Category Archives: NSA

How data thieves have captured our lives on the internet

John Naughton writes: [T]he biggest misjudgment of all – the one that legitimised most of the excesses that Snowden has unveiled – was … a political one. It was the decision of the George W Bush administration to declare a “war on terror” in the aftermath of the 9/11 attacks – and the eager adoption by the UK and other allies of the same stance.

As Professor Eben Moglen of Columbia University puts it, the intelligence agencies “presented with a mission by an extraordinarily imprudent national government in the United States, which having failed to prevent a very serious attack on American civilians at home, largely by ignoring warnings, decreed that they were never again to be put in a position where they should have known. This resulted in a military response, which is to get as close to everything as possible. Because if you don’t get as close to everything as possible, how can you say that you knew everything that you should have known?” In a real war, one in which the very survival of a state is threatened by a foreign adversary, almost anything is permissible, including the suspension of civil liberties, the right to privacy and all the other things we liberals hold dear. Between 1939 and 1945, Britain was governed by what was effectively a dictatorship wielding unimaginable powers, including comprehensive censorship, the power to requisition private property on demand, and so on. Citizens might not have liked this regime, but they consented to because they understood the need for it.

The “war” on terror is not a war in this sense. It is a rhetorical device aimed at engineering consent for a particular political strategy. But it was enough to provide legislative cover for the acquisition by the US intelligence-gathering agencies of warlike powers, which included the means of surveilling every citizen on earth who had an internet connection, and every owner of a mobile phone in most countries of the world. The war on terror may have succeeded in turbocharging the surveillance capabilities of the US and its allies, but it has also inflicted significant collateral damage on the foreign policy of the US, threatened its dominance of cloud computing and other markets, undermined its major technology companies, infuriated some of its most important allies and superimposed a huge question-mark on the future of the internet as a global system. The war on terror may have made tactical sense in the traumatic months post-9/11. But as a political decision it has had a catastrophic long-term impact. [Continue reading…]

Facebooktwittermail

No doubt about effectiveness of mass metadata collection, claims federal judge — ignoring evidence to the contrary

Adam Serwer writes: When Judge William H. Pauley ruled that the National Security Agency’s metadata program was lawful on Friday, he argued that there was no significant dispute about “the effectiveness of bulk telephony metadata collection.”

Pauley — who issued his ruling from a courthouse less than two miles from where the twin towers once stood — then offered a series of examples cited by the NSA to bolster their claims that the program is effective, all of which have been “seriously disputed.”

Only four plots among the fifty-four the NSA claims to have helped foil have been made public. Pauley cited three of those four plots in arguing that the metadata program was effective, but journalists and legislators have picked already picked those examples apart. ProPublica published a piece in October by Justin Elliott and Theodoric Meyer noting that in each of the three cases Pauley mentions, there were serious doubts as to whether or not the NSA was exaggerating either the plot itself or the impact of the program.

Pauley cites the case of Najibullah Zazi, who was convicted of a plot to bomb the New York subway in 2009. An Associated Press examination concluded that the NSA had the authority to monitor the email account that lead to Zazi’s capture even without the authority to gather communications records in bulk.

Pauley also cited an effort by a man named Khalid Ouazzani to attack the New York Stock Exchange. But Ouazzani was convicted of funding al Qaeda, and as ProPublica notes neither he nor anyone else was ever actually charged or convicted of a plot to bomb the NYSE.

Pauley also cites the case of David Headley, who was involved in the 2008 terrorist attack in Mumbai and was involved in a plot to attack on a Danish newspaper which had published cartoons depicting the Islamic prophet Mohammed. But according to ProPublica, it was British intelligence, not the NSA’s datagathering, that first brought Headly to U.S. authorities’ attention.

All of this information would have been available to Pauley, because the ProPublica piece disputing the NSA’s claims was cited as a footnote in the prior ruling by Judge Richard Leon that found the NSA’s data gathering program unconstitutional. Pauley refers to Leon’s ruling multiple times in his own, indicating that he read it. [Continue reading…]

Facebooktwittermail

The Snowden saga heralds a radical shift in capitalism

Evgeny Morozov writes: Following his revelations this year about Washington’s spying excesses, Edward Snowden now faces a growing wave of surveillance fatigue among the public – and the reason is that the National Security Agency contractor turned whistleblower has revealed too many uncomfortable truths about how today’s world works.

Technical infrastructure and geopolitical power; rampant consumerism and ubiquitous surveillance; the lofty rhetoric of “internet freedom” and the sober reality of the ever-increasing internet control – all these are interconnected in ways most of us would rather not acknowledge or think about. Instead, we have focused on just one element in this long chain – state spying – but have mostly ignored all others.

But the spying debate has quickly turned narrow and unbearably technical; issues such as the soundness of US foreign policy, the ambivalent future of digital capitalism, the relocation of power from Washington and Brussels to Silicon Valley have not received due attention. But it is not just the NSA that is broken: the way we do – and pay for – our communicating today is broken as well. And it is broken for political and economic reasons, not just legal and technological ones: too many governments, strapped for cash and low on infrastructural imagination, have surrendered their communications networks to technology companies a tad too soon.

Mr Snowden created an opening for a much-needed global debate that could have highlighted many of these issues. Alas, it has never arrived. The revelations of the US’s surveillance addiction were met with a rather lacklustre, one-dimensional response. Much of this overheated rhetoric – tinged with anti-Americanism and channelled into unproductive forms of reform – has been useless. Many foreign leaders still cling to the fantasy that, if only the US would promise them a no-spy agreement, or at least stop monitoring their gadgets, the perversions revealed by Mr Snowden would disappear. [Continue reading…]

Facebooktwittermail

Edward Snowden is wrong: His mission has not been accomplished

Andrea Peterson writes: “For me, in terms of personal satisfaction, the mission’s already accomplished,” former NSA contractor Edward Snowden told my Washington Post colleague Barton Gellman in Moscow this month. Snowden went on to explain that he had “already won” because the journalists working from the documents he secreted away from the NSA are giving the public a chance to weigh in on surveillance policies.

But while it’s not quite flight-suit level deception, calling the current state of affairs mission accomplished is a significant change in the scope of Snowden’s ambitions compared to when he first stepped forward as the source of the NSA documents. In a video interview with the Guardian released shortly after he stepped out of the shadows, he espoused many of the same hopes about the public having input on the secret machinations of intelligence agencies. But he also gave a much more lofty goal: substantive policy change.

The greatest fear that I have regarding the outcome for America of these disclosures is that nothing will change. People will see in the media all of these disclosures. They’ll know the lengths that the government is going to grant themselves powers unilaterally to create greater control over American society and global society. But they won’t be willing to take the risks necessary to stand up and fight to change things to force their representatives to actually take a stand in their interests.

And the months ahead, the years ahead it’s only going to get worse until eventually there will be a time where policies will change because the only thing that restricts the activities of the surveillance state are policy.

So far, Snowden’s “greatest fear” has come true. Public opinion over his disclosures has been divided and no significant policy changes to NSA surveillance have emerged. And the administration is standing by the status quo despite the lack of evidence that it has been effective at its stated goal of halting terrorist attacks. [Continue reading…]

As I have written previously, one of the easiest ways of measuring how effective exposure of NSA operations has been will be in terms of its budget and its size. My expectation is that by those two counts the NSA will continue to grow. Indeed, the agency will argue to Congress that this growth is necessitated by the leaks.

Facebooktwittermail

UN’s Navi Pillay compares uproar over mass surveillance to fight against apartheid

The Guardian reports: The UN human rights chief, Navi Pillay, has compared the uproar in the international community caused by revelations of mass surveillance with the collective response that helped bring down the apartheid regime in South Africa.

Pillay, the first non-white woman to serve as a high-court judge in South Africa, made the comments in an interview with Sir Tim Berners-Lee on a special edition of BBC Radio 4’s Today programme, which the inventor of the world wide web was guest editing.

Pillay has been asked by the UN to prepare a report on protection of the right to privacy, in the wake of the former National Security Agency analyst Edward Snowden leaking classified documents about UK and US spying and the collection of personal data.

The former international criminal court judge said her encounters with serious human rights abuses, which included serving on the Rwanda tribunal, did not make her take online privacy less seriously. “I don’t grade human rights,” she said. “I feel I have to look after and promote the rights of all persons. I’m not put off by the lifetime experience of violations I have seen.”

She said apartheid ended in South Africa principally because the international community co-operated to denounce it, adding: “Combined and collective action by everybody can end serious violations of human rights … That experience inspires me to go on and address the issue of internet [privacy], which right now is extremely troubling because the revelations of surveillance have implications for human rights … People are really afraid that all their personal details are being used in violation of traditional national protections.” [Continue reading…]

Facebooktwittermail

Outsourcing mass surveillance

The Washington Post reports: A measure that President Obama is considering as a way to curb the National Security Agency’s mass storage of phone data is already facing resistance — not only from the intelligence community but also from privacy advocates, the phone industry and some lawmakers.

Obama last week suggested that he was open to the idea of requiring phone companies to store the records and allowing the government to search them under strict guidelines. Currently, the agency stores those records itself, part of a sprawling collection program that came to light through documents shared by former NSA contractor Edward Snowden.

But now, industry officials, privacy advocates and congressional officials are expressing resistance to any alternatives that involve mandating phone companies to hold the data for longer periods. And other possible scenarios, including having a private third party store the records, also raise concerns, they say.

Civil libertarians consider mandated phone-company or third-party storage an unacceptable “proxy” for the NSA’s holding of the database. Last Thursday, a group of privacy advocates met with White House officials and urged them not to seek legislation to mandate data retention, among other things. [Continue reading…]

Facebooktwittermail

The War on Terror’s Jedi mind trick

Julian Sanchez writes: A Republican-appointed judge and President Obama’s own handpicked Surveillance Review Group both came to the same conclusion last week: The National Security Agency’s controversial phone-records program has been of little real value to American security. Yet its defenders continue to insist that it is necessary, clinging desperately to long-debunked claims about foiled terror plots. Their stubbornness fits a decade-long pattern of fear trumping evidence whenever the word “terrorism” is uttered — a pattern it is time to finally break.

Since the disclosure of the NSA’s massive domestic phone-records database, authorized under a tortured reading of the Patriot Act’s Section 215 authority to obtain business records, intelligence officials and their allies in Congress have claimed it plays a vital role in protecting Americans from “dozens” of terror attacks. But as the expert panel Obama appointed to review the classified facts concluded, in a report released Wednesday, that just isn’t true.

“Our review suggests that the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks,” the report found, “and could readily have been obtained in a timely manner using conventional section 215 orders.”

In other words, instead of vacuuming up sensitive information about the call patterns of millions of innocent people, the government could have followed the traditional approach of getting orders for specific suspicious numbers. As for those “dozens” of attacks, the review groups found that the NSA program “generated relevant information in only a small number of cases, and there has been no instance in which NSA could say with confidence that the outcome would have been different without the section 215 telephony meta-data program.” [Continue reading…]

Facebooktwittermail

Snowden’s mission ‘already accomplished’

In the first in-person interview Edward Snowden has conducted since his arrival in Moscow in June, Barton Gellman reports:

“For me, in terms of personal satisfaction, the mission’s already accomplished,” he said. “I already won. As soon as the journalists were able to work, everything that I had been trying to do was validated. Because, remember, I didn’t want to change society. I wanted to give society a chance to determine if it should change itself.”

“All I wanted was for the public to be able to have a say in how they are governed,” he said. “That is a milestone we left a long time ago. Right now, all we are looking at are stretch goals.”

Snowden is an orderly thinker, with an engineer’s approach to problem-solving. He had come to believe that a dangerous machine of mass surveillance was growing unchecked. Closed-door oversight by Congress and the Foreign Intelligence Surveillance Court was a “graveyard of judgment,” he said, manipulated by the agency it was supposed to keep in check. Classification rules erected walls to prevent public debate.

Toppling those walls would be a spectacular act of transgression against the norms that prevailed inside them. Someone would have to bypass security, extract the secrets, make undetected contact with journalists and provide them with enough proof to tell the stories.

The NSA’s business is “information dominance,” the use of other people’s secrets to shape events. At 29, Snowden upended the agency on its own turf.

“You recognize that you’re going in blind, that there’s no model,” Snowden said, acknowledging that he had no way to know whether the public would share his views.

“But when you weigh that against the alternative, which is not to act,” he said, “you realize that some analysis is better than no analysis. Because even if your analysis proves to be wrong, the marketplace of ideas will bear that out. If you look at it from an engineering perspective, an iterative perspective, it’s clear that you have to try something rather than do nothing.”

By his own terms, Snowden succeeded beyond plausible ambition. The NSA, accustomed to watching without being watched, faces scrutiny it has not endured since the 1970s, or perhaps ever.

Facebooktwittermail

How the NSA became an advanced persistent threat to global cybersecurity

In the first in-person interview Edward Snowden has conducted since his arrival in Moscow in June, Barton Gellman reports:

The documents leaked by Snowden compelled attention because they revealed to Americans a history they did not know they had.

Internal briefing documents reveled in the “Golden Age of Electronic Surveillance.” Brawny cover names such as MUSCULAR, TUMULT and TURMOIL boasted of the agency’s prowess.

With assistance from private communications firms, the NSA had learned to capture enormous flows of data at the speed of light from fiber-optic cables that carried Internet and telephone traffic over continents and under seas. According to one document in Snowden’s cache, the agency’s Special Source Operations group, which as early as 2006 was said to be ingesting “one Library of Congress every 14.4 seconds,” had an official seal that might have been parody: an eagle with all the world’s cables in its grasp.

Each year, NSA systems collected hundreds of millions of e-mail address books, hundreds of billions of cellphone location records and trillions of domestic call logs.

Most of that data, by definition and intent, belonged to ordinary people suspected of nothing. But vast new storage capacity and processing tools enabled the NSA to use the information to map human relationships on a planetary scale. Only this way, its leadership believed, could the NSA reach beyond its universe of known intelligence targets.

In the view of the NSA, signals intelligence, or electronic eavesdropping, was a matter of life and death, “without which America would cease to exist as we know it,” according to an internal presentation in the first week of October 2001 as the agency ramped up its response to the al-Qaeda attacks on the World Trade Center and the Pentagon.

With stakes such as those, there was no capability the NSA believed it should leave on the table. The agency followed orders from President George W. Bush to begin domestic collection without authority from Congress and the courts. When the NSA won those authorities later, some of them under secret interpretations of laws passed by Congress between 2007 and 2012, the Obama administration went further still.

Using PRISM, the cover name for collection of user data from Google, Yahoo, Microsoft, Apple and five other U.S.-based companies, the NSA could obtain all communications to or from any specified target. The companies had no choice but to comply with the government’s request for data.

But the NSA could not use PRISM, which was overseen once a year by the surveillance court, for the collection of virtually all data handled by those companies. To widen its access, it teamed up with its British counterpart, Government Communications Headquarters, or GCHQ, to break into the private fiber-optic links that connected Google and Yahoo data centers around the world.

That operation, which used the cover name MUSCULAR, tapped into U.S. company data from outside U.S. territory. The NSA, therefore, believed it did not need permission from Congress or judicial oversight. Data from hundreds of millions of U.S. accounts flowed over those Google and Yahoo links, but classified rules allowed the NSA to presume that data ingested overseas belonged to foreigners.

Disclosure of the MUSCULAR project enraged and galvanized U.S. technology executives. They believed the NSA had lawful access to their front doors — and had broken down the back doors anyway.

Microsoft general counsel Brad Smith took to his company’s blog and called the NSA an “advanced persistent threat” — the worst of all fighting words in U.S. cybersecurity circles, generally reserved for Chinese state-sponsored hackers and sophisticated criminal enterprises.

Facebooktwittermail

The NSA has assumed the expansive powers of colonial Britain against which Americans fought

In the first in-person interview Edward Snowden has conducted since his arrival in Moscow in June, Barton Gellman reports:

Snowden likened the NSA’s powers to those used by British authorities in Colonial America, when “general warrants” allowed for anyone to be searched. The FISA court, Snowden said, “is authorizing general warrants for the entire country’s metadata.”

“The last time that happened, we fought a war over it,” he said.

Technology, of course, has enabled a great deal of consumer surveillance by private companies, as well. The difference with the NSA’s possession of the data, Snowden said, is that government has the power to take away life or freedom.

At the NSA, he said, “there are people in the office who joke about, ‘We put warheads on foreheads.’ Twitter doesn’t put warheads on foreheads.”

Privacy, as Snowden sees it, is a universal right, applicable to American and foreign surveillance alike.

“I don’t care whether you’re the pope or Osama bin Laden,” he said. “As long as there’s an individualized, articulable, probable cause for targeting these people as legitimate foreign intelligence, that’s fine. I don’t think it’s imposing a ridiculous burden by asking for probable cause. Because, you have to understand, when you have access to the tools the NSA does, probable cause falls out of trees.”

Facebooktwittermail

Snowden took on a responsibility that others refused to exercise

In the first in-person interview Edward Snowden has conducted since his arrival in Moscow in June, Barton Gellman reports:

It is commonly said of Snowden that he broke an oath of secrecy, a turn of phrase that captures a sense of betrayal. NSA Director Keith B. Alexander and Director of National Intelligence James R. Clapper Jr., among many others, have used that formula.

In his interview with The Post, Snowden noted matter-of-factly that Standard Form 312, the ­classified-information nondisclosure agreement, is a civil contract. He signed it, but he pledged his fealty elsewhere.

“The oath of allegiance is not an oath of secrecy,” he said. “That is an oath to the Constitution. That is the oath that I kept that Keith Alexander and James Clapper did not.”

People who accuse him of disloyalty, he said, mistake his purpose.

“I am not trying to bring down the NSA, I am working to improve the NSA,” he said. “I am still working for the NSA right now. They are the only ones who don’t realize it.”

What entitled Snowden, now 30, to take on that responsibility?

“That whole question — who elected you? — inverts the model,” he said. “They elected me. The overseers.”

He named the chairmen of the Senate and House intelligence committees.

“Dianne Feinstein elected me when she asked softball questions” in committee hearings, he said. “Mike Rogers elected me when he kept these programs hidden. . . . The FISA court elected me when they decided to legislate from the bench on things that were far beyond the mandate of what that court was ever intended to do. The system failed comprehensively, and each level of oversight, each level of responsibility that should have addressed this, abdicated their responsibility.”

“It wasn’t that they put it on me as an individual — that I’m uniquely qualified, an angel descending from the heavens — as that they put it on someone, somewhere,” he said. “You have the capability, and you realize every other [person] sitting around the table has the same capability but they don’t do it. So somebody has to be the first.”

Facebooktwittermail

Snowden blew the whistle from the inside before he went public

In the first in-person interview Edward Snowden has conducted since his arrival in Moscow in June, Barton Gellman reports:

Beginning in October 2012, he said, he brought his misgivings to two superiors in the NSA’s Technology Directorate and two more in the NSA Threat Operations Center’s regional base in Hawaii. For each of them, and 15 other co-workers, Snowden said he opened a data query tool called BOUNDLESSINFORMANT, which used color-coded “heat maps” to depict the volume of data ingested by NSA taps.

His colleagues were often “astonished to learn we are collecting more in the United States on Americans than we are on Russians in Russia,” he said. Many of them were troubled, he said, and several said they did not want to know any more.

“I asked these people, ‘What do you think the public would do if this was on the front page?’ ” he said. He noted that critics have accused him of bypassing internal channels of dissent. “How is that not reporting it? How is that not raising it?” he said.

Facebooktwittermail

Snowden alerted his superiors about serious flaws with NSA information security

In the first in-person interview Edward Snowden has conducted since his arrival in Moscow in June, Barton Gellman reports:

Snowden recounted another set of conversations that he said took place three years earlier, when he was sent by the NSA’s Technology Directorate to support operations at a listening post in Japan. As a system administrator, he had full access to security and auditing controls. He said he saw serious flaws with information security.

“I actually recommended they move to two-man control for administrative access back in 2009,” he said, first to his supervisor in Japan and then to the directorate’s chief of operations in the Pacific. “Sure, a whistleblower could use these things, but so could a spy.”

That precaution, which requires a second set of credentials to perform risky operations such as copying files onto a removable drive, has been among the principal security responses to the Snowden affair.

Facebooktwittermail

When ‘60 Minutes’ checks its journalistic skepticism at the door

David Carr writes: Last week, a study commissioned by the president concluded that the National Security Agency had reached too far into the private lives of Americans. The study, which came after a series of journalistic revelations exposing the agency’s surveillance practices, recommended numerous reforms that would curb the N.S.A.’s prerogatives. President Obama said he was “open to many” of the suggestions.

It was exactly the kind of news-making moment that “60 Minutes” — America’s leading purveyor of serious television news — has often been responsible for creating. For more than four decades, the program has exposed C.I.A. abuses, rogue military contractors and hundreds of corporate villains.

But where was “60 Minutes” on the N.S.A. story? The Sunday before the damning study, the program produced a segment that scanned as a friendly infomercial for the agency. Reported by John Miller, a CBS News reporter, the piece included extensive interviews with Gen. Keith Alexander, the director of the N.S.A.

In a scene that served as something of a metaphor for the whole segment, the producers negotiated access to the Black Chamber, a supersecret area where the nation’s top code breakers work. The door is briefly opened, we see a deserted office hall that looks like any other and then the door is closed. We get a look in, but we learn nothing.

Coming as it does on the heels of the now-discredited Benghazi report — in which “60 Minutes” said it was fooled by an eyewitness who was apparently nothing of the kind — the N.S.A. segment raises the question of whether the program has not just temporarily lost its mojo, but its skepticism as well. It didn’t help that the day after the piece aired, a federal judge ruled that the agency’s program of collecting phone records was most likely unconstitutional. [Continue reading…]

Facebooktwittermail

A spy world reshaped by Edward Snowden

The Los Angeles Times reports: After news reports that the National Security Agency had secretly monitored German Chancellor Angela Merkel’s cellphone calls, America’s top intelligence official was asked why congressional oversight committees were kept in the dark.

Shouldn’t Congress have been briefed, Rep. Adam B. Schiff (D-Burbank) asked James R. Clapper, the director of national intelligence, about a spying operation that would embarrass the U.S. government if exposed?

“Well, sir, there are many things we do in intelligence that, if revealed, would have the potential for all kinds of blowback,” Clapper replied at a House Intelligence Committee hearing in October. “The conduct of intelligence is premised on the notion that we can do it secretly, and we don’t count on it being revealed in the newspaper.”

Not these days. [Continue reading…]

Facebooktwittermail

RSA denies taking $10m from NSA to default backdoored algorithm

ZDNet reports: EMC-owned RSA Security has denied reports that the company had entered into secret contracts with the NSA worth $10 million to use the flaws Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) as the default pseudorandom number generator for the company’s encryptions products.

Over the weekend, sources told Reuters that as part of the US National Security Agency’s (NSA) efforts to promote Dual_EC_DRBG, the use of the algorithm by RSA allowed the agency to point to its usage within government to help push for its inclusion in the National Institute of Standards and Technology’s Recommendation for Random Number Generation Using Deterministic Random Bit Generators (PDF).

“Recent press coverage has asserted that RSA entered into a ‘secret contract’ with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation,” RSA responded today in a blog post.

Facebooktwittermail

Americans uneasy about surveillance but often use snooping tools

The Washington Post reports: Julie Beliveau’s 16-year-old daughter, a new driver, was heading from her home in Ashburn toward a job interview the other night when she found herself in Leesburg — the wrong direction entirely. Upset and fearing that she’d blow the interview, she called her mother, who instantly launched her tracking program.

“I just opened my phone, and I could see where she was,” Beliveau said. Mother guided daughter to the interview, where she got the job. Score one for surveillance.

Yet Beliveau says she would never use the program just casually to check her daughter’s whereabouts. “That’s going over the line,” she said.

Amid this year’s revelations about the federal government’s vast apparatus for tracking the movements and communications of people worldwide, Americans are uneasy with the extent of surveillance yet often use snooping tools in their own lives, a Washington Post poll has found.

The sweet spot between liberty and security has been hard to pinpoint ever since the Sept. 11, 2001, attacks on New York and Washington. Remarkable advances in information technology have enabled counterterrorism tactics far more sweeping and intrusive — and powerful — than the United States had ever deployed. At the same time, the relationship between consumers and businesses was elementally altered as mobile phones, GPS, Google and Facebook gave corporations a new capacity to track their customers’ behavior. [Continue reading…]

Facebooktwittermail