have access too, when will Parliament stand up and protect our fundamental civil liberties?”

A spokesman for the Home Office declined to respond to specific queries about the use of automatic systems to retrieve call records, but defended police forces’ use of Ripa. “Communications data is an absolutely critical tool used by police and other agencies to investigate crime, preserve national security and protect the public,” he said in a statement.

“This data is stored by communications service providers themselves and can only be acquired by public authorities under the Regulation of Investigatory Powers Act 2000 on a case by case basis, and where it is necessary and proportionate to do so.

“The acquisition of communications data under RIPA is subject to stringent safeguards in existing legislation and is independently overseen by the Interception of Communications Commissioner.”

quote:

Second leaker in US intelligence, says Glenn Greenwald

Citizenfour, new film on spying whistleblower Edward Snowden, shows journalist Greenwald discussing other source

The investigative journalist Glenn Greenwald has found a second leaker inside the US intelligence agencies, according to a new documentary about Edward Snowden that premiered in New York on Friday night.

Towards the end of filmmaker Laura Poitras’s portrait of Snowden – titled Citizenfour, the label he used when he first contacted her – Greenwald is seen telling Snowden about a second source.

Snowden, at a meeting with Greenwald in Moscow, expresses surprise at the level of information apparently coming from this new source. Greenwald, fearing he will be overheard, writes the details on scraps of paper.

The specific information relates to the number of the people on the US government’s watchlist of people under surveillance as a potential threat or as a suspect. The figure is an astonishingt 1.2 million.

The scene comes after speculation in August by government officials, reported by CNN, that there was a second leaker. The assessment was made on the basis that Snowden was not identified as usual as the source and because at least one piece of information only became available after he ceased to be an NSA contractor and went on the run.

The two-hour documentary was the highlight of the New York Film Festival.

quote:

Edward Snowden: state surveillance in Britain has no limits

quote:

UK intelligence agencies need stronger oversight, says David Blunkett

Former home secretary tells committee continued secrecy is undermining public confidence in wake of Snowden revelations

The former home secretary David Blunkett has called for stronger oversight of the UK’s intelligence agencies and warned that the “old-fashioned paternalism” of secrecy based on perceived security interests was undermining public confidence in their activities.

Blunkett called for the legal framework on mass surveillance to be updated on a regular basis and for judicial oversight to be made much more robust and transparent.

The Labour MP’s call came during only the second public evidence session ever held by the intelligence and security committee. Its inquiry into security and privacy was set up following the disclosures by Edward Snowden of the scale of the bulk collection of personal data by GCHQ and the NSA.

The committee heard evidence from the heads of the intelligence agencies earlier this year – its first public evidence session. The inquiry is to take evidence in public from Nick Clegg and Yvette Cooper on Wednesday and from the home secretary, Theresa May, on Thursday. Half of May’s two-hour session will be held in secret.

The chair of the Equality and Human Rights Commission, Baroness Onora O’Neill, told the committee’s MPs and peers that the privacy implications of big data and data mining were such that “the Stasi would have loved it. Thank god they didn’t have it.”

Blunkett, who as home secretary oversaw the introduction of the complex rules surrounding the use of the 2000 Regulation of Investigatory Powers Act (Ripa), which legislates surveillance, warned the committee that it was no longer good enough for the security services to argue that “we know and you mustn’t know” to maintain public confidence in their activities.

He said Britain’s most sophisticated opponents already had a good idea of the capacity of the UK’s security services, and in some cases were ahead of them. Blunkett said it was necessary to tell the public about the methods of the security services to reassure them and to secure their consent: “That is the essence of a free democracy,” he said. “Therefore ensuring people feel comfortable and know enough about what we are doing to feel it is in their interests.

“Sometimes we have to be more sophisticated than saying ‘we can’t tell you anything because it might be a danger’. That actually undermines confidence and consent. It is real old-fashioned paternalism because it is ‘we know but you mustn’t know’.”

Blunkett said the need to update Ripa, which has been described as an “analogue law in a digital age”, was obvious. He reflected that when he first introduced the regulations surrounding the law they were already out of date and needed a ‘second go’.”

Blunkett said the legal framework surrounding surveillance needed updating “each fixed-term parliament” if it was to continue to command public confidence “because people are pushing the boundaries all the time.”

Blunkett also called for a much stronger judicial oversight regime saying the secretive Investigatory Powers Tribunal , which is the only court that can hear complaints of illegal surveillance or human rights breaches by the security services, was in need of a radical overhaul.

“The Investigatory Powers Tribunal needs to be ramped up completely. People need to know a lot more about it. It needs to be a lot more transparent and it needs to demonstrate that it is worth having,” said the former home secretary.

quote:

Op dinsdag 14 oktober 2014 17:59 schreef polderturk het volgende:
Zou Snowden ooit de nobelprijs voor de vrede gegund worden?

quote:

UN Report Finds Mass Surveillance Violates International Treaties and Privacy Rights

quote:

The United Nations’ top official for counter-terrorism and human rights (known as the “Special Rapporteur”) issued a formal report to the U.N. General Assembly today that condemns mass electronic surveillance as a clear violation of core privacy rights guaranteed by multiple treaties and conventions. “The hard truth is that the use of mass surveillance technology effectively does away with the right to privacy of communications on the Internet altogether,” the report concluded.

Central to the Rapporteur’s findings is the distinction between “targeted surveillance” — which “depend[s] upon the existence of prior suspicion of the targeted individual or organization” — and “mass surveillance,” whereby “states with high levels of Internet penetration can [] gain access to the telephone and e-mail content of an effectively unlimited number of users and maintain an overview of Internet activity associated with particular websites.” In a system of “mass surveillance,” the report explained, “all of this is possible without any prior suspicion related to a specific individual or organization. The communications of literally every Internet user are potentially open for inspection by intelligence and law enforcement agencies in the States concerned.”

Mass surveillance thus “amounts to a systematic interference with the right to respect for the privacy of communications,” it declared. As a result, “it is incompatible with existing concepts of privacy for States to collect all communications or metadata all the time indiscriminately.”

In concluding that mass surveillance impinges core privacy rights, the report was primarily focused on the International Covenant on Civil and Political Rights, a treaty enacted by the General Assembly in 1966, to which all of the members of the “Five Eyes” alliance are signatories. The U.S. ratified the treaty in 1992, albeit with various reservations that allowed for the continuation of the death penalty and which rendered its domestic law supreme. With the exception of the U.S.’s Persian Gulf allies (Saudi Arabia, UAE and Qatar), virtually every major country has signed the treaty.

Article 17 of the Covenant guarantees the right of privacy, the defining protection of which, the report explained, is “that individuals have the right to share information and ideas with one another without interference by the State, secure in the knowledge that their communication will reach and be read by the intended recipients alone.”

quote:

FBI director attacks tech companies for embracing new modes of encryption

James Comey says data encryption could deprive police and intelligence companies of potentially live-saving information

The director of the FBI savaged tech companies for their recent embrace of end-to-end encryption and suggested rewriting laws to ensure law enforcement access to customer data in a Thursday speech.

James Comey said data encryption such as that employed on Apple’s latest mobile operating system would deprive police and intelligence companies of potentially life-saving information, even when judges grant security agencies access through a warrant.

“Criminals and terrorists would like nothing more than for us to miss out,” he said. Technologists have found such statements reminiscent of the “Crypto Wars” of the 1990s, an earlier period in which the US government warned about encryption constraining law enforcement.

Framing his speech at the Brookings Institution as kickstarting a “dialogue” and insisting he was not a “scare-monger”, Comey said “encryption threatens to lead us all to a very, very dark place.”

Comey also posed as a question “whether companies not subject currently to Calea should be required to build lawful intercept capabilities for law enforcement,” something he contended would not “expand” FBI authorities.” Calea is a 1994 surveillance law mandating that law enforcement and intelligence agencies have access to telecommunications data, which Comey described as archaic in the face of technological innovation.

“I’m hoping we can now start a dialogue with Congress on updating it,” Comey said.

Privacy advocates contend Comey is demagoguing the issue.

It took a June supreme court ruling, they point out, for law enforcement to abandon its contention that it did not require warrants at all to search through smartphones or tablets, and add that technological vulnerabilities can be exploited by hackers and foreign intelligence agencies as the US government. Additionally, the FBI and police retain access to data saved remotely in the so-called “cloud” – where much data syncs for storage from devices like Apple’s – for which companies like Apple keep the encryption keys.

Comey, frequently referring to “bad guys” using encryption, argued access to the cloud is insufficient.

“Uploading to the cloud doesn’t include all the stored data on the bad guy’s phone,” he said.

“It’s the people who are most worried what’s on the device who will be most likely to avoid the cloud.”

Tech companies contend that their newfound adoption of encryption is a response to overarching government surveillance, much of which occurs either without a warrant, subject to a warrant broad enough to cover indiscriminate data collection, or under a gag order following a non-judicial subpoena. Comey did not mention such subpoenas, often in the form of National Security Letters, in his remarks.

The National Security Agency, whistleblower Edward Snowden revealed, accesses customer information in transit between Google and Yahoo data centers, as one of its surveillance tools.

“The people who are criticizing this are the ones who should have expected this,” Google CEO Eric Schmidt said last week.

Christopher Soghoian, the chief technologist for the American Civil Liberties Union, called Comey’s speech “disappointing”.

“What was missing from his remarks was an acknowledgement that when Congress passed Calea in 1994, they explicitly protected the rights of companies that wanted to build encryption into their products – encryption with no backdoors, encryption with no keys that are held by the company,” Soghoian said.

“So if he wants to get what he’s describing, not only is he talking about expanding Calea to technology companies and not just communications companies, but to be successful, he would have to remove that provision of Calea, and that would be a major and negative step.”

Comey praised Apple and Google as run by “good people” and said he recognized their embrace of encryption responded to “perceive[d]” market pressures in the wake of Snowden’s disclosures. But Comey suggested that end-to-end mobile device encryption amounted to a safe haven for criminals.

“Are we no longer a country that is passionate both about the rule of law and about their being no zones in this country beyond the reach of that rule of law? Have we become so mistrustful of government and law enforcement in particular that we are willing to let bad guys walk away, willing to leave victims in search of justice?” he said.

Comey acknowledged that the Snowden disclosures caused “justifiable surprise” among the public about the breadth of government surveillance, but hoped to mitigate it through greater transparency and advocacy.

Yet the FBI keeps significant aspects of its surveillance reach hidden even from government oversight bodies. Intelligence officials said in a June letter to a US senator that the FBI does not tally how often it searches through NSA’s vast hoards of international communications, without warrants, for Americans’ identifying information.

Comey frequently described himself as being technologically unprepared to offer specific solutions, and said he meant to begin a conversation, even at the risk of putting American tech companies at a competitive disadvantage.

“Where we may get is to a place where the US, through its Congress, says, ‘You know what, we need to force this on American companies,’ and maybe they’ll take a hit. Someone in some other country will say, ‘Ah, we sell a phone that even with lawful authority people can’t get into.’ But that we as a society are willing to have American companies take that hit. That’s why we have to have this conversation,” Comey said.

quote:

Apple defies FBI and offers encryption by default on new operating system

New version of Mac OS X will encrypt users’ hard drives unless they explicitly decline, in spite of pleas by the FBI not to

The latest version of Apple’s operating system for desktop and laptop computers, Mac OS X 10.10 “Yosemite”, encourages users to turn on the company’s FileVault disk encryption, as the company hardens its pro-security stance.

The decision to encourage encryption, so that users must opt out – rather than opting in as has been the case since FileVault was introduced in 2003 – shows the company refusing to back down to pressure from the US government to restrict the availability of cryptographic tools to the public.

On Thursday, the FBI’s director, James Comey, decried the company’s decision to offer similar tools on mobile devices running iOS 8.

“With Apple’s new operating system, the information stored on many iPhones and other Apple devices will be encrypted by default,” Comey told the Brookings Institute in Washington DC. “Shortly after Apple’s announcement, Google announced plans to follow suit with its Android operating system. This means the companies themselves won’t be able to unlock phones, laptops, and tablets to reveal photos, documents, email, and recordings stored within.”

Comey continued: “At the outset, Apple says something that is reasonable – that it’s not that big a deal … Apple argues, for example, that its users can back up and store much of their data in ‘the cloud’ and that the FBI can still access that data with lawful authority. But uploading to the cloud doesn’t include all of the stored data on a bad guy’s phone, which has the potential to create a black hole for law enforcement.”

But despite Comey’s pleas, the company shipped Yosemite with the FileVault option intact. The install process for the new operating system asks users if they would “like to use FileVault to encrypt the disk” on their Macs. Ticked by default are two boxes, “Turn on FileVault disk encryption” and “Allow my iCloud account to unlock my disk”.

That means that unless the user actively declines the offer, their hard drives will be encrypted.

Unlike a standard password-protected computer, which leaves the contents of a hard-drive accessible to anyone with the patience to remove the drive, FileVault encrypts the entire contents of a device at disk level, rendering it impossible for anyone without the login password to access the data on the computer.

While the FBI has condemned Apple’s new commitment to security, civil liberties organisations have welcomed the decision. “We applaud tech leaders like Apple and Google that are unwilling to weaken security for everyone to allow the government yet another tool in its already vast surveillance arsenal,” said the American Civil Liberties Union’s Laura Murphy following Comey’s speech. “We hope that others in the tech industry follow their lead and realize that customers put a high value on privacy, security and free speech.”

Users on older versions of Mac OS X can still enable FileVault, but must dig into the operating system’s settings to do so; the feature is buried under the Security & Privacy option in the system preferences. Windows users have long had access to a similar tool, also not enabled by default, called BitLocker, which can be turned on using Windows Explorer. It is not yet known whether Microsoft will make BitLocker use opt-out in its forthcoming Windows 10 release, expect next year and presently in developer testing.

quote:

Senior NSA official moonlighting for private cybersecurity firm

- Patrick Dowd recruited by former NSA director Keith Alexander
- Unusual for US official to work for private, for-profit company

The former director of the National Security Agency has enlisted the US surveillance giant’s current chief technology officer for his lucrative cybersecurity business venture, an unusual arrangement undercutting Keith Alexander’s assurances he will not profit from his connections to the secretive, technologically sophisticated agency.

Patrick Dowd continues to work as a senior NSA official while also working part time for Alexander’s IronNet Cybersecurity, a firm reported to charge up to $1m a month for advising banks on protecting their data from hackers. It is exceedingly rare for a US official to be allowed to work for a private, for-profit company in a field intimately related to his or her public function.

Reuters, which broke the story of Dowd’s relationship with IronNet, reported that the NSA is reviewing the business deal.

Since retiring from the NSA in March and entering the burgeoning field of cybersecurity consulting, Alexander has vociferously defended his ethics against charges of profiting off of his NSA credentials. Alexander was the founding general in charge of US Cyber Command, the first military command charged with defending Defense Department data and attacking those belonging to adversaries. Both positions provide Alexander with unique and marketable insights into cybersecurity.

His final year as the agency’s longest serving director was characterised by reacting to Edward Snowden’s disclosures – and the embarrassment of presiding over the largest data breach in the agency’s history – and publicly urging greater cybersecurity cooperation between the agency and financial institutions.

“I’m a cyber guy. Can’t I go to work and do cyber stuff?” Alexander told the Associated Press in August.

Alexander, whose adult life was spent in uniform, intends to file patents for what he has described obliquely as a new forecasting model for detecting network intrusions. His assurance prompted speculation that the retired general is profiting from technical sophistication that competitors who do not have a US intelligence pedigree cannot hope to replicate.

Alexander portrayed Dowd’s unusual joint positions with the NSA and IronNet as a way for the public to keep benefitting from Dowd’s expertise, while saying less about how Alexander will profit from the same skill set.

“I just felt that his leaving the government was the wrong thing for NSA and our nation,” Alexander told Reuters.

The NSA, whose operations are almost entirely secret, has long been criticised for its close corporate ties. One long-serving official, William Black Jr, left the agency for Science Applications International Corporation, before returning in 2000 as deputy director.

While Black was in his senior position, SAIC won an NSA contract to develop a data-mining programme, called Trailblazer, that was never implemented, despite a cost of over $1bn. Whistleblowers have charged that Trailblazer killed a more privacy-protective system called ThinThread.

Black, however, did not serve simultaneously at the NSA and SAIC.

Compounding the potential financial conflicts at the NSA, Buzzfeed reported that the home of chief of its Signals Intelligence Directorate, Teresa Shea, has a signals-intelligence consulting firm operating out of it. The firm is run by her husband James, who also works for a signals-intelligence firm that Buzzfeed said appears to do business with the NSA; and Teresa Shea runs an “office and electronics” business that lists a Beechcraft plane among its assets.

quote:

Whisper chief executive answers privacy revelations: 'We're not infallible'

quote:

The chief executive of the “anonymous” social media app Whisper broke his silence late on Saturday, saying he welcomed the debate sparked by Guardian US revelations about his company’s tracking of users and declaring “we realise that we’re not infallible”.

Michael Heyward’s statement was his first public response to a series of articles published in the Guardian which revealed how Whisper monitors the whereabouts of users of an app he has in the past described as “the safest place on the internet”.

Whisper hosts 2.6 million messages a day posted through its app, which promises users a place to “anonymously share your thoughts and secrets” and has billed itself as a platform for whistleblowers.

The Guardian’s disclosures, which were based on a visit to Whisper’s headquarters and detailed conversations with its executives, prompted privacy experts to call for a federal inquiry into the company.

Heyward, who stayed silent for more than 48 hours, came under intense pressure to respond to the controversy. His statement was posted on a blog late on Saturday.

Unlike other Whisper representatives, who have strongly denied the disclosures, Heyward did not dispute the accuracy of the Guardian’s reporting. But he insisted his company was founded on “honesty and transparency” and indicated Whisper would take firm action against employees who breach those values.

“Above all else, we always strive to do right by our users,” he said. “We have zero tolerance for any employee who violates that trust.”

Heyward expressed “dismay” that the Guardian, which had previously collaborated with Whisper on three small projects, “published a series of stories questioning our commitment to your privacy”.

“While we’re disappointed with the Guardian’s approach, we welcome the discussion,” Heyward said. “We realise that we’re not infallible, and that reasonable people can disagree about a new and quickly evolving area like online anonymity.”

In formal responses to the Guardian’s reports, Whisper had insisted it “does not follow or track users”. Heyward, however, said only that Whisper does not “actively” track users.

The 27-year-old CEO’s remarks contrast with those of his editor-in-chief, Neetzan Zimmerman, who mounted an offensive immediately after the reports were published, accusing Guardian journalists of fabricating quotes and denouncing the reports as “a pack of vicious lies”.

The Guardian witnessed how Zimmerman’s editorial team monitors the movements of certain users during a three-day visit to the company’s California headquarters to explore the possibility of future editorial collaboration. Two Guardian reporters were given access to Whisper’s back-end tools and spoke extensively with company executives.

Zimmerman’s team uses an in-house mapping tool to research the movements of users who have opted into geolocation services, using GPS data which is “fuzzed” to be accurate within 500 metres of where messages are posted. The reporters witnessed how Zimmerman’s team tried to determine the “veracity” of potentially newsworthy users by researching their location, sifting through their trail of previous posts and and tracing their movements over time.

When researching users who had disabled geolocation services – preventing the company from accessing their GPS-based data – Whisper executives explained how the editorial team instead relied on IP data to work out a targeted user’s approximate location.

Zimmerman contested the Guardian’s detailed account of those practices, saying it was “100% false” and “a 100% lie” to say the editorial team ever accessed rough location data for people who have opted out. “When I specifically say that they are lying, that’s what I mean – that does not happen, and it simply can’t happen,” he told the tech news site Gigaom.

However, Whisper’s senior vice-president, Eric Yellin, had already acknowledged the practice, telling the Guardian before the stories were published: “We occasionally look at user IP addresses internally to determine very approximate locations.” The admission was made in an email exchange about the location-tracking practices of Whisper’s editorial team.

Heyward acknowledged in his statement on Saturday that Whisper collects IP data which can infer rough location data but did not specify how that information is used – except to say it is sometimes shared with law enforcement. Heyward also acknowledged that Whisper does look at the past activity of some users on the app to “assess the authenticity” of their posts.

Heyward also responded to the Guardian’s disclosure that Whisper was sharing user information with a suicide prevention study run by the Pentagon, based on smartphones the social media app can pinpoint to military bases. Users had not been told about the research. Heyward said Whisper was “proudly working with organisations to lower suicide rates, including the Department of Defense’s Suicide Prevention Office”. He added: “We can’t wait to establish more of these relationships and effect real change.”

The Guardian also revealed on Thursday that Whisper was developing a version of its app to comply with Chinese censorship laws, and indefinitely archiving data, including messages users may think they have deleted, in a database. Heyward’s statement did not address those disclosures.

His company had built media partnerships with the cable TV channel Fusion and the online news website Buzzfeed, and was searching for new partners. Heyward said a key part of Whisper’s mission was to “shine a light” on important social issues, and his blogpost linked to stories that have been published on Buzzfeed. “We look forward to continuing this important work with our partners,” Heyward said.

Both Buzzfeed and Fusion have suspended their partnerships with the social media app in the wake of the Guardian’s revelations.

Heyward said changes to Whisper’s terms of use and privacy policy were “not related” to the Guardian’s reporting. Whisper rewrote its terms of service on Monday – four days after learning the Guardian planned to publish details about its business practices.

Heyward said these changes were finalised in July and were due to be published in October, along with a new website. Heyward did not mention the update to Whisper’s terms of service that occurred in September. Explaining the decision to change the terms of service, again, on Monday, he said: “Our communications with the Guardian made it clear that our users would benefit from seeing them sooner”.

quote:

‘Crypto wars’ return to Congress

FBI Director James Comey has launched a new “crypto war” by asking Congress to update a two-decade old law to make sure officials can access information from people’s cell phones and other communication devices.

The call is expected to trigger a major Capitol Hill fight about whether or not tech companies need to give the government access to their users.

“It's going to be a tough fight for sure,” Rep. James Sensenbrenner (R-Wis.), the Patriot Act’s original author, told The Hill in a statement.

He argues Apple and other companies are taking the privacy of consumers into their own hands because Congress has failed to pass legislation in response to public anger over the National Security Agency’s surveillance programs.

“While Director Comey says the pendulum has swung too far toward privacy and away from law enforcement, he fails to acknowledge that Congress has yet to pass any significant privacy reforms,” he added. “Because of this failure, businesses have taken matters into their own hands to protect their consumers and their bottom lines.”

Comey argues that trend will make it harder to solve crimes.

“If this becomes the norm, I suggest to you that homicide cases could be stalled, suspects walked free, child exploitation not discovered and prosecuted,” he said last week.

Comey is asking that Congress update the Communications Assistance for Law Enforcement Act (CALEA), a 1994 law that required telephone companies make it possible for federal officials to wiretap their users.

Many new mobile applications and other modern devices aren’t included under the law, however, making it difficult if not impossible for police to get a suspect’s records — even with a warrant.

Forcing companies to put in a “back door” to give officials access would also open them up to hackers in China and Russia, opponents claim, as well as violate Americans’ privacy rights.

Comey claimed the FBI was not looking for a “back door” into people’s devices.

“We want to use the front door with clarity and transparency,” he said.

But for critics, that’s a distinction without a difference.

“The notion that it’s not a back door; it’s a front door — that’s just wordplay,” said Bruce Schneier, a computer security expert and fellow at Harvard’s Berkman Center for Internet and Society. “It just makes no sense.”

It was reminiscent, he said, of the mid-1990s debate over the “Clipper Chip,” an electronic chip that federal officials wanted to insert in devices allowing them to get access to people’s communications. In the end, Congress did not require that companies use that chip in their technology.

Similar arguments have emerged every few years, as technology has gotten better and government agents have feared being left behind.

“This is the third or fourth replay,” said Greg Nojeim, senior counsel at the Center for Democracy and Technology. “So far Congress has done the right thing and stood aside when companies are given the latitude they need to make communications devices and services more secure.”

Early indications are that it could be an uphill push for the FBI.

“I’d be surprised if more than a handful of members would support the idea of backdooring Americans’ personal property,” Sen. Ron Wyden (D-Ore.), who would staunchly oppose the measure, said in a statement shared with The Hill.

Rep. Darrell Issa (R-Calif.), the chairman of the House Oversight Committee, on Friday tweeted that the administration would be making a “tough sell” by pushing an update to CALEA.

“To FBI Director Comey and the [administration] on criticisms of legitimate businesses using encryption: you reap what you sow,” he wrote.

Rep. Zoe Lofgren (D-Calif.) predicted that any bill would have “zero chance” of passing.

Earlier this year, she and Rep. Thomas Massie (R-Ky.) introduced a measure to the defense spending bill banning the National Security Agency from using “backdoor” searches to spy on Americans through a legal provision targeting foreigners. That measure overwhelmingly passed the House 293-123.

While the NSA’s spying is different from the FBI’s requested updated to CALEA, the spirit is the same, she said.

“I think the public would not support it, certainly industry would not support it, civil liberties groups would not support it,” Lofgren told The Hill. “I think [Comey is] a sincere guy, but there’s just no way this is going to happen.”

Still, the FBI is unlikely to drop the pressure, especially if tech companies keep putting a focus on their privacy protections.

“This is a long-term discussion that has been coming and I expect to continue,” said Carl Szabo, a lobbyist for NetChoice, a trade group for online businesses including Google, eBay and Yahoo.

As for the chances of a CALEA update, he is opposed but isn’t assuming the FBI will stand down.

“I never underestimate anything,” he said.

“I always think that there is a chance, even if it’s not as sweeping as installing a front door master key on every mobile device, it could be installing a small backdoor.”

quote:

Ministers should assess UK surveillance warrants, says Philip Hammond

Foreign secretary rejects judicial scrutiny, saying political judgment is required to assess validity of GCHQ operations

The foreign secretary, Philip Hammond, on Thursday rejected suggestions that judges should approve electronic surveillance warrants, arguing that only ministers could exercise the political judgment necessary to ensure that such surveillance was necessary and proportionate.

Hammond was giving evidence to parliament’s intelligence and security committee, which is reviewing the need for new oversight legislation to regulate the UK’s electronic espionage agency, GCHQ, in the light of the revelations on bulk data collection made by the former US intelligence contractor Edward Snowden.

Hammond told the committee that GCHQ’s bulk collection of private data from emails, internet activity and telephone usage did not amount to mass surveillance because the state did not have the resources to trawl through the huge volume of information involved, and because of legal safeguards on how the data was used.

“There’s also a very important safeguard provided by the culture within the agencies, which is the exact opposite of what some movies might like to suggest,” he said.

“The agencies are extremely cautious, extremely focused on their responsibility to maintain the culture of proportionality and necessity in everything they do. And there is an atmosphere … which is very far from a gung-ho approach. It is very cautious, very measured.”

Hammond – who oversees the work of GCHQ and the Secret Intelligence Service, MI6 – confirmed that any email or internet search that went through a foreign server was treated as an external communication and therefore subject to a different clause in the Intelligence Services Act. That in turn allows the foreign secretary to authorise much broader examination by the intelligence agencies than is the case with domestic communications. However, he insisted that once it becomes clear someone on British soil is party to the communication, there is a legal mechanism that once more narrows the scope of warrant.

Privacy and civil rights groups have argued that, in light of the Snowden revelations, all electronic surveillance warrants should go before a judge to ensure the phenomenal power available to government as a result of modern surveillance technology should be subject to some form of judicial constraint. Hammond countered that judges would assess surveillance warrant requests primarily from a legal standpoint. Only an elected official could properly apply political judgment on the necessity and proportionality of an eavesdropping operation.

The foreign secretary said that in issuing surveillance warrants he was subject not just to legal but also to political constraints, which were narrower.

“Perhaps it is a feature of the times that we live in, but I’m sure I can speak for all my colleagues who sign warrants that we all have, in the back of our minds, that at some point in the future we will – not might be, but will – be appearing before some inquiry or tribunal or court to account for the decisions we’ve made,” Hammond said.

Mike Harris, the campaign director of Don’t Spy on Us, a coalition of privacy and digital rights advocacy groups, argued that ministers should indeed make political judgments on warrants, but their decisions should then be reviewed by judges.

“The safeguards he talks about are not safeguards at all. It is very hard to tell in practice who is a UK-based party to a communication,” Harris said. “This comes in the context of an absence of judicial oversight and a lack of scrutiny from parliament and an under-resourcing of the intelligence commissioners, so in effect the public can’t be certain that the reassurances from the minister are upheld in any way by intelligence agencies.”

quote:

Former NSA Official: Anyone Who 'Justified' Snowden's Leaks Shouldn't Be Allowed A Gov't Job

quote:

A few days ago, the FTC announced that it had appointed Ashkan Soltani as its chief technology officer. Soltani is a well-known (and often outspoken) security researcher who has worked at the FTC in the past. Nothing about this appointment should be all that surprising or even remotely controversial. However, recently, Soltani had been doing a lot of journalism work, as a media consultant at the Washington Post helping Barton Gellman and other reporters really understand the technical and security aspects of the Snowden documents. His name has appeared as a byline in a number of stories about the documents, detailing what is really in those documents, and how they can impact your privacy.

Apparently, this has upset the usual crew of former NSA officials.

Let's start with former NSA director Michael Hayden. The publication FedScoop heard the news about Soltani, and decided to ask Hayden and other NSA-types their thoughts. You can tell by the opening paragraph what angle FedScoop is digging for with its article:

quote:

The Really Dark Internet

quote:

Deception and Propaganda in Social Media

A year after the revelations by Edward Snowden, more or less everybody is aware of the astonishing extent of online surveillance. An outcome of this increased awareness is the development of various protective measures, including encryption practices, privacy protection measures as well as the development of anonymised platforms, such as Kwikdesk, an anonymous and ephemeral version of Twitter. However, other aspects of state and corporate control of social media have received less attention. In the face of rising inequality and increasing political mobilisation from the bottom, the ruling class must pro-actively defend the current power structures and a way to do this includes not only surveillance, but also deception and propaganda in social media. The really dark Internet is a reference to this layer of surveillance and disinformation – the spread of false information which intends to undermine, confuse, disrupt, and eventually defuse any socio-political action that threatens to unsettle the status quo.

With surveillance a given, we must now begin to learn about strategies and tactics of deception and disinformation, coming from states, reactionary and fascist political groupings, and corporations.

While a lot has been written on the signal intelligence contents of the NSA documents, less is known about the kinds of human intelligence used by government agencies and corporations. In a leaked NSA presentation which would have made Goebbels proud, a British spy agency – the Joint Threat Research Intelligence Group (JTRIG) – explicitly refers to its digital propaganda tactics: the circulation of false information aimed at destroying the reputation of its targets and the use of insights from the social sciences in order to manipulate online communications in line with their political objectives.

The presentation goes on to list techniques for dissimulation or ‘hiding the real’ through ‘masking, repackaging, and dazzling’, and for simulation, or ‘showing the false’ through ‘mimicking, inventing and decoying’; it goes on to refer to techniques for managing attention, infiltrating networks, planting ruses and causing disruption. The aim is to build ‘cyber-magicians’, who can confuse and manipulate ‘targets’. The presentation concludes by estimating that ‘by 2013 JTRIG will have a staff of 150+, fully trained’. Though we cannot be sure of the status of such plans following the leaks, it would be naïve to assume that they have been dropped.
- See more at: http://theoccupiedtimes.org/?p=13166#sthash.2yopTRUk.dpuf