Monitoring NSA in de VS en erbuiten, deel 9

quote:

Complaint laid over GCSB spy claims

The Green Party has laid a complaint with the Inspector-General of Intelligence and Security, saying the Government's electronic spy agency may have broken the law.

Investigative journalist Nicky Hager says the Government is spying on Pacific nations, and passing that information on to the United States.

His claims are based on information from the American whistle blower Edward Snowden.

Mr Hager said the Government Communications Security Bureau (GCSB) intercepted communications from countries such as Fiji, Tonga, Vanuatu and Samoa, and even nations as small as Tuvalu, Nauru and Kiribati,

Greens' co-leader Russel Norman said it was illegal for the GCSB to spy on New Zealand citizens and permanent residents, but many New Zealanders who live, holiday or work in Pacific Islands may have had their data intercepted by the spy agency.

He said if that was the case then the law may have been broken.

Prime Minister John Key insists the Government's spy agency has acted within the law though will not say how or explain any further.

"We do gather information and we do use our foreign intelligence services, but only within the law and the law forbids us other than in very minor circumstances, from gathering information about New Zealanders."

Mr Key said the GCSB had given him a 100 percent categorical assurance that New Zealanders' information was not gathered other than in circumstances where the law would specifically allow it.

He said he would absolutely not be talking at all about the agency's operational matters.

Mr Key said the Government could talk to Pacific leaders if they wished about actions that may or may not have occurred, but it would not be talking to the media or the public about it.

The Prime Minister of Samoa, Tuilaepa Sa'ilele, was not too bothered about the allegations.

"All our transactions with overseas Governments or organisations are transparent, and we have nothing to hide, so if [anything is] picked up by anybody that will increase the transparency of what we do here."

The Prime Minister of Tonga, Akilisi Pohiva said it would be a pity if trust had been breached between his country and New Zealand.

"But if New Zealand has good reason to believe that it is important for New Zealand Government to share such information with other partners, with other countries, it is entirely a matter for New Zealand to decide. Now remember Tonga is small, and we have nothing to hide - it may be a serious matter for superpowers."

quote:

Key says he won't quit if mass collection of Kiwis' communications proved

Prime Minister John Key says he would not resign if it is proved that the GCSB carries out mass collection of New Zealanders' communications.

Mr Key has always insisted he would quit if it was proved that New Zealanders were subject to mass surveillance.

He insists the GCSB has told him that it is not capable of doing mass surveillance and is not legally allowed to do it.

Late last week former GCSB boss Sir Bruce Ferguson told Radio New Zealand that there was mass collection of New Zealanders' data as part of spying operations in the Pacific.

Sir Bruce also maintained however that it was legal as it was collected inadvertently and that the information on Kiwis was not used.

When asked today about whether there was a difference between the terms "collection" and "surveillance", Mr Key responded by saying he was "sure the lawyers would tell you there is a difference".

When pressed further, he refused to comment, saying he wasn't going to go into the GCSB's operational details.

quote:

New Zealand Prime Minister Retracts Vow To Resign if Mass Surveillance Is Shown

quote:

Let me be clear: any statement that mass surveillance is not performed in New Zealand, or that the internet communications are not comprehensively intercepted and monitored, or that this is not intentionally and actively abetted by the GCSB, is categorically false. . . . The prime minister’s claim to the public, that “there is no and there never has been any mass surveillance” is false. The GCSB, whose operations he is responsible for, is directly involved in the untargeted, bulk interception and algorithmic analysis of private communications sent via internet, satellite, radio, and phone networks.

quote:

The NSA Has Taken Over the Internet Backbone. We're Suing to Get it Back.

Every time you email someone overseas, the NSA copies and searches your message. It makes no difference if you or the person you're communicating with has done anything wrong. If the NSA believes your message could contain information relating to the foreign affairs of the United States – because of whom you're talking to, or whom you're talking about – it may hold on to it for as long as three years and sometimes much longer.

A new ACLU lawsuit filed today challenges this dragnet spying, called "upstream" surveillance, on behalf of Wikimedia and a broad coalition of educational, human rights, legal, and media organizations whose work depends on the privacy of their communications. The plaintiffs include Amnesty International USA, the National Association of Criminal Defense Lawyers, and The Nation magazine, and many other organizations whose work is critical to the functioning of our democracy.

But the effect of the surveillance we're challenging goes far beyond these organizations. The surveillance affects virtually every American who uses the Internet to connect with people overseas – and many who do little more than email their friends or family or browse the web. And it should be disturbing to all of us, because free expression and intellectual inquiry will wither away if the NSA is looking over our shoulders while we're online.

The world first learned of the existence of upstream surveillance from whistleblower Edward Snowden's spying revelations in June 2013. Since then, official disclosures and media reports have shown that the NSA is routinely seizing and copying the communications of millions of ordinary Americans while they are traveling over the Internet. The NSA conducts this surveillance by tapping directly into the Internet backbone inside the United States – the network of high-capacity cables and switches that carry vast numbers of Americans' communications with each other and with the rest of the world. Once the NSA copies the communications, it searches the contents of almost all international text-based communications – and many domestic ones as well – for search terms relating to its "targets."

In short, the NSA has cast a massive dragnet over Americans' international communications.

Inside the United States, upstream surveillance is conducted under a controversial spying law called the FISA Amendments Act, which allows the NSA to target the communications of foreigners abroad and to intercept Americans' communications with those foreign targets. The main problem with the law is that it doesn't limit which foreigners can be targeted. The NSA's targets may include journalists, academics, government officials, tech workers, scientists, and other innocent people who are not connected even remotely with terrorism or suspected of any wrongdoing. The agency sweeps up Americans' communications with all of those targets.

And, as our lawsuit explains, the NSA is exceeding even the authority granted by the FISA Amendments Act. Rather than limit itself to monitoring Americans' communications with the foreign targets, the NSA is spying on everyone, trying to find out who might be talking or reading about those targets.

As a result, countless innocent people will be caught up in the NSA's massive net. For instance, a high school student in the U.S. working on a term paper might visit a foreign website to read a news story or download research materials. If those documents happen to contain an email address targeted by the NSA – like this news report does – chances are the communications will be intercepted and stored for further scrutiny. The same would be true if an overseas friend, colleague, or contact sent the student a copy of that news story in an email message.

As former NSA Director Michael Hayden recently put it, "[L]et me be really clear. NSA doesn't just listen to bad people. NSA listens to interesting people. People who are communicating information."

That doesn't sound like much of a limitation on the NSA's spying – and it's not. Like many Americans, the plaintiffs in our lawsuit communicate with scores of people overseas who the NSA likely finds "interesting." For instance, researchers at Human Rights Watch depend on foreign journalists, lawyers, political dissidents, and witnesses to human rights abuses for information crucial to their advocacy and reporting back home. Wikimedia communicates with millions of people abroad, many of whom read or contribute to Wikipedia, one of the largest repositories of human knowledge on earth. We know, thanks to Edward Snowden, that the NSA is interested in what some of those users are reading.

The fact that upstream surveillance is supposedly focused on international communications is hardly a saving grace. Americans spend more and more of their lives communicating over the Internet – and more and more of those communications are global in nature, whether we realize it or not. An email from a woman in Philadelphia to her mother in Phoenix might be routed through Canada without either one knowing it. Similarly, companies like Microsoft and Google often store backup copies of their U.S. customers' emails on servers overseas, again with hardly anyone the wiser. The NSA is peeking inside virtually all of these.

Our plaintiffs have had to go out of their way to take measures, sometimes at a high cost, to protect their communications from their own government. Despite these precautions, the chilling effect is palpable. NSA surveillance makes it harder for the plaintiffs to gather information from sources who believe that by sharing information over the Internet, they are also sharing it with the U.S. government and the intelligence agencies it partners with. The work of human rights and free-knowledge organizations is profoundly undermined by this unconstitutional surveillance, and we're all worse off.

Upstream surveillance flips the Constitution on its head. It allows the government to search everything first and ask questions later, making us all less free in the process. Our suit aims to stop this kind of surveillance. Please join our effort to reform the NSA.

quote:

The CIA Campaign to Steal Apple’s Secrets

quote:

RESEARCHERS WORKING with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept.

The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released.

By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.

The CIA declined to comment for this story.

The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store.

The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.

Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a “keylogger.”

Other presentations at the CIA conference have focused on the products of Apple’s competitors, including Microsoft’s BitLocker encryption system, which is used widely on laptop and desktop computers running premium editions of Windows.

The revelations that the CIA has waged a secret campaign to defeat the security mechanisms built into Apple’s devices come as Apple and other tech giants are loudly resisting pressure from senior U.S. and U.K. government officials to weaken the security of their products. Law enforcement agencies want the companies to maintain the government’s ability to bypass security tools built into wireless devices. Perhaps more than any other corporate leader, Apple’s CEO, Tim Cook, has taken a stand for privacy as a core value, while sharply criticizing the actions of U.S. law enforcement and intelligence agencies.

“If U.S. products are OK to target, that’s news to me,” says Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute. “Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”

Apple declined to comment for this story, instead pointing to previous comments Cook and the company have made defending Apple’s privacy record.

quote:

Plasterk wijst 'anti-spionageverdrag' af

quote:

Minister Plasterk (PvdA) van Binnenlandse Zaken wijst een zogenaamd 'anti-spionageverdrag' tussen Europese landen af. Hij heeft 'ernstige aarzelingen' bij een voorstel van de Raad van Europa dat voorziet in regels voor het bespioneren van Europese burgers en bevriende overheden. Dat blijkt uit een brief die Plasterk naar de Tweede Kamer heeft gestuurd.

quote:

New Zealand Used NSA System to Target Officials, Anti-Corruption Campaigner

New Zealand’s eavesdropping agency used an Internet mass surveillance system to target government officials and an anti-corruption campaigner on a neighboring Pacific island, according to a top-secret document.

Analysts from Government Communications Security Bureau, or GCSB, programmed the Internet spy system XKEYSCORE to intercept documents authored by the closest aides and confidants of the prime minister on the tiny Solomon Islands. The agency also entered keywords into the system so that it would intercept documents containing references to the Solomons’ leading anti-corruption activist, who is known for publishing government leaks on his website.

XKEYSCORE is run by the National Security Agency, and is used to analyze billions of emails, Internet browsing sessions and online chats that are collected from some 150 different locations worldwide. GCSB has gained access to XKEYSCORE because New Zealand is a member of the Five Eyes surveillance alliance alongside the United States, the United Kingdom, Canada, and Australia.

A number of GCSB’s XKEYSCORE targets are disclosed in a top-secret document that was obtained by The Intercept and New Zealand newspaper the Herald on Sunday. The document raises questions about the scope of the surveillance and offers an unprecedented insight into specific people monitored by New Zealand’s most secretive agency.

The targets list, dated from January 2013, was authored by a GCSB analyst. It is contained in a so-called “fingerprint,” a combination of keywords used to extract particular information from the vast quantities of intercepted data swept up by XKEYSCORE. None of the individuals named on the list appear to have any association with terrorism.

Most of the targets, in fact, had a prominent role in the Solomon Islands government. Their roles around the time of January 2013 suggest GCSB was interested in collecting information sent among the prime minister’s inner circle. The targets included: Barnabas Anga, the permanent secretary of the Ministry of Foreign Affairs and External Trade; Robert Iroga, chief of staff to the prime minister; Dr Philip Tagini, special secretary to the prime minister; Fiona Indu, senior foreign affairs official; James Remobatu, cabinet secretary; and Rose Qurusu, a Solomon Islands public servant.

The seventh person caught up in the GCSB’s surveillance sweep is the leading anti-corruption campaigner in the Solomon Islands, Benjamin Afuga. For several years he has run a popular Facebook group that exposes corruption, often publishing leaked information and documents from government whistleblowers. His organization, Forum Solomon Islands International, has an office next door to Transparency International in Honiara, the capital city of the Solomon Islands. GCSB analysts programmed XKEYSCORE so that it would intercept documents sent over the Internet containing the words “Forum Solomon Islands,” “FSII,” and “Benjamin Afuga.”

Each of the named targets was contacted by the Herald on Sunday prior to publication. Several were not reachable or did respond to a request for comment. Robert Iroga, who was the prime minister’s chief of staff at the time his name appeared on the list, criticized the surveillance and said it would paint a “pretty bad image” for New Zealand.

“I’m shocked to hear about the intrusion of the New Zealand government into the sovereign affairs of a country like ours,” Iroga said. “Any intervention in this way to get information from the Solomon Islands is highly condemned.”

Benjamin Afuga, the anti-corruption campaigner, said he was concerned the surveillance may have exposed some of the sources of the leaks he publishes online.

“I’m an open person – just like an open book,” Afuga said. “I don’t have anything else other than what I’m doing as a whistleblower and someone who exposes corruption. I don’t really understand what they are looking for. I have nothing to hide.”

A spokesman for Manasseh Sogavare, the recently elected prime minister of the Solomon Islands, said the issue would be addressed through “diplomatic channels.”

The Solomon Islands are about 2,300 miles north of New Zealand and have a population of some 550,000 people, according to United Nations figures. In the late 1990s and early 2000s the islands suffered from ethnic violence known as “The Tensions.” This led to the 2003 deployment to the Solomons of New Zealand, Australian and Pacific Island police and military peacekeepers. By January 2013, the date of the target list, both New Zealand and Australia were focused on withdrawing their forces from the island country and by the end of that year they were gone.

The XKEYSCORE list shows New Zealand was carrying out surveillance of several terms associated with militant groups on the island, such as “former tension militants,” and “malaita eagle force.” But with the security situation stabilized by 2013, it is unclear why New Zealand spies appear to have continued an expansive surveillance operation across the government, even tailoring XKEYSCORE to intercept information about an anti-corruption campaigner.

Andrew Little, leader New Zealand’s Labour Party, told the Herald on Sunday the surveillance was at odds with the country’s diplomatic relationship with the Solomons. “You would assume we have relations with government at the highest level and constructive dialogue,” he said.

The surveillance may have been part of a secret attempt to intercept information about The Truth and Reconciliation Commission, an inquiry that was set up by the Solomon Islands in the aftermath of the ethnic violence. The commission was modeled on South Africa’s post-apartheid process and launched by Bishop Desmond Tutu during a 2009 visit to the Solomons. The XKEYSCORE list includes the keywords “Truth and Reconciliation Commission,” “TRC,” and “trc report.” Moreover, Afuga, the targeted anti-corruption campaigner, worked with the commission as a project coordinator.

GCSB declined to comment for this story. In a statement, the agency’s acting director, Una Jagose, said: “The GCSB exists to protect New Zealand and New Zealanders. We have a foreign intelligence mandate. We don’t comment on speculation about matters that may or may not be operational. Everything we do is explicitly authorized and subject to independent oversight.”

A spokesman for New Zealand prime minister John Key also declined to comment. The spokesman said: “New Zealand’s intelligence agencies have been, and continue to be, a significant contributor to our national security and the security of New Zealanders at home and abroad.”

In recent weeks, The Intercept has published a series of stories about the extent of New Zealand’s surveillance in collaboration with the New Zealand Herald, the Herald on Sunday, and The Sunday Star-Times. Earlier disclosures, which were based on documents from NSA whistleblower Edward Snowden, have exposed the country’s broad surveillance across the Asia-Pacific. The revelations have shown how a surveillance base in the Waihopai Valley is funneling bulk data into the XKEYSCORE system and they have also exposed that New Zealand is targeting some its strongest trading partners for surveillance and then sharing the data with the NSA.

quote:

Federal police confirm they have accessed journalists' metadata

AFP reject comments by media union on scale of access, saying requests were ‘rare’, as debate over data retention bill intensifies

The Australian Federal Police have confirmed for the first time they have accessed journalists’ telecommunications metadata in the past 18 months, but said requests were “rare”.

They said they had received 13 referrals relating to alleged unauthorised disclosures by commonwealth officials, but in the “overwhelming majority” of those cases there was no need to access journalists’ metadata. Not all the referrals related to disclosures through the media.

The comments were made as part of a statement that rejected comments by Media, Entertainment and Arts Alliance chief executive Paul Murphy about how many times the AFP had accessed journalists’ metadata.

On Monday Murphy said that in a meeting with the AFP and other government officers the AFP “had been repeatedly asked to hunt down journalists’ sources by accessing journalists’ metadata and [AFP commissioner Andrew Colvin] confirmed that it is doing so”.

“The data retention bill will simply formalise these activities with no regard to the press freedom implications and presumably encourage at least 20 government agencies to go trawling through journalists’ metadata,” Murphy said.

The AFP said the statement was inaccurate and distorted the comments. But they also confirmed a small number of authorisations for access to journalists’ metadata had been made.

The release said: “Commissioner Colvin said that over the past 18 months, the AFP has received 13 referrals relating to the alleged unauthorised disclosure of commonwealth information in breach of section 70 of the Crimes Act.

“This offence specifically criminalises the activity of commonwealth officials who have released commonwealth information in contravention of their obligations, not journalists.”

“In the overwhelming majority of these investigations, no need was identified to conduct a metadata telecommunications inquiry on a journalist. AFP requests for accessing a journalist’s metadata are rare.”

Guardian Australia has previously reported that eight of these referrals related to stories about asylum seekers.

The AFP have confirmed that at least one of these referrals resulted in an investigation – into a story about the customs vessel Ocean Protector’s incursions into Indonesian waters – that is still under way.

The AFP did not disclose as part of the release of documents under freedom of information laws any information about whether journalists’ phone or web records had been accessed.

Journalists and politicians have tried in the past – unsuccessfully – to gain more information from the AFP on metadata requests issued relating to leak investigations.

Guardian Australia has lodged freedom of information requests and requests under the Privacy Act 1988 to determine whether authorisations have been made for reporters’ phone and web data.

The AFP has refused to confirm or deny the existence of any authorisations, citing the secrecy provisions of the Telecommunications (Interception and Access) Act 1979.

In February last year the independent senator Nick Xenophon requested in Senate estimates details of the number of metadata authorisations used in commonwealth disclosure investigations.

The AFP said at the time they were not required to provide information about specific authorisations.

They said: “This system is configured to record and store information contained in the authorisation and to produce reports on the total number of authorisations. Whilst the information is stored in the system, the system is not designed to report on particular crime types which are being investigated.”

The prime minister, Tony Abbott, agreed on Monday to amend the government’s data retention bill to provide an additional safeguard for journalists that would require a warrant to be sought for access to their metadata.

The MEAA and Greens senator Scott Ludlam have continued to voice concern about the data retention scheme.

On Tuesday a number of Labor backbenchers also spoke out in opposition to the data retention bill in a caucus meeting.

The government is yet to put forward amendments to the scheme to clarify how the warrant requirement for access to journalists’ metadata would operate.

quote:

Hacking BIOS Chips Isn’t Just the NSA’s Domain Anymore

The ability to hack the BIOS chip at the heart of every computer is no longer reserved for the NSA and other three-letter agencies. Millions of machines contain basic BIOS vulnerabilities that let anyone with moderately sophisticated hacking skills compromise and control a system surreptitiously, according to two researchers.

The revelation comes two years after a catalogue of NSA spy tools leaked to journalists in Germany surprised everyone with its talk about the NSA’s efforts to infect BIOS firmware with malicious implants.

The BIOS boots a computer and helps load the operating system. By infecting this core software, which operates below antivirus and other security products and therefore is not usually scanned by them, spies can plant malware that remains live and undetected even if the computer’s operating system were wiped and re-installed.

BIOS-hacking until now has been largely the domain of advanced hackers like those of the NSA. But researchers Xeno Kovah and Corey Kallenberg presented a proof-of-concept attack today at the CanSecWest conference in Vancouver, showing how they could remotely infect the BIOS of multiple systems using a host of new vulnerabilities that took them just hours to uncover. They also found a way to gain high-level system privileges for their BIOS malware to undermine the security of specialized operating systems like Tails—used by journalists and activists for stealth communications and handling sensitive data.

Although most BIOS have protections to prevent unauthorized modifications, the researchers were able to bypass these to reflash the BIOS and implant their malicious code.

Kovah and Kallenberg recently left MITRE, a government contractor that conducts research for the Defense Department and other federal agencies, to launch LegbaCore, a firmware security consultancy. They note that the recent discovery of a firmware-hacking tool by Kaspersky Lab researchers makes it clear that firmware hacking like their BIOS demo is something the security community should be focusing on.

Because many BIOS share some of the same code, they were able to uncover vulnerabilities in 80 percent of the PCs they examined, including ones from Dell, Lenovo and HP. The vulnerabilities, which they’re calling incursion vulnerabilities, were so easy to find that they wrote a script to automate the process and eventually stopped counting the vulns it uncovered because there were too many.

“There’s one type of vulnerability, which there’s literally dozens of instances of it in every given BIOS,” says Kovah. They disclosed the vulnerabilities to the vendors and patches are in the works but have not yet been released. Kovah says, however, that even when vendors have produced BIOS patches in the past, few people have applied them.

“Because people haven’t been patching their BIOSes, all of the vulnerabilities that have been disclosed over the last couple of years are all open and available to an attacker,” he notes. “We spent the last couple of years at MITRE running around to companies trying to get them to do patches. They think BIOS is out of sight out of mind [because] they don’t hear a lot about it being attacked in the wild.”

An attacker could compromise the BIOS in two ways—through remote exploitation by delivering the attack code via a phishing email or some other method, or through physical interdiction of a system. In that case, the researchers found that if they had physical access to a system they could infect the BIOS on some machines in just two minutes. This highlights just how quickly and easy it would be, for example, for a government agent or law enforcement officer with a moment’s access to a system to compromise it.

Their malware, dubbed LightEater, uses the incursion vulnerabilities to break into and hijack the system management mode to gain escalated privileges on the system. System management mode, or SMM, is an operations mode in Intel processors that firmware uses to do certain functions with high-level system privileges that exceed even administrative and root-level privileges, Kovah notes. Using this mode, they can rewrite the contents of the BIOS chip to install an implant that gives them a persistent and stealth foothold. From there, they can install root kits and steal passwords and other data from the system.

But more significantly, SMM gives their malware the ability to read all data and code that appears in a machine’s memory. This would allow their malware, Kovah points out, to subvert any computer using the Tails operating system—the security and privacy-oriented operating system Edward Snowden and journalist Glenn Greenwald used to handle NSA documents Snowden leaked. By reading data in memory, they could steal the encryption key of a Tails user to unlock encrypted data or swipe files and other content as it appears in memory. Tails is meant to be run from a secure USB flash drive or other removable media—so that conceivably it won’t be affected by viruses or other malware that may have infected the computer. It operates in the computer’s memory and once the operating system is shut down, Tails scrubs the RAM to erase any traces of its activity. But because the LightEater malware uses the system management mode to read the contents of memory, it can grab the data while in memory before it gets scrubbed and store it in a safe place from which it can later be exfiltrated. And it can do this while all the while remaining stealth.

“Our SMM attacker lives in a place nobody checks today to see if there’s an attacker,” Kovah says. “System management mode can read everyone’s RAM, but nobody can read System Management Mode’s RAM.”

Such an attack shows, he says, that the operating system Snowden chose to protect himself can’t actually protect him from the NSA or anyone else who can design an attack like LightEater.

quote:

New Zealand Spied on WTO Director Candidates

New Zealand launched a covert surveillance operation targeting candidates vying to be director general of the World Trade Organization, a top-secret document reveals.

In the period leading up to the May 2013 appointment, the country’s electronic eavesdropping agency programmed an Internet spying system to intercept emails about a list of high-profile candidates from Brazil, Costa Rica, Ghana, Indonesia, Jordan, Kenya, Mexico, and South Korea.

New Zealand’s trade minister Tim Groser was one of nine candidates in contention for the position at the WTO, a powerful international organization based in Geneva, Switzerland that negotiates trade agreements between nations. The surveillance operation, carried out by Government Communications Security Bureau, or GCSB, appears to have been part of a secret effort to help Groser win the job.

Groser ultimately failed to get the position.

A top-secret document obtained by The Intercept and the New Zealand Herald reveals how GCSB used the XKEYSCORE Internet surveillance system to collect communications about the WTO director general candidates.

XKEYSCORE is run by the National Security Agency and is used to analyze billions of emails, Internet browsing sessions and online chats that are vacuumed up from about 150 different locations worldwide. GCSB has gained access to XKEYSCORE because New Zealand is a member of the Five Eyes surveillance alliance alongside the United States, the United Kingdom, Canada and Australia.

The WTO spying document shows how the New Zealand agency created an XKEYSCORE targeting “fingerprint,” a combination of names and keywords used to extract particular information from the vast quantities of emails and other communications accessible through the system. The document reveals that a fingerprint was specially tailored to monitor the WTO candidates and was “used to sort traffic by priority,” looking for “keywords [as they] appear in the email_body.” It is stamped with a “last modified” date of 6 May 2013, about a week before the new director general was to be announced.

Two different intelligence searches were carried out by the GCSB staff as part of what they termed the “WTO Project.” First, they looked for emails referring to Groser, the WTO, the director general candidacy, and the surnames of the other candidates: Alan John Kwadwo Kyerematen (Ghana); Amina Mohamed (Kenya); Anabel González (Costa Rica); Herminio Blanco (Mexico); Mari Elka Pangestu (Indonesia); Taeho Bark (South Korea); Ahmad Thougan Hindawi (Jordan); and Roberto Carvalho de Azevêdo (Brazil).

Second, they zeroed in on the Indonesian candidate, Pangestu, that country’s former minister of trade and a professional economist. A separate XKEYSCORE fingerprint was created, headed “WTO DG Candidacy issues – focus on Indonesian candidate.” This was presumably because the New Zealand government was particularly concerned that the job might go to another Pacific candidate ahead of Groser.

The surveillance of Pangestu appears to have targeted all Internet communications (not just email) containing the name “Pangestu,” the words “Indonesia,” “WTO” and “candidacy,” and the other candidates’ names.

The searches had keyword instructions in English, French and Spanish – for instance “zealand”, “zelande” and “zelandia” – in order to catch communications from more countries. The intercepted messages were to be passed to the GCSB’s “trade team,” which would likely have had the job of collating intelligence for people in government involved in Groser’s bid for the WTO role.

The Intercept and the New Zealand Herald attempted to contact each of the named targets prior to publication. Several were not reachable or did not respond to a request for comment. A spokesman for the WTO had not responded to multiple requests for comment at time of publication (update below).

Bark, the South Korean candidate, said he had no inkling that he was the focus of surveillance during his bid for the director general role. He told the New Zealand Herald he had received no intelligence agency support as part of his own campaign. “It’s a different world for very advanced countries,” he said.

Bark, now an academic at Seoul National University and South Korea’s ambassador-at-large for international economy and trade, added that he was not “offended” by the spying because he didn’t think it had any impact on the outcome of his effort to get the WTO job. But he predicted others would be stung by the eavesdropping revelations. “The Indonesian candidate would be very upset,” he said.

International economic law expert Meredith Kolsky Lewis, who specializes in the WTO, said she was “a bit shocked” at the allegation New Zealand had spied on emails about the director general candidates.

“I’m a little surprised that New Zealand used the surveillance power available to it for this purpose,” Lewis said. “It’s possible those who ordered the surveillance wanted to know who other countries in the region supported.”

Andrew Little, leader of New Zealand’s Labour Party, criticized the surveillance and described it as “completely out of order.”

“It just seems outrageous,” Little said. “I would have thought that [to be] a misuse of our security and intelligence agencies. It seems to me right outside the mandate of the GCSB. It’s nothing to do with security threats.”

It was in late 2012 that Groser was nominated for the position at the WTO.

The New Zealand trade minister launched a lobbying campaign as part of his candidacy bid, traveling to Europe, the United States, Africa, the Caribbean and around the Pacific Islands in an effort to win support from members of the WTO’s general council, which includes representatives from 160 countries.

However, his campaign was unsuccessful. Brazil’s Azevêdo (pictured above) was appointed the WTO’s new director general on 14 May 2013.

Three weeks earlier, when it had become clear that Groser was not going to make the final shortlist, New Zealand’s prime minister, John Key, expressed his disappointment. “At the end of the day it was always going to be a long shot – so he gave it his best go with the support of the government,” Key said.

What the public didn’t know was that this support had included deploying the GCSB to spy on communications about the competitors.

At the time of the surveillance, prime minister Key was the minister in charge of the GCSB, raising the question of whether he knew about and personally sanctioned the electronic eavesdropping to help Groser.

A spokesman for Key declined to answer any questions about the WTO spying and instead issued a boilerplate response. “New Zealand’s intelligence agencies have been, and continue to be, a significant contributor to our national security and the security of New Zealanders at home and abroad,” the spokesman said.

Groser, reached by New Zealand Herald reporters late Saturday, said the government wouldn’t discuss “such leaks” because he claimed they were “often wrong, [and] they are deliberately timed to try and create political damage.” Asked if he knew the GCSB was conducting surveillance for him, he said: “I’ve got no comment to make whatsoever.”

GCSB also declined to comment on any of the specific revelations. In a statement, the agency’s acting director, Una Jagose, said: “The GCSB exists to protect New Zealand and New Zealanders. We have a foreign intelligence mandate. We don’t comment on speculation about matters that may or may not be operational. Everything we do is explicitly authorized and subject to independent oversight.”

Last week, The Intercept revealed that GCSB used XKEYSCORE to target top government officials and an anti-corruption campaigner in the Solomon Islands.

Earlier disclosures, which were based on documents from NSA whistleblower Edward Snowden, have exposed how New Zealand is funneling data into XKEYSCORE from a surveillance base in the Waihopai Valley and is spying on about 20 countries across the world, predominantly in the Asia-Pacific region, among them small Pacific islands and major trading partners including Japan, Vietnam, and China.

The Intercept is reporting details about New Zealand’s surveillance operations in collaboration with the New Zealand Herald, the Herald on Sunday, and the Sunday Star-Times.

Update, March 22, 2015 at 17:30 ET: Reached by phone Sunday, WTO spokesman Keith Rockwell told The Intercept he was “learning about this for the very first time” and said he would not comment on the New Zealand spying until he had looked closer at the details. “Tomorrow morning I’ll go into the office and we’ll discuss it and we’ll try to figure out what’s going on,” he said.

quote:

Britain’s Surveillance State

Edward Snowden exposed the extent of mass surveillance conducted not just by the United States but also by allies like Britain. Now, a committee of the British Parliament has proposed legal reforms to Britain’s intelligence agencies that are mostly cosmetic and would do little to protect individual privacy.

In a report published on March 12, the Intelligence and Security Committee acknowledged that agencies like MI5 collect, sift through and examine millions of communications. Most of this is legal, the committee said, and justified by national security. It proposed a new law that would tell people more about the kind of information the government collects about them but would not meaningfully limit mass surveillance. That is hardly sufficient for a system that needs strong new checks and balances.

Separately, a legal filing by the British government made public on Wednesday showed that its intelligence agencies maintain the right to hack into the computers, phones and other devices owned not just by suspected terrorists and criminals but also people who “are not intelligence targets in their own right.” The filing was published by Privacy International, one of several advocacy groups that have challenged government surveillance in court.

As things stand now, intelligence agencies can monitor vast amounts of communications and do so with only a warrant from a government minister to begin intercepting them. Lawmakers should limit the amount of data officials can sweep up and require them to obtain warrants from judges, who are more likely to push back against overly broad requests.

The parliamentary committee, however, did not see the need to limit data collection and concluded that ministers should continue to approve warrants because they are better than judges at evaluating diplomatic, political and public interests. That rationale ignores the fact that ministers are also less likely to deny requests from officials who directly report to them.

The committee’s acceptance of the status quo partly reflects the fact that Britons have generally been more accepting of intrusive government surveillance than Americans; security cameras, for instance, are ubiquitous in Britain. But the committee itself was far from impartial. Its nine members were all nominated by Prime Minister David Cameron, who has pushed for even greater surveillance powers.

After the attack against the French newspaper Charlie Hebdo in January, Mr. Cameron asked technology companies to help his government monitor encrypted communications and warned that those who refused to do so could be banned from doing business in Britain.

Parliament is unlikely to act on the committee’s report in its current form before the upcoming national election scheduled for May. In the meantime, legal cases challenging British surveillance practices filed by groups like Privacy International and Liberty are expected to end up at the European Court of Human Rights. In the past, that court has taken an expansive view of the individual’s right to privacy under the European Convention on Human Rights.

Governments certainly should have the ability to intercept communications to investigate crimes and terrorist plots. But lawmakers should place sensible limits on surveillance and require government officials to meet a high burden of proof before they are allowed to listen in on phone calls, read emails and troll through the web browsing histories of individuals.

quote:

Communication Security Establishment's cyberwarfare toolbox revealed

quote:

Top-secret documents obtained by the CBC show Canada's electronic spy agency has developed a vast arsenal of cyberwarfare tools alongside its U.S. and British counterparts to hack into computers and phones in many parts of the world, including in friendly trade countries like Mexico and hotspots like the Middle East.

The little known Communications Security Establishment wanted to become more aggressive by 2015, the documents also said.

Revelations about the agency's prowess should serve as a "major wakeup call for all Canadians," particularly in the context of the current parliamentary debate over whether to give intelligence officials the power to disrupt national security threats, says Ronald Deibert, director of the Citizen Lab, the respected internet research group at University of Toronto's Munk School of Global Affairs.

"These are awesome powers that should only be granted to the government with enormous trepidation and only with a correspondingly massive investment in equally powerful systems of oversight, review and public accountability," says Deibert.

Details of the CSE’s capabilities are revealed in several top-secret documents analyzed by CBC News in collaboration with The Intercept, a U.S. news website co-founded by Glenn Greenwald, the journalist who obtained the documents from U.S. whistleblower Edward Snowden.

quote:

Leave Facebook if you don't want to be spied on, warns EU

European Commission admits Safe Harbour framework cannot ensure privacy of EU citizens’ data when sent to the US by American internet firms

The European Commission has warned EU citizens that they should close their Facebook accounts if they want to keep information private from US security services, finding that current Safe Harbour legislation does not protect citizen’s data.

The comments were made by EC attorney Bernhard Schima in a case brought by privacy campaigner Maximilian Schrems, looking at whether the data of EU citizens should be considered safe if sent to the US in a post-Snowden revelation landscape.

“You might consider closing your Facebook account, if you have one,” Schima told attorney general Yves Bot in a hearing of the case at the European court of justice in Luxembourg.

When asked directly, the commission could not confirm to the court that the Safe Harbour rules provide adequate protection of EU citizens’ data as it currently stands.

The US no longer qualifies

The case, dubbed “the Facebook data privacy case”, concerns the current Safe Harbour framework, which covers the transmission of EU citizens’ data across the Atlantic to the US. Without the framework, it is against EU law to transmit private data outside of the EU. The case collects complaints lodged against Apple, Facebook, Microsoft, Microsoft-owned Skype and Yahoo.

Schrems maintains that companies operating inside the EU should not be allowed to transfer data to the US under Safe Harbour protections – which state that US data protection rules are adequate if information is passed by companies on a “self-certify” basis – because the US no longer qualifies for such a status.

The case argues that the US government’s Prism data collection programme, revealed by Edward Snowden in the NSA files, which sees EU citizens’ data held by US companies passed on to US intelligence agencies, breaches the EU’s Data Protection Directive “adequacy” standard for privacy protection, meaning that the Safe Harbour framework no longer applies.

Poland and a few other member states as well as advocacy group Digital Rights Ireland joined Schrems in arguing that the Safe Harbour framework cannot ensure the protection of EU citizens’ data and therefore is in violation of the two articles of the Data Protection Directive.

The commission, however, argued that Safe Harbour is necessary both politically and economically and that it is still a work in progress. The EC and the Ireland data protection watchdog argue that the EC should be left to reform it with a 13-point plan to ensure the privacy of EU citizens’ data.

“There have been a spate of cases from the ECJ and other courts on data privacy and retention showing the judiciary as being more than willing to be a disrupting influence,” said Paula Barrett, partner and data protection expert at law firm Eversheds. “Bringing down the safe harbour mechanism might seem politically and economically ill-conceived, but as the decision of the ECJ in the so-called ‘right to be forgotten’ case seems to reinforce that isn’t a fetter which the ECJ is restrained by.”

An opinion on the Safe Harbour framework from the ECJ is expected by 24 June.

Facebook declined to comment.

quote:

AP Exclusive: Before leak, NSA mulled ending phone program

WASHINGTON (AP) — The National Security Agency considered abandoning its secret program to collect and store American calling records in the months before leaker Edward Snowden revealed the practice, current and former intelligence officials say, because some officials believed the costs outweighed the meager counterterrorism benefits.

After the leak and the collective surprise around the world, NSA leaders strongly defended the phone records program to Congress and the public, but without disclosing the internal debate.

The proposal to kill the program was circulating among top managers but had not yet reached the desk of Gen. Keith Alexander, then the NSA director, according to current and former intelligence officials who would not be quoted because the details are sensitive. Two former senior NSA officials say they doubt Alexander would have approved it.

Still, the behind-the-scenes NSA concerns, which have not been reported previously, could be relevant as Congress decides whether to renew or modify the phone records collection when the law authorizing it expires in June.

The internal critics pointed out that the already high costs of vacuuming up and storing the “to and from” information from nearly every domestic landline call were rising, the system was not capturing most cellphone calls, and program was not central to unraveling terrorist plots, the officials said. They worried about public outrage if the program ever was revealed.

After the program was disclosed, civil liberties advocates attacked it, saying the records could give a secret intelligence agency a road map to Americans’ private activities. NSA officials presented a forceful rebuttal that helped shaped public opinion.

Responding to widespread criticism, President Barack Obama in January 2014 proposed that the NSA stop collecting the records, but instead request them when needed in terrorism investigations from telephone companies, which tend to keep them for 18 months.

Yet the president has insisted that legislation is required to adopt his proposal, and Congress has not acted. So the NSA continues to collect and store records of private U.S. phone calls for use in terrorism investigations under Section 215 of the Patriot Act. Many lawmakers want the program to continue as is.

Alexander argued that the program was an essential tool because it allows the FBI and the NSA to hunt for domestic plots by searching American calling records against phone numbers associated with international terrorists. He and other NSA officials support Obama’s plan to let the phone companies keep the data, as long as the government quickly can search it.

Civil liberties activists say it was never a good idea to allow a secret intelligence agency to store records of Americans’ private phone calls, and some are not sure the government should search them in bulk. They say government can point to only a single domestic terrorism defendant who was implicated by a phone records search under the program, a San Diego taxi driver who was convicted of raising $15,000 for a Somali terrorist group.

Some fault NSA for failing to disclose the internal debate about the program.

“This is consistent with our experience with the intelligence community,” said Rep. Justin Amash, R-Mich. “Even when we have classified briefings, it’s like a game of 20 questions and we can’t get to the bottom of anything.”

The proposal to halt phone records collection that was circulating in 2013 was separate from a 2009 examination of the program by NSA, sparked by objections from a senior NSA official, reported in November by The Associated Press. In that case, a senior NSA code breaker learned about the program and concluded it was wrong for the agency to collect and store American records. The NSA enlisted the Justice Department in an examination of whether the search function could be preserved with the records stores by the phone companies.

That would not work without a change in the law, the review concluded. Alexander, who retired in March 2014, opted to continue the program as is.

But the internal debate continued, current and former officials say, and critics within the NSA pressed their case against the program. To them, the program had become an expensive insurance policy with an increasing number of loopholes, given the lack of mobile data. They also knew it would be deeply controversial if made public.

By 2013, some NSA officials were ready to stop the bulk collection even though they knew they would lose the ability to search a database of U.S. calling records. As always, the FBI still would be able to obtain the phone records of suspects through a court order.

There was a precedent for ending collection cold turkey. Two years earlier, the NSA cited similar cost-benefit calculations when it stopped another secret program under which it was collecting Americans’ email metadata — information showing who was communicating with whom, but not the content of the messages. That decision was made public via the Snowden leaks.

Alexander believed that the FBI and the NSA were still getting crucial value out of the phone records program, in contrast to the email records program, former NSA officials say.

After the Snowden leaks, independent experts who looked at the program didn’t agree. A presidential task force examined NSA surveillance and recommended ending the phone records collection, saying it posed unacceptable privacy risks while doing little if anything to stop terrorism. The task force included Michael Morell, a former deputy CIA director, and Richard Clarke, a former White House counter terrorism adviser.

“We cannot discount the risk, in light of the lessons of our own history, that at some point in the future, high-level government officials will decide that this massive database of extraordinarily sensitive private information is there for the plucking,” the report said. Times, dates and numbers called can provide a window into a person’s activities and connections.

A separate inquiry by the Privacy and Civil Liberties Oversight Board concluded the same thing.

David Medine, chairman of that board, said the concerns raised internally by NSA officials were the same as theirs, yet when NSA officials came before the privacy board, they “put on a pretty strong defense for the program. Except their success stories didn’t pan out,” he said.

quote:

Dode na rampoging bij ingang NSA

Bij de toegangspoort van de Amerikaanse inlichtingendienst NSA is vandaag een dode gevallen nadat een automobilist de entree wilde rammen. Verder zouden er een of twee mensen gewond zijn, meldden Amerikaanse media.

Rond 09.30 uur probeerde de bestuurder de poort van het hoofdkantoor van de NSA in Fort Meade te rammen. Volgens NBC Washington zouden er twee mannen in de auto hebben gezeten, die verkleed waren als vrouwen. Ze wilden naar binnen bij het kantoor. Beide mannen zouden zijn geraakt door kogels van bewakers. Er lagen volgens de zender een geweer en drugs in de auto.

De NSA is bekend vanwege vele schandalen van de afgelopen jaren. Klokkenluider Edward Snowden lekte documenten, waardoor duidelijk werd dat de inlichtingendienst op soms buitensporige en vermoedelijk zelfs illegale wijze informatie vergaarde.

quote:

Pew Survey: Snowden Leaks Are Affecting the Way Americans View Privacy

quote:

It’s been nearly two years since former National Security Agency (NSA) contractor Edward Snowden first leaked to the Guardian that the NSA was spying on American citizens. A new survey from the Pew Research center finds that the revelations of the mass government surveillance programs has definitely impacted the way certain segments of the American population now view their privacy — but that hasn’t yet translated into behavior changes.

The survey found that a vast majority of respondents — 87 percent — had heard of the leaks in some way. Among them about a third, 34 percent, had actually modified their behaviors to protect their privacy from the government more, with 25 percent reporting they had modified the way they use different technologies “a great deal” or “somewhat.” Common reactions included changing their privacy settings on social media (17 percent), using social media less often (15 percent), avoiding certain apps (15 percent) and uninstalling apps (13 percent).

Meanwhile, 14 percent of the 475 respondents said they now speak in person more often than communicating online or over the phone. About 13 percent said they now avoid the use of certain terminology online.

quote:

Who Knows What Evils Lurk in the Shadows?

The story of the powerful spy agency most Canadians still don’t know, and the security bill that would expand its resources and reach

quote:

Charlie Hebdo. Ottawa. Peshawar. Westgate. Mumbai. Acts of terror such as these have become an unfortunate by-product of the hypermedia world in which we now live. Governments worldwide have responded to these incidents with a sense of urgency: new anti-terrorism laws and expanded law enforcement and intelligence capabilities.

Canada’s version is now before us as Bill C-51, an omnibus crime and anti-terrorism bill that introduces two new security laws and amends 15 existing laws, including the Criminal Code and the CSIS Act. C-51 sets out to counter not just “terrorism” but the vast undefined expanse C-51 describes as “threats to the security of Canada.” The Harper government has pushed variations of these laws unsuccessfully over years. But it was the Ottawa attacks, followed quickly by those in Paris, which created a window of political opportunity prior to federal elections to throw together the package. These measures are the most sweeping change of Canadian national security laws since the 2001 terror attacks on the United States (9/11). As the law is being debated, it is important that Canadians understand the full implications.

quote:

Edward Snowden issues 'call to arms' for tech companies in secret SXSW meeting

quote:

NSA whistleblower Edward Snowden was a highlight of last year's SXSW, where he gave one of his first public speeches. This year, Snowden was back at SXSW — but only a few people even knew it was happening. Snowden held a streamed question-and-answer session with roughly two dozen people from across the technology and policy world, which participant Sunday Yokubaitis, president of online privacy company Golden Frog, described as a "call to arms" for tech companies to foil spying with better privacy tools.

According to Yokubaitis, Snowden said that as policy reform lagged, companies should adopt more secure technology that could block surveillance altogether or make it too difficult to pursue en masse. A big focus was end-to-end encryption, which would mean no one (including companies) could see the contents of communications except the sender and recipient. "The low-hanging fruit is always [the] transit layer," he reportedly said. "It raises the cost. Every time we raise the cost, we force budgetary constraints." This is especially relevant as tools that are originally built for targeted use overseas slowly grow into broader programs. "We hope that they start with North Korea and by the time they end up in Ohio, they run out of budget."

Snowden described common security systems like SSL, meanwhile, as "critical infrastructure" that didn't receive enough investment and became vulnerable as a result. And if encryption isn't common enough, simply using it can mark a message as suspicious, which is part of the reason companies should be working on better encryption options. "Him saying that validates that companies should try and fill the holes, and not wait for policy," said Yokubaitis after the meeting.

quote:

The DEA Has Been Secretly Buying Hacking Tools From an Italian Company

quote:

The Drug Enforcement Administration has been buying spyware produced by the controversial Italian surveillance tech company Hacking Team since 2012, Motherboard has learned.

The software, known as Remote Control System or “RCS,” is capable of intercepting phone calls, texts, and social media messages, and can surreptitiously turn on a user’s webcam and microphone as well as collect passwords.

The DEA originally placed an order for the software in August of 2012, according to both public records and sources with knowledge of the deal.

The contract, which has not been previously revealed, shows that the FBI is not the only US government agency engaged in hacking tactics, but that the DEA has also been purchasing off-the-shelf malware that could be used to spy on suspected criminals.

This revelation comes just a week after USA Today uncovered a secret program with which the DEA collected the phone records of millions of Americans for more than 20 years, a program that pre-dated and inspired the NSA’s own bulk telephone collection program, suggesting that the drug agency is sort of a pioneer in the use of surveillance.

quote:

Security expert used Tor to collect government e-mail passwords

A security expert who exposed the passwords and login information for a number …

Last month, Swedish security specialist Dan Egerstad exposed the passwords and login information for 100 e-mail accounts on embassy and government servers. In a blog entry today, Egerstad disclosed his methodology. He collected the information by running a specialized packet sniffer on five Tor exit nodes operated by his organization, Deranged Security.

Tor is an onion routing service that facilitates anonymous Internet communication. Originally developed by the US Naval Research Laboratory and formerly funded by the Electronic Frontier Foundation, Tor is designed to protect users from traffic analysis and other kinds of network surveillance. It works by relaying connections through a series of distributed network servers. When a Tor user visits a web site, the IP address detected and logged by that site will be the IP address of one of the Tor nodes rather than the actual user. This makes it possible for users to obscure their identity under certain circumstances.

Unfortunately, many Tor users do not realize that all of their network traffic is being exposed to Tor exit nodes. Tor users who do not use encryption are broadly exposing themselves to identity theft. Egerstad was originally doing a study on e-mail encryption, but during the course of the research project, he decided to create the packet sniffer and expose sensitive e-mail login data in order to increase awareness of the fact that Tor exposes sensitive information when not used with encryption.

Egerstad believed that privately disclosing his findings to the organizations whose passwords he obtained would not convince them to change their practices. He also knew that it was only a matter of time before others with malicious intent would perform the same kind of experiment, so he felt that broad public disclosure was the only way he could generate enough attention to force people to think about the problem.

"Experience tells me that even if I would contact everyone on this list most are not going to listen," Egerstad wrote when he released the login information last month. "So f*** it! Here is everything you need to read classified email and f*** up some serious International business. Hopefully this will put light on the security problems that are never talked about and get at least this fixed with a speed that you never seen your government work before. As a Swedish citizen I can't give this information to anyone without getting into trouble, so instead I'm giving it to everyone."

After publicly releasing the information, Egerstad's site was taken down at the request of US law enforcement officials. After it was brought back earlier this week, Egerstad expressed frustration and pointed out that the information was already spreading across the Internet. Taking down Egerstad's site only served to silence his message about security and did not prevent dissemination of the sensitive data. "I've seen people saying that the US would be angry now that we forced foreign countries to tighten their security so NSA or whatever can't read their secrets any longer. To me it sounds like bulls*** taken out of a bad book but after this silly little stunt I'm reconsidering. Is there any reason you DO NOT want people to secure their systems?" asked Egerstad.

According to Egerstad, the information disclosed is only a fraction of what he collected. He continues to argue that the responsibility for exposing the login information rests on the organizations that failed to use encryption and that he simply drew attention to information that was essentially already public. "ToR isn't the problem, just use it for what it's made for," Egerstad notes. "[The system administrators for the organizations whose passwords were exposed] are responsible for giving away their own countries secrets to foreigners. I can't call it a mistake, this is pure stupidity and not forgivable!"

Egerstad also points out that very little is known about the intentions and activity of other Tor exit node operators, some of whom are already known to be associated with malicious hacker groups and foreign governments.

quote:

DA says Apple, Google software helps terrorists

Manhattan DA Cyrus Vance Jr. sounded a battle cry Sunday, calling on law-enforcement agencies to battle Apple and Google over software that makes it impossible for authorities to “decrypt” cellphones seized in criminal investigations.

The recently rolled-out “upgrades” haven’t attracted much general attention, which means police must start pressing elected officials to roll back the terrorist-friendly software, he said.
“Apple has created a phone that is dark, that cannot be accessed by law enforcement even when a court has authorized us to look at its contents,” Vance warned on “The Cats Roundtable” show on WNYM/970 AM.

“That’s going to be the terrorists’ communication device of choice.”

Google is also introducing software for its Android phones that police and prosecutors will be unable to trace.

Combined, the tech giants make up about 96 percent of the world cellphone market.

When it was launched Sept. 17, the Apple mobile operating system, iOS 8, drew criticism from several top law-enforcement officials, including US Attorney General Eric Holder and NYPD Commissioner Bill Bratton.

“It does a terrible disservice to the public, ultimately, and to law enforcement, initially,” Bratton said at the time.

“For them to consciously, for profit and gain, to thwart those legal constitutional efforts, shame on them.”

Apple and Google have defended their products, admitting consumer demand was a key consideration.

With older operating systems, the companies could “unlock” cellphone data at the request of law enforcement. With the new ones, only the phone owner can.

“For all devices running iOS 8.0 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess,” the company states on its Web site.

Vance said Apple and Google are playing with people’s safety.

“It’s going to affect our ability to protect New Yorkers,” he told the show’s host, former mayoral candidate John Catsimatidis.

“It’s also going to have national-security implications because a device that cannot be accessed by judicial warrant can be used by homegrown violent extremists and terrorists to communicate with each other.”

Vance urged law-enforcement leaders to lobby politicians.

“We need to get their [elected officials’] support to hold hearings on this issue,” Vance said.

quote:

White House releases report on NSA surveillance six years later

Basics of programme had been declassified, but report includes new details about the secrecy surrounding the collection of Americans’ emails and calls

With debate gearing up over the coming expiration of the Patriot Act surveillance law, the Obama administration on Saturday unveiled a six-year-old report examining the once-secret programme to collect information on Americans’ calls and emails.

The Office of the Director of National Intelligence (ODNI) publicly released the redacted report following a Freedom of Information Act lawsuit by the New York Times. The basics of the National Security Agency (NSA) programme already had been declassified, but the lengthy report includes some new details about the secrecy surrounding it.

After the programme was disclosed in 2013 by the former NSA contractor Edward Snowden, President Barack Obama and many lawmakers called for legislation to end that collection, but a bill to do so failed last year. Proponents had hoped that the expiration of the Patriot Act provisions would force consideration of such a measure.

A bipartisan group of House members has been working on such legislation, dubbed the USA Freedom Act. White House press secretary Josh Earnest said on Friday that Obama is pleased efforts are restarting in the House.

“Hopefully, the next place where Democrats and Republicans will turn their attention and try to work together is on this issue of putting in place important reforms to the Patriot Act,” Earnest said.

If no legislation is passed, the Patriot Act provisions will expire. That would affect not only the NSA surveillance but other programmes used by the FBI to investigate domestic crimes, which puts considerable pressure on lawmakers to pass some sort of extension.

President George W Bush authorised the “President’s Surveillance Program” (PSP) in the aftermath of the terrorist attacks on 11 September 2001. The review was completed in July 2009 by inspectors general from the Justice Department, Pentagon, CIA, NSA and ODNI.

They found that while many senior intelligence officials believe the programme filled a gap by increasing access to international communications, others, including FBI agents, CIA analysts and managers, “had difficulty evaluating the precise contribution of the PSP to counterterrorism efforts because it was most often viewed as one source among many available analytic and intelligence-gathering tools in these efforts”.

Critics of the phone records programme, which allows the NSA to hunt for communications between terrorists abroad and US residents, argue it has not proven to be an effective counterterrorism tool. They also say an intelligence agency has no business possessing the deeply personal records of Americans. Many favour a system under which the NSA can obtain court orders to query records held by the phone companies.

The Patriot Act expires on 1 June, and Senate Republicans have introduced a bill that would allow continued collection of call records of nearly every American. The legislation would reauthorise sections of the Patriot Act, including the provision under which the NSA requires phone companies to turn over the “to and from” records of most domestic landline calls.

quote:

Duitsers bespioneerden buurlanden voor Amerikanen, Merkel in verlegenheid

De Duitse geheime dienst heeft jarenlang in opdracht van de Amerikanen Europese buurlanden bespioneerd. Volgens een onderzoek dat is uitgevoerd in opdracht van de Duitse regering werden vanuit het Beierse Bad Aibling data, e-mails en telefoongegevens verzameld van onder meer de Franse wapenindustrie, hoge ambtenaren van het Franse ministerie van Buitenlandse Zaken en het presidentieel paleis en leden van de Europese Commissie.

De Duitse regering is door het onderzoek, dat gisteren uitlekte in de Süddeutsche Zeitung en via de tv-zenders NDR en WDR, ernstig in verlegenheid gebracht. Eind 2013 reageerde Duitsland nog woedend op het bericht dat de Amerikaanse veiligheidsdienst NSA onder andere de telefoon van bondskanselier Angela Merkel afluisterde.

Haar woordvoerder zei destijds dat er “een diep verschil van mening bestaat tussen Duitsland en de VS over de balans tussen veiligheid en inbreuk op burgerrechten”.

Illegale wapentransporten

De Verenigde Staten wilden volgens het uitgelekte onderzoek informatie over illegale wapenexporten. Daarom werden ook bedrijven in de gaten gehouden. Het zou in de meeste gevallen niet zijn gegaan om bedrijfsspionage.

De Frankfurter Allgemeine Zeitung, die de affaire relativeert, wijst op een lijst met e-mail- en IP-adressen die de Duitsers van de Amerikanen kregen, maar weigerden te onderzoeken.

Twee weken geleden zei minister van Binnenlandse Zaken Thomas de Maizière in antwoord op vragen in de Bondsdag dat er geen sprake is geweest van bedrijfsspionage. De oppositiepartij Die Linke concludeert nu dat De Maizière heeft gelogen en eist zijn aftreden.

De minister, die door boulevardkrant Bild al als Pinocchio met een lange neus wordt afgebeeld, noemde de beschuldigingen “niet waar”, maar kon weinig zeggen omdat het ging om “geheime” dan wel “uiterst geheime” informatie. “Het is daarom voor mij onmogelijk om openlijk op de verwijten en vragen te reageren”, zei De Maizière, die tussen 2005 en 2009 in Merkels Kanzleramt verantwoordelijk was voor de geheime diensten.

De voorzitter van de parlementaire onderzoekscommissie, Patrick Sensburg, een partijgenoot van De Maizière, vindt het veel te vroeg om over “aftreden” te spreken. Wel vraagt hij om inzage in de volledige lijst met zoektermen die de NSA aan zijn Duitse collega’s voorlegde.

quote:

AIVD-baas Bertholee: een schoothond van de NSA? Bullshit!

quote:

Rob Bertholee, baas van de Nederlandse Inlichtingenen veiligheidsdienst (AIVD), noemt het verwijt van klokkenluider Edward Snowden dat zijn dienst een schoothond van haar Amerikaanse evenknie is “absolute bullshit”. Tevens vindt hij dat de Nederlandse journalistiek teveel achter Snowden aan loopt.

Bertholee gaat vandaag voor het eerst publiekelijk in op de kritiek van Snowden op de AIVD.

quote:

"Ik zie iemand die vastzit in Moskou, geen kant uitkan en door de Amerikanen wordt beschouwd als een vijand van de staat. Dan denk ik: hoe komt zo iemand aan zoveel kennis en een schijnbaar diepgaande analyse over wat er in Nederland gebeurt?"

quote:

Aanpassing Patriot Act lijkt zekerheid

quote:

De omstreden Amerikaanse Patriot Act gaat waarschijnlijk aangepast worden. Volgens New York Times is er een meerderheid in de senaat voor het inperken van onbeperkt afluisteren door de inlichtingendienst NSA. Een congrescommissie heeft een voorstel aangenomen om de aanpassing van de Patriot Act mogelijk te maken en een meerderheid van republikeinen en democraten in de senaat zou die aanpassing steunen.

quote:

Why the U.S. should but won’t partner with hactivists Anonymous

For a barbaric movement grounded in early Islamic apocalyptic prophecies, what is perhaps most striking about the rapid rise of the Islamic State has been its use of modern technology. Leveraging the open nature and global reach of platforms such as Twitter, Facebook and YouTube, Islamic State has used social media to recruit young would-be jihadis, to build a global network of sympathetic followers, and to intimidate Western audiences with its brutality.

The scale of this digital propaganda network is vast. A recent study by the Brookings Institution found that in late 2014 there were at least 46,000 Twitter accounts used by Islamic State supporters, with an average of 1,000 followers each.

But why has the United States, which has at its disposal vast cyberwar capabilities, an ever-expanding surveillance state and significant leverage over, and goodwill of, the American companies that are hosting this content, proved unable to quiet the online reach of this network of insurgents?

One answer is that the open nature of the Internet, combined with the constraints that democratic states face engaging effectively within it, has limited the capability of the United States to fight back. And this tells us a tremendous amount about the shifting nature of power in the digital age.

In the absence of effective state action against the Islamic State online, Anonymous has taken up the digital war. Already this ad hoc network of hackers and activists has downed scores of Web pages and hacked into dozens of Twitter accounts that allegedly belong to Islamic State members. Much like in the early days of the Arab Spring, where hackers provided online assistance and offered protection to activists, Anonymous is stepping in where the state has limited capacity.

This has recently led to calls for the United States to partner with Anonymous to launch cyberattacks against the Islamic State, and even paying hactivists in bitcoin. This sounds audacious, but plausible. Western governments have long collaborated with unsavory actors with the aim of larger strategic goals — as it is said, the enemy of my enemy is my friend.

In theory, such a partnership could allow the Defense and State departments to overcome the constraints of their slow-moving, hierarchical, command-and-control systems. It could allow them to act more like a nimble startup than a legacy industrial corporation.

And it could be effective — we know that Anonymous hackers have been successful taking on a wide range of both established and emerging powers. In practice, however, there is substantial risk. As the failure of the clandestine USAID program to build a fake version of Twitter in Cuba to foster dissent demonstrates, states often stumble when they step into the murky world of online power.

But I would suggest there are other, more fundamental reasons, why the U.S. will never partner with Anonymous. This is because, at its core, Anonymous is different than the other perceived bad actors that government is more than willing to collaborate with. Anonymous represents a new form of decentralized power that challenges the very foundations of the state system.

First, the power structures that Anonymous embodies represent a fundamental threat to state dominance in the international system. The challenges that the state system were designed to solve — a lack of structure, instability, decentralized governance, loose and evolving ties — are precisely what makes groups like Anonymous powerful.

Legitimizing the type of decentralized, collaborative and anonymous power that Anonymous represents, therefore poses a threat to the hierarchical and state-led international system that the nation state depends on. This new form of power scares governments — so much so that they are willing to exert significant control over the network itself. As was revealed in the Snowden National Security Agency documents, the government wanted to collect it all, process it all, exploit it all, partner it all, sniff it all, know it all.

Second, over the course of modern history, we have placed tremendous power in the state. Whether it be through the justice system, the social welfare state or the military, government has been the primary enabler of collective action in our society. In exchange, we have put in place systems of accountability and laws to hold this power to account. For states seeking to fight new online powers, these norms of behavior make functioning effectively online at best difficult, and at worst counter to the expectations and laws governing their activities.

Third, the state is ultimately faced with a paradox — that the very attributes of the Internet that enable the Islamic State also enable the free enterprise and expression that make it arguably the most liberating technology in human history. The very real risk governments face is that in seeking to stop perceived nefarious actors online, they will also shut down the positive ones. Efforts by the NSA to break encryption, for example, won’t just help it fight illegal crypto-currencies, or Islamic State fighters using secure networking tools, but would also threaten the security of the online commerce sector. These efforts risk breaking the Internet.

For the U.S. government, partnering with Anonymous and legitimizing its structure is simply a bridge too far. And this limitation represents a crisis for state power in the digital age: One that curtails its ability to fight the online propaganda of a barbaric jihadist movement taking to Twitter to build its caliphate.

_{Taylor Owen is an assistant professor of digital media and global affairs at the University of British Columbia. He is the author of “Disruptive Power: The Crisis of the State in the Digital Age,” Oxford University Press, 2015. To comment, submit your letter to the editor at www.sfgate.com/submissions.}

quote:

Deprecating Non-Secure HTTP


Today we are announcing our intent to phase out non-secure HTTP.

There’s pretty broad agreement that HTTPS is the way forward for the web. In recent months, there have been statements from IETF, IAB (even the other IAB), W3C, and the US Government calling for universal use of encryption by Internet applications, which in the case of the web means HTTPS.

After a robust discussion on our community mailing list, Mozilla is committing to focus new development efforts on the secure web, and start removing capabilities from the non-secure web. There are two broad elements of this plan:

Setting a date after which all new features will be available only to secure websites
Gradually phasing out access to browser features for non-secure websites, especially features that pose risks to users’ security and privacy.

For the first of these steps, the community will need to agree on a date, and a definition for what features are considered “new”. For example, one definition of “new” could be “features that cannot be polyfilled”. That would allow things like CSS and other rendering features to still be used by insecure websites, since the page can draw effects on its own (e.g., using <canvas>). But it would still restrict qualitatively new features, such as access to new hardware capabilities.

The second element of the plan will need to be driven by trade-offs between security and web compatibility. Removing features from the non-secure web will likely cause some sites to break. So we will have to monitor the degree of breakage and balance it with the security benefit. We’re also already considering softer limitations that can be placed on features when used by non-secure sites. For example, Firefox already prevents persistent permissions for camera and microphone access when invoked from a non-secure website. There have also been some proposals to limit the scope of non-secure cookies.

It should be noted that this plan still allows for usage of the “http” URI scheme in legacy content. With HSTS and the upgrade-insecure-requests CSP attribute, the “http” scheme can be automatically translated to “https” by the browser, and thus run securely.

Since the goal of this effort is to send a message to the web developer community that they need to be secure, our work here will be most effective if coordinated across the web community. We expect to be making some proposals to the W3C WebAppSec Working Group soon.

Thanks to the many people who participated in the mailing list discussion of this proposal. Let’s get the web secured!

Richard Barnes, Firefox Security Lead

Update (2015-05-01): Since there are some common threads in the comments, we’ve put together a FAQ document with thoughts on free certificates, self-signed certificates, and more.

Bron: blog.mozilla.org

quote:

No factual basis for suggesting Snowden GCSB docs 'fabricated' - PM office

The Prime Minister's office has said it has no factual basis for suggesting Edward Snowden documents which exposed GCSB secrets were "fabricated".

But it has also said some of those with access to the Snowden documents - apparently including journalist Glenn Greenwald - "have a track record of misrepresenting, misinterpreting and misunderstanding information".

The "fabrication" claim has been part of the Prime Minister's standard response to revelations of activities carried out by New Zealand's electronic eavesdropping agency.

Details of the GCSB's work have included spying on international diplomats in support of Trade Minister Tim Groser's bid to lead the World Trade Organisation, feeding information to Bangaladeshi security forces facing murder and torture allegations and sending "full take" communications data from the Pacific to the National Security Agency.

The stories - in a reporting partnership with journalist Nicky Hager and the Greenwald-founded news site The Intercept - showed New Zealand had a job-sharing role in international intelligence gathering for the Five Eyes group of nations, which also includes Australia, Canada, the United Kingdom and the US.

The Five Eyes intelligence gathering group is led by the US, with the other countries holding "second party" status.

Other nations outside the group are the "third party" or less partners.

The Herald sought any information held by the Prime Minister which informed him or his office over the alleged "fabrication".

The Prime Minister's chief of staff Wayne Eagleson said "no information has been identified". He said the PM's office had to refuse the request because the "information requested does not exist or cannot be found".

Asked for the basis of the claim, a spokeswoman for the Prime Minister said: "Given these documents were stolen and these people have a track record of misrepresenting, misinterpreting and misunderstanding information, as shown in the Moment of Truth, we can't discount that some of what is being put forward may be fabricated."

The high profile Moment of Truth event saw Greenwald make claims Snowden documents showed a cable tapping operation was underway to access all New Zealanders' communications. Documents presented as proof showed the operation was planned but there was nothing proving it went ahead.

The government said there was a plan but it had never gone ahead.

OIA request responses from the PM's office and the GCSB show response to the Snowden stories was scripted from the outset. In only a few circumstances to it deviate regardless of the issue raised.

Large chunks of communications were withheld with officials saying it would place at risk the "security and defence of New Zealand".

The only information released which appeared to shed light on the claims from the Snowden files was a summary of comments by a former GCSB advisor.

In an email from one unnamed official to another, it summarised comments by Dr Damien Rogers on TVNZ's Q&A. According to the summary, Dr Roger's had rejected claims of "mass surveillance" on the Pacific in favour of the terms "widespread, systematic monitoring".

The official commented on the description saying it was "not helpful and untrue".

Overview

What was the issue?
Top secret GCSB and NSA documents detailed the way the agencies operated.

How did the Prime Minister respond?
John Key refused to comment on "stolen" information which could be fabricated.

Was there a basis for the suggestion they were forgeries?
The PM's office has confirmed there was no basis to the claim.

Has any Snowden document been shown to be "fabricated"?
No, not in any of the countries in which there has been extensive reporting.

quote:

'Met hulp van NSA verijdelde aanslagen België bestonden niet'

Generaal-majoor Eddy Testelmans van de Belgische militaire inlichtingendienst SGR is de fout ingegaan met een uitspraak over verijdelde aanslagen. Testelmans beweerde in 2013 dat er drie aanslagen in België waren verijdeld dankzij informatie van de Amerikaanse geheime dienst NSA. Dat blijkt niet het geval, meldde de Belgische krant De Tijd vandaag.

'Als de NSA die info niet had doorgespeeld, hadden wij het niet geweten', zei Testelmans in 2013 in een interview met het magazine MO*. 'De details mag ik niet geven. Wel kan ik zeggen dat België waarschijnlijk voor zware incidenten behoed is gebleven.'

Testelmans baseerde zich daarbij op vertrouwelijke nota's die hij had gekregen van de NSA-top. Diezelfde informatie werd destijds ook gebruikt door de NSA om zich voor de Amerikaanse regering te verdedigen na de onthullingen van Snowden. Volgens De Tijd was het ook het doel van Testelmans om het werk van de Amerikaanse inlichtingendienst te verdedigen.

In een vertrouwelijk rapport van de toezichthouder voor de geheime diensten staat er een 'groot vertrouwen' is tussen de NSA en ADIV. Mogelijk heeft de NSA de inlichtingenchef daarom niet tegengesproken.

quote:

Angela Merkel under pressure to reveal all about US spying agreement

German chancellor’s reputation could be at stake as scandal grows over intelligence agency’s surveillance of European businesses and officials on behalf of NSA

Angela Merkel’s reputation as an unassailable chancellor is under threat amid mounting pressure for her to reveal how much she knew about a German-supported US spying operation on European companies and officials.

The onus on her government to deliver answers over the spying scandal has only increased with the Austrian government’s announcement that it has filed a legal complaint against an unnamed party over “covert intelligence to the detriment of Austria”.

EADS, now Airbus, one of the companies known to have been spied on by the BND – Germany’s foreign intelligence agency – is also taking legal action, saying it will file a complaint with prosecutors in Germany.

The BND stands accused of spying on behalf of America’s NSA on European companies such as EADS, as well as the French presidency and the EU commission. There are also suspicions that German government workers and journalists were spied on.

The Social Democrats (SPD), Merkel’s government partners, along with Germany’s federal public prosecutor, Harald Range, are demanding the release of a list of “selectors” – 40,000 search terms used in the spying operations – the results of which were passed on to the NSA.

“The list must be published and only then is clarification possible,” said Christine Lambrecht, parliamentary head of the SPD faction. Merkel has so far refused to allow its release. Her spokesman, Steffen Seibert, said she would make a decision on whether or not to do so only “once consultations with the American partners are completed”.

Thomas de Maizière, the interior minister and a close Merkel confidante, is under even more pressure than the chancellor over allegations he lied about what he knew of BND/NSA cooperation. On Wednesday he answered questions on the affair to a parliamentary committee investigating the row, but only in camera and in a bug-proof room. Among other alleged shortcomings over the affair, he stands accused of failing to act when the BND informed him of the espionage activities in 2008 when he was Merkel’s chief of staff. He has repeatedly been portrayed in the tabloid media with a Pinocchio nose.

Responding to journalists during a break in the proceedings, he once again vehemently denied the allegations. “As chief of staff in 2008, I learned nothing about search terms used by the US for the purposes of economic espionage in Germany,” he said. But he acknowledged knowing about American efforts to intensify the intelligence swapping, calling it “problematic cooperation”, and said the requests had been turned down by the BND.

On Wednesday evening the committee is due to question the incumbent chief of staff, Peter Altmaier.

The former BND chief, Gerhard Schindler, is due to speak before the separate NSA parliamentary committee – set up to investigate the activities of the US agency as revealed by Edward Snowden – on Thursday.

While Merkel appeared to have remained relatively unscathed by the scandal until now, an opinion poll showed that most Germans believed the trustworthiness of the three-times chancellor was now seriously at stake. 62% of Germans said her credibility was in doubt, according to the poll, carried out by the Insa institute, while 18% said it was not.

Merkel told Radio Bremen in an interview that she was prepared to speak out over the allegations to a parliamentary committee. “I will testify there and justify myself to them where it is required,” she told the broadcaster.

Sigmar Gabriel, the deputy chancellor and economy minister, who is also the leader of the SPD, upped the ante still further by relaying a conversation he had with Merkel in which he asked her twice if the government had evidence of economic espionage, and she said no. He added that if it emerged Germany had been involved in helping the NSA spy on companies, it would greatly strain relations between business and the government and “put a large burden on the trust the economy has in government behaviour”.

The scandal has already strained relations within Merkel’s grand coalition, with many observers commenting that Gabriel was seeing the affair as a chance to make political gains. Political observers were lining up to remark that the crisis is the single most critical of Merkel’s decade in government and could even lead to her and her government’s downfall.

But the scandal has its roots much further back than Merkel’s own government, harking to a time when Europe was gripped by the cold war. Both the US and the UK, as victors of the second world war who had Germany under close supervision, ran spying networks from Germany, most notably from Bad Aibling in Bavaria, the biggest listening station outside the US and Britain. Officially, the US withdrew its operations in 2004. But unofficially it stayed there under an agreement in which Germany agreed to hand over its intelligence findings in return for the highly sophisticated technology the US was able to provide. The events of 9/11 and the revelations that three of the pilots had lived in Germany undetected only served to increase the pressure the US was able to put on Germany that its presence was necessary.

Bad Aibling, officially now solely a BND listening facility, was the post used by the NSA in the current scandal.

The affair has underlined just how dependent Germany still is on the US and to a lesser extent the UK, on issues of intelligence and defence. Their desire for still-closer cooperation culminated in Operation Monkey Shoulder (named after a blend of three different types of malt whiskys) involving the BND, NSA and MI6, Spiegel recently revealed.

With such a background, the German government has to appear to be criticising the US at the same time as underlining the importance of cooperation.

Merkel, who appeared to be hugely at odds with the US government when it was revealed in 2013 that the NSA’s mass intelligence operation included tapping her mobile phone, has so far responded in a characteristically vague and flat manner. While acknowledging that allies should not spy on each other, she has stressed that spying’s most important role is to prevent terrorist attacks.

“The government will do everything to guarantee the ability of the intelligence services,” she said on Monday. “Taking terrorist threats into account, that ability is only possible in cooperation with other agencies. That very much includes the NSA, as well as others.”

Commenting on the crisis, Spiegel magazine called it the “biggest challenge that the ‘Merkel Regime’ has had to face”, and potentially the “turning point of her chancellorship”.

“She enjoys such trust because many Germans feel she looks after the country’s needs and their own very well. But the scandal … could cause the foundations of her power to crumble,” the magazine said.

quote:

Appeals Court Rules NSA Phone Program Not Authorized by Patriot Act

ACLU lawsuit argued the data collection should be stopped because it violates Americans’ privacy rights

quote:

A federal appeals court ruled Thursday the National Security Agency's controversial collection of millions of Americans' phone records isn't authorized by the Patriot Act, as the Bush and Obama administrations have long maintained.

quote:

NSA’s Bulk Collection of Phone Records Is Illegal, Appeals Court Says

quote:

A federal appeals court panel ruled on Thursday that the NSA’s bulk collection of metadata of phone calls to and from Americans is not authorized by Section 215 of the USA Patriot Act, throwing out the government’s legal justification for the surveillance program exposed by NSA whistleblower Edward Snowden nearly two years ago.

Judge Gerard E. Lynch, writing the opinion for the three-judge panel of the Second Circuit Court of Appeals in New York, described as “unprecedented and unwarranted” the government’s argument that the all-encompassing collection of phone records was allowed because it was “relevant” to an authorized investigation.

The case was brought by the American Civil Liberties Union, and ACLU attorney Alex Abdo told The Intercept, “This ruling should make clear, once and for all, that the NSA’s bulk collection of Americans’ phone records is unlawful. And it should cast into doubt the unknown number of other mass surveillance operations of the NSA that rely on a similarly flawed interpretation of the law.”

As Lynch wrote in the court’s opinion: “To obtain a § 215 order, the government must provide the FISC [Foreign Intelligence Surveillance Court] with ‘a statement of facts showing that there are reasonable grounds to believe that the tangible things sought are relevant to an authorized investigation (other than a threat assessment)’. ”

quote:

Of Snowden and the NSA, only one has acted unlawfully – and it’s not Snowden | World news | The Guardian

With the NSA’s bulk surveillance ruled illegal, the debate on the Patriot Act should be reinvigorated – with Edward Snowden free to join in

With the NSA’s bulk surveillance ruled illegal, the debate on the Patriot Act should be reinvigorated – with Edward Snowden free to join in

On 6 June 2013, the Guardian published a secret US court order against the phone company Verizon, ordering it on an “ongoing, daily basis” to hand over the call records of its millions of US customers to the NSA – just one of numerous orders enabling the government’s highly secret domestic mass surveillance program. Just days later the world learned the identity of the whistleblower who made the order public: Edward Snowden.

Now, almost two years later, a US court has vindicated Snowden’s decision, ruling that the bulk surveillance program went beyond what the law underpinning it allowed: the US government used section 215 of the Patriot Act to justify the program. A US court of appeals has ruled the law does not allow for a program so broad. In short, one of the NSA’s most famous and controversial surveillance programs has no legal basis.

Of Snowden and the NSA, only one has so far been found to have acted unlawfully – and it’s not Snowden. That surely must change the nature of the debate on civil liberties being had in America, and it should do so in a number of ways.

The first is the surprisingly thorny question of what to do with Snowden himself. The whistleblower is in his second year of exile, living in asylum in Russia, as he would surely face criminal prosecution should he return. The nature of the punishment – and pre-trial mistreatment – meted out to Chelsea Manning shows his fears are well founded.

But now the courts have ruled that Snowden’s flagship revelation, the very first and foremost of the programs he disclosed, has no legal basis, who now might challenge his status as a whistleblower?

Certainly not Judge Sack, who in his concurring opinion alongside today’s rulings acknowledged Snowden’s revelations led to this litigation, and likened his disclosures to Daniel Ellsberg’s famous “Pentagon Papers” leak.

If the US government seeks to jail someone who has shown its own security services acting unlawfully, its international reputation will deservedly take a beating. If the US wants moral authority to talk to other governments about whistleblowers and civil liberty, it needs to be brave: it needs to offer Snowden amnesty.

The other actions for the US executive and for Congress are broader. The court of appeals judges very deliberately chose not to consider the constitutionality of NSA bulk surveillance programs, as such questions are currently before Congress with the ongoing debate on how to reform the Patriot Act.

Congress should allow this ruling to reinvigorate that debate, and in a sense the ruling forces it to do so. If Congress want a law that allows phone surveillance on the scale of the NSA’s existing programs, it will have to explicitly create that: gone is the option of trying to push through something near the status quo with a fringe of reform.

For domestic bulk surveillance to continue and be legal, Congress must explicitly vote for it – and then, in time, the judicial branch will consider the constitutional case in earnest.

If Congress sincerely wishes to curb it, it now has substantial backing from the judicial branch to push forward and do that. Reformers finally have the jolt in the arm they needed to prevent the positive impact of Snowden’s revelations dribbling away.

The president could also use this ruling as an opportunity to consider his stance. The line endlessly aired by the administration and its officials is that all surveillance is legal. That line is no longer valid. Rather than just seeking a new script – or as is almost certain, merely appealing against the decision – this could be a great opportunity for some introspection. These surveillance programs are wildly expensive and have very few proven results. Why not look at which ones the US really needs, and whether old-fashioned targeted surveillance might not keep us all as safe (or safer), and freer too?

The final debate is one that is unlikely to happen, but should: the US needs to start considering the privacy and freedom of foreigners as well as its own citizens. The US public is rightly concerned about its government spying on them. But citizens of countries around the world, many of them US allies, are also rightly concerned about the US government spying on them.

Considering Americans and foreigners alike in these conversations would be a great moral stance – but pragmatically, it should also help Americans. If the US doesn’t care about the privacy of other countries, it shouldn’t expect foreign governments to care about US citizens. There’s something in this for everyone.

These are the debates we could be having, and should be having. The judiciary has spoken. The legislature is deliberating. The public is debating. And all of it is enabled thanks to information provided by Edward Snowden.

He should be free to join the conversation, in person.
Bron: www.theguardian.com

quote:

Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide

quote:

When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept.

We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”

quote:

Revealed: FBI violated its own rules while spying on Keystone XL opponents

quote:

The FBI breached its own internal rules when it spied on campaigners against the Keystone XL pipeline, failing to get approval before it cultivated informants and opened files on individuals protesting against the construction of the pipeline in Texas, documents reveal.

Internal agency documents show for the first time how FBI agents have been closely monitoring anti-Keystone activists, in violation of guidelines designed to prevent the agency from becoming unduly involved in sensitive political issues.

The hugely contentious Keystone XL pipeline, which is awaiting approval from the Obama administration, would transport tar sands oil from Canada to the Texas Gulf coast.

It has been strongly opposed for years by a coalition of environmental groups, including some involved in nonviolent civil disobedience who have been monitored by federal law enforcement agencies.

The documents reveal that one FBI investigation, run from its Houston field office, amounted to “substantial non-compliance” of Department of Justice rules that govern how the agency should handle sensitive matters.

One FBI memo, which set out the rationale for investigating campaigners in the Houston area, touted the economic advantages of the pipeline while labelling its opponents “environmental extremists”.

quote:

AIVD-baas had gelijk: Edward Snowden verdient tegenspel

Onderzoek waarom die ex-NSA’er vanuit Moskou enkel Amerikaanse vrienden tegen elkaar uitspeelt, betoogt ex-AIVD’er Kees Jan Dellebeke.

Geeft de Nederlandse geheime dienst de Amerikaanse inlichtingendiensten onbeperkte toegang tot eigen informatie? „Dat is echt absolute bullshit”, zei Rob Bertholee, directeur AIVD, op 1 mei in NRC. De interviewers hadden hem beweringen voorgelegd van Edward Snowden, de Amerikaan die in 2013 een berg documenten van zijn werkgever NSA openbaarde, de grootste inlichtingendienst van de VS. Bertholee heeft gelijk, maar in de publieke opinie werd het hem niet in dank afgenomen dat hij de naar Moskou gevluchte NSA’er afserveerde. Het leidde zelfs tot Kamervragen. „Deelt u de strategie van de AIVD om klokkenluider Snowden te isoleren en te stigmatiseren?”, vroeg Ronald van Raak (SP) aan de minister van Binnenlandse Zaken.

Als ex-AIVD’er sloeg ik de ophef met verbazing gade. Wonderlijk dat zoveel intelligente mensen blindelings geloven in de ‘goede bedoelingen’ van Snowden. Bertholee spoorde de journalistiek juist aan Snowden kritischer te onderzoeken en tegenspel te bieden. Natuurlijk, de AIVD beschikt over meer bronnen en is daarmee in het voordeel van journalisten en politici. Denk aan analyses van buitenlandse inlichtingendiensten over Snowden. De dienst wordt daarover regelmatig bijgepraat. Bertholees Ruslandspecialisten zullen zich ongetwijfeld verdiept hebben in de mogelijke rol die Poetins geheime dienst FSB in de affaire speelde.

Bertholee staat overigens niet alleen in zijn kritiek op de met Snowden dwepende pers. In universiteitskringen wordt de kritiekloze en hijgerige berichtgeving over Snowdens uitlatingen evenmin gewaardeerd. Zij vragen zich af waarom Snowden als geestelijk leider aanbeden wordt. Hij wordt aangehoord en geloofd: tegengas blijft uit, waarschijnlijk uit angst dat hij een interview zal weigeren.

quote:

#Anonymous Sweden hacks the #NSA, mentions of hack wiped from #Facebook, #LinkedIn

quote:

DⒶʀKᙡiNɢ ಠ_ರೃ , a Swede associated with Anonymous, has claimed a new, and rather relentless, hack of the US National Security Agency’s email server. Nothing so mundane as username/password combinations, the Pastebin of the hack lists the methodology and blow-by-blow of what worked, what didn’t, and what the hacker thinks of the NSA security (hint: not much). Turns out, the NSA doesn’t even maintain its own email server: they’ve outsourced that to Qwest.

quote:

Pirate Party activist and Cryptosphere contributor Raymond Johansen shared the original tweet to Facebook when the Paste had 327 views. The tweet contains a live link to the Pastebin, of course.

Within eight minutes, he reports, the Pastebin had been taken down. “THEN they read me laughing at them for even trying.” Someone posted a link to the Google cache of the missing paste in the comments on Facebook, at which point the paste apparently re-materialized. “Within a minute of that the original paste is back up AGAIN – the NSA realizing I am making them look like class fulz. THAT moment is the single most ROFL inducing PSML unavoidable moment of my life. It is Anonspeak for “we know we fckd lets unfck ourself” – all the while actually doublefcking themselves – royally.”

The paste may have been tampered with in the interim, says Johansen. “The [second] paste we saw, maybe 12 hours old, had strange garbage on the end. IMO it has been tinkered with and I myself will not visit that pastebin – because OpSec.”

“AnonIntelGroup posted ‘Bring the Lulz back!’ a week ago. ‘Mission accompli!’ – I would say.”

Within three hours of that, however, Johansen noticed that the Facebook post itself was missing from his timeline, missing from his Timeline Review, and had been removed from all the groups and pages to which he had shared it. Gone, too, were the comments. He then made a new post, explaining the elision, which was screenshotted and linked above. The Cryptosphere was able to confirm independently via email updates that the original post existed, and was subsequently scrubbed by Facebook.

quote:

Angela Merkel under pressure to reveal extent of German help for US spying | World news | The Guardian

German chancellor called on to divulge a list of targets, including the IP addresses of individual computers, tracked on behalf of the NSA

German chancellor called on to divulge a list of targets, including the IP addresses of individual computers, tracked on behalf of the NSA

The German chancellor, Angela Merkel, is coming under increasing pressure to divulge a list of targets, including the IP addresses of individual computers, that German intelligence tracked on behalf of the US National Security Agency (NSA).

Critics have accused Merkel’s staff of giving the BND foreign intelligence agency the green light to help the NSA spy on European firms and officials.

The scandal has strained relations between Merkel’s conservative Christian Democratic Union and its junior coalition partner, the Social Democrats, whose leader, Sigmar Gabriel, has publicly challenged her over the affair.

Gabriel told the German newspaper Bild am Sonntag that parliament needed to see the list, which contains names, search terms and IP addresses. The government has said it must consult the US before revealing the list, whose contents are thought crucial to establishing whether the BND was at fault in helping the NSA.

Gabriel, who is also Germany’s vice-chancellor, said: “Imagine if there were suspicions that the NSA had helped the BND to spy on American firms. Congress wouldn’t hesitate for a second before looking into the documents.”
Bron: www.theguardian.com

quote:

AIVD onderzoekt mogelijke spionage door Duitse inlichtingendienst | De afluisterpraktijken van de NSA

Minister Ronald Plasterk van Binnenlandse Zaken laat de inlichtingen- en veiligheidsdienst AIVD uitzoeken wat er waar is van beschuldigingen dat Duitse en Amerikaanse inlichtingendiensten onder meer internetverkeer richting Nederland hebben afgetapt. Plasterk zei dat vandaag in de marge van het vragenuur in de Tweede Kamer.
[/b]

De Oostenrijkse politicus Peter Pilz meldde de spionage door de Duitse dienst BND en de Amerikaanse NSA maandag aan het Duitse tijdschrift Der Spiegel. Behalve Nederlands internetverkeer zouden die diensten ook gegevens in Oostenrijk en Frankrijk hebben onderschept.

Mocht Pilz meer informatie hebben, dan wil de AIVD die graag inzien, zei Plasterk. Zodra de minister meer weet, zal hij de Tweede Kamer informeren. Hij noemde het 'in algemene zin onacceptabel' dat er in Nederland door buitenlandse diensten wordt gespioneerd.

Bron: Volkskrant

quote:

[quote]NSA neusde nog veel meer rond in Europa dan gedacht

De interesse van de Amerikaanse inlichtingendienst NSA in Europese bedrijven blijkt veel groter te zijn geweest dan tot nog toe werd aangenomen. Niet alleen bedrijven in de defensiesector zoals EADS en Eurocopter werden bespioneerd, ook andere firma's werden in de gaten gehouden.

Volgens het tijdschrift Der Spiegel is bij de Duitse inlichtingendienst BND, die hand-en-spandiensten verleent aan de NSA, een nieuwe lijst met zoektermen opgedoken waaruit de interesse valt op te maken. Op de lijst staan 459.000 zoektermen die in ieder geval in de periode 2005 - 2008 werden gebruikt.

Door het stof

De baas van de BND, Gerhard Schindler, ging gisteren door het stof. Hij gaf toe dat de door de NSA ingediende zoektermen waarmee door de BND verzamelde informatie wordt doorzocht, onvoldoende door zijn dienst tegen het licht zijn gehouden.

De nieuwe lijst brengt de Duitse inlichtingendienst echter ook op een ander punt in verlegenheid. Het zorgvuldig gecultiveerde beeld dat afluisterstation Bad Aibling zelfstandig opereerde zonder medeweten van het hoofdkantoor is niet langer houdbaar, schrijft Der Spiegel. De lijst komt van het hoofdkantoor in Pullach van de afdeling G10 die er juist op moet toezien dat Duitsers verschoond blijven van onwettige spionagepraktijken.

quote:

Security services' powers to be extended in wide-ranging surveillance bill | UK news | The Guardian


Surprise extension of bill’s scope beyond legislation to modernise law on tracking communications data was agreed only this week

The government is to introduce an investigatory powers bill that is far more wide-ranging than expected, including an extension of the powers of the security services in response to the surveillance disclosures by the NSA whistleblower Edward Snowden.

The legislation will include not only the expected snooper’s charter, enabling the tracking of everyone’s web and social media use, but also moves to strengthen the security services’ warranted powers for the bulk interception of the content of communications.

The surprise extension of the scope of the bill beyond legislation to “modernise the law” on tracking communications data was agreed within government only this week. It appears that David Cameron has decided to take advantage of his unexpected majority in the Commons to respond to Snowden’s disclosures by extending the powers of the security services.

The Home Office says the investigatory powers bill will “better equip law enforcement and intelligence agencies to meet their key operational requirements, and address the gap in these agencies’ ability to build intelligence and evidence where subjects of interest, suspects and vulnerable people have communicated online.”

Ministers promise to provide for “appropriate oversight arrangements and safeguards”, but there is no immediate detail on how the complex web of intelligence and surveillance commissioners and parliamentary oversight might be strengthened.

The government also promises that the legislation will respond to issues raised by David Anderson QC, the official reviewer of counter-terrorism legislation, in his assessment of bulk surveillance powers used by the police and security services under the Regulation of Investigatory Powers Act 2000.

Anderson delivered his report to Downing Street on 6 May, the day before the general election, and it is expected to be published in the next few days. Anderson has said his review considered the safeguards to privacy, issues of transparency and oversight as well as the powers needed to meet the challenge of changing technologies. He has said it was a “substantial piece of work” and included him travelling to Berlin, California, Washington DC, Brussels and Ottawa.

“The report won’t please everyone [indeed it may not please anybody]. But if it succeeds in informing the public and parliamentary debate on the future of the law from an independent perspective, it will have done its job,” he said on his blog.

Jim Killock, executive director of the Open Rights Group, said: “The government is signalling that it wants to press ahead with increased powers of data collection and retention for the police and GCHQ, spying on everyone, whether suspected of a crime or not.

“This is the return of the snooper’s charter, even as the ability to collect and retain data gets less and less workable. We should expect attacks on encryption, which protects all our security. Data collection will create vast and unnecessary expense.”

Renate Samson, chief executive of Big Brother Watch, said: “Whilst the title may have changed from a communications data bill to an investigatory powers bill, it will be interesting to see whether the content has radically changed.

“We have yet to see real evidence that there is a gap in the capability of law enforcement or the agencies’ ability to gain access to our communications data.”

The extended scope of the bill may follow some of the recommendations of the intelligence and security committee (ISC), which suggested in March that the entire existing surveillance legal framework should be replaced by a single new act of parliament.

The MPs and peers suggested that the new legislation should list every intrusive capability available to the security services and specify their purpose, authorisation procedure and what safeguards and oversight procedures exist for their use. This presumably extends to the kind of GCHQ bulk data collection programmes such as Temp0ra and Prism disclosed by Snowden.

The ISC said the introduction of the new communications data legislation was “critical”, but added that a new category of data called “communications data plus” should be established. It said this would acknowledge that some forms of communications data could reveal private information about a person’s habits, preferences or lifestyle choices, such as websites visited. “Such data is more intrusive and therefore should attract greater safeguards.” they recommended.

The other four Home Office bills are largely as trailed. The extremism bill will include powers to “strengthen the role of Ofcom so that tough measures can be taken against channels that broadcast extremist content”. This is despite warnings from Sajid Javid, the business secretary, that the initial proposals threatened free speech.

The bill also includes the introduction of employment checks enabling companies to find out whether an individual is an extremist so they can be barred from working with children. This is alongside already announced proposals for banning orders, extremism disruption orders and closure orders to be used against premises that are used to support extremism.

The immigration bill will create a new enforcement agency to tackle the worst cases of exploitation as well creating an offence of illegal working and enabling wages to be seized as proceeds of crime. Ministers promise to consult on the introduction of a visa levy on businesses that recruit overseas labour to fund extra apprenticeships for British and EU workers.

The five bills mean that the home secretary, Theresa May, will be one of the busiest cabinet ministers in parliament. Her policing and criminal justice bill will implement her mental health reforms, end the use of police bail for months or even years without judicial check, and introduce sanctions on professionals including social workers who fail to report or take action on child abuse.

Ministers have been silent on the sentencing aspects of this bill but the Conservative manifesto promised the introduction of short, sharp custodial sentences for persistent offenders. The new justice secretary, Michael Gove, may be looking again at this proposal.

The psychoactive substances bill or legislation to introduce a blanket ban on legal highs is to be introduced this week. It will criminalise the trade in legal highs with prison sentences of up to seven years but will not make personal possession a criminal offence. The legislation will distinguish between everyday psychoactive substances such as alcohol, tobacco, caffeine and some medicinal products and new designer drugs that imitate more traditional illegal substances.
Bron: www.theguardian.com