Monitoring NSA in de VS en erbuiten, deel 10

quote:

British mobile phone users’ movements 'could be sold for profit’ | World news | The Guardian

Hackers could steal users’ location data, finding out ‘where you are, how you got there and where you are going’, say campaigners

British mobile phone users are one data breach away from having the routines of their daily lives revealed to criminals, privacy campaigners have said.

Mobile phone networks and wireless hotspot operators are collecting detailed information on customers’ movements that reveal intimate details of their lives, two separate investigations into mobile data retention have found.

Many people unwittingly sign up to be location-tracked 24/7, unaware that the highly sensitive data this generates is being used and sold on for profit. Campaigners say that if this information were stolen by hackers, criminals could use it to target children as they leave school or homes after occupants have gone out.

It is so detailed that it can reveal customers’ gender, sexual orientation, religion and other many personal details that could present serious risks of blackmail.

“Effectively consumers are opting in to being location tracked by default,” said Geoff Revill, the founder of Krowdthink, the privacy campaign group behind one of the investigations published on Monday.

“The fact of the matter is your mobile service provider knows – without you knowing – where you are, how you got there and can figure out where you are going.”

Related: UK plans to track all internet connections could cost £1bn, campaigners warn

Such precise location data would be like “gold dust” for criminals if it found its way on to the black market, said Pete Woodward, the founder of information security experts Securious.

“The information that mobile and Wi-Fi service providers hold on location tracking is an evolving and high-risk area of cybercrime that needs urgent attention by the industry,” Woodward said. “Otherwise we will face the frightening prospect that such highly sensitive data could get into the hands of the likes of kidnappers and paedophiles.”

Krowdthink’s research found that 93% of UK citizens had opted in to location tracking, giving mobile phone and wireless operators unlimited access to their whereabouts 24 hours a day.

This data, the report says, “brings the cloud into the crowd” by connecting web users’ digital lives with their physical lives, making it one of the most intrusive forms of tracking.

Yet Krowdthink’s research, and research conducted simultaneously but independently by the Open Rights Group (ORG), found that customers were not being given clear enough information about how the data is used, or opportunities to opt out of collection.

Mystery shopping trips carried out by both groups found that mobile and wireless service providers are not telling customers upfront that all their movements will be tracked and used for marketing, and often sold on to third parties.

All the mobile phone companies contacted by the ORG said they anonymise data, which means they are not legally obliged to ask for consent to use it. But the group, which campaigns for digital rights, raised questions about the efficacy of anonymising such personal information.

Often all it takes is the cross-referencing of one set of anonymised data with another set of data, such as the electoral roll, to reveal the identities of the people tracked. Jim Killock, the ORG’s executive director, said: “Mobile service providers need to collect and keep data so that they can bill us for our services.

“But just because they collect this data does not mean that they have an automatic right to process that data for other purposes without our consent. If they don’t, they are removing our right to control this data and the risks associated with their using it.”

Related: There’s always an excuse to hack into our lives | John Naughton

Britain’s mobile phone industry is worth £14bn, with 93% of adults owning a mobile phone and 61% owning a smartphone. Data collected from these phones, including usage, web browsing and location histories, is used to build profiles that are used by advertisers and other undefined businesses.

Location data is collected from the cell towers of a mobile service provider when it tracks a customer to route a call to them. There are now 52,000 cell towers in Britain. In some areas they are as close as 50 metres apart.

Wireless hotspots are also potential location trackers, with many public providers opting customers into tracking by default in their terms and conditions. In many cases these hotspots will log registered customers’ location as they pass through, even if they do not sign in.

Krowdthink’s investigation found that some providers, including O2 and Vodafone, use the same privacy policy for wireless as for their mobile phone customers. The combination of the two networks enables them to track location with even greater fidelity of location tracking.

However, customers do have a legal right to opt out of location tracking for marketing purposes and, with the forthcoming European General Data Protection Regulation, will soon be able to demand that their location data is deleted.

Krowdthink and the ORG warn mobile users to turn off wireless internet when they are out to avoid disclosing their identities as they pass through hotspots. They also warn people to be aware that they could be providing information on their location when sharing digital photos and video images and downloading mobile apps.

Killock added: “Mobile phone companies should improve the transparency of their operations by making their privacy polices clearer, giving customers’ information about what exact data they are collecting, how long they will keep it for, how each particular type of data will be used, who it will be shared with and the risks associated with this.

“They should also make contracts available before the point of sale and marketing and location tracking opt-outs simpler.”

• The headline on this article was changed on 4 April 2016 to better reflect the story.

Bron: www.theguardian.com

quote:

WhatsApp is nu één van de veiligste chat-apps - rtlz.nl

WhatsApp is sinds vandaag één van de veiligste chat-apps die je kunt gebruiken. De dienst heeft een krachtige vorm van encryptie doorgevoerd, die beschikbaar is voor alle vormen van communicatie met de app.

Dat maakt WhatsApp vandaag bekend. Opvallend genoeg is de beveiliging sinds de overname door Facebook alleen maar opgeschroefd, terwijl gebruikers door die overname juist vreesden voor hun privacy. Het proces om de krachtige end-to-end-encryptie door te voeren, waarmee berichten alleen door de ontvanger kunnen worden ingezien, heeft ongeveer een jaar geduurd.

Open Whisper Systems
De end-to-end-encryptie van WhatsApp is gebaseerd op het Signal-protocol van Open Whisper Systems, het bedrijf achter de beveiligde chat-app Signal. De oprichter van Open Whisper Systems, Moxie Marlinspike, is een bekende privacyvoorvechter die in 2013 aan WhatsApp voorstelde om hun beveiliging op te schroeven. De ceo van WhatsApp, Jan Koum, stemde daarmee in. Ook heeft Koum zich verschillende keren publiekelijk uitgelaten over het belang van privacy en encryptie.

WhatsApp beveiligt vanaf vandaag je (groeps)chats, verzonden en ontvangen (media)bestanden en telefoongesprekken tussen alle platformen: Android, iOS, Windows Phone, Nokia S40, Nokia S60, BlackBerry en BlackBerry 10. De chatdienst wordt wereldwijd door 1 miljard mensen gebruikt.

"In sommige opzichten kun je end-to-end-encryptie zien als het eren van hoe het verleden eruitzag", legt Marlinspike uit aan Wired. "Onze communicatie gaat steeds vaker via netwerken in plaats van face-to-face of andere traditionele vormen die privé zijn. Zelfs schriftelijke correspondentie werd niet zo onderworpen aan massasurveillance als elektronische communicatie vandaag de dag."

Elkaar checken via QR-code
Bij de gesprekken in WhatsApp komt een melding te staan als er gebruik wordt gemaakt van end-to-end-encryptie. Als de ontvanger een oudere versie van WhatsApp gebruikt, staat de melding er niet. WhatsApp-gebruikers kunnen elkaar verifiëren met een qr-code of lange cijfercode, waardoor je kunt checken of je daadwerkelijk met de juiste persoon communiceert.

De encryptie van WhatsApp is, net als bij alle andere 'veilige' apps en diensten, niet 100 procent veilig. Het Signal-protocol kan bijvoorbeeld vanaf de server worden uitgeschakeld. Daarnaast uploaden veel gebruikers nog een onbeveiligde back-up van hun WhatsApp-geschiedenis naar de cloud, wat ook voor beveiligingsproblemen kan zorgen. Het is dus veiliger om die automatische back-up uit te zetten.

Het vertrouwen in Marlinspike en het Signal-protocol is daarentegen groot, want zelfs NSA-klokkenluider Edward Snowden zegt dat je de beveiliging achter Signal - en dus ook WhatsApp - kunt vertrouwen.

Bron: www.rtlz.nl

quote:

Europese privacywaakhonden vinden datadeal EU-VS te slap - rtlz.nl

Dat zegt Jacob Kohnstamm, voorzitter van de Nederlandse privacywaakhond Autoriteit Persoonsgegevens (AP), tegen RTL Z. De AP maakt onderdeel uit van de Artikel 29-werkgroep, die bestaat uit de Europese privacywaakhonden. De werkgroep is kritisch op het Privacy Shield.

Niet bindend, wel belangrijk
Het advies van de Artikel 29-werkgroep is niet bindend, maar wel belangrijk voor de ontwikkeling van de Privacy Shield-overeenkomst. De Europese Commissie heeft de privacywaakhonden om advies gevraagd. Dat is verplicht.

De Europese Commissie en Verenigde Staten hebben in februari een politieke deal gesloten waardoor het voor de meer dan 4000 Amerikaanse bedrijven, zoals Facebook, Google en Microsoft, mogelijk blijft om gegevens van Europeanen te verwerken. Denk bijvoorbeeld aan e-mailadressen, foto's en zoekopdrachten. Het Privacy Shield vervangt een oude overeenkomst, die vorig jaar ongeldig werd verklaard door het Europees Hof.

Kohnstamm denkt dat de Europese Commissie nog een 'reuze klus' heeft om het Privacy Shield rond te krijgen: "De overeenkomst zoals hij er nu ligt, beschermt de privacy van Europeanen niet voldoende."

Drie grote zorgen
De zorgen rondom het Privacy Shield vormen zich voornamelijk rondom drie onderwerpen: de internetsurveillance van de Amerikaanse geheime dienst, de onafhankelijke ombudsman die klachten over die surveillance in behandeling neemt en het opslaan van data.

Allereerst zijn de privacywaakhonden van mening dat er nog te weinig zekerheden zijn dat data van Europese burgers niet onderworpen zal worden aan de willekeurige massasurveillance van de NSA. Daarvoor biedt Privacy Shield te weinig waarborgen.

Ook wordt getwijfeld aan de onafhankelijkheid van de Amerikaanse ombudsman: hoe onafhankelijk is een Amerikaanse klachtbehandelaar die Europese klachten over de Amerikaanse regering behandelt? Volgens Kohnstamm worden Europeanen met het Privacy Shield 'bijna als Noord-Koreanen' behandeld: "Het hele klachtproces is enorm ondoorzichtig en we vrezen dat klachten van Europeanen niet serieus worden gehoord."

Het derde punt waar de privacyautoriteiten zijn bedenkingen bij heeft, is de manier waarop gegevens in de VS worden bewaard. In Europa geldt een wet dat data alleen wordt bewaard als dat strikt noodzakelijk is. "Zo'n bepaling zien wij niet terug in het Privacy Shield", laat Kohnstamm weten.

Lobbyen
Tegenover de kritische privacyorganisaties staat het Amerikaanse bedrijfsleven, dat afhankelijk is van data-uitwisseling tussen Europa en de VS. Zij hebben de afgelopen periode flink gelobbyt om het Privacy Shield erdoorheen te krijgen. Onder andere Microsoft steunt de datadeal.

De Europese Commissie heeft als doel om voor deze zomer het Privacy Shield rond te krijgen. Na de zomer beginnen de presidentiële verkiezingen in de VS, waardoor de aandacht van de Amerikaanse politiek vooral daarnaartoe gaat.

Het advies van de autoriteiten is ook belangrijk voor het Europees Parlement en de Europese Raad. Het Europees Parlement kan advies geven over het Privacy Shield. De Europese Raad, die bestaat uit de bestuurders van de Europese landen, moet het Privacy Shield nog officieel goedkeuren.

Bron: www.rtlz.nl

quote:

EFF Sues for Secret Court Orders Requiring Tech Companies to Decrypt Users’ Communications

quote:

San Francisco—The Electronic Frontier Foundation (EFF) filed a Freedom of Information (FOIA) lawsuit today against the Justice Department to shed light on whether the government has ever used secret court orders to force technology companies to decrypt their customers’ private communications, a practice that could undermine the safety and security of devices used by millions of people.

The lawsuit argues that the DOJ must disclose if the government has ever sought or obtained an order from the Foreign Intelligence Surveillance Court (FISC) requiring third parties—like Apple or Google—to provide technical assistance to carry out surveillance.

The suit separately alleges that the agency has failed to turn over other significant FISC opinions that must be declassified as part of surveillance reforms that Congress enacted with the USA FREEDOM Act.

EFF filed its FOIA requests in October and March amid increasing government pressure on technology companies to provide access to customers’ devices and encrypted communications for investigations. Although the FBI has sought orders from public federal courts to create a backdoor to an iPhone, it is unclear to what extent the government has sought or obtained similar orders from the FISC. The FISC operates mostly in secret and grants nearly every government surveillance request it receives.

The FBI’s controversial attempt to force Apple to build a special backdoor to an iPhone after the San Bernardino attacks underscored EFF’s concerns that the government is threatening the security of millions of people who use these devices daily. Many citizens, technologists and companies expressed similar outrage and concern over the FBI’s actions.

Given the public concern regarding government efforts to force private companies to make their customers less secure, EFF wants to know whether similar efforts are happening in secret before the FISC. There is good reason to think so. News outlets have reported that the government has sought FISC orders and opinions requiring companies to turn over source code so that federal agents can find and exploit security vulnerabilities for surveillance purposes.

Whether done in public or in secret, forcing companies to weaken or break encryption or create backdoors to devices undermines the safety and security of millions of people whose laptops and smartphones contain deeply personal, private information, said EFF Senior Staff Attorney Nate Cardozo.

“If the government is obtaining FISC orders to force a company to build backdoors or decrypt their users’ communications, the public has a right to know about those secret demands to compromise people’s phones and computers,” said Cardozo. “The government should not be able to conscript private companies into weakening the security of these devices, particularly via secret court orders.”

In addition to concerns about secret orders for technical assistance, the lawsuit is also necessary to force the government to comply with the USA FREEDOM Act, said EFF Senior Staff Attorney Mark Rumold. Transparency provisions of the law require FISC decisions that contain significant or novel legal interpretations to be declassified and made public. However, the government has argued that USA FREEDOM only applies to significant FISC decisions written after the law was passed.

“Even setting aside the existence of technical assistance orders, there’s no question that other, significant FISC opinions remain hidden from the public. The government’s narrow interpretation of its transparency obligations under USA FREEDOM is inconsistent with the language of the statute and Congress’ intent,’’ said Rumold. “Congress wanted to bring an end to secret surveillance law, so it required that all significant FISC opinions be declassified and released. Our lawsuit seeks to hold DOJ accountable to the law.”

For the full complaint:
https://www.eff.org/document/fisc-foia-complaint

quote:

'Geheime diensten willen chat-apps aftappen' - rtlz.nl

Met de aankomende 'aftapwet' wordt het voor de geheime diensten mogelijk om internetverkeer te onderscheppen. Daarmee wil de AIVD bijvoorbeeld gebruikers van specifieke apps in de gaten houden.

In een document dat is ingezien door de NOS vraagt het ministerie van Binnenlandse Zaken aan internetproviders om een kostenberekening te maken voor een fictieve tapopdracht. De fictieve tapopdracht bestaat uit een stad met 400.000 inwoners die een specifieke chat-app gebruiken, waarvan het internetverkeer van 200 gebruikers moet worden 'doorzocht'.

In het fictieve voorbeeld zou het kunnen gaan om gebruikers van een specifieke chat-app die populair is onder jihadisten. Er wordt dan gekeken welke ip-adressen deze app gebruiken en - indien mogelijk - met wie zij communiceren, om vervolgens nader onderzoek te verrichten en bijvoorbeeld de communicatie in te zien.

Op de vraag van RTL Z waarom het voorbeeld van een tapopdracht zich specifiek richt op een stad en chat-apps, wil het ministerie van Binnenlandse Zaken niet reageren.

Zorgt voor een sleepnet
Met de fictieve tapopdracht wordt de indruk gewekt dat de aankomende Wet op de inlichtingen- en veiligheidsdiensten voor een 'sleepnet' zorgt. Bij een sleepnet onderscheppen de geheime diensten een grote hoeveelheid data, om vervolgens de informatie te analyseren.

Minister Plasterk heeft vorige week ontkend dat er een sleepnet komt, en benadrukt dat de nieuwe wet het bijvoorbeeld mogelijk maakt om alle communicatie tussen Nederland en Syrië af te tappen. Op de vraag of de AIVD ook specifieke wijken of steden wil aftappen omdat zich daar mogelijk een terrorismeverdachte schuilhoudt, wilde Plasterk niet inhoudelijk reageren.

Alleen bij specifieke onderzoeken
Een woordvoerder van Binnenlandse Zaken benadrukt tegen RTL Z dat de tapbevoegdheid alleen bij een specifieke onderzoeksopdracht mag worden ingezet, die naast de minister ook door een onafhankelijke commissie van rechters wordt getoetst.

Het contact met internetproviders is volgens de woordvoerder verplicht omdat voor de aankomende wet een 'bedrijfseffectentoets' moet worden gehouden. Bij zo'n toets worden de potentiële kosten voor de sector in kaart gebracht.

Gaat miljoenen kosten
"Het gaat om ontzettend veel data, bijna onwerkbaar", zegt een anonieme medewerker uit de telecomindustrie die de netwerken aftapbaar moet maken, tegen de NOS. Volgens hem gaat de nieuwe wet miljoenen euro's kosten.

De afgelopen maanden zijn veel techbedrijven overgestapt op end-to-end-encryptie, waarmee communicatie wordt versleuteld. Hierdoor is het voor de geheime diensten lastiger om de afgetapte communicatie in te zien.

17:30
Bron: www.rtlz.nl

quote:

'Britse inlichtingendiensten harkten info bijeen over gewone Britten' | NOS

De Britse inlichten- en veiligheidsdiensten hebben de afgelopen vijftien jaar regelmatig bulkinformatie verzameld over gewone Britten. Die informatie had weinig toegevoegde waarde, zeggen de diensten zelf.

Dit concludeert onder andere The Guardian uit meer dan 100 beleidsdocumenten, formulieren en memo's, die openbaar zijn gemaakt tijdens een rechtszaak van privacy-activisten tegen de Britse overheid.

Sinds 1998 verzamelt de inlichtingendienst GCHQ grote bestanden met daarin bijvoorbeeld paspoortinformatie, reisschema's, financiële gegevens, telefoontjes en e-mails. De bestanden worden dan samengevoegd om daaruit 'verdachten' te filteren. Hoeveel Britten er in de bestanden van de diensten zitten, is niet bekend.

Volgens de regering wordt er altijd verantwoord met de informatie omgegaan en lopen alleen criminelen en terroristen het risico om te worden bespioneerd. Uit de documenten blijkt dat de diensten regelmatig hun boekje te buiten gaan. "We hebben gevallen meegemaakt van misbruik (...) zoals het opzoeken van een adres voor een kaartje, het controleren van paspoortgegevens of details van familie controleren voor eigen gebruik," citeert The Guardian.

De diensten krijgen binnen de huidige Britse wet veel ruimte om data te verzamelen, concluderen de activisten. "De documenten laten zien op wat voor enorme schaal de overheid onze data bij elkaar harkt," zegt Millie Graham Wood van Privacy International, dat de documenten had opgevraagd.

Bron: nos.nl

quote:

Spy Chief Complains That Edward Snowden Sped Up Spread of Encryption by 7 Years

THE DIRECTOR OF NATIONAL INTELLIGENCE on Monday blamed NSA whistleblower Edward Snowden for advancing the development of user-friendly, widely available strong encryption.

“As a result of the Snowden revelations, the onset of commercial encryption has accelerated by seven years,” James Clapper said during a breakfast for journalists hosted by the Christian Science Monitor.

The shortened timeline has had “a profound effect on our ability to collect, particularly against terrorists,” he said.

When pressed by The Intercept to explain his figure, Clapper said it came from the National Security Agency. “The projected growth maturation and installation of commercially available encryption — what they had forecasted for seven years ahead, three years ago, was accelerated to now, because of the revelation of the leaks.”

Asked if that was a good thing, leading to better protection for American consumers from the arms race of hackers constantly trying to penetrate software worldwide, Clapper answered no.

“From our standpoint, it’s not … it’s not a good thing,” he said.

Technologists have been tirelessly working to strengthen encryption for decades, not just the past few years. But Snowden’s revelations about the pervasiveness of mass surveillance clearly accelerated its more widespread availability.

And technologists say the threat of law enforcement “going dark” has been overhyped. For instance, there are almost always ways to hack around encryption, even if you can’t break it.

Clapper acknowledged that there is no such thing as unbreakable encryption from his perspective. “In the history of mankind, since we’ve been doing signals intelligence, there’s really no such thing, given proper time, and proper application of technology.”

quote:

Traffic to Wikipedia terrorism entries plunged after Snowden revelations, study finds | Reuters

By Joseph Menn

SAN FRANCISCO (Reuters) - Internet traffic to Wikipedia pages summarizing knowledge about terror groups and their tools plunged nearly 30 percent after revelations of widespread Web monitoring by the U.S. National Security Agency, suggesting that concerns about government snooping are hurting the ordinary pursuit of information.

A forthcoming paper in the Berkeley Technology Law Journal analyzes the fall in traffic, arguing that it provides the most direct evidence to date of a so-called “chilling effect,” or negative impact on legal conduct, from the intelligence practices disclosed by fugitive former NSA contractor Edward Snowden.

Author Jonathon Penney, a fellow at the University of Toronto’s interdisciplinary Citizen Lab, examined monthly views of Wikipedia articles on 48 topics identified by the U.S. Department of Homeland Security as subjects that they track on social media, including Al Qaeda, dirty bombs and jihad.

In the 16 months prior to the first major Snowden stories in June 2013, the articles drew a variable but an increasing audience, with a low point of about 2.2 million per month rising to 3.0 million just before disclosures of the NSA's Internet spying programs. Views of the sensitive pages rapidly fell back to 2.2 million a month in the next two months and later dipped under 2.0 million before stabilizing below 2.5 million 14 months later, Penney found.

The traffic dropped even more to topics that survey respondents deemed especially privacy-sensitive. Viewership of a presumably “safer” group of articles about U.S. government security forces decreased much less in the same period.

Penney's results, subjected to peer-review, offer a deeper dive into an issue investigated by previous researchers, including some who found a 5.0 percent drop in Google searches for sensitive terms immediately after June 2013. Other surveys have found sharply increased use of privacy-protecting Web browsers and communications tools.

Penney’s work may provide fodder for technology companies and others arguing for greater restraint and disclosure about intelligence-gathering. Chilling effects are notoriously difficult to document and so have limited impact on laws and court rulings.

More immediately, the research could aid a lawsuit filed by the American Civil Liberties Union on behalf of Wikipedia’s nonprofit parent organization and other groups against the NSA and the Justice Department.

The year-old suit argues that intelligence collection from backbone Internet traffic carriers violated the Fourth Amendment ban on unreasonable searches.

(Reporting by Joseph Menn; editing by Jonathan Weber)

Bron: mobile.reuters.com

quote:

Snowden calls for whistleblower shield after claims by new Pentagon source | US news | The Guardian

Accusations that Pentagon retaliated against a whistleblower undermine argument that there were options for Snowden other than leaking to the media


Edward Snowden has called for a complete overhaul of US whistleblower protections after a new source from deep inside the Pentagon came forward with a startling account of how the system became a “trap” for those seeking to expose wrongdoing.

The account of John Crane, a former senior Pentagon investigator, appears to undermine Barack Obama, Hillary Clinton and other major establishment figures who argue that there were established routes for Snowden other than leaking to the media.

Crane, a longtime assistant inspector general at the Pentagon, has accused his old office of retaliating against a major surveillance whistleblower, Thomas Drake, in an episode that helps explain Snowden’s 2013 National Security Agency disclosures. Not only did Pentagon officials provide Drake’s name to criminal investigators, Crane told the Guardian, they destroyed documents relevant to his defence.

Snowden, responding to Crane’s revelations, said he had tried to raise his concerns with colleagues, supervisors and lawyers and been told by all of them: “You’re playing with fire.”

He told the Guardian: “We need iron-clad, enforceable protections for whistleblowers, and we need a public record of success stories. Protect the people who go to members of Congress with oversight roles, and if their efforts lead to a positive change in policy – recognize them for their efforts. There are no incentives for people to stand up against an agency on the wrong side of the law today, and that’s got to change.”

Snowden continued: “The sad reality of today’s policies is that going to the inspector general with evidence of truly serious wrongdoing is often a mistake. Going to the press involves serious risks, but at least you’ve got a chance.”

Thomas Drake’s legal ordeal ruined him financially and ended in 2011 with all serious accusations against him dropped. His case served as a prologue to Snowden’s. Now Crane’s account has led to a new investigation at the US justice department into whistleblower retaliation at the Pentagon that may serve as an epilogue – one Crane hopes will make the Pentagon a safe place for insiders to expose wrongdoing and illegality.

“If we have situations where we have whistleblowers investigated because they’re whistleblowers to the inspector general’s office, that will simply shut down the whole whistleblower system,” Crane told the Guardian.

Crane, who has not previously given interviews, has told his explosive story in a new book, Bravehearts: Whistle Blowing In The Age of Snowden by Mark Hertsgaard, from which the Guardian is running extracts. The Guardian has partnered with Der Spiegel and Newsweek Japan on Crane’s story.

“When someone becomes a whistleblower, they’re making a serious, conscious decision,” Crane said.

“They’re making a decision that can change their lives, change their futures, impact family life, too. There needs to be this certain unbreakable trust. Confidentiality is that trust and that can’t ever be violated.”

Snowden cited Drake’s case as a reason for his lack of faith in the government’s official whistleblower channels.

“When I was at NSA, everybody knew that for anything more serious than workplace harassment, going through the official process was a career-ender at best. It’s part of the culture,” Snowden told the Guardian.

“If your boss in the mailroom lies on his timesheets, the IG might look into it. But if you’re Thomas Drake, and you find out the president of the United States ordered the warrantless wiretapping of everyone in the country, what’s the IG going to do? They’re going to flush it, and you with it.”

While Drake’s case is well known in US national security circles, its internal history is not.

In 2002, Drake and NSA colleagues contacted the Pentagon inspector general to blow the whistle on an expensive and poorly performing tool, Trailblazer, for mass-data analysis. Crane, head of the office’s whistleblower unit, assigned investigators. For over two years, with Drake as a major source, they acquired thousands of pages of documents, classified and unclassified, and prepared a lengthy secret report in December 2004 criticizing Trailblazer, eventually helping to kill the program. As far as Crane was concerned, the whistleblower system was working.

But after an aspect of the NSA’s warrantless mass surveillance leaked to the New York Times, Drake himself came under investigation and eventually indictment. Drake was suspected of hoarding documentation – exactly what inspector-general investigators tell their whistleblowers to do.

“They made it clear to keep [documents] wherever possible, and obviously properly handle anything that was classified,” Drake remembered.

Crane feared that his own colleagues had told the FBI about Drake. He suspected the Pentagon inspector general’s lead attorney, Henry Shelley, whom Crane said had earlier suggested working with the justice department about the leak, had done so. A confrontation yielded what Crane considered to be evasions.

“The top lawyer would not reveal to me whether or not Drake’s confidentiality had been compromised or not. That was a concern … Normally I expect direct answers,” Crane said.

When Drake’s attorneys sought potentially exculpatory information from the inspector general’s office, they learned that much of it had been “destroyed before the defendant was charged, pursuant to a standard document destruction policy”, according to a 2011 letter from prosecutors.

Crane was livid. All relevant regulations mandated keeping the documents, not destroying them. But a high-ranking colleague, Lynne Halbrooks, prevented Crane from investigating the document destruction. He suspected Shelley and Halbrooks of sacrificing a whistleblower and misleading the justice department and a federal judge, all in a case centering around the cover-up of NSA bulk surveillance.

Crane’s relationship with his superiors spiraled downward until they forced him out in 2013, months before Snowden’s revelations. The next year, he filed a complaint with a federal agency that works with whistleblowers, the Office of Special Counsel. In March this year, it found a “substantial likelihood” that the Pentagon inspector general’s office improperly destroyed the Drake documents and arranged, with Pentagon consent, for the justice department inspector general to investigate.

Shelley, still the Pentagon inspector general’s senior counsel, declined to answer questions but said he was “certain my name will be cleared” by the new investigation.

Halbrooks, the Office of Special Counsel and the justice department inspector general declined to comment for this story.

Bridget Serchak, a spokeswoman for the Pentagon inspector general, noted that her office and the Office of Special Counsel jointly requested the justice department investigation.

“It is important to point out that there has been no determination on the allegations, and it is unfair to characterize the allegations otherwise at this point. DoD OIG will cooperate fully with the DoJ OIG’s investigation of this matter and looks forward to the results of that investigation,” Serchak said.

Crane considers this latest inquiry a bellwether for whether the whistleblower system can reform itself in a post-Snowden era.

“Snowden responded to the way Drake was handled. The Office of Special Council investigation regarding destruction of possibly exculpatory documents regarding Drake might be the end of this saga,” Crane said.

Bron: www.theguardian.com

quote:

Eric Holder says Edward Snowden performed a 'public service'

quote:

Chicago (CNN)Former U.S. Attorney General Eric Holder says Edward Snowden performed a "public service" by triggering a debate over surveillance techniques, but still must pay a penalty for illegally leaking a trove of classified intelligence documents.
"We can certainly argue about the way in which Snowden did what he did, but I think that he actually performed a public service by raising the debate that we engaged in and by the changes that we made," Holder told David Axelrod on "The Axe Files," a podcast produced by CNN and the University of Chicago Institute of Politics.

quote:

Official correspondence reveals lack of scrutiny of MI5's data collection | UK news | The Guardian

Privacy International releases letters that it says show ‘cosy’ relationship between watchdog and intelligence operations


The watchdog that monitors interception of emails and phone calls by the intelligence services allowed MI5 to escape regular scrutiny of its bulk collection of communications data, according to newly released confidential correspondence.

A highly revealing exchange of letters from 2004 has been published by Privacy International (PI) before Monday’s parliamentary debate on the investigatory powers bill, sometimes called the snooper’s charter.

The campaign group argues that the letters demonstrate the relationship between government agencies and the independent organisation that is supposed to oversee and regulate their activities has been too “cosy”.

The correspondence has been disclosed in the course of legal action between PI and the government at the investigatory powers tribunal (IPT) which is due to be heard in full this year. The IPT deals with complaints about the intelligence services and surveillance by public bodies. GCHQ is alleged to be illegally collecting “bulk personal datasets” from the phone and internet records of millions of people who have no ties to terrorism and are not suspected of any crime.

The letters were sent by Home Office legal advisers, GCHQ and Sir Swinton Thomas, who was the interception of communications commissioner. The organisation is now called the Interception of Communications Commissioner’s Office (IOCCO).

In May 2004, a Home Office legal adviser wrote to Thomas backing an MI5 proposal that collecting bulk data from communication service providers for its “database project” be authorised under section 94 of the 1984 Telecommunications Act because, at that stage, there were no human rights implications or breach of privacy concerns. Using that act would not require a notice to be put before parliament because it could be used secretively on the grounds that “disclosure of the direction would be against the interests of national security”.

Thomas wrote back the following month, expressing reservations about such clandestine authorisation. He proposed that it would be better to use the more modern and exacting Regulation of Investigatory Powers Act 2000 (Ripa), which involves more open legal procedures and safeguards.

Related: GCHQ hacking does not breach human rights, security tribunal rules

The Home Office responded, saying that, although Ripa might be engaged, it did not think that meant it must be used. The letter continued: “The only practical difference between the two sets of provisions is if [Ripa] were used, a new notice would need to be issued every month … involving a fresh consideration of the necessity and proportionality issues. This would not be the case under section 94 [of the Telecommunications Act].”

Thomas backed down, replying that, “on reconsideration”, use of Ripa was not mandatory. He added: “I am also impressed by the considerable and, if possible to be avoided, inconvenience in following the [Ripa] procedure in the database procedures.”

GCHQ wrote to Thomas in October that year after he had visited its Cheltenham headquarters. “Huges volumes of data are acquired (about 40m bits of data a day),” it informed him. “In the interests of security and commercial confidentiality, GCHQ prefers to keep all the telephony material together in one database … to disguise its source, as the origin of some of the material is extremely sensitive.”

GCHQ also asked whether access to communications data for its databases would be lawful under the Telecommunications Act rather than the more burdensome Ripa.

Thomas said it was not a straightforward problem but eventually acquiesced, saying: “I have, therefore, reached the conclusion, not without some difficulty, that the present system for retrieval [under the Telecommunications Act] is lawful. As you say, adhering to the spirit of the legislation is important.”

The debate goes some way to explain official thinking on the legal distinction between anonymised bulk data collection and a second stage of interception where material may be matched to individuals.

The latest revelation follows an earlier release of confidential documents by PI last month that showed how GCHQ, MI5 and MI6 obtain personal data from public and private organisations, including financial institutions, the NHS, electronic petitions record databases and others.

Privacy International said the letters exemplified the “total failure” of oversight.

Caroline Wilson Palow, the organisation’s general counsel, said: “The documents demonstrate the government’s troubling history of over-reaching in order to expand its surveillance powers while minimising safeguards.

“This discussion, between lawyers for MI5 and GCHQ and the interception of communications commissioner, is also an illuminating example of how oversight can go wrong when it lacks sufficient transparency, resources and advocates for the individuals whose privacy may be violated.

“We think the commissioner’s conclusions were incorrect, permitting GCHQ to acquire communications data in bulk under a broad and secret interpretation of a power to which few safeguards attach. Indeed, the commissioner even agrees with GCHQ and MI5 that collecting our communications data from service providers would not be an interference with our privacy – a position that would likely come as a surprise to most of us and is in direct conflict with recent court decisions.”

Sir Stanley Burnton, the interception commissioner at IOCCO, said: “We have recently concluded our comprehensive review of section 94 [Telecommunications Act] directions which have been issued by secretaries of state from various government departments since the late 1990s, after taking this additional oversight on at the request of the prime minister in 2015.

“Our review has been very challenging because all the section 94 directions are subject to statutory secrecy provisions which limit severely what we are able to say publicly about them. Nevertheless, our review report sets out an extensive series of recommendations which must be implemented in order to clarify and bring consistency to the procedures in place, remedy the lack of record-keeping requirements and codified processes and ensure that we are able to undertake this additional oversight and audit of the giving and use of section 94 directions properly. Our report is due to be published at the end of June or early July.”

“We welcome and support Privacy International’s proposal for oversight bodies to be supported by public interest advocates and their calls for further transparency in these matters.”

Bron: www.theguardian.com

quote:

NSA Looking to Exploit Internet of Things, Including Biomedical Devices, Official Says

The National Security Agency is researching opportunities to collect foreign intelligence — including the possibility of exploiting internet-connected biomedical devices like pacemakers, according to a senior official.

“We’re looking at it sort of theoretically from a research point of view right now,” Richard Ledgett, the NSA’s deputy director, said at a conference on military technology at Washington’s Newseum on Friday.

Biomedical devices could be a new source of information for the NSA’s data hoards — “maybe a niche kind of thing … a tool in the toolbox,” he said, though he added that there are easier ways to keep track of overseas terrorists and foreign intelligence agents.

When asked if the entire scope of the Internet of Things — billions of interconnected devices — would be “a security nightmare or a signals intelligence bonanza,” he replied, “Both.”

“As my job is to penetrate other people’s networks, complexity is my friend,” he said. “The first time you update the software, you introduce vulnerabilities, or variables rather. It’s a good place to be in a penetration point of view.”

Bron: theintercept.com

quote:

Snooper's charter: GCHQ will be licensed 'to hack a major town'

quote:

The security services are to receive a licence for hacking into the phones and laptops of a “major town” under the snooper’s charter legislation, which reaches the House of Lords next week.

The broad nature of the hacking powers to be handed to GCHQ are disclosed in an obscure case study in a background Home Office document setting out the operational case for their use.

This shows that all the phones and laptops in a “major town” could be hacked into, as long as the town were overseas and the action were necessary for national security purposes. The example used in the case study is identifying the phones and laptops being used by a terrorist group planning an attack on Western tourists in a major town.
The stories you need to read, in one handy email
Read more

The home secretary, Theresa May, has asked the official terror law watchdog, David Anderson QC, to conduct a speedy review this summer of whether such “bulk powers” are needed by the security services, and whether the information cannot be gained by less intrusive means.

quote:

In Wisconsin, a Backlash Against Using Data to Foretell Defendants’ Futures

quote:

CHICAGO — When Eric L. Loomis was sentenced for eluding the police in La Crosse, Wis., the judge told him he presented a “high risk” to the community and handed down a six-year prison term.

The judge said he had arrived at his sentencing decision in part because of Mr. Loomis’s rating on the Compas assessment, a secret algorithm used in the Wisconsin justice system to calculate the likelihood that someone will commit another crime.

Mr. Loomis has challenged the judge’s reliance on the Compas score, and the Wisconsin Supreme Court, which heard arguments on his appeal in April, could rule in the coming days or weeks. Mr. Loomis’s appeal centers on the criteria used by the Compas algorithm, which is proprietary and as a result is protected, and on the differences in its application for men and women.

The debate in Wisconsin highlights a broader national discussion about how law enforcement officials use predictive data — including deciding which streets to patrol, identifying people at risk of being shot and calculating the likelihood of recidivism.

quote:

Snowden uit kritiek op privacywet Rusland | NU - Het laatste nieuws het eerst op NU.nl

Snowden uit kritiek op privacywet Rusland

Na zijn onthullingen over Amerikaanse en Britse afluisterpraktijken, mengt klokkenluider Edward Snowden zich nu in het privacydebat in Rusland.

Het parlement van zijn tijdelijke thuisland heeft een nieuwe "Big Brother-wet" aangenomen die "alle Russen geld en vrijheid gaat kosten, zonder de veiligheid te vergroten", schreef Snowden op Twitter.

Het parlement van zijn tijdelijke thuisland heeft een nieuwe "Big Brother-wet" aangenomen die "alle Russen geld en vrijheid gaat kosten, zonder de veiligheid te vergroten", schreef Snowden op Twitter.

ICT-expert Snowden vindt dat de wet niet moet worden ondertekend. Daarmee doet hij een indirect beroep op president Vladimir Poetin, die de wet zou kunnen tegenhouden.

Om terrorisme tegen te gaan wil Rusland onder meer telecombedrijven dwingen om gegevens langer op te slaan voor opsporingsdoeleinden.

Edward Snowden kreeg in 2014 tijdelijk asiel in Rusland, omdat hij in de VS wordt gezocht voor het openbaar maken van staatsgeheimen. Hij mag er drie jaar blijven.

Eigenlijk had hij naar Zuid-Amerika gewild, maar daar kon hij niet komen doordat de Amerikaanse autoriteiten zijn paspoort introkken. Waar hij volgend jaar naartoe zal gaan, is nog onbekend.
Bron: www.nu.nl

quote:

Germany to further curb activities of spy agency in wake of NSA scandal

quote:

Germany has approved new measures to rein in the activities of its foreign intelligence agency after a scandal over improper collusion with the US National Security Agency.

Two months after replacing the head of the BND service over the damning revelations, chancellor Angela Merkel’s cabinet signed off on the reforms to keep the country’s spies on a tighter leash.

Oversight of the spy agency directly from Merkel’s office will be beefed up with an external watchdog panel of jurists, and the list of duties the BND carries out for the NSA has been overhauled.

While intelligence-gathering from EU institutions or partner states will not be explicitly banned, it will be limited by law to “information to recognise and confront threats to internal or external security”. Economic espionage is barred.

The reforms, which require approval from parliament, are based on the findings of a government-appointed investigator into claims that the BND spied on its European allies for the NSA.

The 300-page report found the NSA had kept a long list of European government offices as targets for espionage and that the US had thus “clearly violated treaty agreements”.

The investigation was based on a review of telephone numbers and IP addresses the NSA handed to the BND’s surveillance apparatus with the request that the results to be sent back to the US.

The findings indicated that over the years the BND whittled down the list of thousands of NSA targets while still maintaining cooperation.

Germany reacted with outrage when information leaked by former NSA contractor Edward Snowden revealed in 2013 that US agents were carrying out widespread tapping worldwide, including of Merkel’s mobile phone.

Merkel, who grew up in communist East Germany where state spying on citizens was rampant, declared repeatedly that “spying among friends is not on” while acknowledging Germany’s reliance on the US in security matters.

quote:

Rechter: Microsoft hoeft niet zomaar mails vrij te geven - rtlz.nl

Ook in de digitale wereld spelen landsgrenzen nog steeds een rol, blijkt uit een uitspraak van de rechter van het Court of Appeals for the Second Circuit. Microsoft hoeft e-mails die zijn opgeslagen bij datacenters in Ierland niet over te dragen.

De Amerikaanse overheid wil informatie van een Hotmailgebruiker, wiens e-mails staan opgeslagen in een datacenter van Microsoft in Ierland. Dat mag niet, blijkt uit het oordeel.

Amerikaanse bedrijven kunnen niet zomaar gedwongen worden om data vrij te geven die in het buitenland staat opgeslagen, oordeelde het hof. De uitspraak is opvallend, want een lagere rechter oordeelde eerder het tegenovergestelde. Die oordeelde dat een Amerikaans bedrijf gewoon informatie moet overdragen als de rechter daarom vraagt, ongeacht waar de gegevens opgeslagen staan.

Microsoft was het daarmee oneens. "Wij zeggen: nee, de Ierse wet is hierop van toepassing, dus je moet eerst naar Ierse overheid. En die moet ons dan vragen of we het willen overdragen. Waarom doen we dit? Omdat we het heel belangrijk vinden dat in een digitale wereld landsgrenzen blijven gelden. Klanten moeten informatie kunnen opslaan in bepaalde regio’s, wetende dat ook echt de lokale wetgeving van toepassing is", vertelde Jochem de Groot, de public affairs-man van het bedrijf, eerder tegen RTL Z.

De multinational was de eerste Amerikaanse onderneming die de overheid uitdaagde en weigerde om zomaar gegevens over te dragen die buiten de landsgrenzen staan opgeslagen. Microsoft is niet het enige dat worstelt met de grote hoeveelheden privacygevoelige informatie die de Amerikaanse overheid opvraagt. Ook eBay, Amazon en Apple krijgen bijvoorbeeld regelmatig verzoeken.
Bron: www.rtlz.nl

quote:

Bulk data collection only lawful in serious crime cases, ECJ rules

European court ruling backs David Davis and Tom Watson and could have serious impact on so-called snooper’s charter

Retaining data from telephone calls and emails is legal only if law enforcement agencies use it to tackle serious crime, the EU’s highest court has ruled.

The preliminary finding by the influential European court of justice (ECJ) in Luxembourg came in response to a legal challenge that was brought initially by David Davis, when he was a backbench Conservative, and Tom Watson, Labour’s deputy leader, over the legality of GCHQ’s bulk interception of call records and online messages.

Davis, one of the most vociferous critics of the state’s powers to collect data on its citizens, quietly withdrew from the case after his appointment to the cabinet. Many had commented on his involvement in the case at the EU’s highest court, after he was appointed secretary of state for leaving the European Union.

In an opinion likely to be followed by the full court, the advocate general, Henrik Saugmandsgaard Øe, clarified EU law after the two MPs successfully argued in British courts that the Data Retention and Investigatory Powers Act (Dripa) 2014 was illegal.

The ECJ’s advocate general said: “Solely the fight against serious crime is an objective in the general interest that is capable of justifying a general obligation to retain data, whereas combating ordinary offences … are not.” Only the data associated with calls and emails is retained not the content of messages.

The preliminary ruling appears to bring European data retention practices closer into line with the debate over the passage of the UK’s investigatory powers bill over what safeguards should be imposed for bulk interception and retention of data.

The court’s final decision will be delivered in the coming months. The vast majority of judgments follow the line set out by the advocate general.

Davis and Watson, who were supported by the Law Society, had already won a high court victory on the issue but the government appealed and the case was referred to the ECJ.

At issue was whether there are EU standards on data retention that need to be respected by member states in their domestic legislation. The result, though significant in the short term, may eventually prove academic once the UK has withdrawn from the EU and the ECJ no longer has judicial authority over the UK.

Before he became a minister under Theresa May, Davis travelled to Luxembourg this spring to hear the case being argued at the ECJ. He has argued that the British government is “treating the entire nation as suspects” by ignoring safeguards on retaining and accessing personal communications data.

The outcome of the Dripa case, which was heard by 15 European judges in Luxembourg, is likely to have a significant impact on the ultimate shape of the controversial investigatory powers bill – it has been nicknamed the snooper’s charter – now before parliament.

The case has been heard amid successive jihadi atrocities in Paris, Brussels and Nice that have reinforced political demands for the expansion of powers to intercept emails and phone calls to help catch Islamic State militants operating on the continent.

During the Luxembourg hearing, lawyers for the UK government maintained that intercepted communications had been at the heart of every terrorist case investigated by police and the security services in recent years.

quote:

Court gave NSA broad leeway in surveillance, documents show

Virtually no foreign government is off-limits for the National Security Agency, which has been authorized to intercept information “concerning” all but four countries, according to top-secret documents.

The United States has long had broad no-spying arrangements with those four countries — Britain, Canada, Australia and New Zealand — in a group known collectively with the United States as the Five Eyes. But a classified 2010 legal certification and other documents indicate the NSA has been given a far more elastic authority than previously known, one that allows it to intercept through U.S. companies not just the communications of its overseas targets but any communications about its targets as well.

The certification — approved by the Foreign Intelligence Surveillance Court and included among a set of documents leaked by former NSA contractor Edward Snowden — lists 193 countries that would be of valid interest for U.S. intelligence. The certification also permitted the agency to gather intelligence about entities including the World Bank, the International Monetary Fund, the European Union and the International Atomic Energy Agency.

The NSA is not necessarily targeting all the countries or organizations identified in the certification, the affidavits and an accompanying exhibit; it has only been given authority to do so. Still, the privacy implications are far-reaching, civil liberties advocates say, because of the wide spectrum of people who might be engaged in communication about foreign governments and entities and whose communications might be of interest to the United States.

“These documents show both the potential scope of the government’s surveillance activities and the exceedingly modest role the court plays in overseeing them,” said Jameel Jaffer, deputy legal director for the American Civil Liberties Union, who had the documents described to him.

NSA officials, who declined to comment on the certification or acknowledge its authenticity, stressed the constraints placed on foreign intelligence-gathering. The collection must relate to a foreign intelligence requirement — there are thousands — set for the intelligence agencies by the president, the director of national intelligence and various departments through the National Intelligence Priorities Framework.

Furthermore, former government officials said, it is prudent for the certification to list every country — even those whose affairs do not seem to immediately bear on U.S. national security interests or foreign policy.

“It’s not impossible to imagine a humanitarian crisis in a country that’s friendly to the United States, where the military might be expected on a moment’s notice to go in and evacuate all Americans,” said a former senior defense official who spoke on the condition of anonymity to discuss sensitive matters. “If that certification did not list the country,” the NSA could not gather intelligence under the law, the former official said.

The documents shed light on a little-understood process that is central to one of the NSA’s most significant surveillance programs: collection of the e-mails and phone calls of foreign targets under Section 702 of the 2008 FISA Amendments Act.

The foreign-government certification, signed by the attorney general and the director of national intelligence, is one of three approved annually by the Foreign Intelligence Surveillance Court, pursuant to the law. The other two relate to counterterrorism and counterproliferation, according to the documents and former officials.

Under the Section 702 program, the surveillance court also approves rules for surveillance targeting and for protecting Americans’ privacy. The certifications, together with the National Intelligence Priorities Framework, serve as the basis for targeting a person or an entity.

The documents underscore the remarkable breadth of potential “foreign intelligence” collection. Though the FISA Amendments Act grew out of an effort to place under statute a surveillance program devoted to countering terrorism, the result was a program far broader in scope.

An affidavit in support of the 2010 foreign-government certification said the NSA believes that foreigners who will be targeted for collection “possess, are expected to receive and/or are likely to communicate foreign intelligence information concerning these foreign powers.”

That language could allow for surveillance of academics, journalists and human rights researchers. A Swiss academic who has information on the German government’s position in the run-up to an international trade negotiation, for instance, could be targeted if the government has determined there is a foreign-
intelligence need for that information. If a U.S. college professor e-mails the Swiss professor’s e-mail address or phone number to a colleague, the American’s e-mail could be collected as well, under the program’s court-approved rules.

Even the no-spy agreements with the Five Eye countries have exceptions. The agency’s principal targeting system automatically filters out phone calls from Britain, Canada, Australia and New Zealand. But it does not do so for their 28 sovereign territories, such as the British Virgin Islands. An NSA policy bulletin distributed in April 2013 said filtering out those country codes would slow the system down.

“Intelligence requirements, whether satisfied through human sources or electronic surveillance, involve information that may touch on almost every foreign country,” said Timothy Edgar, former privacy officer at the Office of the Director of National Intelligence and now a visiting fellow at Brown University’s Watson Institute for International Affairs.

Those efforts could include surveillance of all manner of foreign intelligence targets — anything from learning about Russian anti-submarine warfare to Chinese efforts to hack into American companies, Edgar said. “It’s unlikely the NSA would target academics, journalists or human rights researchers if there was any other way of getting information,” he said.

A spokeswoman for the NSA, Vanee Vines, said the agency may only target foreigners “reasonably believed to be outside the United States.”

Vines noted that in January, President Obama issued a policy directive stating that U.S. surveillance “shall be as tailored as feasible.” He also directed that the United States no longer spy on dozens of foreign heads of state and that sensitive targeting decisions be subject to high-level review.

“In short, there must be a particular intelligence need, policy approval and legal authorization for U.S. signals intelligence activities, including activities conducted pursuant to Section 702,” Vines said.

On Friday, the Office of the Director of National Intelligence released a transparency report stating that in 2013 the government targeted nearly 90,000 foreign individuals or organizations for foreign surveillance under the program. Some tech-
industry lawyers say the number is relatively low, considering that several billion people use U.S. e-mail services.

Still, some lawmakers are concerned that the potential for intrusions on Americans’ privacy has grown under the 2008 law because the government is intercepting not just communications of its targets but communications about its targets as well. The expansiveness of the foreign-powers certification increases that concern.

In a 2011 FISA court opinion, a judge using an NSA-provided sample estimated that the agency could be collecting as many as 46,000 wholly domestic e-mails a year that mentioned a particular target’s e-mail address or phone number, in what is referred to as “about” collection.

“When Congress passed Section 702 back in 2008, most members of Congress had no idea that the government was collecting Americans’ communications simply because they contained a particular individual’s contact information,” Sen. Ron Wyden (D-Ore.), who has co-sponsored ­legislation to narrow “about” collection authority, said in an e-mail to The Washington Post. “If ‘about the target’ collection were limited to genuine national security threats, there would be very little privacy impact. In fact, this collection is much broader than that, and it is scooping up huge amounts of Americans’ wholly domestic communications.”

Government officials argue that the wholly domestic e-mails represent a tiny fraction — far less than 1 percent — of the volume collected. They point to court-
imposed rules to protect the privacy of U.S. persons whose communications are picked up in error or because they are in contact with foreign targets.

In general, if Americans’ identities are not central to the import of a communication, they must be masked before being shared with another agency. Communications collected from companies that operate high-volume cables — instead of directly from technology firms such as Yahoo or Google — are kept for two years instead of five. Some of the most sensitive ones are segregated and may not be used without written permission from the NSA director.

Privacy advocates say the rules are riddled with exceptions. They point out that wholly domestic communications may be kept and shared if they contain significant foreign intelligence, a term that is defined broadly, or evidence of a crime. They also note that the rules allow NSA access to certain attorney-client communications, pending review by the agency’s general counsel.

Jennifer Granick, the director of civil liberties at the Stanford Center for Internet and Society, expressed concern about the prospect of capturing e-mails and phone calls of law-abiding foreigners. “The breadth of the certification suggests that the court is authorizing the government to spy on average foreigners and doesn’t exercise much if any control beyond that,” she said.

Some former officials say that the court’s role has been appropriately limited when it comes to foreign targeting decisions, which traditionally have been the purview of the executive branch. The court generally has focused on ensuring that domestic surveillance is targeted at foreign spies or agents of a foreign power.

“Remember, the FISA court is not there to protect the privacy interests of foreign people,” the former defense official said. “That’s not its purpose, however noble the cause might be. Its purpose is to protect the privacy interests of persons guaranteed those protections under the Constitution.”

The only reason the court has oversight of the NSA program is that Congress in 2008 gave the government a new authority to gather intelligence from U.S. companies that own the Internet cables running through the United States, former officials noted.

Edgar, the former privacy officer at the Office of the Director of National Intelligence, said ultimately he believes the authority should be narrowed. “There are valid privacy concerns with leaving these collection decisions entirely in the executive branch,” he said. “There shouldn’t be broad collection, using this authority, of foreign government information without any meaningful judicial role that defines the limits of what can be collected.”

quote:

Frankrijk wil encryptie op Europees niveau aanpakken: kan dat zomaar? - rtlz.nl

In de strijd tegen terrorisme wil Frankrijk beveiligde chat-apps aanpakken, zoals WhatsApp en Telegram. Daarvoor wil het een Europees initiatief starten, terwijl Europa juist kritisch is op privacyinbreukmakende maatregelen.

Sinds de onthullingen van Edward Snowden over de afluisterpraktijken door geheime diensten zijn techbedrijven actief encryptie door aan het voeren. Het belangrijkste voorbeeld daarvan is WhatsApp, dat enkele maanden geleden end-to-end-encryptie voor meer dan een miljard mensen inschakelde. Hierdoor worden berichten zodanig versleuteld dat ze alleen door de ontvanger kunnen worden ingezien - en niet door WhatsApp of een derde partij.

De Franse minister van Binnenlandse Zaken, Bernard Cazeneuve, zegt dat de inlichtingendiensten veel last hebben van de toenemende mate van versleutelde communicatie. "Veel berichten gerelateerd aan het uitvoeren van terroristische aanvallen worden met encryptie verstuurd, en dat is een belangrijk probleem binnen de strijd tegen terrorisme", aldus Cazeneuve tegen Reuters.

Volgens Cazeneuve gebruikte de man die vorige maand de keel van een Franse priester doorsneed de chat-app Telegram om met sympathisanten te communiceren. Telegram is een populaire chat-app bij IS-sympathisanten: via openbare kanalen delen IS'ers regelmatig hun ervaringen en gedachten met geïnteresseerden. In tegenstelling tot WhatsApp is de end-to-end-encryptie bij Telegram optioneel.

Het is nog onduidelijk hoe Cazeneuve encryptie wil aanpakken. Dat kan bijvoorbeeld met een speciale ingang waarmee inlichtingendiensten toegang krijgen tot versleutelde communicatie. Dit wordt ook wel een achterdeurtje genoemd. Op 23 augustus praat Cazeneuve met zijn Duitse collega Thomas de Maizière over het opzetten van een Europees plan om encryptie op internationaal niveau aan te pakken.

Europa heeft nog geen officieel standpunt ingenomen over encryptie, maar volgens privacyonderzoeker Axel Arnbak van de Universiteit van Amsterdam blijkt uit recente Europese wetten dat encryptie vaak als een basisrecht wordt gezien.

De Europese privacytoezichthouder zei in juli van dit jaar (pdf) dat Europeanen end-to-end-encryptie mogen gebruiken om hun communicatie te beveiligen. Het inbouwen van een achterdeurtje zou volgens de privacytoezichthouder zelfs illegaal moeten zijn.

Arnbak verwacht dat Europa volgend jaar met een eerste wetgevingsvoorstel voor de ePrivacy-richtlijn komt, waarin staat hoe Europa over encryptie en het beveiligen van communicatie denkt. Nederland zei al eerder voor krachtige encryptie en tegen achterdeurtjes te zijn.

"De Franse minister weet waarschijnlijk niet zo veel van het internet. Hij ziet een probleem, encryptie, en denkt dat hij dat kan aanpakken zonder de bredere context te zien", aldus Arnbak. "Door encryptie te verbieden maak je cyberspionage door landen als Rusland en China gemakkelijker, en kunnen bedrijven niet meer vertrouwelijk communiceren. Je hebt in de encryptiediscussie twee keuzes: een veilig internet voor iedereen of een internet dat kwetsbaar is voor alle aanvallers."

Bron: www.rtlz.nl

quote:

The Raid

In Bungled Spying Operation, NSA Targeted Pro-Democracy Campaigner

quote:

As part of the spy mission, the NSA used its powerful global surveillance apparatus to intercept the emails and Facebook chats of people associated with a Fijian “thumbs up for democracy” campaign. The agency then passed the messages to its New Zealand counterpart, Government Communications Security Bureau, or GCSB.

One of the main targets was Fullman, a New Zealand citizen, whose communications were monitored by the NSA after New Zealand authorities, citing secret evidence, accused him of planning an “an act of terrorism” overseas.

But it turned out that the claims were baseless — Fullman, then 47, was not involved in any violent plot. He was a long-time public servant and peaceful pro-democracy activist who, like the New Zealand and Australian governments at that time, was opposed to Fiji’s authoritarian military ruler Frank Bainimarama.

Details about the surveillance are contained in documents obtained by The Intercept from NSA whistleblower Edward Snowden. More than 190 pages of top-secret NSA logs of intercepted communications dated between May and August 2012 show that the agency used the controversial internet surveillance system PRISM to eavesdrop on Fullman and other Fiji pro-democracy advocates’ Gmail and Facebook messages. Fullman is the first person in the world to be publicly identified as a confirmed PRISM target.

At the time of the spying, New Zealand’s surveillance agency was not permitted to monitor New Zealand citizens. Despite this, it worked with the NSA to eavesdrop on Fullman’s communications, which suggests he is one of 88 unnamed New Zealanders who were spied on between 2003 and 2012 in operations that may have been illegal, as revealed in an explosive 2013 New Zealand government report.

quote:

Op dinsdag 16 augustus 2016 18:21 schreef Bram_van_Loon het volgende:
Deze mensen zijn zo extreem een fossiel dat ze niet begrijpen dat gebruikers dan open standaarden van encryptie gebruiken voor het privacygevoelige verkeer, met of zonder toestemming van de overheid.

quote:

Researcher Grabs VPN Password With Tool From NSA Dump

quote:

Cisco has already warned customers about two exploits found in the NSA-linked data recently dumped by hackers calling themselves The Shadow Brokers. Now, researchers have uncovered another attack included in the cache, which they claim allows the extraction of VPN passwords from certain Cisco products—meaning hackers could snoop on encrypted traffic.

Security researcher Mustafa Al-Bassam first documented the hacking tool, which uses the codename BENIGNCERTAIN, in a blog post published Thursday. He coined the attack “PixPocket” after the hardware the tool targets: Cisco PIX, a popular, albeit now outdated, firewall and VPN appliance. Corporations or government departments might use these devices to allow only authorised users onto their network.

quote:

alleen tot meer polarisatie leiden en dus meer geweld.

Independent review of draft terrorism laws says there is strong case for allowing police and spy agencies to gather private data

The bulk collection of personal data by British spy agencies is vital in preventing terrorist attacks, an independent review of draft security legislation has found.

David Anderson QC, the independent reviewer of terrorism legislation, concluded that laws giving MI5, MI6 and GCHQ the right to gather large volumes of data from members of the public had a “clear operational purpose”.

The main findings were welcomed by the prime minister, Theresa May, but have prompted concern from Labour and privacy campaigners.

Andy Burnham, the shadow home secretary, said it was concerning that May had not accepted Anderson’s recommendation for an advisory panel on technology.

“She and the home secretary must accept the report in its entirety and deliver on the separate concessions extracted by Labour in the Commons – tougher restrictions on the use of internet connection records and stronger protections for journalists and lawyers,” Burnham said.

Liberty said the review itself had failed to bolster government and security agency claims in favour of bulk powers. “The report provides no further information to justify the agencies’ vague and hypothetical claims and instead invites the public to ‘trust us’. Post-Chilcot, this won’t wash – hard evidence is required instead,” said Bella Sankey, the pressure group’s policy director.

Last November , in her role as home secretary, May produced a draft of the communications data bill, which would give police and spies broad investigative powers they say are vital to help protect the public from criminals, paedophiles and terrorism.

Anderson’s report, published on Friday, said bulk powers “play an important part in identifying, understanding and averting threats in Great Britain, Northern Ireland and further afield”. The techniques were used across the range of agency activity, from cyber-defence, counter-espionage and counter-terrorism to child sexual abuse and organised crime, the review found.

It concluded that there was a “proven operational case” for three of the four powers examined, and a distinct “though not yet proven” operational case for the fourth. Anderson described the pace of technological change as “breathtaking”.

His inquiry recommended that a panel of independent academics and industry experts be appointed to advise on the impact of changing technology, and how the intelligence agencies could reduce the “privacy footprint” of their activities.

quote:

OM: versleutelde diensten als WhatsApp steeds groter probleem | NOS

Het Openbaar Ministerie heeft steeds meer last van versleuteling, waardoor berichten van verdachten niet of nauwelijks kunnen worden ontcijferd. Dat zegt officier van justitie Martijn Egberts tegen de NOS. Ook de AIVD worstelt met versleutelde communicatie, laat een woordvoerder weten.

Het OM wil graag toch toegang tot versleutelde informatie. "Wat wij het liefst zouden zien is dat we, na toetsing door een rechter, toch bij die versleutelde informatie zouden kunnen", zegt Egberts. Dat zou kunnen betekenen dat bedrijven als WhatsApp toegang zouden moeten geven tot versleutelde berichten van gebruikers. WhatsApp zegt dat dat op dit moment niet mogelijk is.

Egberts trekt daarbij de vergelijking met de telefoontap. Hij wijst erop dat het aftappen van telefoonverkeer overal ter wereld al tientallen jaren mogelijk is. "Het is toch wel opmerkelijk dat er nu zo veel manieren zijn om te communiceren zonder dat de overheid toegang kan krijgen." Overigens staat Nederland bekend als een land dat relatief snel naar de telefoontap grijpt.

Meer en meer apps bieden versleutelde communicatie aan, en telefoons zijn vaak standaard versleuteld. Bij versleuteling wordt informatie wiskundig door elkaar gehusseld, zodat onbevoegden bestanden en appjes niet kunnen bekijken. Communicatie wordt steeds vaker 'end-to-end' versleuteld, waarbij alleen de verzender en ontvanger kunnen meelezen, en zelfs de maker van de app geen toegang heeft tot de inhoud van berichten. Sinds dit voorjaar doet het populaire WhatsApp dat standaard.

Dat heeft veel voordelen. "Versleuteling maakt het internet voor ons allemaal veiliger", zegt Rejo Zenger van burgerrechtenbeweging Bits of Freedom. Versleutelde laptops kunnen door dieven niet worden uitgelezen en sterke encryptie maakt meelezen door hackers met kwade bedoelingen veel moeilijker. Daar is het OM het overigens mee eens. "Bedrijven en burgers moeten veilig kunnen communiceren", zegt Egberts.

Maar de politie en geheime diensten klagen dat versleuteling hen het werk moeilijker maakt: ook zij kunnen niet meer meelezen. Volgens Egberts gebeurt het dat onderzoeken stuklopen doordat verdachten encryptie gebruiken. "In het overgrote deel van onderzoeken naar georganiseerde misdaad komen we encryptie tegen, die het moeilijker maken om op te sporen", zegt Egberts. "Dan moet je denken aan liquidaties, afpersingen, drugszaken en kinderporno."

Woensdag brachten de Verenigde Naties een rapport uit waarin experts aanstippen dat zelfs de meest geavanceerde inlichtingendiensten niet meer bij grote hoeveelheden communicatie kunnen. Daar staat tegenover dat bijvoorbeeld de aanslagplegers die in november een bloedbad aanrichtten in Parijs zonder versleuteling communiceerden, maar dat die aanslag niet kon worden voorkomen.

De roep om versleuteling aan banden te leggen klinkt luider sinds de recente aanslagen in Europa. De Franse minister van Binnenlandse Zaken pleit voor Europese maatregelen; dinsdag overlegt hij daarover met zijn Duitse collega. Ook Egberts van het Openbaar Ministerie pleit voor een Europese aanpak. "Het is de vraag of we toegang kunnen krijgen tot versleutelde informatie", zegt Egberts. "Er is geen simpele oplossing voor. Maar we zullen in elk geval in internationaal verband moeten praten over de vraag hoe we dit probleem het hoofd kunnen bieden."

Het omzeilen van encryptie is technisch ingewikkeld en ligt gevoelig. Een van de opties is om verdachten te hacken, zodat berichten kunnen worden onderschept voordat de encryptie wordt opgezet. Het kabinet wil dat al langer mogelijk maken. Maar dat levert op zichzelf ook weer privacybezwaren op; volgens critici is een hack een veel grotere privacy-inbreuk dan een telefoontap.

Een andere optie is om een achterdeurtje in te brengen in encryptie: de geheime diensten en de politie zouden dan een soort digitale loper kunnen krijgen om alsnog verkeer uit te lezen. Ook zouden chat-apps en telefoonbedrijven de opdracht kunnen krijgen om encryptie in bepaalde gevallen helemaal uit te schakelen.

"Dat is een heel slecht idee", zegt hoogleraar computerbeveiliging Michel van Eeten van de TU Delft. "Het verleden wijst uit dat dit soort achterdeurtjes misbruikt worden. Niet alleen door overheden, maar ook door criminelen, die de achterdeurtjes ontdekken." Van Eeten snapt de wens van overheden. "Maar als je encryptie verzwakt, doe je dat ook voor de 99 procent die geen kwaad in de zin heeft."

Dat vindt ook Bits of Freedom. "Het zou toch bizar zijn als de overheid de beveiliging van het internet omlaag wil schroeven?", vraagt Zenger van die organisatie zich af. "Daarmee zouden ze het werk van criminelen juist makkelijker maken." Die criminelen kunnen dan immers makkelijk bij gegevens van burgers, is de gedachte. Dat was dan ook de reden dat Apple niet wilde meewerken toen de FBI toegang wilde tot de telefoon van de San Bernandino-schutter.

Ook de Europese privacywaakhond EDPS keert zich tegen het afzwakken van encryptie. Achterdeurtjes zouden moeten worden verboden en onkraakbare encryptie moet worden toegejuicht, aldus die organisatie.

Overigens zegt het kabinet in te zien dat goede encryptie van belang is, en dat het geen voorstander is van het afzwakken van encryptie. Maar tegelijkertijd zegt het kabinet in een rapport dat het een 'antwoord' wil hebben op encryptie waardoor communicatie van terroristen niet meer kan worden ingezien.

Wat dat antwoord precies is, wordt niet vermeld. Maar er liggen al een tijdje wetsvoorstellen klaar die de politie in staat stellen verdachten te laten hacken en waarmee de geheime diensten op veel grotere schaal mogen aftappen. De Raad van State en het parlement moeten zich daar nog over buigen.

Bron: nos.nl

SPOILER

Om spoilers te kunnen lezen moet je zijn ingelogd. Je moet je daarvoor eerst gratis Registreren. Ook kun je spoilers niet lezen als je een ban hebt.

quote:

New Zealand MP complains emails are being blocked - BBC News

The Speaker of New Zealand's parliament is investigating a complaint that MPs' emails are being screened and, in some cases, blocked.

The discovery was made by Chris Hipkins of the opposition Labour Party when he tried to send a message to a journalist, the New Zealand Herald reports. According to Mr Hipkins, the email was blocked by the parliamentary mail service because it contained "sensitive words". Further investigation among Labour staff found other instances where emails were filtered in recent weeks.

The email in question contained a document obtained under the Official Information Act, which previously had a government security classification, Radio New Zealand reports. Parliamentary Services, which manages MPs' emails, said the message was stopped because it was being sent to an address outside the government's secure system and contained trigger words.

"That's outrageous, they have no right to be screening emails sent by members of parliament," says Mr Hipkins.

One of the "sensitive words" which caused this particular mail to be filtered was the word "sensitive", according to Stuff.co.nz. But Mr Hipkins seems unamused by this ironic turn of events, and says the filtering is "a clear breach of parliamentary privilege".

"What they have done is tipped us off to the fact that they're monitoring what we're sending in our emails, which is completely unacceptable," he says, raising the memory of a previous scandal in 2013 when emails between MP Peter Dunne and a journalist were wrongly given to a ministerial inquiry. That affair resulted in the head of Parliamentary Services resigning from his post.

Speaker David Carter will deliver a report to parliament regarding the complaint on 14 September.

Bron: www.bbc.com

quote:

Kabinet trekt 20 miljoen uit voor aftappen internet door AIVD - rtlz.nl

De 20 miljoen euro wordt genoemd in de Rijksbegroting van het ministerie van Binnenlandse Zaken en Koninkrijksrelaties, en wordt mede verdeeld onder d ministeries van Defensie en Algemene Zaken. Het bedrag is 5 miljoen hoger dan werd begroot: de geheime dienst verwachtte eerder dat het 15 miljoen euro nodig had om de nieuwe bevoegdheden - het op grote schaal aftappen van de internetkabel - te kunnen uitvoeren.

De AIVD mag al een gerichte tap op de kabel plaatsen, bijvoorbeeld wanneer ze een computer van een verdachte willen aftappen. Met de aankomende herziening van de Wet op de inlichtingen- en veiligheidsdiensten (Wiv) wordt het voor de geheime diensten mogelijk om het kabelverkeer op grote schaal af te tappen.

Dit betekent dat de geheime dienst bijvoorbeeld al het kabelverkeer uit een Amsterdamse wijk mag aftappen als zich daar mogelijk een terreurverdachte schuilhoudt.

Na de implementatie van de nieuwe Wiv, die nog in de Tweede Kamer moet worden behandeld en waarschijnlijk volgend jaar wordt ingevoerd, blijft de begroting voor het aftappen van het internet 20 miljoen euro. Dat is minder dan de 35 miljoen euro die het kabinet aanvankelijk berekende. Het geld wordt onder andere besteed aan het tappen op vier strategische locaties, zoals internetknooppunten en datacentra, en het opslaan en analyseren van de verkregen data.

De totale begroting van de AIVD bedraagt volgend jaar 215 miljoen en loopt tot 2020 op tot 230 miljoen per jaar.

De AIVD wil met de nieuwe Wiv vooral metadata verzamelen, zoals wie met wie communiceert en vanuit welke locatie. Metadata kunnen een gedetailleerd beeld geven van iemands leven. Daarom moet de AIVD voor tapverzoeken goedkeuring krijgen van een onafhankelijke toezichthouder bestaande uit rechters. Dat biedt volgens het kabinet voldoende waarborgen voor de privacy van burgers.

De geheime dienst benadrukt dat het niet opeens met jouw e-mails en WhatsApp-berichtjes mee gaat lezen. De geheime dienst heeft naar eigen zeggen 'niet eens de capaciteit om iedereen in de gaten te houden'.

Bron: www.rtlz.nl

quote:

'Yahoo scande miljoenen e-mails voor geheime dienst VS' | NOS

De Amerikaanse internetgigant Yahoo heeft voor een geheime dienst in de VS honderden miljoenen inkomende e-mails van de eigen klanten doorzocht, meldt Reuters. Het Britse persbureau kreeg de informatie van twee oud-medewerkers en een derde ingewijde, die allen anoniem willen blijven.

Yahoo zou gehoor hebben gegeven aan een geheime opdracht van de Amerikaanse regering om e-mails van Yahoo-accounts te scannen voor de NSA of FBI. Het bedrijf ontwikkelde daarvoor een speciaal zoekprogramma, aldus Reuters.

Het is niet bekend welke informatie de geheime dienst precies wilde hebben. Volgens de informanten moest Yahoo zoeken naar specifieke letter-, cijfer- of andere tekens in een gegeven volgorde. Het zou ook om een zin kunnen gaan.

Volgens de twee voormalige Yahoo-medewerkers ontstond er commotie in de top van het bedrijf toen Yahoo-baas Marissa Mayers besloot gehoor te geven aan de opdracht. De directeur internetveiligheid stapte vorig jaar zomer op in verband met deze kwestie.

Noch Yahoo, noch de opgestapte topman wil ingaan op de berichten over het tappen van e-mails. Yahoo wil alleen kwijt dat het bedrijf de Amerikaanse wetgeving respecteert.

Of de geheime dienst ook andere internetbedrijven heeft benaderd met dezelfde vraag, weet Reuters niet.

De Amerikaanse wetgeving staat veiligheidsdiensten toe telefoon- en internetdata op te vragen bij telecomproviders. Nadat ex-NSA-medewerker Edward Snowden enkele jaren geleden bekendmaakte hoe omvangrijk de afluisterpraktijken in werkelijkheid waren, besloot justitie het tappen te beperken.

De Yahoo-zaak, indien bevestigd, is uniek omdat alle inkomende e-mail werd doorzocht in plaats van opgeslagen bestanden, en omdat Yahoo er een speciaal zoekprogramma voor ontwikkelde.

Bron: nos.nl

quote:

FBI pakt NSA-werknemer op na diefstal supergeheime hackcodes - rtlz.nl

De FBI heeft een consultant gearresteerd die voor de NSA werkt en super geheime codes heeft gestolen. Met de gegevens zou in computersystemen van landen als Rusland, China, Iran en Noord Korea ingebroken kunnen worden.

Dat schreef de New York Times als eerste op basis van anonieme bronnen. Het ministerie van Justitie in Washington bevestigde iets later dat de aangehouden 51-jarige verdachte Harold Thomas Martin heet en afkomstig is uit de staat Maryland.

De FBI heeft zes documenten met 'gevoelige informatie' gevonden. De papieren zijn in 2014 uitgegeven door 'een Amerikaans agentschap'. Deze documenten zijn volgens de FBI zeer belangrijk en hebben betrekking op een aantal nationale veiligheidskwesties. Welke dat zijn, wilden ze niet vertellen. Daarnaast zou hij voor zo'n 1000 euro aan andere spullen hebben gejat. De Amerikaanse zender ABC zegt dat Marin tot 11 jaar gevangenisstraf riskeert.

De advocaat van Martin, James Wyda, zou tegen International Business Times hebben gezegd dat er geen bewijs tegen Martin is. "Hal Martin houdt van zijn familie en zijn land. Hij diende in het leger en is toegewijd aan de gehele staat door deze te beschermen." Voor zover bekend

De nieuwe opgepakte 'uitzendkracht' werkte voor het zelfde consultancybureau als Edward Snowden: Booz Allen Hamilton. Dit bedrijf bouwt en beheert veel operaties voor de NSA. Net zoals zijn bekende oud-collega had ook Martin vanwege zijn werk toegang tot topgeheimen van de NSA.

Snowden kwam drie jaar geleden in het nieuws na het stelen van geheime informatie van dezelfde organisatie. Later werden deze documenten doorgegeven aan journalisten, waardoor duidelijk werd hoe de NSA wereldwijd online communicatie in de gaten houdt door middel van het programma PRISM.

Bron: www.rtlz.nl

quote:

'Britse inlichtingendiensten hebben tien jaar lang wet overtreden' | NOS

De Britse inlichtingendiensten hebben ruim tien jaar lang privacywetgeving overtreden bij het verzamelen van data over Britse burgers. Dat oordeelt de toezichthouder in Groot-Brittannië, de Investigatory Powers Tribunal.

Het orgaan, dat in Groot-Brittannië de enige partij is die de praktijken van de inlichtingendiensten onder de loep kan nemen, stelt dat er jarenlang informatie werd vergaard zonder goede voorwaarden en toezicht.

De toezichthouder keek naar de manier waarop de drie inlichtingendiensten communicatie van burgers verzamelde: dat gaat over wie, waar, wanneer, hoe en met wie. De inhoud van de berichten wordt niet gevolgd. Volgens de deskundigen van de diensten is deze informatie nodig bij het identificeren van verdachten.

De Inlichtingendiensten gingen de mist in bij de wijze waarop de informatie zou moeten worden verwerkt en beheerd, stelt de toezichthouder. Zij hebben hierdoor de Europese Verklaring voor de Rechten van de Mens geschonden.

In artikel 8 staat dat alle burgers recht hebben op een privé-leven. Inbreuk daarop moet terecht zijn en daar zou nu geen sprake van zijn.

De gevolgen van deze uitspraak zijn nog onduidelijk. De zaak was aangespannen door Privacy International, een organisatie die opkomt voor de privacy van burgers.

Bron: nos.nl

quote:

Labour peers under fire for backing expansion of surveillance powers

quote:

Privacy campaigners have expressed anger over a vote by 64 Labour peers to back an expansion of state surveillance powers, within hours of a ruling by top judges that the spying agencies unlawfully scooped up personal confidential information on a massive scale for more than a decade.

The Labour peers voted with the government to ensure that major new powers are handed to the security services to get access to records tracking every citizen’s web use for the past 12 months.

The Liberal Democrat attempt to delete the powers to order the collection and storage of the new internet connection records from the investigatory powers bill in the House of Lords was voted down by 75 to 292.

It was notable that neither the former Labour home secretary Lord Blunkett nor the new shadow attorney general, and former Liberty director, Lady Chakrabarti, took part in the vote. The 64 Labour peers who voted with the government included frontbench spokespersons, Lady Hayter and Lord Rosser and the party’s chief whip, Lord Bassam.

The vote came just hours after the ruling by the investigatory powers tribunal, the only court to hear complaints against MI5, MI6 and GCHQ, that the security services had until 2015 secretly and illegally collected huge volumes of confidential data of millions of British citizens without adequate or safeguards.

The Labour peers’ vote also contrasted with a sharp attack on the investigatory powers bill by the shadow home secretary, Diane Abbott, who described it as “draconian” and said the ruling demonstrated why it needed amending.

“The latest ruling from the investigatory powers tribunal should be a sharp reminder that we should not lightly hand over powers to the security services and police and that greater accountability is needed. The government’s bill needs amending in all these areas,” said Abbott, who has sharpened Labour’s approach to the bill since the party abstained on its Commons second reading.

The Lib Dem Lord Paddick said: “Labour’s decision not to back us in opposing this huge intrusion into our privacy shows once and for all that they cannot claim to be the party of civil liberties, regardless of who sits on their benches.

“Internet connection records are ill-conceived and disproportionate and no doubt this fight will continue in the courts.”

Jim Killock, the Director of the Open Rights Group also strongly criticised the Labour peers. He said: “Labour did not table any serious amendments to this draconian legislation in the House of Lords. Labour is simply failing to hold the government to account.

“The Labour Lords had an opportunity to improve the IP bill and make it closer to becoming a surveillance law fit for a democracy not a dictatorship. They could have called for proposals to record UK citizens’ web browsing history to be scrapped or demanded that the police need independent authorisation to access our data.”

But Labour’s leader in the Lords, Angela Smith told the Guardian: “It’s pretty rich for the Lib Dems to question our peers over this, when a number of their own side also voted against the amendment. It’s also the case that we were voting to protect a concession achieved earlier in the day – and which follows our general strategy towards the bill, to try and improve it wherever necessary.

“The impressive work of Labour colleagues in the Commons during the report stage there and our own shadow home affairs team in the Lords has contributed significantly to the government’s tabling of over 300 amendments to its own bill – including on greater safeguards against abuse,” Lady Smith said.

“Appalling as the tribunal ruling is, it is historic and the regimes used to hold and collect data since 2015 have been legal and appropriate. This bill updates and improves the framework used by agencies and the way existing investigatory powers are authorised. It also enables, for the first time, judicial commissioners to veto warrant approvals made by the home secretary.”

The peers secured a concession that access to web browsing histories should not be given to the police involved in investigations into offences that carried a prison sentence of less than 12 months. The government had proposed the threshold should be six months.

quote:

'Extreme surveillance' becomes UK law with barely a whimper

Investigatory Powers Act legalises range of tools for snooping and hacking by the security services

A bill giving the UK intelligence agencies and police the most sweeping surveillance powers in the western world has passed into law with barely a whimper, meeting only token resistance over the past 12 months from inside parliament and barely any from outside.

The Investigatory Powers Act, passed on Thursday, legalises a whole range of tools for snooping and hacking by the security services unmatched by any other country in western Europe or even the US.

The security agencies and police began the year braced for at least some opposition, rehearsing arguments for the debate. In the end, faced with public apathy and an opposition in disarray, the government did not have to make a single substantial concession to the privacy lobby.

US whistleblower Edward Snowden tweeted: “The UK has just legalised the most extreme surveillance in the history of western democracy. It goes further than many autocracies.”

Snowden in 2013 revealed the scale of mass surveillance – or bulk data collection as the security agencies prefer to describe it – by the US National Security Agency and the UK’s GCHQ, which work in tandem.

But, against a backdrop of fears of Islamist attacks, the privacy lobby has failed to make much headway. Even in Germany, with East Germany’s history of mass surveillance by the Stasi and where Snowden’s revelations produced the most outcry, the Bundestag recently passed legislation giving the intelligence agencies more surveillance powers.

The US passed a modest bill last year curtailing bulk phone data collection but the victory of Donald Trump in the US presidential election is potentially a major reverse for privacy advocates. On the campaign trail, Trump made comments that implied he would like to use the powers of the surveillance agencies against political opponents.

The Liberal Democrat peer Lord Strasburger, one of the leading voices against the investigatory powers bill, said: “We do have to worry about a UK Donald Trump. If we do end up with one, and that is not impossible, we have created the tools for repression. If Labour had backed us up, we could have made the bill better. We have ended up with a bad bill because they were all over the place.

“The real Donald Trump has access to all the data that the British spooks are gathering and we should be worried about that.”

The Investigatory Powers Act legalises powers that the security agencies and police had been using for years without making this clear to either the public or parliament. In October, the investigatory powers tribunal, the only court that hears complaints against MI6, MI5 and GCHQ, ruled that they had been unlawfully collecting massive volumes of confidential personal data without proper oversight for 17 years.

One of the negative aspects of the legislation is that it fails to provide adequate protection for journalists’ sources, which could discourage whistleblowing.

One of the few positives in the legislation is that it sets out clearly for the first time the surveillance powers available to the intelligence services and the police. It legalises hacking by the security agencies into computers and mobile phones and allows them access to masses of stored personal data, even if the person under scrutiny is not suspected of any wrongdoing.

Privacy groups are challenging the surveillance powers in the European court of human rights and elsewhere.

Jim Killock, the executive director of Open Rights Group, said: “The UK now has a surveillance law that is more suited to a dictatorship than a democracy. The state has unprecedented powers to monitor and analyse UK citizens’ communications regardless of whether we are suspected of any criminal activity.”

Renate Samson, the chief executive of Big Brother Watch, said: “The passing of the investigatory powers bill has fundamentally changed the face of surveillance in this country. None of us online are now guaranteed the right to communicate privately and, most importantly, securely.”

Trump’s victory started speculation that, given his warm words for Vladimir Putin, he might do a deal with the Russian president to have Snowden sent back to the US where he faces a long jail sentence. Snowden has lived in Russia since leaking tens of thousands of documents to journalists in 2013.

But Bill Binney, a former member of the NSA who became a whistleblower, expressed scepticism: “I am not sure if the relationship a President Trump would have with President Putin would be bad for Snowden.

“In Russia, he would still be an asset that maybe Putin would use in bargaining with Trump. Otherwise, Snowden does have a large support network around the world plus in the US and Trump may not want to disturb that. Also, I think any move to get Snowden out of Russia and into US courts would also open up support for at least three other lawsuits against the US government’s unconstitutional surveillance.”

quote:

'Toezicht op gebruik nieuwe aftapwet is onvoldoende' | NOS

De commissie die de geheime diensten AIVD en MIVD moet controleren bij het gebruik van de nieuwe aftapwet heeft te weinig bevoegdheden, schrijft de Raad voor de Rechtspraak in een brief (.pdf) aan minister Plasterk. Daardoor kan de commissie niet goed controleren of de geheime diensten zich aan de wet houden.

De nieuwe wet geeft de inlichtingendiensten veel meer mogelijkheden. Nu mogen ze alleen specifieke internetverbindingen afluisteren. Als het aan het kabinet ligt, krijgen ze straks ook toegang tot grote groepen internetverbindingen. Daardoor kunnen ze informatie van veel meer mensen tegelijk binnenhalen.

In het wetsvoorstel dat onlangs is ingediend wordt een nieuwe commissie in het leven geroepen: de Toetsingscommissie Inzet Bevoegdheden (TIB). Die moet vaststellen of de aftapverzoeken, ingediend door de inlichtingendiensten bij minister Plasterk, voldoen aan de wet.

De raad vraagt zich af of de TIB dit wel goed kan doen, omdat het geen toegang krijgt tot gegevens van de inlichtingendiensten. Dit betekent dat de TIB alleen het verzoek te zien krijgt en moet oordelen of dat deze aan de eisen van de wet voldoet.


Daarnaast is er volgens de raad onduidelijkheid over wie het laatste woord heeft bij de vraag of iemand mag worden afgeluisterd. Is dat de minister of de TIB? De raad wil dat hier duidelijkheid over komt.

Het advies is op een bijzondere manier tot stand gekomen. Normaal gesproken wordt de raad gevraagd om inhoudelijk te reageren op nieuwe wetsvoorstellen. Dat is dit keer niet gebeurd, schrijft de voorzitter, en dat volgens hem zeer ongebruikelijk. Vandaar dat de raad nu op eigen initiatief zijn mening geeft.

De kritiek van de Raad voor de Rechtspraak is in lijn met wat de Raad van State eerder heeft gezegd. Naast de twijfels over het toezicht, hebben de twee organen ook vraagtekens bij de bewaartermijn. De diensten mogen straks drie jaar lang aftapte gesprekken opslaan.

Dat is volgens het kabinet nodig omdat de opgeslagen gegevens misschien niet direct, maar wel later nuttig kunnen zijn. Volgens de raad is dat het verkeerde argument; de bewaartermijn moet noodzakelijk zijn en niet alleen nuttig.

Bron: nos.nl

quote:

Rechter: 'Bondsdagcommissie mag Snowden uitnodigen'

De NSA-onderzoekscommissie van de Bondsdag mag klokkenluider Edward Snowden uitnodigen om hem als getuige te kunnen ondervragen. Dat heeft het Bundesgerichtshof vandaag bepaald.

Tot nu toe heeft de CDU-SPD-meerderheid in de parlementaire commissie een verzoek om Snowden te horen tegengehouden. De rechter heeft vandaag gezegd dat ook een minderheid in de commissie een getuige mag uitnodigen. Als zo'n aanvraag wordt ingediend, moet de regering de voorwaarden creëren waaronder Snowden kan worden gehoord. Als de regering het verzoek naast zich neerlegt, kan de commissie de zaak voorleggen aan het Constitutioneel Hof.

Snowden woont in Moskou in ballingschap, de VS willen zijn uitlevering. Zijn advocaat zegt dat hij bereid is naar Duitsland te komen als zijn veiligheid kan worden gegarandeerd. Lees meer bij Spiegel Online

quote:

Tech firms seek to frustrate internet history log law - BBC News

Plans to keep a record of UK citizens' online activities face a challenge from tech firms seeking to offer ways to hide people's browser histories.

Internet providers will soon be required to record which services their customers' devices connect to - including websites and messaging apps.

The Home Office says it will help combat terrorism, but critics have described it as a "snoopers' charter".

Critics of the law have said hackers could get access to the records.

"It only takes one bad actor to go in there and get the entire database," said James Blessing, chairman of the Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others.

"You can try every conceivable thing in the entire world to [protect it] but somebody will still outsmart you.

"Mistakes will happen. It's a question of when. Hopefully it's in tens or maybe a hundred years. But it might be next week."

The Investigatory Powers Bill was approved by the House of Lords on 19 November and is due to become law before the end of 2016.

Now, several virtual private network (VPN) operators have seized on its introduction to promote their offerings.

VPNs digitally scramble a user's internet traffic and send it to one of their own servers before passing it on to a site or app in a form they can make sense of. A similar process happens in reverse, helping mask the person's online activity.

As a result, instead of ISPs having a log of everywhere a customer has visited, the only thing they can provide to the authorities is the fact that a subscriber used a VPN.

"We saw a boom in Australia last year correlated to when its data retention law went into effect," Jodi Myers, a spokeswoman for NordVPN told the BBC.

"And we are already seeing an increase in inquiries from the UK."

Ms Myers said her firm had just begun offering UK-based customers extra security measures - including encrypting their data twice and sending it via two servers - to address any concerns that its standard measures were not sufficient.

"Our biggest advantage is we have a zero log policy," she added.

"Our headquarters are in Panama, which doesn't have data retention laws, so it allows us to do this.

"And even in the worst-case scenario that our servers are confiscated, there would be nothing on them because of the way they are configured."

Another VPN provider said the UK government would find it difficult to prevent the use of such workarounds.

"The legislation specifically mentions connection service providers and not just ISPs, and the assumption is that VPNs based in the UK will have to give up their logs under this law," said Caleb Chen, a spokesman for Private Internet Access.

"But as a US-based company, my legal team has advised me that we would not be under any obligation to do so.

"And even if the government were to try to take it a step further and say no UK citizen could use a VPN that was not compliant with the law, those services would still be available."

He added that the widespread use of VPNs by businesses to provide staff with remote access to their email and other work-related files would also make it difficult to restrict the technology's use.

One of the UK's smaller internet providers, Andrews & Arnold, is looking into other ways to help its users circumvent the law.

"Customers can install a Tor browser, which encrypts traffic to one of thousands of different internet connections throughout the world hiding what they are doing," said managing director Adrian Kennard.

"We are also working with a company called Brass Horn, which is planning to sell Tor-only internet access.

"In addition, we may base some of our own services outside the UK to reduce the amount of information that is logged and recorded. One possible place that we might put equipment is Iceland."

A spokeswoman for the Home Office declined to discuss ways it might tackle such efforts.

"The Investigatory Powers Bill provides law enforcement and the security and intelligence agencies with the powers they need to protect the UK and its citizens from terrorists and serious criminals, subject to strict safeguards and world-leading oversight," she said.

"Terrorists and serious criminals will always seek to avoid detection.

"To ensure they do not succeed, we do not comment publicly on the methods or capabilities available to the security and intelligence agencies."

Bron: www.bbc.com

quote:

'Duitse geheime dienst steekt 150 miljoen in kraken chat-apps' | NOS

De Duitse geheime dienst BND wil gaan proberen om de versleuteling van chat-apps zoals WhatsApp te kraken, meldt het politieke blog Netzpolitik op basis van documenten. Hiervoor trekt de dienst de komende jaren 150 miljoen euro uit.

Sinds de onthullingen van Edward Snowden in 2013 is het versleutelen van informatie steeds belangrijker geworden. WhatsApp is het bekendste voorbeeld van een dienst die berichten via end-to-end-encryptie versleutelt. Dat betekent dat niemand kan meekijken, ook het bedrijf zelf niet.

Dat geeft gewone gebruikers een prettig gevoel, maar ook criminelen en terroristen. Inlichtingendiensten zijn daar minder gelukkig mee en zouden het liefst zien dat de versleuteling wordt afgezwakt. WhatsApp wordt wereldwijd door meer dan een miljard mensen gebruikt.

Hoe de Duitse geheime dienst chat-apps zoals WhatsApp maar ook Facebook Messenger en iMessage gaat kraken, is niet duidelijk. Waarschijnlijk zullen er intern technici naar gaan kijken. Het kan ook zijn dat spionnen van de BND bij bedrijven als WhatsApp informatie over de versleuteling proberen te stelen.

Daarnaast kan een deel van het geld worden gebruikt om zogenoemde zero days te kopen. Dit zijn lekken in software die nog niet door de desbetreffende maker zijn opgelost en daardoor kunnen worden misbruikt om de software te hacken.

Er zijn gespecialiseerde bedrijven die hier continu naar zoeken en voor veel geld de informatie verkopen aan bijvoorbeeld een overheid. Naar verluidt is dat de manier geweest waarop de FBI de iPhone 5c van Syed Farook kon kraken, die vorig jaar in San Bernardino 14 mensen doodschoot.

De BND wil niet reageren op de onthullingen. De Duitse hackersconferentie CCC, die volgende maand weer wordt gehouden, noemt de strategie excessief en niet te rechtvaardigen. De socialistische partij Die Linke heeft ook kritisch gereageerd.

Bron: nos.nl

quote:

Edward Snowden backers beam calls for pardon on Washington news museum

Activists display almost 4,000 notes from backers on the side of the Newseum, an institution celebrating free speech near the White House

Edward Snowden has been the subject of several high-profile appeals this year, calling on Barack Obama to pardon the National Security Agency whistleblower and allow him to return home to the US. Writers, intelligence experts, film stars and tech tycoons have all joined the chorus.

Now the most audacious display of support for Snowden is under way. Messages calling for his pardon are being beamed on to the outside wall of the Newseum, the Washington institution devoted to freedom of speech and the press that stands less than two miles from the White House.

The event is a guerrilla action carried out without the knowledge or approval of the Newseum itself, though the organisers of the stunt from the Pardon Snowden campaign are hoping they will be given a sympathetic reception.

“We sincerely hope that the Newseum supports what we are doing as an affirmation of the significance of a free press,” Noa Yachot, the campaign’s director, told the Guardian before the event.

Almost 4,000 messages backing Snowden’s decision to expose mass government surveillance of emails and phone calls have been gathered by the campaign, from across the US and around the world.

The messages include this one, from Casey: “I’m a 69-year-old vet and applaud your guts, we owe you lots and let’s hope you can come home to your family and friends.”

And this, from Tess: “Ed, I’m on your side. You’re a hero and an example of what it means to be an American. Thank you for making such an incredible sacrifice in order that we might move a bit more toward the truth.”

Frank offers: “True patriotism: speaking up when your government loses its moral compass.”

The messages are being projected onto the 74ft-high marble tablet that is attached to the facade of the Newseum and which has the words of the first amendment carved into it.

Written in 1791 as part of the bill of rights, it states: “Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.”

Saturday night’s action in Washington comes at a critical time for Snowden, who remains in exile in Russia where he has been granted asylum, having been charged in the US with offences under the Espionage Act.

Obama has less than six weeks left in office, meaning that if he is to use his power to pardon the whistleblower or extend some other form of leniency that would allow him to come home, he has to do so quickly.

Obama’s successor, President-elect Donald Trump, has hinted that he would sooner see Snowden executed than pardoned.

Yachot said the Newseum had been chosen as the location of the guerrilla action as a way of highlighting Snowden’s careful and responsible use of global news organisations as a way of disseminating his leaks.

“Snowden’s work with journalists, including the Guardian, enabled the release of information into the public domain,” she said. “It showed that we need a strong and adversarial media, working with whistleblowers, to inform the public about what the government is doing without anyone’s knowledge.”

Yachot added that though time was running out, history suggested that US presidents often reserved their most contentious pardons until the last minute.

“There are only six weeks left,” she said, “but we know that controversial pardons often come at the end of a president’s term, so we are still hoping.”

quote:

NSA mag 'sleepnet'-data ongefilterd delen met andere diensten VS | NOS

De grote hoeveelheid data die de NSA verzamelt, het zogenoemde sleepnet, komt ongefilterd beschikbaar voor andere Amerikaanse inlichtingendiensten. Dat heeft de regering-Obama in zijn laatste dagen besloten.

Hierdoor krijgen veel meer overheidsdiensten toegang tot privacygevoelige informatie. Het gaat om telefoongesprekken, e-mailberichten en om communicatie via satellieten die over de hele wereld worden verzameld. In het verkeer van buitenlanders mag onbeperkt worden gezocht; voor communicatie van Amerikanen gelden strengere regels.

Tot nu toe filterde de NSA de informatie. Gegevens over onschuldige personen of irrelevante persoonlijke informatie werd daardoor niet doorgestuurd naar andere organisaties. Dat filteren gebeurt voortaan niet meer.

De verandering wordt doorgevoerd uit angst dat de NSA anders bepaalde informatie over het hoofd ziet die voor andere diensten interessant kan zijn, schrijft The New York Times. In totaal kunnen zestien diensten de informatie inzien, bijvoorbeeld de FBI, de CIA, DEA (doet onderzoek naar drugszaken) en Homeland Security.

Om een bepaalde stroom van informatie te mogen inzien, bijvoorbeeld e-mailverkeer, moet een verzoek worden ingediend. Hier is geen bevelschrift voor nodig.

Een dienst moet wel kunnen beargumenteren dat er informatie in zit die relevant kan zijn voor een onderzoek. De NSA weegt vervolgens dat verzoek.

Bron: nos.nl