Yochai Benkler writes: On Tuesday, the Foreign Intelligence Surveillance Court (FISC) declassified an opinion in which it explained why the government’s collection of records of all Americans’ phone calls is constitutional, and that if there is a problem with the program, it is a matter of political judgment, not constitutional law. So, should Americans just keep calm and carry on phoning? Not really.

Instead, we should worry about a court that, lacking a real adversarial process to inform it, failed while taking its best shot at explaining its position to the public to address the most basic, widely-known counter-argument to its position. The opinion does not even mention last year’s unanimous US supreme court decision on the fourth amendment and GPS tracking, a decision in which all three opinions include strong language that may render the NSA’s phone records collection program unconstitutional. No court that had been briefed by both sides would have ignored the grave constitutional issues raised by the three opinions of Justices Scalia, Sotomayor, and Alito in United States v Jones. And no opinion that fails to consider these should calm anyone down.

The newly-released FISC opinion, the first to opine on the legality of the phone metadata collection program since the Snowden leaks brought the program to national attention, is based on two straightforward points.

First, in 1979, the supreme court held in Smith v Maryland that using “pen registers” that record what number called what other number, when, and for how long, did not violate the fourth amendment. The court in Smith reasoned that individuals have no expectation of privacy in information they knowingly hand over to the phone company. The FISC reasoned that even though the NSA metadata program collected more information than the program the supreme court upheld 35 years ago, the details did not make a constitutional difference. Individuals have no fourth amendment rights in their phone call metadata.

The second component of the FISC argument was that “grouping together a large number of individuals”, no single one of whom has “a fourth amendment interest”, “cannot result in a fourth amendment interest springing into existence ex nihilo”. Adding up many zeros doesn’t create a positive value; bulk collection of unprotected materials over a sustained period of years raises no special constitutional considerations.

Standing on its own, this logic may seem persuasive. But only until you think about how last year’s Jones decision by the supreme court destabilizes this logic. [Continue reading…]

An editorial in the New York Times says: In 2006, a federal agency, the National Institute of Standards and Technology, helped build an international encryption system to help countries and industries fend off computer hacking and theft. Unbeknown to the many users of the system, a different government arm, the National Security Agency, secretly inserted a “back door” into the system that allowed federal spies to crack open any data that was encoded using its technology.

Documents leaked by Edward Snowden, the former N.S.A. contractor, make clear that the agency has never met an encryption system that it has not tried to penetrate. And it frequently tries to take the easy way out. Because modern cryptography can be so hard to break, even using the brute force of the agency’s powerful supercomputers, the agency prefers to collaborate with big software companies and cipher authors, getting hidden access built right into their systems.

The New York Times, The Guardian and ProPublica recently reported that the agency now has access to the codes that protect commerce and banking systems, trade secrets and medical records, and everyone’s e-mail and Internet chat messages, including virtual private networks. In some cases, the agency pressured companies to give it access; as The Guardian reported earlier this year, Microsoft provided access to Hotmail, Outlook.com, SkyDrive and Skype. According to some of the Snowden documents given to Der Spiegel, the N.S.A. also has access to the encryption protecting data on iPhones, Android and BlackBerry phones.

These back doors and special access routes are a terrible idea, another example of the intelligence community’s overreach. Companies and individuals are increasingly putting their most confidential data on cloud storage services, and need to rely on assurances their data will be secure. Knowing that encryption has been deliberately weakened will undermine confidence in these systems and interfere with commerce.

The back doors also strip away the expectations of privacy that individuals, businesses and governments have in ordinary communications. If back doors are built into systems by the N.S.A., who is to say that other countries’ spy agencies — or hackers, pirates and terrorists — won’t discover and exploit them?

The government can get a warrant and break into the communications or data of any individual or company suspected of breaking the law. But crippling everyone’s ability to use encryption is going too far, just as the N.S.A. has exceeded its boundaries in collecting everyone’s phone records rather than limiting its focus to actual suspects.

Representative Rush Holt, Democrat of New Jersey, has introduced a bill that would, among other provisions, bar the government from requiring software makers to insert built-in ways to bypass encryption. It deserves full Congressional support. In the meantime, several Internet companies, including Google and Facebook, are building encryption systems that will be much more difficult for the N.S.A. to penetrate, forced to assure their customers that they are not a secret partner with the dark side of their own government.

Simon Jenkins writes: The Brazilian president cancels a state visit to Washington. The German justice minister talks of “a Hollywood nightmare“. His chancellor, Angela Merkel, ponders offering Edward Snowden asylum. The EU may even end the “safe harbour” directive which would force US-based computer servers to relocate to European regulation. Russians and Chinese, so often accused of cyber-espionage, hop with glee.

In response, an embarrassed Barack Obama pleads for debate and a review of the Patriot Acts. Al Gore refers to the Snowden revelations as “obscenely outrageous“. The rightwing John McCain declares a review “entirely appropriate“. The Senate holds public hearings and summons security chiefs, who squirm like mafia bosses on the run. America’s once dominant internet giants, with 80% of the globe under their sway, now face “Balkanised” regulation round the world as nation states seek to repatriate digital sovereignty.

And in Britain? Nothing. From parliament, the courts, and most of the media, nothing. Snowden, the most significant whistleblower of modern times, briefly amused London when he turned scarlet pimpernel in the summer; then the capital was intrigued when David Miranda was seized by Heathrow police on bogus “terrorism” charges. But the British establishment cannot get excited. It hates whistleblowers, regarding them as not proper chaps. [Continue reading…]

Phys.org: Brazil plans to divorce itself from the U.S.-centric Internet over Washington’s widespread online spying, a move that many experts fear will be a potentially dangerous first step toward fracturing a global network built with minimal interference by governments.

President Dilma Rousseff ordered a series of measures aimed at greater Brazilian online independence and security following revelations that the U.S. National Security Agency intercepted her communications, hacked into the state-owned Petrobras oil company’s network and spied on Brazilians who entrusted their personal data to U.S. tech companies such as Facebook and Google.

The leader is so angered by the espionage that on Tuesday she postponed next month’s scheduled trip to Washington, where she was to be honored with a state dinner.

Internet security and policy experts say the Brazilian government’s reaction to information leaked by former NSA contractor Edward Snowden is understandable, but warn it could set the Internet on a course of Balkanization.

“The global backlash is only beginning and will get far more severe in coming months,” said Sascha Meinrath, director of the Open Technology Institute at the Washington-based New America Foundation think tank. “This notion of national privacy sovereignty is going to be an increasingly salient issue around the globe.”

While Brazil isn’t proposing to bar its citizens from U.S.-based Web services, it wants their data to be stored locally as the nation assumes greater control over Brazilians’ Internet use to protect them from NSA snooping.

The danger of mandating that kind of geographic isolation, Meinrath said, is that it could render inoperable popular software applications and services and endanger the Internet’s open, interconnected structure. [Continue reading…]

The Guardian reports: No telecommunications company has ever challenged the secretive Foreign Intelligence Surveillance court’s orders for bulk phone records under the Patriot Act, the court revealed on Tuesday.

The secretive Fisa court’s disclosure came inside a declassification of its legal reasoning justifying the National Security Agency’s ongoing bulk collection of Americans’ phone records.

Citing the “unprecedented disclosures” and the “ongoing public interest in this program”, Judge Claire V Eagan on 29 August not only approved the Obama administration’s request for the bulk collection of data from an unidentified telecommunications firm, but ordered it declassified. Eagan wrote that despite the “lower threshold” for government bulk surveillance under Section 215 of the Patriot Act compared to other laws, the telephone companies who have received Fisa court orders for mass customer data have not challenged the law.

“To date, no holder of records who has received an Order to produce bulk telephony metadata has challenged the legality of such an Order,” Eagan wrote. “Indeed, no recipient of any Section 215 Order has challenged the legality of such an order, despite the mechanism for doing so.”

That complicity has not been total. Before the Bush administration moved the bulk phone records collection under the authority of the Fisa court, around 2006, Qwest Communications refused to participate in the effort. [Continue reading…]

Der Spiegel reports: The United States’ NSA intelligence agency is interested in international payments processed by companies including Visa, SPIEGEL has learned. It has even set up its own financial database to track money flows through a “tailored access operations” division.

The National Security Agency (NSA) widely monitors international payments, banking and credit card transactions, according to documents seen by SPIEGEL.

The information from the American foreign intelligence agency, acquired by former NSA contractor and whistleblower Edward Snowden, show that the spying is conducted by a branch called “Follow the Money” (FTM). The collected information then flows into the NSA’s own financial databank, called “Tracfin,” which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions.

Further NSA documents from 2010 show that the NSA also targets the transactions of customers of large credit card companies like VISA for surveillance. NSA analysts at an internal conference that year described in detail how they had apparently successfully searched through the US company’s complex transaction network for tapping possibilities.

Their aim was to gain access to transactions by VISA customers in Europe, the Middle East and Africa, according to one presentation. The goal was to “collect, parse and ingest transactional data for priority credit card associations, focusing on priority geographic regions.” In response to a SPIEGEL inquiry, however, a VISA spokeswoman ruled out the possibility that data could be taken from company-run networks.

The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show. [Continue reading…]

Yochai Benkler writes: The spate of new NSA disclosures substantially raises the stakes of this debate. We now know that the intelligence establishment systematically undermines oversight by lying to both Congress and the courts. We know that the NSA infiltrates internet standard-setting processes to security protocols that make surveillance harder. We know that the NSA uses persuasion, subterfuge, and legal coercion to distort software and hardware product design by commercial companies.

We have learned that in pursuit of its bureaucratic mission to obtain signals intelligence in a pervasively networked world, the NSA has mounted a systematic campaign against the foundations of American power: constitutional checks and balances, technological leadership, and market entrepreneurship. The NSA scandal is no longer about privacy, or a particular violation of constitutional or legislative obligations. The American body politic is suffering a severe case of auto-immune disease: our defense system is attacking other critical systems of our body.

First, the lying. The National Intelligence University, based in Washington, DC, offers a certificate program called the denial and deception advanced studies program. That’s not a farcical sci-fi dystopia; it’s a real program about countering denial and deception by other countries. The repeated misrepresentations suggest that the intelligence establishment has come to see its civilian bosses as adversaries to be managed through denial and deception. [Continue reading…]