Category Archives: Five Eyes

The security industry finds a dream enemy — government spy agencies

Lucian Constantin reports: 2013 was the year we learned we must encrypt our data if we don’t want the likes of the U.S. National Security Agency or the U.K. Government Communications Headquarters reading it as it crosses the Internet.

The security industry has the enemy it always dreamed of to help it make the case for encryption adoption, but users looking to secure their data and communications need to be wary of claims made in marketing messages. Securing data in motion is the priority, experts say, and some large Internet firms are already making progress in this area, but encrypting data at rest without losing its usefulness will prove a greater challenge.

“The NSA’s surveillance has opened the eyes of many people around the world,” Lamar Bailey, director of security research and development at security firm Tripwire said via email. “Security professionals have always known that this style of surveillance is possible with the right resources, but this episode has been a big wake-up call for everyone. Many countries and companies outside the U.S. are now taking a harder, more in-depth look at software and hardware that comes from the U.S., although the silver lining is that mainstream users are now more concerned with encrypting data and reviewing how their information is being shared.”

The public debate sparked by the surveillance revelations in recent months has prompted some encouraging responses already: Google has encrypted the links between its data centers; Yahoo is working to do the same and has promised to enable SSL encryption by default for webmail and other services, and Twitter has enabled an SSL feature called forward secrecy, already implemented by Google and Facebook, which makes mass decryption of SSL traffic hard even if the website operator’s master private key is compromised. [Continue reading…]

Facebooktwittermail

New York Times calls on Obama to grant Snowden clemency

An Editorial in the New York Times says: Seven months ago, the world began to learn the vast scope of the National Security Agency’s reach into the lives of hundreds of millions of people in the United States and around the globe, as it collects information about their phone calls, their email messages, their friends and contacts, how they spend their days and where they spend their nights. The public learned in great detail how the agency has exceeded its mandate and abused its authority, prompting outrage at kitchen tables and at the desks of Congress, which may finally begin to limit these practices.

The revelations have already prompted two federal judges to accuse the N.S.A. of violating the Constitution (although a third, unfortunately, found the dragnet surveillance to be legal). A panel appointed by President Obama issued a powerful indictment of the agency’s invasions of privacy and called for a major overhaul of its operations.

All of this is entirely because of information provided to journalists by Edward Snowden, the former N.S.A. contractor who stole a trove of highly classified documents after he became disillusioned with the agency’s voraciousness. Mr. Snowden is now living in Russia, on the run from American charges of espionage and theft, and he faces the prospect of spending the rest of his life looking over his shoulder.

Considering the enormous value of the information he has revealed, and the abuses he has exposed, Mr. Snowden deserves better than a life of permanent exile, fear and flight. He may have committed a crime to do so, but he has done his country a great service. It is time for the United States to offer Mr. Snowden a plea bargain or some form of clemency that would allow him to return home, face at least substantially reduced punishment in light of his role as a whistle-blower, and have the hope of a life advocating for greater privacy and far stronger oversight of the runaway intelligence community.

Mr. Snowden is currently charged in a criminal complaint with two violations of the Espionage Act involving unauthorized communication of classified information, and a charge of theft of government property. Those three charges carry prison sentences of 10 years each, and when the case is presented to a grand jury for indictment, the government is virtually certain to add more charges, probably adding up to a life sentence that Mr. Snowden is understandably trying to avoid.

The president said in August that Mr. Snowden should come home to face those charges in court and suggested that if Mr. Snowden had wanted to avoid criminal charges he could have simply told his superiors about the abuses, acting, in other words, as a whistle-blower.

“If the concern was that somehow this was the only way to get this information out to the public, I signed an executive order well before Mr. Snowden leaked this information that provided whistle-blower protection to the intelligence community for the first time,” Mr. Obama said at a news conference. “So there were other avenues available for somebody whose conscience was stirred and thought that they needed to question government actions.”

In fact, that executive order did not apply to contractors, only to intelligence employees, rendering its protections useless to Mr. Snowden. More important, Mr. Snowden told The Washington Post earlier this month that he did report his misgivings to two superiors at the agency, showing them the volume of data collected by the N.S.A., and that they took no action. (The N.S.A. says there is no evidence of this.) That’s almost certainly because the agency and its leaders don’t consider these collection programs to be an abuse and would never have acted on Mr. Snowden’s concerns.

In retrospect, Mr. Snowden was clearly justified in believing that the only way to blow the whistle on this kind of intelligence-gathering was to expose it to the public and let the resulting furor do the work his superiors would not. Beyond the mass collection of phone and Internet data, consider just a few of the violations he revealed or the legal actions he provoked:

■ The N.S.A. broke federal privacy laws, or exceeded its authority, thousands of times per year, according to the agency’s own internal auditor.

■ The agency broke into the communications links of major data centers around the world, allowing it to spy on hundreds of millions of user accounts and infuriating the Internet companies that own the centers. Many of those companies are now scrambling to install systems that the N.S.A. cannot yet penetrate.

■ The N.S.A. systematically undermined the basic encryption systems of the Internet, making it impossible to know if sensitive banking or medical data is truly private, damaging businesses that depended on this trust.

■ His leaks revealed that James Clapper Jr., the director of national intelligence, lied to Congress when testifying in March that the N.S.A. was not collecting data on millions of Americans. (There has been no discussion of punishment for that lie.)

■ The Foreign Intelligence Surveillance Court rebuked the N.S.A. for repeatedly providing misleading information about its surveillance practices, according to a ruling made public because of the Snowden documents. One of the practices violated the Constitution, according to the chief judge of the court.

■ A federal district judge ruled earlier this month that the phone-records-collection program probably violates the Fourth Amendment of the Constitution. He called the program “almost Orwellian” and said there was no evidence that it stopped any imminent act of terror.

The shrill brigade of his critics say Mr. Snowden has done profound damage to intelligence operations of the United States, but none has presented the slightest proof that his disclosures really hurt the nation’s security. Many of the mass-collection programs Mr. Snowden exposed would work just as well if they were reduced in scope and brought under strict outside oversight, as the presidential panel recommended.

When someone reveals that government officials have routinely and deliberately broken the law, that person should not face life in prison at the hands of the same government. That’s why Rick Ledgett, who leads the N.S.A.’s task force on the Snowden leaks, recently told CBS News that he would consider amnesty if Mr. Snowden would stop any additional leaks. And it’s why President Obama should tell his aides to begin finding a way to end Mr. Snowden’s vilification and give him an incentive to return home.

Facebooktwittermail

Chomsky: Mainstream media remains an ‘invaluable resource’

Salon: This year’s revelations about the scope of surveillance-state activity are certainly not the first major leaks you’ve seen draw scrutiny on government spying. Is there something particular or unique, in your view, about the NSA revelations?

In principle it’s not an innovation; things like this have been going on for a long time. The scale and the incredibly ambitious character of the surveillance and control is something new. But it’s the kind of thing one should expect. The history goes back a long way. So, for example, if you go back a century ago, right after the U.S. invasion of the Philippines — a brutal invasion that killed a couple hundred thousand people — there was a problem for the U.S. of pacification afterwards. What do you do to control the population to prevent another nationalist uprising? There’s a very good study of this by Alfred McCoy, a Philippines scholar at University of Wisconsin, and what he shows is that the U.S. used the most sophisticated technology of the day to develop a massive system of survelliance, control, disruption to undermine any potential opposition and to impose very tight controls on the population which lasted for a long time and in many ways the Philippines is still suffering from this. But he also points out the technology was immediately transferred home. Woodrow Wilson’s administration used it in their “Red Scare” a couple years later. The British used it, too.

Q: Do you think revelations about sprawling surveillance have prompted much significant self-reflection from the American public about the workings of our state apparatus and our use of technology?

Governments are power systems. They are trying to sustain their power and domination over their populations and they will use what means are available to do this. By now the means are very sophisticated and extensive and we can expect them to increase. So for instance, if you read technology journals you learn that in robotics labs for some years there have been efforts to develop small drones, what they call “fly-sized drones,” which can intrude into a person’s home and be almost invisible and carry out constant surveillance. You can be sure that the military is very much interested in this, and the intelligence systems as well, and will soon be using it.

We’re developing technologies that will be used by our own governments and by commercial corporations and are already being used to maximize information for themselves for control and domination. That’s the way power systems work. Of course, they’ve always played the security card. But I think one should be very cautious about such claims. Every government pleads security for almost anything it’s doing, so since the plea is predictable it essentially carries no information. If after the event the power system claims security, that doesn’t mean it’s actually a functioning principle. And if you look at the record, you discover that security is generally a pretext and security is not a high priority of governments. If by that I mean the security of the population — security of the power system itself and the domestic interests it represents, yes, that’s a concern. But security of the population is not.

Q: You’ve often highlighted flaws in mainstream media’s insidious institutional fealty during your career — notably in your book “Manufacturing Consent” [1988]. What do you think of the current state of the U.S. media? Do you have much hope for new ventures like Glenn Greenwald’s, which has already promised to aggressively take on government and corporate wrongdoing?

The availability of the Internet has offered a much easier access than before to a wide variety of information and opinion and so on. But I don’t think that is a qualitative shift. It is easier to go to the Internet than to go to the library, undoubtedly. But the shift from no libraries to the existence of libraries was a much greater shift than what we’ve seen with the Internet’s development. [The Internet] gives more access — that part is good — but on the other hand, it is combined with a process of undermining independent inquiry and reporting within the media themselves. There’s plenty to criticize about the mass media but they are the source of regular information about a wide range of topics. You can’t duplicate that on blogs. And that’s declining. Local newspapers, I need not inform you, are becoming very much narrower in their global outreach, even their national outreach. And that’s the real meat of inquiry, of information gathering. We can criticize its character and the biases that enter into it, and the institutional constraints on it, but nevertheless it’s of inestimable importance. I’ve never questioned that. And that’s diminishing at the same time as accesses to a wider range of materials is increasing. The Greenwald initiative is a very promising one. He himself has had an impressive career of independent thinking, inquiry, analysis and reporting. I think there is good reason to have a good deal of trust in his judgement. Where it will go, we don’t know; it hasn’t started yet so it is just speculation.

I think that, for example, the New York Times will remain what’s called the “newspaper of record” for the foreseeable future. I don’t see any competitor arising which has the range of resources, of overseas bureaus and so on. Again, I think there is plenty to criticize about it, but it is nevertheless an invaluable resource. There are many other independent developments which are quite significant of themselves, so it’s valuable to have, say, Amy Goodman’s Democracy Now or Salon or any other independent voice. But I don’t see any indication that there is going to be some radically new form of gathering, reporting and analyzing information. [Continue reading…]

Facebooktwittermail

Would NSA surveillance have stopped 9/11 plot?

Peter Bergen writes: The Obama administration has framed its defense of the controversial bulk collection of all American phone records as necessary to prevent a future 9/11.

During a House Intelligence Committee hearing on June 18, NSA director Gen. Keith Alexander said, “Let me start by saying that I would much rather be here today debating this point than trying to explain how we failed to prevent another 9/11.”

This closely mirrors talking points by the National Security Agency about how to defend the program.

In the talking points, NSA officials are encouraged to use “sound bites that resonate,” specifically, “I much prefer to be here today explain these programs, than explaining another 9/11 event that we were not able to prevent.”

On Friday in New York, Judge William H. Pauley III ruled that NSA’s bulk collection of American telephone records is lawful. He cited Alexander’s testimony and quoted him saying, “We couldn’t connect the dots because we didn’t have the dots.”

But is it really the case that the U.S. intelligence community didn’t have the dots in the lead up to 9/11? Hardly.

In fact, the intelligence community provided repeated strategic warning in the summer of 9/11 that al Qaeda was planning a large-scale attacks on American interests.

Here is a representative sampling of the CIA threat reporting that was distributed to Bush administration officials during the spring and summer of 2001:

— CIA, “Bin Ladin Planning Multiple Operations,” April 20
— CIA, “Bin Ladin Attacks May Be Imminent,” June 23
— CIA, “Planning for Bin Ladin Attacks Continues, Despite Delays,” July 2
— CIA, “Threat of Impending al Qaeda Attack to Continue Indefinitely,” August 3

The failure to respond adequately to these warnings was a policy failure by the Bush administration, not an intelligence failure by the U.S. intelligence community. [Continue reading…]

Facebooktwittermail

Inside the NSA’s catalog of surveillance magic

Sean Gallagher writes: The National Security Agency’s sophisticated hacking operations go way beyond using software vulnerabilities to gain access to targeted systems. The agency has a catalog of tools available that would make James Bond’s Q jealous, providing NSA analysts access to just about every potential source of data about a target.

In some cases, the NSA has modified the firmware of computers and network hardware—including systems shipped by Cisco, Dell, Hewlett-Packard, Huawei, and Juniper Networks—to give its operators both eyes and ears inside the offices the agency has targeted. In others, the NSA has crafted custom BIOS exploits that can survive even the reinstallation of operating systems. And in still others, the NSA has built and deployed its own USB cables at target locations—complete with spy hardware and radio transceiver packed inside.

Documents provided by former NSA contractor Edward Snowden to Der Spiegel reveal a fantastical collection of surveillance tools dating back to 2007 and 2008 that gave the NSA the power to collect all sorts of data over long periods of time without detection. The tools, ranging from back doors installed in computer network firmware and software to passively powered bugs installed within equipment, give the NSA a persistent ability to monitor some targets with little risk of detection. While the systems targeted by some of the “products” listed in the documents are over five years old and are likely to have been replaced in some cases, the methods and technologies used by all the exploit products could easily still be in use in some form in ongoing NSA surveillance operations. [Continue reading…]

Jacob Applebaum, co-author of the Der Spiegel report, spoke yesterday at the 30th annual Chaos Communication Congress where he presented new details including the NSA’s ability to hack a Wi-Fi network from up to eight miles away.

Facebooktwittermail

ACLU sues administration over overseas U.S. surveillance

UPI reports: A rights group sued to make five U.S. agencies prove Americans whose overseas communications are picked up by surveillance are fully protected under the law.

The American Civil Liberties Union said in its lawsuit, filed in U.S. District Court in New York, the CIA, National Security Agency, Justice Department, Defense Department and State Department have all but ignored a Freedom of Information Act request the non-partisan, non-profit group made in May and followed up on over successive months.

The FBI, Defense Department’s Defense Intelligence Agency, the Justice Department’s National Security Division and the State Department “have acknowledged receipt of the FOIA request and indicated its placement in their FOIA processing queues, but have provided no substantive response to date,” the lawsuit states.

The NSA provided four documents that were already publicly available and didn’t directly address the FOIA request, and the CIA said it wouldn’t comply with the request, citing an “unreasonably burdensome search,” says the lawsuit, which the ACLU filed with Yale Law School’s Media Freedom and Information Access Clinic.

The FOIA request and lawsuit seek to know what constitutional protections Americans’ international communications have under a several-times-modified December 1981 executive order signed by President Ronald Reagan that is frequently used by the Obama administration to justify NSA actions. [Continue reading…]

Facebooktwittermail

The NSA’s hackers

Der Spiegel reports: When it comes to modern firewalls for corporate computer networks, the world’s second largest network equipment manufacturer doesn’t skimp on praising its own work. According to Juniper Networks’ online PR copy, the company’s products are “ideal” for protecting large companies and computing centers from unwanted access from outside. They claim the performance of the company’s special computers is “unmatched” and their firewalls are the “best-in-class.” Despite these assurances, though, there is one attacker none of these products can fend off — the United States’ National Security Agency.

Specialists at the intelligence organization succeeded years ago in penetrating the company’s digital firewalls. A document viewed by SPIEGEL resembling a product catalog reveals that an NSA division called ANT has burrowed its way into nearly all the security architecture made by the major players in the industry — including American global market leader Cisco and its Chinese competitor Huawei, but also producers of mass-market goods, such as US computer-maker Dell.

These NSA agents, who specialize in secret back doors, are able to keep an eye on all levels of our digital lives — from computing centers to individual computers, from laptops to mobile phones. For nearly every lock, ANT seems to have a key in its toolbox. And no matter what walls companies erect, the NSA’s specialists seem already to have gotten past them.

This, at least, is the impression gained from flipping through the 50-page document. The list reads like a mail-order catalog, one from which other NSA employees can order technologies from the ANT division for tapping their targets’ data. The catalog even lists the prices for these electronic break-in tools, with costs ranging from free to $250,000.

In the case of Juniper, the name of this particular digital lock pick is “FEEDTROUGH.” This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive “across reboots and software upgrades.” In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH “has been deployed on many target platforms.”

The specialists at ANT, which presumably stands for Advanced or Access Network Technology, could be described as master carpenters for the NSA’s department for Tailored Access Operations (TAO). [Continue reading…]

In another report, describing TAO, Der Spiegel says: This is the NSA’s top operative unit — something like a squad of plumbers that can be called in when normal access to a target is blocked.

According to internal NSA documents viewed by SPIEGEL, these on-call digital plumbers are involved in many sensitive operations conducted by American intelligence agencies. TAO’s area of operations ranges from counterterrorism to cyber attacks to traditional espionage. The documents reveal just how diversified the tools at TAO’s disposal have become — and also how it exploits the technical weaknesses of the IT industry, from Microsoft to Cisco and Huawei, to carry out its discreet and efficient attacks.

The unit is “akin to the wunderkind of the US intelligence community,” says Matthew Aid, a historian who specializes in the history of the NSA. “Getting the ungettable” is the NSA’s own description of its duties. “It is not about the quantity produced but the quality of intelligence that is important,” one former TAO chief wrote, describing her work in a document. The paper seen by SPIEGEL quotes the former unit head stating that TAO has contributed “some of the most significant intelligence our country has ever seen.” The unit, it goes on, has “access to our very hardest targets.”

Defining the future of her unit at the time, she wrote that TAO “needs to continue to grow and must lay the foundation for integrated Computer Network Operations,” and that it must “support Computer Network Attacks as an integrated part of military operations.” To succeed in this, she wrote, TAO would have to acquire “pervasive, persistent access on the global network.” An internal description of TAO’s responsibilities makes clear that aggressive attacks are an explicit part of the unit’s tasks. In other words, the NSA’s hackers have been given a government mandate for their work. During the middle part of the last decade, the special unit succeeded in gaining access to 258 targets in 89 countries — nearly everywhere in the world. In 2010, it conducted 279 operations worldwide.

Indeed, TAO specialists have directly accessed the protected networks of democratically elected leaders of countries. They infiltrated networks of European telecommunications companies and gained access to and read mails sent over Blackberry’s BES email servers, which until then were believed to be securely encrypted. Achieving this last goal required a “sustained TAO operation,” one document states.

This TAO unit is born of the Internet — created in 1997, a time when not even 2 percent of the world’s population had Internet access and no one had yet thought of Facebook, YouTube or Twitter. From the time the first TAO employees moved into offices at NSA headquarters in Fort Meade, Maryland, the unit was housed in a separate wing, set apart from the rest of the agency. Their task was clear from the beginning — to work around the clock to find ways to hack into global communications traffic. [Continue reading…]

Facebooktwittermail

How data thieves have captured our lives on the internet

John Naughton writes: [T]he biggest misjudgment of all – the one that legitimised most of the excesses that Snowden has unveiled – was … a political one. It was the decision of the George W Bush administration to declare a “war on terror” in the aftermath of the 9/11 attacks – and the eager adoption by the UK and other allies of the same stance.

As Professor Eben Moglen of Columbia University puts it, the intelligence agencies “presented with a mission by an extraordinarily imprudent national government in the United States, which having failed to prevent a very serious attack on American civilians at home, largely by ignoring warnings, decreed that they were never again to be put in a position where they should have known. This resulted in a military response, which is to get as close to everything as possible. Because if you don’t get as close to everything as possible, how can you say that you knew everything that you should have known?” In a real war, one in which the very survival of a state is threatened by a foreign adversary, almost anything is permissible, including the suspension of civil liberties, the right to privacy and all the other things we liberals hold dear. Between 1939 and 1945, Britain was governed by what was effectively a dictatorship wielding unimaginable powers, including comprehensive censorship, the power to requisition private property on demand, and so on. Citizens might not have liked this regime, but they consented to because they understood the need for it.

The “war” on terror is not a war in this sense. It is a rhetorical device aimed at engineering consent for a particular political strategy. But it was enough to provide legislative cover for the acquisition by the US intelligence-gathering agencies of warlike powers, which included the means of surveilling every citizen on earth who had an internet connection, and every owner of a mobile phone in most countries of the world. The war on terror may have succeeded in turbocharging the surveillance capabilities of the US and its allies, but it has also inflicted significant collateral damage on the foreign policy of the US, threatened its dominance of cloud computing and other markets, undermined its major technology companies, infuriated some of its most important allies and superimposed a huge question-mark on the future of the internet as a global system. The war on terror may have made tactical sense in the traumatic months post-9/11. But as a political decision it has had a catastrophic long-term impact. [Continue reading…]

Facebooktwittermail

No doubt about effectiveness of mass metadata collection, claims federal judge — ignoring evidence to the contrary

Adam Serwer writes: When Judge William H. Pauley ruled that the National Security Agency’s metadata program was lawful on Friday, he argued that there was no significant dispute about “the effectiveness of bulk telephony metadata collection.”

Pauley — who issued his ruling from a courthouse less than two miles from where the twin towers once stood — then offered a series of examples cited by the NSA to bolster their claims that the program is effective, all of which have been “seriously disputed.”

Only four plots among the fifty-four the NSA claims to have helped foil have been made public. Pauley cited three of those four plots in arguing that the metadata program was effective, but journalists and legislators have picked already picked those examples apart. ProPublica published a piece in October by Justin Elliott and Theodoric Meyer noting that in each of the three cases Pauley mentions, there were serious doubts as to whether or not the NSA was exaggerating either the plot itself or the impact of the program.

Pauley cites the case of Najibullah Zazi, who was convicted of a plot to bomb the New York subway in 2009. An Associated Press examination concluded that the NSA had the authority to monitor the email account that lead to Zazi’s capture even without the authority to gather communications records in bulk.

Pauley also cited an effort by a man named Khalid Ouazzani to attack the New York Stock Exchange. But Ouazzani was convicted of funding al Qaeda, and as ProPublica notes neither he nor anyone else was ever actually charged or convicted of a plot to bomb the NYSE.

Pauley also cites the case of David Headley, who was involved in the 2008 terrorist attack in Mumbai and was involved in a plot to attack on a Danish newspaper which had published cartoons depicting the Islamic prophet Mohammed. But according to ProPublica, it was British intelligence, not the NSA’s datagathering, that first brought Headly to U.S. authorities’ attention.

All of this information would have been available to Pauley, because the ProPublica piece disputing the NSA’s claims was cited as a footnote in the prior ruling by Judge Richard Leon that found the NSA’s data gathering program unconstitutional. Pauley refers to Leon’s ruling multiple times in his own, indicating that he read it. [Continue reading…]

Facebooktwittermail

The Snowden saga heralds a radical shift in capitalism

Evgeny Morozov writes: Following his revelations this year about Washington’s spying excesses, Edward Snowden now faces a growing wave of surveillance fatigue among the public – and the reason is that the National Security Agency contractor turned whistleblower has revealed too many uncomfortable truths about how today’s world works.

Technical infrastructure and geopolitical power; rampant consumerism and ubiquitous surveillance; the lofty rhetoric of “internet freedom” and the sober reality of the ever-increasing internet control – all these are interconnected in ways most of us would rather not acknowledge or think about. Instead, we have focused on just one element in this long chain – state spying – but have mostly ignored all others.

But the spying debate has quickly turned narrow and unbearably technical; issues such as the soundness of US foreign policy, the ambivalent future of digital capitalism, the relocation of power from Washington and Brussels to Silicon Valley have not received due attention. But it is not just the NSA that is broken: the way we do – and pay for – our communicating today is broken as well. And it is broken for political and economic reasons, not just legal and technological ones: too many governments, strapped for cash and low on infrastructural imagination, have surrendered their communications networks to technology companies a tad too soon.

Mr Snowden created an opening for a much-needed global debate that could have highlighted many of these issues. Alas, it has never arrived. The revelations of the US’s surveillance addiction were met with a rather lacklustre, one-dimensional response. Much of this overheated rhetoric – tinged with anti-Americanism and channelled into unproductive forms of reform – has been useless. Many foreign leaders still cling to the fantasy that, if only the US would promise them a no-spy agreement, or at least stop monitoring their gadgets, the perversions revealed by Mr Snowden would disappear. [Continue reading…]

Facebooktwittermail

Edward Snowden is wrong: His mission has not been accomplished

Andrea Peterson writes: “For me, in terms of personal satisfaction, the mission’s already accomplished,” former NSA contractor Edward Snowden told my Washington Post colleague Barton Gellman in Moscow this month. Snowden went on to explain that he had “already won” because the journalists working from the documents he secreted away from the NSA are giving the public a chance to weigh in on surveillance policies.

But while it’s not quite flight-suit level deception, calling the current state of affairs mission accomplished is a significant change in the scope of Snowden’s ambitions compared to when he first stepped forward as the source of the NSA documents. In a video interview with the Guardian released shortly after he stepped out of the shadows, he espoused many of the same hopes about the public having input on the secret machinations of intelligence agencies. But he also gave a much more lofty goal: substantive policy change.

The greatest fear that I have regarding the outcome for America of these disclosures is that nothing will change. People will see in the media all of these disclosures. They’ll know the lengths that the government is going to grant themselves powers unilaterally to create greater control over American society and global society. But they won’t be willing to take the risks necessary to stand up and fight to change things to force their representatives to actually take a stand in their interests.

And the months ahead, the years ahead it’s only going to get worse until eventually there will be a time where policies will change because the only thing that restricts the activities of the surveillance state are policy.

So far, Snowden’s “greatest fear” has come true. Public opinion over his disclosures has been divided and no significant policy changes to NSA surveillance have emerged. And the administration is standing by the status quo despite the lack of evidence that it has been effective at its stated goal of halting terrorist attacks. [Continue reading…]

As I have written previously, one of the easiest ways of measuring how effective exposure of NSA operations has been will be in terms of its budget and its size. My expectation is that by those two counts the NSA will continue to grow. Indeed, the agency will argue to Congress that this growth is necessitated by the leaks.

Facebooktwittermail

UN’s Navi Pillay compares uproar over mass surveillance to fight against apartheid

The Guardian reports: The UN human rights chief, Navi Pillay, has compared the uproar in the international community caused by revelations of mass surveillance with the collective response that helped bring down the apartheid regime in South Africa.

Pillay, the first non-white woman to serve as a high-court judge in South Africa, made the comments in an interview with Sir Tim Berners-Lee on a special edition of BBC Radio 4’s Today programme, which the inventor of the world wide web was guest editing.

Pillay has been asked by the UN to prepare a report on protection of the right to privacy, in the wake of the former National Security Agency analyst Edward Snowden leaking classified documents about UK and US spying and the collection of personal data.

The former international criminal court judge said her encounters with serious human rights abuses, which included serving on the Rwanda tribunal, did not make her take online privacy less seriously. “I don’t grade human rights,” she said. “I feel I have to look after and promote the rights of all persons. I’m not put off by the lifetime experience of violations I have seen.”

She said apartheid ended in South Africa principally because the international community co-operated to denounce it, adding: “Combined and collective action by everybody can end serious violations of human rights … That experience inspires me to go on and address the issue of internet [privacy], which right now is extremely troubling because the revelations of surveillance have implications for human rights … People are really afraid that all their personal details are being used in violation of traditional national protections.” [Continue reading…]

Facebooktwittermail

Outsourcing mass surveillance

The Washington Post reports: A measure that President Obama is considering as a way to curb the National Security Agency’s mass storage of phone data is already facing resistance — not only from the intelligence community but also from privacy advocates, the phone industry and some lawmakers.

Obama last week suggested that he was open to the idea of requiring phone companies to store the records and allowing the government to search them under strict guidelines. Currently, the agency stores those records itself, part of a sprawling collection program that came to light through documents shared by former NSA contractor Edward Snowden.

But now, industry officials, privacy advocates and congressional officials are expressing resistance to any alternatives that involve mandating phone companies to hold the data for longer periods. And other possible scenarios, including having a private third party store the records, also raise concerns, they say.

Civil libertarians consider mandated phone-company or third-party storage an unacceptable “proxy” for the NSA’s holding of the database. Last Thursday, a group of privacy advocates met with White House officials and urged them not to seek legislation to mandate data retention, among other things. [Continue reading…]

Facebooktwittermail

The War on Terror’s Jedi mind trick

Julian Sanchez writes: A Republican-appointed judge and President Obama’s own handpicked Surveillance Review Group both came to the same conclusion last week: The National Security Agency’s controversial phone-records program has been of little real value to American security. Yet its defenders continue to insist that it is necessary, clinging desperately to long-debunked claims about foiled terror plots. Their stubbornness fits a decade-long pattern of fear trumping evidence whenever the word “terrorism” is uttered — a pattern it is time to finally break.

Since the disclosure of the NSA’s massive domestic phone-records database, authorized under a tortured reading of the Patriot Act’s Section 215 authority to obtain business records, intelligence officials and their allies in Congress have claimed it plays a vital role in protecting Americans from “dozens” of terror attacks. But as the expert panel Obama appointed to review the classified facts concluded, in a report released Wednesday, that just isn’t true.

“Our review suggests that the information contributed to terrorist investigations by the use of section 215 telephony meta-data was not essential to preventing attacks,” the report found, “and could readily have been obtained in a timely manner using conventional section 215 orders.”

In other words, instead of vacuuming up sensitive information about the call patterns of millions of innocent people, the government could have followed the traditional approach of getting orders for specific suspicious numbers. As for those “dozens” of attacks, the review groups found that the NSA program “generated relevant information in only a small number of cases, and there has been no instance in which NSA could say with confidence that the outcome would have been different without the section 215 telephony meta-data program.” [Continue reading…]

Facebooktwittermail

Snowden’s mission ‘already accomplished’

In the first in-person interview Edward Snowden has conducted since his arrival in Moscow in June, Barton Gellman reports:

“For me, in terms of personal satisfaction, the mission’s already accomplished,” he said. “I already won. As soon as the journalists were able to work, everything that I had been trying to do was validated. Because, remember, I didn’t want to change society. I wanted to give society a chance to determine if it should change itself.”

“All I wanted was for the public to be able to have a say in how they are governed,” he said. “That is a milestone we left a long time ago. Right now, all we are looking at are stretch goals.”

Snowden is an orderly thinker, with an engineer’s approach to problem-solving. He had come to believe that a dangerous machine of mass surveillance was growing unchecked. Closed-door oversight by Congress and the Foreign Intelligence Surveillance Court was a “graveyard of judgment,” he said, manipulated by the agency it was supposed to keep in check. Classification rules erected walls to prevent public debate.

Toppling those walls would be a spectacular act of transgression against the norms that prevailed inside them. Someone would have to bypass security, extract the secrets, make undetected contact with journalists and provide them with enough proof to tell the stories.

The NSA’s business is “information dominance,” the use of other people’s secrets to shape events. At 29, Snowden upended the agency on its own turf.

“You recognize that you’re going in blind, that there’s no model,” Snowden said, acknowledging that he had no way to know whether the public would share his views.

“But when you weigh that against the alternative, which is not to act,” he said, “you realize that some analysis is better than no analysis. Because even if your analysis proves to be wrong, the marketplace of ideas will bear that out. If you look at it from an engineering perspective, an iterative perspective, it’s clear that you have to try something rather than do nothing.”

By his own terms, Snowden succeeded beyond plausible ambition. The NSA, accustomed to watching without being watched, faces scrutiny it has not endured since the 1970s, or perhaps ever.

Facebooktwittermail

How the NSA became an advanced persistent threat to global cybersecurity

In the first in-person interview Edward Snowden has conducted since his arrival in Moscow in June, Barton Gellman reports:

The documents leaked by Snowden compelled attention because they revealed to Americans a history they did not know they had.

Internal briefing documents reveled in the “Golden Age of Electronic Surveillance.” Brawny cover names such as MUSCULAR, TUMULT and TURMOIL boasted of the agency’s prowess.

With assistance from private communications firms, the NSA had learned to capture enormous flows of data at the speed of light from fiber-optic cables that carried Internet and telephone traffic over continents and under seas. According to one document in Snowden’s cache, the agency’s Special Source Operations group, which as early as 2006 was said to be ingesting “one Library of Congress every 14.4 seconds,” had an official seal that might have been parody: an eagle with all the world’s cables in its grasp.

Each year, NSA systems collected hundreds of millions of e-mail address books, hundreds of billions of cellphone location records and trillions of domestic call logs.

Most of that data, by definition and intent, belonged to ordinary people suspected of nothing. But vast new storage capacity and processing tools enabled the NSA to use the information to map human relationships on a planetary scale. Only this way, its leadership believed, could the NSA reach beyond its universe of known intelligence targets.

In the view of the NSA, signals intelligence, or electronic eavesdropping, was a matter of life and death, “without which America would cease to exist as we know it,” according to an internal presentation in the first week of October 2001 as the agency ramped up its response to the al-Qaeda attacks on the World Trade Center and the Pentagon.

With stakes such as those, there was no capability the NSA believed it should leave on the table. The agency followed orders from President George W. Bush to begin domestic collection without authority from Congress and the courts. When the NSA won those authorities later, some of them under secret interpretations of laws passed by Congress between 2007 and 2012, the Obama administration went further still.

Using PRISM, the cover name for collection of user data from Google, Yahoo, Microsoft, Apple and five other U.S.-based companies, the NSA could obtain all communications to or from any specified target. The companies had no choice but to comply with the government’s request for data.

But the NSA could not use PRISM, which was overseen once a year by the surveillance court, for the collection of virtually all data handled by those companies. To widen its access, it teamed up with its British counterpart, Government Communications Headquarters, or GCHQ, to break into the private fiber-optic links that connected Google and Yahoo data centers around the world.

That operation, which used the cover name MUSCULAR, tapped into U.S. company data from outside U.S. territory. The NSA, therefore, believed it did not need permission from Congress or judicial oversight. Data from hundreds of millions of U.S. accounts flowed over those Google and Yahoo links, but classified rules allowed the NSA to presume that data ingested overseas belonged to foreigners.

Disclosure of the MUSCULAR project enraged and galvanized U.S. technology executives. They believed the NSA had lawful access to their front doors — and had broken down the back doors anyway.

Microsoft general counsel Brad Smith took to his company’s blog and called the NSA an “advanced persistent threat” — the worst of all fighting words in U.S. cybersecurity circles, generally reserved for Chinese state-sponsored hackers and sophisticated criminal enterprises.

Facebooktwittermail