Monitoring NSA in de VS en erbuiten, deel 9

quote:

Witness: German intelligence helped NSA to tap Internet hub

A German parliamentary inquiry has been told that German intelligence fed America's NSA filtered data from an Internet hub in Frankfurt, after clearance from Berlin. The "Eikonal" project ended in 2008.

A witness told a German parliamentary inquiry on Thursday that America's NSA was fed filtered data from an internet exchange point in Frankfurt, after an OK from the Chancellery in Berlin.

The Eikonal project leader within Germany's BND foreign intelligence agency - identified only as S.L. - said the exchange's own operator had legal doubts, but was convinced once confirmation came from the-then chancellery.

Germany's federal intelligence service (BND) delivered filtered information from 2004 until 2008, when the "Americans saw that we could not extract anything more for them," said the witness, who was quoted by Germany's main news agency DPA.

Over that period, Germany was first governed by a center-left coalition headed by Social Democrat Chancellor Gerhard Schröder, and from October 2005 by Chancellor Angela's first grand coalition cabinet.

Anchored in Germany's constitution are strict data privacy laws in reaction to the Hitler dictatorship and Stasi eavesdropping in former communist East Germany.

The project leader said the BND used NSA equipment and know-how to tap the hub's lines, including telephone calls, for data which passed through multiple "cascade" filters and then to a BND/NSA facility at Bad Aibling near Munich.

Several hundred items were eventually forwarded each year to the NSA after checking by staff to make sure data about Germans had been removed

In October, the newspaper Süddeutsche Zeitung in an investigative report said these filters had not worked sufficiently to filter out all data on Germans.

Mass NSA monitoring of mobile phone operators

The website The Intercept claimed on Thursday that papers from the US whistleblower Edward Snowden showed that the NSA spied on hundreds of mobile phone operators.

In an operation codenamed "AURORAGOLD," the NSA kept watch on 1200 email accounts of operators, looking for security weaknesses in their systems, gleaned especially when they exchanged advice on roaming for customers abroad.

During 2012, information was gathered in this way from more than 70 percent of the mobile operators worldwide, The Intercept said, adding the newly known factor was the mass scale of the observation.

Last year, it emerged that the NSA - deciphering the widely used GSM wireless standard - had tapped into one of Merkel's mobile phones.

quote:

Anonymous Releases Video, Claims It Shows Warrantless Wiretapping By Police

quote:

Stingray Warrentless Wiretap by CPD on Activists

quote:

A video released by hacker collective Anonymous purports to show evidence of warrantless wiretapping in Chicago during a #blacklivesmatter protest. According to the video, a vehicle moved through the streets during protests, listening in on conversations.

The video (shared in its entirety below) opens with a scene of President Barack Obama addressing the nation. “Nobody is listening to your telephone calls,” he assures viewers. It goes on to show specific promises and assurances, quotes from the NSA, stating that no one will be subject to wiretapping without a warrant.

quote:

Op donderdag 31 juli 2014 22:02 schreef Papierversnipperaar het volgende:
Oh ja, de CIA en dat rapport over martelen:

[..]

[..]

Het artikel gaat verder.

quote:

House chair warns violence abroad would follow Senate torture report release

quote:

The chairman of the House intelligence committee said on Sunday the release of a Senate report examining the use of torture by the CIA a decade ago will cause violence and deaths abroad.

Representative Mike Rogers, a Michigan Republican, is regularly briefed on intelligence analyses. He told CNN that the US intelligence community had assessed that the release of the report would be used by extremists to incite violence.

The Senate intelligence committee is poised to release the first public accounting of the CIA’s use of torture on al-Qaida detainees held in secret facilities in Europe and Asia in the years after the terrorist attacks of 11 September 2001. It will come in the form of a 480-page executive summary of the 6,200-page report by Democrats on the committee, who spent six years reviewing millions of secret CIA documents.

On Friday, secretary of state John Kerry urged the senator in charge of the report to consider the timing of its release.

quote:

Judge: Give NSA unlimited access to digital data

quote:

The U.S. National Security Agency should have an unlimited ability to collect digital information in the name of protecting the country against terrorism and other threats, an influential federal judge said during a debate on privacy.

“I think privacy is actually overvalued,” Judge Richard Posner, of the U.S. Court of Appeals for the Seventh Circuit, said during a conference about privacy and cybercrime in Washington, D.C., Thursday.

“Much of what passes for the name of privacy is really just trying to conceal the disreputable parts of your conduct,” Posner added. “Privacy is mainly about trying to improve your social and business opportunities by concealing the sorts of bad activities that would cause other people not to want to deal with you.”

Congress should limit the NSA’s use of the data it collects—for example, not giving information about minor crimes to law enforcement agencies—but it shouldn’t limit what information the NSA sweeps up and searches, Posner said. “If the NSA wants to vacuum all the trillions of bits of information that are crawling through the electronic worldwide networks, I think that’s fine,” he said.

In the name of national security, U.S. lawmakers should give the NSA “carte blanche,” Posner added. “Privacy interests should really have very little weight when you’re talking about national security,” he said. “The world is in an extremely turbulent state—very dangerous.”

twitter:

ggreenwald twitterde op maandag 08-12-2014 om 13:41:07 Why isn't Judge Richard Posner putting all his emails and call transcripts online? What warped acts is he hiding?? https://t.co/NQYaml9jzk reageer retweet

quote:

Lone US senator attempts to block bill challenging government secrecy

quote:

New legislation designed to challenge the ingrained secrecy of the US government and open up federal agencies to greater public scrutiny is on the verge of collapse after a single Democratic senator, Jay Rockefeller of West Virginia, effectively blocked its passage.

The Foia Improvement Act of 2014 has cleared all its major procedural hurdles with unanimous support in both the House of Representatives and the Senate judiciary committee. Its overwhelming bipartisan backing has offered a rare glimmer of hope in an otherwise gridlocked Congress.

But unless Rockefeller agrees to drop his last-minute objections to the legislation by the end of Monday, its chances of coming to a vote by the end of this Congress are all but dead. The bill, which has been two years in the making, is backed by more than 70 good governance organisations and is seen as a critical step towards a more open and accountable flow of public information.

quote:

Mass surveillance exposed by Snowden ‘not justified by fight against terrorism’

Report by Nils Mui¸nieks, commissioner for human rights at the Council of Europe, says ‘secret, massive and indiscriminate’ intelligence work is contrary to rule of law

The “secret, massive and indiscriminate” surveillance conducted by intelligence services and disclosed by the former US intelligence contractor Edward Snowden cannot be justified by the fight against terrorism, the most senior human rights official in Europe has warned.

In a direct challenge to the United Kingdom and other states, Nils Mui¸nieks, the commissioner for human rights at the Council of Europe, calls for greater transparency and stronger democratic oversight of the way security agencies monitor the internet. He also said that so-called Five Eyes intelligence-sharing treaty between the UK, US, Australia, New Zealand and Canada should be published.

“Suspicionless mass retention of communications data is fundamentally contrary to the rule of law … and ineffective,” the Latvian official argues in a 120-page report, The Rule of Law on the Internet in the Wider Digital World. “Member states should not resort to it or impose compulsory retention of data by third parties.”

As human rights commissioner, Mui¸nieks has the power to intervene as a third party in cases sent to the European court of human rights (ECHR) in Strasbourg. His report is published the week after the UK’s Investigatory Powers Tribunal (IPT) found that the legal regime governing mass surveillance of the internet by the monitoring agency GCHQ is “human rights compliant”.

In his report, Mui¸nieks wrote: “In connection with the debate on the practices of intelligence and security services prompted by Edward Snowden’s revelations, it is becoming increasingly clear that secret, massive and indiscriminate surveillance programmes are not in conformity with European human rights law and cannot be justified by the fight against terrorism or other important threats to national security. Such interferences can only be accepted if they are strictly necessary and proportionate to a legitimate aim.”

The civil liberties organisations which brought the claim in the IPT case are planning to appeal against the ruling to the ECHR - a case in which the commissioner could participate.

Mui¸nieks told the Guardian: ”I’m interested in weighing in on such cases about surveillance. Surveillance has gone beyond the bounds of the rule of law and democratic oversight needs to be more robust.

“We have seen examples where there’s a clear lack of oversight of security: the first was black sites, torture and rendition; the second was the revelations about mass surveillance. I want to influence the working of the court and its thinking.

“These recommendations [in the report] are my interpretation of basic human rights principles. The court often refers to my work in their judgments. There’s no substantial case law in internet-related issues so far.

“The UK is a country we are watching closely on these issues. It has a huge influence on whether or not the rule of law will prevail in the digital environment. All of these data sharing agreements should be as transparent as possible so we can assess the extent to which they are abiding by the law. Our right to privacy has been compromised on a regular basis and on a mass scale. I find that very worrying.”

Mui¸nieks said he expects to visit the UK next year and examine the UK’s record on surveillance. Asked about the IPT ruling, he commented: “I would note that very few complaints to this tribunal have been upheld in the last few years which raises many questions for me.”

He supported calls for publication of the so-called Five Eyes treaty that authorises intelligence sharing between the UK, US, Australia, Canada and New Zealand as a contribution to greater transparency. A case requesting its release has already been lodged at the ECHR.

His report contained a number of recommendations including:

• No states … European or otherwise, should access data stored in another country without the express consent of the other country or countries involved unless there is a clear, explicit and sufficiently circumscribed legal basis in international law for such access.

• Member states should ensure that their law-enforcement agencies do not obtain data from servers and infrastructure in another country under informal arrangements.

• [Countries] should stop relying on private companies that control the internet and the wider digital environment to impose restrictions that are in violation of the state’s human rights obligations.

• The activities of national security and intelligence agencies [should be brought within] an overarching legal framework. Until there is increased transparency on the rules under which these services operate their activities cannot be assumed to be in accordance with the rule of law.

• States should ensure that effective democratic oversight over national security services is in place. For effective democratic oversight, a culture of respect for human rights and the rule of law should be promoted, in particular among security service officers.

The Council of Europe, which has 47 member states including the UK, Russia and Turkey, is the body that oversees the European court of human rights in Strasbourg.

quote:

Philip Hammond ‘confused’ about extent of UK surveillance powers

Foreign secretary accused by campaigners of not understanding warrants he has been signing into force

Philip Hammond has been criticised for not understanding the legislation surrounding government powers to sweep up and analyse huge volumes of electronic communications such as email.

Eric King, from rights group Privacy International, said the foreign secretary appeared “confused” while giving evidence to parliament’s intelligence and security committee. The committee is reviewing the need for new legislation to regulate the UK’s electronic espionage agency, GCHQ, in light of revelations on bulk data collection by Edward Snowden, a former contractor for US intelligence.

The accusation follows a judgment on Friday that ruled the Tempora programme, for which Hammond signed the warrants, was legal, despite widespread concern from human rights groups.

“It is clear that he [Hammond] is unfortunately confused about the effect of the warrants he is signing into force, how they deal with British communications and the difference between so-called internal communications and external communications,” said King. “This is one of the huge problems with having ministers sign warrants.”

Campaigners say that in testimony to the intelligence and security committee in October, Hammond appeared not to understand the details of how the warrants he was signing worked – including whether or not they allowed the interception of communications of UK residents.

During the session, Hammond – who oversees the work of GCHQ and the foreign intelligence agency MI6 – initially appeared to say that any email exchange in which either the sender or recipient was based in the UK was treated as an internal communication and therefore any government agency wanting to access it was subject to stricter controls under the Regulation of Investigatory Powers Act (Ripa).

Later he said that if either sender or recipient were outside the UK it was an external communication and therefore subject to a different warrant, which allows the foreign secretary to authorise much broader examination by the intelligence agencies than is the case with UK-based communications.

King queried the detail of Hammond’s evidence: “If you listened to him on what Ripa does, it seems the article 8, section 4 warrants don’t ever collect UK communications and instead are exclusively for foreign to foreign communications. However, that is false on two grounds: article 8, section 4 warrants, while targeting external communications, expressly include UK to foreign, or foreign to UK and as such UK communications routinely get swept up as part of them,” he said.

“Secondly, the idea you need a more targeted article 8, section 1 warrant to intercept information about someone in the UK has not been true for a long time, and plainly wrong in the face of GCHQ programs like Tempora that are automatically intercepting, filtering and analysing a huge number of our communications on a daily basis.”

The issue of what can be intercepted under such “one-end foreign” warrants is a complicated one in the online era. If, for example, two people living in the UK send each other an email using Gmail, that may clearly seem to be a domestic communication which would need an individual warrant. However, if the intelligence services define it as each person communicating with Google’s servers in Ireland, the communication can be defined as one-end foreign, and mass-intercepted.

Privacy and civil rights groups have argued that, in light of the Snowden revelations, all electronic surveillance warrants should go before a judge to ensure the huge power available to government as a result of modern surveillance technology should be subject to some form of judicial constraint.

King said: “Hammond’s clear confusion is the predictable outcome of a legal framework that depends upon secret interpretations and that obscures the reality of the powers it grants. The fact that those signing the Ripa warrants do not understand how it works underlines the need for a new law governing surveillance powers, a law which provides for a judicial process to ensure these warrants are being issued lawfully, with proper consideration and due understanding.”

During the session, Hammond said judges would assess surveillance warrant requests primarily from a legal standpoint and that only an elected official could properly apply political judgment on the necessity and proportionality of an eavesdropping operation.

A spokesman for the Foreign Office said: “The UK has one of the strongest legal and regulatory frameworks in the world for intelligence. Legislation around the use of warrants is naturally a technical area. That is why the foreign secretary went to great lengths to explain their use to the committee.”

quote:

Operation Socialist

The Inside Story of How British Spies Hacked Belgium’s Largest Telco

quote:

When the incoming emails stopped arriving, it seemed innocuous at first. But it would eventually become clear that this was no routine technical problem. Inside a row of gray office buildings in Brussels, a major hacking attack was in progress. And the perpetrators were British government spies.

It was in the summer of 2012 that the anomalies were initially detected by employees at Belgium’s largest telecommunications provider, Belgacom. But it wasn’t until a year later, in June 2013, that the company’s security experts were able to figure out what was going on. The computer systems of Belgacom had been infected with a highly sophisticated malware, and it was disguising itself as legitimate Microsoft software while quietly stealing data.

Last year, documents from National Security Agency whistleblower Edward Snowden confirmed that British surveillance agency Government Communications Headquarters was behind the attack, codenamed Operation Socialist. And in November, The Intercept revealed that the malware found on Belgacom’s systems was one of the most advanced spy tools ever identified by security researchers, who named it “Regin.”

The full story about GCHQ’s infiltration of Belgacom, however, has never been told. Key details about the attack have remained shrouded in mystery—and the scope of the attack unclear.

Now, in partnership with Dutch and Belgian newspapers NRC Handelsblad and De Standaard, The Intercept has pieced together the first full reconstruction of events that took place before, during, and after the secret GCHQ hacking operation.

Based on new documents from the Snowden archive and interviews with sources familiar with the malware investigation at Belgacom’s networks, The Intercept and its partners have established that the attack on Belgacom was more aggressive and far-reaching than previously thought. It occurred in stages between 2010 and 2011, each time penetrating deeper into Belgacom’s systems, eventually compromising the very core of the company’s networks.

quote:

Sophia in ‘t Veld, a Dutch politician who chaired the European Parliament’s recent inquiry into mass surveillance exposed by Snowden, told The Intercept that she believes the British government should face sanctions if the latest disclosures are proven.

“Compensating Belgacom should be the very least it should do,” int’ Veld said. “But I am more concerned about accountability for breaking the law, violating fundamental rights, and eroding our democratic systems.”

quote:

Last month, The Intercept confirmed Regin as the malware found on Belgacom’s systems during the clean-up operation.

The spy bug was described by security researchers as one of the most sophisticated pieces of malware ever discovered, and was found to have been targeting a host of telecommunications networks, governments, and research organizations, in countries such as Germany, Iran, Brazil, Russia, and Syria, as well as Belgium.

GCHQ has refused to comment on Regin, as has the NSA, and Belgacom. But Snowden documents contain strong evidence, which has not been reported before, that directly links British spies to the malware.

Aside from showing extensive details about how the British spies infiltrated the company and planted malware to successfully steal data, GCHQ documents in the Snowden archive contain codenames that also appear in samples of the Regin malware found on Belgacom’s systems, such as “Legspin” and “Hopscotch.”

One GCHQ document about the use of hacking methods references the use of “Legspin” to exploit computers. Another document describes “Hopscotch” as part of a system GCHQ uses to analyze data collected through surveillance.

Ronald Prins, director of the computer security company Fox-IT, has studied the malware, and played a key role in the analysis of Belgacom’s infected networks.

“Documents from Snowden and what I’ve seen from the malware can only lead to one conclusion,” Prins told The Intercept. “This was used by GCHQ.”

quote:

A Journalist-Agitator Facing Prison Over a Link

Barrett Brown makes for a pretty complicated victim. A Dallas-based journalist obsessed with the government’s ties to private security firms, Mr. Brown has been in jail for a year, facing charges that carry a combined penalty of more than 100 years in prison.

Professionally, his career embodies many of the conflicts and contradictions of journalism in the digital era. He has written for The Guardian, Vanity Fair and The Huffington Post, but as with so many of his peers, the line between his journalism and his activism is nonexistent. He has served in the past as a spokesman of sorts for Anonymous, the hacker collective, although some members of the group did not always appreciate his work on its behalf.

In 2007, he co-wrote a well-received book, “Flock of Dodos: Behind Modern Creationism, Intelligent Design and the Easter Bunny,” and over time, he has developed an expertise in the growing alliance between large security firms and the government, arguing that the relationship came at a high cost to privacy.

From all accounts, including his own, Mr. Brown, now 32, is a real piece of work. He was known to call some of his subjects on the phone and harass them. He has been public about his struggles with heroin and tends to see conspiracies everywhere he turns. Oh, and he also threatened an F.B.I. agent and his family by name, on a video, and put it on YouTube, so there’s that.

But that’s not the primary reason Mr. Brown is facing the rest of his life in prison. In 2010, he formed an online collective named Project PM with a mission of investigating documents unearthed by Anonymous and others. If Anonymous and groups like it were the wrecking crew, Mr. Brown and his allies were the people who assembled the pieces of the rubble into meaningful insights.

Project PM first looked at the documents spilled by the hack of HBGary Federal, a security firm, in February 2011 and uncovered a remarkable campaign of coordinated disinformation against advocacy groups, which Mr. Brown wrote about in The Guardian, among other places.

Peter Ludlow, a professor of philosophy at Northwestern and a fan of Mr. Brown’s work, wrote in The Huffington Post that, “Project PM under Brown’s leadership began to slowly untangle the web of connections between the U.S. government, corporations, lobbyists and a shadowy group of private military and infosecurity consultants.”

In December 2011, approximately five million e-mails from Stratfor Global Intelligence, an intelligence contractor, were hacked by Anonymous and posted on WikiLeaks. The files contained revelations about close and perhaps inappropriate ties between government security agencies and private contractors. In a chat room for Project PM, Mr. Brown posted a link to it.

Among the millions of Stratfor files were data containing credit cards and security codes, part of the vast trove of internal company documents. The credit card data was of no interest or use to Mr. Brown, but it was of great interest to the government. In December 2012 he was charged with 12 counts related to identity theft. Over all he faces 17 charges — including three related to the purported threat of the F.B.I. officer and two obstruction of justice counts — that carry a possible sentence of 105 years, and he awaits trial in a jail in Mansfield, Tex.

According to one of the indictments, by linking to the files, Mr. Brown “provided access to data stolen from company Stratfor Global Intelligence to include in excess of 5,000 credit card account numbers, the card holders’ identification information, and the authentication features for the credit cards.”

Because Mr. Brown has been closely aligned with Anonymous and various other online groups, some of whom view sowing mayhem as very much a part of their work, his version of journalism is tougher to pin down and, sometimes, tougher to defend.

But keep in mind that no one has accused Mr. Brown of playing a role in the actual stealing of the data, only of posting a link to the trove of documents.

Journalists from other news organizations link to stolen information frequently. Just last week, The New York Times, The Guardian and ProPublica collaborated on a significant article about the National Security Agency’s effort to defeat encryption technologies. The article was based on, and linked to, documents that were stolen by Edward J. Snowden, a private contractor working for the government who this summer leaked millions of pages of documents to the reporter Glenn Greenwald and The Guardian along with Barton Gellman of The Washington Post.

By trying to criminalize linking, the federal authorities in the Northern District of Texas — Mr. Brown lives in Dallas — are suggesting that to share information online is the same as possessing it or even stealing it. In the news release announcing the indictment, the United States attorney’s office explained, “By transferring and posting the hyperlink, Brown caused the data to be made available to other persons online, without the knowledge and authorization of Stratfor and the card holders.”

And the magnitude of the charges is confounding. Jeremy Hammond, a Chicago man who pleaded guilty to participating in the actual hacking of Stratfor in the first place, is facing a sentence of 10 years.

Last week, Mr. Brown and his lawyers agreed to an order that allows him to continue to work on articles, but not say anything about his case that is not in the public record.

Speaking by phone on Thursday, Charles Swift, one of his lawyers, spoke carefully.

“Mr. Brown is presumed innocent of the charges against him and in support of the presumption, the defense anticipates challenging both the legal assumptions and the facts that underlie the charges against him,” he said.

Others who are not subject to the order say the aggressive set of charges suggests the government is trying to send a message beyond the specifics of the case.

“The big reason this matters is that he transferred a link, something all of us do every single day, and ended up being charged for it,” said Jennifer Lynch, a staff lawyer at the Electronic Frontier Foundation, an advocacy group that presses for Internet freedom and privacy. “I think that this administration is trying to prosecute the release of information in any way it can.”

There are other wrinkles in the case. When the F.B.I. tried to serve a warrant on Mr. Brown in March 2012, he was at his mother’s house. The F.B.I. said that his mother tried to conceal his laptop and it charged her with obstruction of justice. (She pleaded guilty in March of this year and is awaiting sentencing.)

The action against his mother enraged Mr. Brown and in September 2012 he made a rambling series of posts to YouTube in which he said he was in withdrawal from heroin addiction. He proceeded to threaten an F.B.I. agent involved in the arrest, saying, “I don’t say I’m going to kill him, but I am going to ruin his life and look into his (expletive) kids ... How do you like them apples?”

The feds did not like them apples. After he was arrested, a judge ruled he was “a danger to the safety of the community and a risk of flight.” In the video, Mr. Brown looks more like a strung-out heroin addict than a threat to anyone, but threats are threats, especially when made against the F.B.I.

“The YouTube video was a mistake, a big one,” said Gregg Housh, a friend of Mr. Brown’s who first introduced him to the activities of Anonymous. “But it is important to remember that the majority of the 105 years he faces are the result of linking to a file. He did not and has not hacked anything, and the link he posted has been posted by many, many other news organizations.”

At a time of high government secrecy with increasing amounts of information deemed classified, other routes to the truth have emerged, many of them digital. News organizations in receipt of leaked documents are increasingly confronting tough decisions about what to publish, and are defending their practices in court and in the court of public opinion, not to mention before an administration determined to aggressively prosecute leakers.

In public statements since his arrest, Mr. Brown has acknowledged that he made some bad choices. But punishment needs to fit the crime and in this instance, much of what has Mr. Brown staring at a century behind bars seems on the right side of the law, beginning with the First Amendment of the Constitution.

quote:

Techbedrijven sluiten monsterverbond in privacyrechtszaak VS

De Amerikaanse softwaregigant Microsoft eist met machtige bondgenoten als Apple, Amazon en Cisco dat de Amerikaanse overheid geen toegang krijgt tot e-mails van Europese klanten van het bedrijf. De technologiebedrijven hebben het gerechtshof in New York verzocht om de gegevens uit de handen van de Amerikaanse regering te houden.

Ook bekende nieuwsaanbieders als Fox News, CNN en de The Washington Post hebben hun steun voor Microsoft uitgesproken. De softwaregigant heeft inmiddels meer dan twintig grote bedrijven aan zijn zijde, bericht persbureau Reuters.

De rechtszaak in New York gaat over de vraag of Microsoft de Amerikaanse overheid toegang moet verlenen tot e-mails van een aantal Europese klanten, die op servers in Ierland zijn opgeslagen. De regering eist toegang tot de e-mails omdat ze informatie zouden opleveren voor een drugszaak. Microsoft weigert dit. In Ierland opgeslagen gegevens vallen onder Europese wetgeving, aldus het bedrijf, en die data kunnen alleen worden bemachtigd met tussenkomst van de lokale autoriteiten.

De Amerikaanse overheid vindt een dergelijke tussenkomst niet nodig, omdat Microsoft-werknemers in Amerika de gegevens zo kunnen opvragen zonder daarvoor naar Ierland te hoeven. Een lagere rechtbank heeft de regering eerder dit jaar in het gelijk gesteld, waarna Microsoft bij het hof in beroep is gegaan.

Weglopende klanten

Voor Microsoft en andere techbedrijven is hun winstgevendheid in het geding. Sinds de onthullingen van klokkenluider Edward Snowden maken meer mensen zich zorgen over de bescherming van hun gegevens. Zowel private als zakelijke klanten van Microsoft en Apple zouden weleens kunnen weglopen als ze weten dat de Amerikaanse overheid hun bestanden zomaar kan inzien.

Grote ict-bedrijven bieden steeds meer clouddiensten aan waarbij niet alleen e-mails maar ook foto's en andere bestanden op bedrijfsservers worden opgeslagen. Ook tot deze gegevens kan de Amerikaanse regering toegang eisen.

De mediabedrijven die Microsoft steunen zijn vooral bang dat de nieuwsgierigheid van de regering de nieuwsgaring in gevaar brengt. Bronnen zullen zich wel twee keer achter de oren krabben voordat ze informatie door durven te spelen, zo is de gedachte, als ze weten dat de overheid bij alle e-mails van de journalisten kan.

quote:

Snowden bekritiseert nieuwe Nederlandse wet

quote:

De Amerikaanse klokkenluider Edward Snowden heeft vanuit Moskou een gloedvol pleidooi gehouden tegen de uitbreiding van surveillancebevoegdheden van de Nederlandse veiligheidsdiensten. Hij deed dat middels een videoverbinding tijdens de uitreiking van de Big Brother Awards in de Amsterdamse Stadsschouwburg.

quote:

ACLU accuses NSA of using holiday lull to ‘minimise impact’ of documents

Released on Christmas Eve, the documents are heavily redacted versions of reports by the NSA to the President’s Intelligence Oversight Board

The National Security Agency used the holiday lull to “minimise the impact” of a tranche of documents by releasing them on Christmas Eve, the American Civil Liberties Union (ACLU) said on Friday.

The documents, which were released in response to a legal challenge by the ACLU under the Freedom of Information Act, are heavily – in some places totally –redacted versions of reports by the NSA to the President’s Intelligence Oversight Board dating back to 2007.

A court ordered the documents released this past summer, and a 22 December deadline for that release was agreed upon, according to Patrick Toomey, a staff attorney at the ACLU’s national security project, because the NSA said it needed “six or seven months” to complete its review and redaction process.

A spokesperson for the NSA said that the 22 December deadline, “which was agreed to by all parties,” was met.

But according to Toomey, the ACLU didn’t receive the documents until “late in the day on the 23rd” – the NSA sent them by FedEx late on the 22nd – and the NSA didn’t publicly release them until Christmas Eve. “I certainly think the NSA would prefer to have the documents released right ahead of the holidays in order to have less public attention on what they contain,” Toomey said.

The redactions on the document are extreme, and their omissions tantalising. One entry, from the 4th quarter of 2008, reads: “On [redacted] [redacted] used the US SIGINT System (USSS) to locate [redacted] believed to be kidnapped [redacted] The selectors were tasked before authorization was obtained from NSA. After the NSA Office of General Counsel (OGC) denied the authorization request, [redacted] was found. He had not been kidnapped.”

Another reads: “On [redacted] during an experimental collection and processing effort, NSA analysts collected [several lines of text redacted.] The messages were deleted [redacted] when the error was identified.”

Many entries are erased entirely, which means the documents reveal very little about how individuals who misuse the data were disciplined by the NSA, or how quickly errors were resolved.

But, according to Toomey, they speak to a total picture of a “large number of different compliance violations. We don’t know how many.”

He said the documents deepen the picture of the nature and extent of compliance violations by analysts working for the NSA.

“There are certain portions of the documents that really vindicate some of the things [Edward] Snowden said when he first described the NSA surveillance in terms of the ability of analysts to conduct queries – without authorisation – of raw internet traffic,” Toomey said.

Among the items redacted are sections detailing the total number of violations reported, with many ending up like this entry from 2013 “On [redacted] occasions during the fourth quarter, selectors were incorrectly tasked because of typographical errors.”

This makes the scale of the problem difficult to gauge. Toomey said the ACLU would continue to sue for the release of those numbers.

“More generally,” Toomey said, “just the range of different compliance violations makes it clear that at every step of the NSA’s collection of information there are vulnerabilities that leave the privacy of Americans at risk.”

A spokesperson for the NSA declined to answer the question of why Christmas Eve was chosen as a release date. A statement on the agency’s website which accompanied the documents’ release said: “These materials show, over a sustained period of time, the depth and rigor of NSA’s commitment to compliance.”

“By emphasizing accountability across all levels of the enterprise, and transparently reporting errors and violations to outside oversight authorities,” the statement concluded, “NSA protects privacy and civil liberties while safeguarding the nation and our allies.”

quote:

How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID

quote:

The online anonymity network Tor is a high-priority target for the National Security Agency. The work of attacking Tor is done by the NSA's application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world.

According to a top-secret NSA presentation provided by the whistleblower Edward Snowden, one successful technique the NSA has developed involves exploiting the Tor browser bundle, a collection of programs designed to make it easy for people to install and use the software. The trick identifies Tor users on the Internet and then executes an attack against their Firefox web browser.

The NSA refers to these capabilities as CNE, or computer network exploitation.

The first step of this process is finding Tor users. To accomplish this, the NSA relies on its vast capability to monitor large parts of the Internet. This is done via the agency's partnership with US telecoms firms under programs codenamed Stormbrew, Fairview, Oakstar and Blarney.

The NSA creates "fingerprints" that detect HTTP requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool that NSA boasts allows its analysts to see "almost everything" a target does on the Internet.

Using powerful data analysis tools with codenames such as Turbulence, Turmoil and Tumult, the NSA automatically sifts through the enormous amount of Internet traffic that it sees, looking for Tor connections.

Last month, Brazilian TV news show Fantastico showed screenshots of an NSA tool that had the ability to identify Tor users by monitoring Internet traffic.

The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the Internet, makes it easy to differentiate Tor users from other web users. On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.

After identifying an individual Tor user on the Internet, the NSA uses its network of secret Internet servers to redirect those users to another set of secret Internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems.

Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term, and continues to provide eavesdropping information back to the NSA.

quote:

David Cameron seeks cooperation of US president over encryption crackdown

quote:

David Cameron is to urge Barack Obama to pressure internet firms such as Twitter and Facebook to do more to cooperate with Britain’s intelligence agencies as they seek to track the online activities of Islamist extremists.

As he becomes the first European leader to meet the president after the multiple shootings in Paris last week, the prime minister will seek to win Obama’s support for his plans to secure a new legal framework to deny terrorists a “safe space”.

The prime minister arrives after he proposed earlier this week that British intelligence agencies have the power to break the encrypted communications of suspected terrorists and insisting that the likes of Twitter and Facebook do more to cooperate with Britain’s GCHQ eavesdropping centre.

Cameron will demand that US internet companies store – and then be prepared to hand over – data and content needed by the intelligence agencies “to keep us safe” when he meets the president for talks in the Oval Office on Friday morning.

A government source said: “The prime minister’s objective here is to get the US companies to cooperate with us more, to make sure that our intelligence agencies get the information they need to keep us safe. That will be his approach in the discussion with President Obama – how can we work together to get them to cooperate more, what is the best approach to encourage them to do more.”

quote:

Theresa May: police need greater access to communications data - video

quote:

Theresa May says UK police and intelligence agencies should have greater access to communications data in order to locate terror suspects. The home secretary criticises her coalition colleagues for blocking the communications data bill in 2012. She says the counter-terrorist investigation in Paris following the massacre at Charlie Hebdo likely involved the use of communications data

quote:

Secret US cybersecurity report: encryption vital to protect private data

Newly uncovered Snowden document contrasts with British PM’s vow to crack down on encrypted messaging after Paris attacks

A secret US cybersecurity report warned that government and private computers were being left vulnerable to online attacks from Russia, China and criminal gangs because encryption technologies were not being implemented fast enough.

The advice, in a newly uncovered five-year forecast written in 2009, contrasts with the pledge made by David Cameron this week to crack down on encryption use by technology companies.

In the wake of the Paris terror attacks, the prime minister said on Monday there should be “no means of communication” that British authorities could not access. Cameron will use his visit to the US, which started on Thursday , to urge Barack Obama to apply more pressure to tech giants, such as Apple, Google and Facebook, who have been expanding encrypted messaging for their millions of users since the revelations of mass NSA surveillance by the whistleblower Edward Snowden.

The document from the US National Intelligence Council, which reports directly to the US director of national intelligence, made clear that encryption was the “best defence” for computer users to protect private data.

Part of the cache given to the Guardian by Snowden, the paper was published in 2009 and gives a five-year forecast on the “global cyber threat to the US information infrastructure”. It covers communications, commercial and financial networks, and government and critical infrastructure systems. It was shared with GCHQ and made available to the agency’s staff through its intranet.

One of the biggest issues in protecting businesses and citizens from espionage, sabotage and crime – hacking attacks are estimated to cost the global economy up to $400bn a year – was a clear imbalance between the development of offensive versus defensive capabilities, “due to the slower than expected adoption … of encryption and other technologies”, it said.

An unclassified table accompanying the report states that encryption is the “[b]est defense to protect data”, especially if made particularly strong through “multi-factor authentication” – similar to two-step verification used by Google and others for email – or biometrics. These measures remain all but impossible to crack, even for GCHQ and the NSA.

The report warned: “Almost all current and potential adversaries – nations, criminal groups, terrorists, and individual hackers – now have the capability to exploit, and in some cases attack, unclassified access-controlled US and allied information systems.”

It further noted that the “scale of detected compromises indicates organisations should assume that any controlled but unclassified networks of intelligence, operational or commercial value directly accessible from the internet are already potentially compromised by foreign adversaries”.

The primary adversaries included Russia, whose “robust” operations teams had “proven access and tradecraft”, it said. By 2009, China was “the most active foreign sponsor of computer network intrusion activity discovered against US networks”, but lacked the sophistication or range of capabilities of Russia. “Cyber criminals” were another of the major threats, having “capabilities significantly beyond those of all but a few nation states”.

The report had some cause for optimism, especially in the light of Google and other US tech giants having in the months prior greatly increased their use of encryption efforts. “We assess with high confidence that security best practices applied to target networks would prevent the vast majority of intrusions,” it concluded.

Official UK government security advice still recommends encryption among a range of other tools for effective network and information defence. However, end-to-end encryption – which means only the two people communicating with each other, and not the company carrying the message, can decode it – is problematic for intelligence agencies as it makes even warranted collection considerably more difficult.

The latest versions of Apple and Google’s mobile operating systems are encrypted by default, while other popular messaging services, such as WhatsApp and Snapchat, also use encryption. This has prompted calls for action against such strong encryption from ministers and officials.

Speaking on Monday, Cameron asked: “In our country, do we want to allow a means of communication between people which we cannot read?”

The previous week, a day after the attack on the Charlie Hebdo office in Paris, the MI5 chief, Andrew Parker, called for new powers and warned that new technologies were making it harder to track extremists.

In November, the head of GCHQ, Robert Hannigan, said US social media giants had become the “networks of choice” for terrorists.

Chris Soghoian, principal senior policy analyst at the American Civil Liberties Union, said attempts by the British government to force US companies to weaken encryption faced many hurdles.

“The trouble is these services are already being used by hundreds of millions of people. I guess you could try to force tech companies to be less secure but then they would be less secure against attacks for anyone,” he said. “I guess they could ban the iPhone or say you can’t use Google’s services in the UK but that wouldn’t go down well.”

GCHQ and the NSA are responsible for cybersecurity in the UK and US respectively. This includes working with technology companies to audit software and hardware for use by governments and critical infrastructure sectors.

Such audits uncover numerous vulnerabilities which are then shared privately with technology companies to fix issues that could otherwise have caused serious damage to users and networks. However, both agencies also have intelligence-gathering responsibilities under which they exploit vulnerabilities in technology to monitor targets. As a result of these dual missions, they are faced with weighing up whether to exploit or fix a vulnerability when a product is used both by targets and innocent users.

The Guardian, New York Times and ProPublica have previously reported the intelligence agencies’ broad efforts to undermine encryption and exploit rather than reveal vulnerabilities. This prompted Obama’s NSA review panel to warn that the agency’s conflicting missions caused problems, and so recommend that its cyber-security responsibilities be removed to prevent future issues.

Another newly discovered document shows GCHQ acting in a similarly conflicted manner, despite the agencies’ private acknowledgement that encryption is an essential part of protecting citizens against cyber-attacks.

The 2008 memo was addressed to the then foreign secretary, David Miliband, and classified with one of the UK’s very highest restrictive markings: “TOP SECRET STRAP 2 EYES ONLY”. It is unclear why such a document was posted to the agency’s intranet, which is available to all agency staff, NSA workers, and even outside contractors.

The memo requested a renewal of the legal warrant allowing GCHQ to “modify” commercial software in violation of licensing agreements. The document cites examples of software the agency had hacked, including commonly used software to run web forums, and website administration tools. Such software are widely used by companies and individuals around the world.

The document also said the agency had developed “capability against Cisco routers”, which would “allow us to re-route selected traffic across international links towards GCHQ’s passive collection systems”.

GCHQ had also been working to “exploit” the anti-virus software Kaspersky, the document said. The report contained no information on the nature of the vulnerabilities found by the agency.

Security experts regularly say that keeping software up to date and being aware of vulnerabilities is vital for businesses to protect themselves and their customers from being hacked. Failing to fix vulnerabilities leaves open the risk that other governments or criminal hackers will find the same security gaps and exploit them to damage systems or steal data, raising questions about whether GCHQ and the NSA neglected their duty to protect internet systems in their quest for more intelligence.

A GCHQ spokesman said: “It is long-standing policy that we do not comment on intelligence matters. Furthermore, all of GCHQ’s work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the parliamentary intelligence and security committee.

“All our operational processes rigorously support this position. In addition, the UK’s interception regime is entirely compatible with the European convention on human rights.”

quote:

'Britse inlichtingendienst onderschept e-mails journalisten'

De Britse inlichtingendienst GCHQ heeft e-mails van journalisten bij belangrijke internationale media onderschept, bewaard en gepubliceerd.

Dat meldt The Guardian op basis van nieuwe documenten van klokkenluider Edward Snowden. De e-mails werden onderschept als onderdeel van een "testoefening" en op het intranet van de GCHQ geplaatst.

De GCHQ onderschepte e-mails van journalisten van onder andere de BBC, Reuters, The Guardian, The New York Times, Le Monde, The Sun, NBC en de Washington Post. De e-mails variëren van persberichten aan media tot onderlinge communicatie tussen journalisten over potentiële verhalen.

Volgens de documenten onderschepte de Britse geheime dienst op een dag in november van 2008 binnen 10 minuten zo'n 70.000 e-mails van journalisten. Dit lukte de GCHQ door het aftappen van de de onderzeese glasvezelkabels.

Ook worden onderzoeksjournalisten als "een bedreiging" voor de geheime diensten gezien, samen met terroristen en hackers, zo blijkt uit de documenten.

Cameron

Meer dan honderd journalisten, waaronder velen van de internationale media die door de GCHQ zijn afgetapt, hebben een open brief aan de Britse premier David Cameron gestuurd. In deze brief protesteren journalisten tegen het afluisteren van hun communicatie.

Na de aanslagen in Parijs wil Cameron het bij wet mogelijk maken om communicatie die niet door de Britse inlichtingendiensten kan worden uitgelezen aan banden te leggen. Volgens de journalisten gaat dit tegen de persvrijheid in.

quote:

Edward Snowden: AIVD en MIVD lopen aan de leiband NSA

Nederlandse inlichtingendiensten AIVD en MIVD lopen aan de leiband van de Amerikaanse NSA. Ze zijn 'uitermate volgzaam' en worden als 'ondergeschikten' gezien. Dat vertelt Edward Snowden, die voor zowel de Amerikaanse inlichtingendienst NSA als voor de CIA werkte, in een interview met de Volkskrant en Nieuwsuur.

Snowden: 'De Nederlanders werken voor de Amerikanen. Ze doen wat wij ze vertellen wat ze moeten doen. Ze worden niet gewaardeerd vanwege hun capaciteiten, maar vanwege de vrije doorgang die ze bieden. Daarvoor gebruikt de NSA ze.'

Morgen verschijnt in de Volkskrant en op Volkskrant.nl een uitgebreid interview met Edward Snowden, die in 2013 tienduizenden staatsgeheimen openbaarde van de Amerikaanse inlichtingendienst NSA en momenteel in Moskou verblijft.

Nieuwsuur zal vanavond de beelden uitzenden. Edward Snowden spreekt onder meer over de nieuwe Nederlandse inlichtingenwet, de roep om nieuwe afluisterbevoegdheden na de aanslagen in Parijs en zijn persoonlijke situatie in Moskou.

quote:

UN needs agency for data protection, European commissioner tells Davos

Edward Snowden’s revelations about digital monitoring have pushed data security high up the agenda at Davos this year

A new UN agency for data protection and data security is needed to protect the confidential and personal information of citizens around the world, the European commissioner for digital economy told delegates at the World Economic Forum on Thursday.

Günther Oettinger said the recent Sony hack, which exposed swaths of confidential and personal information, had shown Europe the need to radically reshape the way data is used.

“We are in a digital revolution, and we need a data revolution in parallel,” Oettinger said in a panel alongside Sir Tim Berners Lee, the inventor of the world wide web, and Yahoo’s boss, Marissa Mayer. He said the stream of revelations following Sony’s data breach had shown that Brussels must take a lead in restoring trust in tech companies.

Edward Snowden’s revelations about the extent to which government agencies have been intercepting their citizens’ digital communications have pushed data security high up the agenda at Davos this year.

Mayer told Davos that Yahoo had immediately changed the way it handled and encrypted data when the Snowden revelations came to light. Asked how Yahoo would handle a request for data access from an oppressive regime, she replied: “What we have seen from the Snowden allegations is that whether they’re coming through the official channels or not to access the data, they’re accessing the data.”

Berners-Lee said that the battle between privacy and security should not be a pendulum, swinging between giving agencies yet more or less access to data. At the moment, he warned, there is no way of testing what someone does with data if granted permission to obtain it through the courts.

“I want to break out of that pendulum,” he said. “So let’s go down the way of accountability, so we can say yes, you can have the data, but I’m going to talk to the people who are overseeing you about how you use it.”

Berners-Lee told delegates that the tech industry needed to pay more attention to whether its actions were actually good for users. He cited the example of applications that sprung up to let iPhone users turn on the flashlight. Many would then immediately request access to other applications to access data.

“Their whole model is to steal data, and build models, and not help you at all,” Berners-Lee said. But the man who created the first protocols that underpin the web more than 25 years ago warned that a new architecture would be needed to guarantee privacy.

Oettinger said the first priority was to ensure that companies and organisations in Europe were properly transparent, before then pushing on for a credible global common understanding on the issue. “We need a UN agency for data protection and data security,” he declared.

Oettinger outlined a two-pronged approach, where governments implement clear, pragmatic regulation, and the technology industry designs products that actually guarantee users’ privacy.

Michael Fries, the president and CEO of cable giant Liberty Global, questioned Oettinger’s vision for a new global deal on data.

“It is not possible in the near term. I think it’s going to take several years,” Fries warned.

Bosses of technology companies also asserted that there was a social good for technology. Sheryl Sandberg, the boss of Facebook, said technology “gives voice to someone who has traditionally not had that”. She said giving women access to technology in developing countries was more beneficial than men as they passed the knowledge on to their children.

“Women will not have the same opportunity to participate as men, it takes an active and different role than we’ve had before,” she said to applause. But, she said the only way to make access available was to make it cheaper. “Sixty percent of the internet today is not in English,” she said, which showed that it lacked diversity.

Eric Schmidt, the chief executive of Google, said improving broadband, and making it more accessible, would solve “almost all of the problems we face”.

quote:

'Encryptie dwingt spionnen tot moreel onethisch gedrag'

Wanneer meer mensen hun berichten gaan versleutelen om afluisteraars en meelezers te dwarsbomen dwingt dat inlichtingendiensten in een 'moreel slechtere positie', zo zei een voormalig topman van de Britse spionagedienst GCHQ deze week.

Het is een opmerkelijk argument om het gebruik van encryptie terug te dringen. De redenering is vergelijkbaar met de waarschuwing dat inbrekers meer schade aanrichten als je de deur op slot doet.

En met de formulering dat spionnen zich straks wellicht slechter gaan gedragen erkende Sir David Omand, baas van de GCHQ in de jaren negentig, impliciet dat spionnen zich nu ook al slecht gedragen.

Encryptie

Encryptie is het belangrijkste middel om veilig berichten te versturen of veilig gesprekken te voeren. Letters en geluiden worden digitaal verhaspeld tot een onbegrijpelijke brij van tekens, die alleen met een speciale sleutel door de ontvanger te ontcijferen is. Vroeger was deze geheimtaal vooral iets voor militairen, maar sinds de onthullingen van Edward Snowden hebben ook bedrijven en burgers er veel belangstelling voor.

Whatsapp werkt ermee, Google en Apple werken ermee (zelf kunnen ze wel gewoon blijven meekijken), en er zijn handige programmaatjes waarmee iedereen zijn e-mail kan versleutelen. Ook nieuwe mobieltjes zoals de Blackphone gebruiken standaard encryptie.

Last

Eind vorig jaar bleek uit documenten van Edward Snowden dat de NSA en GCHQ veel last hebben van encryptie. Het populaire PGP (pretty good privacy), dat bijvoorbeeld gebruikt wordt om e-mail te versleutelen, hadden ze in elk geval twee jaar geleden nog niet gekraakt.

De 'oplossing' voor geheime diensten is om dan niet meer de communicatie te onderscheppen, maar de 'endpoints', de computers en telefoons te hacken van waaruit de berichten worden verstuurd.

Ouderwetse surveillance

'De inlichtingendiensten zullen het niet opgeven', zei Omand tijdens een debat bij de London School of Economics. 'Nu zullen ze dichter bij de slechteriken moeten zien te komen.'

Dat betekent enerzijds meer ouderwetse surveillance, zoals het schaduwen en afluisteren van huiskamers. Anderzijds betekent het ook meer zogeheten computer network exploitation: het binnendringen in de apparaten van de doelwitten. De NSA heeft al toegang tot zeker 50 duizend netwerken, bleek eind 2013 uit documenten van Snowden.

'Je kunt zeggen dat we dan gerichter zullen gaan werken, maar in termen van privacy - we zullen meer nevenschade aanrichten - zullen we waarschijnlijk in een moreel slechtere positie eindigen dan eerst.'