Category Archives: Five Eyes

Emails reveal close Google relationship with NSA

Jason Leopold reports: Email exchanges between National Security Agency Director Gen. Keith Alexander and Google executives Sergey Brin and Eric Schmidt suggest a far cozier working relationship between some tech firms and the U.S. government than was implied by Silicon Valley brass after last year’s revelations about NSA spying.

Disclosures by former NSA contractor Edward Snowden about the agency’s vast capability for spying on Americans’ electronic communications prompted a number of tech executives whose firms cooperated with the government to insist they had done so only when compelled by a court of law.

But Al Jazeera has obtained two sets of email communications dating from a year before Snowden became a household name that suggest not all cooperation was under pressure.

On the morning of June 28, 2012, an email from Alexander invited Schmidt to attend a four-hour-long “classified threat briefing” on Aug. 8 at a “secure facility in proximity to the San Jose, CA airport.”

“The meeting discussion will be topic-specific, and decision-oriented, with a focus on Mobility Threats and Security,” Alexander wrote in the email, obtained under a Freedom of Information Act (FOIA) request, the first of dozens of communications between the NSA chief and Silicon Valley executives that the agency plans to turn over.

Alexander, Schmidt and other industry executives met earlier in the month, according to the email. But Alexander wanted another meeting with Schmidt and “a small group of CEOs” later that summer because the government needed Silicon Valley’s help.

“About six months ago, we began focusing on the security of mobility devices,” Alexander wrote. “A group (primarily Google, Apple and Microsoft) recently came to agreement on a set of core security principles. When we reach this point in our projects we schedule a classified briefing for the CEOs of key companies to provide them a brief on the specific threats we believe can be mitigated and to seek their commitment for their organization to move ahead … Google’s participation in refinement, engineering and deployment of the solutions will be essential.”

Jennifer Granick, director of civil liberties at Stanford Law School’s Center for Internet and Society, said she believes information sharing between industry and the government is “absolutely essential” but “at the same time, there is some risk to user privacy and to user security from the way the vulnerability disclosure is done.” [Continue reading…]

One of the most corrosive effects of the revelations about the NSA’s exploitation of information security flaws is that this has created a perception that any kind of interaction between the NSA and Silicon Valley should be viewed with suspicion. In reality, information security would be undermined if the NSA wasn’t talking to the tech companies. The real problem comes when the NSA applies a definition of national security interests that conflicts with public interests.

Facebooktwittermail

Two major threats to the internet: The U.S. government and the Russian government

Ars Technica: Hector Xavier Monsegur, the hacker known as “Sabu,” became a confidential FBI informant following his 2011 arrest. But he continued to direct other hackers to attack more than 2,000 Internet domains in 2012, including sites operated by the Iranian, Syrian, and Brazilian governments.

Based on documents obtained by the New York Times, those attacks were carried out with the knowledge of the FBI agents supervising Monsegur. The Times report suggests that the data obtained in the attacks—including information on Syrian government sites—was passed to US intelligence agencies by the FBI.

Russian President Vladimir Putin clearly wants to exploit the climate of distrust that has been generated by the NSA and other branches of the U.S. government that have undermined internet security and sees in this the opportunity to push for a Russian internet — one in which the Russian government can exercise greater control over social media.

Vesti.ru reports (translation):

“The Internet emerged as a special project of the CIA USA, and continues to be developed as such,” said Putin [at the conference Mediaforum in St. Petersburg today]. Moreover, the president noted that the national search engine Yandex and the social network VKontakte are trying to develop business, mathematical and informational programming in Russia. “Our companies didn’t have resources free for such capital investments, but now they have appeared,” said the head of state. Putin expressed the hope that the Russian Internet would develop rather intensively and rapidly and will secure the interests of the Russian Federation.”

Meanwhile, ITAR-TASS reports:

Russia’s popular bloggers will now have to brace for considerable restrictions of their rights. The State Duma has just adopted a law introducing new rules they will have to abide by. The document incorporates a package of bills for effective struggle against terrorism and extremism. Earlier, the bill drew a mixed response from society, including sharp criticism from human rights activists.

The law introduces a new term: “Internet user called blogger.” Bloggers will be obliged to declare their family name and initials and e-mail address. Those authors whose personal website or page in social networks has 3,000 visitors or more a day must have themselves registered on a special list and abide by restrictions applicable to the mass media. In other words, registration requires the blogger should check the authenticity of published information and also mention age restrictions for users. Also, bloggers will have to follow mass media laws concerning electioneering, resistance to extremism and the publication of information about people’s private lives. An abuse of these requirements will be punishable with a fine of 10,000 to 30,000 roubles (roughly 300 dollars to 1,000 dollars) for individuals and 300,000 roubles (10,000 roubles) for legal entities. A second violation will be punishable with the website’s suspension for one month.

The Russian investigative journalists Andrei Soldatov and Irina Borogan write:

The NSA scandal made a perfect excuse for the Russian authorities to launch a campaign to bring global web platforms such as Gmail and Facebook under Russian law—either requiring them to be accessible in Russia by the domain extension .ru, or obliging them to be hosted on Russian territory. Under Russian control, these companies and their Russian users could protect their data from U.S. government surveillance and, most importantly, be completely transparent for Russian secret services.

Russia wants to shift supervision and control of the Internet from global companies to local or national authorities, allowing the FSB more authority and latitude to thwart penetration from outside. At December’s International Telecommunications Union (ITU) conference in Dubai, Moscow tried to win over other countries to its plan for a new system of control. The key to the project is to hand off the functions of managing distribution of domain names/IP-addresses from the U.S.-based organization ICANN to an international organization such as the ITU, where Russia can play a central role. Russia also proposed limiting the right of access to the Internet in such cases where “telecommunication services are used for the purpose of interfering in the internal affairs or undermining the sovereignty, national security, territorial integrity, and public safety of other states, or to divulge information of a sensitive nature.” Some 89 countries voted for the Russian proposals, but not the United States, United Kingdom, Western Europe, Australia, or Canada. The result is a stalemate.

Web services would be required to build backdoors for the Russian secret services to access what’s stored there. Prominent Russian MP Sergei Zheleznyak, a member of the ruling United Russia party, has called on Russia to reclaim its “digital sovereignty” and wean its citizens off foreign websites. He said he would introduce legislation this fall to create a “national server,” which analysts say would require foreign websites to register on Russian territory, thus giving the Kremlin’s own security services the access they have long been seeking. Of course, building such a national system would defeat the global value of the Internet.

Shane Harris writes:

When U.S. officials warn of the threat foreign cyber spies pose to American companies and government agencies, they usually focus on China, which has long been home to the world’s most relentless and aggressive hackers. But new information shows that Russian and Eastern European hackers, who have historically focused their energies on crime and fraud, now account for a large and growing percentage of all cyber espionage, most of which is directed at the United States.

Individuals and groups in Eastern Europe, and particularly in Russia and Russian-speaking countries, are responsible for a fifth of all cyber spying incidents in the world, according to a global study of data breaches conducted by Verizon, published this week. The spies are targeting a range of companies as varied as the global economy itself, and are stealing manufacturing designs, proprietary technology and confidential business plans. The cyber spies steal information on behalf of their governments in order to manufacture cheaper versions of technologies or weapons systems, or to give their home country’s corporations a leg up on their foreign competitors.

Facebooktwittermail

Snowden, Putin, Wyden, and Clapper

Imagine the tension inside the studio on Russian state television when Vladamir Putin was confronted by Edward Snowden. How would Russia’s president handle a direct challenge from the world’s most famous whistleblower?

Was the most powerful man in the world going to cower like DNI James Clapper did a year ago and wipe sweat from his forehead as he nervously tried to evade pointed questions from his interrogator?

It turned out the Putin remained as calm as the Buddha.

I guess it’s hard having the same impact when you can’t ask any follow-up questions, the person being questioned has no fear of perjuring himself, and he enjoys the popular support of a 71% approval rating.

The Moscow Times reports:

Most of the more than 2.5 million questions that were sent via telephone, web and text message concerned social policy, housing and infrastructure. But most of the show was occupied by questions about the ongoing crisis in eastern Ukraine and Russia’s recent annexation of Crimea.

Since Snowden’s question was among the 81 questions that made the cut, it’s safe to say that Putin and his handlers recognized that it would serve their interests. In Putin’s posture of speaking “spy to spy” there was no hint of the merciless way he deals with defectors.

The investigative journalist Andrei Soldatov, welcomed Snowden’s appearance:


Whether a debate of any consequence in Russia ensues, remains to be seen:


And while Snowden might want to applaud his own challenge to Putin, Soldatov reminded the American of an invitation he has yet to accept:


Speaking to the Washington Post, Soldatov explained why Putin’s denials on mass surveillance don’t stand up to scrutiny.

In fact, Soldatov says, Russia even has its own version of PRISM, the clandestine mass electronic surveillance program that Snowden uncovered. It’s called SORM, and has been around since 1995. During Putin’s 14 years in Russian leadership, the scope of SORM has been expanded numerous times.

Soldatov argues that there were three key points made by Putin, each of which was a half-truth or a lie. First, Soldatov says, Putin argued that the FSB, the successor agency to the Soviet era’s KGB, needs to get a warrant from a court before surveillance can begin. This is true in theory, Soldatov admits, but in practice the warrants are not required to be shown: Telecoms agencies and Internet providers do not have the necessary security clearance to view the warrants, in any case.

Secondly, Putin seemed to suggest that the Russian legislature, the Duma, has oversight over the FSB. This is not true, Soldatov says, arguing that while the State Duma does have a Special Committee for Security, it has no actual oversight for secret services.

Finally, Putin argued that Russia doesn’t have the “hardware and money the United States has.” Soldatov says this is “not entirely correct.” The biggest limitation on FSB’s spying is that Russian communication systems – for example, the social network VKontakte – are rarely used abroad, unlike U.S. systems (for example, Google and Facebook). This gives the U.S. a clear advantage in international surveillance, but it is mostly irrelevant for the discussion of domestic mass surveillance, Soldatov argues.

Facebooktwittermail

The U.S. government: Paying to undermine internet security, not to fix it

By Julia Angwin, ProPublica, April 15, 2014

The Heartbleed computer security bug is many things: a catastrophic tech failure, an open invitation to criminal hackers and yet another reason to upgrade our passwords on dozens of websites. But more than anything else, Heartbleed reveals our neglect of Internet security.

The United States spends more than $50 billion a year on spying and intelligence, while the folks who build important defense software 2014 in this case a program called OpenSSL that ensures that your connection to a website is encrypted 2014 are four core programmers, only one of whom calls it a full-time job.

In a typical year, the foundation that supports OpenSSL receives just $2,000 in donations. The programmers have to rely on consulting gigs to pay for their work. “There should be at least a half dozen full time OpenSSL team members, not just one, able to concentrate on the care and feeding of OpenSSL without having to hustle commercial work,” says Steve Marquess, who raises money for the project.

Is it any wonder that this Heartbleed bug slipped through the cracks?

Continue reading

Facebooktwittermail

It’s time to encrypt the entire internet

Wired reports: The Heartbleed bug crushed our faith in the secure web, but a world without the encryption software that Heartbleed exploited would be even worse. In fact, it’s time for the web to take a good hard look at a new idea: encryption everywhere.

Most major websites use either the SSL or TLS protocol to protect your password or credit card information as it travels between your browser and their servers. Whenever you see that a site is using HTTPS, as opposed to HTTP, you know that SSL/TLS is being used. But only a few sites — like Facebook and Gmail — actually use HTTPS to protect all of their traffic as opposed to just passwords and payment details.

Many security experts — including Google’s in-house search guru, Matt Cutts — think it’s time to bring this style of encryption to the entire web. That means secure connections to everything from your bank site to Wired.com to the online menu at your local pizza parlor.

Cutts runs Google’s web spam team. He helps the company tweak its search engine algorithms to prioritize certain sites over others. For example, the search engine prioritizes sites that load quickly, and penalizes sites that copy — or “scrape” — text from others.

If Cutts had his way, Google would prioritize sites that use HTTPS over those that don’t, he told blogger Barry Schwartz at a conference earlier this year. The change, if it were ever implemented, would likely spur an HTTPS stampede as web sites competed for better search rankings. [Continue reading…]

Facebooktwittermail

Did Snowden just make a visa-renewal application directly to Putin live on Russian TV?

Mashable reports: In what could be best described as a bizarre PR stunt, Edward Snowden made a surprise appearance on live TV to ask Russian President Vladimir Putin whether he spies on his citizens.

Snowden, who has received asylum in Russia, appeared during Putin’s annual call-in show on Russian TV on Thursday, during which Putin answered questions from the public. It’s unclear whether Snowden’s appearance was staged, but his question gave Putin a chance to poke at his favorite target: the United States.

“Does Russia store, intercept, or analyze, in any way, the communications of millions of individuals, and do you believe that simply increasing the effectiveness of intelligence or law enforcement investigations can justify a place in societies rather than subjects under surveillance?” Snowden asked Putin (see the full exchange in the video embedded below).

“Mr. Snowden, you are a former agent, a spy. I used to work for the intelligence service, we are going to talk one professional language,” Putin said, according to translation by state-run TV channel Russia Today. “We don’t have as much money as they have in the States and we don’t have these technical devices that they have in the States. Our special services, thank God, are strictly controlled by society and the law and regulated by the law.”

Russia clearly has means to “respond” to terrorists and criminals who use technology, Putin added, but doesn’t have “uncontrollable efforts like [in America].”

What Putin didn’t say, however, is that Russia actually boasts one of the most sophisticated surveillance systems in the world, described by some as “PRISM on steroids.” This system, known as SORM, practically gives the Federal Security Service (FSB) direct access to Internet servers and telecommunications providers, allowing the government to eavesdrop on all online and phone communications that go through their networks. [Continue reading…]

No doubt Edward Snowden’s most loyal supporters will find ways of putting a positive spin on his TV performance, but neither of two of the most obvious ways in which it can be interpreted cast him in a favorable light.

If Snowden thought that he was promoting political freedom inside Russia by giving Putin the opportunity to assert, unchallenged, his commitment to the protection of privacy, then Snowden’s naivety is staggering.

If on the other hand, Snowden was “invited” to ask his question with the understanding or expectation that this would result in some kind of quid pro quo — such as increasing the chance of him being offered permanent asylum — then he just demonstrated his willingness to function as a propaganda tool supporting Putin’s agenda.

Suppose the same question had been posed to Putin by the TV host. It would have merited no attention whatsoever. Of course Putin is going to cast his own security services as squeaky clean when the questioner has neither the opportunity, the means, or the motive to challenge the Russian president’s response.

There’s no question that Snowden’s appearance was a PR stunt. The question is: who instigated it?

Facebooktwittermail

Behind closed doors, Google and Facebook are fighting efforts to stop NSA spying

Vice reports: Revelations about the National Security Agency’s most controversial surveillance program, which centers on the bulk collection of hundreds of billions of records of Americans’ phone conversations, were quickly greeted with calls for reform by major internet powerhouses like Facebook, Google, Microsoft, and Yahoo last year. But all four companies, along with dozens of other major tech firms, are actively opposing an initiative to prevent NSA spying known as the Fourth Amendment Protection Act, leaning on secretive industry lobbying groups while they profess outrage in official statements.

Virtually immediate public condemnation of government spying put the industry in an uncomfortable position when the Snowden leaks began pouring out in June 2013, and in carefully written responses to news reports claiming that they’d cooperated with the now notorious PRISM apparatus, these tech companies emphasized their compliance with existing laws that require them to hand over user data under certain conditions.

“When governments ask Facebook for data, we review each request carefully to make sure they always follow the correct processes and all applicable laws, and then only provide the information if [it] is required by law,” Mark Zuckerberg, the CEO of Facebook, wrote in a blog post last June. “We will continue fighting aggressively to keep your information safe and secure.”

Statements like this suggest Zuckerberg and his industry peers would support legislative efforts to rein in surveillance, and it’s true that they’ve called for reform in letters to the Senate Judiciary Committee applauding a bill known as the USA Freedom Act. Google, Facebook, and six other tech giants have even hired a firm that claims to fight NSA surveillance on their behalf.

The real action, however, has been much subtler, with the industry wielding its influence behind closed doors using two lobbying groups to oppose certain restrictions on internet surveillance: the IT Alliance for Public Sector (ITAPS) and the State Privacy and Security Coalition (SPSC). A look at the actions of these two groups suggests that the companies want reform, sure, but only on terms that don’t affect their day-to-day business.

In particular, VICE has uncovered that ITAPS and SPSC have sent letters to politicians lobbying against the Fourth Amendment Protection Act, a wide-sweeping bill that would limit the NSA’s ability to read private electronic communications without a warrant. [Continue reading…]

Facebooktwittermail

NSA pretends it can increase national security while diminishing internet security

The New York Times reports: Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday.

But Mr. Obama carved a broad exception for “a clear national security or law enforcement need,” the officials said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons.

The White House has never publicly detailed Mr. Obama’s decision, which he made in January as he began a three-month review of recommendations by a presidential advisory committee on what to do in response to recent disclosures about the National Security Agency.

But elements of the decision became evident on Friday, when the White House denied that it had any prior knowledge of the Heartbleed bug, a newly known hole in Internet security that sent Americans scrambling last week to change their online passwords. The White House statement said that when such flaws are discovered, there is now a “bias” in the government to share that knowledge with computer and software manufacturers so a remedy can be created and distributed to industry and consumers. [Continue reading…]

Facebooktwittermail

New evidence that the NSA poses a major threat to global security

When it comes to intelligence officials, past or present, it seems much safer to assume that they are not acting in national interests than to assume otherwise. It doesn’t matter which nation or which agency, the business of intelligence is deception.

There is an inherent conflict between the declared need of such agencies to operate in secrecy and the need to provide those operations with the oversight they require in order to prevent the abuse of power.

After the latest revelations about the CIA’s torture programs and NSA operations which undermine the security of the internet, are we not already far past the point where it must be faced that the U.S. intelligence community has systemic flaws? These should not just be patched over. It’s time to ask fundamental questions about the function of the intelligence agencies.

Bloomberg reports: The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.

Heartbleed appears to be one of the biggest glitches in the Internet’s history, a flaw in the basic security of as many as two-thirds of the world’s websites. Its discovery and the creation of a fix by researchers five days ago prompted consumers to change their passwords, the Canadian government to suspend electronic tax filing and computer companies including Cisco Systems Inc. to Juniper Networks Inc. to provide patches for their systems.

Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.

“It flies in the face of the agency’s comments that defense comes first,” said Jason Healey, director of the cyber statecraft initiative at the Atlantic Council and a former Air Force cyber officer. “They are going to be completely shredded by the computer security community for this.” [Continue reading…]

Update — DNI states: NSA was not aware of the recently identified vulnerability in OpenSSL, the so-called Heartbleed vulnerability, until it was made public in a private sector cybersecurity report. Reports that say otherwise are wrong.

The problem for the DNI, NSA, CIA, and the rest of the intelligence community, is that they can’t restore trust simply by issuing statements or through cosmetic reform. It’s no good saying, we wouldn’t do something like that, when we already know they already have.

Facebooktwittermail

Edward Snowden: U.S. government spied on human rights workers

The Guardian reports: The US has spied on the staff of prominent human rights organisations, Edward Snowden has told the Council of Europe in Strasbourg, Europe’s top human rights body.

Giving evidence via a videolink from Moscow, Snowden said the National Security Agency – for which he worked as a contractor – had deliberately snooped on bodies like Amnesty International and Human Rights Watch.

He told council members: “The NSA has specifically targeted either leaders or staff members in a number of civil and non-governmental organisations … including domestically within the borders of the United States.” Snowden did not reveal which groups the NSA had bugged.

The assembly asked Snowden if the US spied on the “highly sensitive and confidential communications” of major rights bodies such as Amnesty and Human Rights Watch, as well as on similar smaller regional and national groups. He replied: “The answer is, without question, yes. Absolutely.” [Continue reading…]

Facebooktwittermail

NSA infiltrated RSA security more deeply than thought

Reuters reports: Security industry pioneer RSA adopted not just one but two encryption tools developed by the U.S. National Security Agency, greatly increasing the spy agency’s ability to eavesdrop on some Internet communications, according to a team of academic researchers.

Reuters reported in December that the NSA had paid RSA $10 million to make a now-discredited cryptography system the default in software used by a wide range of Internet and computer security programs. The system, called Dual Elliptic Curve, was a random number generator, but it had a deliberate flaw – or “back door” – that allowed the NSA to crack the encryption.

A group of professors from Johns Hopkins, the University of Wisconsin, the University of Illinois and elsewhere now say they have discovered that a second NSA tool exacerbated the RSA software’s vulnerability.

The professors found that the tool, known as the “Extended Random” extension for secure websites, could help crack a version of RSA’s Dual Elliptic Curve software tens of thousands of times faster, according to an advance copy of their research shared with Reuters. [Continue reading…]

Facebooktwittermail

NSA revelations ‘changing how businesses store sensitive data’

The Guardian reports: The vast scale of online surveillance revealed by Edward Snowden is changing how businesses store commercially sensitive data, with potentially dramatic consequences for the future of the internet, according to a new study.

A survey of 1,000 business leaders from around the world has found that many are questioning their reliance on “cloud computing” in favour of more secure forms of data storage as the whistleblower’s revelations continue to reverberate.

The moves by businesses mirror efforts by individual countries, such as Brazil and Germany, which are encouraging regional online traffic to be routed locally rather than through the US, in a move that could have a big impact on US technology companies such as Facebook and Google. [Continue reading…]

Facebooktwittermail

GCHQ and NSA targeted private German companies

Der Spiegel reports: Documents show that Britain’s GCHQ intelligence service infiltrated German Internet firms and America’s NSA obtained a court order to spy on Germany and collected information about the chancellor in a special database. Is it time for the country to open a formal espionage investigation?

The headquarters of Stellar, a company based in the town of Hürth near Cologne, are visible from a distance. Seventy-five white antennas dominate the landscape. The biggest are 16 meters (52 feet) tall and kept in place by steel anchors. It is an impressive sight and serves as a popular backdrop for scenes in TV shows, including the German action series “Cobra 11.”

Stellar operates a satellite ground station in Hürth, a so-called “teleport.” Its services are used by companies and institutions; Stellar’s customers include Internet providers, telecommunications companies and even a few governments. “The world is our market,” is the high-tech company’s slogan.

Using their ground stations and leased capacities from satellites, firms like Stellar — or competitors like Cetel in the nearby village of Ruppichteroth or IABG, which is headquartered in Ottobrunn near Munich — can provide Internet and telephone services in even the most remote areas. They provide communications links to places like oil drilling platforms, diamond mines, refugee camps and foreign outposts of multinational corporations and international organizations.

Super high-speed Internet connections are required at the ground stations in Germany in order to ensure the highest levels of service possible. Most are connected to major European Internet backbones that offer particularly high bandwidth.

The service they offer isn’t just attractive to customers who want to improve their connectivity. It is also of interest to Britain’s GCHQ intelligence service, which has targeted the German companies. Top secret documents from the archive of NSA whistleblower Edward Snowden viewed by SPIEGEL show that the British spies surveilled employees of several German companies, and have also infiltrated their networks. [Continue reading…]

Facebooktwittermail

No NSA reform can fix the American Islamophobic surveillance complex

o13-iconArun Kundnani writes: Better oversight of the sprawling American national security apparatus may finally be coming: President Obama and the House Intelligence Committee unveiled plans this week to reduce bulk collection of telephone records. The debate opened up by Edward Snowden’s whistle-blowing is about to get even more legalistic than all the parsing of hops and stores and metadata.

These reforms may be reassuring, if sketchy. But for those living in so-called “suspect communities” – Muslim Americans, left-wing campaigners, “radical” journalists – the days of living on the receiving end of excessive spying won’t end there.

How come when we talk about spying we don’t talk about the lives of ordinary people being spied upon? While we have been rightly outraged at the government’s warehousing of troves of data, we have been less interested in the consequences of mass surveillance for those most affected by it – such as Muslim Americans. [Continue reading…]

Facebooktwittermail

Beware the surveillance reform Trojan horse: what’s not in the new NSA laws?

o13-iconTrevor Timm writes: This week was undoubtedly a turning point in the NSA debate. Edward Snowden said it himself on Monday, as some of the NSA’s most ardent defenders, including the House Intelligence Committee and the White House, suddenly released similar proposals endorsing the end of the NSA’s bulk collection of phone records as we know it.

Stopping the government from holding onto of all Americans’ phone metadata would undoubtedly be a good thing for American privacy, but if you read between the legislative lines, the government might not be curtailing mass surveillance so much as permanently entrenching it in American law.

Rep Justin Amash, one of the NSA’s leading critics in the House, said of the Intelligence Committee bill: “It doesn’t end bulk collection but actually puts more Americans in danger of having their constitutionally protected rights violated.” While the Obama plan is undoubtedly more promising, with court requests and much more, Jameel Jaffer of the American Civil Liberties Union has several important questions about the proposal that need to be answered before anyone will really be able to judge. And the Cato Institute’s Julian Sanchez detailed why neither of these proposals are as good as the USA Freedom Act, which may now be getting boxed out. [Continue reading…]

Facebooktwittermail

NSA lackies hijack House reform bill

n13-iconThe Guardian reports: Congressional critics of the bulk collection of telephone records by the National Security Agency fear that its allies are circumventing them in the House of Representatives.

The House parliamentarian, who oversees procedural matters, has determined that a new bill that substantially modifies the seminal 1978 Foreign Intelligence Surveillance Act will go through the intelligence committee rather than the judiciary committee, a move that two congressional aides consider “highly unusual.”

Seemingly an arcane parliamentary issue, the jurisdiction question reveals a subterranean and intense fight within the House about the future course of US surveillance in the post-Edward Snowden era. The fight does not align with partisan divides, with both sides claiming both Republican and Democratic support.

The bill, authored by Republican Mike Rogers of Michigan and Democrat Dutch Ruppersberger of Maryland, would largely get the NSA out of the business of collecting US phone data in bulk. Rogers and Ruppersberger, both staunch advocates of the NSA and until now just as staunch defenders of bulk collection, are the leaders of the intelligence committee.

Yet the House judiciary committee thought it was the natural choice for primary legislative jurisdiction over the Fisa Transparency and Modernization Act, introduced on Tuesday. While the intelligence committee oversees US spy activities, the judiciary committee has oversight responsibilities over surveillance law. [Continue reading…]

The Associated Press adds: Cyber security experts are questioning whether President Barack Obama can make good on his assurance that U.S. intelligence agencies aren’t spying on “ordinary folks.”

That promise is especially dubious, experts say, in instances where Americans are communicating with U.S. citizens living abroad and other people overseas.

“It’s very clear there are enormous loopholes,” said Jonathan Mayer, a cybersecurity fellow at Stanford University’s Center for International Security and Cooperation, who is reverse engineering the NSA surveillance program to learn how much collection — if taken to extremes — is legally possible. “Their rules, combined with their capabilities, cut against the classical protections built into our legal system.”

Facebooktwittermail