XKEYSCORE: NSA’s Google for the world’s private communications

The Intercept reports: One of the National Security Agency’s most powerful tools of mass surveillance makes tracking someone’s Internet usage as easy as entering an email address, and provides no built-in technology to prevent abuse. Today, The Intercept is publishing 48 top-secret and other classified documents about XKEYSCORE dated up to 2013, which shed new light on the breadth, depth and functionality of this critical spy system — one of the largest releases yet of documents provided by NSA whistleblower Edward Snowden.

The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers. [Continue reading…]

facebooktwittermail

Constructing a cyber superpower

DefenseNews reports: The site of an Army golf course named for US President Dwight Eisenhower, one long drive from the National Security Agency, is an active construction site, the future of US military cyber.

Where there were once bunkers, greens and tees is a large gray building due to become an NSA-run 600,000-square-foot, state-of-the-art server farm, a skeletal structure that will one day house US Cyber Command’s joint operations center, with plots reserved for individual Marine Corps and Navy cyber facilities.

The plans reflect the growth in ambition, manpower and resources for the five-year-old US Cyber Command. One measure of this rapid expansion is the command’s budget — $120 million at its inception in 2010 rising to $509 million for 2015.

Another measure is the $1.8 billion in construction at Fort Meade, much of it related to Cyber Command. Though Cyber Command’s service components and tactical teams are spread across the country, the headquarters for Cyber Command, the NSA and Defense Information Systems Agency make Fort Meade a growing hub for military cyber.

Earlier this year, Defense Secretary Ash Carter announced a new cyber strategy that acknowledges in the strongest terms that the Pentagon may wage offensive cyber warfare. The strategy emphasizes deterrence and sets up a reliance on the commercial technology sector, hinging on a push to strengthen ties between Silicon Valley and the Pentagon. [Continue reading…]

facebooktwittermail

France denounces revelations of spying by NSA

The New York Times reports: The French government on Wednesday reacted angrily to revelations about extensive eavesdropping by the United States government on the private conversations of senior French leaders, including three presidents and dozens of senior government figures.

President François Hollande called an emergency meeting of the Defense Council on Wednesday morning to discuss the revelations published by the French news website Mediapart and the left-leaning newspaper Libération about spying by the National Security Agency.

He spoke with President Obama on Wednesday afternoon and made clear “the principles that must govern relations between allies on intelligence matters,” the Élysée Palace said in a statement, adding that senior French intelligence officials would soon travel to the United States for discussions. [Continue reading…]

facebooktwittermail

FISA Court skips talking to privacy advocates

National Journal reports: The secretive court that oversees U.S. spying programs selected to not consult a panel of privacy advocates in its first decision made since the enactment earlier this month of major surveillance reform, according to an opinion declassified Friday.

The Foreign Intelligence Surveillance Court opted to forgo appointing a so-called “amicus” of privacy advocates as it considered whether the USA Freedom Act could reinstate spying provisions of the Patriot Act even though they expired on June 1 amid an impasse in the Senate.

The Court ruled that the Freedom Act’s language — which will restore the National Security Agency’s bulk collection of U.S. call data for six months before transitioning to a more limited program — could revive those lapsed provisions, but in assessing that narrow legal question, Judge Dennis Saylor concluded that the Court did not first need confer with a privacy panel as proscribed under the reform law. [Continue reading…]

facebooktwittermail

Snowden leak: Governments’ hostile reaction fuelled public’s distrust of spies

The Guardian reports: The hostile reaction of the British and US governments to the Snowden disclosures of mass surveillance only served to heighten public suspicion of the work of the intelligence agencies, according to an international conference of senior intelligence and security figures.

The recently published official account of a Ditchley Foundation conference last month says one of the event’s main conclusions was that greater transparency about the activities and capabilities of the security services would be essential if their credibility was to be preserved and enhanced around the world.

The account of the conference chaired by Sir John Scarlett, the former head of MI6, was published on Friday and makes clear the foundation recognised the widespread public unease following the revelations and that the conditions of data collection about individuals and who has access to it are legitimate areas of concern. [Continue reading…]

facebooktwittermail

Snowden’s files and the files Snowden took: Is Glenn Greenwald playing dumb?

An article in Britain’s Sunday Times this weekend, claimed: “Russia and China have cracked the top-secret cache of files stolen by the fugitive US whistleblower Edward Snowden, forcing MI6 to pull agents out of live operations in hostile countries, according to senior officials in Downing Street, the Home Office and the security services.”

Glenn Greenwald writes:

The government accusers behind this story have a big obstacle to overcome: namely, Snowden has said unequivocally that when he left Hong Kong, he took no files with him, having given them to the journalists with whom he worked, and then destroying his copy precisely so that it wouldn’t be vulnerable as he traveled. How, then, could Russia have obtained Snowden’s files as the story claims — “his documents were encrypted but they weren’t completely secure ” — if he did not even have physical possession of them?

The only way this smear works is if they claim Snowden lied, and that he did in fact have files with him after he left Hong Kong.

In fact, the article says nothing about how the files were allegedly obtained by Russian and China, while Greenwald claims the only way they could have been accessed would be directly from Snowden.

Yet in 2013, Greenwald told the Daily Beast that Snowden “has taken extreme precautions to make sure many different people around the world have these archives to insure the stories will inevitably be published.”

So aside from Snowden himself (who if taken at his word, no longer possesses the files) there many different people (we don’t know how many or who they all are) who also have or had the files.

Are we to assume that each and every one of them is an unfailing master of digital security and these files could never have been obtained by a third party?

In a world where a data security company like Kaspersky can get hacked, I wouldn’t put it outside the realms of possibility that by some means or other, Russia and/or China might have gained access to the files Snowden took.

There are, however, several reasons to question this report — not because it came from anonymous sources, or necessitates believing the Snowden has lied — but because had these sources been able to substantiate their claims with credible evidence, they would most likely have turned to a better newspaper.

facebooktwittermail

UK under pressure to respond to latest Edward Snowden claims

The Guardian reports: Downing Street and the Home Office are being challenged to answer in public claims that Russia and China have broken into the secret cache of Edward Snowden files and that British agents have had to be withdrawn from live operations as a consequence.

The reports first appeared in the Sunday Times, which quoted anonymous senior officials in No 10, the Home Office and security services. The BBC also quoted an anonymous senior government source, who said agents had to be moved because Moscow gained access to classified information that reveals how they operate.

Privacy campaigners questioned the timing of the report, coming days after a 373-page report by the independent reviewer of terrorism legislation, David Anderson QC, which was commissioned by David Cameron. Anderson was highly critical of the existing system of oversight of the surveillance agencies and set out a series of recommendations for reform. [Continue reading…]

facebooktwittermail

GCHQ continues to use data techniques outlawed in U.S., say campaigners

The Guardian reports: GCHQ, the Cheltenham-based monitoring agency, is collecting “bulk personal datasets” from millions of people’s phone and internet records using techniques now banned in the US, according to Privacy International.

In a fresh legal claim filed at the Investigatory Powers Tribunal (IPT), the campaign group calls for an end to the harvesting of information about those who have no ties to terrorism and are not suspected of any crime.

The IPT is the judicial body that hears complaints about the intelligence services and surveillance by public organisations. The tribunal has received dozens of submissions in the wake of Edward Snowden’s revelations about interception of internet traffic by the US National Security Agency (NSA) and Britain’s GCHQ. [Continue reading…]

facebooktwittermail

The world says no to surveillance

Edward Snowden writes: Two years ago today, three journalists and I worked nervously in a Hong Kong hotel room, waiting to see how the world would react to the revelation that the National Security Agency had been making records of nearly every phone call in the United States. In the days that followed, those journalists and others published documents revealing that democratic governments had been monitoring the private activities of ordinary citizens who had done nothing wrong.

Within days, the United States government responded by bringing charges against me under World War I-era espionage laws. The journalists were advised by lawyers that they risked arrest or subpoena if they returned to the United States. Politicians raced to condemn our efforts as un-American, even treasonous.

Privately, there were moments when I worried that we might have put our privileged lives at risk for nothing — that the public would react with indifference, or practiced cynicism, to the revelations.

Never have I been so grateful to have been so wrong. [Continue reading…]

facebooktwittermail

NSA bill barely touches the agency’s vast powers

The Associated Press reports: The surveillance law enacted this week stands as the most significant curb on the government’s investigative authorities since the 1970s. But it’s practically inconsequential in the universe of the National Security Agency’s vast digital spying operations, a technical overhaul of a marginal counterterrorism program that some NSA officials wanted to jettison anyway.

After a six-month transition, the new law will end the NSA’s bulk collection of Americans’ phone records, moving instead to a system of case-by-case searches of records held by phone companies.

The existence of the program, in place since shortly after the attacks of Sept. 11, 2001, was perhaps the most startling secret revealed by former NSA contractor Edward Snowden, because it so directly affected the privacy of Americans. It was the first Snowden disclosure published by the journalists with whom he shared documents, and it landed with a thunderclap.

But in the two years since Snowden took up exile in Russia to avoid prosecution in the U.S., his documents have fueled dozens of revelations of NSA surveillance operations, disclosing how the agency seeks to exploit Internet communications. None of those programs are affected by the law President Barack Obama signed Tuesday night. [Continue reading…]

facebooktwittermail

New Snowden documents reveal secret memos expanding spying

By Julia Angwin and Jeff Larson, ProPublica, Charlie Savage, the New York Times, and Henrik Moltke, special to ProPublica, June 4, 2015

This story was co-published with the New York Times.

Without public notice or debate, the Obama administration has expanded the National Security Agency’s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified NSA documents.

In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad 2014 including traffic that flows to suspicious Internet addresses or contains malware, the documents show.

The Justice Department allowed the agency to monitor only addresses and “cybersignatures” 2014 patterns associated with computer intrusions 2014 that it could tie to foreign governments. But the documents also note that the NSA sought to target hackers even when it could not establish any links to foreign powers.

The disclosures, based on documents provided by Edward J. Snowden, the former NSA contractor, and shared with the New York Times and ProPublica, come at a time of unprecedented cyberattacks on American financial institutions, businesses and government agencies, but also of greater scrutiny of secret legal justifications for broader government surveillance.

While the Senate passed legislation this week limiting some of the NSA’s authority, it involved provisions in the U.S.A. Patriot Act and did not apply to the warrantless wiretapping program.

[Read more…]

facebooktwittermail

U.S. phone companies escape new data storage mandate in surveillance bill

Reuters: The U.S. government will rely on phone companies to keep data on customers once the USA Freedom Act is signed into law, but the bill avoids companies’ main concern: it does not force them to change how they collect and store data.

The bill, passed by the Senate late on Tuesday and expected to be signed into law by President Barack Obama, stops the government’s practice of routinely scooping up telephone metadata — dialed numbers and call lengths but not the content — from companies in bulk.

Instead, the National Security Agency and others in the U.S. intelligence community would have to request more targeted data from companies with a court order.

facebooktwittermail

New dawn of freedom in America

The day millions of Americans have been eagerly awaiting — they can once again enjoy their lost freedoms:

The New York Times reports: For the first time since the aftermath of the terrorist attacks of Sept. 11, 2001, Americans will again be free to place phone calls — to friends, lovers, business associates, political groups, doctors and pizza restaurants — without having logs of those contacts vacuumed up in bulk by the National Security Agency.

And for the first time in nearly 14 years, if government agents identify new phone numbers that they suspect are linked to terrorism, they will have to subpoena phone companies for associated calling records and wait for the response to see if anyone in the United States has been in contact with that number. The N.S.A. can no longer simply query its database for the information.

This unusual situation may last only a few days, until Congress can reach an accommodation over three counterterrorism laws that expired at 12:01 a.m. Monday.

Nonetheless, the fact that Congress allowed the laws to lapse — the most important of them is the purported legal basis for the bulk records collection program — is an extraordinary moment in the story of the tensions between post-9/11 policies and privacy rights. It has led to heated warnings in the political realm about exposing the country to heightened risk of attack.

A few hours before the Senate convened on Sunday, John O. Brennan, the C.I.A. director, warned on the CBS program “Face the Nation” that if lawmakers let those laws lapse, the F.B.I. would “not have the ability then to track these various elements that we are looking at who are trying to carry out attacks here in the homeland.”

But interviews with law enforcement and intelligence officials about what they will do in the interim suggest there are multiple workarounds to the gap.

One of the expired laws permitted wiretap orders of “lone wolf” terrorism suspects who are not part of a foreign group, a provision that has apparently never been used. A second permitted “roving” wiretap orders that follow suspects who change phones, a provision that apparently has been used only rarely.

The third permitted court orders requiring businesses to turn over records that are relevant to a national security investigation, the provision known as Section 215 of the Patriot Act. In addition to the bulk phone records program, the F.B.I. used Section 215 about 160 times last year to obtain particular business records, like suspects’ Internet activity logs.

All three of the expired laws contained a so-called grandfather clause that permits their authority to continue indefinitely for any investigation that had begun before June 1.

Law enforcement officials have made it clear that the F.B.I. has long-running, open-ended “enterprise” investigations into groups that pose a threat to public safety, like Al Qaeda. A senior intelligence official recently told The New York Times that the administration was open to invoking the grandfather clause to get the records if a need arose during any lapse. [Continue reading…]

facebooktwittermail

Rand Paul vows to force expiration of Patriot Act

The Washington Post reports: Sen. Rand Paul (R-Ky.) vowed that he would force the Patriot Act to expire Sunday when the Senate reconvenes after not taking action last week to extend or replace a controversial surveillance program.

“Tomorrow, I will force the expiration of the NSA illegal spy program,” the Republican presidential candidate said in a statement, which was first reported by Politico.

The Senate will convene a rare Sunday session after it rejected a compromise bill on bulk surveillance by the National Security Agency last week. The bill would prohibit the government from engaging in the mass collection of phone records, but would leave those records in the hands of private telephone companies, which would keep them for 18 months. The Sunday session will take place hours before the Patriot Act expires.

Paul said Saturday that he would disrupt efforts to extend the Patriot Act or green light the compromise bill, known as the USA Freedom Act.

“I am ready and willing to start the debate on how we fight terrorism without giving up our liberty,” Paul said in the statement. “Sometimes when the problem is big enough, you just have to start over.”

Paul plans to prevent Senate Majority Leader Mitch McConnell (R-Ky.) from expediting debate on the USA Freedom Act. Even if a vast majority of senators agree to extend some version of the Patriot Act, Senate rules would allow Paul to force about five days of debate over the issue, which would lead to a temporary halt to some techniques used by the nation’s spy agencies. [Continue reading…]

facebooktwittermail

Spot the difference: Being or not being subject to mass surveillance

On Sunday night, at the stroke of midnight, will a shroud of fear be lifted from freedom-loving Americans?

Let’s assume that a last minute deal isn’t reached in Congress and the surveillance powers of the Patriot Act are indeed allowed to expire.

This might not amount to the kind of statutory protection of privacy that critics of the NSA have hoped for, and yet physically pulling the plug on the actual mechanisms of mass surveillance will highlight the difference between living in a world where all our information gets sucked into data warehouses and a world in which it remains a tad more secure under a blanket in the Cloud — or wherever else we’ve chosen to keep it hidden.

Of course, a lot of people won’t believe the plug got pulled — certainly not at a moment when they believe the Federal government is about to impose martial law in Texas — and so the reported suspension of surveillance will more likely reinforce their paranoia.

But for those who believe that a measure of freedom lost has been reclaimed — at least for now — how will that freedom be enjoyed?

That’s where I draw a blank.

I’ve seen the polls in which some people say that NSA surveillance has changed how they use email and made them inclined to censor themselves and yet I’ve always been baffled by these reactions.

Most NSA critics who have studied the issue are acutely aware that mass surveillance is virtually useless for gathering information about terrorism, so how exactly might it accumulate useful information about you or me?

From Sunday to Monday, we will cross over from a world in which we are watched but unseen, into a world in which we will remain unseen. If that seems like a profound transition, I’d say your fixation on personal freedom has become a distraction from much more serious issues that truly shape our world.

There are plenty of good reasons to be opposed to mass surveillance — including the principle that no democratic government should claim the right to spy on its own citizens. But we have less reason to be concerned about intrusions on our privacy than that over-funded intelligence agencies have exploited public fear and manipulated Congress in order to create programs of negligible value.

If mass surveillance is about to quietly die, maybe the lesson that can be drawn is that the threat it supposedly posed and the need it supposedly met, were both wildly overstated.

The NSA’s appetite to gather information has always exceeded its capacity to use it, but the same cannot be said for Google or Facebook. The NSA never was and never could become more than a flea on the back of a digital infrastructure that primarily serves Silicon Valley.

Most of the information that is being gathered about each and every one of us is not being swept up in secret but dished out freely down what we have come to regard as lifelines connecting us to the world.

Rather than being subject to unwanted surveillance, we are far more subject to networks of dependence which affect what we want, what we expect, and how we live.

Big Brother is less inclined to breath down our neck than hold our hand. And if the grip feels too tight it’s because we’re afraid of letting go.

facebooktwittermail

Reality checks in debate over surveillance laws

Charlie Savage reports: As the Senate moves closer to a Sunday night showdown over whether it will let Patriot Act surveillance powers expire on Monday, supporters and critics of how the government has used those authorities have been using increasingly alarming language.

But there is little evidence in the history of the expiring laws — including the one that the government uses to justify the once-secret National Security Agency program that vacuums up Americans’ phone records in bulk — to support the arguments that either side is making.

Republican senators who want to keep the program are warning that any lapse in “this critical tool would lead to attacks on the United States,” as Senator Tom Cotton, Republican of Arkansas, recently put it. Yet throughout the program’s existence, it has never thwarted a terrorist attack, studies and testimony show.

At the same time, proponents of ending the program say it poses risks to Americans’ private lives, by permitting the government to know who has been calling psychiatrists or political groups, for example. But despite the discovery of technical violations of the rules several years ago, no evidence has emerged that the program has been misused for political or personal gain. As a result, the privacy-minded critics have had to couch their warnings in hypothetical terms. [Continue reading…]

facebooktwittermail

Inside NSA, officials privately criticize ‘collect it all’ surveillance

Peter Maass writes: As members of Congress struggle to agree on which surveillance programs to re-authorize before the Patriot Act expires, they might consider the unusual advice of an intelligence analyst at the National Security Agency who warned about the danger of collecting too much data. Imagine, the analyst wrote in a leaked document, that you are standing in a shopping aisle trying to decide between jam, jelly or fruit spread, which size, sugar-free or not, generic or Smucker’s. It can be paralyzing.

“We in the agency are at risk of a similar, collective paralysis in the face of a dizzying array of choices every single day,” the analyst wrote in 2011. “’Analysis paralysis’ isn’t only a cute rhyme. It’s the term for what happens when you spend so much time analyzing a situation that you ultimately stymie any outcome …. It’s what happens in SIGINT [signals intelligence] when we have access to endless possibilities, but we struggle to prioritize, narrow, and exploit the best ones.”

The document is one of about a dozen in which NSA intelligence experts express concerns usually heard from the agency’s critics: that the U.S. government’s “collect it all” strategy can undermine the effort to fight terrorism. The documents, provided to The Intercept by NSA whistleblower Edward Snowden, appear to contradict years of statements from senior officials who have claimed that pervasive surveillance of global communications helps the government identify terrorists before they strike or quickly find them after an attack.

The Patriot Act, portions of which expire on Sunday, has been used since 2001 to conduct a number of dragnet surveillance programs, including the bulk collection of phone metadata from American companies. But the documents suggest that analysts at the NSA have drowned in data since 9/11, making it more difficult for them to find the real threats. The titles of the documents capture their overall message: “Data Is Not Intelligence,” “The Fallacies Behind the Scenes,” “Cognitive Overflow?” “Summit Fever” and “In Praise of Not Knowing.” Other titles include “Dealing With a ‘Tsunami’ of Intercept” and “Overcome by Overload?” [Continue reading…]

facebooktwittermail

Switzerland to probe claims it was spied on by NSA and Germany’s BND

IntelNews: The office of the Swiss Federal Prosecutor has launched an investigation into claims that the country’s largest telecommunications provider was spied on by a consortium of German and American intelligence agencies. The spy project was reportedly a secret collaboration between Germany’s BND (Bundesnachrichtendienst) and America’s National Security Agency (NSA). According to Austrian politician Peter Pilz, who made the allegations on Wednesday, the BND-NSA collaboration was codenamed EIKONAL and was active from 2005 to 2008. Speaking during a press conference in Bern, Switzerland, Pilz said many European phone carriers and Internet service providers were targeted by the two agencies.

Among EIKONAL’s targets, said Pilz, was Swisscom AG, Switzerland’s largest telecommunications provider and one of the successor companies to the country’s national carrier, the PTT (short for Post, Telegraph, Telephone). The government of Switzerland still retains a majority of Swisscom shares, which makes the Bern-based company the closest thing Switzerland has to a national telecommunications carrier. Under the EIKONAL agreement, the BND accessed Swisscom traffic through an interception center based in Frankfurt, Germany. From there, said Pilz, the intercepted data was transferred to a BND facility in Bad Aibling to be entered into NSA’s systems. Pilz shared numerous documents at the press conference, among them a list of key transmission lines that included nine Swisscom lines originating from Zurich and Geneva.

facebooktwittermail