The Guardian reports: Two US senators on the intelligence committee said on Friday that thousands of annual violations by the National Security Agency on its own restrictions were “the tip of the iceberg.”

“The executive branch has now confirmed that the rules, regulations and court-imposed standards for protecting the privacy of Americans’ have been violated thousands of times each year,” said senators Ron Wyden and Mark Udall, two leading critics of bulk surveillance, who responded Friday to a Washington Post story based on documents provided by whistleblower Edward Snowden.

“We have previously said that the violations of these laws and rules were more serious than had been acknowledged, and we believe Americans should know that this confirmation is just the tip of a larger iceberg.”

On July 31, Wyden, backed by Udall, vaguely warned other senators in a floor speech that the NSA and the director of national intelligence were substantively misleading legislators by describing improperly collected data as a matter of innocent and anodyne human or technical errors. [Continue reading…]

Electronic Frontier Foundation: With each recent revelation about the NSA’s spying programs government officials have tried to reassure the American people that all three branches of government—the Executive branch, the Judiciary branch, and the Congress—knowingly approved these programs and exercised rigorous oversight over them. President Obama recited this talking point just last week, saying: “as President, I’ve taken steps to make sure they have strong oversight by all three branches of government and clear safeguards to prevent abuse and protect the rights of the American people.” With these three pillars of oversight in place, the argument goes, how could the activities possibly be illegal or invasive of our privacy?

Today, the Washington Post confirmed that two of those oversight pillars—the Executive branch and the court overseeing the spying, the Foreign Intelligence Surveillance Court (FISA court)—don’t really exist. The third pillar came down slowly over the last few weeks, with Congressional revelations about the limitations on its oversight, including what Representative Sensennbrenner called “rope a dope” classified briefings. With this, the house of government trust has fallen, and it’s time to act. Join the over 500,000 people demanding an end to the unconstitutional NSA spying. [Continue reading…]

Shane Harris writes: The data divers at the Defense Department know better than most how to track down someone just by looking at his phone records. Now they want to know if America’s enemies could cause a fiscal meltdown or a massive cyber attack by combing through Netflix queues, Uber accounts, and Twitter feeds.

The doomsday thinkers over at DARPA are looking for researchers to “investigate the national security threat posed by public data available either for purchase or through open sources.” The question is, could a determined data miner use only publicly available information — culled from Web pages and social media or from a consumer data broker — to cause “nation-state type effects.” Forget identify theft. DARPA appears to be talking about outing undercover intelligence officers; revealing military war plans; giving hackers a playbook for taking down a bank; or creating maps of sensitive government facilities.

The irony is delicious. At the time government officials are assuring Americans they have nothing to fear from the National Security Agency poring through their personal records, the military is worried that Russia or al Qaeda is going to wreak nationwide havoc after combing through people’s personal records. [Continue reading…]

The lead in the Washington Post’s latest revelations on the NSA says: “The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.”

If that’s the heart of the story, they left out one crucial detail: the audit only covers the NSA’s activities in the Washington DC area! A few thousand “incidents” of the NSA spying on Americans in the nation’s capital may mean hundreds of thousands of such “incidents” across the country.

In June, NSA director Keith Alexander said that the agency had determined which files Snowden took. It follows therefore, that administration officials would not subsequently make statements which could later be falsified by information yet to be leaked — unless of course Alexander’s claim turned out to be bogus.

Government officials spend half their lives coming up with variations on these two assertions: we know what’s going on, and, we’ve got everything under control. Most of the time, neither of those claims are true.

In a series of posts, TechDirt digs into the Post’s report and accompanying documents.

Mike Masnick: Throughout the whole ordeal with the NSA leaks, the one line that we kept hearing from defenders of the program was that not only were these programs legal, no one had showed any abuse by the NSA. That is, even if this program was collecting data on everyone, the NSA had those important tools in place to block it from being abused. At last week’s press conference, this was a key point made by President Obama. NSA boss Keith Alexander insisted that there was no abuse, while Rep. Mike Rogers, the NSA’s prime defender and head of the House Intelligence Committee, similarly insisted that there was no abuse by the NSA. As we noted, that seemed hard to believe, given past revelations of clear abuse.

And… the latest report from the Washington Post based on leaked documents shows that an audit of the NSA’s activities shows it broke privacy rules, mostly to spy on Americans, thousands of times per year:

The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.

Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by law and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. e-mails and telephone calls.

The audit info comes from Ed Snowden’s leaks, so it seems rather incredible that President Obama, Keith Alexander and Mike Rogers didn’t seem to realize that this audit would eventually come to light, showing that they were flat out 100% lying to the American public.

The NSA audit obtained by The Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications. Most were unintended. Many involved failures of due diligence or violations of standard operating procedure. The most serious incidents included a violation of a court order and unauthorized use of data about more than 3,000 Americans and green-card holders.

The NSA’s response to all of this is almost comical:

“We’re a human-run agency operating in a complex environment with a number of different regulatory regimes, so at times we find ourselves on the wrong side of the line,” a senior NSA official said in an interview, speaking with White House permission on the condition of anonymity.

Well, of course! That’s the point that we’ve made over and over and over again here in response to these claims of “no abuse.” The NSA is made up of humans. And when you give humans the power to spy on just about anyone there will always be some abuse. This is why it’s important to limit the collection of information, not promise to stop the abuses. You need to make such abuses much more difficult in the first place. [Continue reading…]

Mike Masnick: It’s already been shown that the Congressional oversight is a joke, because of obstruction by the Intelligence Committee. And now we know that the “oversight” from the courts was similarly a joke. The chief judge of FISC, Reggie Walton, who has reacted angrily in the past to the claims of FISC being a “rubber stamp”, has now admitted that the FISC really can’t check on what the NSA is doing and relies on what they tell him to make sure that they’re not breaking the law.

“The FISC is forced to rely upon the accuracy of the information that is provided to the Court,” its chief, U.S. District Judge Reggie Walton, said in a written statement to The Washington Post. “The FISC does not have the capacity to investigate issues of noncompliance, and in that respect the FISC is in the same position as any other court when it comes to enforcing [government] compliance with its orders.”

That’s not quite true. You see, with “any other court” when it comes to “enforcing compliance” things aren’t all hidden away from everyone, so there is scrutiny to make sure that there’s compliance. Not here. [Continue reading…]

Mike Masnick: Gellman reveals an a somewhat wacky presentation slide, complete with a palm tree graphic and with the somewhat folksy title:

Lesson 4: So you got a U.S. Person Information?

And then explains what to do about it. They’re pretty clear that if you’re directly targeting a US person that’s a problem (and it is, because that’s illegal). If it’s considered “inadvertent” then you also have to stop, write up an incident report and notify people. That sounds reasonable. But… then there’s the “incidental” section. Here, incidental is described as:

You targeted a legitimate foreign entity and acquired information/communications to/from/about a U.S. Person in your results.

That doesn’t seem particularly “incidental” to me. But, here’s the kicker. While with all the other forms of collection the NSA is told to stop, when it’s “incidental” they’re told:

This does not constitute a USSID SP008 violation, so it does not have to be reported in the IG quarterly.

Note that the IG report is the one that was revealed, listing all of the abuses. Yet, here they seem to be indicating that these “incidental” collections of information (and note that it’s not just “metadata” here, but full “communications” as well) aren’t a real problem. [Continue reading…]

Mike Masnick: One of the documents released with the report, via Ed Snowden, shows that NSA agents were directly told to give their overseers as little information as possible. The document explains to agents the process for justifying why they were requesting targeting (i.e., a more detailed look concerning an individual or group — not just at that person’s communications, but potentially anyone even remotely connected to them), and makes it clear that they are to give the bare minimum necessary to fulfill their reporting requirements, but not even the slightest bit beyond that. In fact, they’re told to give a single short sentence, and to make sure it includes no “extraneous information.”

The basic premise of this process is to memorialize why you the analyst have requested targeting. This rationale will be provided to our external FISA Amendment Act (FAA) overseers, the Department of Justice and Office of the Director of National Intelligence, for all FAA targeting.

While we do want to provide our FAA overseers with the information they need, we DO NOT want to give them any extraneous information…. This rationale can be no longer than one short sentence.

[….] Your rationale MUST NOT contain any additional information including: probable cause-like information (i.e., proof of your analytic judgment), how you came to your analytic conclusions, any RAGTIME information, classification marking or selector information.

The document goes on to list a variety of “example” rationale sentences, all pretty short and sweet, which basically demonstrate to NSA agents how to remove any pertinent information for oversight, while still giving a “reason” for targeting someone. It’s a lesson in stripping out information and, as the Washington Post notes, replacing it with “generic” info that will pass muster with the folks supposedly in charge of oversight. As an aside, while parts of them are redacted, there are a few “fake” names given, including “Mohammad Badguy” and “Muhammad Fake Name.” No profiling there. [Continue reading…]

The Huffington Post reports: National Security Agency whistleblower Edward Snowden wants to set the record straight after individuals associated with his father have, in his words, “misled” journalists into “printing false claims about my situation.”

In an emailed statement to The Huffington Post, Snowden said that neither his father Lon Snowden, his father’s lawyer Bruce Fein, nor Fein’s wife and spokeswoman Mattie Fein “represent me in any way.”

“None of them have been or are involved in my current situation, and this will not change in the future,” Snowden said of his father and the Feins. “I ask journalists to understand that they do not possess any special knowledge regarding my situation or future plans, and not to exploit the tragic vacuum of my father’s emotional compromise for the sake of tabloid news.”

Mattie Fein told The Wall Street Journal on Thursday that Lon Snowden’s legal team doesn’t trust Guardian columnist Glenn Greenwald, the journalist at the center of the NSA story, or WikiLeaks, the anti-secrecy organization that has advised Snowden in Russia. Fein also claimed Greenwald was trying to shop around an exclusive interview with Snowden for seven figures. Greenwald told the Journal Fein’s claim was “defamatory.”

Snowden said he’d like to correct the record regarding legal advice he’s received.

“I’ve been fortunate to have legal advice from an international team of some of the finest lawyers in the world, and to work with journalists whose integrity and courage are beyond question,” Snowden said. “There is no conflict amongst myself and any of the individuals or organizations with whom I have been involved.”

The American Civil Liberties Union confirmed that the email received by The Huffington Post was from Snowden, who remains a fugitive in Russia after being granted temporary asylum. The Wall Street Journal reported that the ACLU is helping coordinate Snowden’s legal defense in the U.S. [Continue reading…]

Marc Ambinder writes: Want to understand how an organism really works? Take a look at its plumbing. Figure out where the pipes fit together. That’s the approach I take to national security and that’s the spirit behind this look at the structure of one of the most important institutions in U.S. intelligence: the National Security Agency.

Some intelligence organizations, such as the National Reconnaissance Office and the National Geospatial Intelligence Agency, have declassified most of their organizational charts. The NRO develops, launches and controls spy satellites; the NGA analyzes and distribute imagery. For these agencies, the plumbing matters less than what flows through the pipes, which is highly classified.

But the NSA, with its triple mission — break codes, secure data, collect signals intelligence — has not made its structure public. Even by the standards of U.S. intelligence agencies whose existence was declassified much later, the NSA’s organization chart is largely impermeable to outsiders. The best of its chroniclers, like Jeff Richelson, James Bamford, Bill Arkin and Matthew Aid, have managed to collect bits and pieces of open source data, but many senior intelligence officials who don’t work for NSA still have only a vague idea of what signals intelligence collection entails, and even fewer understand the NSA bureaucracy. The map to the NSA’s inner sanctum is generally given only to a select few members of Congress and their staff.

In the interests of transparency and in an effort to establish a basis for continued public exploration of the world of intelligence, I’ve cobbled together a rough and incomplete but still rather comprehensive organizational chart of the agency’s operational, analytical, research and technology directorates. With only a few exceptions, the information does not come from inside sources. It builds on the work of the researchers mentioned above and it represents the culmination of a lot of time spent cross-checking government documents and LinkedIn profiles, job postings and agency announcements. [Continue reading…]

The Guardian reports: The leadership of the House intelligence committee is under growing pressure to explain whether it withheld surveillance information from members of Congress before a key vote to renew the Patriot Act.

A Republican congressman and government ethics watchdogs are demanding that the powerful panel’s chairman, Mike Rogers of Michigan, responds to charges that the panel’s leadership failed to share a document prepared by the justice department and intelligence community.

The document was explicitly created to inform non-committee members about bulk collection of Americans’ phone records ahead of the vote in 2011. Michigan Republican Justin Amash alleged that the committee kept it from non-committee members – the majority of the House.

Now Morgan Griffith, a Republican who represents Virginia’s ninth district, is calling for answers. “I certainly think leadership needs to figure out what’s going on. We’re trying to get information so we can do our jobs as congressmen,” he told the Guardian. “If we’re not able to get that information, it’s inappropriate.”

“Obviously, this is of concern,” he added.

Griffith has been been critical of the committee for blocking attempts by non-members to obtain information about classified programs. On August 4, the Guardian published a series of letters he had written to the committee requesting more details, all of which had gone unanswered.

The accusations broaden the focus of the surveillance controversy from the National Security Agency to one of the congressional committees charged with exercising oversight of it – and the panel’s closeness to the NSA it is supposed to oversee. [Continue reading…]

Bruce Schneier writes: It turns out that the NSA’s domestic and world-wide surveillance apparatus is even more extensive than we thought. Bluntly: The government has commandeered the Internet. Most of the largest Internet companies provide information to the NSA, betraying their users. Some, as we’ve learned, fight and lose. Others cooperate, either out of patriotism or because they believe it’s easier that way.

I have one message to the executives of those companies: fight.

Do you remember those old spy movies, when the higher ups in government decide that the mission is more important than the spy’s life? It’s going to be the same way with you. You might think that your friendly relationship with the government means that they’re going to protect you, but they won’t. The NSA doesn’t care about you or your customers, and will burn you the moment it’s convenient to do so.

We’re already starting to see that. Google, Yahoo, Microsoft and others are pleading with the government to allow them to explain details of what information they provided in response to National Security Letters and other government demands. They’ve lost the trust of their customers, and explaining what they do — and don’t do — is how to get it back. The government has refused; they don’t care. [Continue reading…]

Jennifer Hoelzer writes: Tim Cushing made one of my favorite points of [last] week in his Tuesday post “Former NSA boss calls Snowden’s supporters internet shut-ins; equates transparency activists with al-Qaida“, when he explained that “some of the most ardent defenders of our nation’s surveillance programs” – much like proponents of overreaching cyber-legislation, like Sopa – have a habit of “belittling” their opponents as a loose confederation of basement-dwelling loners. I think it’s worth pointing out that General Hayden’s actual rhetoric is even more inflammatory than Cushing’s. Not only did the former NSA director call us “nihilists, anarchists, activists, Lulzsec, Anonymous, twentysomethings who haven’t talked to the opposite sex in five or six years”, he equates transparency groups like the ACLU with al-Qaida.

I appreciated this post for two reasons.

First of all, it does a great job of illustrating a point that I’ve long made when asked for advice on communicating tech issues, which is that the online community is as diverse and varied as the larger world we live in. Of course, we are more likely to come across the marginal opinions of twentysomethings with social anxiety online because, unlike the larger world, the internet gives those twentysomethings just as much of an opportunity to be heard as a Harvard scholar, a dissident protesting for democracy or General Hayden himself.

Sure, it can be infuriating to read scathingly hostile comments written by troubled individuals who clearly didn’t take the time to read the post you spent countless hours carefully writing (not that that has ever happened to me), but isn’t one of the things that makes the internet so darn special its unwavering reminder that free speech includes speech we don’t appreciate? Of course, that’s a point that tends to get lost on folks – like General Hayden – who don’t seem to understand that equating the entirety of the online world with terrorists is a lot like posting a scathing comment to a story without reading it. You can’t expect someone to treat you or your opinion with respect – online or anywhere else – when you’re being disrespectful. And I can imagine no greater disrespect for the concepts of transparency and oversight than to equate them with the threats posed by terrorist groups like al-Qaida. [Continue reading…]

Eugene Robinson writes: President Obama’s message about the government’s massive electronic surveillance programs came through loud and clear: Get over it.

The president used more soothing words in his pre-vacation news conference Friday, but that was the gist. With perhaps the application of a fig leaf here and a sheen of legalistic mumbo jumbo there, the snooping will continue.

Unless, of course, we demand that it end.

The modest reforms Obama proposed do not begin to address the fundamental question of whether we want the National Security Agency to log all of our phone calls and read at least some of our e-mails, relying on secret judicial orders from a secret court for permission. The president indicated he is willing to discuss how all this is done — but not whether.

“It’s not enough for me, as president, to have confidence in these programs. The American people need to have confidence in them as well,” Obama said. But if this is truly what he believes, he should have kicked off this confidence-building debate years ago, long before former intelligence analyst Edward Snowden blew the whistle.

Snowden’s disclosures do look increasingly like whistle-blowing, by the way, rather than espionage or treason. If administration officials really welcome the discussion we are now having, shouldn’t they thank Snowden rather than label him an enemy of the state? [Continue reading…]

Jeff Jarvis writes: Fear not, says the NSA, we “touch” only 1.6% of daily internet traffic. If, as they say, the net carries 1,826 petabytes of information per day, then the NSA “touches” about 29 petabytes a day. They don’t say what “touch” means. Ingest? Store? Analyze?

For context, Google in 2010 said it had indexed only 0.004% of the data on the net. So, by inference from the percentages, does that mean that the NSA is equal to 400 Googles?

Seven petabytes of photos are added to Facebook each month. That’s .23 petabytes per day. So that means the NSA is 126 Facebooks. [Continue reading…]

The Washington Post reports: Glenn Greenwald, one of two reporters to disclose the existence of a massive National Security Agency surveillance program, has held preliminary talks with American TV networks to conduct an interview with his chief source, fugitive leaker Edward Snowden.

Greenwald said Monday night that he decided not to do the interview, despite discussing a licensing fee of up to $50,000 for landing an interview with Snowden.

An interview with Snowden would be a major coup for any news outlet, but few journalists have access to the 30-year-old former government contractor, who fled the United States and has been granted asylum in Russia.

Greenwald, who works for the Guardian newspaper, is one of the few journalists who conceivably could land such an interview. Snowden contacted him anonymously earlier this year, and they built a relationship that led him to disclose details of the NSA’s massive and secret data-collection program known as PRISM.

Snowden also contacted Barton Gellman, who reported on the PRISM program for The Washington Post. Gellman’s Post story was published a few minutes before Greenwald and the Guardian released their own.

Greenwald said via e-mail that he spoke with NBC, and “very preliminarily” with ABC, about a Snowden interview.

He wrote: “The reason we didn’t do it is three-fold: 1) I don’t want to distract attention away from NSA spying and the substance of the disclosures by re-focusing attention on Snowden; 2) Snowden agreed with my suggestion that doing an interview at this time was not productive for the same reason: he wants media attention on NSA spying, not on himself; and 3) I saw no real value in the interview — it would be used just as crass entertainment — and so didn’t want to be involved right now.” [Continue reading…]

TechDirt: Well, this is rather incredible. Remember on Friday how one of President Obama’s efforts to get people to trust the government more concerning the NSA’s surveillance efforts was to create an “outside” and “independent” board to review it all? Specifically, he said:

Fourth, we’re forming a high-level group of outside experts to review our entire intelligence and communications technologies. We need new thinking for a new era. We now have to unravel terrorist plots by finding a needle in the haystack of global telecommunications. And meanwhile, technology has given governments — including our own — unprecedented capability to monitor communications.

So I am tasking this independent group to step back and review our capabilities — particularly our surveillance technologies. And they’ll consider how we can maintain the trust of the people, how we can make sure that there absolutely is no abuse in terms of how these surveillance technologies are used, ask how surveillance impacts our foreign policy — particularly in an age when more and more information is becoming public. And they will provide an interim report in 60 days and a final report by the end of this year, so that we can move forward with a better understanding of how these programs impact our security, our privacy, and our foreign policy.

Okay. Outside, independent. Sure, that might help. Except, that was Friday. Today is Monday. And, on Monday we learn that “outside” and “independent” actually means setup by Director of National Intelligence, James Clapper — the same guy who has already admitted to lying to Congress about the program, and has received no punishment for doing so. This is independent? From this we’re supposed to expect real oversight?!? [Continue reading…]

Under the headline, “Obama Plan to Revamp NSA Faces Obstacles,” the Wall Street Journal reports: Obama faces pushback from civil-liberties advocates who say his proposals don’t go far enough. Sen. Ron Wyden (D., Ore.) said he welcomed the proposals but would fight to have them “strengthened” so that, among other things, the phone-data collection program is ended.

One question is how strongly Mr. Obama will fight for his plan. He devised it while under growing pressure from some Democrats and foreign allies after former NSA contractor Edward Snowden leaked information about NSA surveillance.

Mr. Obama said his chief goal was to gain public trust in the NSA programs and engage in a national debate about surveillance. But he also has said he was comfortable with the current programs. So he could say he spurred a debate and tried to address privacy concerns even if no changes result.

Glenn Greenwald writes: In 2006, the New York Times won the Pulitzer Prize for having revealed that the NSA was eavesdropping on Americans without warrants. The reason that was a scandal was because it was illegal under a 30-year-old law that made it a felony, punishable by up to 5 years in prison for each offense, to eavesdrop on Americans without those warrants. Although both the Bush and Obama DOJs ultimately prevented final adjudication by raising claims of secrecy and standing, and the “Look Forward, Not Backward (for powerful elites)” Obama DOJ refused to prosecute the responsible officials, all three federal judges to rule on the substance found that domestic spying to be unconstitutional and in violation of the statute.

The person who secretly implemented that illegal domestic spying program was retired Gen. Michael Hayden, then Bush’s NSA director. That’s the very same Michael Hayden who is now frequently presented by US television outlets as the authority and expert on the current NSA controversy – all without ever mentioning the central role he played in overseeing that illegal warrantless eavesdropping program.

As Marcy Wheeler noted: “the 2009 Draft NSA IG Report that Snowden leaked [and the Guardian published] provided new details about how Hayden made the final decision to continue the illegal wiretapping program even after DOJ’s top lawyers judged it illegal in 2004. Edward Snowden leaked new details of Michael Hayden’s crime.” The Twitter commentator sysprog3 put it this way:

Inviting Hayden to comment on regulation of surveillance is like having Bernie Madoff comment on regulation of Wall Street.”

But inviting Hayden to do exactly that is what establishment media outlets do continually. [Continue reading…]

Alexander Abdo and Patrick Toomey write: Another burst of sunlight permeated the National Security Agency’s black box of domestic surveillance last week.

According to the New York Times, the NSA is searching the content of virtually every email that comes into or goes out of the United States without a warrant. To accomplish this astonishing invasion of Americans’ privacy, the NSA reportedly is making a copy of nearly every international email. It then searches that cloned data, keeping all of the emails containing certain keywords and deleting the rest – all in a matter of seconds.

If you emailed a friend, family member or colleague overseas today (or if, from abroad, you emailed someone in the US), chances are that the NSA made a copy of that email and searched it for suspicious information.

The NSA appears to believe this general monitoring of our electronic communications is justified because the entire process takes, in one official’s words, “a small number of seconds”. Translation: the NSA thinks it can intercept and then read Americans’ emails so long as the intrusion is swift, efficient and silent. [Continue reading…]