Sun4.jpg (8555 bytes)

NLPWESSEX, natural law publishing

nlpwessex.org

"I don't think in the last two or three hundred years we've faced such a concatenation
of  problems all at the same time.... If we are to solve the issues that are ahead of us,

we are going to need to think in completely different ways."

  Paddy Ashdown, High Representative for Bosnia and Herzegovina 2002 - 2006


SURVEILLANCE SOCIETY NEWS ARCHIVE 2014

Resources

** To Go Direct To Current Surveillance News Reports - Click Here **
**
To Go Direct To 2014 Surveillance News Reports - Click Here **

Home

Surveillance Society News Reports

Current

2015

2014

2013

2012

2011

2010

2009

2008

Selected News Extracts 2014

"Even if you power off your cell phone, the U.S. government can turn it back on. That's what ex-spy Edward Snowden revealed in last week's interview with NBC's Brian Williams. "
How the NSA can 'turn on' your phone remotely
CNN, 6 June 2014

"When it comes to communication [former US President Jimmy] Carter is evidently a man of his generation, shunning electronic devices for snail mail. He told [satirist Stephen] Colbert that he had recently written a letter to Pope Francis.... and steers clear of e-mail for fear of being monitored by the National Security Agency. The suggestion caused something of a stir in America and prompted a swift denial from the intelligence agency's director. Carter is yet to be convinced, noting that regulations controlling the Government's scope to spy on private communications had been significantly relaxed since he passed them. 'They are not monitoring me now but they record every message that you transmit in America - and probably in Great Britain as well - and later if they want to monitor that message they can do so,' he says."
Did the other presidents call?
London Times, Times2 Section, 9 April 2014, Print Edition, P6

".... in reality NSA has been collecting word for word 'content' of the American citizens. So that is something the NSA is lying about. And they've lied about the abuses in the past. NSA has targeted congress, they've targeted the Supreme Court. They've targeted top level generals and admirals. They've targeted the press and the media. And a whole bunch of other folks: lawyers and law firms. This was between 2002 and 2005 which I was witness to when I held that sort of information in my hand. NSA is not talking about that either.... The meat of the issue is the network to do this is still intact. So the capability exists. Even if you believe this President is the most benevolent in the world, what about the next President, and the one after that and the one after that, and the potential for abuse with future Presidents? When this system, this monster that we've set up, still exists, anyone down the line can use that monster to basically turn our country into a totalitarian police state. I mean 'all the way' police state. So in my opinion we have to kill this baby in the cradle right now. That means unplug all these nodes around the country and say we will not go after domestic communications, except when we have a warrant ... [against an] individual because we have 'probable cause' they've committed a crime.... Like Ben Franklin [one of the 'founding fathers' of the United States] said, if you're going to give up your freedom and liberty for security you deserve neither .... When I made my oath [of office] it was to make sure I protected the constitution of the United States 'against enemies both foreign and domestic'.... The agency I worked for [the NSA] is now an domestic enemy of our constitution. And it's just a horrific thing that's happened. It has to stop."
Russ Tice, former NSA official and whistleblower
(Interview following speech by President Barack Obama's on NSA 'reform')
NSA whistleblower: Obama reforms won't cage 'this monster'
Reuters, 17 January 2014

"A US official has acknowledged that the NSA likely scoops up data on congressional telephone communications but stopped short of saying whether such action extended to calls made by President Barack Obama. The tense exchange occurred on Tuesday during a hearing on the status of the administration's reforms of the bulk data collection programme exposed last year by former National Security Agency contractor Edward Snowden. "
NSA 'probably' collects US Congress telephone call data, official admits
Agence France Presse, 6 February 2014

"Director of Intelligence James Clapper now says the National Security Agency (NSA) should have been more open about the fact that they were spying on all Americans. I'm glad he said this. But there is no excuse for lying in the first place.  When Senator Ron Wyden (a Democrat from Oregon) asked Director Clapper during an intelligence hearing in March of last year if the NSA was collecting the data of millions of Americans, the director lied under oath and denied the charge."
US Senator, Rand Paul: The NSA is still violating our rights, despite what James Clapper says
Guardian, 20 February 2014

"This week, the Associated Press exposed a secret program run by the U.S. Agency for International Development to create 'a Twitter-like Cuban communications network' run through 'secret shell companies' in order to create the false appearance of being a privately owned operation. Unbeknownst to the service’s Cuban users was the fact that 'American contractors were gathering their private data in the hope that it might be used for political purposes'–specifically, to manipulate those users in order to foment dissent in Cuba and subvert its government. According to top-secret documents published today by The Intercept, this sort of operation is frequently discussed at western intelligence agencies, which have plotted ways to covertly use social media for 'propaganda,' 'deception,' 'mass messaging,' and 'pushing stories.' "
The 'Cuban Twitter' Scam Is a Drop in the Internet Propaganda Bucket
Intercept, 4 April 2014

"The NSA could bug 'anyone', from the president downwards, [Edward Snowden] said. In theory, the spy agency was supposed to collect only 'signals intelligence' on foreign targets. In practice this was a joke, Snowden told Greenwald: it was already hoovering up metadata from millions of Americans. Phone records, email headers, subject lines, seized without acknowledgment or consent. From this you could construct a complete electronic narrative of an individual's life: their friends, lovers, joys, sorrows.... What's more, pretty much all of Silicon Valley was involved with the NSA, Snowden said – Google, Microsoft, Facebook, even Steve Jobs's Apple. The NSA claimed it had 'direct access' to the tech giants' servers. It had even put secret back doors into online encryption software – used to make secure bank payments – weakening the system for everybody. The spy agencies had hijacked the internet. Snowden told Greenwald he didn't want to live in a world 'where everything that I say, everything that I do, everyone I talk to, every expression of love or friendship is recorded'....   The young technician explained that the spy agency was capable of turning a mobile phone into a microphone and tracking device... [Guardian journalist] MacAskill asked Snowden, almost as an afterthought, whether there was a UK role in this mass data collection. It didn't seem likely to him. MacAskill knew that GCHQ had a longstanding intelligence-sharing relationship with the US, but he was taken aback by Snowden's vehement response. 'GCHQ is worse than the NSA,' Snowden said. 'It's even more intrusive.'.'"
How Edward Snowden went from loyal NSA contractor to whistleblower
Guardian, 1 February 2014

"Top secret guidelines setting out how the security services have been instructed to spy on communications between lawyers and the clients have been published for the first time. Extracts of documents from MI5, MI6 and GCHQ were released as part of a legal action brought by lawyers from the campaigning charity Reprieve on behalf of two Libyan men. The papers, disclosed in a tribunal case, are controversial because communications between lawyers and their clients are covered by 'legal professional privilege', or LPP, meaning that law enforcement agencies are supposed to respect their privacy. But the guidelines indicate the security services have been targeting such communications – by interception methods thought to include telephone taps and e-mail surveillance – since at last October 2002. "
MI5 and GCHQ documents allow spying on lawyers
Telegraph, 6 November 2014

"Police forces in the UK are accessing people’s mobile call records without their knowledge or consent, The Times has reported. Police are exploiting loopholes in Britain’s surveillance laws to access people’s texts, voicemails, and emails. The report claims that British police can access communication information stored on a mobile device without a warrant, instead only needing a ‘production order’."
UK Police Exploits Loopholes in Law to Hack Mobile Phones
VPN Creative, 21 October 2015

"The UK authorities are operating a surveillance system where 'anything goes' and their interceptions are more intrusive to people’s privacy than has been seen in the US, Edward Snowden said. Speaking via Skype at the Observer Ideas festival, held in central London, the whistleblower and former National Security Agency specialist, said there were 'really no limits' to the GCHQ’s surveillance capabilities. He said: 'In the UK … is the system of regulation where anything goes. They collect everything that might be interesting. It’s up to the government to justify why it needs this. It’s not up to you to justify why it doesn’t … This is where the danger is, when we think about … evidence being gathered against us but we don’t have the opportunity to challenge that in courts. It undermines the entire system of justice.'"
Edward Snowden: state surveillance in Britain has no limits
Guardian, 12 October 2014

"The power to secretly create government propaganda is among the many hacking tools revealed in the latest batch of Edward Snowden documents. British spies can manipulate online polls -- or trick the world into thinking a video or web page is going viral.  A collection of hacking tools -- some of which are specifically suited to spreading disinformation -- were exposed in a leaked 2012 document provided by Snowden to The Intercept. "
Secret propaganda: British spies can manipulate polls
CNN, 15 July 2014

"It is tracking your every move – recording the exact time you left for work, where you bought your coffee and where you like to shop. But this isn’t a futuristic spy drone or some sinister Big Brother state – it’s the iPhone sitting in your pocket. Hidden in Apple phones is a function which logs every journey. The iPhones are then able to analyse the data to figure out where you live and work, basing decisions on the frequency and timing of trips. The function – called the Frequent Locations feature – was quietly introduced to iPhones a year ago. But since access to the programme is buried beneath five layers of settings menus, few people know it exists. Apple claims the data never leaves your phone without your permission, and that it was only designed to improve mapping services. But Professor Noel Sharkey, one of Britain’s leading computing experts, described Apple’s ability to track people as ‘terrifying’. ‘This is shocking,’ he said. ‘Every place you go, where you shop, where you have a drink – it is all recorded. This is a divorce lawyer’s dream. But what horrifies me is that it is so secret. Why did we not know about this?’ "
iPhone? It's a spyphone: Apple devices can record your every movement
Mail, 27 September 2014

"Every new car sold in Britain will have to have a ‘black box’ device fitted to track drivers’ movements from next year, under plans being imposed by the European Union.  Despite serious concerns about privacy and cost, UK ministers admit they are powerless to stop the Big Brother technology being forced on motorists and car makers...... Voluntary take-up has been low across the industry so the EU ruled all new car models must include eCall from October 1, 2015. Motorists will be unable to switch it off and it will be tested in MoT checks."
EU to bug every car in UK with tracker chips
Mail, 10 May 2014

"Britain's signals intelligence division is stealing screenshots from hundreds of thousands of innocent Yahoo users' webcam videos, according to the Guardian newspaper, which also reported that the years-long operation has swept up a huge haul of intimate photographs. The newspaper said GCHQ has been scooping up the sensitive images by intercepting video chats such as the kind offered by Yahoo Messenger, an effort codenamed OPTIC NERVE. It's not clear how many Yahoo users were spied on in this way. The Guardian said that in one six-month period in 2008, GCHQ intercepted the video communications of 1.8 million users, but it's possible that the program, which the Guardian says was still active in 2012, has either grown or shrunk in scope since then. The Guardian said the documents were provided by former U.S. intelligence worker Edward Snowden ......The Guardian said that OPTIC NERVE was intended at least in part to identify targets using automatic facial recognition software as they stared into their computer's webcams. But the stockpiling of sexually explicit images of ordinary people had uncomfortable echoes of George Orwell's 'Nineteen Eighty-Four,' where the authorities — operating under the aegis of 'Big Brother' — fit homes with cameras to monitor the intimate details of people's personal lives. 'At least Big Brother had the decency to install his own cameras,' British media lawyer David Banksy said in a message posted to Twitter after the revelations broke. 'We've had to buy them ourselves.' The collection of nude photographs also raises questions about potential for blackmail. America's National Security Agency has already acknowledged that some analysts have been caught trawling databases for inappropriate material on partners or love interests. Other leaked documents have revealed how U.S. and British intelligence discussed leaking embarrassing material online to blacken the reputations of their targets. GCHQ refused to answer a series of questions about OTPIC NERVE, instead returning the same boilerplate answer it has given to reporters for months."
Report: UK spies collect massive store of nude photos after intercepting Yahoo webcam service
Associated Press, 27 February 2014

"I would like to thank the European Parliament for the invitation to provide testimony for your inquiry into the Electronic Mass Surveillance of EU Citizens. The suspicionless surveillance programs of the NSA, GCHQ, and so many others that we learned about over the last year endanger a number of basic rights which, in aggregate, constitute the foundation of liberal societies. The first principle any inquiry must take into account is that despite extraordinary political pressure to do so, no western government has been able to present evidence showing that such programs are necessary. In the United States, the heads of our spying services once claimed that 54 terrorist attacks had been stopped by mass surveillance, but two independent White House reviews with access to the classified evidence on which this claim was founded concluded it was untrue, as did a Federal Court.... I know the good and the bad of these systems, and what they can and cannot do, and I am telling you that without getting out of my chair, I could have read the private communications of any member of this committee, as well as any ordinary citizen. I swear under penalty of perjury that this is true. These are not the capabilities in which free societies invest. Mass surveillance violates our rights, risks our safety, and threatens our way of life.... Whether we like it or not, the international norms of tomorrow are being constructed today, right now, by the work of bodies like this committee. If liberal states decide that the convenience of spies is more valuable than the rights of their citizens, the inevitable result will be states that are both less liberal and less safe.... For the record, I also repeat my willingness to provide testimony to the United States Congress, should they decide to consider the issue of unconstitutional mass surveillance."
Edward Snowden
Evidence to European Parliament, Published 8 March 2014



MORE SURVEILLANCE INFORMATION
SURVEILLANCE SOCIETY BULLETINS



Contact

'We Need A New Way Of Thinking' - Consciousness-Based Education


     

2014

"Regin, an advanced spyware program widely believed to have been developed by US and British intelligence agencies, was found on a USB stick belonging to an official in German Chancellor Angela Merkel's office, Berlin sources say. Sources said the incident occurred months ago and said that the hackers involved could not be identified. Dr Merkel's spokeswoman declined to confirm that a cyber-attack had occurred. The malware was discovered after a mid-level official in the European policy section of the chancellery reportedly took home a document on her USB flash drive to read on her private laptop. When she later inserted the USB drive into her chancellery computer, an anti-virus alert came up. ...The mass-circulation newspaper Bild said the document taken home by the woman was the manuscript of a planned Merkel speech on European Union strategy, not a major secret since the chancellor was going to give the talk in public. Bild said all of the 200 high-security laptops used in Dr Merkel's office were inspected after the incident, but Germany's cybersecurity agency, the BSI, which often advises the German public on how to fight snoopers, could not find any other affected machine."
US spyware 'on USB stick of Merkel aide'
DPA, 30 December 2014

"National Security Agency document published this week by the German news magazine Der Spiegel from the trove provided by former NSA contractor Edward Snowden shows that the agency had full access to voice, video, text messaging, and file sharing from targeted individuals over Microsoft’s Skype service. The access, mandated by a Foreign Intelligence Surveillance Court warrant, was part of the NSA’s PRISM program and allowed 'sustained Skype collection' in real time from specific users identified by their Skype user names. The nature of the Skype data collection was spelled out in an NSA document dated August 2012 entitled 'User’s Guide for PRISM Skype Collection.' The document details how to 'task' the capture of voice communications from Skype by NSA’s NUCLEON system, which allows for text searches against captured voice communications. It also discusses how to find text chat and other data sent between clients in NSA’s PINWALE 'digital network intelligence' database. The full capture of voice traffic began in February of 2011 for 'Skype in' and 'Skype out' calls between a Skype user and a land line or cellphone through a gateway to the public switched telephone network (PSTN), captured through warranted taps into Microsoft’s gateways. But in July of 2011, the NSA added the capability of capturing peer-to-peer Skype communications meaning that the NSA gained the ability to capture peer-to-peer traffic and decrypt it using keys provided by Microsoft through the PRISM warrant request."
Newly published NSA documents show agency could grab all Skype traffic
Arstechnica, 30 December 2014

"Over the weekend, German news outlet Spiegel published a story about the NSA’s ability to crack encrypted forms of communication, exposing the agency’s routine interception of SSL/TLS, which are used by web servers to transmit sensitive information. The report also exposed the fact that the agency has the ability to decrypt a virtual private network. But perhaps more significantly, the revelations culled from the trove of documents leaked by Edward Snowden show the forms of encryption the NSA struggled to break (at least at the time of the documents in 2012). That list includes PGP, Tor, CSpace, OTR and ZRTP. The combination of good news and bad news garnered contradictory coverage, with The Verge highlighting the networks the NSA can’t break, and Slashdot leading with 'Snowden Documents Show How Well NSA Codebreakers Can Pry.' Overall the report was reassuring. Many of the forms of added encryption measures those concerned about security have taken in the 18 months since the Snowden documents became public are effective. For example, the documents show that communications protected by ZRTP (the type of encryption RedPhone uses) block the NSA. 'It’s satisfying to know that the NSA considers encrypted communication from our apps to be truly opaque,' RedPhone developer Moxie Marlinspike told Spiegel. Although the scope of the interceptions on SSL and VPN connections are concerning, many assumed the agency possessed this capability previously. The trove released by Spiegel shows the specific tools the agency used to go about this. The Spiegel report has prompted backlash in the information security community, with some saying it sensationalizes the NSA’s ability to access information on VPN connections. According to Spiegel, the NSA operates 'a large-scale VPN exploitation project to crack large numbers of connections, allowing it to intercept data inside the VPN including, for example, the Greek government’s use of VPNs.' This is a very concerning revelation, considering the high number of companies and governments that utilize VPNs to allow users to access their networks anywhere in the world. But No Hats, a security specialists blog, says if you properly configure your VPN, you’re not affected. According to the blog’s comprehensive breakdown of the NSA slides that Spiegel based its reporting on, properly configured IPsec based VPNs are okay. Another alarming statistic from the article is the number of https connections, the type of secure connections used by sites like Facebook, that the agency intercepts. One document showed that by late 2012, the NSA was cracking 10 million such connections a day. Much of the Spiegel article discusses a conflict of interest that the NSA faces: It is charged with recommending security standards, yet it is constantly attempting to break the very security standards it recommends. At first glance these claims seem to point to the very hypocrisy we are reminded of time and again as more is exposed about the American surveillance state. Privacy advocates widely agree that communications vulnerable to law enforcement agencies are also at risk for all kinds of cyber threats, from criminals attempting to steal identities to hacks of foreign governments. It seems counterintuitive that the NSA would be responsible for creating standards it only wants to break, especially when American law enforcement agencies have a history of wanting communications to be less secure to make accessing information easier."
Latest Snowden Revelations Expose Scope Of NSA Interceptions
Techcrunch, 29 December 2014

"The National Security Agency today released reports on intelligence collection that may have violated the law or U.S. policy over more than a decade, including unauthorized surveillance of Americans’ overseas communications. The NSA, responding to a Freedom of Information Act lawsuit from the American Civil Liberties Union, released a series of required quarterly and annual reports to the President’s Intelligence Oversight Board that cover the period from the fourth quarter of 2001 to the second quarter of 2013. The heavily-redacted reports include examples of data on Americans being e-mailed to unauthorized recipients, stored in unsecured computers and retained after it was supposed to be destroyed, according to the documents. They were posted on the NSA’s website at around 1:30 p.m. on Christmas Eve. In a 2012 case, for example, an NSA analyst 'searched her spouse’s personal telephone directory without his knowledge to obtain names and telephone numbers for targeting,' according to one report. The analyst 'has been advised to cease her activities,' it said. Other unauthorized cases were a matter of human error, not intentional misconduct. Last year, an analyst 'mistakenly requested' surveillance 'of his own personal identifier instead of the selector associated with a foreign intelligence target,' according to another report. .... The NSA’s inspector general last year detailed 12 cases of 'intentional misuse' of intelligence authorities from 2003 to 2013 in a letter to Senator Charles Grassley, of Iowa, the top Republican on the Senate Judiciary Committee. Those cases included a member of a U.S. military intelligence unit who violated policy by obtaining the communications of his wife, who was stationed in another country. After a military proceeding, the violator was punished by a reduction in rank, 45 days of extra duty and forfeiture of half of his pay for two months, according to the letter. In a 2003 case, a civilian employee ordered intelligence collection 'of the telephone number of his foreign-national girlfriend without an authorized purpose for approximately one month' to determine whether she was being faithful to him, according to the letter. The employee retired before an investigation could be completed."
U.S. Spy Agency Reports Improper Surveillance of Americans
Bloomberg, 24 December 2014

"A judge has ruled that Tucson, Ariz., doesn’t have to release records about how it tracks cellphones, which the city argues would aid criminals. Beau Hodai, a freelance reporter, requested records from the Tucson Police Department in 2013 about the Stingray and Stingray II, cell phone tracking equipment, according to court documents. The equipment acts like a cell tower, and can measure signal strength to determine the location of a phone. Hodai requested all records created using the equipment, any e-mails about it, and any records about its purchase and maintenance. The department responded to Hodai’s request with some documents that were partially redacted. Hodai said in the complaint he learned Tucson redacted portions of the documents at the request of Harris Corporation, which produces the Stingray and Stingray II.... Daniel Pochoda, senior council at the ACLU of Arizona, said the group disagrees with the ruling. 'It was just a very badly reasoned decision,' he said in an interview with the Washington Post. The equipment picks up not just the cellphone targeted by officers, but all in the vicinity, Pochoda said, and according to the ruling, Tucson said search warrants for the equipment’s use did not exist."
Police can track cellphones and keep the details a secret, Arizona judge rules
Washington Post, 15 December 2014

"Hardly a week goes by without a new report of some massive data theft that has put financial information, trade secrets or government records into the hands of computer hackers. The best defense against these attacks is clear: strong data encryption and more secure technology systems. The leaders of U.S. intelligence agencies hold a different view. Most prominently, James Comey, the FBI director, is lobbying Congress to require that electronics manufacturers create intentional security holes so-called back doors that would enable the government to access data on every American's cellphone and computer, even if it is protected by encryption.... Most Americans accept that there are times their government needs to rely on clandestine methods of intelligence gathering to protect national security and ensure public safety. But they also expect government agencies and officials to operate within the boundaries of the law, and they now know how egregiously intelligence agencies abused their trust. This breach of trust is also hurting U.S. technology companies' bottom line, particularly when trying to sell services and devices in foreign markets. The president's own surveillance review group noted that concern about U.S. surveillance policies 'can directly reduce the market share of U.S. companies.' One industry estimate suggests that lost market share will cost just the U.S. cloud computing sector $21 billion to $35 billion over the next three years. Tech firms are now investing heavily in new systems, including encryption, to protect consumers from cyber attacks and rebuild the trust of their customers. As one participant at my roundtable put it, 'I'd be shocked if anyone in the industry takes the foot off the pedal in terms of building security and encryption into their products.'"
With hackers running rampant, why would we poke holes in data security?
Los Angles Times, 14 December 2014

"With virtually no warning or debate, the Intelligence Authorization Act for 2015 (H.R. 4681) was rushed to the House floor and passed, containing a dangerous section which, for the first time, statutorily authorizes spying on U.S. citizens without legal process. Representative Justin Amash (R-MI) made a hastened effort to draw attention to the disturbing bill, only hours before the vote was scheduled. If not for Amash’s efforts, the bill would have passed on a 'voice vote' — meaning no record would be kept of which Congressmen supported it. Rep. Amash explained in a press release on social media: 'When I learned that the Intelligence Authorization Act for FY 2015 was being rushed to the floor for a vote—with little debate and only a voice vote expected (i.e., simply declared 'passed' with almost nobody in the room) — I asked my legislative staff to quickly review the bill for unusual language. What they discovered is one of the most egregious sections of law I’ve encountered during my time as a representative: It grants the executive branch virtually unlimited access to the communications of every American.' — Rep. Justin Amash (R-MI)"
Intelligence bill bolsters warrantless spying on U.S. citizens
Police State USA, 11 December 2014

"A New Zealander appointed as an electronic bodyguard for journalists working with NSA whistleblower Edward Snowden says governments are an increasing online threat to activists and media. Six years ago Morgan Marquis-Boire, also known online as 'Morgan Mayhem', left Auckland for Zurich and later San Francisco to work for Google. In June he left the internet search giant to take up the new role as director of security at First Look Media. First Look employs Glenn Greenwald and Laura Poitras, who have been working on millions of secret NSA documents leaked by Snowden. Marquis-Boire's new role, including what he terms 'committing occasional acts of journalism' dissecting notable computer malware, has drawn considerable attention in the tech industry including a prominent profile in Wired.... While unwilling to discuss specific threats to First Look, he said his new workplace faced similar issues to other prominent news organisations. 'Twenty-one out of the world's twenty-five top news organisations have been targeted by state-sponsored attacks. As a statistic that definitely shows the viability of the press as a target for espionage,' he said."
Government an online threat to media, says Kiwi e-bodyguard
New Zealand Herald, 9 December 2014

"Surveillance laws that allow police officers to access people's phone records are not fit for purpose, the Home Affairs Select Committee has said. The Regulation of Investigatory Powers Act (Ripa) has been used to access journalists' records in some cases. The committee said journalists' sources should be 'fully protected' and access to data under Ripa was 'secretive'. The Home Office said there were measures in place to ensure police powers were not abused. Police officers have also failed to routinely record the professions of individuals who have had their communications data accessed, MPs said. Earlier this year, it emerged police had used their powers under Ripa to obtain information about phone calls involving newspaper reporters. The Metropolitan Police used the Act to obtain telephone records of the Sun's newsdesk to try to identify who had leaked the 'Plebgate' story involving former Conservative chief whip Andrew Mitchell. Kent constabulary also used its powers under Ripa to obtain phone records of a journalist investigating the Chris Huhne speeding points scandal, as well as those of one of his sources - despite a judge agreeing the source could remain confidential. Committee chairman Keith Vaz said: 'Ripa is not fit for purpose. We were astonished that law enforcement agencies failed to routinely record the professions of individuals who have had their communications data accessed under the legislation. 'Using Ripa to access telephone records of journalists is wrong and this practice must cease. The inevitable consequence is that this deters whistleblowers from coming forward.' He told BBC Radio 4's Today programme that journalists' records should be kept privileged, 'otherwise we get into a situation where legislation introduced for completely different purposes is being used in a mission creep to be able to control sections that were never intended to be controlled'. Half a million pieces of information are accessed every year under the legislation, Mr Vaz added. He told the programme it had been used for 'trawling', saying: 'We have felt for some time that public officials are using this piece of legislation for what was not intended by it.' The committee called on the Home Office to hold a consultation on an amended Ripa code of practice, which would give special provisions to those dealing with privileged information."
Surveillance laws 'not fit for purpose', MPs say
BBC Online, 6 December 2014

"In the wake of revelations about the extent of US spying, both Apple and Google announced in September their newest phones will be encrypted by default. That means no one—not law enforcement or the companies themselves—would be able to grab data off a locked device. The FBI didn't like that idea one bit and said so to Congress. On Thursday, Sen. Ron Wyden (D-Ore.) introduced a bill that, if passed, would make sure the companies can encrypt unmolested. The Secure Data Act would prohibit government agencies from requiring any 'backdoors' be placed in US software or hardware. 'Strong encryption and sound computer security is the best way to keep Americans’ data safe from hackers and foreign threats,' said Wyden in a statement."
Sen. Wyden puts forward a bill to ban data 'backdoors'
ArsTechnica, 5 December 2014

"According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance. The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped intoa controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks. One high-profile surveillance target is the GSM Association, an influential U.K.-headquartered trade group that works closely with large U.S.-based firms including Microsoft, Facebook, AT&T, and Cisco, and is currently being funded by the U.S. government to develop privacy-enhancing technologies. Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible. 'Collecting an inventory [like this] on world networks has big ramifications,' Nohl said, because it allows the NSA to track and circumvent upgrades in encryption technology used by cellphone companies to shield calls and texts from eavesdropping. Evidence that the agency has deliberately plotted to weaken the security of communication infrastructure, he added, was particularly alarming. 'Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,' Nohl said, 'because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.'"
Operation Auroragold
The Intercept, 4 December 2014

"German lawmakers probing the surveillance activities of the U.S. National Security Agency have uncovered a legal loophole that allows the country's foreign intelligence agency to spy on its own citizens. The agency, known by its German acronym BND, is normally forbidden from eavesdropping on Germans or German companies. But a former BND lawyer told Parliament this week that Germans aren't protected while working abroad for foreign companies. The government confirmed Saturday to The Associated Press that work-related calls or emails are attributed to the employer. If the employer is foreign, the BND can intercept them. Opposition lawmakers have accused Germany's government of feigning outrage over alleged NSA spying while condoning illegal surveillance itself."
Panel probing NSA surveillance finds legal loophole that lets German intel spy on own citizens
Associated Press, 29 November 2014

"The main cable link between Ireland and America has been tapped by British intelligence, a new raft of papers released by National Security Agency whistleblower Edward Snowden reveals. The new documents, published in a German newspaper, reveal that a number of underwater cables that connect Ireland to the word are all being tapped into by British intelligence. It means that all internet communications as well as phone calls are potentially intercepted by British intelligence. The main cable connecting the US and Ireland is called Hibernia and stretches from Dublin to South Kerry across the Atlantic to Halifax, Nova Scotia. Another leg of the same cable stretches from Dublin to Holyhead in Wales. A document released by Snowden details those cables which the British Government Communication Headquarters, based in Cheltenham in England, has either gained or sought access to. The Government Communications Headquarters (GCHQ) is a British intelligence and security organization responsible for providing signals intelligence (SIGINT) and information assurance to the British government and armed forces under the formal direction of the Joint Intelligence Committee (JIC) alongside the Security Service (MI5), the Secret Intelligence Service (MI6) and Defence Intelligence (DI). The document notes that the British intelligence operatives are dissatisfied with their access to the Irish cables and wants it improved. The Snowden documents outline a number of underwater cables – the lines that connect Ireland to the outside world that are being tapped."
Snowden reveals British tapping US/Ireland communications
Irish Central, 29 November 2014

"Proposed powers for spies to set up video surveillance in New Zealanders' homes without a warrant have come under fire on the first day of hearings for urgent counter-terrorism law changes. The Law Society, the Privacy Commissioner and the Human Rights Commission all expressed deep reservations to a select committee about some of the counter-terrorism measures, which they said went well beyond any current powers. Law Society spokesman Sir Geoffrey Palmer said the bill contained some safeguards which protected against abuse of the new powers. 'But nevertheless, it is the view of the society that some of the provisions in the bill substantially interfere with and reduce human rights and individual liberty.' Sir Geoffrey urged the committee to strengthen the test for warrantless surveillance of terrorism suspects and limit warrantless surveillance to 24 hours instead of 48 hours.Privacy Commissioner John Edwards said a provision to allow video surveillance of a private property for up to 12 months with a warrant was 'quite extraordinary and qualitatively different' to current powers. 'It is far more than going into a house and uplifting a series of documents or property. It is far more intrusive and comprehensive than dipping in and out of a telephone communication or checking on someone's internet access. It is there, it is on all the time, it is recording matters of considerable intimate and private behaviour.' Mr Edwards recommended that the default period for surveillance should be cut to three months."
Spying powers' fast-track upgrade hits wall of criticism
New Zealand Herald, 28 November 2015

"On Tuesday a Commons report disclosed a Facebook conversation in which Michael Adebowale [one of the killers of Fusilier Lee Rigby] said that he wanted to kill a British soldier 'in the most graphic and emotive manner.' These messages could have been the best opportunity for the intelligence service to save Fusilier Rigby's life, if only they had seen them in time. The government has found its scapegoat.... He would do better to set his own house in order. MI5, Ml6 and GCHQ missed more than half a dozen chances to apprehend Adeboawle and Michael Adebolajo, his accomplice. Adebolawe and Michael Adebolajo, his accomplice. Adebolajo was intermittently watched for two years and MI5 missed evidence that both had been in electronic contact with al-Qaeda in Yemen. The investigations were hampered by by delays and miscommunication... Rather than confront the agencies' failings, Mr Cameron has spoken of a 'moral duty' for social networks to seek out information about suspected terrorists and hand it to the spooks. This sounds like a veiled threat.... The responsibility would effectively turn Facebook into a adjunct of the surveillance state. Ministers should think very carefully before asking a social network to decide what constitutes a terrorist threat and what is mere bluster. It is hard to see why such a 'moral duty' would not fall upon Google, Twitter and the telecoms companies. The potential for corruption, injustice and pointless breaches of privacy is frightening. Facebook did not kill Lee Rigby. Adebowale and Adebolajo did. The organisation charged with watching them was MI5. Mr Cameron should bear these facts in mind before embarking on a quixotic crusade against the internet."
Shooting the Messenger
London Times, 27 November 2014, Print Edition, P36

"It takes some mastery of spin to turn the litany of intelligence failures over last year’s butchery of the off-duty soldier Lee Rigby into a campaign against Facebook. But that’s exactly how David Cameron’s government and a pliant media have disposed of the report by Westminster’s committee of intelligence trusties. You might have expected Whitehall’s security machine to be in the frame for its spectacular incompetence in spying on the two killers: from filling out surveillance applications wrongly and losing one suspect’s house number, to closing down the surveillance of another – just as the pair were preparing the Woolwich attack. Centre stage might have been the admission that British intelligence could have been 'complicit' in Michael Adebolajo’s torture in Kenya, and tried to cover that up. There is evidence that MI5’s attempts to recruit the Muslim convert on his return to Britain played a part in triggering the killing – though the trusties thought better than to inquire too closely into the matter. Instead it was the US internet giant, Britain’s prime minister insisted, that was really to blame. Facebook had 'blood on their hands', the Sun declared, as the Daily Mail denounced the Mark Zuckerberg corporation’s 'twisted libertarian ideology'. It’s nonsense, of course, but it gets the authorities off the hook. The spooks couldn’t handle the intelligence they had, and the US tech companies already operate in collusion with western governments. As Richard Barrett, MI6’s former counter-terrorism director, points out, the scale of material the internet barons would need to dredge would overwhelm the security services, let alone the companies. No matter. The Rigby report’s timing was ideal for the government, which is launching the seventh anti-terrorism bill since 2000 – including new measures for the internal exile of suspects, crackdowns on schools and universities that fail to act against 'extremists', and requirements on internet service providers to hand over users’ identities. Theresa May says Britain is facing the greatest terrorism threat in its history, and that the security services have foiled 40 plots since 2005. Who would know? Even ministers are in no position to judge the claims securocrats make about themselves. For the intelligence agencies the terror threat is good for business – as Cameron made clear this week when he announced another £130m for their already swollen budgets. That there is a small number of would-be jihadists prepared to carry out acts of carnage in revenge for British and western bloodletting in the Muslim world is not in doubt. But, given the ease of carrying out low-tech atrocities – and the scale of the IRA’s armed campaign of the 70s and 80s – it’s striking how few there have actually been. But the war on terror has now become a war without end: a permanent state where a politically constructed 'national security' trumps the actual security of citizens and feeds a continual ideological campaign to discipline and intimidate the Muslim community.... the Rigby report blithely conceded, 'the government’s counter-terrorism programmes are not working'. Its Prevent strategy has stopped many Muslims from speaking freely, but prevented little else. Around 500 Britons are now estimated to be fighting in Syria and Iraq. But why would that be a surprise? The British and US governments first supported the rebels in Syria – as they did in Libya – and then turned against most of them, as the jihadist campaign mushroomed around Isis, intensifying cynicism about the west’s role in the Muslim world. Which remains the heart of the war on terror 13 years on. It’s not considered seemly to mention it when discussing terrorism and extremism, but western wars and support for dictatorship are what drive jihadist terror in Britain and elsewhere, just as they fuelled it in the region itself. Every single perpetrator of such violence in Britain has spelled out that it is carried out in response to Britain’s invasions and occupations in the Muslim world. Now British forces are once again carrying out bombing raids alongside US forces in Iraq – driving other rebel groups into the arms of Isis in the process – they are creating the conditions for more violence at home. No amount of surveillance or oppressive legislation will stop those determined to launch attacks. The war on terror has spawned terror from the start, fomenting community divisions and curtailing freedoms everywhere. That’s true for those states that launched it – as well as those on the receiving end."
Seamus Milne - It isn’t Facebook that feeds terror. It’s war and tyranny
Guardian (Comment Is Free), 27 November 2014

"This week the Intelligence and Security Committee (ISC) refused to lay blame at our intelligence agencies’ door for failing to prevent the killing of Fusilier Lee Rigby. Instead, in a perverse move, they pointed the finger at Facebook and its fellow web firms. The ISC’s press release branded the social network a 'safe haven for terrorists' – echoing the new GCHQ director Robert Hannigan’s outburst earlier this month. Facebook was singled out for failing to flag up an exchange between Michael Adebowale and a foreign jihadist. The Prime Minister went even further – claiming internet companies have a 'social responsibility' to stop networks being used to 'plot murder and mayhem'. Isn’t it the responsibility of the security services, rather than web firms, to investigate terrorists? Facebook boasts more than a billion users – even the former MI6 chief Richard Barrett has highlighted the absurdity of expecting them to play 'spook' and trawl through every post. We wouldn’t expect BT to listen in on every call on the Government’s behalf. Why are internet companies any different? The state has all the powers it needs to demand access to data. But the ISC has spun the facts to mask intelligence agency failings and heap the blame on web firms. Deep within the report, the ISC reveals that the social network wasn’t even asked to intercept Adebowale’s online conversation. If it had been, and it had refused, the security services would have had the technological capability to get it for themselves. The only reason not any of this occurred was because the security services didn’t consider monitoring Adebowale to be a priority. Blaming communications service providers is laughable but it’s also dangerous. It deflects from the real story behind the report – the catalogue of errors made by our intelligence agencies. Countless missed surveillance opportunities; delayed investigations; dumping dangerous citizens abroad; ignoring allegations of MI5 mistreatment. The list goes on. The ISC’s approach leads us further down a slippery slope towards blanket surveillance of the entire population. GCHQ already stands accused of mass snooping on Britain and across the world – exploiting legal loopholes to intercept the emails, messages and web chats of millions of innocent people. Sensible, properly targeted investigations of terrorist suspects are one thing – indiscriminate spying on every one of us is another. The detail – as opposed to the bluster – of the ISC report exposed the UK’s anti-terrorism strategy as counterproductive and failing on almost every level. It revealed the authorities are neglecting to track suspects with the powers and intelligence capabilities they already have. But yesterday, with the publication of yet another counter-terrorism Bill, the Government is seeking even more powers to transform us all into suspects – leaving the public no safer and everyone a little less free. When will they learn?"
Sharmi Chakrabarti - Home Office is creating more powers to turn everyone into suspects – but leave us no safer
Independent, 26 November 2014

"Documents reportedly from the Edward Snowden cache show that in 2009, GCHQ (and by association, the NSA) had access to the traffic on 63 submarine cable links around the globe. The cables listed handle the vast majority of international Internet traffic as well as private network connections between telecommunications providers and corporate data centers. According to a report in the German newspaper Süddeutsche Zeitung, the telecommunications company Cable & Wireless—now a subsidiary of Vodafone—'actively shaped and provided the most data to GCHQ surveillance programs and received millions of pounds in compensation.' The relationship was so extensive that a GCHQ employee was assigned to work full time at Cable & Wireless (referred to by the code name 'Gerontic' in NSA documents) to manage cable-tap projects in February of 2009. By July of 2009, Cable & Wireless provided access to 29 out of the 63 cables on the list, accounting for nearly 70 percent of the data capacity available to surveillance programs. A Vodafone spokesperson did not deny the details when questioned by Süddeutsche Zeitung but said that any taps were performed legally under a warrant. The cable access wasn’t just used for surveillance—it was also used to pipe back data pulled from other networks through 'computer network exploitation' (CNE) operations to populate Incenser, a GCHQ 'special source collection system' running in a data center at GCHQ’s signals collection center at Bude in Cornwall. One of the networks that was targeted by a CNE hack and accessed over Cable & Wireless capacity, according to an NSA slide, was the Fiber-Optic Link Around the Globe (FLAG), a global network operated by the Indian telecommunications company Reliance Communications’ subsidiary, Global Cloud Xchange. Data pulled the FLAG network’s connections span the globe, with landing points in the US, Europe, North Africa, the Saudi Peninsula, India, Malaysia, China, Taiwan, South Korea, and Japan. The extent of the cable taps had been hinted at before in Snowden documents detailing Turbulence and Xkeyscore, the global distributed mass surveillance platform deployed by the NSA to search through the contents of Internet traffic. Taps into trans-oceanic cables were also revealed to be part of the NSA’s MUSCULAR program, which tapped into the private connections between the data centers of Yahoo and Google. But the latest documents reveal the actual names of the cables the NSA and GCHQ had access to as of 2009 as well as their 'egress' speed—the volume of data that the agencies could pull from the cables. As of July of 2009, relationships with three telecom companies provided access to 592 10-gigabit-per-second pipes on the cables collectively and 69 10-gbps 'egress' pipes through which data could be pulled back. The July 2009 documents included a shopping list for additional cable access—GCHQ sought to more than triple its reach, upping access to 1,693 10-gigabit connections and increasing egress capacity to 390. The documents revealed a much shorter list of 'cables we do not currently have good access [to].'"
New Snowden docs: GCHQ’s ties to telco gave spies global surveillance reach
Ars Technica, 25 November 2014

"A law forcing firms to hand details to police identifying who was using a computer or mobile phone at a given time is to be outlined by Theresa May. The home secretary said the measure would improve national security. As part of the Counter-Terrorism and Security Bill, providers would have to retain data linking devices to users. But campaigners warned it could see the revival of the so-called 'snoopers' charter' - a previous attempt to bring in wide-ranging web monitoring powers. .... The proposals, due to come before MPs on Wednesday, would help police to identify suspects via a computer or mobile device's individual Internet Protocol (IP) address. Each device has such an address, but they can change - such as when a modem is switched off and then on again - and are usually shared between different users. Internet service providers currently have no business reason for holding data showing which IP address was allocated to a device at a given time, meaning it is not always possible for police and security services to match individuals to internet use, the Home Office said.... Speaking to the BBC's Andrew Marr show, Mrs May said the new bill would help security services 'deal with the increased threat that we now see'. 'This is a step but it doesn't go all the way to ensuring that we can identify all the people we will need to,' she said. To 'fully identify' everybody, she said police would need the power to access communication data, as previously proposed in the Communication Data Bill. That bill - labelled a snooper's charter by critics - was scrapped following Lib Dem opposition. It would have forced companies to keep data about people's online conversations, social media activity, calls and texts for 12 months. James Massey, chairman of the Internet Service Providers Association, said the plans could cost the industry 'tens if not hundreds of millions' and would not catch paedophiles or those planning terror attacks. 'The devil will be in the detail but it's going to be difficult no matter how they do it,' he said. 'It looks like it could catch people who post annoying things on Twitter or not very nice things on social media - but not those who know how to hide their online activities. It's not a sensible thing to have decided to do without consulting us first.""
Internet data plan back on political agenda
BBC Online, 23 November 2014

"Freelance video journalist Jason Parkinson returned home from vacation this year to find a brown paper envelope in his mailbox. He opened it to find nine years of his life laid out in shocking detail. Twelve pages of police intelligence logs noted which protests he covered, who he spoke to and what he wore - all the way down to the color of his boots. It was, he said, proof of something he'd long suspected: The police were watching him. "Finally," he thought as he leafed through documents over a strong black coffee, 'we've got them.' Parkinson's documents, obtained through a public records request, are the basis of a lawsuit being filed by the National Union of Journalists against London's Metropolitan Police and Britain's Home Office. The lawsuit, announced late Thursday, along with recent revelations about the seizure of reporters' phone records, is pulling back the curtain on how British police have spent years tracking the movements of the country's news media. 'This is another extremely worrying example of the police monitoring journalists who are undertaking their proper duties,' said Paul Lashmar, who heads the journalism department at Britain's Brunel University. The Metropolitan Police and the Home Office both declined to comment. Parkinson, three photographers, an investigative journalist and a newspaper reporter are filing the lawsuit after obtaining their surveillance records. Parkinson, a 44-year-old freelancer who has covered hundreds of protests - some of them for The Associated Press - said he and his colleagues had long suspected that the police were monitoring them. 'Police officers we'd never even met before knew our names and seemed to know a hell of a lot about us,' he said. Several journalists told AP the records police kept on them were sometimes startling, sometimes funny and occasionally wrong. One intelligence report showed that police spotted Parkinson cycling near his then-home in northwest London and carried detailed information about him and his partner at the time. Jules Mattsson, a 21-year-old journalist with the Times of London, says another record carried a mention of a family member's medical history, something he says made him so upset he called the police to demand an explanation. 'No one could possibly defend this,' he said. Jess Hurd, a 41-year-old freelance photographer and Parkinson's partner, said she was worried the intelligence logs were being shared internationally. 'I go to a lot of countries on assignment,' she said. 'Where are these database logs being shared? Who with, for what purpose?' The revelations add to public disclosures about British police secretly seizing journalists' telephone records in leak investigations. Several senior officers have recently acknowledged using anti-terrorism powers to uncover journalists' sources by combing through the records."
UK police spied on reporters for years, docs show
Associated Press, 21 November 2014

"The U.S. Postal Service almost never denies requests to track suspects’ mail on behalf of law-enforcement agencies through a controversial surveillance program known for having compliance problems, according to a federal auditor. USPS Deputy Inspector General Tammy Whitcomb said in testimony for a House hearing   Wednesday that the Postal Service rejected only about 0.2 percent of the 6,000 outside requests last year for a practice known as mail covers. The investigative technique involves recording information on the outside of individuals’ envelopes and parcels before the items are delivered, and then handing the data to law-enforcement agencies. It does not permit the opening of mail, which requires a search warrant. The USPS inspector general’s office said in an audit report  this year that the Postal Service failed to follow key guidelines for mail covers, including recording and sending information after the orders had expired and neglecting to conduct annual reviews. Additionally, about 20 percent of the requests from outside law-enforcement agencies were not approved by authorized personnel and that 13 percent were either unjustified or incorrectly documented, according to the report. The Postal Service asked the inspector general not to release the findings publicly. The agency said disclosure would reveal 'investigative techniques and related information which could compromise ongoing criminal investigations,' according to a management letter. Politico first reported the findings in June, and the New York Times wrote a piece about them in October. But Whitcomb’s testimony marked the first time that the inspector general’s office publicly revealed that the Postal Service almost never denies mail-cover requests.... Timothy Edgar, a former Obama White House privacy expert who now works with Brown University’s Watson Institute for International Studies, described the inspector general’s findings as troubling. 'They shake our confidence in longstanding principles of privacy and civil liberties,' he said in testimony for the hearing. 'The Postal Service must be a stickler for proper procedure — it cannot afford to be lax.'"
Postal Service almost never denies mail-surveillance requests
Washington Post (Blog), 20 November 2014

"The Senate blocked legislation that would have limited the National Security Agency’s bulk collection of phone records, more than year after Edward Snowden exposed the extent of U.S. government surveillance programs. Senate leaders failed to get the 60 votes needed to advance the bill yesterday. It’s unlikely a new version can be drafted for another vote before the congressional term expires this year. The bill was an attempt to force spy agencies to collect only information sought through a court order and exclude the use of broad searches like by ZIP codes. A coalition of Internet and technology companies, which include Google Inc. (GOOG) and Twitter Inc. (TWTR), supported the Senate bill while saying the Republican-backed House version passed in May would still allow bulk collection of Internet user data."
Senate Blocks Vote on Curbing NSA’s Bulk Data Collection Program
Bloomberg, 19 November 2014

"Twitter has become a place where politics and world events are discussed in real time. The social network helped overthrow dictators during the Arab Spring, and Twitter hashtags can make big news. But anyone who wants to go back and review those tweets after the fact have a hard time. Twitter is trying to make the process a lot easier. Twitter has released a search engine that indexes every public tweet since 2006, meaning users can easily search through the hundreds of billions of tweets ever sent.... Deleting tweets doesn't keep them secret forever. There are places where they can still pop up. The Library of Congress is archiving every tweet sent for official records, and indexing by search engines can resurface caches of tweets."
Twitter makes all tweets searchable
Christian Science Monitor, 19 November 2014

"What does it look like when a society loses its sense of privacy? In the almost 18 months since the Snowden files first received coverage, writers and critics have had to guess at the answer. Does a certain trend, consumer complaint, or popular product epitomize some larger shift? Is trust in tech companies eroding—or is a subset just especially vocal about it? Polling would make those answers clear, but polling so far has been… confused. A new study, conducted by the Pew Internet Project last January and released last week, helps make the average American’s view of his or her privacy a little clearer. And their confidence in their own privacy is ... low. The study's findings and the statistics it reports stagger. Vast majorities of Americans are uncomfortable with how the government uses their data, how private companies use and distribute their data, and what the government does to regulate those companies. No summary can equal a recounting of the findings. Americans are displeased with government surveillance en masse:    * According to the study, 70 percent of Americans are 'at least somewhat concerned' with the government secretly obtaining information they post to social networking sites. * Eighty percent of respondents agreed that 'Americans should be concerned' with government surveillance of telephones and the web. They are also uncomfortable with how private corporations use their data:  * Ninety-one percent of Americans believe that 'consumers have lost control over how personal information is collected and used by companies,' according to the study. * Eighty percent of Americans who use social networks 'say they are concerned about third parties like advertisers or businesses accessing the data they share on these sites.' And even though they’re squeamish about the government’s use of data, they want it to regulate tech companies and data brokers more strictly: 64 percent wanted the government to do more to regulate private data collection. Since June 2013, American politicians and corporate leaders have fretted over how much the leaks would cost U.S. businesses abroad. 'It’s clear the global community of Internet users doesn’t like to be caught up in the American surveillance dragnet,' Senator Ron Wyden said last month.'... According to this poll, the mistrust has already begun corroding—and is already, in fact, well advanced. We’ve always assumed that the great hurt to American business will come globally—that citizens of other nations will stop using tech companies’s services. But the new Pew data shows that Americans suspect American businesses just as much. And while, unlike citizens of other nations, they may not have other places to turn, they may stop putting sensitive or delicate information online."
American Surveillance Now Threatens American Business
The Atlantic, 17 November 2014

"US government-owned airplanes that can cover most of the continental United States are covertly flying around the country, spying on tens of thousands of innocent people’s cellphones. It sounds like a movie plot, but in a remarkable report published on Thursday, the Wall Street Journal exposed that these spy planes are part of an actual mass surveillance program overseen by the Justice Department (DOJ). And it’s been kept secret from the public for years. The Journal explained that the US Marshals Service, a sub-agency under DOJ’s control, has a small fleet of Cessna airplanes that are currently armed with high-tech surveillance gear called 'dirtboxes' – essentially fake cell towers tricking your phone into connecting to them – that can vacuum the identifying information and location of ten of thousands of phones in a single flight. The Marshalls allegedly use the mass spying planes to locate suspects, but of course the vast, vast majority of phones they end up spying on belong to completely innocent individuals."
First Snowden. Then tracking you on wheels. Now spies on a plane. Yes, surveillance is everywhere
Guardian (Comment Is Free), 15 November 2014

"Research undertaken between 2008 and 2014 suggests that more than 81% of Tor clients can be ‘de-anonymised’ their originating IP addresses revealed by exploiting the ‘Netflow’ technology that Cisco has built into its router protocols, and similar traffic analysis software running by default in the hardware of other manufacturers. Professor Sambuddho Chakravarty, a former researcher at Columbia University’s Network Security Lab and now researching Network Anonymity and Privacy at the Indraprastha Institute of Information Technology in Delhi, has co-published a series of papers over the last six years outlining the attack vector, and claims a 100% ‘decloaking’ success rate under laboratory conditions, and 81.4% in the actual wilds of the Tor network. Chakravarty’s technique [PDF] involves introducing disturbances in the highly-regulated environs of Onion Router protocols using a modified public Tor server running on Linux - hosted at the time at Columbia University. His work on large-scale traffic analysis attacks in the Tor environment has convinced him that a well-resourced organisation could achieve an extremely high capacity to de-anonymise Tor traffic on an ad hoc basis – but also that one would not necessarily need the resources of a nation state to do so, stating that a single AS (Autonomous System) could monitor more than 39% of randomly-generated Tor circuits."
81% of Tor users can be de-anonymised by analysing router information, research indicates
The Stack, 14 November 2014

"Media reports this morning have revealed that the federal government is building an expansive Social Media Monitoring system to collect, store, and analyze what Canadians say on social media platforms such as Facebook and Twitter. The report in Motherboard suggests this system will feature 'real-time monitoring and analysis of social media content including Twitter, Facebook, blogs, chatrooms, message boards, social networks and video and image sharing websites'. Responding to the news, OpenMedia.ca communications manager David Christopher said: 'When people post on Facebook they believe they’re sharing with their family and friends. They certainly don’t want everything they say to be tracked, stored, and analyzed by faceless government bureaucrats in Ottawa.'"
Government’s Facebook mass spying plan will further erode privacy of law-abiding Canadians
Open Media, 13 November 2014

"Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers' data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client. By stripping out this flag, these ISPs prevent the email servers from successfully encrypting their conversation, and by default the servers will proceed to send email unencrypted."
ISPs Removing Their Customers' Email Encryption
EFF, 11 November 2014

"Germany and Brazil have made alterations to a United Nations draft resolution on the issue of state surveillance, with the two countries calling for protection against government spying on communications and personal data. It represents a new version of the anti-surveillance resolution which was adopted by the UN last year following in the wake of Edward Snowden's revelations about the extent to which states are collecting metadata for the purposes of spying on citizens. Metadata includes detailed information about who people are communicating with, where they made the communication and what websites they visit, in essence allowing the government to paint a highly accurate picture about who that person is and how they live their daily lives. The re-write of the UN draft resolution by its German and Brazilian authors has described this act of collecting metadata for state surveillance as a 'highly intrusive act'. The draft resolution, which has been submitted to all 193 UN members, says the practices 'violate the right to privacy and can interfere with the freedom of expression and may contradict the tenets of a democratic society, especially when undertaken on a mass scale'. Both Brazil and Germany have had their networks breached by US surveillance systems, so it's no wonder the two countries have taken it upon themselves to move against spying. The US's National Security Agency tapped into the networks of Brazilian oil firm Petroleo Brasileiro SA, while earlier this year it was revealed that the NSA monitored phone calls of current German Chancellor Angela Merkel and former German leader Gerhard Schroeder. The co-authored Brazilian and German draft also suggests the United Nations should appoint a special envoy to identify and clarify standards protecting privacy rights. They also call on other states to be required to provide a remedy should an individual's right to privacy be violated by state-operated surveillance. A vote on the draft will take place in the UN General Assembly's Third Committee - the body within the organisation that deals with human rights - later this month. If successful, it will be put a United Nations resolution in December. 'As the universal guardian of human rights, the United Nations must play a key role in defending the right to privacy, as well as freedom of opinion and expression in our digital world,' said Germany's UN Ambassador, Harald Braun. He added that the draft resolution will 'help pave the way towards better protection standards'. Since Snowden first revealed the extent to which governments use web surveillance, the revelations have continued apace. Indeed, just last month it was publicly admitted by the government that GCHQ monitors bulk information collected by foreign surveillance agencies, including the NSA, and does so despite not having any sort of warrant."
Germany and Brazil propose UN resolution re-write to condemn 'highly intrusive act' of NSA surveillance
Computing, 7 November 2014

"Car dealers and automotive lenders are targeting those with poor credit by installing GPS-based kill switches, or starter-interrupt devices, on the cars that they sell.  The New York Times recently reported that about 2 million cars are now outfitted with such kill switches in the U.S., which is about one-quarter of subprime car loans, and creditors are not shy when it comes to remotely disabling cars whose owners are behind on their payments... So far, it seems that while starter-interrupt systems are not very consumer friendly, they are friendly to those who hold their debt. And the idea might be catching on elsewhere. Marc Rotenberg, president of the Electronic Privacy Information Center, sees their success inspiring similar devices for the real estate industry. He recently told NPR that the same payment assurance technology is now being used by landlords, who can remotely keep renters out of their apartments if they fall behind on their rent."
Lenders Can Now Disable Your Car When You're Driving on the Freeway
Alternet, 6 November 2014

"Robert Hannigan, the new head of GCHQ, announced his arrival this week with a call for 'greater co-operation' with security forces by tech companies. Hannigan’s article in the Financial Times illustrated vividly the destructive ideology that has driven the infiltration by the British and American intelligence agencies into every aspects of the digital realm an unquestioning faith in the righteous purpose of intelligence agencies, a complete mischaracterisation of the nature of the internet and its value, and a frightening belief that companies stand only on the side of the State, rather than in the interests of the privacy and security of their users. Hannigan’s decision to enter the debate in this way is extraordinary. In a parliamentary democracy based on the Rule of Law, it is not appropriate for civil servants to speak for government or set policy. His rhetoric is all the more disappointing for being the first public response by GCHQ to the serious challenges to the lawfulness of its activities since the first of the Snowden revelations in summer 2013. Such activities include, of course, mass surveillance of all communications in and out of the British Isles, warrantless access to the NSA’s databases, the hacking of user devices and even the infiltration of Yahoo webcam chats. Over the past year, in courts and inquiries and the media, GCHQ has refused to confirm or deny any of its wrongdoings, and the Government has refused to engage in any constructive conversation on how to prevent the overreach of intelligence agencies in the digital age. Rather than acknowledge the very real misgivings that the British people have in the accountability of the services charged with protecting their security, Hannigan has used his public platform as an exercise in ex-post justification, and to launch the case for expanded powers. The audacity of such an attack, even as GCHQ is under the review of the Intelligence Services Committee, the Independent Reviewer of Terrorism Legislation and the Investigatory Powers Tribunal, is astounding. In any event, Hannigan’s argument begins from the fundamentally flawed premise that the internet is a tool of terror, rather than an instrument for public good – the greatest tool for education, expression, connection and innovation humankind has ever seen. The emancipatory power of the internet lies in its free and democratic nature. Just as the trade off for a truly democratic society is that dissent, insecurity and even hatred cannot be stamped out before they materialise, so too a truly open, democratised internet cannot be sanitised against terror without undermining the very qualities that make it so important to our lives. This is exactly what mass surveillance of the internet is aimed at, and as a result it debases the rights to privacy and free expression that we need for flourishing democracies."
Carly Nyst, Legal Director of Privacy International
Destroying online freedom in the name of counter-terrorism will make the world a more dangerous place
Telegraph, 6 November 2014

"Top secret guidelines setting out how the security services have been instructed to spy on communications between lawyers and the clients have been published for the first time. Extracts of documents from MI5, MI6 and GCHQ were released as part of a legal action brought by lawyers from the campaigning charity Reprieve on behalf of two Libyan men. The papers, disclosed in a tribunal case, are controversial because communications between lawyers and their clients are covered by 'legal professional privilege', or LPP, meaning that law enforcement agencies are supposed to respect their privacy. But the guidelines indicate the security services have been targeting such communications – by interception methods thought to include telephone taps and e-mail surveillance – since at last October 2002. One of the extracts, from GCHQ internal documents, says: 'You may in principle target the communications of lawyers.  'However, you must give careful consideration to necessity and proportionality, because lawyer-client communications are subject to special protection in UK law on grounds of confidentiality known as legal professional privilege. 'If you intend to or have inadvertently targeted lawyers' communications, and it seems likely that advice to a client will or has been intercepted, you must consult Legal at GCHQ who will seek [legal adviser] advice.' The Security Service, also known as MI5, tells its intelligence officers that 'in principle, and subject to the normal requirements of necessity and proportionality, LPP material may be used just like any other item of intelligence'. Another extract from an MI5 document highlights the difficulties posed by spying on lawyers who are preparing a defendant’s case against criminal charges. 'If an individual who is investigated by the service is the subject of criminal proceedings, and in the course of investigation the service intercepts a forensic report prepared for the purpose of those proceedings then it might be justifiable to put information from that report into the Service’s database for future use in intelligence investigations. 'However, this information would not be passed onto the police, in case they use it to gather further evidence or direct their own forensic experts in such a way as to refute the defence expert. 'In other words the service mustn’t use LPP material in a way that gives the appearance of enabling the State to gain an unfair advantage in current or future court proceedings.' Campaigners and lawyers involved with the Investigatory Powers Tribunal case said the disclosures raised "troubling implications for the whole British justice system". Cori Crider, a director at Reprieve, said: 'It’s now clear the intelligence agencies have been eavesdropping on lawyer-client conversations for years. 'The documents clearly show that MI5’s and GCHQ’s policies on snooping on lawyers have major loopholes. 'And MI6’s ‘policies’ are so hopeless they appear to have been jotted down on the back of a beer mat. 'This raises troubling implications for the whole British justice system. In how many cases has the Government eavesdropped to give itself an unfair advantage in court?' Richard Stein, a partner at Leigh Day solicitors, said: 'After many months’ resistance, the security services have now been forced to disclose the policies which they claim are in place to protect the confidential communications between lawyers and their clients. 'We can see why they were so reluctant to disclose them. 'They highlight how the security services instruct their staff to flout these important principles in a cavalier way. 'We hope the tribunal will tell the government in no uncertain terms that this conduct is completely unacceptable.' Disclosure of the material was resisted on national security grounds by the Government until a tribubal hearing last week. The papers were released following a claim brought on behalf of Abdel Hakim Belhaj and Sami al-Saadi who, along with members of their families, were kidnapped and sent to face punishment in Libya in 2004. The families brought the case after disclosures on mass surveillance by Edward Snowden, the former CIA contractor."
MI5 and GCHQ documents allow spying on lawyers
Telegraph, 6 November 2014

"A technology industry group which represents Silicon Valley giants including Apple, Microsoft and Google has insisted there will be no 'new deal' with the Government to tackle web extremism. Robert Hannigan the new director of GCHQ, the government listening post – had earlier called for a pact between 'democratic governments and technology companies in the area of protecting our citizens'. But the head of a leading industry group tech UK representing 860 companies employing more than half a million people in Britain rejected the idea and said any new moves should instead be based on a 'clear and transparent legal framework'. Julian David, chief executive officer of techUK, also said Mr Hannigan was 'wrong' to claim IT companies were in denial about misuse of social media and other technology by Isil terrorists and other extremists. 'To ensure public confidence, both in the digital economy and our democracy as a whole, any obligations placed upon technology companies must be based upon a clear and transparent legal framework and effective oversight rather than, as suggested, a deal between the industry and government,' Mr David said. ... A rebellion against Mr Hannigan’s comments appeared to be swelling inside the tech industry, as another industry group dismissed the GCHQ chief’s comments as 'wrong and ill-judged'. The Internet Services Providers’ Association (ISPA) said disclosures by Edward Snowden, a former CIA contractor, about the ability of the US and British government’s surveillance capabilities had exposed the need for 'reform'. 'For this debate to proceed properly, the security services, law enforcement and Government have to be more open and transparent about existing capabilities,' an ISPA spokesman said. 'The mischaracterisation of the Internet as a ‘command and control centre’ for terrorists is wrong and ill-judged. 'The Snowden revelations changed the landscape: existing oversight mechanisms were found to be not fit for purpose and there was a lack of accountability. 'This has to be the starting point for reform.'  'If greater or clearer powers are needed, the case needs to be made via thorough consultation and legislative proposals should be placed in Parliament for further scrutiny.' "
Tech giants reject GCHQ boss Robert Hannigan's call for deal with government
Telegraph, 4 November 2014

"Computers housing the world’s most sensitive data are usually 'air-gapped' or isolated from the internet. They’re also not connected to other systems that are internet-connected, and their Bluetooth feature is disabled, too. Sometimes, workers are not even allowed to bring mobile phones within range of the computers. All of this is done to keep important data out of the hands of remote hackers. But these security measures may be futile in the face of a new technique researchers in Israel have developed for stealthily extracting sensitive data from isolated machines using radio frequency signals and a mobile phone. The attack recalls a method the NSA has been secretly using for at least six years to siphon data in a similar manner. An NSA catalogue of spy tools leaked online last year describes systems that use radio frequency signals to remotely siphon data from air-gapped machines using transceivers—a combination receiver and transmitter—attached to or embedded in the computer instead of a mobile phone. The spy agency has reportedly used the method in China, Russia and even Iran. But the exact technique for doing this has never been revealed. The researchers in Israel make no claims that theirs is the method used by the NSA, but Dudu Mimran, chief technology officer at the Israeli lab behind the research, acknowledges that if student researchers have discovered a method for using radio signals to extract data from hard-to-reach systems, professionals with more experience and resources likely have discovered it, too. 'We are doing research way behind people [like that],' he told WIRED. 'The people who are doing that are getting a lot of money and are doing that [full time].' Dubbed 'AirHopper' by the researchers at Cyber Security Labs at Ben Gurion University, the proof-of-concept technique allows hackers and spies to surreptitiously siphon passwords and other data from an infected computer using radio signals generated and transmitted by the computer and received by a mobile phone. The research was conducted by Mordechai Guri, Gabi Kedma, Assaf Kachlon, and overseen by their advisor Yuval Elovici. The attack borrows in part from previous research showing how radio signals (.pdf) can be generated by a computer’s video card (.pdf). The researchers in Israel have developed malware that exploits this vulnerability by generating radio signals that can transmit modulated data that is then received and decoded by the FM radio receiver built into mobile phones. FM receivers come installed in many mobile phones as an emergency backup, in part, for receiving radio transmissions when the internet and cell networks are down. Using this function, however, attackers can turn a ubiquitous and seemingly innocuous device into an ingenious spy tool. Though a company or agency may think it has protected its air-gapped network by detaching it from the outside world, the mobile phones on employee desktops and in their pockets still provide attackers with a vector to reach classified and other sensitive data. The researchers tested two methods for transmitting digital data over audio signals but Audio Frequency-Shift Keying (A-FSK) turned out to be the most effective. '[E]ach letter or character was keyed with different audio frequency,' they note in a paper released last week (.pdf) that describes their technique. 'Using less than 40 distinct audio frequencies, we were able to encode simple textual data—both alphabetical and numerical. This method is very effective for transmitting short textual massages such as identifiers, key-stroking, keep-alive messages and notifications.' The data can be picked up by a mobile phone up to 23 feet away and then transmitted over Wi-Fi or a cellular network to an attacker’s command-and-control server. The victim’s own mobile phone can be used to receive and transmit the stolen data, or an attacker lurking outside an office or lab can use his own phone to pick up the transmission. 'With appropriate software, compatible radio signals can be produced by a compromised computer, utilizing the electromagnetic radiation associated with the video display adapter,' the researchers write. 'This combination, of a transmitter with a widely used mobile receiver, creates a potential covert channel that is not being monitored by ordinary security instrumentation.' The researchers note that the chain of attack 'is rather complicated,' but it’s not beyond the skills and abilities already seen in advanced attacks conducted by hackers in China and elsewhere. Or by the NSA. Generally the most common method for infecting air-gapped machines is a USB flash drive or other removable media. Once one air-gapped machine is infected, the malware can spread to other machines on an air-gapped network. Data can be extracted the same way, though this is more of a challenge. The malware stores stolen data on the machine until a flash drive is inserted, at which point data is copied to the drive. When the flash drive is then inserted into another computer that’s connected to the internet, the data gets transmitted back to the attackers’ command-and-control center. This method takes time, however, since it requires the attacker to wait until someone inserts a flash drive into the air-gapped machine and carries it to an internet-connected machine. AirHopper, however, doesn’t require repeated action like this once the malware is installed. An attacker only needs to get their malicious transmitter code onto the targeted machine and then either install the malicious receiver component on the victim’s mobile phone or use the attacker’s own mobile phone in the vicinity of the computer to receive the data and transmit it to the attacker’s command-and-control server. The malware can be programmed to store siphoned data on the infected machine for later transmission at specified hours or intervals. The researchers also devised methods for hiding the data transmission on the targeted machine to avoid detection, including transmitting data only when the monitor is turned off or in sleep mode and altering the FM receiver on the phone so that there is no audible tone when data is transmitted to it. Although the distance for transmitting data from an infected computer to a mobile phone is limited—due to the limitations of the receiver in phones—attackers could use a stronger portable receiver, set up in a parking lot for example or installed on a drone flying overhead, to pick up data from greater distances. There are other limitations, however. The proof-of-concept test allows for data to be transmitted at only 60 bytes a second—about a line of text per second—which limits the speed and volume at which attackers could siphon data. But Mimran notes that over time, a lot of sensitive data can still be extracted this way. 'We can take out whatever we want,' he told WIRED. 'That only depends on the malicious software that resides on the computer. If it is a keylogger, then you can take out whatever the user types.' A 100-byte password file takes 8-10 seconds to transmit using their method, and a day’s worth of keystrokes takes up to 14 minutes to transmit this way. But a document just .5 megabytes in size can take up to 15 hours to transmit. Extracting documents 'would be very slow and it will take a long time,' Mimran acknowledges, 'but this [demonstration] is just a proof-of-concept. I guess the bad people can make it more sophisticated.' Indeed, the NSA catalogue of surveillance tools leaked last year, known as the ANT catalogue, describes something called the Cottonmouth-I, a hardware implant that resembles an ordinary USB plug except it has a tiny transceiver, called the HowlerMonkey, embedded in it for extracting data via RF signals. According to the New York Times, which published additional information about the Cottonmouth-I, the transceiver transmits the stolen data to a briefcase-sized NSA field station or relay station, called the Nightstand, which can be positioned up to eight miles away. Once the data is received by the relay station, it’s further transmitted to the NSA’s Remote Operations Center. Available since 2009, the Cottonmouth-1 is sold in packs of 50 for about $1 million. This method of data extraction may have been used in Iran to siphon intelligence about the nuclear program there, the Times reports—perhaps in preparation for the Stuxnet attack, which sabotaged computers controlling centrifuges used to enrich uranium gas in Iran. A USB plug, however, requires physical access to a targeted computer in the field or it requires the victim to unwittingly insert the USB plug into the computer before the transmission can occur. An alternative method to this, the leaked document notes, is embedding tiny circuit boards in the targeted computer to do the transmission. One way to compromise the machine would be to intercept new equipment enroute to a customer so that it arrives to the victim already equipped to transmit stolen data. According to the document published by the Times, the RF transceiver can also be used to implant malware on a targeted system, not just extract data from it. Radio frequency hacks are difficult to mitigate, short of physically insulating computers and cables to prevent emissions from being picked up by receivers. This may be practical for military and other classified facilities to do, but not for commercial companies that are trying to protect sensitive data from such attacks. Prohibiting mobile phones from work areas will not help, since outside receivers can be used in place of mobile phones to extract data."
How Attackers Can Use Radio Signals and Mobile Phones to Steal Protected Data
Wired, 3 November 2014

"Police snoopers are capturing phone data from tens of thousands of innocent people, allowing officers to listen to calls, block phone signal, and even send fake text messages, it has been claimed. Controversial ISMI catchers are being used by the Metropolitan Police, the country's largest force, to spy on suspects' mobile phones, according to reports. But the devices also 'hoover up' data from every other mobile within their range, meaning thousands of innocent people are being unintentionally targeted. The devices are regularly used by the Met in large scale investigations, and are thought to be used by the National Crime Agency, according to The Times."
Police using controversial snooping technology to 'hack into thousands of innocent people's mobile phones'
Mail, 1 November 2014

"Just like with other electronic devices that used to be 'dumb,' TVs have become increasingly smart lately, but that doesn’t mean that’s necessarily a good thing, especially when it comes to user privacy. At least that’s what Brennan Center’s Michael Price seems to think after he replaced his older TV that could offer access just to TV programs with a smart TV model that also delivers 'streaming multimedia content, games, apps, social media and Internet browsing.' 'The only problem is that I’m now afraid to use it. You would be too — if you read through the 46-page privacy policy,' Price wrote. 'The amount of data this thing collects is staggering. It logs where, when, how, and for how long you use the TV. It sets tracking cookies and beacons designed to detect ‘when you have viewed particular content or a particular email message.’ It records ‘the apps you use, the websites you visit, and how you interact with content.’ It ignores ‘do-not-track’ requests as a considered matter of policy.' On the other hand, this isn’t the first time a smart TV has been found capable of tracking your activities for advertising purposes, so buyers should always try to go through the privacy policies they agree to when using such a device, and try to limit tracking if and when possible. Furthermore, the device has a built-in camera with facial recognition and a microphone with voice recognition features, both tools that hackers or spy agencies could use to spy on unsuspecting buyers, Price says. In addition to being used for ad purposes, these smart devices might also be hacked only as long as they’re connected to the Internet. Owners could decide to remove Internet access from their smart TVs to protect themselves against tracking and spying, but they’d lose most of their smart features in the process."
Man who owns a smart TV says he’s ‘afraid’ of using it after reading its privacy policy
BGR.com, 31 October 2014

"After security researcher Jeffrey Paul upgraded the operating system on his MacBook Pro last week, he discovered that several of his personal files had found a new home on the cloud. The computer had saved the files, which Paul thought resided only on his own encrypted hard drive, to a remote server Apple controlled. 'This is unacceptable,' thundered Paul, an American based in Berlin, on his personal blog a few days later. 'Apple has taken local files on my computer not stored in iCloud and silently and without my permission uploaded them to their servers - across all applications, Apple and otherwise.' He was not alone in either his frustration or surprise. Johns Hopkins University cryptographer Matthew D. Green tweeted his dismay after realizing that some private notes had found their way to iCloud. Bruce Schneier, another prominent cryptography expert, wrote a blog post calling the automatic saving function 'both dangerous and poorly documented' by Apple." The criticism was all the more notable because its target, Apple, had just enjoyed weeks of applause within the computer security community for releasing a bold new form of smartphone encryption capable of thwarting government searches – even when police got warrants. Yet here was an awkward flip side: Police still can gain access to files stored on cloud services, and Apple seemed determined to migrate more and more data to them. The once-clear line between devices – such as Macs or iPhones – and proprietary cloud services is all but vanishing, security experts warn. And it isn’t just Apple doing it. Microsoft, Google and others increasingly are relying on cheap, easily accessible storage capacity to roll out new features for customers. Apple’s automatic saving function allows users to switch seamlessly between devices, without fear of losing documents or edits. That’s great news if your Mac gets stolen and you need to buy a new one. But security experts such as Paul are asking, at what price in privacy? 'For me,' said Green in an interview, 'this is really shocking. I’ve been taking a lot of confidential notes in business meetings in TextEdit' – one of the programs that automatically saves some files to iCloud."
How one man’s private files ended up on Apple’s iCloud without his consent
Washington Post, 30 October 2014

"I just bought a new TV. The old one had a good run, but after the volume got stuck on 63, I decided it was time to replace it. I am now the owner of a new 'smart' TV, which promises to deliver streaming multimedia content, games, apps, social media and Internet browsing. Oh, and TV too. The only problem is that I’m now afraid to use it. You would be too — if you read through the 46-page privacy policy. The amount of data this thing collects is staggering. It logs where, when, how and for how long you use the TV. It sets tracking cookies and beacons designed to detect 'when you have viewed particular content or a particular email message.' It records 'the apps you use, the websites you visit, and how you interact with content.' It ignores 'do-not-track' requests as a considered matter of policy. It also has a built-in camera — with facial recognition. The purpose is to provide 'gesture control' for the TV and enable you to log in to a personalized account using your face. On the upside, the images are saved on the TV instead of uploaded to a corporate server. On the downside, the Internet connection makes the whole TV vulnerable to hackers who have demonstrated the ability to take complete control of the machine. More troubling is the microphone. The TV boasts a 'voice recognition' feature that allows viewers to control the screen with voice commands. But the service comes with a rather ominous warning: 'Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.' Got that? Don’t say personal or sensitive stuff in front of the TV. You may not be watching, but the telescreen is listening. I do not doubt that this data is important to providing customized content and convenience, but it is also incredibly personal, constitutionally protected information that should not be for sale to advertisers and should require a warrant for law enforcement to access. Unfortunately, current law affords little privacy protection to so-called 'third party records,' including email, telephone records, and data stored in 'the cloud.' Much of the data captured and transmitted by my new TV would likely fall into this category. Although one federal court of appeals has found this rule unconstitutional with respect to email, the principle remains a bedrock of modern electronic surveillance. According to retired Gen. David Petraeus, former head of the CIA, Internet-enabled 'smart' devices can be exploited to reveal a wealth of personal data. 'Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvester,' he reportedly told a venture capital firm in 2012. 'We’ll spy on you through your dishwasher,' read one headline. Indeed, as the 'Internet of Things' matures, household appliances and physical objects will become more networked. Your ceiling lights, thermostat and washing machine — even your socks — may be wired to interact online. The FBI will not have to bug your living room; you will do it yourself."
I’m terrified of my new TV: Why I’m scared to turn this thing on — and you’d be, too
Salon, 30 October 2014

"Brazil is planning a $185 million project to lay fiber-optic cable across the Atlantic Ocean, which could entail buying gear from multiple vendors. What it won’t need: U.S.-made technology. The cable is being overseen by state-owned telecommunications company Telecomunicacoes Brasileiras SA (TELB4), known as Telebras. Even though Telebras’s suppliers include U.S. companies such as Cisco Systems Inc. (CSCO), Telebras President Francisco Ziober Filho said in an interview that the cable project can be built without any U.S. companies. The potential to exclude U.S. vendors illustrates the fallout that is starting to unfold from revelations last year that the U.S. National Security Agency spied on international leaders like Brazil’s Dilma Rousseff and Germany’s Angela Merkel to gather intelligence on terror suspects worldwide. ...The Telebras-planned cable, which will run 3,500 miles from the Brazilian city of Fortaleza to Portugal, shows how losses to U.S. technology companies from the NSA disclosures are now crystallizing. While much of the handwringing over damage to U.S. firms has focused on existing technology contracts, the pain may come more from projects that are just getting off the ground. In many cases, it’s too costly and complex to remove existing computing infrastructure, no matter the rhetoric coming from government leaders. The Telebras-planned cable, which will run 3,500 miles from the Brazilian city of Fortaleza to Portugal, shows how losses to U.S. technology companies from the NSA disclosures are now crystallizing. While much of the handwringing over damage to U.S. firms has focused on existing technology contracts, the pain may come more from projects that are just getting off the ground. In many cases, it’s too costly and complex to remove existing computing infrastructure, no matter the rhetoric coming from government leaders."
Brazil-to-Portugal Cable Shapes Up as Anti-NSA Case Study
Bloomberg, 30 October 2014

"The FBI is attempting to persuade an obscure regulatory body in Washington to change its rules of engagement in order to seize significant new powers to hack into and carry out surveillance of computers throughout the US and around the world. Civil liberties groups warn that the proposed rule change amounts to a power grab by the agency that would ride roughshod over strict limits to searches and seizures laid out under the fourth amendment of the US constitution, as well as violate first amendment privacy rights. They have protested that the FBI is seeking to transform its cyber capabilities with minimal public debate and with no congressional oversight. The regulatory body to which the Department of Justice has applied to make the rule change, the advisory committee on criminal rules, will meet for the first time on November 5 to discuss the issue. The panel will be addressed by a slew of technology experts and privacy advocates concerned about the possible ramifications were the proposals allowed to go into effect next year."
FBI demands new powers to hack into computers and carry out surveillance
Guardian, 29 October 2014

"British authorities are capable of tapping into bulk communications data collected by other countries' intelligence services including the National Security Agency without a warrant, according to secret government documents released Tuesday. The agreement between the NSA and Britain's spy agency, known as Government Communications Headquarters or GCHQ, potentially puts the Internet and phone data of Americans in the hands of another country without legal oversight when obtaining a warrant is 'not technically feasible.' The data, once obtained, can be kept for up to two years, according to internal policies disclosed by the British government. GCHQ was forced to reveal that it can request and receive vast quantities of raw, unanalyzed data collected from foreign governments it partners with during legal proceedings in a closed court hearing in a case brought by various international human-rights organizations, including Privacy International, Liberty U.K., and Amnesty International. The suit challenges certain aspects of GCHQ's surveillance practices. It is well known that the NSA and GCHQ closely share intelligence data with one another, as part of a long-standing surveillance partnership. Some details of the agencies' spy pact were exposed by former NSA contractor Edward Snowden last year, including the existence of GCHQ's Tempora program, which taps into fiber-optic cables to scoop up online and telephone traffic across the Web for up to 30 days. But this is the first time the British government has disclosed that it does not require a warrant to access data collected and maintained by its American counterparts. The revelation appears to counter statements made by an oversight committee of the British Parliament in July of last year that 'in each case where GCHQ sought information from the U.S., a warrant for interception, signed by a minister, was already in place.' It is unclear whether any restrictions on Britain's access to NSA surveillance data is imposed by the U.S. However, documents provided by Snowden to The Guardian last year reveal that the NSA shares raw intelligence data with Israel without removing information about U.S. citizens."
British Spies Allowed to Access U.S. Data Without a Warrant
National Journal, 28 October 2014

"The White House says it is making progress in its effort to kill the online password. Security alternatives to the password funded by the administration will start rolling out in six to 12 months, White House Cybersecurity Coordinator Michael Daniel said Tuesday at the Chamber of Commerce. 'We simply have to kill off the password,' he said. 'It's a terrible form of security.' The White House has been trying to push people away from passwords since early 2011, when it launched the National Strategy for Trusted Identities in Cyberspace (NSTIC). The initiative funded public-private pilot programs working on secure password replacements. 'There are plenty of technical solutions,' Daniel said. But what hasn’t been 'cracked' are the 'non-technical humps' to adoption, such as liability and networking issues, he said. The projects on the cusp should address these hindrances, Daniel said. 'I'm excited to report very soon we will have many of these pilots starting to come to fruition. Daniel did not give specifics on exactly which of the pilot programs — ranging from using a mobile device for identification to using a wearable ring or bracelet — will be rolled out. But they will be 'widely available" once they are ready, he said."
White House moves to 'kill off the password'
The Hill, 28 October 2014

"In a rare public accounting of its mass surveillance program, the United States Postal Service reported that it approved nearly 50,000 requests last year from law enforcement agencies and its own internal inspection unit to secretly monitor the mail of Americans for use in criminal and national security investigations. The number of requests, contained in a 2014 audit of the surveillance program by the Postal Service’s inspector general, shows that the surveillance program is more extensive than previously disclosed and that oversight protecting Americans from potential abuses is lax. The audit, along with interviews and documents obtained by The New York Times under the Freedom of Information Act, offers one of the first detailed looks at the scope of the program, which has played an important role in the nation’s vast surveillance effort since the terrorist attacks of Sept. 11, 2001. The audit, which was reported on earlier by Politico, found that in many cases the Postal Service approved requests to monitor an individual’s mail without adequately describing the reason or having proper written authorization. In addition to raising privacy concerns, the audit questioned the efficiency and accuracy of the Postal Service in handling the requests. Many requests were not processed in time, the audit said, and computer errors caused the same tracking number to be assigned to different surveillance requests. 'Insufficient controls could hinder the Postal Inspection Service’s ability to conduct effective investigations, lead to public concerns over privacy of mail and harm the Postal Service’s brand,' the audit concluded. The audit was posted in May without public announcement on the website of the Postal Service inspector general and got almost no attention. The surveillance program, officially called mail covers, is more than a century old, but is still considered a powerful investigative tool. At the request of state or federal law enforcement agencies or the Postal Inspection Service, postal workers record names, return addresses and any other information from the outside of letters and packages before they are delivered to a person’s home. Law enforcement officials say this deceptively old-fashioned method of collecting data provides a wealth of information about the businesses and associates of their targets, and can lead to bank and property records and even accomplices. (Opening the mail requires a warrant.) Interviews and court records also show that the surveillance program was used by a county attorney and sheriff to investigate a political opponent in Arizona — the county attorney was later disbarred in part because of the investigation — and to monitor privileged communications between lawyers and their clients, a practice not allowed under postal regulations. Theodore Simon, president of the National Association of Criminal Defense Lawyers, said he was troubled by the audit and the potential for the Postal Service to snoop uncontrolled into the private lives of Americans.'It appears that there has been widespread disregard of the few protections that were supposed to be in place,' Mr. Simon said. In information provided to The Times earlier this year under the Freedom of Information Act, the Postal Service said that from 2001 through 2012, local, state and federal law enforcement agencies made more than 100,000 requests to monitor the mail of Americans. That would amount to an average of some 8,000 requests a year — far fewer than the nearly 50,000 requests in 2013 that the Postal Service reported in the audit. The difference is that the Postal Service apparently did not provide to The Times the number of surveillance requests made for national security investigations or those requested by its own investigation and law enforcement arm, the Postal Inspection Service....The Postal Service also uses a program called Mail Imaging, in which its computers photograph the exterior of every piece of paper mail sent in the United States. The program’s primary purpose is to process the mail, but in some cases it is also used as a surveillance system that allows law enforcement agencies to request stored images of mail sent to and received by people they are investigating.... Despite the sweep of the programs, postal officials say they are both less intrusive than that of the National Security Agency’s vast collection of phone and Internet records and have safeguards to protect the privacy and civil liberties of Americans. 'You can’t just get a mail cover to go on a fishing expedition,' said Paul J. Krenn, a spokesman for the Postal Inspection Service. 'There has to be a legitimate law enforcement reason, and the mail cover can’t be the sole tool.' The mail cover surveillance requests cut across all levels of government — from global intelligence investigations by the United States Army Criminal Investigations Command, which requested 500 mail covers from 2001 through 2012, to state-level criminal inquiries by the Georgia Bureau of Investigation, which requested 69 mail covers in the same period. The Department of Veterans Affairs requested 305, and the State Department’s Bureau of Diplomatic Security asked for 256. The information was provided to The Times under the Freedom of Information request.... Defense lawyers say the secrecy concerning the surveillance makes it hard to track abuses in the program because most people are not aware they are being monitored. But there have been a few cases in which the program appears to have been abused by law enforcement officials. In Arizona in 2011, Mary Rose Wilcox, a Maricopa County supervisor, discovered that her mail was being monitored by the county’s sheriff, Joe Arpaio. Ms. Wilcox had been a frequent critic of Mr. Arpaio, objecting to what she considered the targeting of Hispanics in his immigration sweeps. The Postal Service had granted an earlier request from Mr. Arpaio and Andrew Thomas, who was then the county attorney, to track Ms. Wilcox’s personal and business mail. Using information gleaned from letters and packages sent to Ms. Wilcox and her husband, Mr. Arpaio and Mr. Thomas obtained warrants for banking and other information about two restaurants the couple owned. The sheriff’s office also raided a company that hired Ms. Wilcox to provide concessions at the local airport. 'We lost the contract we had for the concession at the airport, and the investigation into our business scared people away from our restaurants,' Ms. Wilcox said in an interview. 'I don’t blame the Postal Service, but you shouldn’t be able to just use these mail covers to go on a fishing expedition. There needs to be more control.' She sued the county, was awarded nearly $1 million in a settlement in 2011 and received the money this June when the Ninth Circuit Court of Appeals upheld the ruling. Mr. Thomas, the former county attorney, was disbarred for his role in investigations into the business dealings of Ms. Wilcox and other officials and for other unprofessional conduct. The Maricopa County Sheriff’s Office declined to comment on Mr. Arpaio’s use of mail covers in the investigation of Ms. Wilcox. In another instance, Cynthia Orr, a defense lawyer in San Antonio, recalled that while working on a pornography case in the early 2000s, federal prosecutors used mail covers to track communications between her team of lawyers and a client who was facing obscenity and tax evasion charges. Ms. Orr complained to prosecutors but never learned if the tracking stopped. Her team lost the case. 'The troubling part is that they don’t have to report the use of this tool to anyone,' Ms. Orr said in an interview. The Postal Service declined to comment on the case."
Report Reveals Wider Tracking of Mail in U.S.
New York Times, 27 October 2014

"Israel and not America was behind the hacking of millions of French phones, it was claimed today. In the latest extraordinary twist in the global eavesdropping scandal, Israeli agents are said to have intercepted more than 70 million calls and text messages a month. Up until now the French have been blaming the U.S., even summoning the country’s Paris ambassador to provide an explanation. But today’s Le Monde newspaper provides evidence that it was in fact Israeli agents who were listening in. France first suspected the U.S. of hacking into former president Nicolas Sarkozy’s communications network when he was unsuccessfully trying for re-election in 2012. Intelligence officials Bernard Barbier and Patrick Pailloux travelled from Paris to Washington to demand an explanation, but the Americans hinted that the Israelis were to blame. The Americans insisted they have never been behind any hacking in France, and were always keen to get on with the French, whom they viewed as some of their closest allies. They were so determined to be friends with the French, that U.S. briefing notes included details of how to pronounce the names of the Gallic officials. A note published in Le Monde shows that the Americans refused to rule out Mossad, Israel’s notoriously uncompromising intelligence agency, or the ISNU, Israel’s cyber-intelligence unit. Tailored Access Operations (TAO), the branch of the US National Security Agency (NSA) which deals with cyber-attacks, is referred to throughout the note. It reads: ‘TAO intentionally did not ask either Mossad or ISNU whether they were involved as France is not an approved target for joint discussions.’ Le Monde’s article, co-authored by U.S. journalist Glenn Greenwald, whose main contact is NSA whistleblower Edward Snowden, however, hints that the Israelis were doing the spying.   Both US and French intelligence work closely with Mossad, but there is known to be a great deal of suspicion between all the agencies. A 2008 NSA note says that the Israelis are ‘excellent partners in terms of sharing information’, but it also says that Mossad is ‘the third most aggressive intelligence service in the world against the United States’."
Was ISRAEL behind the hacking of millions of French phones and NOT the U.S.?
Mail, 25 October 2014

"Millions of people are being spied on by free apps they have installed on their mobile phones, security experts have warned. Many flashlight apps which allow a device to be used as a torch also secretly record the most sensitive personal information. This may include the location of the phone, details of its owner and their contacts, and even the content of text messages. The data is then transmitted to market research companies and advertising agencies to track user’s shopping habits, experts claim. But it is also suspected that criminal gangs, hackers and identity thieves have developed torch apps of their own to obtain personal data about consumers which could give them access to their bank accounts. The most popular flashlight apps for Android smartphones have been downloaded tens of millions of times. They include the Super-Bright LED Flashlight, the Brightest Flashlight Free and the Tiny Flashlight+LED. But few customers realise that many programs have capabilities far beyond switching on the phone’s light, according to American cyber-security firm SnoopWall, whose founder Gary Miliefsky has advised the US government.... The threat does not apply to the in-built flashlight on Apple’s iPhones. Technology experts say the warning should serve as a reminder that if an app is free, its business model may involve selling the customer’s data."
Free apps used to spy on millions of phones
Mail, 25 October 2014

"Speaking at the Playful conference in London on Friday, [Annie] Machon paid tribute to Edward Snowden, who revealed details of surveillance by the US’s National Security Agency (NSA), for revealing the extent of modern surveillance and the invasion of privacy. Of the UK’s spy agency, she said: 'GCHQ has prostituted itself the the NSA to the tune of million of dollars with no accountability or oversight - they tell the NSA ‘we can do stuff you can’t do’. We live in an endemic surveillance state now. Politicians say ‘we know the intelligence agencies are working within the law and protecting, not eroding, our freedoms’. But politicians don’t have a bastard clue what spies can get away with and Britain is the least accountable of all the western intelligence agencies.' Machon signed the Official Secrets Act when she joined MI5 in 1990 after an intensive 10-month recruitment process. She had wanted to work as a diplomat but was sent a mysterious letter which suggested other career possibilities. 'I had no idea what I’d be doing the first day I walked through the door of MI5. All I knew was my paygrade and salary, but I had signed up to a secret world.' Machon described working as a general officer, arranging phone and physical surveillance of subjects. 'When I first started reading transcripts of phone conversations it felt highly intrusive - information about their private lives and who they were having an affair with that even their families didn’t know. It becomes god-like … a massive sense of dislocation from the real world.'... She spoke of the personal cost of living a secret life when working in intelligence, and the dislocation of living a life fractured between a hidden and public life. 'I cannot shake off the paranoia that I am being watched or followed,' she explained.  'When we were under investigation our phone calls and emails were under surveillance but also our friends, who were under pressure to report back. That invasive lack of privacy can be very damaging to the human soul, and thanks to Snowden we know we are all living under that sense of a lack of privacy and surveillance.'...Machon made a plea for whistleblowers to be supported by the press and public by focusing not on the 'diversionary tactic' of their personal lives but on what they are trying to expose. 'Snowden will not be the last but might be the bravest whistleblower in intelligence agency history.'"
MI6 whistleblower's partner accuses intelligence agencies of 'moral slide'
Guardian, 24 October 2014

"While you're shopping, police are watching. According to documents obtained via a public records request, Bloomington police operate twelve license plate readers at Mall of America. In the past 90 days, more than 2,275,000 cars have been scanned. Of those, more than 12,000 were "hits," meaning the license plate is tied to someone suspected of committing a crime. "I do believe this technology is very helpful in our job, in trying to keep our community safe," said Bloomington Police Chief Jeff Potts. "We've recovered five stolen cars going to the Mall of America. That's a good thing." The readers have helped solve some high-profile crimes. For example, evidence from license plate readers helped convict a man of throwing rocks, glass bottles and even a metal vice at drivers in Bloomington in late 2011 and early 2012. Regardless, some lawmakers still take issue with the technology. "If you're innocent and there's no cause to be under surveillance, then you ought not be under surveillance, and this is a form of surveillance," said State Senator Branden Peterson. Petersen is a member of the Legislative Commission on Data Practices. He thinks there is a practical use for the readers, but says the amount of time police keep the data -- 90 days in Bloomington -- is concerning. "The burden really is on the state to have a compelling reason to collect information on innocent people," he explained. "It's not the other way around. So I'd turn the question around and say, 'well why is that really necessary?'" In a statement, Mall of America officials said they don't "have access to data relating to the registration or ownership of these vehicles." They also said they're committed to ensuring the safety of their guests, tenants and employees. Right now there aren't any laws governing the use of license plate readers in Minnesota. That may change in the next legislative session, when this issue is expected to come up. The technology is in use across the state, not just in Bloomington, and in some cases, it’s been around for years."
More Than 2 Million License Plates Scanned at Mall Of America in Past 90 Days
ABC News, 24 October 2014

"Police forces in the UK are accessing people’s mobile call records without their knowledge or consent, The Times has reported. Police are exploiting loopholes in Britain’s surveillance laws to access people’s texts, voicemails, and emails. The report claims that British police can access communication information stored on a mobile device without a warrant, instead only needing a ‘production order’. The Regulation of Investigatory Powers Act (RIPA) requires that the police obtain a search warrant issued by the Home Secretary to access live phone calls. The interception of communications commissioner controls this process. However, a warrant is not required to access call records; a production order is more than enough. These orders are issued by a circuit judge who has to be convinced that a mobile user has committed a criminal offense and that the police should have access to their call records to protect the public interest. The Times discovered that over a period of three years, Northumbria Police secured 72 production orders whereas Merseyside secured 25. West Midlands police had obtained the highest number of such orders at 329. This has led many legal analysts to suspect that the process is being abused because a single police force is very unlikely to have so many cases that require the inspection of call records. Most mobile customers whose communications are being hacked are unaware of the act. The police simply discard the messages that they don’t find interesting. RIPA was originally passed to help fight terrorism, but now the law enforcement agency has been accused of exploiting this Act to gain easy access to the telephone records of journalists."
UK Police Exploits Loopholes in Law to Hack Mobile Phones
VPN Creative, 21 October 2015

"In a rare decision, the Florida Supreme Court ruled last Friday that law enforcement must get a warrant in order to track a suspect’s location via his or her mobile phone. Many legal experts applauded the decision as a step in the right direction for privacy. "[The] opinion is a resounding defense of our right to privacy in the digital age," Nate Freed Wessler, staff attorney with the American Civil Liberties Union, said in a statement. "Following people’s movements by secretly turning their cell phones into tracking devices can reveal extremely sensitive details of our lives, like where we go to the doctor or psychiatrist, where we spend the night, and who our friends are. Police are now on notice that they need to get a warrant from a judge before tracking cell phones, whether using information from the service provider or their own ‘stingray’ cell phone tracking equipment." To be clear, the ruling does not specifically mention stingrays—the devices designed to sweep up, pinpoint, and intercept cellular data in real-time. Providers can achieve the same location-tracking ends on their own. However, the legal reasoning is the same regardless of the means. "The decision as I read it quickly stands for the proposition that probable cause is required for real-time cell site location information," Brian Owsley, a former federal judge in Texas who is now a law professor at Indiana Tech, told Ars. "This is a significant decision, but not by any means the first time that a court has concluded this. Regarding stingrays, it has significance implicitly in that it can limit the use of stingrays by requiring probable cause to be demonstrated before they can be deployed."
Florida court: Come back with a warrant to track suspects via mobile phone
ArsTechnica, 20 October 2014

"Apple has begun automatically collecting the locations of users and the queries they type when searching for files with the newest Mac operating system, a function that has provoked backlash for a company that portrays itself as a leader on privacy. The function is part of Spotlight search, which was updated with last week’s launch of new Mac computers and Apple’s latest operating system, Yosemite OS X, which also is available for download to owners of older machines. Once Yosemite is installed, users searching for files – even on their own hard drives -- have their locations, unique identifying codes and search terms automatically sent to the company, keystroke by keystroke. The same is true for devices using Apple’s latest mobile operating system, iOS 8. A pop-up window discloses the change, saying collecting the data helps provide results 'more relevant to you' as Spotlight also looks beyond individual computers to gather information across the Internet, much like popular search engines such as Google already do. But privacy advocates worry that users won’t understand what information is collected and how to stop the transmission of data to Apple, which happens by default.The change is the latest by a major technology company hoping to more closely integrate individual devices with remote cloud services. Yet the privacy consequences could be significant because while devices – such as computers, smartphones and music players – are increasingly well protected with encryption and other defenses, remote cloud services have proven more vulnerable to outside attack, as happened when hackers extracted the intimate photos of Hollywood celebrities this summer from accounts on Apple’s iCloud service. 'We are absolutely committed to protecting our users' privacy and have built privacy right into our products,' Apple said in a statement Monday night. It said the company had worked to 'minimize the amount of information sent to Apple' and had implemented several protections to keep user information private. The reaction to the changes on Spotlight was harsh on Twitter, with some critics saying the change had undermined Apple’s increasingly vocal position on user privacy as it released new forms of encryption for its popular mobile devices, such as the iPhone, that made it difficult even for police to access when they have search warrants."
Apple’s Mac computers can automatically collect your location information
Washington Post (Blog), 20 October 2014

"The U.S. National Security Agency has launched an internal review of a senior official’s part-time work for a private venture started by former NSA director Keith Alexander that raises questions over the blurring of lines between government and business. Under the arrangement, which was confirmed by Alexander and current intelligence officials, NSA's Chief Technical Officer, Patrick Dowd, is allowed to work up to 20 hours a week at IronNet Cybersecurity Inc, the private firm led by Alexander, a retired Army general and his former boss. The arrangement was approved by top NSA managers, current and former officials said. It does not appear to break any laws and it could not be determined whether Dowd has actually begun working for Alexander, who retired from the NSA in March..... Current and former U.S. intelligence officials, some of whom requested anonymity to discuss personnel matters, said they could not recall a previous instance in which a high-ranking U.S. intelligence official was allowed to concurrently work for a private-sector firm. They said it risked a conflict of interest between sensitive government work and private business, and could be seen as giving favoritism to Alexander's venture. IronNet Cybersecurity is developing a new approach to protect computer networks from hackers and is marketing it to financial institutions and other private-sector firms. Alexander, who was the eavesdropping and code-breaking agency's longest-serving director, confirmed the arrangement with Dowd in an interview with Reuters. He said he understood it had been approved by all the necessary government authorities, and that IronNet Cybersecurity, not the government, would pay for Dowd's time spent with the firm. Dowd, he said, wanted to join IronNet, and the deal was devised as a way to keep Dowd's technological expertise at least partly within the U.S. government, rather than losing him permanently to the private sector."
NSA reviewing deal between official, ex-spy agency head
Reuters, 17 October 2014

"Companies like Apple Inc. and Google Inc. should be required to build surveillance capabilities into their products to help law enforcement with their probes, according to the Federal Bureau of Investigation. Providers of new communication services should create a 'front door' method to intercept data as certain technology isn’t covered by legislation that requires telecom companies to have monitoring capabilities, FBI Director James Comey said yesterday at a Brookings Institution event in Washington. 'We are struggling to keep up with changing technology and maintain our ability to actually collect communications we are authorized to collect,' Comey said. His comments add to tensions between law enforcement and technology companies trying to stand up for the privacy rights of their users. Google and Apple recently ratcheted up encryption on their mobile devices to improve security, a move the FBI, the U.S. Attorney General and police officials have said makes it harder to investigate crimes ranging from child abuse to drug trafficking."
FBI Says Surveillance Tabs Should Be Added to Devices
Bloomberg, 17 October 2014

"The Home Secretary has defended the harvesting of bulk communications data by Britain’s intelligence agencies, insisting they need to acquire a 'haystack' in order to find a 'needle'. Appearing in front of the parliamentary security watchdog, Theresa May denied that the collection of vast amounts of data, such as email and telephone records, amounted to 'mass surveillance'. Most of the data collected by agencies such as GCHQ, the Government listening post, 'will not be touched' because only specific information is accessed, in a 'targeted process', she said. In an appearance before the Intelligence and Security Committee (ISC), Mrs May refused to commit to releasing statistics showing when the use of mass data has successfully protected the public. However she pledged to consider whether more could be done to improve confidence in the actions of Britain’s spies."
Home Secretary Theresa May insists GCHQ needs 'haystack' of data to find 'needle'
Telegraph, 16 October 2014

"The United Nations’ top official for counter-terrorism and human rights (known as the 'Special Rapporteur') issued a formal report to the U.N. General Assembly today that condemns mass electronic surveillance as a clear violation of core privacy rights guaranteed by multiple treaties and conventions. 'The hard truth is that the use of mass surveillance technology effectively does away with the right to privacy of communications on the Internet altogether,' the report concluded. Central to the Rapporteur’s findings is the distinction between 'targeted surveillance' which 'depend[s] upon the existence of prior suspicion of the targeted individual or organization' — and 'mass surveillance,' whereby 'states with high levels of Internet penetration can gain access to the telephone and e-mail content of an effectively unlimited number of users and maintain an overview of Internet activity associated with particular websites.' In a system of 'mass surveillance,' the report explained, 'all of this is possible without any prior suspicion related to a specific individual or organization. The communications of literally every Internet user are potentially open for inspection by intelligence and law enforcement agencies in the States concerned.' Mass surveillance thus 'amounts to a systematic interference with the right to respect for the privacy of communications,' it declared. As a result, 'it is incompatible with existing concepts of privacy for States to collect all communications or metadata all the time indiscriminately.' In concluding that mass surveillance impinges core privacy rights, the report was primarily focused on the International Covenant on Civil and Political Rights, a treaty enacted by the General Assembly in 1966, to which all of the members of the 'Five Eyes' alliance are signatories. The U.S. ratified the treaty in 1992, albeit with various reservations that allowed for the continuation of the death penalty and which rendered its domestic law supreme. With the exception of the U.S.’s Persian Gulf allies (Saudi Arabia, UAE and Qatar), virtually every major country has signed the treaty. Article 17 of the Covenant guarantees the right of privacy, the defining protection of which, the report explained, is 'that individuals have the right to share information and ideas with one another without interference by the State, secure in the knowledge that their communication will reach and be read by the intended recipients alone.' The report’s key conclusion is that this core right is impinged by mass surveillance programs: 'Bulk access technology is indiscriminately corrosive of online privacy and impinges on the very essence of the right guaranteed by article 17. In the absence of a formal derogation from States’ obligations under the Covenant, these programs pose a direct and ongoing challenge to an established norm of international law.'... the report explained that 'states deploying this technology retain a monopoly of information about its impact,' which is 'a form of conceptual censorship … that precludes informed debate.' A June report from the High Commissioner for Human Rights similarly noted 'the disturbing lack of governmental transparency associated with surveillance policies, laws and practices, which hinders any effort to assess their coherence with international human rights law and to ensure accountability.' The rejection of the 'terrorism' justification for mass surveillance as devoid of evidence echoes virtually every other formal investigation into these programs. A federal judge last December found that the U.S. Government was unable to 'cite a single case in which analysis of the NSA’s bulk metadata collection actually stopped an imminent terrorist attack.' Later that month, President Obama’s own Review Group on Intelligence and Communications Technologies concluded that mass surveillance 'was not essential to preventing attacks' and information used to detect plots 'could readily have been obtained in a timely manner using conventional [court] orders.'...Three Democratic Senators on the Senate Intelligence Committee wrote in The New York Times that 'the usefulness of the bulk collection program has been greatly exaggerated' and 'we have yet to see any proof that it provides real, unique value in protecting national security.' A study by the centrist New America Foundation found that mass metadata collection 'has had no discernible impact on preventing acts of terrorism' and, where plots were disrupted, 'traditional law enforcement and investigative methods provided the tip or evidence to initiate the case.' It labeled the NSA’s claims to the contrary as 'overblown and even misleading.' While worthless in counter-terrorism policies, the UN report warned that allowing mass surveillance to persist with no transparency creates 'an ever present danger of ‘purpose creep,’ by which measures justified on counter-terrorism grounds are made available for use by public authorities for much less weighty public interest purposes.' Citing the UK as one example, the report warned that, already, 'a wide range of public bodies have access to communications data, for a wide variety of purposes, often without judicial authorization or meaningful independent oversight.'"
UN Report Finds Mass Surveillance Violates International Treaties and Privacy Rights
The Intercept, 15 October 2014

"Over the telephone, in jail and online, a new digital bounty is being harvested: the human voice. Businesses and governments around the world increasingly are turning to voice biometrics, or voiceprints, to pay pensions, collect taxes, track criminals and replace passwords. 'We sometimes call it the invisible biometric,' said Mike Goldgof, an executive at Madrid-based AGNITiO, one of about 10 leading companies in the field. Those companies have helped enter more than 65 million voiceprints into corporate and government databases, according to Associated Press interviews with dozens of industry representatives and records requests in the United States, Europe and elsewhere. 'There's a misconception that the we have today is only in the domain of the intelligence services, or the domain of 'Star Trek,' ' said Paul Burmester, of London-based ValidSoft, a voice biometric vendor. 'The technology is here today, well-proven and commonly available.... In the U.S., law enforcement officials use the technology to monitor inmates and track offenders who have been paroled. In New Zealand, the Internal Revenue Department celebrated its 1 millionth voiceprint, leading the revenue minister to boast that his country had 'the highest level of biometric enrollments per capita in the world.' In South Africa, roughly 7 million voiceprints have been collected by the country's Social Security Agency, in part to verify that those claiming pensions are still alive. Activists worry that the popularity of voiceprinting has a downside. 'It's more mass surveillance,' said Sadhbh McCarthy, an Irish privacy researcher. "The next thing you know, that will be given to border guards, and you'll need to speak into a microphone when you get back from vacation.""
Millions of voiceprints quietly being harvested
Physorg, 13 October 2014

"The UK authorities are operating a surveillance system where 'anything goes' and their interceptions are more intrusive to people’s privacy than has been seen in the US, Edward Snowden said. Speaking via Skype at the Observer Ideas festival, held in central London, the whistleblower and former National Security Agency specialist, said there were 'really no limits' to the GCHQ’s surveillance capabilities. He said: 'In the UK … is the system of regulation where anything goes. They collect everything that might be interesting. It’s up to the government to justify why it needs this. It’s not up to you to justify why it doesn’t … This is where the danger is, when we think about … evidence being gathered against us but we don’t have the opportunity to challenge that in courts. It undermines the entire system of justice.' He also said he thought that the lack of coverage by the UK papers of the story, or the hostile coverage of it, other than by the Guardian, 'did a disservice to the public'...he said: 'What kind of world do we want to live in? Do you want to live in a world in which governments make decisions behind closed doors? And when you ask me, I say no.' He also issued his strongest warning yet about how Silicon Valley firms were compromising the privacy of the public. Google and Facebook, he said, were 'dangerous services'. His strongest condemnation was against Dropbox and urged erasure of it from computers. It encrypted your data, he told the audience, but kept the key and would give that to any government which asked.... The irony of the fact that he was appearing via Google Hangout and Skype was not lost on the audience. Later, he said: 'No kidding, right? I’m about to disconnect this machine and toss it into a fire, though.' His more serious point was that he said he believed the battle against the intrusions of big corporations into privacy was a much harder battle to win than the governments’. He said later: 'The unexplored elephant is the corporations – so privileged, so powerful in access, so unregulated – [and] are then tapped by the government.[…] I don’t think it’s unreasonable to think that major corporations have a hand in setting government policy today. Certainly in the US, given our campaign finance issues.'"
Edward Snowden: state surveillance in Britain has no limits
Guardian, 12 October 2014

"At the headquarters of every police force in Britain is a small office called the ‘Telecoms Intelligence Unit’ (TIU). There, police officers can log in directly to the mainframe computers of three of four big mobile phone companies – Vodafone, Three and EE – as well as BT and internet service providers. EE comprises the former networks Orange and T-Mobile, whose police interface was called Plod – an acronym for Police Liaison On-screen Database. Armed with the required usernames and passwords, in a few keystrokes the officers can retrieve confidential data from anyone’s telephone or computer use within minutes. Such swift access can save lives by finding an armed criminal on the run, or help track a terrorist before he strikes – but critics believe the ease with which police can access such information has led them to do so far more often than they should. All it takes is a couple of senior officers within the force to sign off the request and any officer can have those details on his screen. In theory, a safeguard system should stop spurious or illegal requests, but with more than 2,000 applications for data access under RIPA being processed each week across the UK, some wonder how effective that oversight can be."
How 'Plod' can spy on YOUR phone...in just three clicks: Officers can access mobile phone and internet firms' mainframes
Mail, 12 October 2014

"According to Edward Snowden, people who care about their privacy should stay away from popular consumer internet services like Dropbox, Facebook, and Google, reports online tech news TechCrunch. Snowden conducted a remote interview as part of the New Yorker Festival, where he was asked a couple of variants on the question of what we can do to protect our privacy. His first answer called for a reform of government policies. Some people take the position that they 'don’t have anything to hide,' but he argued that when you say that, 'You’re inverting the model of responsibility for how rights work': When you say, ‘I have nothing to hide,’ you’re saying, ‘I don’t care about this right.’ You’re saying, ‘I don’t have this right, because I’ve got to the point where I have to justify it.’ The way rights work is, the government has to justify its intrusion into your rights. He added that on an individual level, people should seek out encrypted tools and stop using services that are 'hostile to privacy.' For one thing, he said you should 'get rid of Dropbox,' because it doesn’t support encryption, and you should consider alternatives like SpiderOak. ... He also suggested that while Facebook and Google have improved their security, they remain 'dangerous services' that people should avoid. .. His final piece of advice on this front: Don’t send unencrypted text messages, but instead use services like RedPhone and Silent Circle. Earlier in the interview, Snowden dismissed claims that increased encryption on iOS will hurt crime-fighting efforts. Even with that encryption, he said law enforcement officials can still ask for warrants that will give them complete access to a suspect’s phone, which will include the key to the encrypted data. Plus, companies like Apple, AT&T, and Verizon can be subpoenaed for their data.... As for why Snowden hasn’t come back to the United States to stand trial, he said that when he looked at how the US government treated whistleblowers like Thomas Drake and Chelsea Manning, he became convinced that wouldn’t be able to present his case to a jury in an open trial. 'I’ve told the government again and again in negotiations, you know, that if they’re prepared to offer an open trial, a fair trial in the same way that Dan Ellsberg got, and I’m allowed to make my case to the jury, I would love to do so,' he said. 'But to this point they’ve declined.'"
Need privacy? Avoid Facebook, Google and Dropbox, Snowden advises
The Daily Star (Bangaladesh), 12 October 2014

"The National Security Agency has had agents in China, Germany, and South Korea working on programs that use 'physical subversion' to infiltrate and compromise networks and devices, according to documents obtained by The Intercept. The documents, leaked by NSA whistleblower Edward Snowden, also indicate that the agency has used 'under cover' operatives to gain access to sensitive data and systems in the global communications industry, and that these secret agents may have even dealt with American firms. The documents describe a range of clandestine field activities that are among the agency’s 'core secrets' when it comes to computer network attacks, details of which are apparently shared with only a small number of officials outside the NSA. 'It’s something that many people have been wondering about for a long time,' said Chris Soghoian, principal technologist for the American Civil Liberties Union, after reviewing the documents. 'I’ve had conversations with executives at tech companies about this precise thing. How do you know the NSA is not sending people into your data centers?' Previous disclosures about the NSA’s corporate partnerships have focused largely on U.S. companies providing the agency with vast amounts of customer data, including phone records and email traffic. But documents published today by The Intercept suggest that even as the agency uses secret operatives to penetrate them, companies have also cooperated more broadly to undermine the physical infrastructure of the internet than has been previously confirmed. In addition to so-called 'close access' operations, the NSA’s 'core secrets' include the fact that the agency works with U.S. and foreign companies to weaken their encryption systems; the fact that the NSA spends 'hundreds of millions of dollars' on technology to defeat commercial encryption; and the fact that the agency works with U.S. and foreign companies to penetrate computer networks, possibly without the knowledge of the host countries. Many of the NSA’s core secrets concern its relationships to domestic and foreign corporations. Some of the documents in this article appear in a new documentary, CITIZENFOUR, which tells the story of the Snowden disclosures and is directed by Intercept co-founder Laura Poitras. The documents describe a panoply of programs classified with the rare designation of 'Exceptionally Compartmented Information,' or ECI, which are only disclosed to a 'very select' number of government officials."
Core Secrets: NSA Saboteurs in China and Germany
The Intercept, 11 October 2014

"The investigative journalist Glenn Greenwald has found a second leaker inside the US intelligence agencies, according to a new documentary about Edward Snowden that premiered in New York on Friday night. Towards the end of filmmaker Laura Poitras’s portrait of Snowden – titled Citizenfour, the label he used when he first contacted her – Greenwald is seen telling Snowden about a second source. Snowden, at a meeting with Greenwald in Moscow, expresses surprise at the level of information apparently coming from this new source. Greenwald, fearing he will be overheard, writes the details on scraps of paper. The specific information relates to the number of the people on the US government’s watchlist of people under surveillance as a potential threat or as a suspect. The figure is an astonishing 1.2 million. The scene comes after speculation in August by government officials, reported by CNN, that there was a second leaker. The assessment was made on the basis that Snowden was not identified as usual as the source and because at least one piece of information only became available after he ceased to be an NSA contractor and went on the run."
Second leaker in US intelligence, says Glenn Greenwald
Guardian, 11 October 2014

"CITIZENFOUR, the new film by Intercept co-founding editor Laura Poitras, premiered this evening at the New York Film Festival, and will be in theaters around the country beginning October 24. Using all first-hand, real-time footage, it chronicles the extraordinary odyssey of Edward Snowden in Hong Kong while he worked with journalists, as well the aftermath of the disclosures for the NSA whistleblower himself and for countries and governments around the world.The film provides the first-ever character study of Snowden and his courageous whistleblowing, contains significant new revelations about all of these events, and will undoubtedly be discussed for years to come. But one seemingly banal — yet actually quite significant — revelation from the film is worth separately highlighting: In July of this year, Snowden’s long-time girlfriend, Lindsay Mills, moved to Moscow to live with him. Vital to the U.S. government and its assorted loyalists in the commentariat is to depict whistleblowers as destined to live miserable lives. That’s the key to their attempt to deter unwanted disclosure: the message that doing so will result in the full-scale destruction of one’s life. That’s what explains the grotesquely severe mistreatment and 35-year prison term for Chelsea Manning, as well as the repeated, gleeful predictions that Snowden will 'end up like Kim Philby,' the British defector to the Soviet Union who, it is claimed, died a premature death from alcoholism, solitude and all-around deprivation. The reality is that none of that has ever applied to Edward Snowden. Particularly when compared to what he expected his life to be upon deciding to embark on the whistleblowing path — decades of imprisonment in the harsh American penal state, if not worse — his post-Hong Kong life has been fulfilling and rewarding. He speaks, and writes, and is interviewed, and has become an important voice in the global debate he triggered."
Edward Snowden’s Girlfriend, Lindsay Mills, Moved to Moscow to Live with Him
The Intercept, 11 October 2014

"The impact of US government surveillance on tech firms and the economy is going to get worse before it gets better, leaders at some of the biggest tech firms warned US Sen. Ron Wyden on Wednesday during a roundtable on the impact of US government surveillance on the digital economy. The senior Democratic senator from Oregon took the floor at the Palo Alto High School gymnasium -- where he played high school basketball well enough to earn a college scholarship for his court-side abilities more than 50 years ago -- to discuss the economic impact and future risks of US government surveillance on technology firms. Google Executive Chairman Eric Schmidt, who has been outspoken on the topic, pulled no punches with his assessment of how the spying scandal has and will continue to impact Google and other tech companies. The impact is "severe and is getting worse," Schmidt said. "We're going to wind up breaking the Internet." Also on the panel with Schmidt was Microsoft General Counsel Brad Smith, another critic who became more outspoken of government surveillance after Edward Snowden leaked National Security Agency documents in 2013 that showed a much wider federal spying apparatus than previously believed. "Just as people won't put their money in a bank they won't trust, people won't use an Internet they won't trust," Smith said. Panelist Ramsey Homsany, general counsel for online storage company Dropbox, said the trust between customers and businesses that is at the core of the Internet's economic engine has begun to "rot it from the inside out." "The trust element is extremely insidious," Homsany said. "It's about personal emails, it's about photos, it's about plans, it's about medical records." The documents leaked by Snowden indicate that the US government has been collecting a record of most calls made within the US, including the initiating and receiving phone numbers, and the length of the call; emails, Facebook posts and instant messages of an unspecified number of people; and the vast majority of unencrypted Internet traffic including searches and social media posts. Documents from Snowden show that the British equivalent of the NSA, the Government Communications Headquarters (GCHQ), has a similar program....Smith noted that 96 percent of the world does not live in the US, and that the American tech economy depends on convincing them that American tech services are trustworthy. "Foreign data centers would compromise American [economic] growth" and leadership, he said. Abroad, efforts are already underway to force international tech companies to be more respectful of their own national interests -- efforts that could erode consumer trust further, said Wyden. German Chancellor Angela Merkel has said publicly that Germany is looking at European email service providers so that their messages "don't have to go across the Atlantic." The government of Brazil's President Dilma Rousseff is considering forcing US tech firms to build data centers in Brazil, if they want to do business with Brazil. The biggest indication of the decline of America's ability to guide the Internet, according to Wyden, is that Chinese officials told the senator earlier this summer that they considered the Chinese theft of US tech trade secrets no different than US government surveillance of foreign governments and firms."
US spying scandal will 'break the Internet,' says Google's Schmidt
CNet, 8 October 2014

"The US government may hack into servers outside the country without a warrant, the Justice Department said in a new legal filling in the ongoing prosecution of Ross Ulbricht. The government believes that Ulbricht is the operator of the Silk Road illicit drug website. Monday's filing in New York federal court centers on the legal brouhaha of how the government found the Silk Road servers in Iceland. Ulbricht said last week that the government's position—that a leaky CAPTCHA on the site's login led them to the IP address—was 'implausible' and that the government (perhaps the National Security Agency) may have unlawfully hacked into the site to discover its whereabouts."
US says it can hack into foreign-based servers without warrants
Ars Technica, 7 October 2014

"Long before Americans were introduced to the new 9/11 era super-villains called ISIS and Khorasan, senior Obama officials were openly and explicitly stating that America’s 'war on terror,' already 12 years old, would last at least another decade. At first, they injected these decrees only anonymously; in late 2012, The Washington Post - disclosing the administration’s secret creation of a 'disposition matrix' to decide who should be killed, imprisoned without charges, or otherwise 'disposed' of - reported these remarkable facts: 'Among senior Obama administration officials, there is a broad consensus that such operations are likely to be extended at least another decade. Given the way al-Qaida continues to metastasize, some officials said no clear end is in sight. . . . That timeline suggests that the United States has reached only the midpoint of what was once known as the global war on terrorism.' ' In May, 2013, the Senate Armed Services Committee held a hearing on whether it should revise the 2001 Authorization to Use Military Force (AUMF). A committee member asked a senior Pentagon official, Assistant Secretary Michael Sheehan, how long the war on terror would last; his reply: 'At least 10 to 20 years.' At least. A Pentagon spokesperson confirmed afterward 'that Sheehan meant the conflict is likely to last 10 to 20 more years from today — atop the 12 years that the conflict has already lasted.' As Spencer Ackerman put it: 'Welcome to America’s Thirty Years War,' one which – by the Obama administration’s own reasoning – has 'no geographic limit.' Listening to all this, Maine’s independent Sen. Angus King said: 'This is the most astounding and most astoundingly disturbing hearing that I’ve been to since I’ve been here. You guys have essentially rewritten the Constitution today.' Former Bush DOJ lawyer Jack Goldsmith himself an ardent advocate of broad presidential powers was at the hearing and noted that nobody even knows against whom this endless war is being waged: 'Amazingly, there is a very large question even in the Armed Services Committee about who the United States is at war against and where, and how those determinations are made.' All of that received remarkably little attention given its obvious significance. But any doubts about whether Endless War literally is official American doctrine should be permanently erased by this week’s comments from two leading Democrats, both former top national security officials in the Obama administration, one of whom is likely to be the next American president. Leon Panetta, the long-time Democratic Party operative who served as Obama’s Defense Secretary and CIA Director, said this week of Obama’s new bombing campaign: 'I think we’re looking at kind of a 30-year war.' Only in America are new 30-year wars spoken of so casually, the way other countries speak of weather changes. He added that the war 'will have to extend beyond Islamic State to include emerging threats in Nigeria, Somalia, Yemen, Libya and elsewhere.' And elsewhere: not just a new decades-long war with no temporal limits, but no geographic ones either. He criticized Obama – who has bombed 7 predominantly Muslim countries plus the Muslim minority in the Phillipines (almost double the number of countries Bush bombed) – for being insufficiently militaristic, despite the fact that Obama officials themselves have already instructed the public to think of The New War' in terms of years.' Then we have Hillary Clinton (whom Panetta gushed would make a 'great' president). At an event in Ottawa yesterday, she proclaimed that the fight against these 'militants' will' be a long-term struggle' that should entail an 'information war' as'well as an air war.' The new war, she said, is 'essential' and the U.S. shies away from fighting it 'at our peril.' Like Panetta (and most establishment Republicans), Clinton made clear in her book that virtually all of her disagreements with Obama’s foreign policy were the by-product of her view of Obama as insufficiently hawkish, militaristic and confrontational. At this point, it is literally inconceivable to imagine the U.S. not at war. It would be shocking if that happened in our lifetime. U.S. officials are now all but openly saying this. 'Endless War' is not dramatic rhetorical license but a precise description of America’s foreign policy. It’s not hard to see why. A state of endless war justifies ever-increasing state power and secrecy and a further erosion of rights. It also entails a massive transfer of public wealth to the 'homeland security' and weapons industry (which the US media deceptively calls the'defense sector')."
Key Democrats, Led by Hillary Clinton, Leave No doubt that Endless War is Official U.S. Doctrine
The Intercept, 7 October 2014

"Britons must accept a greater loss of digital freedoms in return for greater safety from serious criminals and terrorists in the internet age, according to the country’s top law enforcement officer. Keith Bristow, director general of the National Crime Agency, said in an interview with the Guardian that it would be necessary to win public consent for new powers to monitor data about emails and phone calls. Warning that the biggest threats to public safety are migrating to the internet and that crime fighters are scrambling to keep up, the NCA boss said he accepted he had not done a good enough job explaining to the public why the greater powers were necessary.'What we have needs to be modernised … we are losing capability and coverage of serious criminals.' But the boss of the organisation known informally as Britain’s FBI warned that support must be gained from the public for any new powers that would give the state greater access to communications data, dubbed the'snoopers’ charter' by critics. He said:'If we seek to operate outside of what the public consent to, that, for me, by definition, is not policing by consent … the consent is expressed through legislation.' He added that it was necessary to win'the public consent to losing some freedoms in return for greater safety and security'. Last week the home secretary, Theresa May, backed the introduction of greater mass surveillance powers, and committed the Conservatives to implementing the communications data bill that had been blocked by the Liberal Democrats amid protests over civil liberties."
National Crime Agency director general: UK snooping powers are too weak
Guardian, 7 October 2014

"The security services are getting desperate.  Over the last 4 years they, and their political figurehead May, have tried time and time again to push mass surveillance through Parliament.  Whenever a security scare arises or a trial of alleged terrorists or belated arrests over a drugs scandal, the cry is always foisted on the public that what we need is a comprehensive snoopers’ charter which will record all the communications of all the citizens in the UK.   No mention of the fact that they have already been doing this for over a decade through GCHQ’s Tempora and Bullrun programmes as Snowden revealed, and what they desperately want now is to legitimize their illegal activities.  No mention that they already infiltrating our smartphones via the Dreamy Smurf programme which can turn them on even when we’ve switched them off.  No mention that Nosey Smurf can turn on the microphone in a mobile remotely to listen in to our conversations, nor of Tracker Smurf which can track our location in real time. A taste of how urgently GCHQ and MI5 are demanding parliamentary cover was shown a few months ago when May rammed emergency data retention legislation through the Commons in a single day, thus preventing proper debate and scrutiny – even though there was in fact no emergency!  Now we see there is yet another concerted push to get this past the parliamentary barrier.  May devoted most of her speech to it at the Tory party conference last week, and today the director general of the National Crime Agency throws in his penn’orth by assuring us that the security and police services cannot do their job without these new powers (or rather, old powers made legitimate). We all agree that what is needed is a system that protects the public whilst having minimal impact on citizens’ privacy.  What we’ve got however is the opposite: a system that doesn’t protect us, but is highly intrusive.  We collect far more information than we can possibly sensibly use, and often fail, both in the US and in the UK, to use even the information we do obtain.  Before 9/11 the US NSA monitored traffic through the al-Qaeda communications hub in the Yemen, but failed to pass it on to the FBI.  The CIA also knew that two of the hijackers were in the US prior to 9/11, but failed to warn the FBI.  In the UK the 7/7 bombers were known to the intelligence agencies, but the security and police forces failed to act on the information effectively. When the whistleblower Snowden revealed the hitherto unknown huge extent of routine surveillance, it is extraordinary that the response was not a chastened apology to the public for systematically deceiving them for years, but rather an absurd: ‘We may collect the data but we don’t look at it, or if we look at it we don’t remember it, or if we do remember it, we don’t use it’! The truth is, the security services are more interested in protecting the system than the public."
Despite Snowden May won’t take no for any answer over mass surveillance
Michael Meacher MP » Blog Archive » 7 October 2014

"David Cameron’s surveillance watchdog has ordered police forces across the country to disclose full details about their controversial use of anti-terror laws to spy on journalists. Sir Paul Kennedy, the Interception of Communication Commissioner who reports directly to the Prime Minister, said he would conduct a'full inquiry' into how police obtained telephone records to trace reporters’ confidential sources. The move follows an outcry over law enforcement’s use of the Regulation of Investigatory Powers Act (Ripa) – originally introduced to combat serious crime and terrorism – to target whistleblowers who contact the media with uncomfortable truths about the state. Sir Paul’s announcement came 24 hours after it emerged that Kent Police used Ripa to trawl through thousands of numbers called by journalists from the newsdesk at the Mail on Sunday, in a bid to identify the anonymous source who helped to reveal that the former cabinet minister Chris Huhne had illegally conspired to have his speeding points attributed to his wife. In this case, the use of Ripa – an intrusive power introduced in 2000 to safeguard national security which requires only the approval of a senior police officer – avoided the normal legal process protecting reporters’ sources, which requires the approval of a judge. Sir Paul also urged ministers to accelerate plans to protect journalists, lawyers and others who handle privileged information, including confidential helplines, from intrusive police surveillance. He pledged that the results of his investigation would be made public. Official statistics reveal police and security services obtained communications records under Ripa more than 514,000 times last year – more than 1,400 times a day. Professionals who handle sensitive information, including lawyers and journalists, are supposed to enjoy protections from snooping by the police under the Police and Criminal Evidence Act. But Ripa allows the police to sidestep these safeguards. The Mail on Sunday revealed at the weekend that Kent Police trawled through thousands of numbers called by journalists from a landline at its newsdesk over 12 months. They did so to trace the person behind the story about Mr Huhne – even though a judge had ruled in separate proceedings that the source should remain confidential."
Police told to reveal extent of their 'anti-terror' snooping on journalists
Independent, 6 October 2014

"Thousands of innocent people have been wrongly spied on by the police and other public bodies because of sloppy administrative errors, The Times can reveal. Authorities routinely use sweeping legal powers to collect phone and internet records secretly, but there are growing fears that the powers are being abused. In some cases the wrong people are being pursued because of basic mistakes. Almost 3,000 people in three years had their records seized and examined in error. In at least 11 cases blunders have led to innocent people being wrongly arrested, accused of crimes or having their houses searched."
Extent of police ‘spying’ exposed
London Times, 4 October 2014

"The bald truth is that most companies are pretty bad at recruitment. Nearly half of new recruits turn out to be duds within 18 months, according to one study, while two-thirds of hiring managers admit they've often chosen the wrong people. And the main reason for failure is not because applicants didn't have the requisite skills, but because their personalities clashed with the company's culture. So these days employers are resorting to big data analytics and other new methods to help make the fraught process of hiring and firing more scientific and effective. For job hunters, this means success is now as much to do with your online data trail as your finely crafted CV....In addition to all the historic data analysts have at their disposal, social media is offering recruiters a rich new vein of real-time data. Our blogs, websites, Twitter rants and LinkedIn profiles reveal as much - if not more - about us than a semi-fictionalised CV. 'The days of keeping your personal and professional profiles separate are over,' warns Experis's Geoff Smith. 'Social media is a great platform for individuals to demonstrate their expertise, experience and enthusiasm for their field of specialism. However, candidates need to be conscious of the online reputation they are building and the data trail they are leaving behind.' A growing number of tech companies are offering tools that can sift through masses of social media data and spot patterns of behaviour and sentiment.... 'Online tools, such as Sprout Social and Hootsuite enable our recruiters to keep an ear to the ground on what's going on with their clients, candidates and in the sectors we're working in,' says Mr Smith. Konetic's Paul Finch agrees that applicants need to be aware what image their online profiles project. 'It's all about reputation. If people can't manage their own reputations, how are they going to protect the reputations of their future employers?' he asks."
Does job success depend on data rather than your CV?
BBC Online, 2 October 2014

"Nearly 30 years ago, I sat in a two-hour seminar with a former head of the American National Security Agency - a fluent Russian scholar who had been at the centre of the still-unfinished Cold War, and who had known most of the western alliance's deepest secrets since the end of World War II. He did not think that US government secrecy over any of the things said or done in the interests of the US, or any of its capabilities much still secret, had ever advanced its interests. He could think of many times when it had worked against its interests. Secrecy had meant that some of those who might have poured cold water over intrinsically silly ideas (he instanced the 1961 Bay of Pigs invasion) had not been in the know and therefore could not do so. Secrecy had often prevented people who ought to have known from stopping very morally dubious operations, including CIA assassination programs. Secrecy had often been used to disguise hypocrisy of a very high order - when governments and military or intelligence bodies were saying one thing and doing the opposite, to their ultimate embarrassment and confusion. The objection to that was not necessarily that astute operators were covering both bases, or taking out 'insurance policies' against possible events, but that those involved almost inevitably tended to lose sight of their objectives, without any accountability for their actions. Inevitably, compulsive secrecy became as much focused on cover-up - sometimes of criminal behaviour - and the avoidance of political, bureaucratic or organisational accountability, as often as not for stupidity, failure to take some obvious factor into account or placing too much emphasis on some silly pet theory. He thought highly of the brilliance of many inside the American national security umbrella, but he also thought their thinking and analysis invariably benefited from being open to debate from those outside the umbrella. He reminded us also that the New York Times had learnt of plans for the Bay of Pigs invasion, and had reluctantly acceded to desperate pleas, some from President John Kennedy himself, to keep mum, at least until the operation was over. The Times gave in, because its editors were afraid of being blamed if the operation were a disaster, as it proved to be. Later Kennedy told editors that he blamed them for listening to him; they should have disclosed, compromised the operation, and saved him and the US from the embarrassment, the humiliation and the lying that followed. This man's 1980s briefing was in the wake of the Church committee investigations into misadventures and misbehaviour by intelligence agencies, Watergate, the Pentagon papers case (where the Times ignored American government national security pleas) and the comprehensive defeat of American (and Australian) arms and intelligence during the Vietnam War. There have been sundry American military and victories and defeats since, but I have heard or seen nothing which would make me prefer the judgment of George Brandis (or Mark Dreyfus), Tony Abbott (or Bill Shorten) or Angus Campbell (or Duncan Lewis) over his."
Jack Waterford - Government secrecy cannot disinfect, or hide, dirty laundry
The Canberra Times, 1 October 2014

"Parents should be aware that their children can be tracked online, the former head of MI6 has warned. Sir John Scarlett said children and teenagers were more relaxed about the information they gave online than those even a little older. He also said the public should be more worried about threats from terrorists and international criminal networks than the government snooping on them. Sir John was head of the British Secret Intelligence Service for five years. Speaking before he addressed the Headmasters' and Headmistresses' Conference (HMC) annual conference in Newport, south Wales, Sir John said the technological environment had changed rapidly. "You've got to know what your children are doing. It's very difficult to know exactly what they're doing in particular when they're on a tablet or something they've got and you've got to have some kind of idea. "They are extremely vulnerable, everybody is, to a whole range of things. Clearly when they're young children they're particularly vulnerable to predators." Sir John went on: "Personally what worries me, in a way, most, is tracking devices. "The way in which locational apps, for example, are now quite freely available, of course you can start off by consciously giving out that information, but once you've done that, you've lost control of it." There was a need for everyone to be aware that, once information was shared online, for example through using a search engine, it could be used by different firms, Sir John said. Youngsters could also be tracked through getting into conversations online, or by using apps that used an individual's location. .... There are individuals who are able to track someone "right down to more or less precisely where you are".... He also argued that the public should be less worried about widespread government snooping. "I think we're worrying in a way about the wrong thing. "Potentially that capability for mass and uncontrolled snooping is clearly there. Technically it can be done." The former spy chief warned that in general, there was "no absolute protection" against a determined online attack. The public could protect themselves by using passwords and other measures against 80% of intrusions, he said, but "everybody has to understand that you can't be absolutely certain that somebody somewhere won't get it". Sir John, who was chief of the British Secret Intelligence Service until 2009, said: "There are authoritarian states out there, there are terrorists out there, there's a massively growing organised criminal international network out there.""
Ex-MI6 chief warns parents over apps that track children
BBC Online, 1 October 2014

"The powers granted to the National Security Agency to spy on millions of Americans and people abroad were vested by a little-known executive order that—until now—has received scant scrutiny or oversight, newly uncovered government documents revealed on Monday. Executive Order 12333, passed in 1981 by President Ronald Reagan, is the 'main game in town for NSA surveillance,' according to Alex Abdo, staff attorney for the American Civil Liberties Union, which obtained internal documents on the order through a Freedom of Information request. One of the documents, an internal surveillance manual published by the NSA, describes EO 12333 as the 'primary source' of their intelligence-gathering authority. And a 'Legal Fact Sheet,' distributed by the NSA two weeks after Edward Snowden disclosed their widespread surveillance, says that the agency conducts the majority of their intelligence gathering through signal interruption (or SIGNIT) 'pursuant to the authority by EO 1233.' Unlike Section 215 of the Patriot Act or the FISA Amendments Act—which thus far have been the focus of public debate—the executive branch is alone in implementing EO 12333, meaning that there is essentially no oversight from Congress nor the court system. 'We've already seen that the NSA has taken a 'collect it all' mentality even with the authorities that are overseen by Congress and the courts,' Abdo continues. 'If that history is any lesson, we should expect—and, indeed, we have seen glimpses of—even more out-of-control spying under EO 12333.' According to Abdo's analysis of the documents, which were published by the NSA as well as the Defense Intelligence Agency among others, EO 12333 allows the government to monitor any international communication that contains any alleged 'foreign intelligence information.' 'That phrase is defined so nebulously that it could be read to encompass virtually every communication with one end outside the United States,' Abdo writes."
Revealed: The Little-Known Executive Order Behind Our 'Collect It All' Spy State
Common Dreams, 29 September 2014

"The inventor of the world wide web has warned that the freedom of the internet is under threat by governments and corporations interested in controlling the web.Tim Berners-Lee, the British computer scientist who invented the web 25 years ago, called on Saturday for a bill of rights that would guarantee the independence of the internet and ensure users’ privacy. 'If a company can control your access to the internet, if they can control which websites they go to, then they have tremendous control over your life,' Berners-Lee said at the Web We Want festival on the future of the internet in London. 'If a government can block you going to, for example, the opposition’s political pages, then they can give you a blinkered view of reality to keep themselves in power.' 'Suddenly the power to abuse the open internet has become so tempting both for government and big companies.' Berners-Lee, 59, is director of the World Wide Web Consortium, a body which develops guidelines for the development of the internet. He called for an internet version of the Magna Carta, the 13th century English charter credited with guaranteeing basic rights and freedoms. Concerns over privacy and freedom on the internet have increased in the wake of the revelation of mass government monitoring of online activity following leaks by former US intelligence contractor Edward Snowden."
Tim Berners-Lee calls for internet bill of rights to ensure greater privacy
AFP, 28 September 2014

"Private information stored online by British computer users could be scrutinised by American law enforcement agencies under a wide-ranging new right-to-snoop being pursued by the US government. Federal authorities in the US are using the courts to try to force American-owned technology companies to disclose emails and other data held in the 'Cloud' - the vast network of servers where data is stored for customers. The claim would require companies such as Microsoft, Apple and Google to open up all their electronic records to agencies - such as the CIA, the NSA and the FBI – even if it is stored in Europe rather than on US soil. A New York court this month ordered Microsoft to hand over to US prosecutors the emails of a European customer stored on its servers in Ireland, as part of a drugs trafficking investigation. Loretta Preska, the judge, ruled that the technology giant must comply with the US warrant because the company is American, even though it could be breaking Irish and EU law if it did so. Microsoft is fighting the order, with the latest stage in its appeal due to begin in December. The company, which is supported by other tech giants, has indicated it will take its battle to the Supreme Court if it loses. If the US government wins the case, data stored by British customers in the 'Cloud' would be open to inspection by American investigators. It would also affect details held about people in this country even if they never use the internet, as companies and even government departments use the services of American-owned companies to hold information in the 'Cloud'. The insecure nature of 'Cloud' storage has already been highlighted by the disclosure of intimate pictures of more than 100 Hollywood actors, such as Jennifer Lawrence, and other celebrities after they were stolen by hackers from Apple's iCloud service. John Hemming, the MP for Birmingham Yardley and an information technology expert, has now raised fears about the implications for the security of parliamentary data. The electronic mailboxes of MPs and peers, which had previously been held on an in-house parliamentary system, were switched in July to Microsoft servers based in Ireland and the Netherlands. Mr Hemming told the Telegraph that warrants could be granted at the US Foreign Intelligence Surveillance (FISA) court, which sits in private, and MPs would not even know that their emails were being monitored."
US threat to British online privacy
Telegraph, 27 September 2014

"It is tracking your every move recording the exact time you left for work, where you bought your coffee and where you like to shop. But this isn’t a futuristic spy drone or some sinister Big Brother state – it’s the iPhone sitting in your pocket. Hidden in Apple phones is a function which logs every journey. The iPhones are then able to analyse the data to figure out where you live and work, basing decisions on the frequency and timing of trips. The function – called the Frequent Locations feature – was quietly introduced to iPhones a year ago. But since access to the programme is buried beneath five layers of settings menus, few people know it exists. Apple claims the data never leaves your phone without your permission, and that it was only designed to improve mapping services. But Professor Noel Sharkey, one of Britain’s leading computing experts, described Apple’s ability to track people as ‘terrifying’. ‘This is shocking,’ he said. ‘Every place you go, where you shop, where you have a drink – it is all recorded. This is a divorce lawyer’s dream. But what horrifies me is that it is so secret. Why did we not know about this?’ Smartphones have had the ability to track their owners’ movements since they were first installed with GPS chips and mapping functions. But this feature, which is automatically installed on any iPhone with the iOS 7 or an iOS 8 operating system, is the first to display the movements clearly on a map. The phone records the date of every one of your journeys, your time of arrival and departure and how many times you have been to each address. Apple insists the data only leaves the phone if users gives their consent by selecting the Improve Maps option in the phone’s privacy menu. But campaigners say the data could be seen by a snooping boss, a jealous wife, or even seized by police or an authoritarian government. The revelation comes at the end of a week in which Apple saw £12billion wiped off its value after a glitch left iPhone 6 owners unable to get a signal – and some owners of the new slimline iPhone 6 Plus bent their frames. In an open letter this month, Apple chief executive Tim Cook said: ‘Our business model is very straightforward. We don’t 'monetize' the information on your iPhone or in iCloud.’ But Professor Sharkey said: ‘Apple might promise not to use our location information for advertising. And many of our authorities might be quite benevolent at the moment. But if you put that information in someone else’s hands, then it becomes powerful, and in some cases, dangerous.’"
iPhone? It's a spyphone: Apple devices can record your every movement
Mail, 27 September 2014

"A CCTV operator who was convicted of spying on a woman in north Belfast with a police camera has been jailed for a total of eight months. Ciaran McCleave, 51, of Collinward Gardens, Newtownabbey, was convicted of voyeurism and misconduct in a public office at Antrim Road police station. The court heard, he had directed a camera at a woman's apartment for 79 minutes over a 26-day period.  A judge said he had spied on the woman for his own 'sexual gratification'. On one occasion, the woman was viewed in her underwear after coming out of the shower. The camera he used was supposed to monitor a north Belfast interface."
Ciaran McCleave: CCTV operator jailed for voyeurism
BBC Online, 24 September 2014

"US spy planes are flying above Britain monitoring telephone and computer signals in a bid to track down British terrorist Jihadi John and those who are communicating with him. The aircraft, manned by British pilots and carrying FBI agents, are equipped with technology so advanced they can detect heat coming off a keyboard when a button is pressed....The signals and data collected by the spy planes is being sent back to the US to be analysed, the Sunday Express reported.... An intelligence services source said the delicate detection equipment on board the planes had previously been used successfully to work out a suspected terrorist's computer password because of the heat signature left on the keys."
US spy planes are flying over British skies in hunt for Jihadi John's associates as net closes in on London suburb
Mail, 20 September 2014

"Sir John [Sawers, head of MI6] told the Financial Times that the lesson of Afghanistan and Iraq was that a government can be toppled in months but it then takes years to rebuild the country.... Sir John repeated his warning that the intelligence leaks by former CIA contractor Edward Snowden, published by the Guardian, had damaged the ability to tracked terrorists. But he said that while the Snowden leaks had caused some people to question whether the spy agencies were on their side, he insisted there was still 'overwhelming support for us'."
West to blame for rise of Islamic State, says UK spy chief
Telegraph, 19 September 2014

"Renegade former American intelligence analyst Edward Snowden claims the US National Security Agency, for which he used to work, has a facility in Auckland and another in the north. 'You are being watched.' Snowden, who is sheltering in Moscow from US attempts to extradite him on espionage charges, appeared by video link before a capacity crowd at the Kim Dotcom-organised Moment of Truth event in Auckland Town Hall last night."
US spies have two bases in New Zealand: Snowden
New Zealand Herald, 16 September 2014

"WikiLeaks has released more information on controversial commercial surveillance tools, criticising the German government for not blocking a 'weaponised malware' developer from shipping its code to countries with regimes with poor human rights records. WikiLeaks’ latest Spy Files publication included some previously unreleased versions of the malware in question, produced by FinFisher, a German firm that used to be part of UK-based Gamma International. FinFisher can infect Apple OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Phone devices. The files, originally obtained by a hacker going by the name Phineas Fisher in August, should be used to improve detection systems to protect people’s PCs and mobiles, WikiLeaks said. The organisation also believes the files will help researchers uncover further human rights abuses related to FinFisher, which can be used to siphon off data from machines and spy on communications, from email to Skype. According to the leaks, FinFisher customers include law enforcement and government agencies in Australia, Bahrain, Bangladesh, Belgium, Bosnia & Herzegovina, Estonia, Hungary, Italy, Mongolia, Netherlands, Nigeria, Pakistan, Singapore, Slovakia, South Africa and Vietnam. This backs up data from Citizen Lab, a Toronto-based non-profit that focuses on protecting activists online, which last year released details on apparent use of FinFisher in 25 countries. The FinFisher suite of spy software was originally brought to light when documents were found in the offices of Egypt’s secret police after former president Hosni Mubarak was deposed. Since then, activists from Ethiopia and Bahrain, amongst other nations, claimed to have been targeted by governments using FinFisher. WikiLeaks said Germany should take action to stop the malware spreading. 'FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise,' said Julian Assange, WikiLeaks’ editor in chief."
Wikileaks releases FinFisher files to highlight government malware abuse
Guardian, 16 September 2014

"In Moscow this summer, while reporting a story for Wired magazine, I had the rare opportunity to hang out for three days with Edward J. Snowden. It gave me a chance to get a deeper understanding of who he is and why, as a National Security Agency contractor, he took the momentous step of leaking hundreds of thousands of classified documents. Among his most shocking discoveries, he told me, was the fact that the N.S.A. was routinely passing along the private communications of Americans to a large and very secretive Israeli military organization known as Unit 8200. This transfer of intercepts, he said, included the contents of the communications as well as metadata such as who was calling whom. Typically, when such sensitive information is transferred to another country, it would first be 'minimized,' meaning that names and other personally identifiable information would be removed. But when sharing with Israel, the N.S.A. evidently did not ensure that the data was modified in this way. Mr. Snowden stressed that the transfer of intercepts to Israel contained the communications — email as well as phone calls — of countless Arab- and Palestinian-Americans whose relatives in Israel and the Palestinian territories could become targets based on the communications. 'I think that’s amazing,' he told me. 'It’s one of the biggest abuses we’ve seen.' It appears that Mr. Snowden’s fears were warranted. Last week, 43 veterans of Unit 8200 — many still serving in the reserves — accused the organization of startling abuses. In a letter to their commanders, to Prime Minister Benjamin Netanyahu and to the head of the Israeli army, they charged that Israel used information collected against innocent Palestinians for 'political persecution.' In testimonies and interviews given to the media, they specified that data were gathered on Palestinians’ sexual orientations, infidelities, money problems, family medical conditions and other private matters that could be used to coerce Palestinians into becoming collaborators or create divisions in their society. The veterans of Unit 8200 declared that they had a 'moral duty' to no longer 'take part in the state’s actions against Palestinians.' An Israeli military spokesman disputed the letter’s overall drift but said the charges would be examined. It should trouble the American public that some or much of the information in question — intended not for national security purposes but simply to pursue political agendas — may have come directly from the N.S.A.’s domestic dragnet. According to documents leaked by Mr. Snowden and reported by the British newspaper The Guardian, the N.S.A. has been sending intelligence to Israel since at least March 2009. The memorandum of agreement between the N.S.A. and its Israeli counterpart covers virtually all forms of communication, including but not limited to 'unevaluated and unminimized transcripts, gists, facsimiles, telex, voice and Digital Network Intelligence metadata and content.' The memo also indicates that the N.S.A. does not filter out American communications before delivery to Israel; indeed, the agency 'routinely sends' unminimized data.Although the memo emphasizes that Israel should make use of the intercepts in accordance with United States law, it also notes that the agreement is legally unenforceable. 'This agreement,' it reads, 'is not intended to create any legally enforceable rights and shall not be construed to be either an international agreement or a legally binding instrument according to international law.' It should also trouble Americans that the N.S.A. could head down a similar path in this country. Indeed, there is some indication, from a top-secret 2012 document from Mr. Snowden’s leaked files that I saw last year, that it already is. The document, from Gen. Keith B. Alexander, then the director of the N.S.A., notes that the agency had been compiling records of visits to pornographic websites and proposes using that information to damage the reputations of people whom the agency considers 'radicalizers' — not necessarily terrorists, but those attempting, through the use of incendiary speech, to radicalize others. (The Huffington Post has published a redacted version of the document.). In Moscow, Mr. Snowden told me that the document reminded him of the F.B.I.’s overreach during the days of J. Edgar Hoover, when the bureau abused its powers to monitor and harass political activists. 'It’s much like how the F.B.I. tried to use Martin Luther King’s infidelity to talk him into killing himself,' he said. 'We said those kinds of things were inappropriate back in the ’60s. Why are we doing that now? Why are we getting involved in this again?'"
James Bamford - Israel’s N.S.A. Scandal
New York Times, 16 September 2014

"In a post published on The Intercept website on Monday afternoon, Mr Snowden - a former analyst at the US National Security Agency (NSA) - says he came across the communications of New Zealanders in his work. 'If you live in New Zealand, you are being watched,' he wrote. Prime Minister John Key's claim that there never has been any mass surveillance by the Government Communications Security Bureau was false, Mr Snowden said. 'At the NSA I routinely came across the communications of New Zealanders in my work with a mass surveillance tool we share with GCSB, called XKEYSCORE. It allows total, granular access to the database of communications collected in the course of mass surveillance. It is not limited to or even used largely for the purposes of cybersecurity, as has been claimed, but is instead used primarily for reading individuals' private email, text messages, and internet traffic,' Mr Snowden said. 'I know this because it was my full-time job in Hawaii, where I worked every day in an NSA facility with a top secret clearance.'"
New Zealanders are being watched: Snowden
SBS, 15 September 2014

"The New South Wales police have used sophisticated hacking software to monitor the phones and computers of Australians, according to documents published by WikiLeaks. In a new cache published on Monday NSW police are listed as a client of Gamma International, a German company that develops powerful spyware to remotely monitor computer use. The documents show that NSW police have used several of the company’s spy programs for a number of investigations at a cost of more than $2m. The software – known as FinSpy – allows widespread access to computer records, including extracting files from hard drives, grabbing images of computer screens, full Skype monitoring, logging keystrokes and monitoring email and chat communications. 'When FinSpy is installed on a computer system it can be remotely controlled and accessed as soon as it is connected to the internet/network, no matter where in the world the target system is based,' earlier documentation published by WikiLeaks said. In NSW the police can apply for a special type of covert search warrant that would allow police to monitor computers remotely. The warrants are obtained from an 'eligible judge' of the supreme court who is able to grant warrants. The computer access possible under the program is extensive. In one communication with the software developers, a NSW police officer writes that there are risks that sensitive information – such as privileged communication with a lawyer – could be caught by the program."
WikiLeaks: NSW police have used hi-tech spyware to monitor Australians
Guardian, 15 September 2014

"The Bureau of Investigative Journalism’s application to the Strasbourg Court challenges the government’s use of covert surveillance powers to access and analyse journalistic information. We say it is clearly contrary to fundamental human rights law. The background to BIJ’s challenge is well known. Edward Snowden finally told us the facts. The government uses the Regulation of Investigatory Powers Act 2000 (RIPA) to harvest huge quantities of our data. This includes the content of our digital material and communications. It also includes our communication data (or metadata) – the surrounding information about who we communicate with, how, when, from where and so on. There is no targeting of subjects for these investigations by GCHQ (such as particular individuals or premises). Instead there is blanket collection of data in pursuit of broadly identified aims – such as the protection of national security and prevention of crime. Authorisations under RIPA are signed off routinely and on a rolling basis. This data is then analysed using hugely sophisticated and intrusive programs to find out whatever it is the security state considers it needs to know. RIPA was drafted before we all began to use digital communications and information storage in any meaningful way. It is not designed to protect our rights to privacy and freedom of expression – under Articles 8 and 10 of the European Convention on Human Rights respectively – in the digital age. Everyone knows now that RIPA is therefore no longer 'fit for purpose'. The practical and legal consequences for journalists of this data harvesting are, however, less well known. BIJ’s case is concerned with these. In the midst of the vast quantities of data being indiscriminately collected and analysed are large quantities of journalistic information. After all, journalism is a huge digital information industry in the UK. The days when journalists met their confidential sources in the snug bar and jotted down handwritten notes, or pocketed photocopied documents, are long gone. The tools of the trade are now computers and mobile devices. The leaks can come in gargantuan numbers of bytes. No one knows anything about what GCHQ does with the journalistic information it pulls in. This is because, startlingly, neither the legislation nor government guidance about its use says anything at all about this. But it is inevitable that some of GCHQ’s minute analysis of the data will be giving it selective access to confidential journalistic material and identifying sources. There is already much evidence that law enforcement agencies increasingly seek to access such information for their own purposes. It is an easy way of advancing their investigations. It can help to identify and deal with embarrassing whistleblowers and can forewarn of awkward stories in the offing. The same is true for the security and intelligence agencies. Article 10 of the Convention, as interpreted by the Strasbourg Court, gives strong legal protections to those engaging in public interest journalism. It is these rights that BIJ argues are being flouted by this process. In particular, such journalists are entitled to protect information which may identify a confidential source. Such sources are recognised as the lifeblood of investigative journalism. State enforced disclosure of this type of information deters future whistleblowers from approaching journalists. Journalistic activity is 'chilled'. The journalists are less able to pass on important information and ideas to the public. In this process our Article 10 rights to receive the product of this journalism are interfered with by the state as well."
Gavin Millar QC: Routine government surveillance of journalists’ communications breaches international law
The Bureau of Investigative Journalism, 14 September 2014

"The U.S. National Security Agency and its British counterpart GCHQ gained secret access to the networks of German Web providers including Deutsche Telekom AG as it sought to peer into computers all over the world, according to a e-mails from the German magazine Der Spiegel, citing documents provided by fugitive NSA employee Edward Snowden. The agencies conducted an operation called 'Treasure Map,' which sought close to real-time access to individual routers as well as computers, smartphones and tablets connected to the Internet, Spiegel reported Saturday in an e-mailed preview of an article to be published on Sept. 15. The New York Times reported the existence of Treasure Map last year. Deutsche Telekom said it is investigating the allegations and hasn't found evidence of manipulation or external access to its networks. The company, in an e-mailed statement, said it has informed German authorities and is reviewing its networks with external information-technology experts. Access by foreign security agencies would be 'completely unacceptable,' the Bonn-based company said in its statement."
Report: Snowden documents show NSA had access to German networks
Bloomberg News, 14 September 2014

"Yahoo reports that it is on the verge of releasing 1,500 pages of documents related to a long court battle over its participation in the PRISM program, a National Security Agency program revealed last summer as part of the Snowden leaks. A leaked top-secret slide about PRISM shows that Yahoo was one of the first participants, having begun contributing to the database in March of 2008. It did so under severe duress. Company executives believed the government's demand for data was 'unconstitutional and overbroad' and fought it in court. 'Our challenge, and a later appeal in the case, did not succeed,' explained Yahoo General Counsel Ron Bell in a blog post published today. 'The Foreign Intelligence Surveillance Court (FISC)... ordered us to give the U.S. Government the user data it sought in the matter.' After it lost, Yahoo was threatened with $250,000 per day fines if it didn't comply with the program. Not only that, but the government got permission to share the ruling with other companies in order to put pressure on them as well, according to a just-published story by The Washington Post. Ultimately, Microsoft, Google, Facebook, YouTube, Skype, AOL, and Apple would all participate in PRISM. Before it was discontinued in 2011, the program gathered up vast amounts of what the government called 'metadata' about e-mail, including who users e-mailed and when. The original order to Yahoo in 2007 required the company to provide information on targets that were outside the US, even if the person was a US citizen."
US gov’t threatened Yahoo with $250K daily fine if it didn’t use PRISM
Ars Technica, 11 September 2014

"The War on Terror is turning into a perpetual war. Thirteen years after the al-Qaeda attack on the twin towers and the Pentagon, President Obama is preparing to enter a Middle Eastern country to eradicate a new army of jihadists - and no one knows when or how he will ever be able to to get out..... The problem is that, in a decade or more of being hunted around the globe, the terrorists have developed an extraordinary resilience. When smashed, they splinter. When bugged, they fall silent... Al-Qaeda is not a formal organisation like the mafia clans. This [notion] was a useful tool for a while, allowing the US, in particular, to expand electronic surveillance.... It is an idea, and a network. Islamic State, in particular, is largely self-recruiting."
Lessons from the past for future war on terror
London Times, 11 September 2014, Print Edition, P37

"According to newly published documents, the National Security Agency has built a “Google-like” search interface for its vast database of metadata, and the agency shares it with dozens of other American intelligence agencies. The new documents are part of the Snowden leaks and were first published on Monday by The Intercept. The new search tool, called ICREACH, is described in an internal NSA presentation as a “large scale expansion of communications metadata shared with [intelligence community] partners.” That same presentation shows that ICREACH has been operational since the pilot launched in May 2007. Not only is data being shared to more agencies, but there are more types of such data being shared—ICREACH searches over 850 billion records. New data types being shared include IMEI numbers (a unique identifier on each mobile handset), IMSI (another unique identifier for SIM cards), GPS coordinates, e-mail address, and chat handles, among others. Previously, such metadata was only limited to date, time, duration, called number, and calling number. One 2005 document describes the predecessor to ICREACH, known as CRISSCROSS, as having notable success in rendition, the controversial practice of secretly spiriting away terrorism suspects from capture point to prison."
NSA built “Google-like” interface to scan 850+ billion metadata records
ArsTechnica, 25 August 2014

"For the past five years, British spying nerve-center GCHQ has been port scanning internet-connected computers in 27 countries – in a exhaustive hunt for systems to potentially exploit. That bombshell comes amid fresh leaks detailing the dragnet surveillance programs operated by the Five Eyes nations: America, UK, Canada, Australia and New Zealand. German publisher Heise reports that the HACIENDA program scans open ports on all public-facing servers to seek out vulnerable systems – a basic reconnaissance strategy adopted by countless hackers and other curious folk. As well as simple port scans, GCHQ also stashes the banner text sent by some server software to connecting clients, and other data. Assuming the server is telling the truth, these banners can be useful because they typically declare the version number and name of the software – this is information that can be used to look up exploits for known vulnerabilities in the code. And we all know GCHQ et al love vulnerabilities.The Heise report – co-written by Snowden confidantes Jacob Appelbaum and Laura Poitras – states HACIENDA sits besides GCHQ's previously exposed program of tapping trans-Atlantic fibre-optic cables: 'The process of scanning entire countries and looking for vulnerable network infrastructure to exploit is consistent with the meta-goal of 'Mastering the Internet', which is also the name of a GCHQ cable-tapping program: these spy agencies try to attack every possible system they can, presumably as it might provide access to further systems. Systems may be attacked simply because they might eventually create a path towards a valuable espionage target, even without actionable information indicating this will ever be the case. Using this logic, every device is a target for colonisation, as each successfully exploited target is theoretically useful as a means to infiltrating another possible target.'"
Revealed ... GCHQ's incredible hacking tool to sweep net for vulnerabilities
The Register, 15 August 2015

"Nearly half of the people on the U.S. government’s widely shared database of terrorist suspects are not connected to any known terrorist group, according to classified government documents obtained by The Intercept. Of the 680,000 people caught up in the government’s Terrorist Screening Database—a watchlist of 'known or suspected terrorists' that is shared with local law enforcement agencies, private contractors, and foreign governments—more than 40 percent are described by the government as having 'no recognized terrorist group affiliation.' That category—280,000 people—dwarfs the number of watchlisted people suspected of ties to al Qaeda, Hamas, and Hezbollah combined. The documents, obtained from a source in the intelligence community, also reveal that the Obama Administration has presided over an unprecedented expansion of the terrorist screening system. Since taking office, Obama has boosted the number of people on the no fly list more than ten-fold, to an all-time high of 47,000—surpassing the number of people barred from flying under George W. Bush. 'If everything is terrorism, then nothing is terrorism,' says David Gomez, a former senior FBI special agent. The watchlisting system, he adds, is 'revving out of control.'"
Barack Obama’s Secret Terrorist-Tracking System, by the Numbers
The Intercept, 5 August 2014

"Remember that scene in Minority Report, where Tom Cruise is on the run from the law, but is unable to avoid detection because everywhere he goes there are constant retina scans feeding his location back to a central database? That’s tomorrow. Today, Google is tracking wherever your smartphone goes, and putting a neat red dot on a map to mark the occasion. You can find that map here. All you need to do is log in with the same account you use on your phone, and the record of everywhere you’ve been for the last day to month will erupt across your screen like chicken pox. We all know that no matter what ‘privacy’ settings you may try and implement, our information is all being collected and stored somewhere. That knowledge sits in the back of our minds, and is easy to drown out by shoving in some headphones and watching Adventure Time on repeat until everything stops being 1984.  But it’s a sharp jolt back to reality when you see a two dimensional image marking your daily commute with occasional detours to the cinema or a friend’s house."
Google Maps Has Been Tracking Your Every Move, And There’s A Website To Prove It
Junkee, 15 August 2014

"I confess to feeling some kinship with Snowden. Like him, I was assigned to a National Security Agency unit in Hawaii—in my case, as part of three years of active duty in the Navy during the Vietnam War. Then, as a reservist in law school, I blew the whistle on the NSA when I stumbled across a program that involved illegally eavesdropping on US citizens. I testified about the program in a closed hearing before the Church Committee, the congressional investigation that led to sweeping reforms of US intelligence abuses in the 1970s.... The same day I share pizza with Snowden in a Moscow hotel room, the US House of Representatives moves to put the brakes on the NSA. By a lopsided 293-to-123 tally, members vote to halt the agency’s practice of conducting warrantless searches of a vast database that contains millions of Americans’ emails and phone calls. “There’s no question Americans have become increasingly alarmed with the breadth of unwarranted government surveillance programs used to store and search their private data,” the Democratic and Republican sponsors announce in a joint statement. “By adopting this amendment, Congress can take a sure step toward shutting the back door on mass surveillance.” It’s one of many proposed reforms that never would have happened had it not been for Snowden. ... It was in Geneva that Snowden would see firsthand some of the moral compromises CIA agents made in the field. Because spies were promoted based on the number of human sources they recruited, they tripped over each other trying to sign up anyone they could, regardless of their value. Operatives would get targets drunk enough to land in jail and then bail them out—putting the target in their debt. “They do really risky things to recruit them that have really negative, profound impacts on the person and would have profound impacts on our national reputation if we got caught,” he says. “But we do it simply because we can.” While in Geneva, Snowden says, he met many spies who were deeply opposed to the war in Iraq and US policies in the Middle East. “The CIA case officers were all going, what the hell are we doing?” ... He began to consider becoming a whistle-blower, but with Obama about to be elected, he held off. “I think even Obama’s critics were impressed and optimistic about the values that he represented,” he says. “He said that we’re not going to sacrifice our rights. We’re not going to change who we are just to catch some small percentage more terrorists.” But Snowden grew disappointed as, in his view, Obama didn’t follow through on his lofty rhetoric. “Not only did they not fulfill those promises, but they entirely repudiated them,” he says. “They went in the other direction. What does that mean for a society, for a democracy, when the people that you elect on the basis of promises can basically suborn the will of the electorate?” It took a couple of years for this new level of disillusionment to set in. By that time—2010—Snowden had shifted from the CIA to the NSA, accepting a job as a technical expert in Japan with Dell, a major contractor for the agency. .... But Snowden’s disenchantment would only grow. It was bad enough when spies were getting bankers drunk to recruit them; now he was learning about targeted killings and mass surveillance, all piped into monitors at the NSA facilities around the world. Snowden would watch as military and CIA drones silently turned people into body parts. And he would also begin to appreciate the enormous scope of the NSA’s surveillance capabilities, an ability to map the movement of everyone in a city by monitoring their MAC address, a unique identifier emitted by every cell phone, computer, and other electronic device. Even as his faith in the mission of US intelligence services continued to crumble, his upward climb as a trusted technical expert proceeded. In 2011 he returned to Maryland, where he spent about a year as Dell’s lead technologist working with the CIA’s account. “I would sit down with the CIO of the CIA, the CTO of the CIA, the chiefs of all the technical branches,” he says. “They would tell me their hardest technology problems, and it was my job to come up with a way to fix them.”... But in March 2012, Snowden moved again for Dell, this time to a massive bunker in Hawaii where he became the lead technologist for the information-sharing office, focusing on technical issues. Inside the “tunnel,” a dank, chilly, 250,000-square-foot pit that was once a torpedo storage facility, Snowden’s concerns over the NSA’s capabilities and lack of oversight grew with each passing day. Among the discoveries that most shocked him was learning that the agency was regularly passing raw private communications—content as well as metadata—to Israeli intelligence. Usually information like this would be “minimized,” a process where names and personally identifiable data are removed. But in this case, the NSA did virtually nothing to protect even the communications of people in the US. This included the emails and phone calls of millions of Arab and Palestinian Americans whose relatives in Israel-occupied Palestine could become targets based on the communications. “I think that’s amazing,” Snowden says. “It’s one of the biggest abuses we’ve seen.” (The operation was reported last year by The Guardian, which cited the Snowden documents as its source.) Another troubling discovery was a document from NSA director Keith Alexander that showed the NSA was spying on the pornography-viewing habits of political radicals. The memo suggested that the agency could use these “personal vulnerabilities” to destroy the reputations of government critics who were not in fact accused of plotting terrorism. The document then went on to list six people as future potential targets. (Greenwald published a redacted version of the document last year on the Huffington Post.) Snowden was astonished by the memo. “It’s much like how the FBI tried to use Martin Luther King’s infidelity to talk him into killing himself,” he says. “We said those kinds of things were inappropriate back in the ’60s. Why are we doing that now? Why are we getting involved in this again?” In the mid-1970s, Senator Frank Church, similarly shocked by decades of illegal spying by the US intelligence services, first exposed the agencies’ operations to the public. That opened the door to long-overdue reforms, such as the Foreign Intelligence Surveillance Act. Snowden sees parallels between then and now. “Frank Church analogized it as being on the brink of the abyss,” he says. “He was concerned that once we went in we would never come out. And the concern we have today is that we’re on the brink of that abyss again.” He realized, just like Church had before him, that the only way to cure the abuses of the government was to expose them. But Snowden didn’t have a Senate committee at his disposal or the power of congressional subpoena. He’d have to carry out his mission covertly, just as he’d been trained. ... “If the government will not represent our interests,” he says, his face serious, his words slow, “then the public will champion its own interests. And whistle-blowing provides a traditional means to do so.”... The massive surveillance effort was bad enough, but Snowden was even more disturbed to discover a new, Strangelovian cyberwarfare program in the works, codenamed MonsterMind. The program, disclosed here for the first time, would automate the process of hunting for the beginnings of a foreign cyberattack. Software would constantly be on the lookout for traffic patterns indicating known or suspected attacks. When it detected an attack, MonsterMind would automatically block it from entering the country—a “kill” in cyber terminology. Programs like this had existed for decades, but MonsterMind software would add a unique new capability: Instead of simply detecting and killing the malware at the point of entry, MonsterMind would automatically fire back, with no human involvement. That’s a problem, Snowden says, because the initial attacks are often routed through computers in innocent third countries. “These attacks can be spoofed,” he says. “You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital. What happens next?” In addition to the possibility of accidentally starting a war, Snowden views MonsterMind as the ultimate threat to privacy because, in order for the system to work, the NSA first would have to secretly get access to virtually all private communications coming in from overseas to people in the US..... Given the NSA’s new data storage mausoleum in Bluffdale, its potential to start an accidental war, and the charge to conduct surveillance on all incoming communications, Snowden believed he had no choice but to take his thumb drives and tell the world what he knew. The only question was when. On March 13, 2013, sitting at his desk in the “tunnel” surrounded by computer screens, Snowden read a news story that convinced him that the time had come to act. It was an account of director of national intelligence James Clapper telling a Senate committee that the NSA does “not wittingly” collect information on millions of Americans. “I think I was reading it in the paper the next day, talking to coworkers, saying, can you believe this shit?” Snowden and his colleagues had discussed the routine deception around the breadth of the NSA’s spying many times, so it wasn’t surprising to him when they had little reaction to Clapper’s testimony. “It was more of just acceptance,” he says, calling it “the banality of evil”—a reference to Hannah Arendt’s study of bureaucrats in Nazi Germany. “It’s like the boiling frog,” Snowden tells me. “You get exposed to a little bit of evil, a little bit of rule-breaking, a little bit of dishonesty, a little bit of deceptiveness, a little bit of disservice to the public interest, and you can brush it off, you can come to justify it. But if you do that, it creates a slippery slope that just increases over time, and by the time you’ve been in 15 years, 20 years, 25 years, you’ve seen it all and it doesn’t shock you. And so you see it as normal. And that’s the problem, that’s what the Clapper event was all about. He saw deceiving the American people as what he does, as his job, as something completely ordinary. And he was right that he wouldn’t be punished for it, because he was revealed as having lied under oath and he didn’t even get a slap on the wrist for it. It says a lot about the system and a lot about our leaders.” Snowden decided it was time to hop out of the water before he too was boiled alive. At the same time, he knew there would be dire consequences. “It’s really hard to take that step—not only do I believe in something, I believe in it enough that I’m willing to set my own life on fire and burn it to the ground.”"
James Banford - The Most Wanted Man In The World
Wired, 14 August 2014

"Some of the revelations attributed to Snowden may not in fact have come from him but from another leaker spilling secrets under Snowden’s name. Snowden himself adamantly refuses to address this possibility on the record. But independent of my visit to Snowden, I was given unrestricted access to his cache of documents in various locations. And going through this archive using a sophisticated digital search tool, I could not find some of the documents that have made their way into public view, leading me to conclude that there must be a second leaker somewhere. I’m not alone in reaching that conclusion. Both Greenwald and security expert Bruce Schneier—who have had extensive access to the cache—have publicly stated that they believe another whistle-blower is releasing secret documents to the media. In fact, on the first day of my Moscow interview with Snowden, the German newsmagazine Der Spiegel comes out with a long story about the NSA’s operations in Germany and its cooperation with the German intelligence agency, BND. Among the documents the magazine releases is a top-secret “Memorandum of Agreement” between the NSA and the BND from 2002. “It is not from Snowden’s material,” the magazine notes. Some have even raised doubts about whether the infamous revelation that the NSA was tapping German chancellor Angela Merkel’s cell phone, long attributed to Snowden, came from his trough. At the time of that revelation, Der Spiegel simply attributed the information to Snowden and other unnamed sources. If other leakers exist within the NSA, it would be more than another nightmare for the agency—it would underscore its inability to control its own information and might indicate that Snowden’s rogue protest of government overreach has inspired others within the intelligence community."
James Bamford - Edward Snowden: The Untold Story
Wired, 14 August 2014

"The U.S. government need not turn over a secret surveillance court's orders or the names of phone companies helping it collect call records, because it might reveal methods needed to protect national security, a federal judge decided on Monday. U.S. District Judge Yvonne Gonzalez Rogers in Oakland, California, rejected the Electronic Frontier Foundation's argument that the U.S. Department of Justice should turn over the materials, in the wake of unauthorized disclosures last year by a former National Security Agency contractor, Edward Snowden. The EFF noted that the government had already declassified hundreds of pages of other documents discussing data collection under the U.S. Patriot Act, including some that the data privacy advocacy group had requested. These declassifications came after Snowden's leaks had been revealed. Rogers, though, said disclosing orders of the Foreign Intelligence Surveillance Court, which handles federal requests for surveillance warrants, could "provide a roadmap" for targets of national security investigations to evade surveillance."
U.S. can keep court orders, phone cos secret in NSA spy case
Reuters, 11 August 2014

"Israel was singled out in 2007 as a top espionage threat against the U.S. government, including its intelligence services, in a newly published National Security Agency (NSA) document obtained by fugitive leaker Edward Snowden, according to a news report Monday. The document also identified Israel, along with North Korea, Cuba and India, as a “leading threat” to the infrastructure of U.S. financial and banking institutions. The threats were listed in the NSA’s 2007 Strategic Mission List, according to the document obtained by journalist/activist Glenn Greenwald, a founding editor of The Intercept, an online magazine that has a close relationship with Snowden, a former NSA and CIA contractor who fled the U.S. with thousands of top-secret documents last year. In this new document, Israel was identified by the NSA as a security threat in several areas, including “the threat of development of weapons of mass destruction” and “delivery methods (particularly ballistic and nuclear-capable cruise missiles).” The NSA also flagged Israel’s “WMD and missile proliferation activities” and “cruise missiles” as threats. In a section of the document headed “Foreign Intelligence, Counterintelligence; Denial & Deception Activities: Countering Foreign Intelligence Threats,” Israel was listed as a leading perpetrator of “espionage/intelligence collection operations and manipulation/influence operations…against U.S. government, military, science & technology and Intelligence Community” organs. The term “manipulation/influence operations” refers to covert attempts by Israel to sway U.S. public opinion in its favor. In this, Israel has dubious company, according to the NSA: Other leading threats were listed as China, Russia, Cuba, Iran, Pakistan, North Korea, France, Venezuela and South Korea. Israel has similar company in threats against U.S. infrastructure, according to the NSA document. Under a section headed “Mastering Cyberspace and Preventing an Attack on U.S. Critical Information Systems,” Israel, India, North Korea and Cuba are identified as “FIS [financial/banking system] threats.” Israel also appears on the list of countries believed by the NSA to be “enabling” electronic warfare “producers/proliferators.” The new document again underscores the schizoid relationship between the U.S. and Israel, which cooperate closely in military and intelligence operations but also aggressively spy on each other. A previously released Snowden document said that “one of NSA’s biggest threats is actually from friendly intelligence services, like Israel.” Another revealed that a U.S. National Intelligence Estimate ranked Israel as “the third most aggressive intelligence service against the U.S.,” behind only China and Russia. In a series of articles last May, Newsweek reported that “Israel has been caught carrying out aggressive espionage operations against American targets for decades,” an allegation vociferously denied by Israeli officials, who insisted that Jerusalem stopped spying on the U.S. after the late 1980s arrest and conviction of its secret agent Jonathan Pollard, a U.S. Naval Intelligence analyst. Over the weekend, the German magazine Der Spiegel reported that Israel eavesdropped on Secretary of State John Kerry’s cellphone conversations during Middle East peace talks in 2013. (According to a July 20, 2014, piece in The New Republic, “The Kerry team spoke more carefully over cell phones, believing the Israelis might be listening.”) The State Department had no comment on the Der Spiegel allegations."
Israel Flagged as Top Spy Threat to U.S. in New Snowden/NSA Document
Newsweek, 8 August 2014

"Edward Snowden, the National Security Agency whistleblower, has been given permission to stay in Russia for three more years and will be allowed to travel abroad for three-month stints. His Russian lawyer told reporters that Snowden, whose temporary asylum ran out on 1 August, has received a three-year residence permit."
Edward Snowden given permission to stay in Russia for three more years
Guardian, 7 August 2014

"More than a year after Seattle police promised to not turn on a network of surveillance cameras and communication nodes installed as part of a federal port-security grant, the department still hasn’t released a draft policy on how it will use the equipment and protect citizen privacy. The installation of the 30 cameras and a wireless mesh broadband network came shortly after the Police Department’s purchase of two aerial drones, also with a Homeland Security grant, and also without public notice. And next year, Seattle City Light plans to start installing smart meters capable of collecting detailed information about residents’ electricity use. Now, privacy and civil-liberties advocates say the city needs to enact a strong review process to guide how information is collected, stored, shared and protected, rather than leaving the guidelines to various departments. “We know that whenever these systems are put in place, they can be abused,” said Lee Colleton, a Seattle computer-systems administrator and member of the Seattle Privacy Coalition. “The city needs strong oversight of any surveillance systems.” Colleton has particular reason to be skeptical. He was protesting a proposed youth jail in July when his cellphone picked up a Wi-Fi signal from one of the communication nodes mounted on a city utility pole at Third and Yesler. Much like other Wi-Fi hot spots, the nodes can collect and retain the identification of individual cellphone users and potentially track them as they move around the city. The police quickly apologized and said the “rogue node” had been inadvertently activated when a contractor restored power to the pole. Department officials assured the public that it had quickly been turned off again. But Colleton said the incident highlighted the fears of some residents that the new surveillance equipment could be used to monitor and photograph lawful gatherings."
Rogue cellphone tracker alarms Seattle privacy activists
Seattle Times, 4 August 2014

"The British government is in the preliminary stages of designing a controversial system which will share citizens' sensitive personal information across government departments without their consent. Leaked documents show civil servants are planning to mimic the data-sharing systems used by firms like Amazon or Tesco. This could mean information about a person's driving licence, criminal record and even how much energy they use at home will be shared by apparatchiks in all government departments. The measures are intended to side-step the old-fashioned guidance contained in the Data Protection Act, which makes it very difficult for information to be shared across government departments. These recommendations are contained in a Cabinet Office “discussion document”. “People tend to assume that Government can share data between departments to complete simple tasks, and are surprised to learn that it cannot," civil servants wrote. “Removing barriers to sharing or linking datasets can help Government to design and implement evidence-based policy – for example to tackle social mobility, assist economic growth and prevent crime”. The proposals have been drafted by Cabinet Office secretary Francis Maude and will be contained in a White Paper due to be published in the autumn, with a possible goal of rolling out the new systems after the general election in 2015. The most important state services involved could include police, schools, local council and government departments. Examples of possible uses for the new data sharing system could include checking if bus pass claimants are still alive, tackling illegal immigration or sharing information about teenagers involved in gangs. It is not yet certain that the measures will be enshrined in law."
UK.gov wants public sector to rip up data protection law
The Register, 4 August 2014

"Israel could be using US intelligence and equipment in its offensive in the Gaza Strip, according to leaked document. A top secret report by the American National Security Agency (NSA) provided by Edward Snowden was published on Monday by The Intercept. The document, dated 13 April 2013, describes the NSA’s “far-reaching technical and analytic relationship with the Israeli SIGINT National Unit (ISNU) sharing information on access, intercept, targeting, language, analysis and reporting”. It says the co-operation has expanded to include other Israeli and US intelligence organisations including the CIA, American Special Operations Division and Israeli intelligence agency Mossad. Targets for both America and Israel are listed as “the countries of North Africa, the Middle East, the Persian Gulf, South Asia, and the Islamic republics of the former Soviet Union”. Among Israel’s particular priorities, the document mentions Iran and Syria’s nuclear programmes, Hezbollah’s activities in Lebanon and “Palestinian terrorism”. It adds: “The Israeli side enjoys the benefits of expanded geographic access to world-class NSA cryptanalytic and SIGINT engineering expertise, and also gains controlled access to advanced US technology and equipment via accommodation buys and foreign military sales.” An accompanying report by Glenn Greenwald, a former Guardian journalist who hit headlines last year when his partner was detained at Heathrow Airport, claims Britain’s electronic surveillance agency GCHQ and its Canadian equivalent also co-operate with Israel. The US also supplies arms to Israel, including radar systems, missiles and V-22 planes for the Air Force listed in a Times of Israel report. Last year, the US Secretary of Defence, Chuck Hagel, said the weapons would ensure country’s “military superiority over any enemy state, non-state or coalition”. Britain’s role in arming the Israeli Defence Forces (IDF) was revealed by The Independent last week. Documents showed that arms export licences worth £42m have been granted to 130 British defence manufacturers since 2010 to sell Israel military equipment ranging  from weapons control and targeting systems to ammunition, drones and armoured vehicles."
Israel-Gaza conflict: New Snowden leak reveals extent of US intelligence co-operation with Israel
Independent, 4 August 2014

"SPIEGEL has learned from reliable sources that Israeli intelligence eavesdropped on US Secretary of State John Kerry during Middle East peace negotiations. In addition to the Israelis, at least one other intelligence service also listened in as Kerry mediated last year between Israel, the Palestinians and the Arab states, several intelligence service sources told SPIEGEL. Revelations of the eavesdropping could further damage already tense relations between the US government and Israel. During the peak stage of peace talks last year, Kerry spoke regularly with high-ranking negotiating partners in the Middle East. At the time, some of these calls were not made on encrypted equipment, but instead on normal telephones, with the conversations transmitted by satellite. Intelligence agencies intercepted some of those calls. The government in Jerusalem then used the information obtained in international negotiations aiming to reach a diplomatic solution in the Middle East. In the current Gaza conflict, the Israelis have massively criticized Kerry, with a few ministers indirectly calling on him to withdraw from peace talks. Both the US State Department and the Israeli authorities declined to comment."
Israel Intelligence Eavesdropped on Phone Calls By John Kerry
Spiegel, 3 August 2014

"A US judge has ordered Microsoft to hand over foreign data it stores back to the US, despite allegedly strong privacy protections in Europe to mitigate such processes. The logic of the court is that because the US-headquartered software giant controls the data it stores overseas, its foreign subsidiary companies are just as applicable to US law. US District Judge Loretta Preska in New York said the ruling will be stayed to allow Microsoft to appeal the decision to an appeals court. "It is a question of control, not a question of the location of that information," Preska said in the ruling. The ruling means that users in Europe and further afield of Microsoft's services — and others, including Apple, Google, Yahoo, Facebook, and Twitter, with a headquarters in the US — are not immune from having their data handed over to the US government for law enforcement or intelligence purposes. Microsoft initially challenged the order, saying that local laws must apply in respect of each jurisdiction."
Microsoft ordered to hand over overseas email, throwing EU privacy rights in the fire
ZDnet, 31 July 2014

"Edward Snowden's lawyer has labelled as "draconian" and "chilling" Abbott government legislation before parliament that would threaten ASIO leakers with 10 years' imprisonment and make it an offence for journalists to report on information they receive from whistleblowers. Lawyer Jesselyn Radack, who is travelling in Australia, told the Wheeler Centre in Melbourne on Tuesday night that the laws being proposed by Attorney-General George Brandis went too far. "That law is so draconian and would be so chilling in terms of freedom of the press," Ms Radack said. "It would criminalise a reporter talking to a source. 'It's the most draconian thing I've seen and it is completely antithetical to a free and open democratic society … I find it very disturbing that Australia's entertaining this kind of legislation and that there hasn't been a greater outcry, especially from the press.' The legislation makes it an offence if a person "discloses information ... [that] relates to a special intelligence operation" and does not state any exemptions, meaning it could apply to anyone including journalists, bloggers, lawyers and other members of the public. Those who disclosed such information would face tough new penalties of up to 10 years' jail. Ms Radack said the new laws would essentially give ASIO immunity. "This particular proposed legislation is drafted so broadly that almost anything could be labelled a special intelligence operation … the definitions are so broad and vague as to make anyone subject to this." NSA whistleblower Thomas Drake, who also spoke at the Wheeler Centre, said the laws reminded him of his own trial and said that they would result in self-censorship. "If this passes in its current form without huge changes, it is going to send a very chilling message," Mr Drake said. "It will create a climate in which people will self-censor. They will opt not to reveal anything. They will opt not to associate with certain individuals. They will opt not to share certain information just on the risk that it might be designated secret or it might be designated something that might reveal an intelligence operation. Well in that kind of an environment guess what? It has its intended effect.""
Edward Snowden's lawyer blasts Australian law that would jail journalists reporting on spy leaks
Sydney Morning Herald, 30 July 2014

"The National Security Agency last year significantly expanded its cooperative relationship with the Saudi Ministry of Interior, one of the world’s most repressive and abusive government agencies. An April 2013 top secret memo provided by NSA whistleblower Edward Snowden details the agency’s plans “to provide direct analytic and technical support” to the Saudis on “internal security” matters. The Saudi Ministry of Interior—referred to in the document as MOI— has been condemned for years as one of the most brutal human rights violators in the world. In 2013, the U.S. State Department reported that “Ministry of Interior officials sometimes subjected prisoners and detainees to torture and other physical abuse,” specifically mentioning a 2011 episode in which MOI agents allegedly “poured an antiseptic cleaning liquid down [the] throat” of one human rights activist. The report also notes the MOI’s use of invasive surveillance targeted at political and religious dissidents. But as the State Department publicly catalogued those very abuses, the NSA worked to provide increased surveillance assistance to the ministry that perpetrated them. The move is part of the Obama Administration’s increasingly close ties with the Saudi regime; beyond the new cooperation with the MOI, the memo describes “a period of rejuvenation” for the NSA’s relationship with the Saudi Ministry of Defense. In general, U.S. support for the Saudi regime is long-standing. One secret 2007 NSA memo lists Saudi Arabia as one of four countries where the U.S. “has [an] interest in regime continuity.” But from the end of the 1991 Gulf War until recently, the memo says, the NSA had a “very limited” relationship with the Saudi kingdom. In December 2012, the U.S. director of national intelligence, James Clapper, authorized the agency to expand its “third party” relationship with Saudi Arabia to include the sharing of signals intelligence, or “SIGINT,” capability with the MOD’s Technical Affairs Directorate (TAD). “With the approval of the Third Party SIGINT relationship,” the memo reports, the NSA “intends to provide direct analytic and technical support to TAD.” The goal is “to facilitate the Saudi government’s ability to utilize SIGINT to locate and track individuals of mutual interest within Saudi Arabia....Over the past year, the Saudi government has escalated its crackdown on activists, dissidents, and critics of the government. Earlier this month, Saudi human rights lawyer and activist Waleed Abu al-Khair was sentenced to 15 years in prison by a so-called “terrorist court” on charges of undermining the state and insulting the judiciary. In May, a liberal blogger, Raif Badawi, was sentenced to 10 years in prison and 1,000 lashes; in June, human rights activist Mukhlif Shammari was sentenced to five years in prison for writing about the mistreatment of Saudi women.
The NSA’s New Partner in Spying: Saudi Arabia’s Brutal State Police
The Intercept, 25 July 2014

"UK anti-terrorism laws are so broadly drawn they are in danger of catching journalists, bloggers, and those it was "never intended to cover" the counter-terrorism watchdog has said. David Anderson QC has called on the Government to revisit its definition of terrorism in his annual report published today as the UK’s independent reviewer of terrorism legislation.... Mr Anderson references the case of David Miranda in his report, in which the Brazilian partner of Guardian journalist Glenn Greenwald was detained and questioned for nine hours under terrorism laws because he was believed to be carrying stolen secrets linked to Mr Greenwald’s articles uncovering NSA surveillance activity. Mr Miranda’s detention was later deemed lawful by the High Court, but Mr Anderson said the case of this detention, in which Mr Miranda was believed to be carrying a large number of stolen secret documents, was "more difficult to defend" the use of anti-terrorism laws for the purpose of stopping someone, detaining them and seeing "what’s going on". "One might be thinking of official secrets, of espionage, of theft, but it’s a bit of a stretch to see somebody like that as a potential terrorist," he said. Mr Anderson warned the public would only continue to accept the legislation if they were sure it was genuinely needed. He has called on Parliament to revisit its definition and the use of the word "influence" in its laws, as currently the definition is so broad it could catch a campaigner who voices a religious objection to vaccination on the grounds of it being a serious risk to public health.  "I think the problem there is the way the bar is set. It is enough that you are trying to influence the Government for political reasons. In most other countries you need to have to intimidate the government or coerce the government before you can be a terrorist," he said."
UK terrorism laws so broad it has begun to 'catch those it never intended to'
Independent, 22 July 2014

"German typewriter manufacturers are enjoying a boom in sales following the NSA spying scandal. A German defence manufacturer switched to typewriters last year, while last week a leading politician called for the government to use the old technology. The head of the parliamentary inquiry into spying by the US National Security Service (NSA) in Germany made headlines last week when he said his committee was considering using typewriters. But he is not alone. With a turnover of €5 million, the German typewriter market is growing. Manufactures Olympia and Bandermann are seeing a revival in what was until recently a dying technology. "We sell about 10,000 (typewriters) every year," Bandermann manager Rolf Bonnen told The Local. Sales grew around a third last year on 2012."
Typewriter manufacturers see boom in sales
The Local, 21 July 2014

"iOS forensic examiner Jonathan Zdziarski may know more about iPhones than any other non-Apple employee. Yet even he can't find a reason for some of the mystery features buried within the iOS operating system, which look an awful lot like security backdoors that bypass user-designated data protections. The features could be there to let Apple — or even the National Security Agency or the FBI — get access to most of your iOS device's data without you knowing it. In a presentation Friday (July 18) at the HOPE X hacker conference here, Zdziarksi detailed his discoveries about the data-collection tools hidden on iOS devices. Some tools are listed by name, yet not explained, in the Apple developer manual and do far more than advertised. Others are undocumented and buried deep within the iOS code. The hidden features may partly explain allegations, based on documents leaked in the Snowden archive, in the German newsmagazine Der Spiegel that the NSA has had the ability to access data on BlackBerrys and Android and iOS devices. Der Spiegel did not detail how the NSA would do so. The undocumented features can be accessed by any PC or Mac to which a targeted iOS device has been connected via USB, Zdziarski says. Some hidden features can also be accessed via Wi-Fi while the phone is at rest, or even while the owner is using it. Zdziarksi is certain that these mechanisms, whatever their purpose, are no accident. He has seen them become more complex, and they seem to get as much maintenance and attention as iOS's advertised features. Even as Apple adds new security features, the company may be adding ways to circumvent them.  "I am not suggesting some grand conspiracy," Zdziarski clarified in a blog post after his HOPE X talk. "There are, however, some services running in iOS that shouldn't be there, that were intentionally added by Apple as part of the firmware and that bypass backup encryption while copying more of your personal data than ever should come off the phone for the average consumer." "My hope is that Apple will correct the problem," he added in the blog posting. "Nothing less, nothing more. I want these services off my phone. They don't belong there." Apple has not yet responded to a request for comment."
Your iPhone May Be Rigged to Spy on You
Yahoo News, 21 July 2014

"Edward Snowden made an impassioned call on Saturday for hackers and technologists to help would-be whistleblowers spill more government secrets. Speaking via remote Google Hangouts video feed from Russia, Snowden addressed his comments to an audience at this weekend's Hackers on Planet Earth (HOPE) conference at the Pennsylvania Hotel in New York. Arguing that "technology empowers dissent" as well as "democracy," Snowden said that the only way to enable whistleblowers is to give them better tools to pass secrets to journalists, protecting their communications, their identities and preventing them from going to jail for it. To do that, Snowden said, he needed the help of the hackers, coders and developers gathered in the crowded rooms of the conference, as well as the ones watching via live stream online."We the people, you the people, you in this room right now have both the means and capabilities to help build a better future by encoding our rights into the programs and protocols upon which we rely everyday," he said during a conversation with Daniel Ellsberg, who himself became a whistleblower when he leaked the Pentagon Papers to the press in 1971."
Edward Snowden Calls on Hackers to Help Whistleblowers Leak More Secrets
Mashable, 19 July 2014

"In May 2014, I reported on my efforts to learn what the feds know about me whenever I enter and exit the country. In particular, I wanted my Passenger Name Records (PNR), data created by airlines, hotels, and cruise ships whenever travel is booked. But instead of providing what I had requested, the United States Customs and Border Protection (CBP) turned over only basic information about my travel going back to 1994. So I appealed—and without explanation, the government recently turned over the actual PNRs I had requested the first time. The 76 new pages of data, covering 2005 through 2013, show that CBP retains massive amounts of data on us when we travel internationally. My own PNRs include not just every mailing address, e-mail, and phone number I've ever used; some of them also contain: * The IP address that I used to buy the ticket * My credit card number (in full) * The language I used * Notes on my phone calls to airlines, even for something as minor as a seat change * The breadth of long-term data retention illustrates yet another way that the federal government enforces its post-September 11 "collect it all" mentality....As I looked through the logs, I also saw notes, presumably made by call center staff, recording each time I had tried to make a change by phone. Hasbrouck said that this is typical and that it's one of the downsides of global outsourcing—the people I’m talking to probably have no idea that everything they write down will be kept in American government records for years."
Ars editor learns feds have his old IP addresses, full credit card numbers
ArsTechnica, 19 July 2014

"The Data Retention and Investigatory Powers (Drip) bill that yesterday cleared the House of Lords will make companies holding UK citizens’ communications data far more attractive to criminal hackers, a security expert has warned. This will likely be a long-term consequence of the law as it will spread the UK’s data across the world, said Dr Adrian Davis, cybercrime expert and European director of (ISC)2, an association of information security professionals. Davis raised concerns about clause 4 of the bill, which extends the territorial reach of UK surveillance powers by making it clear foreign firms holding UK citizen data can be served with a warrant to hand over information. The government chose to add the clause as the current law only has an “implicit extraterritorial effect” and “some of the largest communications providers” based outside of the UK have questioned whether the legislation applies to them. But this will lead to storage of data in more locations around the world, thereby increasing the chance hackers will be able to access it, Davis said, adding that companies storing the information may not have the same quality of security as those within the UK. “Because of the extraterritorial reach in the Drip bill, it requires foreign internet service providers, who may be providing webmail services to British citizens (think of the expats living in Spain or Florida and using national ISPs for example), to store data about those British citizens in data or storage centres outside the jurisdiction of the UK Data Protection and other relevant Acts,” Davis told the Guardian. “As a result, we don’t know how that data is stored, processed, accessed or protected … Hackers may view foreign ISPs storing British citizens’ data as a ‘soft target’ – the levels of protection may be different and the penalties for stealing or compromising data could be lower.”"
Will Drip law make UK citizens' data more attractive to hackers?
Guardian, 18 July 2014

"The intelligence services are constructing "vast databases" out of accumulated interceptions of emails, a tribunal investigating mass surveillance of the internet has been told. The claim emerged during a ground-breaking case against the monitoring agency GCHQ, MI5, MI6 and the government at the investigatory powers tribunal (IPT). Matthew Ryder QC, for Liberty and other human rights groups, told a hearing the government had not disputed "that databases gathering material that may be useful for the future is something that may be permissible under Ripa [the Regulation of Investigatory Powers Act 2000]". If they are deemed under the legislation to be "necessary", he said, that may mean their use "can stretch far into the future". Ryder added: "The government is now conceding it can gather such databases." The court heard that the intelligence services might be accumulating databases in that way about persistent security threats. Lawyers for the government would not confirm nor deny this but conceded it would be permissible under Ripa. Developing such a capability, human rights groups argue, was explicitly rejected by parliament when the communications data bill, nicknamed the snooper's charter, was defeated last year.... Ben Jaffey, for Privacy International, said Ripa had ceased providing the significant safeguards it once guaranteed against interception of communications without an individual warrant. "A statute which in 2000 afforded quite strong protection no longer affords such protection," Jaffey said. The law has stayed the same, he added, but had lost its force because more and more internet traffic involved being routed through foreign websites and online servers. The government's senior security advisor, Charles Farr, has submitted a lengthy defence of interception surveillance policy, explaining that emails, online searches and communications that touch foreign servers are deemed to be external, not internal, and so do not require an individual warrant to be intercepted. Jaffey said: "[That fact] was kept confidential until Mr Farr's witness statement was produced." The case has been brought by Privacy International, Liberty, Amnesty International, the American Civil Liberties Union and other overseas human rights groups following revelations by the US whistleblower Edward Snowden. It is the first of dozens of GCHQ-related claims to be examined by the IPT, which hears complaints against British intelligence agencies and government bodies that carry out surveillance under Ripa. The civil liberties organisations are concerned that their private communications have been monitored under GCHQ's electronic surveillance programme Tempora, whose existence was revealed by Snowden. They also complain that information obtained through the NSA's Prism and upstream programmes may have been shared with the British intelligence services, side-stepping protections provided by the UK legal system."
Intelligence services 'creating vast databases' of intercepted emails
Guardian, 18 July 2014

"The UN High Commissioner for Human Rights has released an excellent report today on the right to privacy in the digital age, blasting the digital mass surveillance that has been taking place, unchecked, by the U.S., the U.K, and other world governments. The report is issued in response to a resolution passed with unanimous approval by the United Nations General Assembly in November 2013. That resolution was introduced by Brazil and Germany and sponsored by 57 member states. This report turns the tide in the privacy debate at the United Nations and opens the door for more substantive scrutiny of states’ surveillance practices and their compliance with international human rights law. The report elaborates on issues EFF has long championed, and which are deeply integrated into our 13 Principles and its legal background paper, which have been signed by more than 400 organizations and 350,000 individuals. The report has also supported the five recommendations EFF, Access, Privacy International along with APC, Article 19, Human Rights Watch, WebWeWant submitted to the Office of the High Commissioner for Human Rights. We’ve pulled out some highlights from today’s publication that merit further analysis, but the main point is this: With respect to privacy in the digital age, an interference with an individual’s right to privacy is only permissible under international human rights law if its necessary and proportionate."
UN Human Rights Report and the Turning Tide Against Mass Spying
Electronic Frontier Foundation, 16 July 2014

"The original goal of onion routing wasn’t to protect privacy — or at least not in the way most people think of 'privacy.' The goal was to allow intelligence and military personnel to work online undercover without fear of being unmasked by someone monitoring their Internet activity.... In the 90s, as public Internet use and infrastructure grew and multiplied, spooks needed to figure out a way to hide their identity in plain sight online. An undercover spook sitting in a hotel room in a hostile country somewhere couldn’t simply dial up CIA.gov on his browser and log in — anyone sniffing his connection would know who he was. Nor could a military intel agent infiltrate a potential terrorist group masquerading as an online animal rights forum if he had to create an account and log in from an army base IP address. That’s where onion routing came in. As Michael Reed, one of the inventors of onion routing, explained: providing cover for military and intelligence operations online was their primary objective; everything else was secondary... Onion router research progressed slowly, with several versions developed and discarded. But in 2002, seven years after it began, the project moved into a different and more active phase. Paul Syverson from the Naval Research Laboratory stayed on the project, but two new guys fresh outta MIT grad school came on board: Roger Dingledine and Nick Mathewson. They were not formally employed by Naval Labs, but were on contract from DARPA and the U.S. Naval Research Laboratory’s Center for High Assurance Computer Systems. For the next several years, the three of them worked on a newer version of onion routing that would later become known as Tor. Very early on, researchers understood that just designing a system that only technically anonymizes traffic is not enough — not if the system is used exclusively by military and intelligence. In order to cloak spooks better, Tor needed to be used by a diverse group of people: Activists, students, corporate researchers, soccer moms, journalists, drug dealers, hackers, child pornographers, foreign agents, terrorists — the more diverse the group that spooks could hide in the crowd in plain sight..... As Syverson told Bloomberg in January 2014: 'If you have a system that’s only a Navy system, anything popping out of it is obviously from the Navy. You need to have a network that carries traffic for other people as well.' [Roger] Dingledine said the same thing a decade earlier at the 2004 Wizards of OS conference in Germany: 'The United States government can’t simply run an anonymity system for everybody and then use it themselves only. Because then every time a connection came from it people would say, ‘Oh, it’s another CIA agent.’ If those are the only people using the network.' The consumer version of Tor would be marketed to everyone and — equally important — would eventually allow anyone to run a Tor node/relay, even from their desktop computer. The idea was to create a massive crowdsourced torrent-style network made up from thousands of volunteers all across the world. At the very end of 2004, with Tor technology finally ready for deployment, the US Navy cut most of its Tor funding, released it under an open source license and, oddly, the project was handed over to the Electronic Frontier Foundation. 'We funded Roger Dingledine and Nick Mathewson to work on Tor for a single year from November 2004 through October 2005 for $180,000. We then served as a fiscal sponsor for the project until they got their 501(c)(3) status over the next year or two.  During that time, we took in less than $50,000 for the project,' EFF’s Dave Maass told me by email. In a December 2004 press release announcing its support for Tor, EFF curiously failed to mention that this anonymity tool was developed primarily for military and intelligence use. Instead, it focused purely on Tor’s ability to protect free speech from oppressive regimes in the Internet age....In 2013, the Washington Post revealed that the NSA had figured out various ways of unmasking and penetrating the anonymity of the Tor Network....Snowden’s leaks revealed another interesting detail: In 2007, Dingledine gave at a talk at the NSA’s HQ explaining Tor, and how it worked....Interestingly, the Washington Post article described Dingledine’s trip to the NSA as 'a wary encounter, akin to mutual intelligence gathering, between a spy agency and a man who built tools to ward off electronic surveillance.' Dingledine told the paper that he came away from that meeting with the feeling that the NSA was trying to hack the Tor network... Aside from being on the DoD payroll, Dingledine has spends a considerable amount of his time meeting and consulting with military, intelligence and law enforcement agencies to explain why Tor’s so great, and instructing them on how to use it. What kind of agencies does he meet with? The FBI, CIA and DOJ are just a few… And if you listen to Dingledine explain these encounters in some of his public appearances, one does not detect so much as a whiff of antagonism towards intelligence and law enforcement agencies. In 2013, during a talk at UC San Diego, Dingledine cheerfully recalled how an exuberant FBI agent rushed up to thank him during his recent trip to the FBI: 'So I’ve been doing a lot of talks lately for law enforcement. And pretty much every talk I do these days, sone FBI person comes up to me afterwards and says, ‘I use Tor everyday for my job. Thank you.’ Another example is anonymous tips — I was talking to the folks who run the CIA anonymous tip line. It’s called the Iraqi Rewards Program…'"
Almost everyone involved in developing Tor was (or is) funded by the US government
Pando, 16 July 2014

"The power to secretly create government propaganda is among the many hacking tools revealed in the latest batch of Edward Snowden documents. British spies can manipulate online polls -- or trick the world into thinking a video or web page is going viral.  A collection of hacking tools -- some of which are specifically suited to spreading disinformation -- were exposed in a leaked 2012 document provided by Snowden to The Intercept. That's the online publication led by Glenn Greenwald, the journalist who worked with Snowden on a series of stories for The Guardian. The toolkit belongs to the U.S. National Security Agency's British counterpart, the Government Communications Headquarters (GCHQ for short). It includes some of what you would expect from a spy agency intent on protecting the United Kingdom from terrorists: the ability to disable target computers, slip into enemy devices to lock their files, send spoof emails that impersonate a sender's address, and cripple websites with denial of service attacks. But then there's the propaganda machine.  * Underpass: a tool that lets the government "change outcome of online polls" * Bomb Bay: can "increase website hits/rankings" * Gestator: provides "amplification of a given message, normally video, on popular multimedia websites" * Gateway: will "artificially increase traffic to a website" * Slipstream: can "inflate page views on websites" - The government may also deliver en masse text messages, emails, faxes and tailored instant messages. It's important to note, however, that it's not clear whether these are currently in use."
Secret propaganda: British spies can manipulate polls
CNN, 15 July 2014

"Analysts working for the National Security Agency routinely pass around private, intimate photos found in the stream of communications data intercepted, according to Edward Snowden. In a new, extensive video interview, the fugitive leaker said the fraternizing practice is seen as a "fringe benefit" of working for the intelligence agency. "You got young enlisted guys, 18-22 years old, they've suddenly been thrust into a situation with extraordinary responsibility where they now have access to all of your private records," Snowden told The Guardian. "Now in the course of their daily work, they stumble across something that is completely unrelated to their work in any sort of necessary sense, for example, an intimate nude photo of someone in a sexually compromising situation, but they're extremely attractive." Snowden, speaking on-camera from Russia, where he is living under temporary asylum, continued: 'So what do they do, they turn around in their chair and show their coworker. And their coworker says, Oh, hey that's great.' Send that to Bill down the way. And the Bill sends it to George, George sends it to Tom. Sooner or later this person's whole life has been seen by all of these other people. It's never reported, nobody ever knows about it because the auditing of these systems is very weak. The fact that your private images, records of your private lives, records of your intimate moments have been taken from your private communications stream, from the intended recipient, and given to the government without any specific authorization, without any specific need, is it itself a violation of your rights? Why is that in a government database?' When pushed back on the scenario, Snowden said such behavior is "routine enough depending on the company you keep.""
Snowden: NSA Employees Are Passing Around Nude Photos
MSN News, 19 July 2014

"The NSA whistleblower, Edward Snowden, has urged lawyers, journalists, doctors, accountants, priests and others with a duty to protect confidentiality to upgrade security in the wake of the spy surveillance revelations. Snowden said professionals were failing in their obligations to their clients, sources, patients and parishioners in what he described as a new and challenging world. "What last year's revelations showed us was irrefutable evidence that unencrypted communications on the internet are no longer safe. Any communications should be encrypted by default," he said. The response of professional bodies has so far been patchy. A minister at the Home Office in London, James Brokenshire, said during a Commons debate about a new surveillance bill on Tuesday that a code of practice to protect legal professional privilege and others requiring professional secrecy was under review. Snowden's plea for the professions to tighten security came during an extensive and revealing interview with the Guardian in Moscow. The former National Security Agency and CIA computer specialist, wanted by the US under the Espionage Act after leaking tens of thousands of top secret documents, has given only a handful of interviews since seeking temporary asylum in Russia a year ago..... Ross Anderson, professor of security engineering at Cambridge University, said he shared Snowden's concerns about the vulnerability of the professions to surveillance by spy and law enforcement agencies. "If you think your HIV status is secret from GCHQ, forget it," he said. "The tools are available to protect data and communications but only if you are important enough for your doctor or lawyer to care." Timothy Hill, technology policy adviser at the Law Society, which represents UK lawyers, said the profession was concerned. "Legal professional privilege – the right to consult a legal adviser in confidence – is a long established common law right. Its fundamental role in our legal system needs to be reasserted." The society is pressing to have existing legislation rewritten to include explicit protection for legal professional privilege from government surveillance. "There needs to be a debate about the implications of the Snowden revelations for professional privilege in the digital age," Hill said. "It is not happening. This is not being debated in parliament." He said the society was seeking to strengthen law firms' cybersecurity awareness but that a stronger statutory framework was essential."
Edward Snowden urges professionals to encrypt client communications
Guardian, 17 July 2014

"A suspect caught on camera could be identified in seconds due to new technology being tested by Leicestershire Police. The NeoFace system compares measurements taken from an image of a face and compares it to the 92,000 on the force's database. Officers said early results had seen a "high success rate of identification". Concerns over privacy were rejected by senior officers who said a match did not constitute evidence. Images could come from anywhere but CCTV or police body cameras had been the most common source so far.... Emma Carr, acting director of Big Brother Watch, said the technology should be used only with a "high level of accountability and oversight". "Facial recognition cameras take the intrusiveness of CCTV to the next level, so it is absolutely essential that people are able to access meaningful redress when they feel their privacy is infringed," she said. Leicestershire's database is made up of people who have either been arrested by police or have given their permission for their images to be stored, such as identity parade volunteers. The trial is set to continue for six months after which results will be evaluated. If successful it could be expanded across the East Midlands with each force's image database available for searches."
Leicestershire Police trial facial recognition software
BBC Online, 15 July 2014

"The UK intelligence agency GCHQ has developed sophisticated tools to manipulate online polls, spam targets with SMS messages, track people by impersonating spammers and monitor social media postings, according to newly-published documents leaked by NSA whistleblower Edward Snowden. The documents – which were published on First Look Media with accompanying analysis from Glenn Greenwald – disclose a range of GCHQ "effects" programs aimed at tracking targets, spreading information, and manipulating online debates and statistics. The disclosure comes the day before the UK parliament is due to begin up to three days' debate on emergency legislation governing British surveillance capabilities. With cross-party support the bill is expected to be voted through this week.... The document also details a range of programs designed to collect and store public postings from Facebook, Twitter, LinkedIn and Google+, and to make automated postings on several of the social networks. Capabilities to boost views of YouTube videos, or to boost the circulation of particular messages are also detailed. GCHQ has also, the document suggests, developed capabilities to scan and geolocate the IPs of entire cities at a time."
GCHQ has tools to manipulate online information, leaked documents show
Guardian, 14 July 2014

"The secretive British spy agency GCHQ has developed covert tools to seed the internet with false information, including the ability to manipulate the results of online polls, artificially inflate pageview counts on web sites, “amplif[y]” sanctioned messages on YouTube, and censor video content judged to be “extremist.” The capabilities, detailed in documents provided by NSA whistleblower Edward Snowden, even include an old standby for pre-adolescent prank callers everywhere: A way to connect two unsuspecting phone users together in a call. The tools were created by GCHQ’s Joint Threat Research Intelligence Group (JTRIG), and constitute some of the most startling methods of propaganda and internet deception contained within the Snowden archive. Previously disclosed documents have detailed JTRIG’s use of “fake victim blog posts,” “false flag operations,” “honey traps” and psychological manipulation to target online activists, monitor visitors to WikiLeaks, and spy on YouTube and Facebook users. But as the U.K. Parliament today debates a fast-tracked bill to provide the government with greater surveillance powers, one which Prime Minister David Cameron has justified as an “emergency” to “help keep us safe,” a newly released top-secret GCHQ document called “JTRIG Tools and Techniques” provides a comprehensive, birds-eye view of just how underhanded and invasive this unit’s operations are. The document—available in full here—is designed to notify other GCHQ units of JTRIG’s “weaponised capability” when it comes to the dark internet arts, and serves as a sort of hacker’s buffet for wreaking online havoc. The “tools” have been assigned boastful code names. They include invasive methods for online surveillance, as well as some of the very techniques that the U.S. and U.K. have harshly prosecuted young online activists for employing, including “distributed denial of service” attacks and “call bombing.” But they also describe previously unknown tactics for manipulating and distorting online political discourse and disseminating state propaganda, as well as the apparent ability to actively monitor Skype users in real-time—raising further questions about the extent of Microsoft’s cooperation with spy agencies or potential vulnerabilities in its Skype’s encryption.... The document appears in a massive Wikipedia-style archive used by GCHQ to internally discuss its surveillance and online deception activities. The page indicates that it was last modified in July 2012, and had been accessed almost 20,000 times. GCHQ refused to provide any comment on the record beyond its standard boilerplate, in which it claims that it acts “in accordance with a strict legal and policy framework” and is subject to “rigorous oversight.” But both claims are questionable....As for oversight, serious questions have been raised about whether top national security officials even know what GCHQ is doing. Chris Huhne, a former cabinet minister and member of the national security council until 2012, insisted that ministers were in “utter ignorance” about even the largest GCHQ spying program, known as Tempora—not to mention “their extraordinary capability to hoover up and store personal emails, voice contact, social networking activity and even internet searches.” In an October Guardian op-ed, Huhne wrote that “when it comes to the secret world of GCHQ and the [NSA], the depth of my ‘privileged information’ has been dwarfed by the information provided by Edward Snowden to The Guardian.”"
Hacking Online Polls and Other Ways British Spies Seek to Control the Internet
The Intercept, 14 July 2014

"The NSA whistleblower Edward Snowden has condemned the new surveillance bill being pushed through the UK's parliament this week, expressing concern about the speed at which it is being done, lack of public debate, fear-mongering and what he described as increased powers of intrusion. In an exclusive interview with the Guardian in Moscow, Snowden said it was very unusual for a public body to pass an emergency law such as this in circumstances other than a time of total war. "I mean we don't have bombs falling. We don't have U-boats in the harbour." Suddenly it is a priority, he said, after the government had ignored it for an entire year. "It defies belief." He found the urgency with which the British government was moving extraordinary and said it mirrored a similar move in the US in 2007 when the Bush administration was forced to introduce legislation, the Protect America Act, citing the same concerns about terrorist threats and the NSA losing cooperation from telecom and internet companies."
Edward Snowden condemns Britain's emergency surveillance bill
Guardian, 13 July 2014

"The last time the main parties got together in a closed room, did a deal and told the country there was a need to act urgently, we were on the edge of abandoning 300 years of press freedom. This time our privacy is under threat. In the name of security, the Government is fast-tracking legislation through Parliament that will allow it to collect huge quantities of our personal data. We would do well to remember the advice of Ben Franklin: ‘Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.’ The Government has engineered a ‘theatrical emergency’ – in this case terrorism and hidden p**dophile rings – to ram the Data Retention and Investigatory Powers Bill through Parliament without proper debate. It is an insult to the supremacy of Parliament, to democracy and to the trust of the public.It was April 8 when the European Court of Justice struck down the Data Retention Directive for being incompatible with human rights. The Home Office has had time to put an alternative in place, so the excuses for why the legislation is being  fast-tracked are laughable. It is a sad state of affairs when European courts are a greater defender of our ancient rights than Parliament and Her Majesty’s Government. Even the German Supreme Court overturned its far less invasive data collection laws for violating the privacy rights of German citizens. How far we have slipped, this birthplace of democracy, that our own judicial safeguards stand by while our hard-fought rights are stripped from us by a Government that has lost its sense of proportion in its fear of making a mistake. Don’t be persuaded by Deputy Prime Minister Nick Clegg’s reassurances that ‘this is about maintaining what we already do rather than extending it’. This is the man who insisted on including in the Coalition agreement the promise that ‘we will end the storage of internet and email records without good reason’. So what happened to that promise? Frankly, the Government is uncritically swallowing what it is fed by our security agencies. It was asked for these powers to combat ‘criminals, terrorists and p**dophiles’, and it is handing these powers over. The arguments marshalled are near- identical to those rejected by the committee of the Lords and Commons that reviewed the Government’s proposed ‘snoopers’ charter’, and which led to that being thrown out. David Cameron proclaimed we have no cause for concern as the legislation only impacted on ‘communications data’ – or ‘metadata’ – not the content of our phone calls. But it is clear that metadata has become even more informative than the content. After all, the content of a call only tells you what was said; metadata tells you where you have been, who you have talked to and when. And because it is digital, it can be manipulated to tell a complete story of your life – as a director of America’s National Security Agency once said: ‘We kill with metadata.’ This is why the Government’s claim that the content of communications is rarely examined is so meaningless. This data, which it wants every service provider to store for every one of us, will give access to every aspect of our lives. It should be remembered that the Data Retention Directive was enacted by the EU in 2006, when the quantity of electronic communications and the capabilities of the intelligence agencies were poorer. If we were to create this law now it would take a very different form. We need to reconsider whether the Government needs to collect this data from us all. We should not leave the signing of warrants to the Secretary of State; a judge should approve each application after a full hearing.... The Privacy and Civil Liberties Oversight Board will either be toothless or, like the current Intelligence and Security  Committee, a Government  rubber-stamp. And given the Home Office’s creativity when it comes to statistics, it is unlikely any information included in the proposed transparency report will result in greater transparency. Even the statistics already released are cause for concern.  The 2013 report of the Interception of Communications Commissioner revealed that 514,608 requests were made for data. By comparison, the most requests issued by the FBI in a year is 56,507. How can it be our intelligence agencies made nine times the number of requests for communications data than their US counterparts? Yet with all this information, the Government scrambled around to find a handful of examples where communication intercepts resulted in the prevention of criminal behaviour – but even these don’t face any serious scrutiny. With none of the raw data, we do not know if they are inflated claims. After the ‘dodgy dossier’ on weapons of mass destruction, the deceit on rendition and torture, and the debacle over the snooper’s charter, it is hard to be confident. Our Government has claimed that intercepted communications data was the critical evidence in 95 per cent of all serious crime cases. This would seem to go against the experience of the Metropolitan Police, which in evidence to a joint committee stated that ‘communications data is used sparingly, because it is costly and resource intensive, and because of the need to… consider the impact of collateral intrusion on innocent people’.  The fact it is used in criminal cases gives no indication of its importance in obtaining a conviction."
David Davis MP - This data law has nothing to do with catching terrorists
Mail, 13 July 2014

"President Vladimir Putin's secret service the FSO have invited for tenders for hundreds of ink and correction typewriter ribbons for the classic Triumph Adler Twen 180 and Olympia Comfort models. Olympia, which is based in Hattingen, North Rhine-Westphalia, has also confirmed that Russian firms recently ordered 20 new, electric typewriters for at least €200 each, along with supplies of ink ribbons. The Russian newspaper Iswestija which has seen the invitation for tender, says that particularly sensitive documents are now only being put on paper and no longer archived electronically - because it is more secure that way. And this is not only the case for secret services, but also in defence and domestic security ministries, former head of the domestic secret service FSB, Nikolai Kowaljow told the newspaper. He also said that writing things by hand was becoming more popular."
Russian spies use 'safe' German typewriters
The Local, 12 July 2014

"Berlin's expulsion of the CIA station chief in Germany is tantamount to diplomatic earthquake, a sign of how far the mismanaged US-German relationship is now damaging the Nato alliance... US spies appear to have bought some 218 documents from a low-level employee of the German intelligence service. Investigators are looking into a second possible recruitment of a Defence Ministry official. Some of the documents bought by the CIA were briefing notes for the parliamentary committee looking into Edward Snowden's revelations about American spying on Germans. The United States in short has been spying on a probe into its spying.... When it comes to light, the form of espionage shakes the political establisment.... Chancellor Merkel may well have popular opinion on her side. Some Germans even believe that Mr Snowden should be given asylum in their country."
The Lives of Others
London Times, 12 July 2014, Print Edition, P24

"William Binney is one of the highest-level whistleblowers to ever emerge from the NSA. He was a leading code-breaker against the Soviet Union during the Cold War but resigned soon after September 11, disgusted by Washington’s move towards mass surveillance. On 5 July he spoke at a conference in London organised by the Centre for Investigative Journalism and revealed the extent of the surveillance programs unleashed by the Bush and Obama administrations. “At least 80% of fibre-optic cables globally go via the US”, Binney said. “This is no accident and allows the US to view all communication coming in. At least 80% of all audio calls, not just metadata, are recorded and stored in the US. The NSA lies about what it stores.” The NSA will soon be able to collect 966 exabytes a year, the total of internet traffic annually. Former Google head Eric Schmidt once argued that the entire amount of knowledge from the beginning of humankind until 2003 amount to only five exabytes. Binney, who featured in a 2012 short film by Oscar-nominated US film-maker Laura Poitras, described a future where surveillance is ubiquitous and government intrusion unlimited. “The ultimate goal of the NSA is total population control”, Binney said, “but I’m a little optimistic with some recent Supreme Court decisions, such as law enforcement mostly now needing a warrant before searching a smartphone.”... Unlike Snowden, Binney didn’t take any documents with him when he left the NSA. He now says that hard evidence of illegal spying would have been invaluable. The latest Snowden leaks, featured in the Washington Post, detail private conversations of average Americans with no connection to extremism. It shows that the NSA is not just pursuing terrorism, as it claims, but ordinary citizens going about their daily communications. “The NSA is mass-collecting on everyone”, Binney said, “and it’s said to be about terrorism but inside the US it has stopped zero attacks.” The lack of official oversight is one of Binney’s key concerns, particularly of the secret Foreign Intelligence Surveillance Court (Fisa), which is held out by NSA defenders as a sign of the surveillance scheme's constitutionality.... “The Fisa court has only the government’s point of view”, he argued. “There are no other views for the judges to consider. There have been at least 15-20 trillion constitutional violations for US domestic audiences and you can double that globally.” A Fisa court in 2010 allowed the NSA to spy on 193 countries around the world, plus the World Bank, though there’s evidence that even the nations the US isn’t supposed to monitor – Five Eyes allies Britain, Canada, Australia and New Zealand – aren’t immune from being spied on. It’s why encryption is today so essential to transmit information safely. Binney recently told the German NSA inquiry committee that his former employer had a “totalitarian mentality” that was the "greatest threat" to US society since that country’s US Civil War in the 19th century."
Antony Loewenstein - The ultimate goal of the NSA is total population control
Guardian (Comment Is Free), 11 July 2014

"The security and control of personal data is a big concern for many these days and literally it’s becoming a global epidemic. Today, China just announced they don’t trust our beloved iPhone. Further underscoring today’s untrusting new world order in the “post-Snowden” era, the Russian Industry and Trade Ministry recently announced that their government would be doing away with “untrusted Intel and AMD processors” over time, while launching an effort to build their own ARM-based “Baikal” processor and move to Linux for government systems....It’s truly a sign of the times as what many have termed “the Snowden Effect” continues to reverberate throughout the global economy. The Chinese state media noted that Apple's AAPL +0.19% iPhone is a “threat to national security” because the device tracks user location and offers time-based information on their whereabouts at any given time. Broadcasters noted the sensitivity of the data Apple’s iPhone gathers and that it could reveal a country’s economic make-up and even “state secrets.”"
The 'Snowden Effect' Continues As China Claims Apple's iPhone A Threat To National Security
Forbes, 11 July 2014

"Germany today asked the CIA's station chief in Berlin to leave the country in a dramatic rebuke to Washington after its security services uncovered two cases of alleged American spying in a week. The American intelligence official was told he was no longer welcome in a public signal of Angela Merkel's fury over US spying on Germany. It is highly unusual for a European ally to oust a CIA station chief and the move is the most dramatic response from Germany since it was disclosed last year that the NSA was monitoring Mrs Merkel's phone. "The representative of the US intelligence services at the United States embassy has been asked to leave Germany," a German government spokesman said. "The request occurred against the backdrop of the ongoing investigation by federal prosecutors as well as the questions that were posed months ago about the activities of US intelligence agencies in Germany." The German embassy in Washington said the US spy had been asked to leave but stronger measures could be taken if he refused to go. The White House declined to comment publicly on the case, saying: "It is essential that cooperation continue in all areas and we will continue to be in touch with the German government in appropriate channels." The move comes one day after Berlin police searched the home and office of a German military intelligence official alleged to have been spying for the United States. The man, said to be a foreign country specialist in the German defence ministry's political department, has not been charged. German military intelligence was said to have alerted prosecutors after noticing that the suspect had “met suspiciously often with US contacts”, according to Spiegelonline. A week before that a German intelligence operative was arrested after allegedly handing over German secrets to the US in exchange for cash payments. The 31-year-old employee of the BND, Germany's equivalent of MI6, is accused of selling 218 top secret German intelligence documents he downloaded on to a USB stick to his US spymasters in exchange for £25,000. He is also alleged to have gathered intelligence on a German parliamentary probe into the US surveillance of German leaders that was disclosed by Edward Snowden. The two alleged cases of American espionage in Germany have added a new chill to the already-strained relationship between Washington and Berlin on intelligence matters. Last year documents leaked by Edward Snowden, the former NSA contractor, revealed that the NSA had been monitoring Mrs Merkel's mobile phone."
Germany asks CIA station chief in Berlin to leave country over US spying row
Telegraph, 10 July 2014

"Emergency laws will be brought in next week to force phone and internet companies to hold records of customers’ calls, texts and visits to websites. The fast-track measures are necessary to defend national security against the terrorist threat from Iraq and Syria, David Cameron said. The consequences of not acting are “grave”, the Prime Minister said. The measures are a response to a ruling by the European Court of Justice which struck down regulations that enabled communications companies from retaining data for police use for a year. Internet and phone companies will soon start deleting it – a move that will have “serious consequences” for police and counter-terror investigations, Downing Street said. The emergency laws will also create a “clearer legal framework”, at the demand of companies, for when police and intelligence agencies want to intercept terrorist and criminal communications. The need for new laws is “urgent”, Downing Street said. There is cross-party agreement. .... The European Court ruling struck down the underpinning requiring companies to hold onto their data for twelve months, meaning they may stop providing it and may start deleting data which the government regards as essential for national security.... Nick Clegg, the Deputy Prime Minister who has consistently argued against greater state surveillance, insisted the emergency laws “will not be used as an excuse for more powers, or for a ‘snooper’s charter’.” He took credit for a series of measures presented as protecting civil liberties in the Bill. “Liberty and security must go hand in hand. We can’t enjoy our freedom if we’re unable to keep ourselves safe.” .... Tom Watson, the senior Labour MP, said the move was a "stitch up" that would deny MPs the chance to properly scrutinise the legislation. He said he will vote against the timetable set for it. "This is a secret deal between party leaders. There hasn't been a bill published, we find out this morning when Parliament is on a one-line whip and MPs are in their constituencies that next week they will railroad through emergency legislation," he told BBC Radio 4's Today. "If you are an MP, you probably shouldn't bother turning up for work next week because what you think doesn't really matter. They are ramping up the rhetoric on it but no one in civic society has a chance to form a view on this or lobby their MP or talk to them about it. "I understand that Labour's shadow cabinet is seeing it this morning. They've not had a chance to think about it yet." The Open Rights Group, which campaigns for liberties online, said the Government should abide by the European Court of Justice ruling. The government knows that since the CJEU ruling, there is no legal basis for making internet service providers retain our data so it is using the threat of terrorism as an excuse for getting this law passed," said director Jim Killock. 'Not only will the proposed legislation infringe our right to privacy, it will also set a dangerous precedent where the government simply re-legislates every time it disagrees with a decision by the European Court of Justice.'"
Emergency laws to monitor phone and internet records 'to stop terrorists'
Telegraph, 10 July 2014

"The National Security Agency and FBI have covertly monitored the emails of prominent Muslim-Americans—including a political candidate and several civil rights activists, academics, and lawyers—under secretive procedures intended to target terrorists and foreign spies. According to documents provided by NSA whistleblower Edward Snowden, the list of Americans monitored by their own government includes: • Faisal Gill, a longtime Republican Party operative and one-time candidate for public office who held a top-secret security clearance and served in the Department of Homeland Security under President George W. Bush; • Asim Ghafoor, a prominent attorney who has represented clients in terrorism-related cases; • Hooshang Amirahmadi, an Iranian-American professor of international relations at Rutgers University; • Agha Saeed, a former political science professor at California State University who champions Muslim civil liberties and Palestinian rights; • Nihad Awad, the executive director of the Council on American-Islamic Relations (CAIR), the largest Muslim civil rights organization in the country. - The individuals appear on an NSA spreadsheet in the Snowden archives called “FISA recap”—short for the Foreign Intelligence Surveillance Act. Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to believe that American targets are not only agents of an international terrorist organization or other foreign power, but also “are or may be” engaged in or abetting espionage, sabotage, or terrorism. The authorizations must be renewed by the court, usually every 90 days for U.S. citizens. The spreadsheet shows 7,485 email addresses listed as monitored between 2002 and 2008. Many of the email addresses on the list appear to belong to foreigners whom the government believes are linked to Al Qaeda, Hamas, and Hezbollah. Among the Americans on the list are individuals long accused of terrorist activity, including Anwar al-Awlaki and Samir Khan, who were killed in a 2011 drone strike in Yemen. But a three-month investigation by The Intercept—including interviews with more than a dozen current and former federal law enforcement officials involved in the FISA process—reveals that in practice, the system for authorizing NSA surveillance affords the government wide latitude in spying on U.S. citizens. The five Americans whose email accounts were monitored by the NSA and FBI have all led highly public, outwardly exemplary lives. All five vehemently deny any involvement in terrorism or espionage, and none advocates violent jihad or is known to have been implicated in any crime, despite years of intense scrutiny by the government and the press. Some have even climbed the ranks of the U.S. national security and foreign policy establishments. “I just don’t know why,” says Gill, whose AOL and Yahoo! email accounts were monitored while he was a Republican candidate for the Virginia House of Delegates. “I’ve done everything in my life to be patriotic. I served in the Navy, served in the government, was active in my community—I’ve done everything that a good citizen, in my opinion, should do.”... The vast majority of individuals on the “FISA recap” spreadsheet are not named. Instead, only their email addresses are listed, making it impossible in most cases to ascertain their identities. Under the heading “Nationality,” the list designates 202 email addresses as belonging to “U.S. persons,” 1,782 as belonging to “non-U.S. persons,” and 5,501 as “unknown” or simply blank. The Intercept identified the five Americans placed under surveillance from their email addresses. It is unclear whether the government obtained any legal permission to monitor the Americans on the list. The FBI and the Justice Department declined to comment for this story. During the course of multiple conversations with The Intercept, the NSA and the Office of the Director of National Intelligence urged against publication of any surveillance targets. “Except in exceptional circumstances,” they argued, surveillance directly targeting Americans is conducted only with court-approved warrants. Last week, anonymous officials told another news outlet that the government did not have a FISA warrant against at least one of the individuals named here during the timeframe covered by the spreadsheet. The FISA process was enacted in 1978 in response to disclosures that J. Edgar Hoover and a long line of presidents from both parties had used U.S. intelligence agencies to spy on dissidents and political enemies. Intended to allow authorities to covertly investigate suspected spies or terrorists on U.S. soil, the surveillance is often used simply to gather intelligence, not to build a criminal case. The law was revised in 2008—in part to place limits on the controversial program of warrantless wiretaps initiated by George W. Bush after 9/11, and in part to legalize the program’s warrantless eavesdropping on Americans when they speak with foreign surveillance targets....Thanks to Snowden’s disclosures, those seeking to obtain such a ruling now have specific cases of surveillance against American citizens to examine. So do those charged with reforming the FISA process. Richard Clarke, a former counterterrorism official in the Clinton and Bush administrations, served on the recent White House intelligence review panel convened to address concerns raised by the Snowden revelations. If he had seen the NSA spreadsheet, Clarke says, he would have asked more questions about the process, and reviewed individual FISA warrants. “Knowing that, I would specifically ask the Justice Department: How many American citizens are there active FISAs on now?” he says. “And without naming names, tell me what categories they fall into—how many are counterterrorism, counterintelligence, espionage cases? We’d want to go through [some applications], and frankly, we didn’t. It’s not something that five part-time guys can do—rummage through thousands of FISA warrants.” The “FISA recap” spreadsheet offers a revealing if incomplete glimpse into the murky world of government surveillance. Each email address is accompanied by a date that appears to denote the beginning of surveillance, and another that indicates when it was set to expire. A column called “Collection Status” indicates whether the surveillance was “terminated,” “sustained,” or “pending” as of a particular date. In some cases, the spreadsheet also names the federal agency that requested the surveillance, and a terrorist group, target, or foreign power affiliated with the email address. In addition, each address has a corresponding “Case Notation” code beginning with the prefix “XX.SQF”—a designation that, according to other documents in the Snowden archive, is assigned to all “FISA accounts” as a unique identifier..... The five Americans whose email accounts were placed on the list come from different backgrounds, and hold different religious and political views. None was designated on the list as connected to a foreign power. Some have come under sharp public scrutiny for their activities on behalf of Muslim-Americans, and several have been investigated by the government. But despite being subjected to what appears to be long periods of government surveillance, none has been charged with a crime, let alone convincingly linked to terrorism or espionage on behalf of a foreign power. Taken together, their personal stories raise disturbing questions about who the government chooses to monitor, and why."
Meet the Muslim-American Leaders the FBI and NSA Have Been Spying On
The Intercept, 9 July 2014

"Researchers have found a way to reveal Wi-Fi passwords by hacking mobile phone controlled LED “smart” lights. White-hat hackers with the UK-based security firm Context released their findings this week after successfully obtaining Wi-Fi credentials from 30 meters away. “Armed with knowledge of the encryption algorithm, key, initialization vector and an understanding of the mesh network protocol we could then inject packets into the mesh network, capture the WiFi details and decrypt the credentials, all without any prior authentication or alerting of our presence,” Context said. The discovery highlights the inherent danger in having countless home appliances connected to the Internet as experts predict as many as 50 such devices in the average home by 2022 . Other lights such as the Phillips Hue were successfully hacked last year as well....The discovery highlights the inherent danger in having countless home appliances connected to the Internet – as experts predict as many as 50 such devices in the average home by 2022 . Other lights such as the Phillips Hue were successfully hacked last year as well. “Weaknesses in a popular brand of light system controlled by computers and smartphones can be exploited by attackers to cause blackouts that are remedied only by removing the wireless device that receives the commands…” noted Ars Technica. While LIFX has reportedly fixed their vulnerability, Phillips disagreed that theirs was an issue.... Former CIA chief David Petraeus praised the flood of Internet-connected devices in 2012 at a summit for the CIA’s venture capital firm In-Q-Tel, noting the increased ability to spy on Americans. “Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters all connected to the next-generation internet using abundant, low-cost, and high-power computing,” Petraeus said."
'Smart' Lightbulbs Reveal Wi-Fi Passwords
Story Leak, 8 July 2014

"Chancellor Angela Merkel’s government is planning surveillance of British and American intelligence gathering in Germany for the first time since 1945 in response to an embarrassing US-German “double agent” scandal which has damaged relations between Berlin and Washington.  The unprecedented change to Berlin’s counter-espionage policy was announced by Mrs Merkel’s Interior Minister, Thomas de Maiziere. He told the mass-circulation Bild newspaper that Berlin wanted “360 degree surveillance” of all intelligence gathering operations in Germany. His announcement came as several MPs in Mrs Merkel’s government demanded the expulsion of the American agents in Germany who last week were found to have used the services of a German “double agent” to obtain secret German intelligence information in return for cash payments. ... The intelligence services of the United States, Britain and France had hitherto been regarded as “friendly” to Germany. Their diplomatic and information gathering activities were exempted from surveillance by Berlin’s equivalent of MI5 – the Bundesnachrichtendienst or BND.... But Mr de Maiziere told Bild that he was now not ruling out permanent German counter espionage surveillance of US, British and French intelligence operations His remarks were echoed by Stephan Mayer, a domestic security spokesman for Mrs Merkel’s ruling Christian Democrats: “We must focus more strongly on our so-called allies,” he said. The plans for “friendly” power surveillance follow last week’s unmasking and arrest of a 31- year-old BND agent who sold top secret German intelligence documents to US officials in return for payments of £25,000. The double agent is reported to have simply emailed Berlin’s American embassy and asked whether officials were interested in “cooperation”. He subsequently downloaded at least 300 secret documents on to USB sticks which he handed to his American spymasters at secret location in Austria. Chancellor Merkel interrupted a current trade visit to China on Monday to describe the scandal as a “very serious development”. She added: “It is a clear contradiction of the notion of trustworthy cooperation”. German politicians have been shocked that the Americans not only failed to report the “double agent” but effectively recruited him."
Germany plans counter-espionage against Britain and US
Telegraph, 7 July 2014

"The Central Intelligence Agency was involved in a spying operation against Germany that led to the alleged recruitment of a German intelligence official and has prompted renewed outrage in Berlin, two U.S. officials familiar with the matter said on Monday. CIA Director John Brennan has asked to brief key members of the U.S. Congress on the matter, which threatens a new rupture between Washington and a close European ally, one of the officials said. It was unclear if and when Brennan's briefing to U.S. lawmakers would take place. The CIA declined any comment on the matter. The office of Germany's Federal Prosecutor, based in the western city of Karlsruhe, late last week issued a statement saying that a 31-year old man had been arrested on suspicion of being a foreign spy, and that investigations were continuing. The statement offered no further details. German politicians have said that the suspect, an employee of the country's foreign intelligence service, admitted passing to an American contact details concerning a German parliamentary committee's investigation of alleged U.S. eavesdropping disclosed by Edward Snowden, a former contractor for the U.S. National Security Agency. The U.S. officials who confirmed the CIA's role spoke on condition of anonymity, and offered no further details."
CIA had role in Germany spy affair
Reuters, 7 July 2014

"Glenn Greenwald, one of the journalists who has worked closely with exiled whistleblower Edward Snowden to reveal the National Security Agency’s mass surveillance programs, says there may be a second leaker providing the NSA’s secrets to the press. Two German media reports co-authored by former WikiLeaks volunteer and current Tor Project employee Jacob Appelbaum are the cause of his suspicion. The first report was published in December by Der Spiegel and describes a 50-page catalog of NSA surveillance tools. The second came last week from the German broadcasters Norddeutscher Rundfunk (NDR) and Westdeutscher Rundfunk (WDR), detailing NSA surveillance of people who use Tor and other online privacy services. Both articles “notably fail to mention anything about the sourcing for the documents,” Greenwald tells U.S. News. “That's particularly notable given that virtually every other article using Snowden documents – including Der Spiegel – specifically identified him as the source.”... Greenwald, who says he maintains regular contact with Snowden, is hopeful his suspicion of a second leaker is correct. "I've long thought one of the most significant and enduring consequences of Snowden's successful whistleblowing will be that he will inspire other leakers to come forward," he says."
Glenn Greenwald Suggests There's a Second NSA Leaker
US News, 7 July 2014

"Ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks, according to a four-month investigation by The Washington Post. Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else. Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or “minimized,” more than 65,000 such references to protect Americans’ privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S.residents. The surveillance files highlight a policy dilemma that has been aired only abstractly in public. There are discoveries of considerable intelligence value in the intercepted messages — and collateral harm to privacy on a scale that the Obama administration has not been willing to address. Among the most valuable contents — which The Post will not describe in detail, to avoid interfering with ongoing operations — are fresh revelations about a secret overseas nuclear project, double-dealing by an ostensible ally, a military calamity that befell an unfriendly power, and the identities of aggressive intruders into U.S. computer networks. Months of tracking communications across more than 50 alias accounts, the files show, led directly to the 2011 capture in Abbottabad of Muhammad Tahir Shahzad, a Pakistan-based bomb builder, and Umar Patek, a suspect in a 2002 terrorist bombing on the Indonesian island of Bali.... Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit s**ual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless.... The cache Snowden provided came from domestic NSA operations under the broad authority granted by Congress in 2008 with amendments to the Foreign Intelligence Surveillance Act. FISA content is generally stored in closely controlled data repositories, and for more than a year, senior government officials have depicted it as beyond Snowden’s reach. The Post reviewed roughly 160,000 intercepted e-mail and instant-message conversations, some of them hundreds of pages long, and 7,900 documents taken from more than 11,000 online accounts. .... Taken together, the files offer an unprecedented vantage point on the changes wrought by Section 702 of the FISA amendments, which enabled the NSA to make freer use of methods that for 30 years had required probable cause and a warrant from a judge. One program, code-named PRISM, extracts content stored in user accounts at Yahoo, Microsoft, Facebook, Google and five other leading Internet companies. Another, known inside the NSA as Upstream, intercepts data on the move as it crosses the U.S. junctions of global voice and data networks. No government oversight body, including the Justice Department, the Foreign Intelligence Surveillance Court, intelligence committees in Congress or the president’s Privacy and Civil Liberties Oversight Board, has delved into a comparably large sample of what the NSA actually collects — not only from its targets but also from people who may cross a target’s path. Among the latter are medical records sent from one family member to another, résumés from job hunters and academic transcripts of schoolchildren. In one photo, a young girl in religious dress beams at a camera outside a mosque. Scores of pictures show infants and toddlers in bathtubs, on swings, sprawled on their backs and kissed by their mothers. In some photos, men show off their physiques. In others, women model lingerie, leaning suggestively into a webcam or striking risque poses in shorts and bikini tops. ... By law, the NSA may “target” only foreign nationals located overseas unless it obtains a warrant based on probable cause from a special surveillance court. For collection under PRISM and Upstream rules, analysts must state a reasonable belief that the target has information of value about a foreign government, a terrorist organization or the spread of nonconventional weapons. Most of the people caught up in those programs are not the targets and would not lawfully qualify as such. “Incidental collection” of third-party communications is inevitable in many forms of surveillance, but in other contexts the U.S. government works harder to limit and discard irrelevant data. In criminal wiretaps, for example, the FBI is supposed to stop listening to a call if a suspect’s wife or child is using the phone.... If Snowden’s sample is representative, the population under scrutiny in the PRISM and Upstream programs is far larger than the government has suggested. In a June 26 “transparency report,” the Office of the Director of National Intelligence disclosed that 89,138 people were targets of last year’s collection under FISA Section 702. At the 9-to-1 ratio of incidental collection in Snowden’s sample, the office’s figure would correspond to nearly 900,000 accounts, targeted or not, under surveillance.... In Snowden’s view, the PRISM and Upstream programs have “crossed the line of proportionality.” “Even if one could conceivably justify the initial, inadvertent interception of baby pictures and love letters of innocent bystanders,” he added, “their continued storage in government databases is both troubling and dangerous. Who knows how that information will be used in the future?For close to a year, NSA and other government officials have appeared to deny, in congressional testimony and public statements, that Snowden had any access to the material."
In NSA-intercepted data, those not targeted far outnumber the foreigners who are
Washington Post, 5 July 2014

"German authorities are pursuing an espionage probe against a man identified by media as a German intelligence officer who may have passed secrets to the U.S. Federal prosecutors said yesterday that a 31-year-old German was arrested on July 2 on suspicion of spying for an unidentified foreign power. Chancellor Angela Merkel’s spokesman, Steffen Seibert, called the case “a serious matter,” declining to elaborate. The Sueddeutsche Zeitung newspaper, citing government officials it didn’t identify, reported today that the man in custody is suspected of informing U.S. agents about an inquiry by German lawmakers into the National Security Agency. The emergence of a double agent on top of two German probes into NSA surveillance and espionage threatens to compound a U.S.-German rift after allegations that the NSA spied on citizens and hacked Merkel’s mobile phone. U.S. Ambassador John Emerson was called in to the Foreign Ministry in Berlin today to help with “an investigation” by federal prosecutors....The man, a support technician for Germany’s BND foreign intelligence agency, met U.S. agents at least three times in Austria between 2012 and 2014 and gave them hundreds of secret documents for which he was paid 25,000 euros ($34,000), Bild newspaper reported, citing security officials it didn’t identify. The documents were seized on a thumb drive containing 218 stolen files and a laptop at the suspect’s home, Bild said."
Germany Holds Spy Suspect as U.S. Espionage Reports Swirl
Bloomberg, 4 July 2014

"In the latest turn in the yearlong tensions with Germany over American spying, a German man was arrested this week on suspicion of passing secret documents to a foreign power, believed to be the United States. The American ambassador, John B. Emerson, was summoned to the Foreign Office here and urged to help with what German officials called a swift clarification of the case. The arrest came as Washington and Berlin were trying to put to rest a year of strains over the National Security Agency’s monitoring of Germans’ electronic data, including Chancellor Angela Merkel’s cellphone, and just months after the collapse of an effort by Germany to strike a “no spy” accord with the White House. While the White House and American intelligence officials refused to comment on the arrest, one senior American official said that reports in the German news media that the 31-year-old man under arrest had been working for the United States for at least two years “threaten to undo all the repair work” the two sides have been trying to achieve. The details of the latest case were murky. The news media reports suggested that the man, a midlevel employee of the Federal Intelligence Service, was originally arrested on suspicion of spying for Russia. The Kremlin has markedly stepped up recruitment of German informants since the uprisings in Ukraine and the resulting sanctions aimed at Russia’s economy. But according to the news reports and the account of the American official, the man told his interrogators he had been working for the United States for some time. German news reports said that his work included reporting on the investigations into the N.S.A.’s activities in Germany, which are the subject of a parliamentary inquiry, but the American official said he had no knowledge of whether that was the case. He spoke on the condition of anonymity to avoid complicating a diplomatically fragile intelligence issue. The Central Intelligence Agency and National Security Agency both declined to comment on the allegations.... If the man had been spying for the United States for two years, as the German news reports say, his recruitment would have predated the disclosures by Edward J. Snowden, the N.S.A. contractor, of the long-running tapping of Ms. Merkel’s cellphone.... The German Parliament is conducting an inquiry into the N.S.A.’s activities in the country, and it heard its first testimony on Thursday from two Americans who formerly worked for the agency. That testimony came hours after a 27-year-old student in Bavaria was identified by name as one of the spy agency’s surveillance targets, the first German other than Ms. Merkel to be named in that way. The testimony on Thursday lasted late into the evening, delayed in part by an extraordinary meeting between the inquiry panel and the control commission that oversees Germany’s intelligence services. The lawmakers were said to have been informed of the arrest of the accused spy at that meeting; attendees at such sessions are sworn to secrecy. Part of the Thursday hearing was conducted in closed session after one of the American witnesses, William E. Binney, a former N.S.A. employee, said he would be discussing important secret information."
German Man Arrested as Spy Implicates U.S.
New York Times, 4 July 2014

"The investigation discloses the following: * Two servers in Germany - in Berlin and Nuremberg - are under surveillance by the NSA. * Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA. * Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states. * The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum"....Months of investigation by the German public television broadcasters NDR and WDR, drawing on exclusive access to top secret NSA source code, interviews with former NSA employees, and the review of secret documents of the German government reveal that not only is the server in Nuremberg under observation by the NSA, but so is virtually anyone who has taken an interest in several well-known privacy software systems.... Normally a user's online traffic - such as emails, instant messages, searches, or visits to websites - can be attributed to the IP address assigned to them by their internet service provider. When a user goes online over the Tor Network, their connections are relayed through a number of Tor nodes using another layer of encryption between each server such that the first server cannot see where the last server is located and vice-versa. Tor is used by private individuals who want to conceal their online activity, human rights activists in oppressive regimes such as China and Iran, journalists who want to protect their sources, and even by the U.S. Drug Enforcement Agency in their efforts to infiltrate criminal groups without revealing their identity. The Tor Project is a non-profit charity based in Massachusetts and is primarily funded by government agencies. Thus it is ironic that the Tor Network has become such a high-priority target in the NSA's worldwide surveillance system....The former NSA director General Keith Alexander stated that all those communicating with encryption will be regarded as terror suspects and will be monitored and stored as a method of prevention, as quoted by the Frankfurter Allgemeine Zeitung in August last year. The top secret source code published here indicates that the NSA is making a concerted effort to combat any and all anonymous spaces that remain on the internet. Merely visiting privacy-related websites is enough for a user's IP address to be logged into an NSA database....The German attorney Thomas Stadler, who specializes in IT law, commented: "The fact that a German citizen is specifically traced by the NSA, in my opinion, justifies the reasonable suspicion of the NSA carrying out secret service activities in Germany. For this reason, the German Federal Public Prosecutor should look into this matter and initiate preliminary proceedings....There are also rules that target users of numerous other privacy-focused internet services, including HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy, privacy.li and an anonymous email service called MixMinion as well as its predecessor MixMaster....Sebastian Hahn, the Tor volunteer who runs Gabelmoo, was stunned to learn that his hobby could interest the NSA: "This shows that Tor is working well enough that Tor has become a target for the intelligence services. For me this means that I will definitely go ahead with the project.” When asked for a reaction to the findings, the Tor Project's Roger Dingledine stated the following: "We've been thinking of state surveillance for years because of our work in places where journalists are threatened. Tor's anonymity is based on distributed trust, so observing traffic at one place in the Tor network, even a directory authority, isn't enough to break it. Tor has gone mainstream in the past few years, and its wide diversity of users - from civic-minded individuals and ordinary consumers to activists, law enforcement, and companies - is part of its security. Just learning that somebody visited the Tor or Tails website doesn't tell you whether that person is a journalist source, someone concerned that her Internet Service Provider will learn about her health conditions, or just someone irked that cat videos are blocked in her location. Trying to make a list of Tor's millions of daily users certainly counts as wide scale collection. Their attack on the bridge address distribution service shows their "collect all the things" mentality - it's worth emphasizing that we designed bridges for users in countries like China and Iran, and here we are finding out about attacks by our own country. Does reading the contents of those mails violate the wiretap act? Now I understand how the Google engineers felt when they learned about the attacks on their infrastructure.” NDR and WDR wanted to know from the NSA how it justified attacking a service funded by the U.S. government, under what legal authority Tor Network users are monitored, and whether the German government has any knowledge of the targeting of servers in Germany. Instead of adressing the questions repeatedly posed to them, the NSA provided the following statement: "In carrying out its mission, NSA collects only what it is authorized by law to collect for valid foreign intelligence purposes - regardless of the technical means used by foreign intelligence targets. The communications of people who are not foreign intelligence targets are of no use to the agency. In January, President Obama issued U.S. Presidential Policy Directive 28, which affirms that all persons - regardless of nationality - have legitimate privacy interests in the handling of their personal information, and that privacy and civil liberties shall be integral considerations in the planning of U.S. signals intelligence activities. The president's  directive also makes clear that the United States does not collect signals intelligence for the purpose of suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion. XKeyscore is an analytic tool that is used as a part of NSA's lawful foreign signals intelligence collection system. Such tools have stringent oversight and compliance mechanisms built in at several levels. The use of XKeyscore allows the agency to help defend the nation and protect U.S. and allied troops abroad. All of NSA's operations are conducted in strict accordance with the rule of law, including the President's new directive." However, the research contradicts the United States' promise to Germany that German citizens are not surveiled without suspicion. Using Tor in Germany does not justify targeting someone, the German attorney Thomas Stadler states: "Tor users do not breach any laws, it is absolutely legitimate to act anonymously on the internet. There are many good reasons to remain anonymous.' ... Other "Five Eyes" partners also operate XKeyscore installations. The United Kingdom's Tempora program runs the largest instance of XKeyscore. Both the software itself and limited access to NSA databases have been shared with so-called "3rd party" partners including Germany. The German foreign intelligence agency BND and the domestic intelligence agency BfV are testing the Software. "
NSA targets the privacy-conscious
DasErste, 3 July 2014

"Internet service providers from around the world are lodging formal complaints against the UK government's monitoring service, GCHQ, alleging it uses malicious software to break into their networks. The claims from seven organisations based in six countries – Germany, the Netherlands, South Korea, the UK, the US and Zimbabwe – will add to international pressure on the government after Edward Snowden's revelations about mass surveillance of the internet by UK and US intelligence agencies. The claims are being filed with the investigatory powers tribunal (IPT), the court in London that assesses complaints about the agencies' activities and misuse of surveillance by government organisations. Most of its hearings are held at least partly in secret. The IPT is already considering a number of related submissions. Later this month it will investigate complaints by human rights groups about the way social media sites have been targeted by GCHQ. The government has defended the security services, pointing out that online searches are often routed overseas and those deemed "external communications" can be monitored without the need for an individual warrant. Critics say that such a legal interpretation sidesteps the need for traditional safeguards. The latest claim is against both GCHQ, located near Cheltenham, and the Foreign Office. It is based on articles published this year in the German magazine Der Spiegel, which alleged that GCHQ had carried out an attack codenamed Operation Socialist on the Belgian telecoms group Belgacom, targeting individual employees with malware (malicious software). One technique was a "man in the middle" attack, which, according to the documents filed at the IPT, bypasses encryption software and "operates by interposing the attacker [GCHQ] between two computers that believe that they are securely communicating with each other. "In fact, each is communicating with GCHQ, who collect the communications, as well as relaying them in the hope that the interference will be undetected." The complaint alleges that the attacks were a breach of the Computer Misuse Act 1990 and an interference with the privacy rights of the employees under the European convention on human rights. The organisations targeted, the submission states, were all "responsible and professional internet service providers". The claimants are: the Chaos Computer Club in Germany; Greenhost in the Netherlands; Jinbonet in South Korea; GreenNet in the UK; Riseup Networks and May First/People Link in the US; and Mango Email Service in Zimbabwe. Their complaint follows articles about mass surveillance in the Guardian based on material released by Snowden. Among the programs said to have been operating were Turbine, which automates the injection of data and can infect millions of machines, and Warrior Pride, which enables microphones on iPhones and Android devices to be remotely activated. The action has been supported by Privacy International, a UK charity that defends and promotes the right to privacy across the world. It points out that: "While the claimants were not directly named in the Snowden documents, the type of surveillance being carried out allows them to challenge the practices in the IPT because they and their users are at threat of being targeted."
ISPs take GCHQ to court in UK over mass surveillance
Guardian, 2 July 2014

"Britain's most secretive court is to hold a rare public hearing to decide whether there is any legal force behind the long-standing political doctrine that the country's intelligence agencies cannot bug the phones or spy on the emails of members of parliament. The Investigatory Powers Tribunal agreed to the hearing after two Green party parliamentarians – Caroline Lucas, MP for Brighton Pavilion, and Lady Jones of Moulsecoomb – complained that disclosures by the whistleblower Edward Snowden made it clear that GCHQ was capturing their communications in breach of the so-called Wilson Doctrine. Kate Grange, counsel for GCHQ, MI5 and MI6, told the IPT on Tuesday that her clients wanted to reserve the right to make submissions on the issue in "closed" – or secret – session, with the public and the media excluded. "It may well be that we would want to say something in closed about the past policy or practice in relation to the Wilson Doctrine," she said. The convention is named after former prime minister Harold Wilson, who pledged in 1966 that MPs' and peers' phones would not be tapped. In December 1997, then prime minister Tony Blair said the doctrine extended to electronic communication, including emails. Prime ministers have the power to reverse the policy. While they must inform MPs of the change, they can choose when to announce it. Lucas and Jones argue that the Wilson Doctrine must have legal force, and complain that GCHQ's bulk interception of electronic communications must be unlawful. The president of the tribunal, Mr Justice Burton, said he wished first to give a judgment on whether or not the doctrine had legal force. At that point, he said, if it did have legal force "we will make our usual inquiries" of the agencies to establish whether the parliamentarians' communications had been intercepted. Burton raised objections to the agencies' suggestion that the issue may need to be considered partly in closed session, on the grounds that it would fuel criticisms that the IPT operated in a Kafkaesque fashion, which he said it did not. But he declined to provide lawyers for Lucas and Jones with a copy of an order that the tribunal had issued to the agencies after the parliamentarians' complaint had been lodged. The government's lawyers say they will neither confirm nor deny the existence of the interception programmes that were disclosed by Snowden. The hearing was adjourned until October."
Top-secret court to weigh ban on MI5 and GCHQ spying on MPs in public
Guardian, 1 July 2014

"If it wasn’t for last minute US government intervention, occurring last night just before the clock hit midnight, we would know the names American’s being spied on by the National Security Agency. Last night at midnight journalist Glenn Greenwald was scheduled to release his biggest story yet, which is a significant claim in its own right as he has published some benchmark work in revealing the domestic spying capabilities of the US government. Greenwald’s release of the names of US citizens – including controversial political activists – who the NSA was targeting was halted for reasons still not fully explained. The announcement came on Greenwald’s Twitter feed hours before the scheduled release when he said “After 3 months working on our story, USG (US Government) today suddenly began making new last-minute claims which we intend to investigate before publishing.” Critics have charged that the NSA has built a mass surveillance state to rival the Nazis, Soviets or Stasis. The publication of the names of US citizens who might be targeted in the US for political rather than national security reasons would market a new low benchmark for the spy agency whose leaders are documented to have lied to the US public and Congress without any accountability. The halting of Greenwald’s release of information comes one day after the Washington Post revealed that the NSA was given approval to spy on US corporations sending e-mail overseas and the government spy agency was permitted to collect information about governments in 193 countries and foreign institutions including the World Bank, the International Monetary Fund and the European Union."
Greenwald Halts Publication of US Citizens Who Are NSA Targets
ValueWalk, 1 July 2014

"A US attempt to force Microsoft to hand over emails held on servers in Ireland has drawn a strong rebuke from Brussels in one of the first tests of cross-border privacy raised by cloud computing. The US demand could contravene international law and should have been handled through the official channels normally used for law enforcement between regions, according to Viviane Reding, vice-president of the European Commission. The case comes as US technology is already caught up in a transatlantic privacy dispute over revelations about widespread US internet surveillance.... Microsoft’s claim that the US enforcement order amounted to an illegal attempt to enforce a warrant beyond US borders has won support in Europe, with Ms Reding weighing in on Microsoft’s side. “The commission’s concern is that the extraterritorial application of foreign laws [and orders to companies based thereon] may be in breach of international law,” she wrote last week in a letter to Sophie in’t Veld, a Dutch member of the European Parliament. She added that the US “may impede the attainment of the protection of individuals guaranteed” in the EU. Rather than trying to force Microsoft to surrender information, she said the US should have relied on the mutual legal assistance treaties that create a framework for co-operation between law enforcement agencies. Ms Reding’s rebuke came in the same week that the US supreme court put new limits on the power of law enforcement agencies to search suspects’ mobile devices. The judges ruled unanimously that searches could not be carried out without a warrant."
EU rebukes US over Microsoft email in first test of privacy
Irish Times, 1 July 2014

"Virtually no foreign government is off-limits for the National Security Agency, which has been authorized to intercept information “concerning” all but four countries, according to top-secret documents. The United States has long had broad no-spying arrangements with those four countries — Britain, Canada, Australia and New Zealand — in a group known collectively with the United States as the Five Eyes. But a classified 2010 legal certification and other documents indicate the NSA has been given a far more elastic authority than previously known, one that allows it to intercept through U.S. companies not just the communications of its overseas targets but any communications about its targets as well. The certification — approved by the Foreign Intelligence Surveillance Court and included among a set of documents leaked by former NSA contractor Edward Snowdenlists 193 countries that would be of valid interest for U.S. intelligence. The certification also permitted the agency to gather intelligence about entities including the World Bank, the International Monetary Fund, the European Union and the International Atomic Energy Agency. The NSA is not necessarily targeting all the countries or organizations identified in the certification, the affidavits and an accompanying exhibit; it has only been given authority to do so. Still, the privacy implications are far-reaching, civil liberties advocates say, because of the wide spectrum of people who might be engaged in communication about foreign governments and entities and whose communications might be of interest to the United States."
Court gave NSA broad leeway in surveillance, documents show
Washington Post, 30 June 2014

"The number of phone numbers searched under the National Security Agency's phone-data surveillance program increased by 50 percent last year, according to a report that otherwise provides scant new information on the numbers of Americans and foreigners subject to U.S. surveillance. The report, by the Director of National Intelligence, focused on the mechanics of a network of surveillance programs that sweep up millions of American phone records and gain indirect access to 75 percent of the nation's telecom infrastructure to facilitate those searches. The report, the first such effort under new Obama administration guidelines pledging greater transparency, was as notable for what it left out as what it provided. For example, the report provides no acknowledgment of the millions of American phone records collected by the NSA to build its database for searches, nor did it provide the number of Americans whose communications get swept up in the process of investigating foreign intelligence targets. The 50 percent increase in phone numbers searched, for example, represents a relatively small number: 423, up from 288 in 2012. Until Friday, the only recent statistic officials had provided on the program was the 2012 figure. However, those figures represent the number of terror suspects whose phone numbers are searched daily against continual, new data dumps of American phone records, and any connection can be searched two degrees out from the original phone number to create vastly larger groups of individuals whose records are examined. The government also for the first time reports the number of known or presumed U.S. persons who were the subjects of data queries in 2013 was 248. "U.S. person" is a term of art for American citizens and people who are in the country legally."
NSA phone searches increased by 50 percent in 2013, report finds
Fox News, 28 June 2014

"Activists flew a blimp emblazoned with the words "Illegal Spying Below" over the National Security Agency's data centre in Utah on Friday in protest against the US government's mass surveillance programmes. The one-hour flight was carried out by the environmental group Greenpeace, digital rights activists the Electronic Frontier Foundation and a conservative political organisation, the Tenth Amendment Centre. The 41 metre (135ft) blimp, owned by Greenpeace, was adorned with a sign that read "NSA Illegal Spying Below". In an email to Reuters the agency declined to comment. But a spokesman did note there was no restricted airspace over the data centre, housed on the grounds of the Utah National Guard's Camp Williams in Bluffdale, 23 miles (37km) south of Salt Lake City. The NSA says the facility provides the government with intelligence and warnings about cyber security threats. It is thought to be the agency's largest data storage centre. The blimp protest coincided with the launch of an online campaign that rates members of Congress on actions the activists say either further or stop data collection efforts by the NSA. Greenpeace said the report cards on the site standagainstspying.org were created by analysing NSA reform bills in Congress and weighting proposals on the degree to which they would end mass data collection. "Our right to privacy is not a partisan issue. It's a human rights issue," said Michael Boldin, founder of Tenth Amendment Centre, which advocates for decentralised government. "This coalition gives great hope for the future because it shows that people across the political spectrum can set aside differences to work together."
'Illegal Spying Below': blimp flies over NSA data centre in surveillance protest
Guardian, 28 June 2014

"Ford and Intel unveiled a joint research project on Wednesday called Mobile Interior Imaging, or "Project Mobii," to utilize interior cameras, facial recognition software, and data analytics to create a more personalized interaction between driver and vehicle. "Mobii is a great example of culture of experimentation. I don't know what the user interface of the future is going to be. I know that increasingly, I've got sensors, cameras, technology,"  said Don Butler, who has been the executive director of connected vehicles and services for Ford since January. "So [we said] let's try to mash some stuff together and see what happens," Butler told ZDNet/TechRepublic. Project Mobii is still in its experimental phase, but researchers are looking to use it to make the car's user interface experience more seamless and intuitive. One use for the system: driver authentication. Once a driver enters the vehicle, a front-facing camera snaps a photo. If the driver is recognized, their personalized data -- such as contacts and music -- syncs to the vehicle. If they are not recognized, a photo is sent to the primary owner of the vehicle, and the owner can set restrictions or permissions from a smartphone. Also, if a child gets into a parent's vehicle, it could allow the parent to adjust music volume, speed limits, and phone access from afar.... In a separate announcement the same day, Ford also revealed plans for SYNC 911 Assist, which will be featured on the 2015 Mustang. The system will offer more direct route to emergency assistance by connecting a mobile phone and improve the overall safety and connectivity of the vehicle. Upon entering the vehicle, the driver must give consent that their location and data can be sent to those services."
Ford moves toward facial recognition and gesture UI in the car
ZD Net, 26 June 2014

"The chief of Britain's MI6 foreign intelligence service will step down in November after five years in the job, a government source said on Thursday. John Sawers, a peer, is believed to have wanted to relinquish his sensitive role as Chief of the Secret Intelligence Service before a national election next year. He will step down around the same time as the head of Britain's GCHQ eavesdropping agency leaves his post. Sawers, 58, made headlines in 2013 when he appeared before a parliamentary committee to complain that documents leaked by former U.S. intelligence operative Edward Snowden had put secret operations at risk and were being "lapped up" by al Qaeda. MI6 collects intelligence and mounts covert operations overseas to defend national security and support British interests. A quirky tradition means that its chief writes in green ink and is known internally as "C". Sawers served as Britain's permanent representative to the United Nations until his appointment as MI6 chief in 2009. He had previously worked as a foreign policy adviser to former prime minister Tony Blair and in a variety of diplomatic posts. His successor will be approved by Foreign Secretary William Hague and Prime Minister David Cameron."
Britain's foreign spy master John Sawers to step down
Reuters, 26 June 2014

"The security services came under fire tonight for the “shockingly high” number of times that individuals’ privacy was breached because of bureaucratic blunders by officers. The failings were exposed by Sir Mark Waller, the intelligence services commissioner, who listed a series of mistakes by MI5, MI6, GCHQ and Government departments. Sir Mark examined 318 warrants authorising covert surveillance and undercover operations last year, around one in six of those issued in 2013. He uncovered errors in 33, all of which he attributed to human error which had led to “unacceptable” invasions of privacy. In a report to David Cameron, he said he was satisfied the mistakes were not deliberate and the security services were complying with the Regulation of Investigatory Powers Act. But Rachel Robinson, the policy officer for Liberty, said: “The spooks’ shockingly high error rate makes a mockery of people’s privacy. “That they have supposedly complied with the rusting provisions of RIPA, but may well have fallen foul of human rights protections, is further proof of the need for a total overhaul of our outdated surveillance laws.” The Liberal Democrat MP Julian Huppert described the findings as “very alarming”. He said: “It is clear safeguards are not working as they are supposed to, and on several occasions this allowed the agencies to monitor people without authorisation.” He added: “Intercepting people’s private conversations is a very intrusive power, and while it is necessary in some cases, it should never be happening without authorisation.” Sir Mark examined 19 mistakes made by MI5, of which 11 occurred because officers did not obtain the correct paperwork, while six were classified as “procedural errors”. One occurred when wrong information was inputted into computer systems and one because authorisation for an operation was cancelled before listening equipment was removed. Sir Mark said: “In most instances I was satisfied with the answers but still discussed the errors during my inspection and made clear that any error, but especially those which led to intrusion into privacy, were not acceptable.” There were 10 mistakes by MI6, all of which resulted in “intrusions into privacy to some degree”, but none were deliberate.... Six were described as “procedural errors”, three because the correct paperwork was not obtained and one where the wrong information was added to a computer system. Three mistakes were made by the GCHQ listening post in Cheltenham, of which two were “procedural errors” and one was an inputting mistake. The Home Office made an error in processing an MI5 warrant by getting the date wrong, while the Ministry of Defence made two mistakes. Sir Mark urged the agencies to apply a “test of proportionality” before approving any operation were privacy could be invaded – and to make clear the justification for the move in the wording of warrants."
Secret services blasted for 'shockingly high' numbers of individual privacy breaches
Independent, 26 June 2014

"The US supreme court delivered a landmark endorsement of electronic privacy on Wednesday, ruling that police must obtain a warrant to search the contents of cellphones seized from people they have arrested. All nine justices joined the ruling on a case hailed by civil liberties campaigners as a crucial test of the rights of individuals to be protected against intrusion into their ever-expanding digital lives. The opinion of the court, delivered by chief justice John Roberts, recognised that many owners of modern cellphones “keep on their person a digital record of nearly every aspect of their lives”, which may disclose a uniquely large volume of personal information if searched. "Modern cell phones are not just another technological convenience," Roberts wrote. “With all they contain and all they may reveal, they hold for many Americans the privacies of life. Reading his ruling from the bench, Roberts went on: “The fact that technology now allows an individual to carry such information in his hand does not make the information any less worthy of the protection for which the founders fought. Our answer to the question of what police must do before searching a cell phone seized incident to an arrest is accordingly simple – get a warrant.” The justices considered together two separate cases relating to men whose cellphones were searched after their arrests in California and Massachusetts. Both men were convicted of crimes after information recovered from their phones led police to other evidence. The court sided with arguments put forward in April by lawyers backed by the American Civil Liberties Union and the Electronic Privacy Information Center, who said that these warrantless cellphone searches were not permitted under the fourth amendment of the constitution, which protects Americans from unreasonable searches."
Supreme court endorses cellphone privacy rights in sweeping ruling
Guardian, 25 June 2014

"'There is no programme of mass surveillance and there is no surveillance state," Home Secretary Theresa May has said. Speaking at the Lord Mayor's Defence and Security Lecture at Mansion House, in the City of London, Mrs May dismissed recent criticism of the activities of the security services.  Privacy campaigners have accused surveillance agency GCHQ of using "unlawful hacking" to spy on citizens. But Mrs May said this was "nonsense". The government has defended its use of surveillance powers since documents leaked by former Central Intelligence Agency technical worker Edward Snowden were first published by the Guardian and Washington Post newspapers in 2013. ... Charles Farr, the director general of the Office for Security and Counter-Terrorism, said last week that GCHQ can legally snoop on British use of Google, Facebook and web-based email without specific warrants because the firms are based abroad. But Mrs May said: "Some people have alleged that GCHQ is exploiting a technical loophole in legislation that allows them to intercept external communications - that is, communications either sent or received outside the UK - at will and without authorisation. This is... nonsense." She also denied that the security services were able to ask "their counterparts overseas to undertake activity that would be unlawful if they conducted it themselves". Surveillance powers were only ever used "when they are necessary and proportionate", she said. But Mrs May warned that it would be "cavalier and reckless" to let the public know details of which terrorist plots had been thwarted by the security services.... Eric King, deputy director of Privacy International, said the surveillance was the modern equivalent of the government entering someone's house and reading their diary, correspondence and journals. The freedom GCHQ and the NSA had to carry out surveillance was equivalent to "covert, complete, real-time physical and electronic surveillance", he said. "Arbitrary powers such as these are the purview of dictatorships, not democracies," he said. "Unrestrained, unregulated government spying of this kind is the antithesis of the rule of law and government must be held accountable for their actions.""
Theresa May: There is no surveillance state
BBC Online, 24 June 2014

"The British government has been accused of breaking the law by forcing telecoms and internet providers to retain records of phone calls, texts and internet usage, months after Europe's highest court said that such data retention breaches citizens' fundamental right to privacy. Now it could face a high court challenge that would force it to strike down the law, enacted in 2009 by the previous Labour administration. The Data Retention (EC Direction) Act of 2009 was implemented by the last Labour government in response to the 2006 EU data retention directive, which required member states to store citizens' telecoms data for a minimum of six months and a maximum of 24 months. Britain's implementation requires providers to keep data for 18 months. In April, the European court of justice declared the directive invalid. In an opinion delivered in January, the court's advocate general, Pedro Cruz Villalón, said that it constituted a "serious interference with … the right to privacy and the right to protection of personal data". But despite the fact that the directive which mandated the creation of the UK act was struck down, the UK government has not yet moved to invalidate the Act. Answering a parliamentary question from Liberal Democrat MP Julian Huppert the Home Office minister James Brokenshire revealed last week that the government had explicitly notified telecoms providers that "they should continue to observe their obligations as outlined in any notice", despite the ruling. A Home Office spokesman said the department was "looking at the issue as a matter of urgency, and deciding what steps need to be taken to ensure public authorities can continue to access communications data. "However, we have advised communications service providers that the UK Data Retention (EC Directive) Regulations 2009 remain in force." The Home Office added that "the retention of communications data is absolutely fundamental to ensure law enforcement have the powers they need to investigate crime, protect the public and ensure national security”."
British government 'breaking law' in forcing data retention by companies
Guardian, 24 June 2014

  "Newly uncovered components of a digital surveillance tool used by more than 60 governments worldwide provide a rare glimpse at the extensive ways law enforcement and intelligence agencies use the tool to surreptitiously record and steal data from mobile phones. The modules, made by the Italian company Hacking Team, were uncovered by researchers working independently of each other at Kaspersky Lab in Russia and the Citizen Lab at the University of Toronto’s Munk School of Global Affairs in Canada, who say the findings provide great insight into the trade craft behind Hacking Team’s tools. The new components target Android, iOS, Windows Mobile, and BlackBerry users and are part of Hacking Team’s larger suite of tools used for targeting desktop computers and laptops. But the iOS and Android modules provide cops and spooks with a robust menu of features to give them complete dominion over targeted phones. They allow, for example, for covert collection of emails, text messages, call history and address books, and they can be used to log keystrokes and obtain search history data. They can take screenshots, record audio from the phones to monitor calls or ambient conversations, hijack the phone’s camera to snap pictures or piggyback on the phone’s GPS system to monitor the user’s location. The Android version can also enable the phone’s Wi-Fi function to siphon data from the phone wirelessly instead of using the cell network to transmit it. The latter would incur data charges and raise the phone owner’s suspicion. “Secretly activating the microphone and taking regular camera shots provides constant surveillance of the target—which is much more powerful than traditional cloak and dagger operations,” notes Kaspersky researcher Sergey Golovanov in a blog post about the findings. It’s long been known that law enforcement and intelligence agencies worldwide use Hacking Team’s tools to spy on computer and mobile phone users—including, in some countries, to spy on political dissidents, journalists and human rights advocates. This is the first time, however, that the modules used to spy on mobile phone users have been uncovered in the wild and reverse-engineered. Kaspersky and Citizen Lab discovered them after developing new methods to search for code fragments and digital certificates used by Hacking Team’s tools. The modules work in conjunction with Hacking Team’s core surveillance tool, known as the Remote Control System, which the company markets under the names Da Vinci and Galileo. In a sleek marketing video for Galileo, Hacking Team touts the tool as the perfect solution for obtaining hard-to-reach data—such as data taken by a suspect across borders or data and communications that never leave the target’s computer and therefore can’t be siphoned in transit. “You want to look through your targets’s eyes,” says the video. “While your target is browsing the web, exchanging documents, receiving SMS….” Hacking Team’s tools are controlled remotely through command-and-control servers set up by Hacking Team’s law enforcement and intelligence agency customers to monitor multiple targets.Kaspersky has tracked more than 350 command-and-control servers created for this purpose in more than 40 countries. While Kaspersky found only one or two servers in most of these countries, the researchers found 64 in the United States—by far the most. Kazakhstan followed with 49, Ecuador with 35 and the United Kingdom with 32. It’s not known for certain whether law enforcement agencies in the U.S. use Hacking Team’s tool or if these servers are used by other governments. But as Kaspersky notes, it makes little sense for governments to maintain their command servers in foreign countries where they run the risk of losing control over the servers."
Researchers Find and Decode the Spy Tools Governments Use to Hijack Phones
Wired, 24 June 2014

"European officials have often acted as though excessive government surveillance was solely an American problem. The recent release of a legal statement from a senior British counterterrorism official, Charles Farr, shows that the United States government is certainly not alone in justifying such practices. The statement lays out the authority British intelligence agencies claim to have in intercepting communications carried by Internet sites like Google, Facebook and Twitter, even if those messages are between people located within the country. It says the government can legally sift through and read emails, Internet searches and other activity on those services because they are “external communications” — provided by foreign companies — for the purposes of British law. (“Internal communications,” like domestic phone calls and text messages, however, cannot be intercepted unless the officials first obtain a warrant based on suspicion of illegal activity.) Mr. Farr’s statement was filed as part of the British government’s response to a legal case brought by Privacy International, Amnesty International and other public interest groups against the government. The groups are trying to stop the bulk collection of communications data by intelligence agencies. The government neither admits nor denies that it is conducting mass surveillance on Britons, according to the statement. But it is hard to believe that officials would concoct this “external communications” rationale for bulk data collection if they did not intend to amass and sift through the information. Next month, the Investigatory Powers Tribunal, a British court, will hold hearings in which Mr. Farr and others are expected to testify. The court has usually ruled in favor of the government, and it usually operates in secret. This time, however, the hearings will be open to the public, providing an important forum for this issue. Privacy groups are asking the court to shut down mass surveillance. If the court rules in favor of the government, the groups are prepared to go to the European Court of Justice, the highest court of the European Union. In April, that court struck down a European Union directive that required communications companies to retain data about their customers for up to two years so governments could have access to the information. European governments have been more serious about protecting consumer privacy against Internet companies and advertisers than the United States has been. But many countries, like Britain, Germany and France, have given law enforcement and intelligence agencies a free hand to monitor private communications, according to a recent report from the Center for Democracy & Technology. Given what has been learned about government surveillance in the last year, courts in Europe should make sure government officials meet a high burden of proof before they get access to private communications."
Mass Surveillance in Britain
New York Times, 21 June 2014

"This week German news magazine Der Spiegel published the largest single set of files leaked by whistleblower and former US National Security Agency contractor Edward Snowden. The roughly 50 documents show the depth of the German intelligence agencies' collusion with the NSA. They suggest that the German Intelligence Agency (BND), the country's foreign spy agency, and the Office for the Protection of the Constitution (BfV), the German domestic spy agency, worked more closely with the NSA than they have admitted - and more than many observers thought. The documents as published by Der Spiegel offer glimpses, but not a comprehensive view of what is essentially a transatlantic spy alliance. An NSA document from January 2013 shows the spirit of cooperation that existed between the NSA and first the BND and then the BfV, as well as the German Federal Office for Information Security (BSI). The documents also show that the BND has been "eager" for closer ties with the NSA on an analytical and operational level since 1962. Among its "success stories," the documents praise how the German government was able to weaken the public's protection from surveillance. "The German government has changed its interpretation of the G10 law, which protects German citizens' communications, to allow the BND to be more flexible with the sharing of protected information with foreign partners." Germany's G10 law regulates in what circumstances its intelligence agencies are allowed to break Article 10 of the German constitution, which guarantees the privacy of letters and telecommunications. Malte Spitz, member of the German Green party and spokesman for the Federal Association of Media and Internet policy, is always concerned when the NSA celebrates such "successes" in Europe. "The important question is whether the chancellery helped the agencies to get the permissions that made far-reaching surveillance possible by offering an alternative interpretation of the G10 law," he said."
New leaks show Germany's collusion with NSA
Deutsche Welle, 21 June 2014

"Since he obtained and published Edward Snowden’s leaked National Security Agency documents a little more than a year ago, journalist Glenn Greenwald said people have told him over and over that government surveillance does not concern them. “Those people don’t believe what they’re saying,” he told a sold-out audience last week at the Nourse Theater in San Francisco. To illustrate this, every time someone would come up to Greenwald and say they didn’t mind people knowing what they were doing because they had nothing to hide, he would proceed with the same two steps: first, by giving them his email address and then by asking them to send him all their email and social media passwords — just so he could have a look. “I’ve not had one single person send me them,” he said, as the room swelled with laughter. “And I check my email box constantly!” The humorous anecdote, Greenwald said, exemplifies how people instinctively understand how privacy is vital to who we are. Just as much as we need to be social, we need a place where we can go to learn and think without others passing judgment on us. “Privacy is embedded in what it means to be human and always has been across time periods and across cultures,” Greenwald said. Greenwald recalled prominent figures who have tried to distance themselves from this fundamental need. Eric Schmidt, CEO of Google, said in an interview in 2009, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” But four years before, Schmidt blacklisted CNET after it published an article on privacy concerns that listed where he lives, his salary, his political contributions, and his hobbies — all obtained from a 30-minute Google search."
Glenn Greenwald: 'What I Tell People Who Say They Don’t Care About Their Privacy'
Alternet, 20 June 2014

"The UK government's legal justification for mass surveillance of the internet risks undermining public confidence in the intelligence services, a former Conservative security minister has warned. Speaking at a debate in University College London, Lady Neville-Jones, who has chaired Whitehall's joint intelligence committee, backed calls for the law governing surveillance, the Regulation of Investigatory Powers Act (Ripa) to be tightened up. Neville-Jones, who served as security and counter-terrorism minister between 2010 and 2011, is normally a staunch defender of the way the security services operate. Earlier this week an explanation of the legal basis on which GCHQ, the monitoring agency, intercepts emails as well as searches on Google, Twitter, Facebook and YouTube, was published. The government's most senior security official, Charles Farr, said emails sent overseas or received from abroad, as well as most online searches, which use foreign servers, are deemed to be "external communications" and can therefore be monitored without the need for a specific intercept warrant. Critics accused him of exploiting a loophole in the law. Addressing a debate on surveillance organised by the law firm Bindmans, Neville-Jones expressed strong reservations about Farr's argument. "If it's the case that officials are exploiting loopholes in the law to get externally generated information that they would not otherwise be able to get [without a warrant] then that's something I would not endorse," she said. "That kind of suggestion would undermine confidence in the system if that is what is happening and we need to tighten it up. "The problem is that Ripa is not an old act [but] … there's more detail that needs to be put into it and more regulation of procedure. It probably needs to cover areas that were previously not thought to be important." A failure to explain sufficiently to the public what is being done in their name has bred a climate of mistrust, she implied. "I don't think everything is hunky-dory. It's about time ministers explained the system and didn't leave it to judges and officials. I think we can improve on the law. Ripa does need at the very least tightening up, others would say reformulating." Any distinction between domestic and external affairs is breaking down in a more globalised world, she added, and should not be the legal basis for how surveillance is conducted. The former security minister denied the UK was a "surveillance state" but said it was entirely reasonable that citizens should want assurances about the way it was carried out."
Online surveillance undermines trust in intelligence services, says Tory peer
Guardian, 19 June 2014

"Microsoft's top lawyer says the fallout of the NSA spying scandal is "getting worse," and carries grim implications for US tech companies. In a speech at the GigaOm Structure conference in San Francisco on Thursday, Microsoft general counsel Brad Smith warned attendees that unless the US political establishment figures out how to rein in its spy agencies, there could be heavy repercussions for tech companies. "What we've seen since last June is a double-digit decline in people's trust in American tech companies in key places like Brussels and Berlin and Brasilia. This has put trust at risk," Smith said. "The longer we wait or the less we do the worse the problem becomes," he explained. "We are seeing other governments consider new procurement rules – procurement rules that could effectively freeze out US-based companies."
Microsoft: NSA security fallout 'getting worse' ... 'not blowing over'
The Register, 19 June 2014

"So now we know. The government has set out the legal basis for its mass surveillance of communications data. The director general of the Office for Security and Counter-Terrorism, Charles Farr, has explained – in a confusing departure from a previous argument – that when communication involves a foreign-based platform it can be treated not as "internal", needing a warrant to intercept, but as "external". This comprehensive ruling means that each tweet, each update on a Facebook page, and most webmail becomes a legitimate target with no need for a warrant, even where it is between two British citizens. But since every communication – down to the merest text message – has to be examined to see which category it falls into, literally nothing is truly private. The legal basis for all this is the Regulation of Investigatory Powers Act (Ripa), hurried through parliament in 2000 with only cursory examination. Like the credit agencies nodding through the poisoned debt packages sold by traders before the 2008 crash, no one fully grasped its implications at the time, and since its passage, the technology landscape has been almost entirely redrawn. In 2000 there was no Facebook, no Twitter and Google had only just moved out of a garage in Menlo Park, California. This is the act that the law professor Conor Gearty has described as an "accomplice to secrecy and official impunity". Mr Farr argues that the contents of the dragnet created by the Tempora and Prism programs are only examined when evidence gathered from other sources justifies it. But his submission acknowledges that, just as trawling for tuna risks sometimes catching dolphins, sometimes properly private communications will be included. And while in theory the law allows those who fear they have been wrongly put under surveillance to apply for compensation, the Investigatory Powers Tribunal exists only to ensure the law has been followed by all the public bodies that operate under its authority. It will never either admit surveillance has been carried out, which the security services say could drive the subject underground, or deny it, since that risks allowing the subject to operate with impunity. According to the Commons home affairs committee, the Investigatory Powers Tribunal has upheld 0.68% of complaints it has heard. None was against the security services. British citizens are not indifferent to privacy. There was outrage when a council was found to be using its Ripa powers to monitor residence qualifications for a local school, and widespread disquiet at the information commissioner Richard Thomas's finding back in 2006 that a surveillance society now existed. Yet the implications of the Edward Snowden revelations, of Britain and the US sweeping up the minutiae of our online lives, are still under-appreciated. That needs to change. The government always insists that the security services are rigorously supervised, their actions scrutinised by judges – who therefore should also be under greater scrutiny – and then by parliament. Yet the intelligence and security committee was completely unaware of the extent of cyberspace surveillance. Parliament must find some backbone in the face of the advance of the security state. Here is a simple prescription. Rather than try to wrestle with the details of the technology, focus on the one vital principle: the right to privacy. Internet communications between UK citizens should be as sacrosanct as a letter."
The Guardian view on the government's right to snoop
Guardian, 18 June 2014

"Huge volumes of private emails, phone calls, and internet chats are being intercepted by the National Security Agency with the secret cooperation of more foreign governments than previously known, according to newly disclosed documents from whistleblower Edward Snowden. The classified files, revealed today by the Danish newspaper Dagbladet Information in a reporting collaboration with The Intercept, shed light on how the NSA’s surveillance of global communications has expanded under a clandestine program, known as RAMPART-A, that depends on the participation of a growing network of intelligence agencies. It has already been widely reported that the NSA works closely with eavesdropping agencies in the United Kingdom, Canada, New Zealand, and Australia as part of the so-called Five Eyes surveillance alliance. But the latest Snowden documents show that a number of other countries, described by the NSA as “third-party partners,” are playing an increasingly important role – by secretly allowing the NSA to install surveillance equipment on their fiber-optic cables. The NSA documents state that under RAMPART-A, foreign partners “provide access to cables and host U.S. equipment.” This allows the agency to covertly tap into “congestion points around the world” where it says it can intercept the content of phone calls, faxes, e-mails, internet chats, data from virtual private networks, and calls made using Voice over IP software like Skype. The program, which the secret files show cost U.S. taxpayers about $170 million between 2011 and 2013, sweeps up a vast amount of communications at lightning speed. According to the intelligence community’s classified “Black Budget” for 2013, RAMPART-A enables the NSA to tap into three terabits of data every second as the data flows across the compromised cables – the equivalent of being able to download about 5,400 uncompressed high-definition movies every minute.... the documents point towards some of the countries involved – Denmark and Germany among them. An NSA memo prepared for a 2012 meeting between the then-NSA director, Gen. Keith Alexander, and his Danish counterpart noted that the NSA had a longstanding partnership with the country’s intelligence service on a special “cable access” program. Another document, dated from 2013 and first published by Der Spiegel on Wednesday, describes a German cable access point under a program that was operated by the NSA, the German intelligence service BND, and an unnamed third partner. The Danish and German operations appear to be associated with RAMPART-A because it is the only NSA cable-access initiative that depends on the cooperation of third-party partners. Other NSA operations tap cables without the consent or knowledge of the countries that host the cables, or are operated from within the United States with the assistance of American telecommunications companies that have international links. One secret NSA document notes that most of the RAMPART-A projects are operated by the partners “under the cover of an overt comsat effort,” suggesting that the tapping of the fiber-optic cables takes place at Cold War-era eavesdropping stations in the host countries, usually identifiable by their large white satellite dishes and radomes. A shortlist of other countries potentially involved in the RAMPART-A operation is contained in the Snowden archive. A classified presentation dated 2013, published recently in Intercept editor Glenn Greenwald’s book No Place To Hide, revealed that the NSA had top-secret spying agreements with 33 third-party countries, including Denmark, Germany, and 15 other European Union member states... For any foreign government, allowing the NSA to secretly tap private communications is politically explosive, hence the extreme secrecy shrouding the names of those involved. But governments that participate in RAMPART-A get something in return: access to the NSA’s sophisticated surveillance equipment, so they too can spy on the mass of data that flows in and out of their territory. The partnership deals operate on the condition that the host country will not use the NSA’s spy technology to collect any data on U.S. citizens. The NSA also agrees that it will not use the access it has been granted to collect data on the host countries’ citizens. One NSA document notes that “there ARE exceptions” to this rule – though does not state what those exceptions may be. According to Snowden, the agreements that the NSA has in place with its partners are lax and easily circumvented. In a statement to the European parliament in March, he used Denmark and Germany as examples to describe how the NSA had effectively established what he called a “European bazaar” for surveillance. “An EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn’t search it for Danes, and Germany may give the NSA access to another on the condition that it doesn’t search for Germans,” Snowden said. “Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements.
How Secret Partners Expand NSA’s Surveillance Dragnet
The Intecept, 18 June 2014

"Any social media – Twitter, Facebook posts or YouTube postings – are legal targets for mass online surveillance, Charles Farr, director general of the Office for Security and Counter Terrorism at the Home Office, argues. This is hardly surprising. What Farr's analysis of the legal status of online surveillance also reveals is the government's belief that documents and direct messages on Twitter and Facebook are also legal targets, which can be monitored without a warrant, if they are hosted outside the UK. Thus virtually anything involving Google's servers, none of which is in the UK, is "external communication". Farr's 48 page, 162 paragraph statement was made in response to the case brought by Privacy International with Amnesty International against the UK government before the Regulation of Investigatory Powers Tribunal (which is meant to oversee how well the government follows Ripa, its own Regulation of Investigatory Powers Act). It is a detailed document which invokes a lot of dancing around the subject. For instance, he will neither confirm nor deny the authenticity of the Edward Snowden documents which formed the basis of the Guardian's story on Tempora, the cable tapping operation that has led to this case. This creates the conflicting situation of one part of the government insisting that the documents' carriage poses a serious security threat, while Farr is insisting that it has "not accepted the provenance" of the same documents. The document explains how, in the eyes of the government, even our searches of Google and YouTube are fair game for monitoring. As Farr explains, a Google search "is a communication between the searcher's computer and Google's web server" and, as he points out, "its largest centres are in the US, and its largest European centres are outside the British Islands". Hence, he says, searching on Google or its video subsidiary YouTube falls under "external communications", and so doesn't trouble Ripa. Similarly with Facebook private messages, and though it isn't explicitly mentioned Twitter direct messages, both of which you would normally expect to be private. If either side isn't in the UK, then it can be tapped via Tempora. The reaction of Google and Facebook to Farr's statement has been brisk. A Google spokesperson said: "We disclose user data to governments in accordance with the law, and we review all such requests carefully. Google has not joined any program that would create a 'back door' for government to access private user data." The spokesperson also reiterated Google's point that "government does not have access to Google's servers". Facebook declined to comment, though sources close to the company suggested that enhanced encryption now being deployed should make it increasingly difficult for governments, whether in the US, UK or elsewhere, to tap into private discussions. Farr, however, is unrepentant: "The only practical way in which the government can ensure that it is able to obtain at least a fraction of the type of communication in which it is interested is to provide for the interception of a large volume of communications," he writes. And as he sets out, many of those might be messages you thought were private."
Why the government believes the law is on its side on social media interceptions
Guardian, 17 June 2014

"Over the past 12-18 months, there’s been an increased level of scrutiny applied to the various ways local, state, and federal law enforcement officials track and monitor the lives of ordinary citizens. One tool that’s come under increasing fire is the so-called stingray — a fake cell phone tower that law enforcement officials deploy to track a suspect, often without a warrant or any other formal approval. A stingray is a false cell phone tower that can force phones in a geographical area to connect to it. Once these devices connect, the stingray can be used to either hone in on the target’s location or, with some models, actually eavesdrop on conversations, text messages, and web browser activity. It’s not clear how much the police cooperate with the cell phone carriers on this — in at least some cases, the police have gone to carriers with requests for information, while in others they seem to have taken a brute-force approach, dumping the data of every single user on a given tower and then sorting it to find the parties they’re interested in tracking. Stingrays can be used to force the phone to give up its user details, making it fairly easy for the police to match devices and account holders."
Stingray, the fake cell phone tower cops and carriers use to track your every move
ExtremeTech, 17 June 2014

"The Eleventh Circuit Court of Appeals said no this week to tracking your movements using data from your cell phone without a warrant when it declared that this information is constitutionally protected. The case, United States v. Davis , is important not only because it provides substantive and procedural protections against abuse of an increasingly common and highly invasive surveillance method. It also provides support for something Christopher Sprigman and I have said before — that the government’s other “metadata” collection programs are unconstitutional. The Davis decision, in effect, suggests that the U.S. government’s collection of all kinds of business records and transactional data — commonly called “metadata” — for law enforcement and national security purposes may also be unconstitutional. Your phone sends signals to the nearest cell towers so that the communications network system knows where to route a call should one come in. Many providers collect and store the location of towers a customer connects to at the beginning and end of the call for billing purposes. FBI agents in Davis obtained these records without a search warrant and used them to place the defendant, Quartavious Davis, near the scene of a number of robberies."
New Ruling Shows the NSA Can’t Legally Justify Its Phone Spying Anymore
Wired, 13 June 2014

"The Electronic Frontier Foundation (EFF) has urged a federal court to block a U.S. search warrant ordering Microsoft to turn over a customer's emails held in an overseas server, arguing that the case has dangerous privacy implications for Internet users everywhere. The case started in December of last year, when a magistrate judge in New York signed a search warrant seeking records and emails from a Microsoft account in connection with a criminal investigation. However, Microsoft determined that the emails the government sought were on a Microsoft server in Dublin, Ireland. Because a U.S. judge has no authority to issue warrants to search and seize property or data abroad, Microsoft refused to turn over the emails and asked the magistrate to quash the warrant. But the magistrate denied Microsoft's request, ruling there was no foreign search because the data would be reviewed by law enforcement agents in the U.S. Microsoft appealed the decision. In an amicus brief in support of Microsoft, EFF argues the magistrate's rationale ignores the fact that copying the emails is a "seizure" that takes place in Ireland. "The Fourth Amendment protects from unreasonable search and seizure. You can't ignore the 'seizure' part just because the property is digital and not physical," said EFF Staff Attorney Hanni Fakhoury. "Ignoring this basic point has dangerous implications – it could open the door to unfounded law enforcement access to and collection of data stored around the world." The government has argued that allowing a U.S. judge to order the collection of data stored abroad is necessary, because international storage would make it easy for U.S. Internet companies to avoid complying with search warrants. But Microsoft asserts that the government's legal theory could hurt U.S. technology companies that are trying to do business internationally. Additionally, EFF argues in its amicus brief that the government's approach hurts Internet users globally, as it would allow the U.S. to obtain electronic records stored abroad without complying with mutual assistance treaty obligations or other nations' own laws."
EFF to Court: U.S. Warrants Don't Apply to Overseas Emails
EFF, 13 June 2014

"For the first time, a federal appeals court has ruled that law enforcement must obtain a warrant to get people’s phone location histories from their cell service companies. “The court’s opinion is a resounding defense of the Fourth Amendment’s continuing vitality in the digital age,” said American Civil Liberties Union Staff Attorney Nathan Freed Wessler, who argued the case before the 11th Circuit Appeals Court as a friend-of-the-court in April. “This opinion puts police on notice that when they want to enlist people’s cell phones as tracking devices, they must get a warrant from a judge based on probable cause. The court soundly repudiates the government’s argument that by merely using a cell phone, people somehow surrender their privacy rights.” In the case, the government obtained four people's cell phone location records from their wireless carrier over a 67-day period for a robbery investigation. To get the information, the U.S. Attorney’s Office in Miami got what is known as a “D-order” from a federal magistrate judge, named for the applicable section of the federal Stored Communications Act. However, the standard for getting a D-order is that it be “relevant and material” to an investigation, which is lower than the probable cause standard required by the Fourth Amendment. Although getting D-orders for location information has been a common law enforcement practice, the appeals court rejected it. “There is a reasonable privacy interest in being near the home of a lover, or a dispensary of medication, or a place of worship, or a house of ill repute,” the three-judge panel wrote in a unanimous opinion. “In short, we hold that cell site location information is within the subscriber’s reasonable expectation of privacy. The obtaining of that data without a warrant is a Fourth Amendment violation.”"
For First Time, Appeals Court Rules Warrant Is Required For Cell Phone Location Tracking
ACLU, 11 June 2014

"The National Security Agency recently used a novel argument for not holding onto information it collects about users online activity: it's too complex. The agency is facing a slew of lawsuits over its surveillance programs, many launched after former NSA contractor Edward Snowden leaked information on the agency's efforts last year. One suit that pre-dates the Snowden leaks, Jewel v. NSA, challenges the constitutionality of programs that the suit allege collect information about American's telephone and Internet activities. In a hearing Friday, U.S. District  for the Northern District of California Judge Jeffrey S. White reversed an emergency order he had issued earlier the same week barring the government from destroying data that the Electronic Frontier Foundation had asked be preserved for that case. The data is collected under Section 702 of the Amendments Act to the Foreign Intelligence Surveillance Act. But the NSA argued that holding onto the data would be too burdensome. "A requirement to preserve all data acquired under section 702 presents significant operational problems, only one of which is that the NSA may have to shut down all systems and databases that contain Section 702 information," wrote NSA Deputy Director Richard Ledgett in a court filing submitted to the court. The complexity of the NSA systems meant preservation efforts might not work, he argued, but would have "an immediate, specific, and harmful impact on the national security of the United States." Part of this complexity, Ledgett said, stems from privacy restrictions placed on the programs by the Foreign Intelligence Surveillance Court. "Communications acquired pursuant to Section 702 reside within multiple databases contained on multiple systems and the precise manner in which NSA stays consistent with its legal obligations under the [FISA Amendments Act] has resulted from years of detailed interaction" with the Foreign Intelligence Surveillance Court and the Department of Justice, Ledgett wrote. NSA regularly purges data "via a combination of technical and human-based processes," he said. The government's explanation raises more concerns, said Cindy Cohn, EFF's legal director. "To me, it demonstrates that once the government has custody of this information even they can't keep track of it anymore even for purposes of what they don't want to destroy," she said in an interview. "With the huge amounts of data that they're gathering it's not surprising to me that it's difficult to keep track-- that's why I think it's so dangerous for them to be collecting all this data en masse," Cohn added."
NSA: Our systems are so complex we can’t stop them from deleting data wanted for lawsuit
Washington Post, 9 June 2014

"Stephen Fry has denounced the government's failure to act over the mass surveillance programme revealed by the whistleblower Edward Snowden, labelling its behaviour as "squalid and rancid". Opening a day of debate to galvanise action against spying by the British and US intelligence agencies, Fry said that exploiting the fear of terrorism is a "duplicitous and deeply wrong means of excusing something as base as spying on the citizens of your own country". The performer was speaking via a prerecorded interview at a London summit on Saturday marking the anniversary of the start of Snowden's revelations, which were first published in the Guardian and the Washington Post. The day of action is billed as the biggest privacy event of 2014, with more than 500 people attending the event at Shoreditch Town Hall in east London. In his video message, Fry, 56, said: "The idea of having your letters read by somebody, your telegrams, your faxes, your postcards intercepted, was always considered one of the meanest, most beastly things a human being could do, and for a government to do, without good cause. Using the fear of terrorism that we all have, the fear of the unknown that we all share, the fear of enemies that hate us, is a duplicitous and deeply wrong means of excusing something as base as spying on the citizens of your own country." The broadcaster said GCHQ and NSA had cooperated to "read and intercept everything we send". "It's enough that corporations know so much about us and our spending habits, our eating habits, our sexual preferences, everything else," he said. "But that a government, something that we elect, something that should be looking out for our best interests, should presume without asking to take information that we swap, we hope privately, between ourselves is frankly disgraceful." More than 500 people attended the event at east London's Shoreditch Town Hall, organised by the Don't Spy on Us Campaign, a coalition of privacy, free expression and digital rights organisations which is urging the UK government to end the mass surveillance of the web and mobile phone networks by the British eavesdropping centre, GCHQ. Among the speakers was Wikipedia founder Jimmy Wales, who said: "The tide is beginning to turn as the public comes to understand just how broken the surveillance state is." Other high-profile speakers included Alan Rusbridger, the Guardian editor-in-chief, who led the team that masterminded a series of remarkable disclosures from the files leaked by the National Security Agency whistleblower. Before a packed audience, Rusbridger recounted the "frenetic" period last summer when the British government attempted to strong-arm the Guardian into not publishing further revelations, at one point forcing senior editors to destroy hard-drives holding some of the encrypted files leaked by Snowden. However, he said that the British government's heavy-handed reaction backfired. "By forcing the reporting out of the UK to the USA, the British government lost any handle on this story at all. So, I hope that the British government will think about that in the future." Rusbridger also lamented the UK's lack of an enshrined right to free speech, referring to the US constitution's first amendment and the "quasi-constitutional role" of that nation's press. "We need to embody some of those rights here, we don't have rights in Britain. We tend to wait until things go wrong, so there is no really established right to privacy because there is no constitutional protection of free speech," he told the audience.... Blogger and activist Cory Doctorow said: "Freedom from surveillance is essential to freedom itself. The freedom to think, to speak and to have discourse without fear of reprisal or even judgment is at the core of democracy itself." Emma Carr, acting director of Big Brother Watch, called on the government to publicly acknowledge that the UK's surveillance laws need to be reviewed. "Without affirmative action, the government will certainly find that the general public's faith in politicians to properly monitor how the security agencies are using surveillance powers will diminish," she said. Gos Hosein, executive director of Privacy International, added: "Secret surveillance is anathema to a democratic society, as no real debate can take place without an informed public.""
Stephen Fry attacks 'squalid' coalition for inaction on Snowden revelations

Observer, 7 June 2014

"Government agencies are able to listen to phone conversations live and even track the location of citizens without warrants using secret cables connected directly to network equipment, admits Vodafone today. The company said that secret wires have been connected to its network and those belonging to competitors, giving government agencies the ability to tap in to phone and broadband traffic. In many countries this is mandatory for all telecoms companies, it said. Vodafone is today publishing its first Law Enforcement Disclosure Report which will describe exactly how the governments it deals with are eavesdropping on citizens. It is calling for an end to the use of 'direct access' eavesdropping and transparency on the number of warrants issued giving access to private data. The company said that the 29 countries it operates in have different laws that demand that they restrict or block certain access to customers, or allow governments to directly access information about them. Refusal to comply with those laws was 'not an option', it said, as those countries could then stop them from operating within its borders. .... In the UK it is thought that a "direct access" pipe would be illegal, as warrants must be issued prior to collecting any data. But various legislation can grant warrants to intercept data in the interests of national security, to prevent or detect crime or disorder, in the interests of the "economic wellbeing" of the UK, to protect public safety or to protect public health. The Regulation of Investigatory Powers Act 2000, often called a "snoopers' charter", gives various bodies a mandate to request this data, including the Charity Commission, local councils, the Postal Services Commission and the Welsh Ambulance Services NHS Trust. Vodafone's report reveals that the UK government was granted 2,760 warrants to tap communications content - listeing to actuall call content - and 514,608 warrants to intercept communications metadata. Some of the countries in which Vodafone operates, such as Egypt, India, Qatar, Romania, South Africa and Turkey make it illegal to disclose any information about how interception is carried out, or how often."
Vodafone: governments use secret cables to tap phones
Telegraph, 6 June 2014

"Even if you power off your cell phone, the U.S. government can turn it back on.That's what ex-spy Edward Snowden revealed in last week's interview with NBC's Brian Williams. It sounds like sorcery. Can someone truly bring your phone back to life without touching it? No. But government spies can get your phone to play dead. It's a crafty hack. You press the button. The device buzzes. You see the usual power-off animation. The screen goes black. But it'll secretly stay on -- microphone listening and camera recording. How did they get into your phone in the first place? Here's an explanation by former members of the CIA, Navy SEALs and consultants to the U.S. military's cyber warfare team. They've seen it firsthand. Government spies can set up their own miniature cell network tower. Your phone automatically connects to it. Now, that tower's radio waves send a command to your phone's antennae: the baseband chip. That tells your phone to fake any shutdown and stay on. A smart hack won't keep your phone running at 100%, though. Spies could keep your phone on standby and just use the microphone -- or send pings announcing your location. John Pirc, who did cybersecurity research at the CIA, said these methods -- and others, like physically bugging devices -- let the U.S. hijack and reawaken terrorists' phones. 'The only way you can tell is if your phone feels warm when it's turned off. That means the baseband processor is still running,' said Pirc, now chief technology officer of the NSS Labs security research firm. This isn't easy to accomplish. It's a highly targeted attack. But if you are really concerned about the government's ability to reawaken your phone, here are some things you could do....."
How the NSA can 'turn on' your phone remotely
CNN, 6 June 2014

"Edward Snowden joined Google, Reddit, Mozilla and a host of other tech firms and privacy groups Thursday to call for a strengthening of privacy rights online. The Reset the Net campaign was launched June 5, a year after Snowden’s revelations about the scale of the US government’s surveillance programs were first published in the Guardian and the Washington Post. 'One year ago, we learned that the internet is under surveillance, and our activities are being monitored to create permanent records of our private lives – no matter how innocent or ordinary those lives might be,' Snowden said in a statement released by his attorney. 'Today, we can begin the work of effectively shutting down the collection of our online communications, even if the US Congress fails to do the same." Snowden said adopting encryption was 'the first effective step that everyone can take to end mass surveillance … don’t ask for your privacy. Take it back.'... The announcement was one of a series timed to coincide with Reset the Net. Google announced its support for the campaign earlier this week and also published the source code for an 'end-to-end' encryption service for its Chrome browser. The company has asked developers to help it work on the project, which it hopes will offer a simple way for people to encrypt their communications and other data online. On Thursday Mozilla, maker of the Firefox browser, also threw its support behind the campaign. Dave Steer, director of advocacy at the Mozilla Foundation, said in a blogpost that despite all the publicity surrounding the Snowden revelations 'the public policy landscape itself has changed very little and the threats to privacy and security are just as strong.' The company announced it was setting up a research project, Cyber Security Delphi, with industry, academic and policy experts to better assess ways of improving security and privacy online. Tumblr, the blogging site owned by Yahoo, announced it would be adding secure sockets layer (SSL) encryption by default for the readers of its 189m blogs. The Guardian chose Reset the Net day to launch SecureDrop, a platform that allows people to anonymously submit documents and data."
Edward Snowden calls for greater online privacy in Reset the Net campaign
Guardian, 5 June 2014

"Germany’s senior prosecutor has opened a formal investigation into the hacking of Angela Merkel’s telephone by America’s National Security Agency (NSA). The news soured the mood at meetings beginning last night between the German chancellor and President Obama, who are attending a summit of the G7 industrial nations in Brussels. The claims of NSA snooping have weighed on German-US relations for months, with Mrs Merkel’s public seemingly more upset by the snooping than the chancellor is."
German inquiry into Merkel’s hacked phone sours G7 summit
London Times, 5 June 2014

"Just because you turned off your phone doesn’t mean the NSA isn’t using it to spy on you. Edward Snowden’s latest revelation about the NSA’s snooping inspired an extra dose of shock and disbelief when he said the agency’s hackers can use a mobile phone as a bug even after it’s been turned off. The whistleblower made that eye-opening claim when Brian Williams of NBC Nightly News, holding his iPhone aloft during last Wednesday’s interview, asked, “What can the NSA do with this device if they want to get into my life? Can anyone turn it on remotely if it’s off? Can they turn on apps? “They can absolutely turn them on with the power turned off to the device,” Snowden replied. Snowden didn’t offer any details on this seemingly magical feat. But a group of particularly cunning iPhone hackers say it’s possible."... After Snowden told Williams his powered-down phone could be used as an eavesdropping tool, security consultant Robert David Graham immediately responded with a blog post arguing the trick is impossible. He soon amended the post to concede the NSA could, in fact, alter a phone ahead of time to enable that ultra-sneaky bugging. Its methods could range from a web exploit, like the 2011 Jailbreakme hack that disassembled the iPhone’s security restrictions when users visited a carefully crafted webpage, to actually intercepting shipped phones before they reach users. That latter possibility might have sounded apocryphal until journalist Glenn Greenwald published photos last month showing the NSA opening boxes of Cisco routers to insert backdoors into the gear. “With physical access, they could change the chips, the memory, the ROMs, the power system, anything they want,” Graham says. But paranoid users seeking temporary privacy from NSA uber-hackers needn’t resort to Snowden’s famous precaution of putting phones in the fridge. Instead, McDonald suggests users turn off their iPhones by putting them into device firmware upgrade (DFU) mode, a kind of “panic” state designed to let the phone reinstall its firmware or recover from repeated operating system crashes. In DFU mode, says McDonald, all elements of the phone are entirely shut down except its USB port, which is designed to wait for a signal from iTunes to install new firmware. “It’s like an innocent little kid in kindergarten,” says McDonald. “It doesn’t know how to turn on the lights or the sound, it only knows how to turn on the USB port.” Don’t worry: It’s easy to get your phone out of that state with no ill effects."
How the NSA Could Bug Your Powered-Off iPhone, and How to Stop Them
Wired, 3 June 2014

"US cyber-spies have collected millions of photos of people's faces from the net for use in facial-recognition programmes, according to reports. The New York Times says leaked National Security Agency documents show in 2011 it intercepted about 55,000 "facial-recognition-quality images" every day. The leaks suggested the photos had been harvested from emails, text messages, social media and video chats, it says. The NYT added the images were then cross-referenced with other databases. These are said to include photographs of airline passengers, and pictures taken from other countries' national identity-card schemes. The NSA has said that it does not have access to photos taken for US passports or US driving licences, but declined to comment about photos submitted by foreigners applying for visas to the country. "We would not be doing our job if we didn't seek ways to continuously improve the precision of signals intelligence activities - aiming to counteract the efforts of valid foreign intelligence targets to disguise themselves or conceal plans to harm the United States and its allies," Vanee Vines, an NSA spokeswoman said. The allegations are the latest to result from documents released by Edward Snowden, who gathered the material while working at the NSA's regional centre in Hawaii. The papers themselves highlight the limitations of relying on face-matching technology."
NSA 'collects facial-recognition photos from the net'
BBC Online, 2 June 2014

"Nearly a year after Edward Snowden first leaked classified documents revealing the extent of National Security Agency surveillance programs, more than half of employed Americans believe he was in the right, according to a survey commissioned by cloud storage service Tresorit. The survey found that 55 percent of respondents think Snowden did the right thing in exposing PRISM, the mass data-mining program, while another 29 percent believe he was in the wrong, and 16 percent endorse neither statement. Of Snowden’s supporters, 80 percent said he exposed constitutional violations. Eighty-two percent of respondents said they still believe corporate information is being monitored by the U.S. government, and 51 percent said their employer has taken steps to make sure corporate files are secure. Research firm YouGov carried out the study by surveying more than a thousand 'employed American adults.'"
Most Americans Think Snowden Did the Right Thing, Poll Says
Newsweek, 2 June 2014

"The National Security Agency is harvesting huge numbers of images of people from communications that it intercepts through its global surveillance operations for use in sophisticated facial recognition programs, according to top-secret documents. The spy agency’s reliance on facial recognition technology has grown significantly over the last four years as the agency has turned to new software to exploit the flood of images included in emails, text messages, social media, videoconferences and other communications, the N.S.A. documents reveal. Agency officials believe that technological advances could revolutionize the way that the N.S.A. finds intelligence targets around the world, the documents show. The agency’s ambitions for this highly sensitive ability and the scale of its effort have not previously been disclosed. The agency intercepts 'millions of images per day' — including about 55,000 'facial recognition quality images' — which translate into 'tremendous untapped potential,' according to 2011 documents obtained from the former agency contractor Edward J. Snowden. While once focused on written and oral communications, the N.S.A. now considers facial images, fingerprints and other identifiers just as important to its mission of tracking suspected terrorists and other intelligence targets, the documents show..... Because the agency considers images a form of communications content, the N.S.A. would be required to get court approval for imagery of Americans collected through its surveillance programs, just as it must to read their emails or eavesdrop on their phone conversations, according to an N.S.A. spokeswoman. Cross-border communications in which an American might be emailing or texting an image to someone targeted by the agency overseas could be excepted. Civil-liberties advocates and other critics are concerned that the power of the improving technology, used by government and industry, could erode privacy. 'Facial recognition can be very invasive,' said Alessandro Acquisti, a researcher on facial recognition technology at Carnegie Mellon University. 'There are still technical limitations on it, but the computational power keeps growing, and the databases keep growing, and the algorithms keep improving.' State and local law enforcement agencies are relying on a wide range of databases of facial imagery, including driver’s licenses and Facebook, to identify suspects. The F.B.I. is developing what it calls its 'next generation identification' project to combine its automated fingerprint identification system with facial imagery and other biometric data. The State Department has what several outside experts say could be the largest facial imagery database in the federal government, storing hundreds of millions of photographs of American passport holders and foreign visa applicants. And the Department of Homeland Security is funding pilot projects at police departments around the country to match suspects against faces in a crowd. The N.S.A., though, is unique in its ability to match images with huge troves of private communications..... Congress has largely ignored the issue. 'Unfortunately, our privacy laws provide no express protections for facial recognition data,' said Senator Al Franken, Democrat of Minnesota, in a letter in December to the head of the National Telecommunications and Information Administration, which is now studying possible standards for commercial, but not governmental, use.... One 2011 PowerPoint showed how the software matched a bald young man, shown posing with another man in front of a water park, with another photo where he has a full head of hair, wears different clothes and is at a different location. It is not clear how many images the agency has acquired. The N.S.A. does not collect facial imagery through its bulk metadata collection programs, including that involving Americans’ domestic phone records, authorized under Section 215 of the Patriot Act, according to Ms. Vines.... The agency’s use of facial recognition technology goes far beyond one program previously reported by The Guardian, which disclosed that the N.S.A. and its British counterpart, General Communications Headquarters, have jointly intercepted webcam images, including sexually explicit material, from Yahoo users. The N.S.A. achieved a technical breakthrough in 2010 when analysts first matched images collected separately in two databases — one in a huge N.S.A. database code-named Pinwale, and another in the government’s main terrorist watch list database, known as Tide — according to N.S.A. documents. That ability to cross-reference images has led to an explosion of analytical uses inside the agency. The agency has created teams of 'identity intelligence' analysts who work to combine the facial images with other records about individuals to develop comprehensive portraits of intelligence targets. The agency has developed sophisticated ways to integrate facial recognition programs with a wide range of other databases. It intercepts video teleconferences to obtain facial imagery, gathers airline passenger data and collects photographs from national identity card databases created by foreign countries, the documents show."
N.S.A. Collecting Millions of Faces From Web Images
New York Times, 31 May 2014

"The German foreign intelligence agency (BND) reportedly plans to expand its digital espionage operations, according to several German media outlets. The German daily Süddeutsche Zeitung, as well as broadcasters NDR and WDR said on Friday that confidential files from the spy agency indicated plans to access social media sites, such as Facebook and Twitter, in real time. "This year, the BND intends to improve its technological methods in order to be able to systematically analyze blogs, online forums and portals, such as Flickr, Facebook and Twitter…[where] messages, pictures and further data are exchanged among members," the German daily Süddeutsche Zeitung wrote on Friday. Filtering data live would allow the BND to form a "more exact picture of the situation abroad," the Süddeutsche Zeitung report added. The aim of the digital project was to "better understand political and social developments abroad by gathering online communication [from those areas]," according to German broadcaster WDR. The BND refused to comment on the reports. "We do not comment on questions regarding our operations except to the Federal Government and the responsible secret parliamentary committees," the foreign intelligence agency told news agency DPA. The modernization of operations would require the German parliament to approve a 300 million euro budget ($409 million) in the coming weeks for the social media espionage project, dubbed "Real time analysis of streaming data." The operation, which is part of the Strategic Technology Initiative (SIT) - is to run until at least 2020 and will model its methods in part on those used by the US National Security Agency (NSA) and the UK's Government Communications Headquarters (GCHQ). The BND's upcoming plans would also include the analysis of metadata, a practice made internationally known by the controversial surveillance activities of the NSA. The case caused public uproar in Germany. The spy agency has reportedly warned German lawmakers that a failure to modernize operations will allow it to fall behind its counterparts, including those in Italy and Spain."
German foreign intelligence agency wants to access social media sites in real time
Deutsche Welle, 30 May 2014

"The NSA’s new discovery of written contact between me and its lawyers - after more than a year of denying any such contact existed - raises serious concerns. It reveals as false the NSA’s claim to Barton Gellman of the Washington Post in December of last year, that 'after extensive investigation, including interviews with his former NSA supervisors and co-workers, we have not found any evidence to support Mr. Snowden’s contention that he brought these matters to anyone’s attention.' Today’s release is incomplete, and does not include my correspondence with the Signals Intelligence Directorate’s Office of Compliance, which believed that a classified executive order could take precedence over an act of Congress, contradicting what was just published. It also did not include concerns about how indefensible collection activities - such as breaking into the back-haul communications of major US internet companies - are sometimes concealed under E.O. 12333 to avoid Congressional reporting requirements and regulations.... the fact is that I did raise such concerns both verbally and in writing, and on multiple, continuing occasions - as I have always said, and as NSA has always denied. Just as when the NSA claimed it followed German laws in Germany just weeks before it was revealed that they did not, or when NSA said they did not engage in economic espionage a few short months before it was revealed they actually did so on a regular and recurring basis, or even when they claimed they had 'no domestic spying program' before we learned they collected the phone records of every American they could, so too are today’s claims that 'this is only evidence we have of him reporting concerns' false."
Edward Snowden responds to release of e-mail by U.S. officials
Washington Post, 29 May 2014

"Edward Snowden, the US National Security Agency contractor who became a fugitive after leaking US intelligence, has said he was right to disclose the American government's use of surveillance programs to spy on its own people, saying he was comfortable with what he had done. In an interview with NBC News, he described himself as a patriot for trying to stop violations of the Constitution. And while he admitted that he was homesick after claiming asylum in Russia, he said he was confident he had done the right thing. "I may have lost my ability to travel," Mr Snowden said. "But I've gained the ability to go to sleep at night and to put my head on the pillow and feel comfortable that I've done the right thing even when it was the hard thing. And I'm comfortable with that." Speaking from Moscow, where he is living in exile while facing US felony charges, Mr Snowdon said he was trained as a spy after enlisting for US Army special operations during the Iraq war, but became disillusioned. He claimed that his actions were patriotic because he believed he was defending the constitution from the government. Asked if he considered himself a patriot, Mr Snowdon said: "I do. Patriot is a word that's thrown around so much that it can devalued nowadays. But being a patriot doesn't mean prioritising service to government above all else.  "Being a patriot means knowing when to protect your country, knowing when to protect your Constitution, knowing when to protect your countrymen from the violations of and encroachments of adversaries. "And those adversaries don't have to be foreign countries. They can be bad policies. They can be officials who need a little bit more accountability. "They can be mistakes of government and simple overreach, and things that should never have been tried, or that went wrong." .... Mr Snowden made clear he would not return to the United States and hope for the best. He said he would not simply "walk into a jail cell," and that if his one-year asylum in Russia, which expires on Aug. 1, "looks like it's going to run out, then of course I would apply for an extension." In one odd moment in the NBC interview, Snowden expressed sympathy for working-level NSA employees who have been castigated as a result of his leaks. "People have demonised the NSA to a point that's too extreme," he said, adding that the problem is with senior-level officials who expand their surveillance powers without public debate."
Edward Snowden: 'I can sleep at night,' have done the 'right thing'
Telegraph, 29 May 2014

"Canadians are 'stupid' and post far too much information online, a former head of the national electronic spying agency says, leaving the country with a 'long ways to go' in protecting personal information in an Internet era. John Adams made the comment in a Senate meeting Wednesday as he and other witnesses discussed a bill that would create an all-party parliamentary committee to oversee the top-secret efforts of Canada’s intelligence and security agencies – a notion backed by Mr. Adams, who led Communications Security Establishment Canada (CSEC) from 2005-11.... Interim privacy commissioner Chantal Bernier instead said Canadians are trusting – adding Mr. Adams’s choice of words were not hers. 'I believe Canadians are very smart and Canadians appreciate the fact they live in a democracy, a real democracy where we are lucky to have robust government structures' protecting privacy, Ms. Bernier said. 'Where there is confusion is in relation, I believe, to the power of the Internet … we’re at a crossroads at this point where we use the Internet without having fully understood its powers and its risks.'"
Canadians are lax on privacy, Senate committee hears
Globe and Mail, 28 May 2014

"...one of the big stories that’s left to be told, which is the one we’re working on most now, is reporting on who it is specifically that the NSA has targeted with the most evasive type of surveillance on US soil, and who these people are, and what are the reasons for it, and that is the story of targeting of dissidents, and activists, and advocates as retaliation for their political views."
Glenn Greenwald: NSA documents on Middle East to be disclosed
Alakhbar, 28 May 2014

"China has accused the US of using internet surveillance to spy on its leaders and key institutions. A report released by a government agency said that China had been a main target for US spies, who had focused on government officials, businesses and mobile phone users. It called the behaviour "brazen" and a "gross violation of human rights". Last week the US charged five Chinese army officers with cyber-espionage. The report by the China Internet Media Research Centre looked at claims made by US whistleblower and former National Security Agency contractor Edward Snowden and said that several government agencies had confirmed the existence of spying."As a superpower, the United States takes advantage of its political, economic, military and technological hegemony to unscrupulously monitor other countries, including its allies," said an extract of the report published in the Guardian."
China accuses US of internet surveillance on its leaders
BBC Online, 27 May 2014

"Glenn Greenwald, one of the reporters who chronicled the document dump by National Security Agency leaker Edward Snowden via the U.K. press, now said he’s set to publish his most dramatic piece yet: The names of those in the United States targeted by the NSA. 'One of the big questions when is comes to domestic spying is, ‘Who have been the NSA’s specific targets?’ Are they political critics and dissidents and activists? Are they genuinely people we’d regard as terrorists? What are the metrics and calculations that go into choosing those targets and what is done with the surveillance that is conducted? Those are the kinds of questions that I want to still answer,' Mr. Greenwald told The Sunday Times of London."
Greenwald to publish list of U.S. citizens NSA spied on
Washington Times, 26 May 2014

"The head of the FBI says he understands why people worry about the scope of the government's powers, and in fact, he agrees with them. 'I believe people should be suspicious of government power. I am,' Director James Comey told the Senate Judiciary Committee on Wednesday morning. 'I think this country was founded by people who were worried about government power so they divided it among three branches,' he added. ...Comey assumed his top post shortly after the Snowden revelations came to light last summer. While much of the public's outrage has focused on activities at the National Security Agency, the FBI has also come under fire for its use of national security letters and operations to track foreign terrorists operating in the United States....Legislation is advancing in the House and Senate that would rein in those and other government data collection programs. The House is scheduled to vote on the bill, called the USA Freedom Act, on Thursday, but some privacy advocates have worried that it has been overly watered down in recent weeks."
FBI chief: ‘Be suspicious’ of government power
The Hill, 21 May 2014

"The US National Security Agency has been recording nearly every phone call made in Afghanistan, according to WikiLeaks. The recordings are being made as part of the same program that was reported earlier this week to be capturing nearly every call in the Bahamas, as well as phone records from Mexico, Kenya, and the Philippines. That report, made by The Intercept, declined to disclose the name of a second country where — like the Bahamas — recordings of nearly all domestic and international phone calls were being captured as of 2013, saying that it had chosen to withhold it 'in response to specific, credible concerns that doing so could lead to increased violence.' WikiLeaks now says that it's learned the second country is Afghanistan, and it is essentially choosing to disclose it because it believes the government's claim that disclosure may lead to a rise in violence is a bluff. WikiLeaks says the government has given similar reasoning in the past, and that it has seen no such ill effects in the aftermath of a disclosure."
The NSA is capturing nearly every phone call in Afghanistan, WikiLeaks claims
The Verge, 23 May 2014

"The Erie County sheriff says he's done making public comments about a cellphone surveillance device used by his police agency to gather information on persons of interest. Sheriff Tim Howard told WGRZ Thursday that he won't publicly discuss the matter any longer because doing so could adversely impact investigations. A stingray is a device that mimics a cell tower and thereby tricks all wireless devices on the same network into communicating with it. Howard told Erie County legislators last week that the stingray surveillance device his office has owned since 2008 is used only for tracking a person's movements, not for gathering content of cellphone communications. The surveillance equipment can capture data from targeted cellphones even when they're not in use."
Police use cellphone spying device
myfoxny, 23 May 2014

"A landmark surveillance bill, likely to pass the US House of Representatives on Thursday, is hemorrhaging support from the civil libertarians and privacy advocates who were its champions from the start. Major revisions to the USA Freedom Act have stripped away privacy protections and transparency requirements while expanding the potential pool of data the National Security Agency can collect, all in a bill cast as banning bulk collection of domestic phone records. As the bill nears a vote on the House floor, expected Thursday, there has been a wave of denunciations. 'It does not deserve the name ‘USA Freedom Act’ any more than the ‘Patriot Act’ merits its moniker,' wrote four former NSA whistleblowers and their old ally on the House intelligence committee staff.The former NSA officials – Thomas Drake, William Binney, Edward Loomis and J Kirk Wiebe – and former congressional staffer Diane Roark denounced 11th-hour changes to the Freedom Act as resulting in 'a very weak' bill."
NSA reform bill loses backing from privacy advocates after major revisions
Guardian, 22 May 2014

"The head of the FBI says he understands why people worry about the scope of the government's powers, and in fact, he agrees with them. 'I believe people should be suspicious of government power. I am,' Director James Comey told the Senate Judiciary Committee on Wednesday morning. 'I think this country was founded by people who were worried about government power so they divided it among three branches,' he added. ...Comey assumed his top post shortly after the Snowden revelations came to light last summer. While much of the public's outrage has focused on activities at the National Security Agency, the FBI has also come under fire for its use of national security letters and operations to track foreign terrorists operating in the United States....Legislation is advancing in the House and Senate that would rein in those and other government data collection programs. The House is scheduled to vote on the bill, called the USA Freedom Act, on Thursday, but some privacy advocates have worried that it has been overly watered down in recent weeks."
FBI chief: ‘Be suspicious’ of government power
The Hill, 21 May 2014

"A labor lawyer told me this story. A shopper who had slipped and fallen in a puddle of water in the frozen food section of a large grocery store became the plaintiff in a lawsuit. Both parties agreed that the water puddle was traceable to faulty condensation. The shopper, a middle-aged man, had badly injured his tailbone in the fall and was suing for damages. During the trial store management tried to blame the shopper, suggesting he was either under the influence of alcohol, badly hung-over, or, in fact, a degenerate and untrustworthy alcoholic who had slipped in the puddle 'on purpose,' looking to make a quick buck. They supported their claim by introducing a record of previous purchases, showing he had bought a significant amount of liquor. The plaintiff and his lawyer had no idea they kept a record. This occurred in the mid-1990s, almost twenty years ago, back when computer snooping was nowhere near as sophisticated as it is today. When we consider the 'progress' that has been made in the ability to delve into the private lives of consumers, it’s terrifying. They know where we shop, where we vacation, what we buy, what we read, what we watch on television, and what we visit on the Internet. How this applies to 'labor' is especially disturbing. Before hiring a job applicant, a company now has the ability to know more about you than was ever dreamed possible. It’s no exaggeration to say that prospective bosses can know more about you than members of your immediate family know. All they need do is purchase the information from one of the hundreds of databases available. Concerned with rising health care costs and unwilling to take a gamble on 'unhealthy' workers, future employers can learn how much snack food you buy, how much sausage you eat, how much booze you drink, whether you belong to a gym, and whether or not you’re lying about being a 'non-smoker.' Concerned with your 'moral character' or sexual proclivities, they can retrace your steps on the Internet. Concerned with your political beliefs, they can find out if you subscribe to any left-wing magazines or belong to any lefty organizations ('Are you now or have you ever been….?'). Access to this information is for sale. Years ago I began using different initials when joining organizations or subscribing to magazines, in order to track who was selling their lists and who wasn’t. It turned out that pretty much everyone was selling access to everyone else. One of the sterling exceptions was MAD magazine, which had an avowed policy of never, under any circumstances, selling its subscription list. For instance, using the middle initial of 'Z' I was disappointed to learn that the ACLU, of all people, had shared my name and address with other 'progressive' organizations. I guess they figured that, because I was an ACLU member, I wouldn’t object to hearing from the folks at 'The Nation' and 'Mother Jones' magazine. As alarming as the NSA’s vast database is (Greenwald claims they monitor 120 billion e-mails per month!), there are laws that regulate such surveillance. Granted, even though they get circumvented or ignored, there are, nonetheless, laws on the books that prohibit overreach, which is why Congress investigates them, and why stories of NSA excesses make the front page of the newspaper. But not for the private sector. Not only is 'spying' on consumers and potential employees entirely legal, it doesn’t bother most people, because they fear the 'government' way more than they fear private business. As far as I can tell, the feds don’t know how much sausage I eat or what brand of toilet paper I use. But there’s a grocery store chain out there that does know."
David Macaray - In Ten Years, We Will Have Zero Privacy
CounterPunch, 20 May 2014

"CAMPAIGNERS demanded yesterday that the Met Police face a full regulatory investigation for its repeated refusal to hand over personal data on activists. The Network for Police Monitoring (Netpol) complained to Information Commissioner Christopher Graham that the force was using delaying tactics to delay its legal obligation to tell people if they’re on its 'secret surveillance database.' The group said the Met failed to respond within the legally required 40 days to 70 per cent of subject access requests it received. Netpol co-ordinator Kevin Blowe said: 'As well as a breach of data protection legislation, the Met’s systemic failure to provide vital personal data when asked to do so raises wider public interest issues, about police accountability and the potential misuse of covert surveillance.' The group has pushed for legal action against Met commissioner Bernard Hogan-Howe and Home Secretary Theresa May over the legality of its 'domestic extremism' database, expecting a judicial review to reach the High Court later this year. Green Party London AM Jenny Jones is one of the many activists who has been under surveillance by the Met-managed National Domestic Extremism and Disorder Intelligence Unit. 'I asked for my Met file, paid my £10, waited several weeks, then got a ‘file’ that consisted of a mishmash of events I’d spoken at and things I’d tweeted,' she told the Star. Ms Jones — who is herself taking legal action against the government over alleged tapings of her communications — said she was incredulous of the little intel the Met had kept on her. 'They hadn’t even included the time I’d driven a vanload of activists to help close down a power station,' she said. 'Either they are incompetent, or they didn’t give me all the information they hold. 'It’s time the Met learnt that in many areas, secrecy can be the worst policy.'"
Probe demanded over Met Police personal data hoard
Morning Star, 20 May 2014

"The California Senate on Monday passed legislation that would require a judge to issue a warrant before the NSA can collect information from anyone in the state. Senate Bill 828 was created in response to repeated federal admissions of widespread warrantless spying on innocent American citizens, said the bill's author, Ted Lieu, D-Torrance. 'The National Security Agency’s massive and indiscriminate collecting of phone data on all Americans, including more than 38 million Californians, is a threat to our liberty and freedom,' he said after the bill cleared the Senate 29-1. Recent media articles also state the NSA’s surveillance program on Americans extends to not just phone records, but also all types of electronic data, including emails, text messages and information stored on Americans' smart phones, Lieu said."
CA Bill Aims to Protect Residents' Privacy in NSA Data Collection
NBC News, 20 May 2014

"The federal government would need a warrant from a judge if it wants the cooperation of California officials in searching residents' cellphone and computer records, under a bill making its way through the state legislature. The bill, which passed the state Senate with just one opposing vote on Monday, was introduced in the wake of information leaked by former National Security Agency contractor Edward Snowden showing massive internal surveillance of U.S. citizens by the NSA.'The Fourth Amendment to the U.S. Constitution is very clear. It says the government shall not engage in unreasonable search and seizure,' said the bill's author, Democratic State Senator Ted Lieu, of Torrance. 'The National Security Agency's massive and indiscriminate collecting of phone data on all Americans, including more than 38 million Californians, is a threat to our liberty and freedom.' The California bill is the farthest along of several such measures that have been introduced in eight states, according to Lieu's spokesman Jeff Gozzo, including Alaska, Arizona and Oklahoma. It comes as Congress wrestles with a similar bill at the national level. A federal judge ruled last year that the National Security Agency's practice of gathering so-called meta-data on U.S. residents was likely unconstitutional, but the ruling is being appealed by the Obama administration."
NSA data-gathering may run into California roadblock
Reuters, 19 May 2014

"The National Security Agency is secretly intercepting, recording, and archiving the audio of virtually every cell phone conversation on the island nation of the Bahamas. According to documents provided by NSA whistleblower Edward Snowden, the surveillance is part of a top-secret system – code-named SOMALGET – that was implemented without the knowledge or consent of the Bahamian government. Instead, the agency appears to have used access legally obtained in cooperation with the U.S. Drug Enforcement Administration to open a backdoor to the country’s cellular telephone network, enabling it to covertly record and store the 'full-take audio' of every mobile call made to, from and within the Bahamas – and to replay those calls for up to a month. SOMALGET is part of a broader NSA program called MYSTIC, which The Intercept has learned is being used to secretly monitor the telecommunications systems of the Bahamas and several other countries, including Mexico, the Philippines, and Kenya. But while MYSTIC scrapes mobile networks for so-called 'metadata' – information that reveals the time, source, and destination of calls – SOMALGET is a cutting-edge tool that enables the NSA to vacuum up and store the actual content of every conversation in an entire country. All told, the NSA is using MYSTIC to gather personal data on mobile calls placed in countries with a combined population of more than 250 million people. And according to classified documents, the agency is seeking funding to export the sweeping surveillance capability elsewhere....Informed about the NSA’s spying, neither the Bahamian prime minister’s office nor the country’s national security minister had any comment. The embassies of Mexico, Kenya, and the Philippines did not respond to phone messages and emails."
Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahamas
The Intercept, 19 May 2014

"Drivers will within 10 years face inflated insurance premiums – or even be forced off the road – unless they allow their driving to be monitored at all times by tracking technology. A number of major insurers are launching hi-tech products this year that will monitor driving data such as the number of journeys, time of day the car is used and behaviour such as speed and braking. Despite concerns about privacy and data protection, speakers at an insurance industry conference last week said such technology, known as 'telematics', would become 'opt-out, rather than opt-in' for motorists. .... The technology will soon be fitted in new cars as standard. Under EU regulations, all new cars will need black box-style technology, known as eCall, from October 2015, to help emergency services find crashed vehicles. Ofir Eyal of Boston Consulting Group, a management consultancy, said that by 2020 around 50pc of cars would be equipped with some form of telematics technology that transmitted information. Sales of insurance based on drivers' behaviour are already soaring, with a 60pc rise since 2012, according to Biba. Insurers expect telematics usage to rise from less than 1pc of policies now to 10pc within three years, and to 15pc within five, according to research by Boston Consulting. Last week, the Institute for Public Policy Research issued a report calling for motor taxation to be calculated using telematics, acknowledging that privacy concerns would have to be addressed. .... The prospect has prompted serious concerns about drivers' rights to privacy. Emma Carr of Big Brother Watch said: 'Forcing drivers to have a telematics device installed in their car, which is capable of recording and transmitting exactly where and when they are driving, is totally unacceptable. 'There is a clear risk that once the telematics device is installed drivers will lose total control over who has access to their data and how they will use it.' Proponents of the technology argue that it will make insurance cheaper for safer drivers."
Drivers without insurance 'black box' could be forced off the road within 10 years
Telegraph, 18 May 2014

"[Snowden's actions have been] discrediting the entire Anglo-American security and intelligence apparatus...."
George Walden, former principal private secretary at the British Foreign Office
Spy or not, Snowden is a tool of the Russians
London Times, 16 May 2014, Print Edition, P22

"The NSA has nothing on the ed tech startup known as Knewton. The data analytics firm has peered into the brains of more than 4 million students across the country. By monitoring every mouse click, every keystroke, every split-second hesitation as children work through digital textbooks, Knewton is able to find out not just what individual kids know, but how they think. It can tell who has trouble focusing on science before lunch — and who will struggle with fractions next Thursday.... A POLITICO examination of hundreds of pages of privacy policies, terms of service and district contracts — as well as interviews with dozens of industry and legal experts — finds gaping holes in the protection of children’s privacy. The amount of data being collected is staggering. Ed tech companies of all sizes, from basement startups to global conglomerates, have jumped into the game. The most adept are scooping up as many as 10 million unique data points on each child, each day. That’s orders of magnitude more data than Netflix or Facebook or even Google collect on their users. Students are tracked as they play online games, watch videos, read books, take quizzes and run laps in physical education. The monitoring continues as they work on assignments from home, with companies logging children’s locations, homework schedules, Web browsing habits and, of course, their academic progress....There’s no conclusive proof any company has exploited either metadata or official student records. But privacy experts say it’s almost impossible to tell. The marketplace in personal data is shadowy and its impact on any one individual can be subtle: Who can say for sure if they’re being bombarded with a certain ad or rebuffed by a particular employer because their personal profile has been mined and sold? Ed tech insiders will not name bad actors in their industry. But they will say this: It’s quite possible to exploit student data — and there can be a great deal of pressure to do so, especially for startups that are giving away their product for free in hopes of gaining a toe-hold in classrooms.... For all the concerns about privacy, education reformers are adamant that the digital revolution must be allowed to flourish. Already, publishers are producing digital textbooks that can effectively read students’ minds, figuring out when they’re on the verge of forgetting key concepts and sending them text, video or quizzes to fix the facts firmly in their memory. Even more intimate tracking may be possible in the future: The Bill & Melinda Gates Foundation funded a $1.4 million research project in 2012 to outfit middle-school students with biometric sensors designed to detect how they responded on an a subconscious level to each minute of each lesson. The results suggested the sensors could be useful for teachers, foundation spokeswoman Deborah Robinson said. 'We’re really just at the beginning of truly leveraging the power of data to transform the process of teaching and learning,' said Aimee Rogstad Guidera, executive director of the Data Quality Campaign, which urges states to develop responsible policies for data-driven education. 'When we take the time to explain to parents why this is good and how it’s going to help, they’re fine with it,' Guidera said. Not all parents, however, are convinced."
Data mining your children
Politico, 15 May 2014

"The bipartisan bill that aims to put serious curbs on the National Security Agency’s mass collection of Americans’ communications is being hailed by Republicans and Democrats as a big breakthrough. It’s not. 'The bottom line: This is largely faux reform and a surveillance salve,' said Thomas Drake, a former NSA senior official turned whistle-blower who’s critical of the agency’s collection programs. 'To date, neither the House nor Senate attempts go far enough.' That’s not easy to discern, thanks to an outpouring of raves for the legislation. Democrats, Republicans and traditionally skeptical watchdog groups have put their muscle behind the USA Freedom Act.'... there’s serious concern that Congress has much more to do. Not only are loopholes easy to find but also the government has other ways of collecting the data. The House bill would bar the NSA from relying on one part _ Section 215 _ of the Foreign Intelligence Surveillance Act to conduct bulk data collection. Under the bill, the NSA would no longer be allowed to collect records of data such as phone numbers or the duration of all Americans’ calls. Phone companies would retain that data, but only for the same length of time they usually keep the material. The Justice Department, though, could get such material in an emergency _ an important political concession, since many lawmakers were concerned that the government wouldn’t be able to react quickly if needed. The legislation also would do nothing to restrict NSA analysts’ access to a pool of telephone data called the 'corporate store,' which advocates say is the repository of millions of Americans’ calling records. Further, collection under the so-called '215 program' represents only one part of intelligence agencies’ mission. An unknown but significant portion of the collection of communications data occurs under Executive Order 12333, which gives intelligence agencies sweeping surveillance authority outside the United States, experts said. Under the order, the NSA or other intelligence agency cannot target an American _ even overseas _ unless the FISA court clears it. 'But when the government just scoops up vast amounts of data under Executive Order 12333, it can say it’s not targeting Americans, even though it collects a huge amount of information that may pertain to Americans as well as foreigners,' said Patrick Toomey, a staff attorney with the American Civil Liberties Union. 'FISA only addresses one piece of the collection that NSA is actually engaged in,' Toomey said. 'The bill doesn’t even make an effort to try to undertake the kind of comprehensive harmonization of surveillance authorities that one would hope at this point.'"
Bill to curb NSA spying looks like change, but isn’t really
McClatchy, 15 May 2014

"Minnesota enacted the nation's first law Wednesday requiring smartphones and tablets sold in the state to have remote shut-off feature as a way to deter theft.The 'kill switch' bill was signed by Gov. Mark Dayton after lawmakers passed it last week. The measure takes full effect in July 2015, but advocates are hoping the wireless industry will make technology updates sooner.Democratic Rep. Joe Atkins describes the law as 'a vaccine' for the epidemic of smartphone theft and robberies tied to mobile devices. People who report a kill switch-equipped phone lost or stolen can disable it and wipe the data slate clean by contacting their carrier."
Mandatory Smartphone 'Kill Switch' Becomes Law in Minnesota
Associated Press, 14 May 2014

"A document included in the trove of National Security Agency files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) unit and other NSA employees intercept servers, routers, and other network gear being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they’re delivered. These Trojan horse systems were described by an NSA manager as being 'some of the most productive operations in TAO because they pre-position access points into hard target networks around the world.'
Photos of an NSA 'upgrade' factory show Cisco router getting implant
Ars Technica, 14 May 2014

"GCHQ, the government's monitoring agency, acted illegally by developing spy programs that remotely hijack computers' cameras and microphones without the user's consent, according to privacy campaigners. A legal challenge lodged on Tuesday at the investigatory powers tribunal (IPT) calls for the hacking techniques – alleged to be far more intrusive than interception of communications – to be outlawed. Mobile phones were also targeted, leaked documents reveal. The claim has been submitted by Privacy International following revelations by the whistleblower Edward Snowden about the mass surveillance operations conducted by GCHQ and its US counterpart, the National Security Agency (NSA). The 21-page submission details a host of 'malware' – software devised to take over or damage another person's computer – with such esoteric names as Warrior Pride, Gumfish, Dreamy Smurf, Foggybottom and Captivatedaudience. Details of the programs have been published by the Guardian and the online magazine The Intercept run by the journalist Glenn Greenwald. They are said to allow GCHQ to gain access to 'the profile information supplied by a user in registering a device [such as] … his location, age, gender, marital status, income, ethnicity, sexual orientation, education, and family'. More intrusively, Privacy International alleges, the programs enable surveillance of any stored content, logging of keystrokes and 'the covert and unauthorised photography or recording of the user and those around him'. It is, the claim maintains, the equivalent of 'entering someone's house, searching through his filing cabinets, diaries and correspondence, and planting devices to permit constant surveillance in future, and, if mobile devices are involved, obtaining historical information including every location he had visited in the past year'. Such break-ins also leave devices vulnerable to attack by others 'such as credit card fraudsters, thereby risking the user's personal data more broadly', Privacy International argues. 'It is the modern equivalent of breaking in to a residence, and leaving the locks broken or damaged afterwards.'"
GCHQ's spy malware operation faces legal challenge
Guardian, 13 May 2014

"We kill people based on metadata."
Michael Hayden, former director of the NSA and CIA, speaking at John Hopkins University, April 2014
TechDirt, 12 May 2014

"Since the very first Snowden leak a year ago, one of the more common refrains from defenders of the program is 'but it's just metadata, not actual content, so what's the big deal?' Beyond the fact that other programs do collect content, we've pointed out time and time again that the 'just metadata, don't worry' argument only makes sense if you don't know what metadata reveals. Anyone with any knowledge of the subject knows that metadata reveals a ton of private info. Furthermore, we've even pointed out that the NSA regularly uses 'just metadata' to pick targets for drone assassinations. As one person called it: 'death by unreliable metadata.' So we know that the US kills people based on metadata, but given how hard the NSA and its defenders have sought to play down the collection of metadata, it's somewhat amazing to find out that the always on-message former director of both the NSA and CIA, Michael Hayden, flat out admitted that 'we kill people based on metadata.' According to David Cole: 'Of course knowing the content of a call can be crucial to establishing a particular threat. But metadata alone can provide an extremely detailed picture of a person's most intimate associations and interests, and it's actually much easier as a technological matter to search huge amounts of metadata than to listen to millions of phone calls. As NSA General Counsel Stewart Baker has said, 'metadata absolutely tells you everything about somebody's life. If you have enough metadata, you don't really need content.' When I quoted Baker at a recent debate at Johns Hopkins University, my opponent, General Michael Hayden, former director of the NSA and the CIA, called Baker's comment 'absolutely correct,' and raised him one, asserting, 'We kill people based on metadata.'  You can see Hayden make that statement at the 18 minute mark of this video -- though he immediately tries to qualify the statement by saying we don't kill people based on this metadata. Of course, what he leaves out is that the DOJ believes that the federal government has the legal authority to kill Americans based on this metadata."
Michael Hayden Gleefully Admits: We Kill People Based On Metadata
TechDirt, 12 May 2014

"A top-secret Pentagon report to assess the damage to national security from the leak of classified National Security Agency documents by Edward Snowden concluded that 'the scope of the compromised knowledge related to US intelligence capabilities is staggering'. The Guardian has obtained a copy of the Defense Intelligence Agency's classified damage assessment in response to a Freedom of Information Act (Foia) lawsuit filed against the Defense Department earlier this year. The heavily redacted 39-page report was prepared in December and is titled 'DoD Information Review Task Force-2: Initial Assessment, Impacts Resulting from the Compromise of Classified Material by a Former NSA Contractor.' But while the DIA report describes the damage to US intelligence capabilities as 'grave', the government still refuses to release any specific details to support this conclusion. The entire impact assessment was redacted from the material released to the Guardian under a presidential order that protects classified information and several other Foia exemptions."
Pentagon report: scope of intelligence compromised by Snowden 'staggering'
Guardian, 12 May 2014

"We kill people based on metadata."
Michael Hayden, former director of the NSA and CIA, speaking at John Hopkins University, April 2014
TechDirt, 12 May 2014

"Since the very first Snowden leak a year ago, one of the more common refrains from defenders of the program is 'but it's just metadata, not actual content, so what's the big deal?' Beyond the fact that other programs do collect content, we've pointed out time and time again that the 'just metadata, don't worry' argument only makes sense if you don't know what metadata reveals. Anyone with any knowledge of the subject knows that metadata reveals a ton of private info. Furthermore, we've even pointed out that the NSA regularly uses 'just metadata' to pick targets for drone assassinations. As one person called it: 'death by unreliable metadata.' So we know that the US kills people based on metadata, but given how hard the NSA and its defenders have sought to play down the collection of metadata, it's somewhat amazing to find out that the always on-message former director of both the NSA and CIA, Michael Hayden, flat out admitted that 'we kill people based on metadata.' According to David Cole: 'Of course knowing the content of a call can be crucial to establishing a particular threat. But metadata alone can provide an extremely detailed picture of a person's most intimate associations and interests, and it's actually much easier as a technological matter to search huge amounts of metadata than to listen to millions of phone calls. As NSA General Counsel Stewart Baker has said, 'metadata absolutely tells you everything about somebody's life. If you have enough metadata, you don't really need content.' When I quoted Baker at a recent debate at Johns Hopkins University, my opponent, General Michael Hayden, former director of the NSA and the CIA, called Baker's comment 'absolutely correct,' and raised him one, asserting, 'We kill people based on metadata.'  You can see Hayden make that statement at the 18 minute mark of this video -- though he immediately tries to qualify the statement by saying we don't kill people based on this metadata. Of course, what he leaves out is that the DOJ believes that the federal government has the legal authority to kill Americans based on this metadata."
Michael Hayden Gleefully Admits: We Kill People Based On Metadata
TechDirt, 12 May 2014

"For years, the US government loudly warned the world that Chinese routers and other internet devices pose a 'threat' because they are built with backdoor surveillance functionality that gives the Chinese government the ability to spy on anyone using them. Yet what the NSA's documents show is that Americans have been engaged in precisely the activity that the US accused the Chinese of doing. The drumbeat of American accusations against Chinese internet device manufacturers was unrelenting. In 2012, for example, a report from the House Intelligence Committee, headed by Mike Rogers, claimed that Huawei and ZTE, the top two Chinese telecommunications equipment companies, 'may be violating United States laws' and have 'not followed United States legal obligations or international standards of business behaviour'. The committee recommended that 'the United States should view with suspicion the continued penetration of the US telecommunications market by Chinese telecommunications companies'....The constant accusations became such a burden that Ren Zhengfei, the 69-year-old founder and CEO of Huawei, announced in November 2013 that the company was abandoning the US market. As Foreign Policy reported, Zhengfei told a French newspaper: ''If Huawei gets in the middle of US-China relations,' and causes problems, 'it's not worth it'.' But while American companies were being warned away from supposedly untrustworthy Chinese routers, foreign organisations would have been well advised to beware of American-made ones. A June 2010 report from the head of the NSA's Access and Target Development department is shockingly explicit. The NSA routinely receives – or intercepts – routers, servers and other computer network devices being exported from the US before they are delivered to the international customers. The agency then implants backdoor surveillance tools, repackages the devices with a factory seal and sends them on. The NSA thus gains access to entire networks and all their users. The document gleefully observes that some ' SIGINT tradecraft … is very hands-on (literally!)'. Eventually, the implanted device connects back to the NSA. The report continues: 'In one recent case, after several months a beacon implanted through supply-chain interdiction called back to the NSA covert infrastructure. This call back provided us access to further exploit the device and survey the network.' It is quite possible that Chinese firms are implanting surveillance mechanisms in their network devices. But the US is certainly doing the same."
Glenn Greenwald: how the NSA tampers with US-made internet routers
Guardian, 12 May 2014

"Britain should create a new body to oversee its intelligence agencies to reassure the public after revelations from ex-U.S. intelligence contractor Edward Snowden, the former head of the British foreign intelligence service said on Monday. Documents leaked by Snowden exposed the vast scale of surveillance carried out by Britain's intelligence agencies and their close collaboration with America's National Security Agency, sparking a public debate about how they operate. Richard Dearlove, head of Britain's MI6 spy agency between 1999 and 2004, said that meant the public now needed greater assurances that espionage powers were not being abused.... Dearlove, who headed the Secret Intelligence Service (MI6) during the September. 11, 2001 attacks in New York, said that while he was confident intelligence operations had not been illegal, he still felt an independent overseer should be set up to provide greater scrutiny and public reassurance. Britain's current spy chiefs have resisted calls for greater scrutiny and transparency, arguing the Snowden leaks put British operations at risk. A senior security official said last month that terrorists had changed their methods of communication because of the leaks. In Britain, oversight of the intelligence services rests with a parliamentary committee and three other judicial and expert offices. The chairman of the parliamentary committee, Malcolm Rifkind, recently defended his role and praised the work of Britain's spy agencies, saying they had no desire to be 'all-seeing' or 'all-hearing'.  However, last week lawmakers criticised the current structure as outdated and lacking credibility. Dearlove said an independent body 'representative of a multiplicity of views from across society' would improve the system. 'Credibility is a key issue if it's appointed, but I think if you have a broad enough cross section of people drawn from different sectors of society it could add reassurance.'"
UK needs new watchdog for its spies, ex-MI6 chief says
Reuters, 12 May 2014

"The Justice Department is seeking a change in criminal rules that would make it easier for the FBI to obtain warrants to hack into suspects’ computers for evidence when the computer’s physical location is unknown — a problem that officials say is increasing as more and more crime is conducted online with tools to conceal identity. But the proposal, which was posted for public comment on a U.S. court Web site Friday, is raising concerns among privacy advocates who see it as expanding the power of federal agents to insert malware on computers, which they say could weaken overall Internet security. ... civil liberties advocates fear that the proposal, if adopted, would gradually lead to more invasive searches of property. 'The underlying current behind all of this is they’re basically talking about allowing police to break into people’s computers,' said Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation. 'That gives me pause.' At issue is a question more fundamental than whether a judge has jurisdiction to issue a warrant, said Nathan Freed Wessler, a staff attorney for the American Civil Liberties Union. 'The overarching concern is that it’s unclear whether it is ever allowable under the Fourth Amendment to conduct these kinds of searches, sending out zero-day vulnerabilities over the Internet and weakening Internet security for everybody,' he said, referring to a type of computer software flaw that can be exploited to gain access to someone’s computer."
FBI wants easier process to hack suspects’ computers
Washington Post, 10 May 2014

"Every new car sold in Britain will have to have a ‘black box’ device fitted to track drivers’ movements from next year, under plans being imposed by the European Union.  Despite serious concerns about privacy and cost, UK ministers admit they are powerless to stop the Big Brother technology being forced on motorists and car makers. The Government believes the gadget, designed to help emergency services find crashed vehicles, will add at least £100 to the cost of vehicles without providing significant safety improvements. Officials also fear the scheme, known as eCall, could be used by police or insurance companies to monitor motorists’ every move.  The European Commission has ruled that by October next year, all new cars and vans sold across Europe must be fitted with the technology, which contains a mobile phone-like SIM card designed to transmit the vehicle’s location to emergency services in the event of a crash. But The Mail on Sunday has seen official correspondence from the Department of Transport showing the UK’s opposition to the policy, which could lead to the ‘constant tracking’ of vehicles. In a letter to MPs, Transport Minister Robert Goodwill writes: ‘The basis for our opposition is that costs to the UK outweigh the benefits. Unfortunately, there is very little support for the UK position and no possibility of blocking this legislation. We are working with other member states to minimise the potential burdens on manufacturers and the potential cost to consumers. With regard to the rules on privacy and data protection, other member states have expressed  similar concerns to us, about the potential for constant tracking of vehicles via the eCall system.’ Emma Carr, of civil liberties group Big Brother Watch, said last night: ‘Motorists will not be comfortable forcibly having a black box installed which is capable of recording and transmitting their exact location when they are driving.’ Some car manufacturers, including BMW and Volvo, already include eCall devices in their latest models. An SOS button near the dashboard, linked to a SIM card, allows drivers to call 999 quickly. And if airbags are deployed it automatically sends a text message to emergency services with the car’s location – as well as its unique vehicle ID number. Voluntary take-up has been low across the industry so the EU ruled all new car models must include eCall from October 1, 2015. Motorists will be unable to switch it off and it will be tested in MoT checks."
EU to bug every car in UK with tracker chips
Mail, 10 May 2014

"Edward Snowden's disclosures of the scale of mass surveillance are 'an embarrassing indictment' of the weak nature of the oversight and legal accountability of Britain's security and intelligence agencies, MPs have concluded. A highly critical report by the Commons home affairs select committee published on Friday calls for a radical reform of the current system of oversight of MI5, MI6 and GCHQ, arguing that the current system is so ineffective it is undermining the credibility of the intelligence agencies and parliament itself. The MPs say the current system was designed in a pre-internet age when a person's word was accepted without question. 'It is designed to scrutinise the work of George Smiley, not the 21st-century reality of the security and intelligence services,' said committee chairman, Keith Vaz. 'The agencies are at the cutting edge of sophistication and are owed an equally refined system of democratic scrutiny. It is an embarrassing indictment of our system that some in the media felt compelled to publish leaked information to ensure that matters were heard in parliament.' The cross-party report is the first British parliamentary acknowledgement that Snowden's disclosures of the mass harvesting of personal phone and internet data need to lead to serious improvements in the oversight and accountability of the security services. The MPs call for radical reform of the system of oversight including the election of the membership of the intelligence and security committee, including its chairman, and an end to their exclusive oversight role. Its chairman should also be a member of the largest opposition party, the MPs say, in direct criticism of its current head, Sir Malcolm Rifkind, who is a former Conservative foreign secretary.... Their report says Alan Rusbridger, editor of the Guardian, responded to criticism of newspapers that decided to publish Snowden's disclosures, including the head of MI6's claim that it was 'a gift to terrorists', by saying that the alternative would be that the next Snowden would just 'dump the stuff on the internet'. The MPs say: 'One of the reasons that Edward Snowden has cited for releasing the documents is that he believes the oversight of security and intelligence agencies is not effective. It is important to note that when we asked British civil servants – the national security adviser and the head of MI5 – to give evidence to us they refused. In contrast, Mr Rusbridger came before us and provided open and transparent evidence."
MPs: Snowden files are 'embarrassing indictment' of British spying oversight
Guardian, 9 May 2014

"The US intelligence whistleblower Edward Snowden has warned that entire populations, rather than just individuals, now live under constant surveillance. 'It's no longer based on the traditional practice of targeted taps based on some individual suspicion of wrongdoing,' he said. 'It covers phone calls, emails, texts, search history, what you buy, who your friends are, where you go, who you love.' Snowden made his comments in a short video that was played before a debate on the proposition that surveillance today is a euphemism for mass surveillance, in Toronto, Canada. The former US National Security Agency contractor is living in Russia, having been granted temporary asylum there in June 2013. The video was shown as two of the debaters – the former US National Security Administration director, General Michael Hayden, and the well-known civil liberties lawyer and Harvard law professor, Alan Dershowitz – argued in favour of the debate statement: 'Be it resolved state surveillance is a legitimate defence of our freedoms.' Opposing the motion were Glenn Greenwald, the journalist whose work based on Snowden’s leaks won a Pulitzer Prize for the Guardian last month, and Alexis Ohanian, co-founder of the social media website Reddit..... Greenwald opened the debate by condemning the NSA’s own slogan, which he said appears repeatedly throughout its own documents: 'Collect it all.'  'What is state surveillance?' Greenwald asked. 'If it were about targeting in a discriminate way against those causing harm, there would be no debate. The actual system of state surveillance has almost nothing to do with that. What state surveillance actually is, is defended by the NSA's actual words, that phrase they use over and over again: 'Collect it all.’ ' Dershowitz and Hayden spent the rest of the 90 minutes of the debate denying that the pervasive surveillance systems described by Snowden and Greenwald even exist and that surveillance programs are necessary to prevent terrorism. 'Collect it all doesn't mean collect it all!' Hayden said, drawing laughter. .... Before the debates began, 33% of the audience voted in favour of the debate statement and 46% voted against. It closed with 59% of the audience siding with Greenwald and Ohanian."
Everyone is under surveillance now, says whistleblower Edward Snowden
Associated Press, 3 May 2014

"The German government has blocked Edward Snowden from giving personal evidence in front of a parliamentary inquiry into NSA surveillance, it has emerged hours before Angela Merkel travels to Washington for a meeting with Barack Obama. In a letter to members of a parliamentary committee obtained by Süddeutsche Zeitung, government officials say a personal invitation for the US whistleblower would 'run counter to the political interests of the Federal Republic', and 'put a grave and permanent strain' on US-German relations. Opposition party members in the committee from the Left and Green party had for weeks insisted that the former NSA employee was a key witness and therefore would need to appear in person, not least because of concerns that Russia otherwise could influence his testimony. However, the ruling Christian Democratic and Social Democratic parties, said that a written questionnaire would suffice. The disagreement led to the resignation of the CDU head of the committee this month. Last June the German foreign ministry rejected Snowden's application for asylum because it was not submitted in person on German soil. If Snowden had been invited as a witness, he could have met these requirements. Given that only the government could supply Snowden with permits for entering and staying in the country, as well as legal protection from an extradition query, it now looks highly unlikely that the whistleblower will be able to travel to Germany before his asylum in Russia expires at the end of June. Snowden's lawyer Jesselyn Radack said on Wednesday that she expected his Russian visa to be renewed. Opposition politicians said they would seek ways to challenge the government's veto. The Green party leader, Simone Peter, accused the chancellor of cowardice."
Germany blocks Edward Snowden from testifying in person in NSA inquiry
Guardian, 1 May 2014

"It turns out opting to not allow apps to know your location doesn't completely protect you from the threat of being tracked, according to a new study. For now, there isn't an app capable of tracking you without your permission. But a new study out of the Department of Computer and Electrical Engineering from the University of Illinois shows that your phone can be traced to a precise location even with location services turned off. According to the research, the culprit is something in your phone known as an accelerometer. What's an accelerometer? It's a tiny chip inside your phone that measures whether you're holding your phone horizontally or vertically, so the phone can alter its screen accordingly.  But in the same way your fingerprints are yours alone, so is your phone's signal, according to Professor Romit Roy Choudhury and his students of the University of Illinois, who wrote the study, and Professors Wenyuan Xu and Srihari Nelakuditi from the University of South Carolina, who contributed. This digital 'fingerprint' then leaves you theoretically vulnerable to being traced by unwanted apps. It may even leave you vulnerable to a targeted cyber attack. Jonathan Damery, who covered the study for the University of Illinois website, compared the accelerometer's fingerprint to cookies cut out with a cookie cutter. 'In some ways, it’s like cutting out sugar cookies. Even using the same dinosaur-shaped cutter, each cookie will come out slightly different: a blemish here, a pock there,' he wrote in a post on the research findings. 'For smartphone sensors, these imperfections simply occur at the micro- or nanoscale.' Those imperfections mean your phone's unique signal can be pinpointed its exact location whenever your phone is in use. Not concerned yet? The research suggests that it might not just be the accelerometer that's capable of transmitting these unique signals. Your phone's camera, gyroscope and microphones, among other parts, could all be vulnerable as well."
Disabling Your Phone's Location Services Doesn't Really Hide You
Huffington Post, 30 April 2014

"Britain’s electronic surveillance agency, Government Communications Headquarters, has long presented its collaboration with the National Security Agency’s massive electronic spying efforts as proportionate, carefully monitored, and well within the bounds of privacy laws. But according to a top-secret document in the archive of material provided to The Intercept by NSA whistleblower Edward Snowden, GCHQ secretly coveted the NSA’s vast troves of private communications and sought 'unsupervised access' to its data as recently as last year – essentially begging to feast at the NSA’s table while insisting that it only nibbles on the occasional crumb. The document, dated April 2013, reveals that GCHQ requested broad new authority to tap into data collected under a law that authorizes a variety of controversial NSA surveillance initiatives, including the PRISM program. PRISM is a system used by the NSA and the FBI to obtain the content of personal emails, chats, photos, videos, and other data processed by nine of the world’s largest internet companies, including Google, Yahoo!, Microsoft, Apple, Facebook, and Skype. The arrangement GCHQ proposed would also have provided the British agency with greater access to millions of international phone calls and emails that the NSA siphons directly from phone networks and the internet. The Snowden files do not indicate whether NSA granted GCHQ’s request, but they do show that the NSA was 'supportive' of the idea, and that GCHQ was permitted extensive access to PRISM during the London Olympics in 2012. The request for the broad access was communicated at 'leadership' level, according to the documents. Neither agency would comment on the proposed arrangement or whether it was approved. Last June, in the wake of the Guardian‘s PRISM disclosures, British Foreign Secretary William Hague issued a lengthy statement declaring that 'the arrangements for oversight and the general framework for exchanging information with the United States are the same as under previous governments.' Warrants to intercept the communications of any individual in the United Kingdom, the statement read, must be personally signed by a cabinet secretary. Likewise, the British Intelligence and Security Committee reported in July that, after reviewing 'GCHQ’s access to the content of communications, the legal framework which governs that access, and the arrangements GCHQ has with its overseas counterparts for sharing such information,' the spy agency’s collaboration with the NSA was within the bounds of British law. But the broader access secretly sought by GCHQ only months earlier appears to have been unprecedented – and would have placed fewer restrictions on how the NSA’s surveillance data is obtained and handled by British spies. In response to the revelation, British member of Parliament Julian Huppert has accused government officials of issuing statements intended to 'deliberately mislead' about GCHQ’s surveillance programs and called for an overhaul of the current system of oversight. Eric King, head of research at London-based human rights group Privacy International, said that the latest disclosure raised 'serious concerns' about whether GCHQ has pushed for the ability to sift through data collected by the NSA in a bid to circumvent British laws restricting the scope of its surveillance. 'GCHQ’s continued insistence that it is following the law becomes less credible with every revelation,' King told The Intercept, adding that he believed the agency was 'stretching its legal authorities with help from international partners."
British Spy Chiefs Secretly Begged to Play in NSA’s Data Pools
The Intercept, 30 April 2014

"A judge in the US has ordered Microsoft to hand over a customer's emails, even though the data is held on a server in Ireland. Microsoft has previously taken steps to reassure customers that data held on servers abroad should not be subject to search warrants by US authorities. It follows concerns about data privacy after allegations of US spying by whistleblower Edward Snowden. The judge said warrants for online data were different to other warrants. The search warrant, which was issued to Microsoft by US authorities, sought information associated with a customer's email account including the customer's name, credit card details and contents of all messages. Microsoft said that the account was hosted on a server in Dublin and therefore the search warrant was not valid as the data was outside of the US."
Microsoft must release email data held on Dublin server
BBC Online, 28 April 2014

"Two politicians have allowed for their personal data to be mapped down to the last detail. This is unprecedented. The Speaker of the Danish parliament calls it »overdue«. For the first time ever, Danes are to be given a closer look at the considerable amounts of data being recorded on individual citizens, and a better understanding of what information can be mined from the personal data of private individuals. While the government itself has been reluctant to discuss the issue of surveillance, two members of parliament from the ruling Social Democrat and Social Liberal parties have brought themselves into play to start a debate about the registration and logging of data. One of these politicians is even a cabinet member. Sofie Carsten Nielsen, the Social Liberal minister for education and research, and Jens Joel, a Social Democrat member of parliament, have allowed Berlingske to access their private data. The newspaper's investigative unit has spent several months accessing, analysing and mapping the politicians' emails, phone calls, mobile texts, card payments, plane trips, tax information and private photos. Their patterns and habits, both political and intimate, are now presented on b.dk. This is despite government efforts, for more than the past six months, to silence the debate on surveillance following the publication of documents leaked by the whistleblower Edward Snowden which revealed the extent of phone tapping and data collection carried out by the U.S. The government has consistently repeated the same statement: that it is not aware of any illegal surveillance in Denmark. Now, however, the Speaker of Parliament, Mogens Lykketoft, who is also a Social Democrat, has stepped forward, calling it »an interesting experiment« that Sofie Carsten Nielsen and Jens Joel have allowed their data to be mined.... Berlingske's investigation is based on the analysis of some 18,047 emails, 31,303 pieces of telecommunications data and 2,407 banking records. Added to these are approximately 36,000 texts and data messages, and a string of other sets of data, including 2,828 invitations in Jens Joel's electronic diary and 33,740 location points from the running app on Sofie Carsten Nielsen's mobile phone. .... In 2009 the German politician Malte Spitz asked the telecom operator Deutsche Telekom to hand over six months of telecommunication data which the Zeit Online newspaper then used to map his physical activities in minute detail. Malte Spitz believes that Berlingske's project will make the debate on data more realistic by showing »concrete examples«. »This will serve as an eye opener showing people what is already possible. We need to start the debate about the future right now,« says Malte Spitz."
Minister allows access to private data
Politiko, 26 April 2014

"On Tuesday The Guardian and US newspaper The Washington Post were jointly awarded the Pulitzer Prize – the biggest prize in US journalism – for their reporting on NSA surveillance. Edward Snowden, the former CIA contractor who famously leaked a trove of documents to newspapers detailing US and even UK government surveillance activities, immediately called the award a 'vindication' even as a US congressman called the decision a 'disgrace'. In the UK, former defence secretary Liam Fox called Snowden a 'self-publicising narcissist' who committed treason. In a new YouGov poll, public opinion tends to be in favour of the newspapers’ decision to publish the revelations, with British people calling the decision good, rather than bad, for society, by 46% to 22%. Many, however, (31%) are still unsure how they feel."
Snowden revelations 'good for society'
YouGov, 18 April 2014

"In some areas of the world, payment systems that require palm scanning or face scanning are already being tested.  We have entered an era where biometric security is being hailed as the 'solution' to the antiquated security methods of the past.  We are being promised that the constant problems that hackers are causing with our credit cards, bank accounts, ATM machines and Internet passwords will all go away once we switch over to biometric identification.  And without a doubt, we have some massive security problems that need to be addressed.  But do you really want a machine to read your face or your hand before you are able to buy anything, sell anything or log on to the Internet?  Do you really want 'the system' to be able to know where you are, what you are buying and what you are doing at virtually all times?  Biometric security systems are being promoted as 'cool' and 'cutting edge', but there is also potentially a very dark side to them that should not be ignored. In this day and age, identity theft has become a giant problem.  Being able to confirm that you are who you say that you are is a very big deal.  To many, biometric security presents a very attractive solution to this problem.... Almost everyone would like to make their identities more secure.  Nobody actually wants their bank accounts compromised or their Internet passwords stolen.  But there is a price to be paid for adopting biometric identification.  Your face or your hand will be used to continually monitor and track everything that you do and everywhere that you go. For now, biometric security is not being forced on people.  If you want to avoid it, you can. But eventually, once it has been adopted on a widespread basis, banks and government agencies will start requiring it. And it is easy to imagine a day when none of us will any longer be able to buy or sell anything without submitting to biometric identification.  In fact, an 'alternative payment method' involving hand scanning is already being tested in southern Sweden… But before biometric identification is widely used for payment systems, we will probably see it implemented in a whole bunch of other ways first.  For instance, biometric scanners are already being used in dining halls on college campuses all across America... Young people tend to be less alarmed by this technology, and so that is where it is being pushed. ... This technology is going to keep spreading, and it is going to become harder and harder to avoid it. And it is easy to imagine what a tyrannical government could do with this kind of technology.  If it wanted to, it could use it to literally track the movements and behavior of everyone. We are already starting to see the establishment of massive biometric databases.  One of these is the FBI’s facial recognition database that is a part of their 'Next Generation Identification' program.  It is being projected that the FBI will have compiled 52 million of our 'face images' by the year 2015.  Given enough time, eventually I am sure that they would have all of our faces in their computers. And one day, this kind of technology will likely be so pervasive that you won’t be able to open a bank account, get a credit card or even buy anything without having either your hand or your face scanned first. When that day arrives, what will you do?"
What Will You Do When You Can No Longer Buy Or Sell Without Submitting To Biometric Identification?
Investment Watch, 17 April 2014

"Google has clarified its email scanning practices in a terms of service update, informing users that incoming and outgoing emails are analysed by automated software. The revisions explicitly state that Google’s system scans the content of emails stored on Google’s servers as well as those being sent and received by any Google email account, a practice that has seen the search company face criticism from privacy action groups and lawsuits from the education sector 'We want our policies to be simple and easy for users to understand. These changes will give people even greater clarity and are based on feedback we've received over the last few months,' said a Google spokeswoman. The automated systems scan the content of emails for spam and malware detection, as many other email providers automatically do, but also as part of Google’s 'priority inbox' service and tailored advertising. 'This is not the worst thing Google does,' said Jim Killock, executive director of the Open Rights Group. 'But like anything like this, if people are concerned about it they should be able to completely switch it off if they want to.' Google’s ads use information gleaned from a user’s email combined with data from their Google profile as a whole, including search results, map requests and YouTube views, to display what it considers are relevant ads in the hope that the user is more likely to click on them and generate more advertising revenue for Google..... While email scanning has taken the headlines recently, leading from the revelations that Google considers that users have no 'reasonable expectation' of privacy, the Open Rights Group considers other aspects of Google’s practices most troubling. 'The really dangerous things that Google is doing are things like the information held in Analytics, cookies in advertising and the profiling that it is able to do on individual accounts,' said Killock. 'It is the amount of information they hold on individuals that should be concerning us, both because that is attractive to government but also sometimes that information leaks out in various ways like the NSA’s use of cookies in general as a means to target users,' Killock explained."
Gmail does scan all emails, new Google terms clarify
Guardian, 15 April 2014

"Facebook, Instagram, and Twitter have all become places where people post intimate details about their lives: vacation photos, work successes, buying a new house, car, or other cool stuff. However, this information is also up for grabs by the Internal Revenue Service. The taxman is reportedly using data from social media on people who file fishy-seeming taxes or don't file at all, according to Marketplace. The IRS loses roughly $300 billion per year to tax evasion; and in times of budget cuts, with a smaller staff, the agency has allegedly turned to both data mining and data crunching. In its quest to find and audit tax dodgers, the IRS is said to use online activity trackers to sift through the mass amounts of data available on the Internet, according to Marketplace. This data is then added to the information the agency already has on people, such as Social Security numbers, health records, banking statements, and property. 'It seems they may be using predictive analytics,' University of Pennsylvania's Annenberg School of Communication Professor Joseph Turow told Marketplace. 'That takes a huge amount of data and puts it together in a big pot to see if they can predict which individuals don't pay their taxes.' The IRS is reportedly only looking at information that's public, so as long as people keep a tight privacy lock on their accounts, they should be okay...maybe. Last year, it was revealed that the IRS was claiming the right to read taxpayers' email and private information on social media accounts without first getting a search warrant. After a brouhaha from civil liberties groups, citizens, and lawmakers, the IRS announced the no-warrant-required policy would be ditched for email, but it did not make the same commitment for other private electronic communications."
Tax dodgers beware: IRS could be watching your social media
CNet, 15 April 2014

"New documents released by the FBI show that the Bureau is well on its way toward its goal of a fully operational face recognition database by this summer. The EFF received these records in response to our Freedom of Information Act lawsuit for information on Next Generation Identification (NGI)—the FBI’s massive biometric database that may hold records on as much as one-third of the US population. The facial recognition component of this database poses real threats to privacy for all Americans.... One of our biggest concerns about NGI has been the fact that it will include non-criminal as well as criminal face images. We now know that FBI projects that by 2015, the database will include 4.3 million images taken for non-criminal purposes. Currently, if you apply for any type of job that requires fingerprinting or a background check, your prints are sent to and stored by the FBI in its civil print database. However, the FBI has never before collected a photograph along with those prints. This is changing with NGI. Now an employer could require you to provide a 'mug shot' photo along with your fingerprints. If that’s the case, then the FBI will store both your face print and your fingerprints along with your biographic data. In the past, the FBI has never linked the criminal and non-criminal fingerprint databases. This has meant that any search of the criminal print database (such as to identify a suspect or a latent print at a crime scene) would not touch the non-criminal database. This will also change with NGI. Now, every record—whether criminal or non—will have a 'Universal Control Number' (UCN), and every search will be run against all records in the database. This means that even if you have never been arrested for a crime, if your employer requires you to submit a photo as part of your background check, your face image could be searched—and you could be implicated as a criminal suspect—just by virtue of having that image in the non-criminal file."
FBI to have 52 million photos in its NGI face recognition database by next year
ArsTechnica, 14 April 2014

"Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday. But Mr. Obama carved a broad exception for 'a clear national security or law enforcement need,' the officials said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons. The White House has never publicly detailed Mr. Obama’s decision, which he made in January as he began a three-month review of recommendations by a presidential advisory committee on what to do in response to recent disclosures about the National Security Agency. But elements of the decision became evident on Friday, when the White House denied that it had any prior knowledge of the Heartbleed bug, a newly known hole in Internet security that sent Americans scrambling last week to change their online passwords. The White House statement said that when such flaws are discovered, there is now a 'bias' in the government to share that knowledge with computer and software manufacturers so a remedy can be created and distributed to industry and consumers.... One recommendation urged the N.S.A. to get out of the business of weakening commercial encryption systems or trying to build in 'back doors' that would make it far easier for the agency to crack the communications of America’s adversaries. Tempting as it was to create easy ways to break codes — the reason the N.S.A. was established by Harry S. Truman 62 years ago — the committee concluded that the practice would undercut trust in American software and hardware products. In recent months, Silicon Valley companies have urged the United States to abandon such practices, while Germany and Brazil, among other nations, have said they were considering shunning American-made equipment and software. Their motives were hardly pure: Foreign companies see the N.S.A. disclosures as a way to bar American competitors. Another recommendation urged the government to make only the most limited, temporary use of what hackers call 'zero days,' the coding flaws in software like Microsoft Windows that can give an attacker access to a computer — and to any business, government agency or network connected to it. The flaws get their name from the fact that, when identified, the computer user has 'zero days' to fix them before hackers can exploit the accidental vulnerability. The N.S.A. made use of four 'zero day' vulnerabilities in its attack on Iran’s nuclear enrichment sites. That operation, code-named 'Olympic Games,' managed to damage roughly 1,000 Iranian centrifuges, and by some accounts helped drive the country to the negotiating table.... documents released by Edward J. Snowden, the former N.S.A. contractor, make it clear that two years before Heartbleed became known, the N.S.A. was looking at ways to accomplish exactly what the flaw did by accident. A program code-named Bullrun, apparently named for the site of two Civil War battles just outside Washington, was part of a decade-long effort to crack or circumvent encryption on the web. The documents do not make clear how well it succeeded, but it may well have been more effective than exploiting Heartbleed would be at enabling access to secret data. The government has become one of the biggest developers and purchasers of information identifying 'zero days,' officials acknowledge. Those flaws are big business — Microsoft pays up to $150,000 to those who find them and bring them to the company to fix — and other countries are gathering them so avidly that something of a modern-day arms race has broken out. Chief among the nations seeking them are China and Russia, though Iran and North Korea are in the market as well."
Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say
New York Times, 12 April 2014

"The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said. The agency’s reported decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts. The NSA, after declining to comment on the report, subsequently denied that it was aware of Heartbleed until the vulnerability was made public by a private security report earlier this month. 'Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong,' according to an e-mailed statement from the Office of the Director of National Intelligence."
NSA Said to Exploit Heartbleed Bug for Intelligence for Years
Bloomberg, 12 April 2014

"The journalists who first revealed the extent of the National Security Agency’s surveillance activities dedicated a prestigious award on Friday to their source, Edward Snowden. Glenn Greenwald and Laura Poitras had earlier cleared immigration at John F Kennedy airport in New York without a hitch as they arrived to share a George Polk Award for national security reporting with Ewen MacAskill of the Guardian and Barton Gellman of the Washington Post. The Polk awards are administered by Long Island University. 'This award is really for Edward Snowden," said Poitras, who first met the former NSA analyst in Hong Kong with Greenwald and MacAskill last year, as she accepted the award in the ballroom of the Roosevelt Hotel in Manhattan. 'Each one of these awards provides perfect vindication, that what he [Snowden] did, coming forward, was absolutely the right thing to do and merits gratitude and not indictments and decades of imprisonment,' Greenwald said in his acceptance speech. MacAskill thanked Snowden for his courage and expressed a hope that he would be able to travel freely to the US. Greenwald and Poitras arrived in the US on Friday for the first time since reporting the NSA story. They travelled from Berlin, where Poitras lives, on Friday morning; Greenwald’s partner, David Miranda, who was last year detained for nine hours as he passed through Heathrow airport in London, arrived on Thursday morning."
Journalists who broke NSA story in Guardian dedicate award to Snowden
Guardian, 11 April 2014

"It was the Blairite press officer Jo Moore who in 20o1 on the day of 9/11 coined the infamous phrase: 'This is a good day to bury bad news'.   Cameron seems to have learnt the lesson when yesterday he used the furore over Maria Miller’s avarice and arrogance to quietly give a welcome to a report from the surveillance commissioner  giving the all-clear to Britain’s spy agencies following the Snowden revelations.   In vintage Cameron style, just as he tried to smother the row swirling around Miller with cavalier bravado: 'She’s apologised, done the right thing, and we should now move on',  so here he paraphrases the watchdog’s report as: 'agencies undertake their role conscientiously and effectively, and public agencies do not engage in indiscriminate mass intrusion'.   So that’s all right then, nothing to worry about. This slippery eel of a Prime Minister purports not to see that in the 78 pages of the report, Sir Anthony May, the so-called watchdog, ignores the most crucial and devastating finding of the last year in this area of surveillance (a word that Cameron can’t bring himself to use), namely the existence of the Tempora programme run by the UK spooks (GCHQ and MI5) which hoovers up mountains of internet data without its operations ever having been admitted (before Snowden) or consented to.   In a word it reveals the spy agencies acting completely out of control and outside any system of accountability, which for some reason May (no relation of the home secretary) and Cameron never noticed.   Nor does May or Cameron even address the huge controversies raised about the links between the spy agencies and the private internet and telephone companies. One important new detail that emerges from the May report is the number of requests for information being loaded on the RIPA (Regulation of Investigatory Powers Act) system.   It turns out to be enormous – 514,608 in the last year.    May (a former judge) is supposed to oversee the warrants requested by the police and intelligence services, but that weight in numbers would mean his overseeing on average 1,410 a day.   So what proportion does he in practice oversee – even 1%, just 14 a day every day, would be quite a handful for a retired judge.   But that still allows Cameron with his Panglossian insouciance to conclude: 'I believe his report provides an authoritative, expert and reassuring assessment of the lawfulness, necessity and proportionality of the intelligence agencies’ work' (words presumably dictated to him by GCHQ).   So at least we can all rest assured that our privacy is safe in Cameron’s hands."
Relax – Cameron says spy agencies acting entirely within the law
Michael Meacher MP » Blog Archive » 11 April 2014

"Court resumed this morning to hear cross-examination of former News of the World managing editor Stuart Kuttner, who is charged with conspiracy to illegally intercept voicemails while he worked at the now defunct tabloid. David Spens QC, acting for former News of the World Royal editor Clive Goodman, was first to rise to question the defendant.'You've said a lot of complimentary things about Mr Coulson but you have not had a good word to say about Mr Goodman have you,' the barrister said. 'That's not true,' Kuttner replied, pointing out he said he had 'trusted all of the staff at the News of the World'.... Spens suggested that the real reason he visited Goodman was not to 'put an arm around him but instead was to obtain information on the police investigation and what he had told the police' He said: 'What you wanted to know was if the police had named any other individuals in relation to phone hacking.' 'I disagree with that sir,' Kuttner replied. 'We were just trying to get to grips with things.' The note states that Goodman had told Kuttner he 'would get leftovers from SIS bugging' which Judge Saunders suggested related to the secret intelligence service MI6. 'I was querying that,' Kuttner said. The note goes on 'Told Andy from the start' which the barrister suggested related to then editor Andy Coulson, 'I think that is the reference,' Kuttner agreed, adding that he was only noting down what he was being told."
Phone-hacking trial: Secrets, shouting and MI6
The Drum, 10 April 2014

"US spy bosses have ignored a request from Chancellor Angela Merkel to look at her secret service file, according to reports on Wednesday. It came as the chairman of the committee investigating NSA spying in Germany resigned. Germany's interior ministry reportedly approached the United States’ National Security Agency (NSA) last October to ask for the file’s content, amid revelations the NSA had been tapping the chancellor’s mobile phone. But in a written response to parliamentary questions from the Green Party, the German government said: 'The United States has not revealed the relevant information to the German government.' Green Party foreign policy spokesman Omid Nouripour wanted to know whether the chancellor had requested access to the documents produced by the NSA while they were spying on her phone, whether the US government has revealed details about the transcripts and whether Merkel was considering pushing for the files to be destroyed. The German government did not respond to the question of whether it had asked for the files to be destroyed, but it had received no answer for its request to see the file, the Sächsische Zeitung reported on Wednesday. And in an interview with Spiegel magazine this week interior minister Thomas de Maizière said the information provided by the United States 'is to this day insufficient'. Former NSA contractor Edward Snowden revealed in October that the NSA had been tapping Merkel's mobile phone. 'If two-thirds of that which Edward Snowden claims or that which is attributed to him as a source were to be true, then I would come to the conclusion that the United States is operating without limits,' de Maizière said in the interview."
Merkel denied access to own NSA file
The Local, 9 April 2014

"The US' surveillance measures are largely a result of its security needs, but they are being implemented in an excessive, boundless fashion. ... If even two-thirds of what Edward Snowden has presented or what has been presented with his name cited as the source is true, then I would conclude that the USA is operating without any kind of boundaries. .... If all of our suspicions are correct, everything that we are discussing right now isn't even taking place on German soil. That also makes it difficult to assess. .... Approval ratings for Americans in German polls are lower right now than they have been in a long time. The last time this was the case was during a certain phase of the policies of George W. Bush. It saddens me. Even if Obama's initial popularity may have been exaggerated, the US cannot be apathetic to the fact that approval ratings have shifted to such a degree within just one year. America should have an interest in improving them. Words alone will not suffice. .... I find a country's unrestrained collection of information, even for the sake of exaggerated security need, to be less objectionable than the capture of all movement profiles, thoughts and emotions by people for the sake of business interests. .... We want to discuss questions, together with experts, about the reform of the digital agenda: What happens when so-called back-doors are built into operating systems -- gateways through which the agencies can get onto a computer? How can we create a secure cloud? How does artificial intelligence compare to human intelligence? What about the recognition of emotion? Are there, as in the stem-cell debate, limits that should not be crossed?"
German Interior Minister Thomas de Maizière
German Minister: 'US Operating Without any Kind of Boundaries'
Der Spiegel, 9 April 2014

"During a recent House Judiciary Committee hearing concerning oversight, Rep. Zoe Lofgren decided to quiz Attorney General Eric Holder about the federal government's surveillance efforts, starting off with a rather simple question. She notes that the bulk phone record collection program is considered to be legal by its supporters, based on Section 215 of the Patriot Act, which allows for the collection of 'business records.' So, she wonders, is there any legal distinction between phone records and, say, internet searches or emails? In other words, does the DOJ believe that it would be perfectly legal for the US government to scoop up all your search records and emails without a warrant? Holder clearly does not want to answer the question, and first tries to answer a different question, concerning the bulk phone records program, and how the administration is supposedly committed to ending it. But eventually he's forced to admit that there's no legal distinction..."
Eric Holder Admits That, If It Wanted, NSA Could Collect Internet Searches & Emails Just Like Phone Metadata
TechDirt, 9 April 2014

"When it comes to communication Carter is evidently a man of his generation, shunning electronic devices for snail mail. He told [satirist Stephen] Colbert that he had recently written a letter to Pope Francis.... and steers clear of e-mail for fear of being monitored by the National Security Agency. The suggestion caused something of a stir in America and prompted a swift denial from the intelligence agency's director. Carter is yet to be convinced, noting that regulations controlling the Government's scope to spy on private communications had been significantly relaxed since he passed them. 'They are not monitoring me now but they record every message that you transmit in America - and probably in Great Britain as well - and later if they want to monitor that message they can do so,' he says."
Former US President Jimmy Carter
London Times, Times2 Section, 9 April 2014, Print Edition, P6

"Mass spying claims made by Edward Snowden were rejected last night by a surveillance watchdog. Documents stolen by the rogue US agent led to reports in the Guardian as well as US newspapers that the secret services were snooping on millions of ordinary citizens. But in a report yesterday, Sir Anthony May ruled that MI5, MI6 and GCHQ, were not engaged in ‘mass intrusion’. However the Interception of Communications Commissioner did raise fears that the police were engaged in the ‘institutional overuse’ of surveillance powers. Constabularies carried out more than half a million electronic spying missions last year, the equivalent of more than 1,400 a day, his review said. Sir Anthony said he was concerned that police and the National Crime Agency were failing to consider privacy issues. The public should be reassured that unless they ‘associate with potential terrorists or serious criminals ... none of the interception agencies has the slightest interest in examining their emails, their phone or postal communications or their use of the internet’, he said. Sir Anthony also rejected allegations that spying agencies were ‘getting around the law’ by receiving intercepted communications about British citizens indirectly from US spy agencies. Even when large amounts of material were collected by agencies, GCHQ was not permitted to  trawl through it indiscriminately,  he found. Senior intelligence figures have criticised the publication of Snowden’s stolen files. The head of MI5, Andrew Parker, said the publication of the top secret material had caused huge ‘harm’ to the capability of Britain’s intelligence services and amounted to a ‘gift’ to terrorists. Whitehall officials say it is considered to have caused the greatest damage to the Western security apparatus in history. Snowden, a former contractor with the US National Security Agency, stole tens of thousands of restricted files and leaked them to the Guardian and the Washington Post.... Foreign Secretary William Hague, who has responsibility for GCHQ, said: ‘A senior and fully independent judge has looked in detail at whether the interception agencies misuse their powers to engage in random mass intrusion. He has concluded that the answer is emphatically no.’"
Spies cleared of Snowden's claims of mass intrusion: Communications watchdog says they did not break any laws
Mail, 9 April 2014

"Gogo, the inflight Wi-Fi provider, is used by millions of airline passengers each year to stay connected while flying the friendly skies. But if you think the long arm of government surveillance doesn’t have a vertical reach, think again. Gogo and others that provide Wi-Fi aboard aircraft must follow the same wiretap provisions that require telecoms and terrestrial ISPs to assist U.S. law enforcement and the NSA in tracking users when so ordered. But they may be doing more than the law requires. According to a letter Gogo submitted to the Federal Communications Commission, the company voluntarily exceeded the requirements of the Communications Assistance for Law Enforcement Act, or CALEA, by adding capabilities to its service at the request of law enforcement. The revelation alarms civil liberties groups, which say companies should not be cutting deals with the government that may enhance the ability to monitor or track users. 'CALEA itself is a massive infringement on user’s rights,' says Peter Eckersley of the Electronic Frontier Foundation. 'Having ISP’s [now] that say that CALEA isn’t enough, we’re going to be even more intrusive in what we collect on people is, honestly, scandalous.' Gogo provides inflight Wi-Fi and digital entertainment to Delta, American Airlines, Alaska Airlines, Virgin America, US Airways and others using a dedicated air-to-ground network that GoGo says it designed in consultation with law enforcement."
The Feds Cut a Deal With In-Flight Wi-Fi Providers, and Privacy Groups Are Worried
Wired, 9 April 2014

"Like a bunny girl in a nunnery, Google Glass is struggling for acceptance. What once seemed like a new technological light at the end of the tunnel, now merely engenders fears that the light is trying to film you. The latest evidence for this is a study by market research firm Toluna. This study tried to discover Americans' deeper feelings about Google's fine gadget. Americans do have deeper feelings and, as Adweek reports, this research threw up that 72 percent of people won't buy Google Glass because of privacy concerns. They're afraid of hacking, surreptitious photography and filming, and looking like extras from a D-level sci-fi movie. (Well, they didn't actually say that last one.) Though Google Glass was launched with a wave of fascination, its public presence has caused a flood of consternation. There was the Glass-wearer in a Seattle restaurant who refused to take off his Glass and was therefore asked to take off. Indeed, the restaurant suggested he was a man-child 'stinkin' up the joint.' Then there was the man in an Ohio movie theater who suddenly found his Glass being ripped from his face, not by a disgruntled patron, but by the forces of the law. San Francisco is, of course, yet to recover from a bar altercation that seems to have been incited by the presence of Glass on a patron's face. Google itself seems aware that the nation isn't warming as much as the company had hoped. First, it released a guide to help Glass explorers not be Glassholes. Yes, they needed to be told. This didn't seem to be enough. For then Google issued a curious defensive blog post explaining all the things that Glass wasn't. Like a surveillance device, a threat to privacy, or a fashion statement. Though every piece of research should be taken with a tincture of saline, this piece suggested that privacy was by far the biggest concern."
Google co-founder Sergey Brin wearing Glass. Privacy? Zuck says it doesn't exist.
CNet, 8 April 2014

"The US has spied on the staff of prominent human rights organisations, Edward Snowden has told the Council of Europe in Strasbourg, Europe's top human rights body. Giving evidence via a videolink from Moscow, Snowden said the National Security Agency – for which he worked as a contractor – had deliberately snooped on bodies like Amnesty International and Human Rights Watch. He told council members: 'The NSA has specifically targeted either leaders or staff members in a number of civil and non-governmental organisations … including domestically within the borders of the United States.' Snowden did not reveal which groups the NSA had bugged. The assembly asked Snowden if the US spied on the 'highly sensitive and confidential communications' of major rights bodies such as Amnesty and Human Rights Watch, as well as on similar smaller regional and national groups. He replied: 'The answer is, without question, yes. Absolutely.' Snowden, meanwhile, dismissed NSA claims that he had swiped as many as 1.7m documents from the agency's servers in an interview with Vanity Fair. He described the number released by investigators as 'simply a scare number based on an intentionally crude metric: everything that I ever digitally interacted with in my career.' He added: 'Look at the language officials use in sworn testimony about these records: 'could have,' 'may have,' 'potentially.' They're prevaricating. Every single one of those officials knows I don't have 1.7m files, but what are they going to say? What senior official is going to go in front of Congress and say, 'We have no idea what he has, because the NSA's auditing of systems holding hundreds of millions of Americans' data is so negligent that any high-school dropout can walk out the door with it'?' In live testimony to the Council of Europe, Snowden also gave a forensic account of how the NSA's powerful surveillance programs violate the EU's privacy laws. He said programs such as XKeyscore, revealed by the Guardian last July, use sophisticated data mining techniques to screen 'trillions' of private communications. 'This technology represents the most significant new threat to civil liberties in modern times,' he declared. XKeyscore allows analysts to search with no prior authorisation through vast databases containing emails, online chats, and the browsing histories of millions of individuals. Snowden said on Tuesday that he and other analysts were able to use the tool to select an individual's metadata and content 'without judicial approval or prior review'. In practical terms, this meant the agency tracked citizens not involved in any nefarious activities, he stressed. The NSA operated a 'de facto policy of guilt by association', he added. Snowden said the agency, for example, monitored the travel patterns of innocent EU and other citizens not involved in terrorism or any wrongdoing. The 30-year-old whistleblower – who began his intelligence career working for the CIA in Geneva – said the NSA also routinely monitored the communications of Swiss nationals 'across specific routes'. Others who fell under its purview included people who accidentally followed a wrong link, downloaded the wrong file, or 'simply visited an internet s*x forum'. French citizens who logged on to a suspected network were also targeted, he said. The XKeyscore program amounted to an egregious form of mass surveillance, Snowden suggested, because it hoovered up data from 'entire populations'. Anyone using non-encrypted communications might be targeted on the basis of their 'religious beliefs, s*xual or political affiliations, transactions with certain businesses' and even 'gun ownership', he claimed. Snowden said he did not believe the NSA was engaged in 'nightmare scenarios', such as the active compilation of a list of homos*xuals 'to round them up and send them into camps'. But he said that the infrastructure allowing this to happen had been built. The NSA, its allies, authoritarian governments and even private organisations could all abuse this technology, he said, adding that mass surveillance was a 'global problem'. It led to 'less liberal and safe societies', he told the council.... Snowden also criticised the British spy agency GCHQ. He cited the agency's Optic Nerve program revealed by the Guardian in February. It was, he said, one of many 'abusive' examples of state snooping. Under the program GCHQ bulk collects images from Yahoo webcam chats. Many of these images were 'intensely private' Snowden said, depicting some form of nudity, and often taken from the 'bedrooms and private homes' of people not suspected of individualised wrongdoing. [Optic Nerve] continued even after GCHQ became aware that the vast majority had no intelligence value at all,' Snowden said. Snowden made clear he did believe in legitimate intelligence operations. 'I would like to clarify I have no intention to harm the US government or strain [its] bilateral ties,' he asserted, adding that he wanted to improve government, not bring it down. The exiled American spy, however, said the NSA should abandon its electronic surveillance of entire civilian populations. Instead, he said, it should go back to the traditional model of eavesdropping against specific targets, such as 'North Korea, terrorists, cyber-actors, or anyone else.' Snowden also urged members of the Council of Europe to encrypt their personal communications. He said that encryption, used properly, could still withstand 'brute force attacks' from powerful spy agencies and others. 'Properly implemented algorithms backed up by truly random keys of significant length … all require more energy to decrypt than exists in the universe,' he said.... The NSA says Snowden should have brought his complaints to its own internal oversight and compliance bodies. Snowden, however, insisted he did raise concerns formally, including through emails sent to the NSA's lawyers. 'I directly challenge the NSA to deny that I contacted NSA oversight and compliance bodies directly via email,' he stated."
Edward Snowden: US government spied on human rights workers
Guardian, 8 April 2014

"Europe’s top court on Tuesday struck down an EU law forcing telecoms operators to store private phone and email data for up to two years, judging it too invasive, despite its usefulness in combating terrorism. By allowing EU governments to access the data, 'the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data,' the European Court of Justice (ECJ) said. Advocate General Pedro Cruiz Villalon declared the legislation illegal and told the European Union’s 28 member states to take the necessary steps to withdraw it. The decision to scupper the 2006 Data Retention Directive comes as Europe weighs concerns over electronic snooping in the wake of revelations about systematic US surveillance of email and telephone communications. The revelation that US agencies collected data on millions of European citizens — and even tapped the phone of German Chancellor Angela Merkel — sparked a wave of controversy and prompted lawmakers on both sides of the Atlantic to rethink their data surveillance laws. Last month President Barack Obama put forward a long-awaited plan to end Washington’s bulk collection of telephone records, although critics said the measures should be extended beyond just phone records."
Europe’s top court kills invasive phone and email data collection law
Agence France Presse, 8 April 2014

"Edward Snowden and the reporter Glenn Greenwald, who brought to light the whistleblower's leaks about mass US government surveillance last year, appeared together via video link from opposite ends of the earth on Saturday, for what was believed to be the first time since Snowden sought asylum in Russia. In Germany, meanwhile, a leading ally of Chancellor Angela Merkel criticised the US for failing to provide sufficient assurances on its spying tactics and said bilateral talks were unlikely to make much progress before the German leader visits Washington next month. The interior minister, Thomas de Maiziere, one of Merkel's closest cabinet allies, told the German weekly magazine Der Spiegel: 'US intelligence methods may be justified to a large extent by security needs, but the tactics are excessive and over-the-top.' Last October, reports based on disclosures by Snowden said Washington had monitored Merkel's mobile phone. In Chicago, a sympathetic crowd of nearly 1,000 packed a downtown hotel ballroom at Amnesty International USA's annual human rights meeting and gave Greenwald, who dialled in from Brazil, a raucous welcome before Snowden was patched in 15 minutes later – to a standing ovation. The pair cautioned that government monitoring of 'metadata' is more intrusive than directly listening to phone calls or reading emails and stressed the importance of a free press willing to scrutinise government activity. Metadata includes which telephone number calls which other numbers, when the calls were made and how long they lasted. Metadata does not include the content of the calls. Amnesty International is campaigning to end mass surveillance by the US government and calling for congressional action to further rein in the collection of information about telephone calls and other communications.' ... President Barack Obama said last month he plans to ask Congress to end the bulk collection and storage of phone records by the NSA but allow the government to access metadata when needed. Snowden and Greenwald said that such data is in fact more revealing than outright government spying on phone conversations and emails. 'Metadata is what allows an actual enumerated understanding, a precise record of all the private activities in all of our lives. It shows our associations, our political affiliations and our actual activities,' said Snowden, dressed in a jacket with no tie in front of a black background. A Reuters/Ipsos poll this week showed the majority of Americans were concerned that internet companies were encroaching on too much of their lives. Greenwald, who met with Snowden 10 months ago and wrote about the leaked documents in the Guardian and other media outlets, promised further revelations of government abuses of power at his new media venture the Intercept. 'My hope and my belief is that as we do more of that reporting and as people see the scope of the abuse as opposed to just the scope of the surveillance they will start to care more,' he said. 'Mark my words. Put stars by it and in two months or so come back and tell me if I didn't make good on my word.'"
Edward Snowden and Glenn Greenwald address US campaigners via video
Reuters, 6 April 2014

"GCHQ is to start giving its official stamp of approval to Master’s courses, effectively creating the first certified degrees for spies. The surveillance agency has sent out a briefing note to universities that offer MSc courses in cybersecurity, asking them to apply for certification by 20 June. Graduates of the selected courses will be able to say they have 'successfully completed a GCHQ-certified degree', it states.The 39-page document says that the number of cybersecurity-related courses now on offer at institutions across the UK had made it increasingly difficult for students and employers to 'assess the quality of the degrees on offer'. It is hoped that the new certification, which is valid for five years before having to be renewed, will remedy this."
MSc in cyber security: GCHQ to approve postgraduate 'degree courses in spying'
Independent, 6 April 2014

"This week, the Associated Press exposed a secret program run by the U.S. Agency for International Development to create 'a Twitter-like Cuban communications network' run through 'secret shell companies' in order to create the false appearance of being a privately owned operation. Unbeknownst to the service’s Cuban users was the fact that 'American contractors were gathering their private data in the hope that it might be used for political purposes'–specifically, to manipulate those users in order to foment dissent in Cuba and subvert its government. According to top-secret documents published today by The Intercept, this sort of operation is frequently discussed at western intelligence agencies, which have plotted ways to covertly use social media for 'propaganda,' 'deception,' 'mass messaging,' and 'pushing stories.' These ideas–discussions of how to exploit the internet, specifically social media, to surreptitiously disseminate viewpoints friendly to western interests and spread false or damaging information about targets–appear repeatedly throughout the archive of materials provided by NSA whistleblower Edward Snowden. Documents prepared by NSA and its British counterpart GCHQ–and previously published by The Intercept as well as some by NBC News–detailed several of those programs, including a unit devoted in part to 'discrediting' the agency’s enemies with false information spread online. The documents in the archive show that the British are particularly aggressive and eager in this regard, and formally shared their methods with their U.S. counterparts. One previously undisclosed top-secret document–prepared by GCHQ for the 2010 annual 'SIGDEV' gathering of the 'Five Eyes' surveillance alliance comprising the UK, Canada, New Zealand, Australia, and the U.S.–explicitly discusses ways to exploit Twitter, Facebook, YouTube, and other social media as secret platforms for propaganda. The document was presented by GCHQ’s Joint Threat Research Intelligence Group (JTRIG). The unit’s self-described purpose is 'using online techniques to make something happen in the real or cyber world,' including 'information ops (influence or disruption).' The British agency describes its JTRIG and Computer Network Exploitation operations as a 'major part of business' at GCHQ, conducting '5% of Operations.' The annual SIGDEV conference, according to one NSA document published today by The Intercept, 'enables unprecedented visibility of SIGINT Development activities from across the Extended Enterprise, Second Party and US Intelligence communities.' The 2009 Conference, held at Fort Meade, included 'eighty-six representatives from the wider US Intelligence Community, covering agencies as diverse as CIA (a record 50 participants), the Air Force Research Laboratory and the National Air and Space Intelligence Center.' Defenders of surveillance agencies have often insinuated that such proposals are nothing more than pipe dreams and wishful thinking on the part of intelligence agents. But these documents are not merely proposals or hypothetical scenarios. As described by the NSA document published today, the purpose of SIGDEV presentations is 'to synchronize discovery efforts, share breakthroughs, and swap knowledge on the art of analysis.' For instance: One of the programs described by the newly released GCHQ document is dubbed 'Royal Concierge,' under which the British agency intercepts email confirmations of hotel reservations to enable it to subject hotel guests to electronic monitoring. It also contemplates how to 'influence the hotel choice' of travelers and to determine whether they stay at 'SIGINT friendly' hotels. The document asks: 'Can we influence the hotel choice? Can we cancel their visit?' Previously, der Spiegel and NBC News both independently confirmed that the 'Royal Concierge' program has been implemented and extensively used. The German magazine reported that 'for more than three years, GCHQ has had a system to automatically monitor hotel bookings of at least 350 upscale hotels around the world in order to target, search, and analyze reservations to detect diplomats and government officials.' NBC reported that 'the intelligence agency uses the information to spy on human targets through ‘close access technical operations,’ which can include listening in on telephone calls and tapping hotel computers as well as sending intelligence officers to observe the targets in person at the hotels.' The GCHQ document we are publishing today expressly contemplates exploiting social media venues such as Twitter, as well as other communications venues including email, to seed state propaganda–GHCQ’s word, not mine–across the internet.... Whether governments should be in the business of publicly disseminating political propaganda at all is itself a controversial question. Such activities are restricted by law in many countries, including the U.S. In 2008, The New York Times’ David Barstow won a Pulitzer Prize for exposing a domestic effort coordinated by the Pentagon whereby retired U.S. generals posed as 'independent analysts' employed by American television networks and cable news outlets as they secretly coordinated their messaging with the Pentagon. Because American law bars the government from employing political propaganda domestically, that program was likely illegal, though no legal accountability was ever brought to bear (despite all sorts of calls for formal investigations). Barack Obama, a presidential candidate at the time, pronounced himself in a campaign press release 'deeply disturbed' by the Pentagon program, which he said 'sought to manipulate the public’s trust.' Propagandizing foreign populations has generally been more legally acceptable. But it is difficult to see how government propaganda can be segregated from domestic consumption in the digital age. If American intelligence agencies are adopting the GCHQ’s tactics of 'crafting messaging campaigns to go ‘viral’,' the legal issue is clear: A 'viral' online propaganda campaign, by definition, is almost certain to influence its own citizens as well as those of other countries....these documents, along with the AP’s exposure of the sham 'Cuban Twitter' program, underscore how aggressively western governments are seeking to exploit the internet as a means to manipulate political activity and shape political discourse. Those programs, carried out in secrecy and with little accountability (it seems nobody in Congress knew of the 'Cuban Twitter' program in any detail) threaten the integrity of the internet itself, as state-disseminated propaganda masquerades as free online speech and organizing. There is thus little or no ability for an internet user to know when they are being covertly propagandized by their government, which is precisely what makes it so appealing to intelligence agencies, so powerful, and so dangerous."
The 'Cuban Twitter' Scam Is a Drop in the Internet Propaganda Bucket
Intercept, 4 April 2014

"The US created a text-message social network designed to foment unrest in Cuba, according to an investigation by the Associated Press news agency. ZunZuneo, dubbed a 'Cuban Twitter', had 40,000 subscribers at its height in a country with limited web access. The project reportedly lasted from 2009-12 when the grant money ran out. The US is said to have concealed its links to the network through a series of shell companies and by funnelling messages through other countries. The BBC's Sarah Rainsford in the Cuban capital of Havana says there is a thirst for information on the island, which has no independent media.... The scheme was reportedly operated by the US Agency for International Development (USAID), a federal international development organisation run under the aegis of the Department of State....On Thursday, White House spokesman Jay Carney confirmed the US government's involvement in the programme, saying it had been debated by Congress and passed oversight controls. He said: 'These are the kinds of environments where a programme like this and its association with the US government can create problems for practitioners and members of the public. "So appropriate discretion is engaged in for that reason but not because its covert, not because it's an intelligence programme, because it is neither covert nor an intelligence programme.'"
US created 'Cuban Twitter' to stir unrest
BBC Online, 3 April 2014

"In an apparent throwback to the Cold War campaigns of disruption, disinformation and espionage, the US government spent $1.6m building a social media network with the aim of undermining the communist government in Cuba, it has emerged. Documents obtained during an investigation by the Associated Press show that the project, which lasted more than two years and drew thousands of subscribers, was built with secret shell companies and was financed through foreign banks. The United States Agency for International Development (USAID) was reportedly behind the project which saw the creation of a 'Cuban Twitter' dubbed   'ZunZuneo' - slang for a Cuban hummingbird's tweet. USAID were primarily responsible for the campaign and there was no involvement of intelligence services, but the details uncovered by the Associated Press would appear to bring into doubt USAID's longstanding claims that it does not conduct covert actions. Users of 'ZunZuneo' were entirely unaware of the involvement of the United States government agency and that American contractors were gathering personal data about them, in the hope that the information might be used someday for political purposes. The project, which was started in 2009 after Washington-based Creative Associates International obtained a half-million Cuban cellphone numbers, has questionable legality under US law and has prompted concerns over clandestine government funded activity. Documents and interviews show the US Agency went to extensive lengths to conceal its involvement. They set up front companies overseas and routed money through a Cayman Islands bank to hide the money trail. 'On the face of it there are several aspects about this that are troubling,' said Sen. Patrick Leahy, D-Vt. and chairman of the Appropriations Committee's State Department and foreign operations subcommittee. 'There is the risk to young, unsuspecting Cuban cellphone users who had no idea this was a US government-funded activity. There is the clandestine nature of the program that was not disclosed to the appropriations subcommittee with oversight responsibility. And there is the disturbing fact that it apparently activated shortly after Alan Gross, a USAID subcontractor who was sent to Cuba to help provide citizens access to the Internet, was arrested.' The service was established in 2009 when the Cuban government tightly controlled internet access and mobile phone communications were monitored. Users were able to send updates to the site via SMS with said text messages being free of charge. USAID contractors carefully designed the site to look like a real business using 'mock ad banners' to 'give it the appearance of a commercial enterprise'. In multiple documents, USAID staff pointed out that text messaging had mobilized smart mobs and political uprisings in Moldova and the Philippines, among others. In Iran, the USAID noted social media’s role following the disputed election of then President Mahmoud Ahmadinejad in June 2009 — and saw it as an important foreign policy tool. At its height the service had at least 40,000 subscribers. USAID told the Associated Press that ZunZuneo stopped in September 2012 when a government grant ended. The actions of USAID have parallels in the US government's project 'Lantern' – software that helps Chinese citizens get around the great firewall."
US government agency built 'Cuban Twitter' in failed social media attempt to spark regime change
Independent, 3 April 2014

"In July 2010, Joe McSpedon, a US government official, flew to Barcelona to put the final touches on a secret plan to build a social media project aimed at undermining Cuba's communist government. McSpedon and his team of high-tech contractors had come in from Costa Rica and Nicaragua, Washington and Denver. Their mission: to launch a messaging network that could reach hundreds of thousands of Cubans. To hide the network from the Cuban government, they would set up a byzantine system of front companies using a Cayman Islands bank account, and recruit unsuspecting executives who would not be told of the company's ties to the US government. McSpedon didn't work for the CIA. This was a program paid for and run by the US Agency for International Development, best known for overseeing billions of dollars in US humanitarian aid. According to documents obtained by the Associated Press and multiple interviews with people involved in the project, the plan was to develop a bare-bones 'Cuban Twitter,' using cellphone text messaging to evade Cuba's strict control of information and its stranglehold restrictions over the internet. In a play on Twitter, it was called ZunZuneo — slang for a Cuban hummingbird's tweet. Documents show the US government planned to build a subscriber base through 'non-controversial content': news messages on soccer, music, and hurricane updates. Later when the network reached a critical mass of subscribers, perhaps hundreds of thousands, operators would introduce political content aimed at inspiring Cubans to organize 'smart mobs' — mass gatherings called at a moment's notice that might trigger a Cuban spring, or, as one USAid document put it, 'renegotiate the balance of power between the state and society.' At its peak, the project drew in more than 40,000 Cubans to share news and exchange opinions. But its subscribers were never aware it was created by the US government, or that American contractors were gathering their private data in the hope that it might be used for political purposes. 'There will be absolutely no mention of United States government involvement,' according to a 2010 memo from Mobile Accord, one of the project's contractors. 'This is absolutely crucial for the long-term success of the service and to ensure the success of the Mission.' The program's legality is unclear: US law requires that any covert action by a federal agency must have a presidential authorization. Officials at USAid would not say who had approved the program or whether the White House was aware of it. McSpedon, the most senior official named in the documents obtained by the AP, is a mid-level manager who declined to comment.... 'On the face of it there are several aspects about this that are troubling,' said Senator Patrick Leahy, Democrat of Vermont, and chairman of the appropriations committee's State Department and foreign operations subcommittee. 'There is the risk to young, unsuspecting Cuban cellphone users who had no idea this was a US government-funded activity. There is the clandestine nature of the program that was not disclosed to the appropriations subcommittee with oversight responsibility. And there is the disturbing fact that it apparently activated shortly after Alan Gross, a USAid subcontractor who was sent to Cuba to help provide citizens access to the Internet, was arrested.' The Associated Press obtained more than 1,000 pages of documents about the project's development. The AP independently verified the project's scope and details in the documents — such as federal contract numbers and names of job candidates — through publicly available databases, government sources and interviews with those directly involved in ZunZuneo. Taken together, they tell the story of how agents of the US government, working in deep secrecy, became tech entrepreneurs — in Cuba. And it all began with a half a million cellphone numbers obtained from a communist government.... It is unclear whether the plan got its start with USAid or Creative Associates International, a Washington for-profit company that has earned hundreds of millions of dollars in US contracts. But a 'key contact' at Cubacel, the state-owned cellphone provider, slipped the phone numbers to a Cuban engineer living in Spain. The engineer provided the numbers to USAid and Creative Associates 'free of charge,' documents show.... Tensions with Congress spiked just as the ZunZuneo project was gearing up in December 2009, when another USAid program ended in the arrest of the US contractor, Alan Gross. Gross had traveled repeatedly to Cuba on a secret mission to expand Internet access using sensitive technology typically available only to governments, a mission first revealed in February 2012 by AP. At some point, Armstrong says, the foreign relations committee became aware of OTI's secret operations in Costa Rica. US government officials acknowledged them privately to Armstrong, but USAid refused to provide operational details. At an event in Washington, Armstrong says he confronted McSpedon, asking him if he was aware that by operating secret programs from a third country, it might appear like he worked for an intelligence agency. McSpedon, through USAid, said the story is not true. He declined to comment otherwise.... To cover their tracks, they decided to have a company based in the United Kingdom set up a corporation in Spain to run ZunZuneo. A separate company called MovilChat was created in the Cayman Islands, a well-known offshore tax haven, with an account at the island's Bank of NT Butterfield & Son Ltd. to pay the bills. A memo of the meeting in Barcelona says that the front companies would distance ZunZuneo from any US ownership so that the 'money trail will not trace back to America.' But it wasn't just the money they were worried about. They had to hide the origins of the texts, according to documents and interviews with team members. Brad Blanken, the former chief operating officer of Mobile Accord, left the project early on, but noted that there were two main criteria for success. 'The biggest challenge with creating something like this is getting the phone numbers,' Blanken said. 'And then the ability to spoof the network.'"
US secretly created 'Cuban Twitter' to stir unrest and undermine government
Guardian, 3 April 2014

"We’ve seen the story by the AP this morning.  The program referred to by the Associated Press was a development program run by the United States Agency for International Development.  And that program was completed in 2012. As you know, USAID is a development agency, not an intelligence agency.  Suggestions that this was a covert program are wrong.   Congress funds democracy programming for Cuba to help empower Cubans to access more information and to strengthen civil society.  These appropriations are public, unlike covert action. The money invested has been debated in Congress. In addition, GAO reviewed this program in detail in 2013 and found that it was conducted in accordance with U.S. law and under appropriate oversight controls.  In implementing programs in non-permissive environments, of course the government has taken steps to be discreet.   That’s how you protect the practitioners and the public.  This is not unique to Cuba. So more details about the program are available at USAID.  And I think that veterans of this briefing room know that when I say a program like this is not covert and then I talk about it, that’s how you know it’s not covert — because I’m talking about it. So on the question of the White House, our involvement would be the same that it would have been in similar development programs of this type.   The President and his administration support efforts to help Cuban citizens communicate more easily with one another and with the outside world.  So I’m not aware of individuals here who knew about it; this was part of a development assistance program..... It was not a covert program.  It was debated in Congress; it was reviewed by the GAO.  Those kinds of things don’t happen to covert programs.   It was a development assistance program about increasing the level of information that the Cuban people have and were able to discuss among themselves.  And that’s part of an effort that we undertake not just in Cuba but elsewhere."
Press Briefing by White House Press Secretary Jay Carney, 4/3/2014
Washington, D.C. (United States) (OFFICIAL WIRE), April 3, 2014

"A new poll found that nearly half of American adults who responded have changed some form of online behavior because of the NSA stories, and they think a lot more carefully about where they go, what they say and what they do online.  We've pointed out (since the Snowden revelations began) that this was going to have a negative impact on the tech industry, but much of the concerns was from overseas users. However, it's clear that it's impacting how Americans view their online habits as well: 'When it comes to specific Internet activities, such as email or online banking, this change in behavior translates into a worrying trend for the online economy: over one quarter of respondents (26%) said that, based on what they have learned about secret government surveillance, they are now doing less banking online and less online shopping. This shift in behavior is not good news for companies that rely on sustained or increased use of the Internet for their business model.' Importantly, the study also found that, contrary to the claims of many, the Snowden revelations aren't just being followed by security-obsessed techies. While the general public may not be keeping tabs on all the details, they are getting the basics. 'And in case anyone is tempted to think that this is a narrow issue of concern only to news junkies and security geeks, let me be clear: according to this latest survey, 85% of adult Americans are now at least somewhat familiar with the news about secret government surveillance of private citizens’ phone calls, emails, online activity, and so on.' Once again, it appears that the federal government, and the NSA in particular, have created a huge cost for innovation and economic growth, while having almost no real benefit to show for it."
Nearly Half Of Americans Claim They've Changed Their Behavior Due To NSA
Techdirt, 3 April 2014

"The Guardian was named newspaper of the year at the press awards for its reporting on government surveillance. The prize was one of a host given to the Guardian and its journalists, with theguardian.com handed the digital award and the writers Rob Evans, Paul Lewis and Patrick Kingsley all honoured at the ceremony in London. The judges said the Guardian 'broke a story of global significance that went to the heart of the debate on press freedom. The fact that the coverage polarised opinion even within the press showed how important it was. The job of a newspaper is to speak truth to power and the past year has seen the Guardian do this with will and verve.'"
Guardian wins newspaper and website of the year at British press awards
Guardian, 2 April 2014

"U.S. intelligence agencies searched the content of e-mails and other electronic communications of Americans without warrants, the nation’s top intelligence official told members of Congress. The queries were part of efforts to obtain information about suspected foreign terrorists under a law that Congress passed in 2008, Director of National Intelligence James Clapper wrote in a March 28 letter to Senator Ron Wyden, an Oregon Democrat and one of the most vocal critics of government surveillance. The spying is 'unacceptable' and proves the existence of a loophole in surveillance law that allows the National Security Agency to illegally search the Internet communications and listen to the phone calls of Americans who may have no connection to terrorism, Wyden and Senator Mark Udall, a Colorado Democrat, said in an e-mailed statement yesterday. 'It raises serious constitutional questions and poses a real threat to the privacy rights of law-abiding Americans,' the lawmakers said. 'Senior officials have sometimes suggested that government agencies do not deliberately read Americans’ e-mails, monitor their online activity or listen to their phone calls without a warrant. However, the facts show that those suggestions were misleading.' The disclosure is significant because it potentially opens up a new line of public and congressional scrutiny into NSA spying. Until now, most of the focus of public debate has been on restraining the NSA’s ability to collect and store bulk phone records, which include numbers dialed and call durations without the contents of conversations.'... 'It is now clear to the public that the list of ongoing intrusive surveillance practices by the NSA includes not only bulk collection of Americans’ phone records, but also warrantless searches of the content of Americans’ personal communications,' Wyden and Udall said yesterday."
NSA Searched Americans’ E-Mail, Phone Calls, Clapper Says
Bloomberg, 2 April 2014

"US intelligence chiefs have confirmed that the National Security Agency has used a 'back door' in surveillance law to perform warrantless searches on Americans’ communications. The NSA's collection programs are ostensibly targeted at foreigners, but in August the Guardian revealed a secret rule change allowing NSA analysts to search for Americans' details within the databases. Now, in a letter to Senator Ron Wyden, an Oregon Democrat on the intelligence committee, the director of national intelligence, James Clapper, has confirmed the use of this legal authority to search for data related to 'US persons'. 'There have been queries, using US person identifiers, of communications lawfully acquired to obtain foreign intelligence targeting non-US persons reasonably believed to be located outside the United States,' Clapper wrote in the letter, which has been obtained by the Guardian. 'These queries were performed pursuant to minimization procedures approved by the Fisa court and consistent with the statute and the fourth amendment.' The legal authority to perform the searches, revealed in top-secret NSA documents provided to the Guardian by Edward Snowden, was denounced by Wyden as a 'backdoor search loophole.' Many of the NSA's most controversial programs collect information under the law affected by the so-called loophole. These include Prism, which allows the agency to collect data from Google, Apple, Facebook, Yahoo and other tech companies, and the agency's Upstream program – a huge network of internet cable taps. Clapper did not say how many warrantless searches had been performed by the NSA. It was not the first time the searches had been confirmed: after the Snowden leaks, the office of the director of national intelligence declassified documents that discussed the rule change. But Clapper's letter drew greater attention to the issue. Confirmation that the NSA has searched for Americans’ communications in its phone call and email databases complicates President Barack Obama’s initial defenses of the broad surveillance in June. 'When it comes to telephone calls, nobody is listening to your telephone calls. That’s not what this program’s about,' Obama said. 'As was indicated, what the intelligence community is doing is looking at phone numbers and durations of calls. They are not looking at people’s names, and they’re not looking at content.' Obama was referring specifically to the bulk collection of US phone records, but his answer misleadingly suggested that the NSA could not examine Americans’ phone calls and emails."
NSA performed warrantless searches on Americans' calls and emails – Clapper
Guardian, 1 April 2014

"The vast scale of online surveillance revealed by Edward Snowden is changing how businesses store commercially sensitive data, with potentially dramatic consequences for the future of the internet, according to a new study. A survey of 1,000 business leaders from around the world has found that many are questioning their reliance on 'cloud computing' in favour of more secure forms of data storage as the whistleblower's revelations continue to reverberate. The moves by businesses mirror efforts by individual countries, such as Brazil and Germany, which are encouraging regional online traffic to be routed locally rather than through the US, in a move that could have a big impact on US technology companies such as Facebook and Google. Daniel Castro, a senior analyst at the Information Technology and Innovation Foundation, said the study confirmed 'anecdotal evidence that suggests US tech firms are going to be hit hard in the coming years by a global backlash against technology 'made in America'. 'The Snowden revelations have led to a paradigm shift in how IT decision-makers buy technology,' he said. 'Now companies are not just competing on price and quality, they are also competing on geography. This might be the final nail in the coffin for the vision of a global, borderless internet.' Ian Brown, from the Oxford Internet Institute, said the survey revealed a significant level of concern among business leaders: 'We'll have to see over the next year how much impact this type of reaction has on the bottom line of US tech companies, but it will give them even more incentive to put pressure on the Obama administration and US Congress for significant surveillance reform.' The survey of 1,000 information and communications technology decision-makers from France, Germany, Hong Kong, the UK and the US was carried out by NTT Communications. It found that, following the Snowden revelations, almost 90% had changed the way they use the cloud – a storage service that allows data to be accessed from anywhere in the world but which is more susceptible to online surveillance....But Castro warned that it was not just the global firms that are being affected in the US. 'This isn't something that just the big players have to worry about, it's the start-ups and mid-size companies too – across the board this backlash is going to hurt their bottom line.' And Brown said that pressure is now likely to be felt by the other governments as more businesses attempt to protect their data."
NSA revelations 'changing how businesses store sensitive data'
Guardian, 31 March 2014

"Documents show that Britain's GCHQ intelligence service infiltrated German Internet firms and America's NSA obtained a court order to spy on Germany and collected information about the chancellor in a special database. Is it time for the country to open a formal espionage investigation?.... Stellar operates a satellite ground station in Hürth, a so-called 'teleport.' Its services are used by companies and institutions; Stellar's customers include Internet providers, telecommunications companies and even a few governments. 'The world is our market,' is the high-tech company's slogan. Using their ground stations and leased capacities from satellites, firms like Stellar -- or competitors like Cetel in the nearby village of Ruppichteroth or IABG, which is headquartered in Ottobrunn near Munich -- can provide Internet and telephone services in even the most remote areas. They provide communications links to places like oil drilling platforms, diamond mines, refugee camps and foreign outposts of multinational corporations and international organizations. Super high-speed Internet connections are required at the ground stations in Germany in order to ensure the highest levels of service possible. Most are connected to major European Internet backbones that offer particularly high bandwidth. The service they offer isn't just attractive to customers who want to improve their connectivity. It is also of interest to Britain's GCHQ intelligence service, which has targeted the German companies. Top secret documents from the archive of NSA whistleblower Edward Snowden viewed by SPIEGEL show that the British spies surveilled employees of several German companies, and have also infiltrated their networks. One top-secret GCHQ paper claims the agency sought 'development of in-depth knowledge of key satellite IP service providers in Germany.' The document, which is undated, states that the goal of the effort was developing wider knowledge of Internet traffic flowing through Germany. The 26-page document explicitly names three of the German companies targeted for surveillance: Stellar, Cetel and IABG. The operation, carried out at listening stations operated jointly by GCHQ with the NSA in Bude, in Britain's Cornwall region, is largely directed at Internet exchange points used by the ground station to feed the communications of their large customers into the broadband Internet. In addition to spying on the Internet traffic passing through these nodes, the GCHQ workers state they are also seeking to identify important customers of the German teleport providers, their technology suppliers as well as future technical trends in their business sector.  The document also states that company employees are targets -- particularly engineers -- saying that they should be detected and 'tasked,' intelligence jargon for monitoring. In the case of Stellar, the top secret GCHQ paper includes the names and email addresses of 16 employees, including CEO Christian Steffen. In addition, it also provides a list of the most-important customers and partners. Contacted by SPIEGEL, Stellar CEO Steffen said he had not been aware of any attempts by intelligence services to infiltrate or hack his company. 'I am shocked,' he said. Intelligence workers in Bude also appear to have succeeded in infiltrating competitor Cetel. The document states that workers came across four 'servers of interest' and were able to create a comprehensive list of customers. According to Cetel CEO Guido Neumann, the company primarily serves customers in Africa and the Middle East and its clients include non-governmental organizations as well as a northern European country that uses Cetel to connect its diplomatic outposts to the Internet. Neumann also says he was surprised when he learned his firm had been a target. The firm IABG in Ottobrunn appears to have been of particular interest to the intelligence service -- at least going by a short notation that only appears next to the Bavarian company's name. It notes, 'this may have already been looked at by NSA NAC,' a reference to the NSA's network analysis center.... Monitoring companies and their employees along with the theft of customer lists are classic acts of economic espionage. Indeed, such revelations ought be a case for the German federal public prosecutors' office, which in the past has initiated investigations into comparable cases involving Russia or China. So far, however, German Federal Public Prosecutor Harald Range has been struggling with the NSA issue. Some experienced investigators have had a problem applying the same criteria used to assess intelligence services like Russia's to those of the United States and Britain. Federal prosecutors in Karlsruhe have provided a preliminary assessment, but so far no decision has been made about whether the agency will move forward with legal proceedings.  Under review at the moment are allegations that the NSA monitored the chancellor's mobile phone and also conducted mass surveillance on the communications of millions of Germans. Range recently told the Berlin-based daily Die Tageszeitung the affair was 'an extremely complicated issue.'.... The launch of legal proceedings against GCHQ agents or NSA employees would quickly become a major political issue that would further burden already tense trans-Atlantic relations. An additional problem is the fact that Range is in possession of very few original documents, particularly those pertaining to the NSA's monitoring of Chancellor Merkel. A secret NSA document dealing with high-ranking targets has provided further indications that Merkel was a target. The document is a presentation from the NSA's Center for Content Extraction, whose multiple tasks include the automated analysis of all types of text data. The lists appear to contain 122 country leaders. Twelve names are listed as an example, including Merkel's. The list begins with 'A,' as in Abdullah Badawi, the former Malaysian prime minister, and continues with the presidents of Peru, Somalia, Guatemala and Colombia right up to Belarusian President Alexander Lukashenko. The final name on the list, No. 122, is Yulia Tymoshenko, who was Ukrainian prime minister at the time. The NSA listed the international leaders alphabetically by their first name, with Tymoshenko listed under 'Y'. Merkel is listed under 'A' as the ninth leader, right behind Malawian President Amadou Toumani Touré, but before Syrian dictator Bashar Assad. The document indicates that Angela Merkel has been placed in the so-called 'Target Knowledge Database' (TKB), the central database of individual targets. An internal NSA description states that employees can use it to analyze 'complete profiles' of target persons. The responsible NSA unit praises the automated machine-driven administration of collected information about high-value targets. In addition to surveillance of the chancellor, the Federal Prosecutor's Office is also exploring the question of whether the NSA conducted mass espionage against the German people. The internal NSA material also includes a weekly report dating from March 2013 from the Special Sources Operations (SSO) division, the unit responsible for securing NSA access to major Internet backbone structures, like fiber optic cables. In the document, the team that handles contact with US telecommunications providers like AT&T or Verizon reports on the legal foundations with which it monitors the data of certain countries. According to the SSO report, FISA, the special court responsible for intelligence agency requests, provided the NSA with authorization to monitor 'Germany' on March 7, 2013. The case number provided in the ruling is 13-319."
'A' for Angela Merkel: GCHQ and NSA Targeted Private German Companies
Der Spiegel, 29 March 2014

"The Obama administration on Thursday formally proposed ending the National Security Agency's bulk collection of all US phone data. Nearly 10 months after the Guardian exposed the controversial program, based on leaks from Edward Snowden, President Obama announced that he would seek legislation that would require the NSA to seek an individual order from the secret Fisa court before phone companies turn over data on their customers. 'I have decided that the best path forward is that the government should not collect or hold this data in bulk,' Obama said in a statement. 'Instead, the data should remain at the telephone companies for the length of time it currently does today.' The move goes further than Obama’s position on bulk surveillance in January, when the president left the door open to the possibility of the data being held by a private-sector third party. That position was vigorously opposed by the phone companies and criticised by proponents and critics of the NSA alike. Bulk phone data would no longer be collected by NSA under the latest proposals. Instead phone companies would, in response to a court order, turn over a suspicious phone number as well as all the numbers it called and received, and all numbers those numbers called and received, on an 'ongoing and prospective basis', according to an administration official. The administration has yet to decide on a specific time limitation for querying the data, but 'there would be some limited time period,' the official told reporters on Thursday. 'That’s something we’re going to have to talk with Congress about.'... A senior administration official indicated that the legal standard by which the court could order phone companies to turn over customer data would be a 'reasonable articulable suspicion' of a phone number’s connection to terrorism or espionage. That is a lower threshold than relevance to an ongoing terror investigation, the language of Section 215 of the Patriot Act, the current authorisation the administration claims for bulk domestic phone data collection. Verizon’s top lawyer, Randall Milch, sounded a tone of wariness over the specifics of the proposal while praising it overall. 'If Verizon receives a valid request for business records, we will respond in a timely way, but companies should not be required to create, analyse or retain records for reasons other than business purposes,' Milch wrote Thursday on Verizon’s blog. Since January, the NSA has been permitted to query its phone data troves only after the Fisa court first certifies it possesses reasonable, articulable suspicion of a record’s connection to terrorism.... The Obama administration left several aspects of its desired surveillance policy unaddressed on Thursday. Although officials explaining the policy on a conference call with reporters said they wanted the government to no longer 'hold' the data, they did not unveil any changes to the NSA’s so-called 'corporate store' of analysed phone records. That store, according to the government’s official privacy and civil liberties watchdog, contains tens of millions of phone numbers, and analysts do not face any restrictions on searching through it. Caitlin Hayden, a spokeswoman for the National Security Council, clarified that the Fisa Court will approve a new set of minimisation procedures to provide privacy protections around the use, retention and dissemination of phone data. 'The details of where the data would be stored and accessed once it is received would be governed by those minimization procedures, just as minimisation procedures currently govern how we handle the data,' Hayden said. Nor did the administration outline any changes to its consideration of privacy rights for non-Americans abroad, something Obama said in his January speech the NSA needed to consider. NSA’s ability to search for Americans’ identifying information in its troves of phone and internet communications content appears to be unimpeded, a function the USA Freedom Act would prevent. Nor would NSA be prevented from surreptitiously undermining online encryption standards.... Privacy groups also expressed wariness that Obama’s proposals on Thursday only covered phone data. 'This raises the possibility that the government could collect other types of information in bulk, including internet metadata, location information and financial transactions,' said Harley Geiger of the Center for Democracy and Technology. 'Unless legislation addresses all types of data, not just phone records, then businesses remain at risk of receiving an order to turn over records on all of their customers and to keep quiet about it.' Obama’s position on the proper scope of the NSA has changed substantially, by degree, in the 10 months since the Guardian and other news outlets began publishing stories based on documents Snowden provided. In June, Obama, a former constitutional law professor, greeted the revelations of bulk domestic call records collection by saying he thought he had 'struck the right balance.' Over the course of 2013 and early 2014, two high-level review panels, one of which Obama personally empowered, disagreed and proposed changes, while a federal judge in December found the collection to be on the precipice of constitutional violation. Opposition in Congress was substantial, if short of a majority to end the practice. But in recent weeks, members of the House of Representatives publicly threatened to allow the provisions of the Patriot Act the administration relied upon for bulk collection to expire next year if Obama did not act first. The fear of losing the basis for a program that officials consider critical – although they have backed away from earlier claims it has prevented terrorist attacks – alongside resistance from the telecos appears to have contributed to Obama’s most recent shifts in position. Left unspoken on Thursday was the fate of Snowden, the former NSA contractor whose disclosures prompted the administration to restrict its surveillance dragnets."
Obama formally proposes end to NSA's bulk collection of telephone data
Guardian, 27 March 2014

"The Guardian deputy editor Paul Johnson has clarified his statement at a radio conference in Dublin that the British Government would close down the newspaper over the Edward Snowden spying affair. Mr Johnson was asked on Tuesday at the Radiodays conference what specific threats were made by the British Government if they were to publish Mr Snowden’s revelations of mass surveillance by US and UK security agencies. Mr Johnson responded: 'Yes, we were being threatened with being closed down.' When pressed as to if that meant the closure of the newspaper, he added: 'Well there are specific threats made and there have been specific threats made legally. We didn’t know if they were under the terror laws or the more ordinary laws about the seizure of journalistic material.' He then played a video to show how the newspaper dealt with the threat. He has since contacted The Irish Times to state that he meant to convey that the British Government would close down its coverage of the Snowden leaks, rather than the newspaper itself."
‘Guardian’ reporting of Snowden leaks threatened with closure, conference told
Irish Times, 27 March 2014

"It's already too late to stop the ubiquitous tracking and monitoring of the public through biometrics, says Peter Waggett, Programme Leader at IBM's Emerging Technology Group. We need to stop worrying about prevention, and start working out how to make the most of data garnered from that kind of surveillance. 'We're fighting the wrong battle when we ask should we stop people being observed. That is not going to be feasible. We need to understand how to use that data better,' urged Waggett, who was speaking as part of a Nesta panel debate on what biometrics mean for the future of privacy. 'I've been working in biometrics for 20 years, and it's reaching a tipping point where it's going to be impossible not to understand where people are and what they are doing. Everything will be monitored. It's part of the reason why when we put together the definition of biometrics it included biological and behavioural characteristics -- it can be anything.' To back up his point, Waggett identified a few of the futures once portrayed in science fiction movies, now a reality. Minority Report is generally the go to film for these kinds of comparisons. But it's the commercial aspects of the film Waggett flagged up, rather than the gesture technology. In the film, the protagonist walks into a shop where an advert immediately pops up and draws on his past preferences to offer up some suggestions. 'The one thing they got wrong is you won't recognise you're being scanned -- the flashing red light in the film is for effect, but all that's now feasible. It is a perfect example of how we need to be aware, now more than ever, of what data we are giving up, and, for companies, how best that data can be used without infringing on customer privacy and potentially threatening that relationship.'"
Get ready to have your biometrics tracked 24/7
Wired, 26 March 2014

"The Obama administration is to set out how it proposes to end the mass collection of Americans' phone call data this week, as legislators in the House of Representatives prepare to unveil a bill that would significantly curtail the practice but lower the legal standards for the collection of such information.Under plans to be put forward by the Obama administration in the next few days, the National Security Agency would end the bulk collection of telephone records, and instead would need to seek a court order to search records held by the telephone companies. A separate proposal, to be published on Tuesday by the leaders of the House intelligence committee, would not necessarily require a judge's prior approval to access phone or email data. Neither the White House nor the House intelligence committee proposal would require telecommunications firms to keep such records any longer than the current 18-month maximum, a significant shift away from the five years during which they are currently held by NSA. The moves represent a significant overhaul of the secret mass collection practices of the past 13 years, exposed by whistleblower Edward Snowden. The House bill is the result of a shift in position by two of the most stalwart congressional defenders of bulk collection, the committee's Republican chairman Michael Rogers of Michigan and Democrat Dutch Ruppersberger of Maryland. The bill, titled the End Bulk Collection Act of 2014 and currently circulating on Capitol Hill, would prevent the government from acquiring 'records of any electronic communication without the use of specific identifiers or selection terms,' some 10 months after the Guardian first exposed the bulk collection based on leaks by the whistleblower Edward Snowden. But the bill would allow the government to collect electronic communications records based on 'reasonable articulable suspicion', rather than probable cause or relevance to a terrorism investigation, from someone deemed to be an agent of a foreign power, associated with an agent of a foreign power, or 'in contact with, or known to, a suspected agent of a foreign power.' A draft of the bill acquired by the Guardian proposes the acquisition of such phone or email data for up to a year and would not necessarily require prior approval by a judge. Authorisation of the collection would come jointly from the US attorney general and director of national intelligence. The NSA or the FBI would not be able to collect the content of those communications without probable cause. Nor does the House intelligence committee's draft bill require phone companies or any other private entity to store bulk phone records on behalf of the NSA – a proposal that has met with stiff opposition from the telecommunications companies. In essence, the draft bill gets rid of bulk collection, but makes it easier for government authorities to collect metadata on individuals inside the US suspected of involvement with a foreign power. The House intelligence committee proposal represents competition to a different bill introduced last fall by privacy advocates in the Senate and House judiciary committees known as the USA Freedom Act. That bill, which has 163 co-sponsors in both chambers, does not lower the legal standard for data collection on US persons, and would prohibit the NSA from searching for Americans' identifying information in its foreign-oriented communications content databases, something the House intelligence bill would not. A spokesperson for the House intelligence committee did not immediately respond to a request for comment on Monday. Rogers and Ruppersberger have scheduled a press conference on Tuesday morning to discuss what they described in a release as 'Fisa improvement legislation' – a reference to the seminal Foreign Intelligence Surveillance Act of 1978, which their bill would amend. While a judge would not necessarily review the collection of a US individual's phone or email records ahead of time, the House intelligence committee bill would require judicial review of the collection procedures and associated privacy protections to 'reasonably limit the receipt, retention, use and disclosure of communications records associated with a specific person when such records are not necessary to understand foreign intelligence information or assess the importance of such information'. A telecom or internet service provider could challenge the collection order before the secret Fisa court under the House intelligence committee proposal. The court would also have latitude to reject challenges 'that are not warranted by existing law or consists of a frivolous argument for extending, modifying or reversing existing law or for establishing a new law', and to impose contempt of court penalties for noncompliant companies. The attorney general and the director of national intelligence would have to 'assess compliance with the selection and the civil liberties and privacy protection procedures' associated with the collection every six months, and submit those assessments to the Fisa court and the intelligence and judiciary committees of the House and Senate. Additionally, and in keeping with an October proposal from Senate intelligence committee chairwoman Dianne Feinstein of California, the House intelligence committee proposal would permit the NSA to continue surveillance for 72 hours on a suspected foreigner's communications content if that person enters the US. The House intelligence committee proposal contains provisions embraced by critics of widespread NSA surveillance. It would create a privacy advocate before the Fisa çourt; mandate additional declassification of Fisa court rulings; require the Senate to confirm the NSA director and inspector general. It also requires annual disclosure of the number of times 'in which the contents of a communication of a United States person was acquired under this Act when the acquisition authorized by this Act that resulted in the collection of such contents could not reasonably have been anticipated to capture such contents.' But in a sign of the continuing contentiousness on Capitol Hill over changes to NSA surveillance, James Sensenbrenner, a Wisconsin Republican and co-author of the USA Freedom Act, preemptively rejected the House intelligence committee proposal, calling it 'a convoluted bill that accepts the administration's deliberate misinterpretations of the law.  It limits, but does not end, bulk collection. Provisions included in the draft fall well short of the safeguards in the USA Freedom Act and do not strike the proper balance between privacy and security,' Sensenbrenner said in a statement late on Monday.... On Friday, the Obama administration and the intelligence agencies will face the expiration of a Fisa court order for bulk domestic phone records collection. That expiration represents a deadline imposed by Obama in January for his administration to come to reach consensus on the specific contours of post-NSA phone metadata collection. According to a New York Times report late on Monday, Obama will propose ending bulk phone data collection and replacing it with individualised orders for telecom firms to provide phone records up to two 'hops' – or degrees of separation – from a phone number suspected of wrongdoing. The effort goes further towards the position favoured by privacy advocates than Obama proposed in January. Obama will request the Fisa court approve the current bulk collection program for a final 90-day renewal as he attempts to implement the new plan."
Obama to set out proposal to end NSA's mass collection of phone data
Guardian, 25 March 2014

"The show is over. The fat lady has finally sung. The fat lady, in this case, is a former White House lawyer, Rajesh De, now the senior legal counsel for the US National Security Agency (NSA). Last week, De told a statutory body of the US government, the Privacy and Civil Liberties Oversight Board (PCLOB), that the so-called Foreign Intelligence Surveillance Act (Fisa) corporations – a collection of US companies that were made subject to secret court orders to spy on their customers outside the US – had indeed done just that. He specified a particular NSA programme called Prism, which required the companies to obtain and pass on to the NSA all the data they had on their customers to the American spooks. This is something the companies have strenuously denied, with some, such as Apple, claiming that they had never heard of Prism. De said differently. He said they had acted on the orders of the Fisa courts, which are secret, and had done so knowingly. This is how De put it to James X Dempsey, a PCLOB board member: 'Prism is just an internal government term that, as a result of the leaks, became a public term. But collection under this programme is done pursuant to compulsory legal process that any recipient company would have received.' James Dempsey: 'So they know that their data is being obtained because…' De: 'They would have received legal process to assist the government, yes.' The Prism programme, first revealed by Edward Snowden – the NSA fugitive living in Russia – and the Guardian, orders specific US high-tech corporations to provide email data, chat, videos, photos, stored data, VoIP, file transfers, video-conferencing, notification of target activity, and online social networking details of their customers to the National Security Agency. What De is saying is that the companies were ordered to do this by the US government, using a secret court created under the governing legislation, the Foreign Intelligence Surveillance Act 1978. He is also saying that the named corporations knew what they were doing because they were acting under written court orders. What De is not saying, and which no one on the board picked up, is that these orders might be lawful in the US, but they are certainly illegal and possibly criminal everywhere else in the world, particularly the UK. The chairman of the PCLOB, David Modine, a lawyer, put it like this: 'This law (Fisa) permits the government to target non-US persons – someone who is not a citizen or a permanent resident alien – located outside the US for foreign intelligence purposes without obtaining a specific warrant for such targets.' But he did not address the issue of forcing US corporations and their staff to do that targeting in other countries, such as the UK. US law does not run outside US territory. A law made in the US that says 'thou shalt thieve and steal abroad' has no validity in the UK, or anywhere else. The thefts ordered by the Fisa Courts are, for the most part, illegal in the UK, under the Data Protection Act, the Human Rights Act section 8 and the Official Secrets Act. Pleading Fisa is no defence in a UK court. The PCLOB session minutes amount to the public record of a criminal conspiracy to spy on other nations by forcing commercial companies to do the dirty work. There was no input from the nine corporations listed as being part of the Prism programme, although each was approached for comment by email for Computer Weekly. And it is quite possible that the entire Foreign Intelligence Surveillance Act is unconstitutional in the US. While all the discussion in America has been about Fisa spying on Americans in the US, none of the discussion has addressed the issue of how the orders given to the companies could be legally executed in countries outside the US. Or how US corporations and citizens could be legally ordered to commit crimes in other countries, for which they would be liable if caught."
Why NSA spying is breaking UK law
ComputerWeekly, 25 March 2014

"You know, I have felt that my own communications are probably monitored. And when I want to communicate with a foreign leader privately, I type or write a letter myself, put it in the post office and mail it. I believe if I send an email, it will be monitored."
Jimmy Carter, former US President
NBC, 23 March 2014

"The U.S. National Security Agency has infiltrated servers in the headquarters of Chinese telecommunications and internet giant Huawei Technologies Co, obtaining sensitive information and monitoring the communications of top executives, the New York Times reported on Saturday. The newspaper said its report on the operation, code-named 'Shotgiant,' was based on NSA documents provided by Edward Snowden, the former agency contractor who since last year has leaked data revealing sweeping U.S. surveillance activities. The German magazine Der Spiegel also reported on the documents. One of the goals of the operation was to find any connections between Huawei and the Chinese People’s Liberation Army, according to a 2010 document cited by the Times. But the newspaper said the operation also sought to exploit Huawei’s technology. It reported that the NSA aimed to conduct surveillance through computer and telephone networks Huawei sold to other nations. If ordered by the U.S. president, the NSA also planned to unleash offensive cyber operations, it said. The newspaper said the NSA secured access to the servers in Huawei’s sealed headquarters in the city of Shenzhen and got information about the workings of the giant routers and complex digital switches the company says connect a third of the world’s people. The NSA also tracked communications of Huawei’s top executives, the Times reported. Der Spiegel reported that the NSA breached Huawei’s computer network and copied a list of more than 1,400 clients and internal training documents for engineers. 'We have access to so much data that we don’t know what to do with it,' the magazine cited an NSA document as saying. The magazine said the NSA also is pursuing a digital offensive against the Chinese political leadership. It named the government targets as former Chinese prime minister Hu Jintao and the Chinese trade and foreign ministries. 'Many of our targets communicate over Huawei-produced products. We want to make sure that we know how to exploit these products,' the Times quoted an NSA document as saying, to 'gain access to networks of interest' around the world. 'If we can determine the company’s plans and intentions,' an analyst wrote in the 2010 document, 'we hope that this will lead us back to the plans and intentions' of the Chinese government. The Times also reported that as Huawei invested in new technology and laid undersea cables to connect its $40 billion-a-year networking operation, the NSA was interested in getting information on into key Chinese customers including 'high priority targets – Iran, Afghanistan, Pakistan, Kenya, Cuba.' The Times quoted William Plummer, a senior Huawei executive in the United States, as saying that the company did not know it was a target of the NSA. 'The irony is that exactly what they are doing to us is what they have always charged that the Chinese are doing through us,' the Times quoted Plummer as saying.' U.S. officials have denied the United States and NSA have spied on foreign companies to help American companies gain a competitive edge. A U.S. intelligence official said the NSA and other agencies do not provide secretly collected intelligence information that could be commercially sensitive or give a competitive advantage to U.S. firms. U.S. officials acknowledge that in the course of assessing the economic prospects or stability of foreign countries American agencies might collect data on individual companies. They also said the United States might collect data on foreign companies in preparation for imposing economic sanctions or taking other foreign policy-related actions against a country and its leadership, but not to aid American companies. The Times and Der Spiegel articles were published just days before Chinese President Xi Jinping visits Europe and will hold talks with German Chancellor Angela Merkel, herself a target of electronic surveillance by the NSA."
NSA infiltrates servers of Chinese telecommunications giant
Reuters, 22 March 2014

"... what people have to understand is the federal government and NSA has been doing this very thing against the American people for at least the last year and a half. And with the onset or with the opening of the Bluffdale facility, by the way--and that happened in December 2012--NSA now has the capability to store all content from all communications, both phone and computer, at that facility out there. And our own domestic communications are part of that complete package.... [the telephone content capture programme] MYSTIC has been happening in the U.S."
Russel Tice, former NSA analyst, who first belw the whistle against the NSA in 2004
Real News Network, 21 March 2014

"Microsoft is caught up in a privacy storm after it admitted it read the Hotmail inbox of a blogger while pursuing a software leak investigation. On Thursday, the firm acknowledged it read the anonymous blogger's emails in order to identify an employee it suspected of leaking information. Microsoft owns Hotmail, a free email service now called Outlook.com. John Frank, deputy general counsel for Microsoft, said it took 'extraordinary actions in this case'. While the search was technically legal, he added Microsoft would consult outside counsel in the future. Microsoft's actions came to light this week as part of a legal case by US prosecutors against an ex-Microsoft employee, Alex Kibalko, who was a Russian native based in the company's Lebanon office. In 2012, Microsoft had been alerted to the fact that the blogger, whose identity was kept anonymous in the court papers, had been given some stolen lines of code from the not-yet-released Windows 8 operating system."
Microsoft admits reading Hotmail inbox of blogger
BBC Online, 21 March 2014

"Yahoo! was reportedly called into the Home Office on Thursday where Teresa May expressed UK government security concerns about its plans to move its main base in Europe to Ireland. The internet giant has harboured privacy concerns for some time, according to The Guardian. These concerns can only have been exacerbated by recent revelations from the Edward Snowden files that GCHQ was tapping the images of millions of people using Yahoo! webcams, regardless of whether they were suspects in any criminal activity. Much of the footage was s*xually explicit. Yahoo! denounced this as a 'whole new level of violation of our users' privacy'..... Brian Honan, an infosec consultant who founded and heads up the Republic of Ireland's Computer Security Incident Response Team, explained that moving to Ireland will 'put Yahoo’s data out of direct reach of the UK government' without changing anything much about how US authorities might be able to access Yahoo! users' data. 'Ireland does not have a version of RIPA, but it is subject to the EU Data Retention Directive which requires all telcos and internet service providers to retain metadata on users phone calls, location (for mobile phones), and emails,' Honan explained. 'Law enforcement and Defence Forces officials can request access to that data. So moving to Ireland will put Yahoo!’s data out of direct reach of the UK government as they would then have to request that data via courts etc in both jurisdictions.' 'However, as Yahoo is a US company it will still be subject to US laws such as the Patriot Act and FISA [Foreign Intelligence Surveillance Act] which they will have to comply with.' Yahoo! is following the same patch as many other internet giants in basing their main European internet operations in the Emerald Isle. The reasons have as much to do with access to a skilled pool of English-speaking technologists as with tax breaks, according to Honan. 'Ireland also provides Yahoo with a lot of other advantages such as a young English speaking and well educated workforce. We are also part of the Euro Zone, which makes trading with companies in other parts of the Euro zone much easier for companies as there are no concerns regarding currency fluctuations. Ireland has invested a lot in the past in the ICT infrastructure and there are many high quality data centres and offices available with excellent international ICT capabilities.'"
UK.gov! frets! over! Yahoo! exodus! to! RIPA-free! Dublin!
The Register, 21 March 2014

"Across the world, people who work as system administrators keep computer networks in order – and this has turned them into unwitting targets of the National Security Agency for simply doing their jobs. According to a secret document provided by NSA whistleblower Edward Snowden, the agency tracks down the private email and Facebook accounts of system administrators (or sys admins, as they are often called), before hacking their computers to gain access to the networks they control. The document consists of several posts – one of them is titled 'I hunt sys admins' – that were published in 2012 on an internal discussion board hosted on the agency’s classified servers. They were written by an NSA official involved in the agency’s effort to break into foreign network routers, the devices that connect computer networks and transport data across the Internet. By infiltrating the computers of system administrators who work for foreign phone and Internet companies, the NSA can gain access to the calls and emails that flow over their networks. The classified posts reveal how the NSA official aspired to create a database that would function as an international hit list of sys admins to potentially target. Yet the document makes clear that the admins are not suspected of any criminal activity – they are targeted only because they control access to networks the agency wants to infiltrate. 'Who better to target than the person that already has the ‘keys to the kingdom’?' one of the posts says....The author of the posts, whose name is being withheld by The Intercept, is a network specialist in the agency’s Signals Intelligence Directorate, according to other NSA documents. The same author wrote secret presentations related to the NSA’s controversial program to identify users of the Tor browser – a privacy-enhancing tool that allows people to browse the Internet anonymously. The network specialist, who served as a private contractor prior to joining the NSA, shows little respect for hackers who do not work for the government. One post expresses disdain for the quality of presentations at Blackhat and Defcon, the computer world’s premier security and hacker conferences.... As The Intercept revealed last week, clandestine hacking has become central to the NSA’s mission in the past decade. The agency is working to aggressively scale its ability to break into computers to perform what it calls 'computer network exploitation,' or CNE: the collection of intelligence from covertly infiltrated computer systems. Hacking into the computers of sys admins is particularly controversial because unlike conventional targets – people who are regarded as threats – sys admins are not suspected of any wrongdoing..... The first step, according to the posts, is to collect IP addresses that are believed to be linked to a network’s sys admin. An IP address is a series of numbers allocated to every computer that connects to the Internet. Using this identifier, the NSA can then run an IP address through the vast amount of signals intelligence data, or SIGINT, that it collects every day, trying to match the IP address to personal accounts. 'What we’d really like is a personal webmail or Facebook account to target,' one of the posts explains, presumably because, whereas IP addresses can be shared by multiple people, 'alternative selectors' like a webmail or Facebook account can be linked to a particular target. You can 'dumpster-dive for alternate selectors in the big SIGINT trash can' the author suggests.... Once the agency believes it has identified a sys admin’s personal accounts, according to the posts, it can target them with its so-called QUANTUM hacking techniques. The Snowden files reveal that the QUANTUM methods have been used to secretly inject surveillance malware into a Facebook page by sending malicious NSA data packets that appear to originate from a genuine Facebook server. This method tricks a target’s computer into accepting the malicious packets, allowing the NSA to infect the targeted computer with a malware 'implant' and gain unfettered access to the data stored on its hard drive. 'Just pull those selectors, queue them up for QUANTUM, and proceed with the pwnage,' the author of the posts writes. ('Pwnage,' short for 'pure ownage,' is gamer-speak for defeating opponents.) The author adds, triumphantly, 'Yay! /throws confetti in the air.' In one case, these tactics were used by the NSA’s British counterpart, Government Communications Headquarters, or GCHQ, to infiltrate the Belgian telecommunications company Belgacom. As Der Speigel revealed last year, Belgacom’s network engineers were targeted by GCHQ in a QUANTUM mission named 'Operation Socialist' – with the British agency hacking into the company’s systems in an effort to monitor smartphones. While targeting innocent sys admins may be surprising on its own, the 'hunt sys admins' document reveals how the NSA network specialist secretly discussed building a 'master list' of sys admins across the world, which would enable an attack to be initiated on one of them the moment their network was thought to be used by a person of interest.... 'Our ability to pull bits out of random places of the Internet, bring them back to the mother-base to evaluate and build intelligence off of is just plain awesome!' the author writes. 'One of the coolest things about it is how much data we have at our fingertips.'"
Inside the NSA’s Secret Efforts to Hunt and Hack System Administrators
The Intercept, 20 March 2014

"Google is upping the security of Gmail with new measures to protect your email from prying eyes. The Web giant on Thursday announced that from now on, Gmail will always use an encrypted HTTPS connection when you check and send email. Gmail has always supported HTTPS, and in 2010 Google turned it on for everyone by default, but users still had the option to turn this protection off. From now on, Gmail is HTTPS-only, meaning the mail service no longer allows the more insecure HTTP connections. 'Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail's servers — no matter if you're using public Wi-Fi or logging in from your computer, phone or tablet,' Gmail Security Engineering Lead Nicolas Lidzborski wrote in a blog post. One reason to avoid HTTPS is that it could be a tad slower than HTTP. But Google said it has been working for some time to address performance issues and now feels it has reached a point where it no longer makes sense to allow HTTP connections, a spokeswoman for the company told PCMag. Most Gmail users already use HTTPS, so this is just the final step in the transition."
Google Encrypts All Gmail Messages After NSA Snooping
PCWorld, 20 March 2014

"The next threat to your privacy could be hovering over head while you walk down the street. Hackers have developed a drone that can steal the contents of your smartphone -- from your location data to your Amazon (AMZN, Fortune 500) password -- and they've been testing it out in the skies of London. The research will be presented next week at the Black Hat Asia cybersecurity conference in Singapore. The technology equipped on the drone, known as Snoopy, looks for mobile devices with Wi-Fi settings turned on. Snoopy takes advantage of a feature built into all smartphones and tablets: When mobile devices try to connect to the Internet, they look for networks they've accessed in the past. 'Their phone will very noisily be shouting out the name of every network its ever connected to,' Sensepost security researcher Glenn Wilkinson said. 'They'll be shouting out, 'Starbucks, are you there?...McDonald's Free Wi-Fi, are you there?' That's when Snoopy can swoop into action (and be its most devious, even more than the cartoon dog): the drone can send back a signal pretending to be networks you've connected to in the past. Devices two feet apart could both make connections with the quadcopter, each thinking it is a different, trusted Wi-Fi network. When the phones connect to the drone, Snoopy will intercept everything they send and receive. That includes the sites you visit, credit card information entered or saved on different sites, location data, usernames and passwords. Each phone has a unique identification number, or MAC address, which the drone uses to tie the traffic to the device. The names of the networks the phones visit can also be telling. 'I've seen somebody looking for 'Bank X' corporate Wi-Fi,' Wilkinson said. 'Now we know that that person works at that bank.' CNNMoney took Snoopy out for a spin in London on a Saturday afternoon in March and Wilkinson was able to show us what he believed to be the homes of several people who had walked underneath the drone. In less than an hour of flying, he obtained network names and GPS coordinates for about 150 mobile devices. He was also able to obtain usernames and passwords for Amazon, PayPal and Yahoo (YAHOF) accounts created for the purposes of our reporting so that we could verify the claims without stealing from passersby. 'Your phone connects to me and then I can see all of your traffic,' Wilkinson said. Collecting metadata, or the device IDs and network names, is probably not illegal, according to the Electronic Frontier Foundation. Intercepting usernames, passwords and credit card information with the intent of using them would likely violate wiretapping and identity theft laws. Wilkinson, who developed the technology with Daniel Cuthbert at Sensepost Research Labs, says he is an ethical hacker. The purpose of this research is to raise awareness of the vulnerabilities of smart devices. Installing the technology on drones creates a powerful threat because drones are mobile and often out of sight for pedestrians, enabling them to follow people undetected."
This drone can steal what's on your phone
CNN, 20 March 2014

"Theresa May summoned the internet giant Yahoo for an urgent meeting on Thursday to raise security concerns after the company announced plans to move to Dublin where it is beyond the reach of Britain's surveillance laws. By making the Irish capital rather than London the centre of its European, Middle East and Africa operations, Yahoo cannot be forced to hand over information demanded by Scotland Yard and the intelligence agencies through 'warrants' issued under Britain's controversial anti-terror laws. Yahoo has had longstanding concerns about securing the privacy of its hundreds of millions of users – anxieties that have been heightened in recent months by revelations from the whistleblower Edward Snowden. In February, the Guardian revealed that Britain's eavesdropping centre GCHQ intercepted and stored the images of millions of people using Yahoo webcams, regardless of whether they were suspects. The data included a large quantity of sexually explicit pictures. The home secretary called the meeting with Yahoo to express the fears of Britain's counter-terrorism investigators. They can force companies based in the UK to provide information on their servers by seeking warrants under the Regulation of Investigatory Powers Act, 2000 (Ripa). The law, now under review by a parliamentary committee, has been widely criticised for giving police and the intelligence agencies too much access to material such as current emails and internet searches, as well as anything held on company records. However, the Guardian has been told that Charles Farr, the head of the office for security and counter-terrorism (OSCT) within the Home Office, has been pressing May to talk to Yahoo because of anxiety in Scotland Yard's counter-terrorism command about the effect the move to Dublin could have on their inquiries. Farr, a former senior intelligence officer, coordinates the work of Scotland Yard and the security service MI5, to prevent terrorist attacks in the UK. 'There are concerns in the Home Office about how Ripa will apply to Yahoo once it has moved its headquarters to Dublin,' said a Whitehall source. 'The home secretary asked to see officials from Yahoo because in Dublin they don't have equivalent laws to Ripa. This could particularly affect investigations led by Scotland Yard and the national crime agency. They regard this as a very serious issue.' The move to make Dublin the centre of its headquarters for Europe, the Middle East and Africa (EMEA) was announced last month and will take effect from Friday. In a statement at the time, Yahoo said Dublin was a natural home for the company and that it would be incorporated into Irish laws. The firm insisted the move was driven by 'business needs … we believe it is in the best interest of our users. Dublin is already the European home to many of the world's leading global technology brands.' However, the firm has been horrified by some of the surveillance programmes revealed by Snowden and is understood to be relieved that it will be beyond the immediate reach of UK surveillance laws. Following the Guardian's disclosures about snooping on Yahoo webcams, the company said it was 'committed to preserving our users trust and security and continue our efforts to expand encryption across all of our services.' It said GCHQ's activity was 'completely unacceptable..we strongly call on the world's governments to reform surveillance law.' Explaining the move to Dublin, the company said: 'The principal change is that Yahoo EMEA, as the new provider of services to our European users, will replace Yahoo UK Ltd as the data controller responsible for handling your personal information. Yahoo EMEA will be responsible for complying with Irish privacy and data protection laws, which are based on the European data protection directive.' Emma Carr, deputy director of Big Brother Watch, said: 'It should not come as a surprise if companies concerned about maintaining their users' trust to hold their information start to move to countries with more rigorous oversight processes, particularly where courts oversee requests for information.' Surveillance laws have a direct impact on our economy and Yahoo's decision should be ring an alarm in Parliament that ignoring the serious questions about surveillance that are being debated around the world will only harm Britain's digital economy.' Under Ripa, a warrant can be issued for an investigation that has implications for national security, or might lead to the prevention or detection of serious crimes. Warrants to seek the retention of communications data can be issued by specified officers within police forces and the intelligence agencies. More intrusive surveillance techniques can require the signature of a cabinet minister. From Friday, investigators may have to seek information by using a more drawn out process of approaching Yahoo through a Mutual Legal Assistance Treaty between Ireland and the UK. A Home Office spokesperson said: 'We do not confirm the details of private meetings.'"
Theresa May warns Yahoo that its move to Dublin is a security worry
Guardian, 20 March 2014

"The senior lawyer for the National Security Agency stated on Wednesday that US technology companies were fully aware of the surveillance agency’s widespread collection of data. Rajesh De, the NSA general counsel, said all communications content and associated metadata harvested by the NSA under a 2008 surveillance law occurred with the knowledge of the companies – both for the internet collection program known as Prism and for the so-called 'upstream' collection of communications moving across the internet. Asked during a Wednesday hearing of the US government’s institutional privacy watchdog if collection under the law, known as Section 702 or the Fisa Amendments Act, occurred with the 'full knowledge and assistance of any company from which information is obtained,' De replied: 'Yes.' When the Guardian and the Washington Post broke the Prism story in June, thanks to documents leaked by whistleblower Edward Snowden, nearly all the companies listed as participating in the program – Yahoo, Apple, Google, Microsoft, Facebook and AOL – claimed they did not know about a surveillance practice described as giving NSA vast access to their customers’ data. Some, like Apple, said they had 'never heard' the term Prism. De explained: 'Prism was an internal government term that as the result of leaks became the public term,' De said. 'Collection under this program was a compulsory legal process, that any recipient company would receive.' After the hearing, De added that service providers also know and receive legal compulsions surrounding NSA’s harvesting of communications data not from companies but directly in transit across the internet under 702 authority."
US tech giants knew of NSA data collection, agency's top lawyer insists
Guardian, 19 March 2014

"The National Security Agency has built a surveillance system capable of recording '100 percent' of a foreign country’s telephone calls, enabling the agency to rewind and review conversations as long as a month after they take place, according to people with direct knowledge of the effort and documents supplied by former contractor Edward Snowden. A senior manager for the program compares it to a time machine — one that can replay the voices from any call without requiring that a person be identified in advance for surveillance. The voice interception program, called MYSTIC, began in 2009. Its RETRO tool, short for 'retrospective retrieval,' and related projects reached full capacity against the first target nation in 2011. Planning documents two years later anticipated similar operations elsewhere. In the initial deployment, collection systems are recording 'every single' conversation nationwide, storing billions of them in a 30-day rolling buffer that clears the oldest calls as new ones arrive, according to a classified summary. The call buffer opens a door 'into the past,' the summary says, enabling users to 'retrieve audio of interest that was not tasked at the time of the original call.' Analysts listen to only a fraction of 1 percent of the calls, but the absolute numbers are high. Each month, they send millions of voice clippings, or 'cuts,' for processing and long-term storage. At the request of U.S. officials, The Washington Post is withholding details that could be used to identify the country where the system is being employed or other countries where its use was envisioned. No other NSA program disclosed to date has swallowed a nation’s telephone network whole. Outside experts have sometimes described that prospect as disquieting but remote, with notable implications for a growing debate over the NSA’s practice of 'bulk collection' abroad. Bulk methods capture massive data flows 'without the use of discriminants,' as President Obama put it in January. By design, they vacuum up all the data they touch — meaning that most of the conversations collected by RETRO would be irrelevant to U.S. national security interests.  In the view of U.S. officials, however, the capability is highly valuable....Some of the documents provided by Snowden suggest that high-volume eavesdropping may soon be extended to other countries, if it has not been already. The RETRO tool was built three years ago as a 'unique one-off capability,' but last year’s secret intelligence budget named five more countries for which the MYSTIC program provides 'comprehensive metadata access and content,' with a sixth expected to be in place by last October. The budget did not say whether the NSA now records calls in quantity in those countries or expects to do so. A separate document placed a high priority on planning 'for MYSTIC accesses against projected new mission requirements,' including 'voice.' Ubiquitous voice surveillance, even overseas, pulls in a great deal of content from Americans who telephone, visit and work in the target country. It may also be seen as inconsistent with Obama’s Jan. 17 pledge 'that the United States is not spying on ordinary people who don’t threaten our national security,' regardless of nationality, 'and that we take their privacy concerns into account.' In a presidential policy directive, Obama instructed the NSA and other agencies that bulk acquisition may be used only to gather intelligence related to one of six specified threats, including nuclear proliferation and terrorism. The directive, however, also noted that limits on bulk collection 'do not apply to signals intelligence data that is temporarily acquired to facilitate targeted collection.' The emblem of the MYSTIC program depicts a cartoon wizard with a telephone-headed staff. Among the agency’s bulk collection programs disclosed over the past year, its focus on the spoken word is unique. Most of the programs have involved the bulk collection of metadata — which does not include call content — or text, such as e-mail address books. Telephone calls are often thought to be more ephemeral and less suited than text for processing, storage and search. And there are indications that the call-recording program has been hindered by the NSA’s limited capacity to store and transmit bulky voice files. In the first year of its deployment, a program officer wrote that the project 'has long since reached the point where it was collecting and sending home far more than the bandwidth could handle.' Because of similar capacity limits across a range of collection programs, the NSA is leaping forward with cloud-based collection systems and a gargantuan new 'mission data repository' in Utah. According to its overview briefing, the Utah facility is designed 'to cope with the vast increases in digital data that have accompanied the rise of the global network.' Christopher Soghoian, the principal technologist for the American Civil Liberties Union, said history suggests that 'over the next couple of years they will expand to more countries, retain data longer and expand the secondary uses.' Spokesmen for the NSA and the office of Director of National Intelligence James R. Clapper Jr. declined to confirm or deny expansion plans or discuss the criteria for any change. Based on RETRO’s internal reviews, the NSA has a strong motive to deploy it elsewhere. In the documents and in interviews, U.S. officials said RETRO is uniquely valuable when an analyst uncovers a new name or telephone number of interest. With up to 30 days of recorded conversations in hand, the NSA can pull an instant history of the subject’s movements, associates and plans. Some other U.S. intelligence agencies also have access to RETRO. Highly classified briefings cite examples in which the tool offered high-stakes intelligence that would not have existed under traditional surveillance programs in which subjects are identified for targeting in advance. In contrast with most of the government’s public claims about the value of controversial programs, the briefings supply names, dates, locations and fragments of intercepted calls in convincing detail. Present and former U.S. officials, speaking on the condition of anonymity to provide context for a classified program, acknowledged that large numbers of conversations involving Americans would be gathered from the country where RETRO operates. The NSA does not attempt to filter out their calls, defining them as communications 'acquired incidentally as a result of collection directed against appropriate foreign intelligence targets.' ... RETRO and MYSTIC are carried out under Executive Order 12333, the traditional grant of presidential authority to intelligence agencies for operations outside the United States. Since August, Sen. Dianne Feinstein (D-Calif.), the chairman of the Senate Intelligence Committee, and others on that panel have been working on plans to assert a greater oversight role for intelligence-gathering abroad. Some legislators are considering whether Congress should also draft new laws to govern those operations. Experts say there is not much legislation that governs overseas intelligence work. 'Much of the U.S. government’s intelligence collection is not regulated by any statute passed by Congress,' said Timothy H. Edgar, the former director of privacy and civil liberties on Obama’s national security staff. 'There’s a lot of focus on the Foreign Intelligence Surveillance Act, which is understandable, but that’s only a slice of what the intelligence community does.' All surveillance must be properly authorized for a legitimate intelligence purpose, he said, but that 'still leaves a gap for activities that otherwise basically aren’t regulated by law, because they’re not covered by FISA.' Beginning in 2007, Congress loosened 40-year-old restrictions on domestic surveillance because so much foreign data crossed U.S. territory. There were no comparable changes to protect the privacy of U.S. citizens and residents whose calls and e-mails now routinely cross international borders."
NSA surveillance program reaches ‘into the past’ to retrieve, replay phone calls
Washington Post, 18 March 2014

"Edward Snowden on Tuesday said the biggest revelations have yet to come out of the estimated 1.7 million documents he acquired from the National Security Agency.  In a surprise appearance via satellite robot at the 2014 TED conference in Vancouver, Snowden said there is still a lot of reporting to be done, including diving deeper into the accusation that the NSA tricks companies into building backdoors into their systems that make data vulnerable to hackers across the world. 'Is it really terrorism that we're stopping? I say no,' Snowden said. 'The bottom line is that terrorism [...] has always been a cover for actions. Terrorism evokes an emotional response.' Snowden, who is still in hiding somewhere in Russia, maintained that his act wasn't reckless and that he did it all for the American people. He also said he would love to return to the United States — if granted immunity. 'I don't want to harm my government' he said. 'The fact that they're willing to ignore due process and declare guilt without a trial [...] these are things we need to work against as a society.'  Snowden remains a controversial figure throughout the world, but he was speaking to the right crowd at TED. When Anderson asked the audience who disagreed with Snowden's actions, only a few hands shot into the air. When he asked if the room felt Snowden was right in handing over the NSA's secret, the audience erupted with applause. Tim Berners-Lee, a man widely credited with inventing the World Wide Web, then stepped on stage to talk with Snowden. He called him a 'hero.' After Snowden exposed NSA programs like PRISM, many Americans wanted to know why they should care about this surveillance if they're not guilty of doing anything wrong. Snowden said it comes down to protecting rights. 'Rights matter because you never know when you’re going to need them,' Snowden said, adding that people should be able to pick up the phone and call their family, send a text to their loved ones and travel by train without worrying about how these events will look to a government years in the future. ...."
Edward Snowden: The Biggest Revelations Are Yet to Come
Mashable, 18 March 2014

"The U.S. government has acknowledged that it swept up huge volumes of data from emails in the U.S. for several years without any court approval, based solely on the orders of former President George W. Bush. In a court filings on Monday, government lawyers said that the Internet program ran in parallel with a program gathering so-called metadata about telephone calls. The counterterrorism efforts operated under presidential authority before a judge approved them in July 2004, said a 2007 court filing made public Monday by the Justice Department (and posted here.) 'After the 9/11 attacks and pursuant to an authorization of the President, [redacted] the NSA [redacted] the bulk collection of non-content information about  telephone calls and Internet communications (hereafter 'metadata') activities that enable the NSA to uncover the contacts [redacted] of members or agents of al Qaeda or affiliated terrorist organizations,' a senior NSA official wrote in an October 2007 declaration originally filed under seal as part of an effort to defeat litigation about the snooping Bush ordered. 'Specifically, the President authorized the the NSA to collect metadata related to Internet communications for the purpose of conducting targeted analysis to track Al Qaeda-related networks. Internet metadata is header/router/addressing information, such as the 'to,' 'from,' 'cc,' and 'bcc' lines, as opposed to the body or 're' lines, of a standard e-mail. Since July 2004, the collection of Internet metadata has been conducted pursuant to an Order of the Foreign Intelligence Surveillance Court,' the still-unidentified official from NSA's Signals Intelligence Directorate continued."
Feds confirm Bush-era e-mail surveillance
Politico, 18 March 2014

"In response to Senator Dianne Feinstein's speech last week calling out the CIA for spying on her staffers, Rep. Nancy Pelosi was asked to comment and gave what might be the most revealing comments to date as to why Congress is so scared of the CIA: 'I salute Sen. Feinstein,' Pelosi said at her weekly news conference of the chairwoman of the Senate Intelligence Committee. 'I’ll tell you, you take on the intelligence community, you’re a person of courage, and she does not do that lightly. Not without evidence, and when I say evidence, documentation of what it is that she is putting forth.' Pelosi added that she has always fought for checks and balances on CIA activity and its interactions with Congress: 'You don’t fight it without a price because they come after you and they don’t always tell the truth.' A few months back, the ACLU had posted something questioning whether or not the intelligence community might be blackmailing Congress. And, quite frequently when we write about the intelligence community, we see suggestions in the comments that certain politicians probably cover for the NSA and CIA because they know what those agencies 'have on them.' I've always dismissed those kinds of claims as being a bit far-fetched, even if they have plenty of historical precedent. So far, there's certainly been no direct evidence of that happening. And yet... Pelosi's comments certainly seem to hint at even more nefarious activity by the intelligence community against politicians who dare to actually do the job of oversight. The point of that ACLU post linked above is that, even if it's not happening, the fact that we can't definitively rule it out is a serious problem for democracy. And just the fact that some of the most powerful members of Congress, who are theoretically in charge of oversight, are now publicly admitting that they're scared of how the CIA fights back when they take them on, suggests that the intelligence community really is rotten to the core. And Congressional oversight, as it stands today, is clearly not able to deal with the issue by itself."
Mike Masnic - Nancy Pelosi Admits That Congress Is Scared Of The CIA
Techdirt, 17 March 2014

"Intelligence agency ASIO is using the Snowden leaks to bolster its case for laws forcing Australian telecommunications companies to store certain types of customers' internet and telephone data for a period of what some law enforcement agencies would like to be two years. The federal spying agency is supported by the Northern Territory Police, Victoria Police, Australian Federal Police, Australian Crime Commission and Australian Commission for Law Enforcement Integrity, who all say they are in support of a data-retention regime. What type of data should be stored by internet and phone providers is another question. Although storing 'content' data has been ruled out under a retention scheme, at least two agencies – the Northern Territory Police and Victoria Police – want web-browsing histories stored. In its submission to a parliamentary inquiry into potential changes to telecommunications laws, ASIO argues that more people are encrypting their web communications after revelations made by US intelligence contractor Edward Snowden about widespread data collection programs by governments. This has hastened the need for changes that would force providers to keep all customers' 'metadata' for a prescribed period, it says. Metadata stored about a phone call could include the parties to the call, location, duration and time of the call, but not what was said. Metadata stored about an internet activity could include your assigned IP address and the IP addresses of web servers you visit, or uniform resource locators (URLs) you visit and the time at which they were visited, while email metadata might include addresses, times, and the subject."
Push for Australians' web browsing histories to be stored
Syndney Morning Herald, 17 March 2014

"One of the things that baffles me is why more people are not alarmed by what Edward Snowden has been telling us about the scale and intrusiveness of internet surveillance. My hunch is that this is partly because – strangely – people can't relate the revelations to things they personally understand. In the past two weeks, two perceptive commentators have been trying to break through this barrier. One is Cory Doctorow, the science-fiction novelist, who had a terrific essay in the Guardian arguing that instead of increasing our security, government agencies such as the NSA, GCHQ and others are actually undermining it. The essay is worth reading in full, but one part of it stood out for me. It's about the thriving, underworld online market in malicious software. Nowadays, if some hacker discovers a previously unknown vulnerability in widely used software, that discovery can be very valuable – and people will pay large sums for such 'zero-day' exploits. But here's the creepy bit: sometimes, the purchasers are government agencies that buy these pieces of malware to use as weapons against their enemies. To most people, this will seem pretty abstruse. But with the imaginative skill of a good writer, Doctorow nails it: 'If you discovered,' he writes, 'that your government was more interested in weaponising typhus than they were in curing it, you would demand that your government treat your water supply with the gravitas and seriousness that it is due.' In a networked world, in other words, cyberwarfare and cybercrime are analogous to public health issues and our intelligence agencies ought to be treating them as such, rather than polluting the water supply."
Public apathy over GCHQ snooping is a recipe for disaster
Observer, 16 March 2014

"Apple co-founder Steve Wozniak made a startling revelation voicing his support for National Security Agency (NSA) contractor-turned-whistleblower Edward Snowden at an interactive session held at Europe's largest technology conference - Cebit 2014 - in Hannover in Germany. 'He is a hero to me, but he may be a traitor to other people and I understand the reasons for them to think that way. I believe that Snowden believed, like I do, that the US has a right to freedom. He had the guts to and courage to sacrifice his life for a principle,' said Wozniak, at an interactive session moderated by Brent Goff, main news anchor for Deutsche Welle here on Thursday. Snowden is hiding in Russia as a fugitive from US law and charged with espionage for leaking documents related to the US surveillance."
Edward Snowden is a hero: Apple co-founder Steve Wozniak
Times of India, 14 March 2014

"Free speech and freedom of the press are under attack in the UK. I cannot return to England, my country, because of my journalistic work with NSA whistleblower Edward Snowden and at WikiLeaks. There are things I feel I cannot even write. For instance, if I were to say that I hoped my work at WikiLeaks would change government behaviour, this journalistic work could be considered a crime under the UK Terrorism Act of 2000. The act gives a definition of terrorism as an act or threat 'designed to influence the government', that 'is made for the purpose of advancing a political, religious, racial or ideological cause' and that would pose a 'serious risk' to the health or safety of a section of the public. UK government officials have continually asserted that this risk is present with the disclosure of any 'classified' document.Elsewhere the act says 'the government' means the government of any country – including the US. Britain has used this act to open a terrorism investigation relating to Snowden and the journalists who worked with him, and as a pretext to enter the Guardian's offices and demand the destruction of their Snowden-related hard drives. Britain is turning into a country that can't tell its terrorists from its journalists.... If Britain is going to investigate journalists as terrorists take and destroy our documents, force us to give up passwords and answer questions – how can we be sure we can protect our sources? But this precedent is now set; no journalist can be certain that if they leave, enter or transit through the UK this will not happen to them. My lawyers advise me not to return home. Snowden's US legal adviser, Jesselyn Radack, was questioned about Julian Assange and her client when she entered the UK recently. I am strongly connected to both men: I work for one, and rescued and watched over the other for four months. In addition, if schedule 7 is used to stop me upon entering the country I could not answer such questions or relinquish anything, as this would be a risk to WikiLeaks's journalistic work, our people and our sources. As I would have no right to silence under this act, I would be committing a crime in the government's eyes. A conviction for 'terrorism' would have severe consequences for free movement across international borders. Schedule 7 is not really about catching terrorists, even in its own terms....This erosion of basic human civil rights is a slippery slope. If the government can get away with spying on us – not just in collusion with, but at the behest of, the US – then what checks and balances are left for us to fall back on? Few of our representatives are doing anything to act against this abusive restriction on our press freedoms. Green MP Caroline Lucas tabled an early day motion on 29 January but only 18 MPs have signed it so far. From my refuge in Berlin, this reeks of adopting Germany's past, rather than its future. I have thought about the extent to which British history would have been the poorer had the governments of the day had such an abusive instrument at their disposal. What would have happened to all the public campaigns carried out in an attempt to 'influence the government'? I can see the suffragettes fighting for their right to vote being threatened into inaction, Jarrow marchers being labelled terrorists, and Dickens being locked up in Newgate prison."
Sarah Harrison - Britain is treating journalists as terrorists – believe me, I know
Guardian, 14 March 2014

"MEPS called for the suspension of EUs bank data agreement with the US and the ‘Safe Harbour agreement’ on data privacy. The European Union's consent for the trade pact with the US 'could be suspended if NSA's mass surveillance on EU citizens continues, MEPs warned. In a resolution, concluding a six-month investigation into US mass surveillance schemes, MEPs have also called for the suspension of EUs bank data agreement with the US and the 'Safe Harbour agreement' on data privacy. The resolution, supported by 544 votes to 78 with 60 abstentions, also sets out findings and proposals to boost EU citizens' privacy. Civil Liberties inquiry rapporteur Claude Moraes said that the Snowden revelations gave a chance to react. 'I hope we will turn those reactions into something positive and lasting into the next mandate of this Parliament, a data protection bill of rights that we can all be proud of', Moraes said. 'This is the only international inquiry into mass surveillance. (...) Even Congress in the United States has not had an inquiry.' Claiming the Safe Harbour privacy principles do not provide required shield for EU citizens, MEPs urged the US to suggest new personal data transfer rules that comply with requirements of EU data protection."
EU threatens to suspend trade deal unless US stops mass surveillance
Computer Business Review, 13 March 2014

"The NSA is still working hard to make the world's computer usage less safe. The latest leak published by The Intercept shows the agency plans to infect 'millions' of computers worldwide with malware, making it easier for the NSA to harvest data and communications from these compromised machines. 'The classified files – provided previously by NSA whistleblower Edward Snowden – contain new details about groundbreaking surveillance technology the agency has developed to infect potentially millions of computers worldwide with malware 'implants.' The clandestine initiative enables the NSA to break into targeted computers and to siphon out data from foreign Internet and phone networks.' The methods detailed include the agency masquerading as a Facebook server and sending out laced spam emails in order to subvert users' computers and give the NSA access to local files as well as control of webcams and microphones. Not only does the agency actively work to delay bug fixes in order to exploit systems, but its ongoing malware mission ensures that using a computer and/or accessing the web will always be more dangerous than it should be. 'Mikko Hypponen, an expert in malware who serves as chief research officer at the Finnish security firm F-Secure, calls the revelations 'disturbing.' The NSA’s surveillance techniques, he warns, could inadvertently be undermining the security of the Internet. 'When they deploy malware on systems,' Hypponen says, 'they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.' The NSA has argued previously that its malware targets are strictly national security threats. But the evidence provided here undermines this defense of NSA malware deployment.'.... The Intercept's report notes that the GCHQ has deployed similar tactics, hacking into computers owned by Belgacom system engineers. The malware attacks go far beyond end user computers, targeting routers and setting the agency up for man-in-the-middle attacks (something that has become far more necessary as fewer and fewer people actually open, much less click links in spam email). The NSA may view this all as fair game -- a means to an end -- but the ugly truth is that the agency's malware/hacking attempts are not limited to threats, but rather any person/service it believes can offer access to even more communications and data. At this point, the only thing slowing the agency down is the audacious size of its undertaking..... The program -- utilizing the previously discussed TURBINE (part of the agency's TAO - Tailored Access Operations), as well as several other NSA tools like SECONDDATE and WILLOWVIXEN -- is aimed at 'Owning the Internet' according to the leaked documents."
NSA Aiming To Infect 'Millions' Of Computers Worldwide With Its Malware; Targets Telco/ISP Systems Administrators
techdirt, 12 March 2014

"Quoting information published by various news agencies, an office memorandum of the internal security division of the [Indian] Union Home Ministry last December alleged that leading telecom firms, including Vodafone and Verizon, were learnt to have shared subscriber details with Britain’s spy agency, Government Communication Headquarters (GCHQ). While the Cabinet has cleared Vodafone’s FDI proposal to increase its stake in its Indian venture to 100 per cent in February, the Home Ministry’s note has been forwarded by the Finance Ministry to the Department of Telecom for appropriate action. In a statement to the media, Vodafone said the Indian government raised no such concern with it and the government of India’s approval of its FDI application stated that it was cleared by the Foreign Investment Promotion Board (FIPB) and the Cabinet Committee on Economic Affairs (CCEA) after all due diligence. The company also denied having disclosed any customer data in any jurisdiction, unless it was legally required to do so, and said it complied with the law in all countries of its operations, including the EU Privacy Directive and EU Data Retention Directive in its European businesses. The issue was raised by the Home Ministry in respect of security clearance for Vodafone India Limited. Based on news reports, the memorandum said that leading telecom companies were learnt to be passing on details of their customers’ phone calls, email messages and other communication and were known as ‘intercept partners’; that Vodafone and others had given the GCHQ secret, unlimited access to their network of undersea cables, which carried much of the world’s phone calls and internet traffic; that the GCHQ’s mass tapping operation had been built up over the past five years by attaching intercept probes to the transatlantic cables; and that the ‘intercept partners’ were paid for logistics and technical assistance."
Vodafone, Verizon accused of sharing data with British spy agency
The Hindu, 10 March 2014

"NSA leaker Edward Snowden addressed a packed auditorium at South by Southwest today, speaking via livestream from Russia. In response to questions from ACLU program director Ben Wizner, Snowden called on internet service developers to thwart the NSA by making strong encryption ubiquitous. 'They're setting fire to the future of the internet,' Snowden told the audience. 'The people who are in this room now, you're all the firefighters. And we need you to help us fix this.'... After absconding with leaked NSA documents, Snowden is living in Russia under a temporary asylum agreement, and his future is precarious; US officials have called for him to return and face charges for the leaks. Nonetheless, he said in today's talk that he doesn't regret his decisions. 'Would I do it again? Absolutely yes,' he said. 'I took an oath to defend the Constitution, and I felt the Constitution was being violated on a massive scale.'"
Edward Snowden: 'Would I do it again? Absolutely yes'
The Verge, 10 March 2014

"I would like to thank the European Parliament for the invitation to provide testimony for your inquiry into the Electronic Mass Surveillance of EU Citizens. The suspicionless surveillance programs of the NSA, GCHQ, and so many others that we learned about over the last year endanger a number of basic rights which, in aggregate, constitute the foundation of liberal societies. The first principle any inquiry must take into account is that despite extraordinary political pressure to do so, no western government has been able to present evidence showing that such programs are necessary. In the United States, the heads of our spying services once claimed that 54 terrorist attacks had been stopped by mass surveillance, but two independent White House reviews with access to the classified evidence on which this claim was founded concluded it was untrue, as did a Federal Court.... I believe that suspicionless surveillance not only fails to make us safe, but it actually makes us less safe. By squandering precious, limited resources on 'collecting it all,' we end up with more analysts trying to make sense of harmless political dissent and fewer investigators running down real leads. I believe investing in mass surveillance at the expense of traditional, proven methods can cost lives, and history has shown my concerns are justified. Despite the extraordinary intrusions of the NSA and EU national governments into private communications world-wide, Umar Farouk Abdulmutallab, the 'Underwear Bomber,' was allowed to board an airplane traveling from Europe to the United States in 2009. The 290 persons on board were not saved by mass surveillance, but by his own incompetence, when he failed to detonate the device. While even Mutallab’s own father warned the US government he was dangerous in November 2009, our resources were tied up monitoring online games and tapping German ministers. That extraordinary tip-off didn’t get Mutallab a dedicated US investigator. All we gave him was a US visa. Nor did the US government’s comprehensive monitoring of Americans at home stop the Boston Bombers. Despite the Russians specifically warning us about Tamerlan Tsarnaev, the FBI couldn’t do more than a cursory investigation — although they did plenty of worthless computer-based searching – and failed to discover the plot. 264 people were injured, and 3 died. The resources that could have paid for a real investigation had been spent on monitoring the call records of everyone in America..... The NSA granted me the authority to monitor communications world-wide using its mass surveillance systems, including within the United States. I have personally targeted individuals using these systems under both the President of the United States’ Executive Order 12333 and the US Congress’ FAA 702. I know the good and the bad of these systems, and what they can and cannot do, and I am telling you that without getting out of my chair, I could have read the private communications of any member of this committee, as well as any ordinary citizen. I swear under penalty of perjury that this is true. These are not the capabilities in which free societies invest. Mass surveillance violates our rights, risks our safety, and threatens our way of life.... I consider the United States Government to be generally responsible, and I hope you will agree with me. Accordingly, this begs the question many legislative bodies implicated in mass surveillance have sought to avoid: if even the US is willing to knowingly violate the rights of billions of innocents — and I say billions without exaggeration — for nothing more substantial than a 'potential' intelligence advantage that has never materialized, what are other governments going to do? Whether we like it or not, the international norms of tomorrow are being constructed today, right now, by the work of bodies like this committee. If liberal states decide that the convenience of spies is more valuable than the rights of their citizens, the inevitable result will be states that are both less liberal and less safe.... For the record, I also repeat my willingness to provide testimony to the United States Congress, should they decide to consider the issue of unconstitutional mass surveillance."
Edward Snowden
Evidence to European Parliament, Published 8 March 2014

"Dictators are taking a new approach in their responses to use of the internet in popular uprisings, according to Google’s executive chairman Eric Schmidt. 'What’s happened in the last year is the governments have figured out you don’t turn off the internet: you infiltrate it,' said Schmidt, speaking at the SXSW conference in Austin, Texas. 'The new model for a dictator is to infiltrate and try to manipulate it. You’re seeing this in China, and in many other countries.' Schmidt was interviewed on-stage alongside Jared Cohen, director of the company’s Google Ideas think tank. The session, moderated by Wired journalist and author Steven Levy, took the pair’s The New Digital Age book as its starting point. Levy wondered whether their enthusiasm for technology’s potential role in popular uprisings has been dampened in the last year by events in Egypt, the Ukraine and elsewhere. 'We’re very enthusiastic about the empowerment of mobile phones and connectivity, especially for people who don’t have it,' said Schmidt. 'In the book, we actually say that revolutions are going to be easier to start, but harder to finish. He suggested that governments have realised that simply trying to block internet access for citizens is unlikely to end well – partly because it shows that they’re 'scared' – which may encourage more people onto the streets, not less. Hence the infiltration approach."
Eric Schmidt to dictators: 'You don’t turn off the internet: you infiltrate it'
Guardian, 7 March 2014

"The 'suspicionless' mass surveillance of people by programs in the U.S. and other parts of the world must be stopped or nations run the risk of having their policy dictated by spies, former U.S. National Security Agency contractor Edward Snowden told European Union lawmakers. 'I know the good and the bad of these systems, and what they can and cannot do, and I am telling you that without getting out of my chair, I could have read the private communications of any member of this committee, as well as any ordinary citizen,' Snowden said in a 12-page testimony to the European Parliament’s justice committee today. EU officials, including Justice Commissioner Viviane Reding, have urged the U.S. to boost its privacy rules or risk harming relations with the bloc in the wake of reports the NSA eavesdropped on world leaders including German Chancellor Angela Merkel. EU lawmakers are expected to adopt next week a report on an inquiry into the effects of mass spying. 'The parliamentarians now have to take into account' Snowden’s answers next Monday before the report is voted on by the EU lawmakers’ plenary on Wednesday, Jan Philipp Albrecht, a German Green party politician in the EU Parliament, said in an e-mailed statement. He called on European nations to grant protection to Snowden, who is seeking EU asylum. 'The indiscriminate, bulk collection of private data by governments is a violation of our rights and must end,' said Snowden in his testimony, which doesn’t disclose new information. 'I have risked my life, my family, and my freedom to tell you the truth.' "
Snowden Tells EU Nations Risk Having Policy Dictated by Spies
Bloomberg, 7 March 2014

"The U.S. National Security Agency (NSA) has turned the European Union into a tapping 'bazaar' in order to spy on as many EU citizens as possible, NSA leaker Edward Snowden said. The NSA has been working with national security agencies in EU member states to get access to as much data of EU citizens as possible, Snowden said in a testimony sent to Members of the European Parliament (MEPs) published Friday. The European Parliament had invited Snowden to provide testimony for an inquiry into the electronic mass surveillance of EU citizens. That surveillance, often instigated by the NSA but carried out with help of EU member states, is quite extensive, he wrote.The NSA has been pressuring EU member states to change their laws to enable mass surveillance, according to Snowden. This is done through NSA’s Foreign Affairs Division (FAD), he said, adding that lawyers from the NSA and GCHQ work very hard 'to search for loopholes in laws and constitutional protections that they can use to justify indiscriminate, dragnet surveillance operations that were at best unwittingly authorized by lawmakers,' he said."
NSA created 'European bazaar' to spy on EU citizens, Snowden tells European Parliament
PCWorld, 7 March 2014

"US intelligence agencies have successfully pressured EU governments to weaken laws protecting their communications systems, allowing American spies to tap into vast troves of data on EU citizens with impunity, US whistleblower Edward Snowden has told the European parliament. The National Security Agency unit responsible for liaising with allied governments, called the foreign affairs division, launched such 'legal guidance operations' to weaken privacy legislation and find loopholes in constitutional protections in Sweden, Germany and the Netherlands, Mr Snowden said. 'Each of these countries received instruction from the NSA, sometimes under the guise of the US department of defence and other bodies, on how to degrade the legal protections of their countries’ communications,' Mr Snowden said in written testimony provided to the European parliament and seen by the Financial Times. Mr Snowden’s written testimony was sent to Brussels ahead of a parliamentary debate next week in Strasbourg where MEPs are due to vote on a report recommending suspension of US-EU agreements allowing for financial and data transfers. Mr Snowden was asked to testify before the European parliament last year, but has declined to appear in person or by teleconference, according to parliamentary officials. Instead, Mr Snowden submitted 12 pages of testimony, which includes an introductory statement and answers to six MEPs working on data privacy issues. The revelations made by Mr Snowden, which included disclosures that the NSA had tapped the mobile phone of German chancellor Angela Merkel, have unleashed a transatlantic diplomatic crisis that has shown few signs of abating. They are expected to complicate President Barack Obama’s first visit to the EU’s capital this month. The former contractor for the NSA and Central Intelligence Agency, who has been granted asylum in Russia, said the NSA created a 'European bazaar' where government spy services from the bloc 'are independently hawking domestic access to the NSA' without realising the true scale of the spy agency’s Europe-wide surveillance capacities. Although the NSA has agreed with individual countries not to spy on their citizens, Mr Snowden testified the agency is able to tap these same citizens using similar agreements in neighbouring countries that share telecom cables, citing Denmark and Germany as examples. This has allowed the NSA to build a comprehensive patchwork of surveillance in Europe, Mr Snowden wrote."
Snowden: US spy agencies pressed EU states to ease privacy laws
Financial Times, 7 March 2014

"In an ironic turn, the congressional authorities who have staunchly defended the National Security Agency's widespread spying operations are now crying foul after having been spied on by another branch of U.S. intelligence. News reporting on Tuesday revealed that the Inspector General's office, the agency tasked with CIA oversight, has asked the Department of Justice to investigate claims that the spy agency monitored computers used by Senate aides preparing what is believed to be a 'searing indictment' on the CIA's secret detention and interrogation program. In what McClatchy news characterized as an 'unprecedented breakdown in relations between the CIA and its congressional overseers,' members of the Senate Intelligence Committee are saying the alleged CIA spying violates provisions of the Federal Computer Fraud and Abuse Act. McClatchy continues: 'The committee determined earlier this year that the CIA monitored computers – in possible violation of an agreement against doing so – that the agency had provided to intelligence committee staff in a secure room at CIA headquarters that the agency insisted they use to review millions of pages of top-secret reports, cables and other documents, according to people with knowledge.'"
CIA Accused of Spying on Senate Panel Investigating Torture
Common Dreams, 6 March 2014

"A controversial court that claims to be completely independent of the British government is secretly operating from a base within the Home Office, the Guardian has learned. The Investigatory Powers Tribunal, which investigates complaints about the country's intelligence agencies, is also funded by the Home Office, and its staff includes at least one person believed to be a Home Office official previously engaged in intelligence-related work. The discovery that the IPT is lodged within a Whitehall department comes at a time when the Nick Clegg, the deputy prime minister, is commissioning a review into the intrusive capabilities of UK intelligence agencies and the legal framework in which they operate. In a speech to the the intelligence and military thinktank the Royal United Services Institute this week, he argued that greater transparency was needed at the IPT. Labour's leader, Ed Miliband, has also argued that the system for oversight of the UK's intelligence agencies is in need of reform, and the shadow home secretary, Yvette Cooper, said a debate about oversight was long overdue. The disclosure that the IPT operates inside the Home Office is likely to fuel criticisms of the court that have been levelled by rights groups, lawyers and complainants. The tribunal was created in October 2000 by the Regulation of Investigatory Powers Act and given the power to investigate any complaints against GCHQ, MI5 or MI6, as well as complaints about surveillance operations mounted by the police or any other public bodies. Since then it has investigated about 1,500 complaints, and upheld 10 – although five of these concerned members of one family who had all lodged complaints about surveillance by their local council.... Nick Pickles, director of Big Brother Watch, describes the IPT as 'addicted to secrecy' and says it has long passed the point of being a credible avenue of redress. 'Justice is not being done, let alone being seen to be done,' he said. 'The IPT is symbolic of the entire system of oversight that has failed to properly inform parliament or the public about how surveillance has been massively expanded because the law has failed to keep pace with technology.' Kat Craig, of the legal charity Reprieve, said: 'It has long been clear that proceedings in this quasi-court are tilted in favour of the government to an absurd extent – not only are the vast majority of hearings held in secret, but often the person bringing the complaint will not even be told that they are taking place. 'Now we learn that the IPT is based in the Home Office – the very same building as Theresa May, who has responsibility for MI5. This will only strengthen concerns that the IPT is too close to the very agencies which it is meant to be overseeing."
'Independent' court scrutinising MI5 is located inside Home Office
Guardian, 5 March 2014

"Consumers are unwittingly putting themselves at risk of being spied on by their mobile devices and internet-connected TVs, the outgoing head of the communications regulator has warned.  Dame Collette Bowe, the chairwoman of Ofcom, said that the threat to individual privacy caused by new technology was the most pressing issue faced by policymakers in the communications sector and that tougher legal protections were required.  'They’re carrying a computer in their pocket which knows an awful lot about them,' Dame Collette told the House of Lords Communications Committee. 'Their smart TV may have a camera and microphone embedded in them. ....'"
Phone in your pocket that gives away your secrets
London Times, 5 March 2014

"A leading US senator has said that President Obama knew of an 'unprecedented action' taken by the CIA against the Senate intelligence committee, which has apparently prompted an inspector general’s inquiry at Langley. The subtle reference in a Tuesday letter from Senator Mark Udall to Obama, seeking to enlist the president’s help in declassifying a 6,300-page inquiry by the committee into torture carried out by CIA interrogators after 9/11, threatens to plunge the White House into a battle between the agency and its Senate overseers. McClatchy and the New York Times reported Wednesday that the CIA had secretly monitored computers used by committee staffers preparing the inquiry report, which is said to be scathing not only about the brutality and ineffectiveness of the agency’s interrogation techniques but deception by the CIA to Congress and policymakers about it. The CIA sharply disputes the committee’s findings."
Obama knew CIA secretly monitored intelligence committee, senator claims
Guardian 5 March 2014

"The CIA Inspector General’s Office has asked the Justice Department to investigate allegations of malfeasance at the spy agency in connection with a yet-to-be released Senate Intelligence Committee report into the CIA’s secret detention and interrogation program, McClatchy has learned. The criminal referral may be related to what several knowledgeable people said was CIA monitoring of computers used by Senate aides to prepare the study. The monitoring may have violated an agreement between the committee and the agency. The development marks an unprecedented breakdown in relations between the CIA and its congressional overseers amid an extraordinary closed-door battle over the 6,300-page report on the agency’s use of waterboarding and harsh interrogation techniques on suspected terrorists held in secret overseas prisons. The report is said to be a searing indictment of the program. The CIA has disputed some of the reports findings. White House officials have closely tracked the bitter struggle, a McClatchy investigation has found. But they haven’t directly intervened, perhaps because they are embroiled in their own feud with the committee, resisting surrendering top-secret documents that the CIA asserted were covered by executive privilege and sent to the White House. McClatchy’s findings are based on information found in official documents and provided by people with knowledge of the dispute being fought in the seventh-floor executive offices of the CIA’s headquarters in Langley, Va., and the committee’s high-security work spaces on Capitol Hill. The people who spoke to McClatchy asked not to be identified because the feud involves highly classified matters and carries enormous consequences for congressional oversight over the executive branch. The CIA and the committee declined to comment. Caitlin Hayden, a spokeswoman for the National Security Council, declined to discuss the matter and referred questions to the CIA and the Justice Department. In question now is whether any part of the committee’s report, which took some four years to compose and cost $40 million, will ever see the light of day. The report details how the CIA misled the Bush administration and Congress about the use of interrogation techniques that many experts consider torture, according to public statements by committee members. It also shows, members have said, how the techniques didn’t provide the intelligence that led the CIA to the hideout in Pakistan where Osama bin Laden was killed in a 2011 raid by Navy SEALs. The committee determined earlier this year that the CIA monitored computers – in possible violation of an agreement against doing so – that the agency had provided to intelligence committee staff in a secure room at CIA headquarters that the agency insisted they use to review millions of pages of top-secret reports, cables and other documents, according to people with knowledge. Sen. Ron Wyden, D-Oregon, a panel member, apparently was referring to the monitoring when he asked CIA Director John Brennan at a Jan. 29 hearing if provisions of the Federal Computer Fraud and Abuse Act 'apply to the CIA? Seems to me that’s a yes or no answer.' Brennan replied that he’d have to get back to Wyden after looking into 'what the act actually calls for and it’s applicability to CIA’s authorities.' The law makes it a criminal act for someone to intentionally access a computer without authorization or to go beyond what they’re allowed to access."
Probe: Did the CIA spy on the U.S. Senate?

McClatchy, 4 March 2014

"Three US senators are planning to investigate any role the National Security Agency played in its British partner’s mass collection of Yahoo webcam images. Reacting to the Guardian’s revelation on Thursday that UK surveillance agency GCHQ swept up millions of Yahoo users’ webcam chats, senators Ron Wyden, Mark Udall and Martin Heinrich said in a joint statement that 'any involvement of US agencies in the alleged activities reported today will need to be closely scrutinized'. The senators described the interception as a 'breathtaking lack of respect for privacy and civil liberties'. On Friday, the Internet Association – a trade body representing internet giants including Google, Amazon, eBay, Netflix, AOL and Twitter – joined the chorus of condemnation, issuing a statement expressing alarm at the latest GCHQ revelations, and calling for reform. According to documents provided to the Guardian by NSA whistleblower Edward Snowden, the GCHQ program codenamed Optic Nerve fed screengrabs of webcam chats and associated metadata into NSA tools such as Xkeyscore. NSA research, the documents indicate, also contributed to the creation of Optic Nerve, which attempted to use facial recognition technology to identify intelligence targets, particularly those using multiple anonymous internet IDs. Neither NSA nor GCHQ addressed the Guardian’s questions about US access to the images themselves. Outgoing NSA director Keith Alexander walked away from a reporter on Thursday who asked the army four-star general about the NSA’s role in Optic Nerve."
Senators to investigate NSA role in GCHQ 'Optic Nerve' webcam spying
Guardian, 28 February 2014

"Politicians and human rights groups have reacted angrily to revelations that Britain's spy agency intercepted and stored webcam images of millions of people not suspected of any wrongdoing with the aid of its US counterpart. GCHQ files dating between 2008 and 2010 reveal that a surveillance program codenamed Optic Nerve collected images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not. In one six-month period in 2008 alone, the agency collected webcam images, including substantial quantities of sexually explicit material, from more than 1.8 million Yahoo user accounts globally. The Tory MP David Davis said: 'We now know that millions of Yahoo account holders were filmed without their knowledge through their webcams, the images of which were subsequently stored by GCHQ and the NSA. This is, frankly, creepy.' Davis, said it was perfectly proper for the intelligence agencies to use any and all means to target those suspected of terrorism, kidnapping and other serious crimes, but that the indiscriminate nature of the programme was alarming. 'It is entirely improper to extend such intrusive surveillance on a blanket scale to ordinary citizens,' he said. The Liberal Democrat MP Julian Huppert said he was 'absolutely shocked' at the revelation. 'This seems like a very clear invasion of privacy, and I simply can not see what the justification is,' he said. The Optic Nerve documents were provided by the NSA whistleblower Edward Snowden. They show that the programme began as a prototype in 2008 and was still active in 2012. They chronicle GCHQ's sustained efforts to keep the large store of sexually explicit material Optic Nerve collected away from the eyes of its staff, though there is little discussion about the privacy implications of storing it in the first place. The system, eerily reminiscent of the telescreens evoked in George Orwell's 1984, was used for experiments in automated facial recognition to monitor GCHQ's existing targets, and to identity new ones. Nick Pickles, the director of the civil liberties campaign group Big Brother Watch, said intercepting and taking photographs from millions of people's webcam chats was 'as creepy as it gets'. 'We have CCTV on our streets and now we have GCHQ in our homes. It is right that the security services can target people and tap their communications, but they should not be doing it to millions of people. This is an indiscriminate and intimate intrusion on people's privacy.'"
GCHQ's interception and storage of Yahoo webcam images condemned
Guardian, 27 February 2014

"Britain's signals intelligence division is stealing screenshots from hundreds of thousands of innocent Yahoo users' webcam videos, according to the Guardian newspaper, which also reported that the years-long operation has swept up a huge haul of intimate photographs. The newspaper said GCHQ has been scooping up the sensitive images by intercepting video chats such as the kind offered by Yahoo Messenger, an effort codenamed OPTIC NERVE. It's not clear how many Yahoo users were spied on in this way. The Guardian said that in one six-month period in 2008, GCHQ intercepted the video communications of 1.8 million users, but it's possible that the program, which the Guardian says was still active in 2012, has either grown or shrunk in scope since then. The Guardian said the documents were provided by former U.S. intelligence worker Edward Snowden, who remains in Russia after having sought temporary asylum there. If confirmed, the newspaper's report would represent 'a whole new level of violation of our users' privacy,' Yahoo Inc. said in a written statement. The Sunnyvale, California-based company said it was unaware of such snooping and would never condone it, calling on governments across the world to reform their surveillance practices. Like the NSA's collection of millions of innocent people's phone, email, and credit card data, the webcam surveillance program was carried out in bulk, creating a massive database where the communications of hundreds of thousands of people could later be scanned by analysts for clues or patterns. However, unlike the phone database, OPTIC NERVE also automatically downloaded the content of video communications — taking a screenshot from the video feed every five minutes, the Guardian said. One snippet of a leaked document published to the Guardian's website appears to show that GCHQ hoped to eventually 'collect images at a faster rate,' or perhaps even download all the webcam videos in their entirety. Even at one screenshot every five minutes, material published to the Guardian's website appeared to show U.K. analysts being deluged with X-rated footage. 'It would appear that a surprising number of people use webcam conversations to show intimate parts of their body to the other person,' another snippet of an intelligence document published said. It went on to say that an informal study had found that between 3 and 11 percent of all the images carried 'undesirable nudity.' The Guardian said that OPTIC NERVE was intended at least in part to identify targets using automatic facial recognition software as they stared into their computer's webcams. But the stockpiling of sexually explicit images of ordinary people had uncomfortable echoes of George Orwell's 'Nineteen Eighty-Four,' where the authorities — operating under the aegis of 'Big Brother' — fit homes with cameras to monitor the intimate details of people's personal lives. 'At least Big Brother had the decency to install his own cameras,' British media lawyer David Banksy said in a message posted to Twitter after the revelations broke. 'We've had to buy them ourselves.' The collection of nude photographs also raises questions about potential for blackmail. America's National Security Agency has already acknowledged that some analysts have been caught trawling databases for inappropriate material on partners or love interests. Other leaked documents have revealed how U.S. and British intelligence discussed leaking embarrassing material online to blacken the reputations of their targets. GCHQ refused to answer a series of questions about OTPIC NERVE, instead returning the same boilerplate answer it has given to reporters for months."
Report: UK spies collect massive store of nude photos after intercepting Yahoo webcam service
Associated Press, 27 February 2014

"GCHQ, Britain’s electronic spying agency, intercepted and stored images of 1.8m Yahoo users taken from their personal webcams even though most of them were not suspected of wrongdoing, documents leaked by the whistleblower Edward Snowden show. A secret programme called 'Optic Nerve', run in conjunction with the US National Security Agency, recorded millions of webcam images from ordinary internet users – as many as one in 10 of them sexually explicit – 'in bulk', the UK’s Guardian newspaper reported on Thursday. 'Optic Nerve' tapped into Yahoo users’ accounts and took still images from their computer webcams every five minutes. Yahoo reacted angrily to the revelations, denying all knowledge. A spokesperson for the company said the covert surveillance programme represented 'a whole new level of violation of our users’ privacy'. Security analysts say GCHQ may have collected the webcam images to help link potential terror suspects or criminals with different accounts and communications platforms they used on other computers. The 'Optic Nerve' disclosure is the latest from the huge cache of secret documents that Mr Snowden – a former private security contractor – stole from the NSA last year. Mr Snowden is now a fugitive in Russia. 'It is a longstanding policy that we do not comment on intelligence matters,' a spokesperson for GCHQ said.... Separately on Thursday, parliament’s home affairs select committee issued a summons compelling the man in charge of judicial oversight of the UK’s intelligence agencies to appear before it and give evidence. Sir Mark Waller, the intelligence services commissioner, has been ordered to appear on 18 March. Sir Mark had earlier refused an invitation to attend the committee and give evidence on his oversight of the intelligence agencies. GCHQ’s head, Sir Iain Lobban, has previously defended the agency’s data-collection methods as being akin to looking for needles in 'an enormous hay field'. The agency only aims to 'collect hay' from 'those parts of the field which might be lucrative in terms of containing needles or fragments of needles' in a 'tiny proportion' of the whole field, Sir Iain told parliament’s Intelligence and Security Committee last year. Yahoo has been a vocal member of the coalition lobbying world governments to limit their authority over user information and increase transparency over what the security agencies do access."
Leaks show GCHQ captured ordinary internet users’ webcam images
Financial Times, 27 February 2014

"Giving evidence to MPs before Christmas, Sir Iain Lobban, the director of GCHQ, used the analogy favoured by the security agencies to explain what they do. He likened the gathering of intelligence to building a haystack and said he was 'very well aware that within that haystack there is going to be plenty of innocent communications from innocent people'. The latest revelations from the Edward Snowden files show this haystack also includes webcam images of millions of internet users, some of whom are involved in deeply adult forms of in flagrante 'communication'. Surveillance of this kind puts a new spin on William Hague's defence of GCHQ's snooping programmes: 'If you have nothing to hide, you have nothing to fear.'.... Nick Pickles, the director of Big Brother Watch, takes a different view. 'Secretly intercepting and taking photographs from millions of people's webcam chats is as creepy as it gets. Orwell's 1984 was supposed to be a warning, not an instruction manual.' GCHQ insists the activity is legal. And doubtless it is, if you believe that the Regulation of Investigatory Powers Act, which was passed in 2000, was drafted with this kind of surveillance in mind. But even the parliamentary intelligence and security committee – not a body known for challenging the agencies with any robustness – is now questioning whether ministers and the agencies can really use Ripa for cover. The collection of webcam material was probably secured by getting an 'external warrant' under paragraph four of section 8 of Ripa. In most Ripa cases, a minister has to be told the name of an individual or firm being targeted before a warrant is granted. But section 8 permits GCHQ to perform more sweeping and indiscriminate trawls of external data if a minister issues a 'certificate' along with the warrant. It allows ministers to sanction the collection, storage and analysis of vast amounts of material, using technologies that barely existed when Ripa was introduced."
GCHQ's cover for Optic Nerve provided by legislation introduced in 2000
Guardian, 27 February 2014

"The U.S. government has asked a secret surveillance court to allow it to hold telephone metadata for a period beyond the current five-year limit, for use as potential evidence in civil lawsuits regarding the collection of the data. In June last year, former National Security Agency contractor, Edward Snowden, revealed that the agency was collecting bulk phone records of Verizon customers in the U.S. The government subsequently confirmed that it had a program for the bulk collection of phone metadata, which triggered a number of privacy law suits in various courts challenging the legality of the NSA program under section 215 of the Patriot Act. When litigation is pending against a party, or is reasonably anticipated, the party has a duty to preserve relevant information that may be evidence in the case, the Department of Justice stated in a filing Tuesday before the Foreign Intelligence Surveillance Court that was made public Wednesday."
U.S. wants to store bulk metadata longer for defense in metadata privacy lawsuits
PC World, 27 February 2014

"Citing the need to preserve evidence related to pending lawsuits, the Obama administration is asking for permission to keep data on billions of U.S. phone calls indefinitely instead of destroying it after five years. In a motion filed Tuesday with the Foreign Intelligence Surveillance Court, the Justice Department says the series of lawsuits over the program — including one filed by Sen. Rand Paul (R-Ky.) — create a duty for the government to hang on to the so-called metadata currently in the National Security Agency’s computer systems. 'Based upon the issues raised by Plaintiffs in the … lawsuits and the Government’s potential defenses to those claims, the United States must ensure that all potentially relevant evidence is retained which includes the [business record] metadata obtained in bulk from certain telecommunications service providers pursuant to this Court’s production orders,' Justice Department lawyers write in a motion (posted here)."
Feds move to keep NSA call data indefinitely
Politico, 26 February 2014

"Julian Assange's prolonged stay in the Ecuadorian Embassy has cost the Metropolitan Police £5.3million, in the 18 months since he entered the building in Knightsbridge. Police are stationed day and night outside the embassy, where the WikiLeaks founder was granted asylum, ready to arrest Assange, who was set to be extradited to face questioning in Sweden on sexual assault allegations. Assange claimed that Sweden would extradite him to the US over leaking secret documents. In Sweden, he faces potential rape charges from one woman and sexual assault charges from another, stemming from a visit to Stockholm in 2010."
WikiLeaks' Julian Assange Has Cost The Met Police £5.3m During Ecuador Embassy Stay
Post, 25 February 2014

"One of the many pressing stories that remains to be told from the Snowden archive is how western intelligence agencies are attempting to manipulate and control online discourse with extreme tactics of deception and reputation-destruction. It’s time to tell a chunk of that story, complete with the relevant documents. Over the last several weeks, I worked with NBC News to publish a series of articles about 'dirty trick' tactics used by GCHQ’s previously secret unit, JTRIG (Joint Threat Research Intelligence Group). These were based on four classified GCHQ documents presented to the NSA and the other three partners in the English-speaking 'Five Eyes' alliance. Today, we at the Intercept are publishing another new JTRIG document, in full, entitled 'The Art of Deception: Training for Online Covert Operations.' By publishing these stories one by one, our NBC reporting highlighted some of the key, discrete revelations: the monitoring of YouTube and Blogger, the targeting of Anonymous with the very same DDoS attacks they accuse 'hacktivists' of using, the use of 'honey traps' (luring people into compromising situations using sex) and destructive viruses. But, here, I want to focus and elaborate on the overarching point revealed by all of these documents: namely, that these agencies are attempting to control, infiltrate, manipulate, and warp online discourse, and in doing so, are compromising the integrity of the internet itself. Among the core self-identified purposes of JTRIG are two tactics: (1) to inject all sorts of false material onto the internet in order to destroy the reputation of its targets; and (2) to use social sciences and other techniques to manipulate online discourse and activism to generate outcomes it considers desirable. To see how extremist these programs are, just consider the tactics they boast of using to achieve those ends: 'false flag operations' (posting material to the internet and falsely attributing it to someone else), fake victim blog posts (pretending to be a victim of the individual whose reputation they want to destroy), and posting 'negative information' on various forums. Here is one illustrative list of tactics from the latest GCHQ document we’re publishing today.... Other tactics aimed at individuals are listed here, under the revealing title 'discredit a target'.... Then there are the tactics used to destroy companies the agency targets... GCHQ describes the purpose of JTRIG in starkly clear terms: 'using online techniques to make something happen in the real or cyber world,' including 'information ops (influence or disruption).'... Critically, the 'targets' for this deceit and reputation-destruction extend far beyond the customary roster of normal spycraft: hostile nations and their leaders, military agencies, and intelligence services. In fact, the discussion of many of these techniques occurs in the context of using them in lieu of 'traditional law enforcement' against people suspected (but not charged or convicted) of ordinary crimes or, more broadly still, 'hacktivism', meaning those who use online protest activity for political ends. The title page of one of these documents reflects the agency’s own awareness that it is 'pushing the boundaries' by using 'cyber offensive' techniques against people who have nothing to do with terrorism or national security threats, and indeed, centrally involves law enforcement agents who investigate ordinary crimes... No matter your views on Anonymous, 'hacktivists' or garden-variety criminals, it is not difficult to see how dangerous it is to have secret government agencies being able to target any individuals they want – who have never been charged with, let alone convicted of, any crimes – with these sorts of online, deception-based tactics of reputation destruction and disruption. .... The broader point is that, far beyond hacktivists, these surveillance agencies have vested themselves with the power to deliberately ruin people’s reputations and disrupt their online political activity even though they’ve been charged with no crimes, and even though their actions have no conceivable connection to terrorism or even national security threats. As Anonymous expert Gabriella Coleman of McGill University told me, 'targeting Anonymous and hacktivists amounts to targeting citizens for expressing their political beliefs, resulting in the stifling of legitimate dissent.' ..... Government plans to monitor and influence internet communications, and covertly infiltrate online communities in order to sow dissension and disseminate false information, have long been the source of speculation. Harvard Law Professor Cass Sunstein, a close Obama adviser and the White House’s former head of the Office of Information and Regulatory Affairs, wrote a controversial paper in 2008 proposing that the US government employ teams of covert agents and pseudo-'independent' advocates to 'cognitively infiltrate' online groups and websites, as well as other activist groups..... Sunstein also proposed sending covert agents into 'chat rooms, online social networks, or even real-space groups' which spread what he views as false and damaging 'conspiracy theories' about the government. Ironically, the very same Sunstein was recently named by Obama to serve as a member of the NSA review panel created by the White House, one that – while disputing key NSA claims – proceeded to propose many cosmetic reforms to the agency’s powers (most of which were ignored by the President who appointed them). But these GCHQ documents are the first to prove that a major western government is using some of the most controversial techniques to disseminate deception online and harm the reputations of targets. Under the tactics they use, the state is deliberately spreading lies on the internet about whichever individuals it targets, including the use of what GCHQ itself calls 'false flag operations' and emails to people’s families and friends. Who would possibly trust a government to exercise these powers at all, let alone do so in secret, with virtually no oversight, and outside of any cognizable legal framework? Then there is the use of psychology and other social sciences to not only understand, but shape and control, how online activism and discourse unfolds. Today’s newly published document touts the work of GCHQ’s 'Human Science Operations Cell,' devoted to 'online human intelligence' and 'strategic influence and disruption'... Under the title 'Online Covert Action', the document details a variety of means to engage in 'influence and info ops' as well as 'disruption and computer net attack,' while dissecting how human beings can be manipulated using 'leaders,' 'trust,' 'obedience' and 'compliance'.... The documents lay out theories of how humans interact with one another, particularly online, and then attempt to identify ways to influence the outcomes – or 'game' it..."
Glenn Greenwald - How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations
The Intecept, 24 February 2014

"Investigative reporter Julia Angwin was curious what Google knew about her, so she asked the company for her search data. 'It turns out I had been doing about 26,000 Google searches a month ... and I was amazed at how revealing they were,' she tells Fresh Air's Dave Davies. From NSA sweeps to commercial services scraping our Web browsing habits, to all kinds of people tracking us through our smartphones, Angwin says we've become a society where indiscriminate data-gathering has become the norm. Angwin has covered online privacy issues for years, and in her new book she describes what she did to try to escape the clutches of data scrapers, even to the point of creating a fake identity...You can ask Google what do they have on you and they do actually provide a pretty comprehensive answer. I was able to see all of the Google searches I have conducted since 2006, which was a lot of Google searches. It turns out that I had been doing about 26,000 Google searches a month. So I could see them by day, I could sort them by type of search — shopping, maps — and I was amazed at how revealing they were. I could reconstruct all the crazy leaps that my mind makes on any given day where one minute I'm working on an article and the next minute I'm suddenly shopping for shoes for my daughter and a minute later I jump onto another topic. It was a little disturbing to see what my mind does.... Data brokers began by compiling very simple information from the Yellow Pages, the White Pages and government directories. The property records in your state are publicly on file somewhere; the data brokers will go buy it and put it in their dossier. At the same time, your address is usually on file [in] many places with magazines or newspapers you subscribe to. ... Also the post office sells access to its change-of-address list. What's happening now in the digital era is that they're adding to their files with all sorts of digital information, so they can find out about you, what you're doing online, what you're buying online. ... So now these records that they have are getting much more precise. They're no longer just being used to send you junk mail that you can throw away. Now they're being used online as well to help places figure out who you are as soon as you arrive at their website. They can make an instant assessment by matching your online stuff to some of the online data.... I found out there are a lot of data brokers out there. It took me almost a month to compile a list, because there's no real list of who they all are, and I was able to identify about 200 or so of them. Of those, very few were willing to let me see my data. It was about a dozen that would let me see my data: some of the bigger brokers, LexisNexis, Axium, and some very small outfits. ... What was shocking about it was that it ranged from incredibly precise — every single address I'd ever lived at including the number on my dorm room in college, which I couldn't even remember ... to very imprecise, inaccurate things ... that were not at all true — that I was a single mother ... with no college education living in a place I didn't live."
If You Think You're Anonymous Online, Think Again
All Tech Considered (NPR), 24 February 2014

"The National Security Agency (NSA) has stepped up its surveillance of senior German government officials since being ordered by Barack Obama to halt its spying on Chancellor Angela Merkel, Bild am Sonntag paper reported on Sunday. Revelations last year about mass U.S. surveillance in Germany, in particular of Merkel’s mobile phone, shocked Germans and sparked the most serious dispute between the transatlantic allies in a decade. Bild am Sonntag said its information stemmed from a high-ranking NSA employee in Germany and that those being spied on included Interior Minister Thomas de Maiziere, a close confidant of Merkel. 'We have had the order not to miss out on any information now that we are no longer able to monitor the chancellor’s communication directly,' it quoted the NSA employee as saying. A spokesman for the German Interior Ministry said it would not comment on the 'allegations of unnamed individuals'. To calm the uproar over U.S. surveillance abroad, President Obama in January banned U.S. eavesdropping on the leaders of close friends and allies of Washington. Germans are especially sensitive about snooping due to their experiences in the Nazi era and in Communist East Germany, when the Stasi secret police built up a massive surveillance network. Berlin has been pushing, so far in vain, for a 'no-spy' deal with Washington. German Foreign Minister Frank-Walter Steinmeier is due to visit the United States on Thursday but he has said he doubts such a deal would have much effect. Bild am Sonntag quoted a security adviser to Obama, Caitlin Hayden, as saying: 'The United States has made clear it gathers intelligence in exactly the same way as any other states.' The mass-circulation paper said the NSA was monitoring 320 people in Germany – mostly politicians but also business leaders. Hayden said Washington did not spy on corporations in order to help U.S. firms gain competitive advantage."
U.S. now bugging German ministers in place of Merkel
Reuters, 23 February 2014

"Britain’s intelligence and law enforcement agencies are facing an inquiry from Whitehall’s snooping watchdog into whether they are collecting too many private telephone and internet records, The Telegraph can disclose. The investigation by Sir Anthony May, the Interception of Communications Commissioner, will start this year and comes after he told MPs he was worried that the security services were making too many requests for access to people’s private data. In evidence to the Home Affairs select committee, Sir Anthony suggested that the number of requests last year – around 500,000 – was 'too large'. Whitehall sources said that his staff were now starting work on a review to determine whether Britain’s intelligence agencies and police were making a 'proportionate' number of applications for access to phone and internet records. He has a team of eight full-time inspectors with powers to interrogate systems in MI5 and MI6, and interview intelligence officers, as well as the police, as part of a regular inspection programme. The findings of the review will be published in Sir Anthony’s annual report to the Prime Minister on Whitehall’s use of intercept powers next year. The probe comes as the Government reacts to growing concern about the gathering of large amounts of data by GCHQ, the Government’s listening post in Cheltenham, and America’s National Security Agency. In 2012, there were 570,000 requests to acquire communication data. The vast majority of these came from law enforcement and intelligence agencies. Just 5,000 were from groups like local authorities, the Environment Agency and the Financial Conduct Authority which are allowed to snoop on people using powers under the Regulation of Investigatory Powers Act (Ripa). Under the Act, they can ask for confidential communications data, including telephone numbers dialled and email addresses to which messages have been sent, but not their contents. Sir Anthony’s role is to review how public authorities – including councils, police and the intelligence agencies – request this confidential information. In evidence to the Home Affairs select committee last week, Sir Anthony disclosed that the number of requests in 2013 had fallen slightly to around 500,000. No breakdown of how many requests came from MI5 or MI6 or the police is currently available, although Sir Anthony is understood to be considering publishing those details next year. The requests are limited to basic details such who is the registered owner of a landline or mobile number, who they have been phoning and where they were when the calls were made....Whitehall sources said the number of actual pieces of information gathered by the agencies could be a lot higher because each request could cover several numbers. David Davis, the former shadow home secretary who quit the Tory frontbench to fight campaigns on civil liberties issues, welcomed news of the review. He said: 'It is a very good sign that the Commissioner is taking a more clinical view of the sheer size of the surveillance than his predecessor.'"
Inquiry into phone and email snoopers
Telegraph, 22 February 2014

"Director of Intelligence James Clapper now says the National Security Agency (NSA) should have been more open about the fact that they were spying on all Americans. I'm glad he said this. But there is no excuse for lying in the first place.  When Senator Ron Wyden (a Democrat from Oregon) asked Director Clapper during an intelligence hearing in March of last year if the NSA was collecting the data of millions of Americans, the director lied under oath and denied the charge. When new revelations disproved this last June, Clapper then said the NSA had to keep the metadata collection program a secret for national security purposes.... The United States needs intelligence gathering, the ability to obtain and keep secrets, spying on foreign powers and genuine threats and all the other tools nations use to protect their security. No one is disputing this. But Clapper is being somewhat disingenuous here. Part of the reason our government does some things behind Americans' backs is not for security, but because certain activities, if known, would outrage the public. Spying on every American certainly falls into this category. I also believe it is blatantly unconstitutional, and bringing these activities to light would immediately spark debates the NSA would rather not hear. The notion that if the NSA had informed us they were monitoring every American would somehow make it OK, does not make it OK. Explaining why you are violating the Fourth Amendment does not invalidate the Fourth Amendment. Americans are as upset at the act itself, not the mere knowledge of it. A cheating spouse can be upfront about his affairs from the beginning, but nobody thinks such behavior is right. The purpose of being forthright about wrongdoing is usually repentance. I do not get the sense from Clapper that he thinks his agency did anything wrong. Americans have a right to know when their rights are being violated, but that's where my agreement with Director Clapper, or at least agreement with his latest statement, ends. The Fourth Amendment states that warrants issued must be specific to a person, place or task and this provision of the Bill of Rights exists explicitly to guard against the notion of a general warrant, where government can plunder through anyone's privacy at will. The NSA's metadata collection program is a general warrant for the modern age, reflecting the same kind of tyranny our nation's founders fought a revolution to make sure would never happen again."
US Senator, Rand Paul: The NSA is still violating our rights, despite what James Clapper says
Guardian, 20 February 2014

"The Intercept recently published an article and supporting documents indicating that the NSA and its British counterpart GCHQ surveilled and even sought to have other countries prosecute the investigative journalism website WikiLeaks. GCHQ also surveilled the millions of people who merely read the WikiLeaks website. The article clarifies the lengths that these two spy organizations go to track their targets and confirms, once again, that they do not confine themselves to spying on those accused of terrorism. One document contains a summary of an internal discussion in which officials from two NSA offices discuss whether to categorize WikiLeaks as a 'malicious foreign actor' for surveillance targeting purposes. This would be an important categorization because agents have significantly more authority to engage in surveillance of malicious foreign actors.... Surveillance and legal tactics by the NSA and GCHQ add to the growing list of examples of the government responding to investigative journalism that exposes corruption by attacking the media rather than the corruption. As Freedom of the Press Foundation executive director Trevor Timm wrote, 'Anyone who supports the principles behind the First Amendment should be worried.'"
Surveillance and Pressure Against WikiLeaks and Its Readers
Electronic Frontier Foundation, 19 February 2014

"The Department of Homeland Security wants a private company to provide a national license-plate tracking system that would give the agency access to vast amounts of information from commercial and law enforcement tag readers, according to a government proposal that does not specify what privacy safeguards would be put in place. The national license-plate recognition database, which would draw data from readers that scan the tags of every vehicle crossing their paths, would help catch fugitive illegal immigrants, according to a DHS solicitation. But the database could easily contain more than 1 billion records and could be shared with other law enforcement agencies, raising concerns that the movements of ordinary citizens who are under no criminal suspicion could be scrutinized....civil liberties groups are not assuaged. 'Ultimately, you’re creating a national database of location information,' said Jennifer Lynch, a staff attorney with the Electronic Frontier Foundation. 'When all that data is compiled and aggregated, you can track somebody as they’re going through their life.'"
Homeland Security is seeking a national license plate tracking system
Washington Post, 18 February 2014

"Julian Assange has called on the White House to appoint a special prosecutor to investigate NSA spying on WikiLeaks. Secret documents have revealed how the NSA spied on WikiLeaks and its followers, seeking to classify it as 'a malicious foreign actor.' In its latest release of US government documents, WikiLeaks has accused the National Security Agency of tracking its members and followers. WikiLeaks founder Julian Assange has called the NSA’s espionage program 'reckless and illegal' and has demanded Washington open an investigation into the claims.... The NSA went to great lengths in an attempt to justify its surveillance. According to 2011 documents leaked by Edward Snowden to The Intercept, the agency was considering classifying WikiLeaks as a 'malicious foreign actor' which would have given the NSA more extensive surveillance powers. Moreover, Julian Assange was put on a so-called 'manhunting' target list along with suspected Al-Qaeda terrorists. The government entry into the 'Manhunting Timeline' in 2010 describes the program as part of 'an international effort to focus the legal element of national power upon non-state actor Assange, and the human network that supports WikiLeaks.'...The NSA was not alone in its sweeping espionage on the whistleblowing organization. It also enlisted its allies in the Five Eyes spying network (UK, New Zealand, Australia and Canada) as well as other nations. In documents dating back from August 2010, the US urged 10 other countries with forces in Afghanistan to consider pressing criminal charges against Julian Assange - 'founder of the rogue WikiLeaks internet website and responsible for the unauthorized publication of over 70,000 classified documents covering the war in Afghanistan.' The documents show the UK’s spy agency, the GCHQ played a significant role in monitoring the visitors to the WikiLeaks site. A leaked PowerPoint presentation details a program - created by Britain’s GCHQ and distributed amongst the Five Eyes in 2012 - that was especially designed to keep an eye on the site’s visitors.  As part of the program - dubbed 'Anti-crisis girl' in the documents – the GCHQ hauled in massive amounts of data from phone networks, internet cables and satellites. The new revelations prompted immediate reaction from Julian Assange who decried both the NSA and the GCHQ for acting with total impunity. 'The NSA and its UK accomplices show no respect for the rule of law,' he said in a statement on WikiLeaks’ site. 'But there is a cost to conducting illicit actions against a media organization.' WikiLeaks’ lawyer Judge Baltasar Garzon is now preparing an appropriate response to the new information and the organization has pledged that those responsible will be brought to justice. Garzon said the new documents are a testament to the fact the repression facing WikiLeaks is still very much alive."
‘Reckless & unlawful’: Assange calls for probe into NSA ‘manhunt’ on WikiLeaks
RT, 18 February 2014

"Top-secret documents from the National Security Agency and its British counterpart reveal for the first time how the governments of the United States and the United Kingdom targeted WikiLeaks and other activist groups with tactics ranging from covert surveillance to prosecution. The efforts – detailed in documents provided previously by NSA whistleblower Edward Snowden – included a broad campaign of international pressure aimed not only at WikiLeaks founder Julian Assange, but at what the U.S. government calls 'the human network that supports WikiLeaks.' The documents also contain internal discussions about targeting the file-sharing site Pirate Bay and hacktivist collectives such as Anonymous. One classified document from Government Communications Headquarters, Britain’s top spy agency, shows that GCHQ used its surveillance system to secretly monitor visitors to a WikiLeaks site. By exploiting its ability to tap into the fiber-optic cables that make up the backbone of the Internet, the agency confided to allies in 2012, it was able to collect the IP addresses of visitors in real time, as well as the search terms that visitors used to reach the site from search engines like Google."
Snowden Documents Reveal Covert Surveillance and Pressure Tactics Aimed at WikiLeaks and Its Supporters
The Intecept, 18 February 2014

"Intercepting the telephone calls of Angela Merkel would have been 'politically unwise' and 'certainly illegal under German law', according to a former senior British secret intelligence officer. However, he says that under international law, tapping into the German chancellor's telephone conversations 'would appear to be fair game'. Nigel Inkster, former deputy chief of MI6, was responding to the disclosure by Edward Snowden that the US National Security Agency targeted Merkel's mobile telephone. Though the White House has not officially admitted it, it has said the US will not monitor the chancellor's conversations in future. Writing in the latest edition of Survival, the journal of the International Institute for Strategic Studies, where he is director of transnational threats and political risk, Inkster says: 'Listening to chancellor Angela Merkel's mobile telephone calls, as the US has been accused of doing, might be judged to be politically unwise and was certainly illegal under German law. But, under international law, her telephone conversations would appear to be fair game.' In her latest weekly podcast, Merkel suggested that a European communications network should be set up to offer protection from surveillance by the NSA and its British eavesdropping partner, GCHQ. She plans to discuss the idea with the French president, François Hollande, when she meets him in Paris on Wednesday. 'Above all we'll talk about European providers that offer security to our citizens, so that one shouldn't have to send emails and other information across the Atlantic,' she said in the podcast. 'Rather, one could build up a communications network inside Europe.' Inkster says that while NSA surveillance programmes violated the domestic laws of countries subjected to espionage, it was less obvious that they violated international law. 'International lawyers hold a wide spectrum of opinions on the legality of espionage, and there was nothing in existing international law that expressly proscribed espionage,' he writes."
Merkel phone tapping fair game under international law, says ex-MI6 deputy
Guardian, 18 February 2014

"The start of a new NHS data-sharing scheme in England involving medical records is being delayed by six months. Work to start compiling the largely anonymised records on to the Care.data database was meant to start from April. But NHS England has now decided that will not now happen until the autumn. The organisation has accepted the communications campaign, which gives people the chance to opt out, needs to be improved. There has been widespread criticism that the public have been 'left in the dark' over the plans amid reports not everyone received the leaflets explaining the project. The Royal College of GPs, the British Medical Association and patient watchdog Healthwatch England have all voiced concerns in recent weeks. The central database will involve taking records from GP practices and linking them with hospital records. Experts say it will enable them to assess diseases, examine new drugs on the market and identify infection outbreaks as well as monitor the performance of the NHS. To date information has been available about what happens in hospitals, but not what goes on in GP surgeries. The information made available on the database will be stripped of identifiable data - although it will include the gender, age band and area a patient lives in. However, concerns have been raised about the prospect of keeping all the information in one place, with campaigners saying that it could lead to privacy problems and data breaches....Nick Pickles, director of Big Brother Watch, said: 'NHS England has failed to properly communicate to patients or GPs what this new database involves, how it affects our medical records and what the risks are. The scheme's benefits are no justification for not properly informing people what will happen and a delay is the right thing to do. Our medical records contain some of our most private information and any changes to how they are used should not be rushed into.'"
Giant NHS database rollout delayed
BBC Online, 18 February 2014

"Intelligence whistleblower Edward Snowden has been elected to the post of student rector at Glasgow University. The former US National Security Agency contractor fled from his homeland last May after revealing extensive details of internet and phone surveillance. He is currently staying in Russia where he has temporary asylum. The rector is the students' elected representative. Mr Snowden succeeds the Liberal Democrat's former leader Charles Kennedy. Mr Snowden beat three other candidates to the post - cyclist Graeme Obree, author Alan Bissett and Scottish Episcopal clergyman Kelvin Holdsworth. Previous rectors at the university include Winnie Mandela and Mordechai Vanunu."
Edward Snowden elected as rector of Glasgow University
BBC Online, 18 February 2014

"The three journalists who broke the National Security Agency revelations from Edward Snowden in the Guardian are among the recipients of the prestigious 2013 George Polk Awards in Journalism. Glenn Greenwald, Ewen MacAskill and Laura Poitras will receive the award for national security reporting, along with Barton Gellman of the Washington Post. Janine Gibson, Guardian US editor-in-chief, said: 'We’re honoured by the recognition from the Polk awards and delighted for Ewen, Glenn, Laura, Barton and their colleagues that their work has been recognised.'"
Journalists who broke NSA story in Guardian receive George Polk Awards
Guardian, 17 February 2014

"A draft report by the European Parliamentary Committee on Civil Liberties, Justice and Home Affairs, authored by Labour MEP Claude Moraes, reveals disturbing plans to suspend a key counter-terrorism agreement, and give the EU greater power over national intelligence services, including that of the United Kingdom.... published in January this year makes various recommendations, singling out the United Kingdom’s security services and their roles in recent mass surveillance activities orchestrated in part with the U.S. government. But instead of simply attempting to curtail such schemes, Labour MEPs and their partners in the Progressive Alliance of Socialists and Democrats are recommending that Britain’s entire legal framework is overhauled in order to suit the EU. The document makes dozens of references to the current ‘undemocratic’ nature of having Britain’s security services accountable to the UK government, claiming that 'international treaties and EU and US legislation, as well as national oversight mechanisms, have failed to provide for the necessary checks and balances and for democratic accountability'....Labour MEP Claude Moraes proposes that the EU calls on 'certain EU Member States, including the UK, Germany, France, Sweden and the Netherlands, to revise where necessary their national legislation and practices governing the activities of intelligence services so as to ensure that they are in line with the standards of the European Convention on Human Rights'."
Labour MEP Wants British Spies Accountable to European Union
Breibart, 16 February 2014

"Der Spiegel magazine reported on Sunday the German government was considering deploying its own agents to keep tabs on Western secret services and embassies on German soil including those of the United States and also Britain. It said the domestic intelligence service aimed to glean precise information about foreign spies using diplomatic cover and technical equipment at diplomatic missions used to snoop on German officials and the country's citizens.  'This step would be an about-face from the decades-long practice of systematically monitoring the activities of countries such as China, Russia and North Korea but rarely the activities of Western partners,' Spiegel said. It said the plans would require the final approval of Merkel's office as well as the foreign and interior ministries. The reported initiatives follow leaks by former National Security Agency (NSA) contractor Edward Snowden that US intelligence agencies had eavesdropped on Chancellor Angela Merkel's mobile phone and collected vast amounts of online data and telephone records from average citizens. Media reports last year said that equipment installed on the roofs of the US and British embassies in central Berlin was used for snooping. Spiegel also reports in its upcoming issue on a suspected attack by Chinese spies on the German government ahead of the G20 summit in Saint Petersburg, Russia last September."
Germany bids to counter US spying threat
Agence France Presse, 16 February 2014

"The list of those caught up in the global surveillance net cast by the National Security Agency and its overseas partners, from social media users to foreign heads of state, now includes another entry: American lawyers. A top-secret document, obtained by the former N.S.A. contractor Edward J. Snowden, shows that an American law firm was monitored while representing a foreign government in trade disputes with the United States. The disclosure offers a rare glimpse of a specific instance in which Americans were ensnared by the eavesdroppers, and is of particular interest because lawyers in the United States with clients overseas have expressed growing concern that their confidential communications could be compromised by such surveillance. The government of Indonesia had retained the law firm for help in trade talks, according to the February 2013 document. It reports that the N.S.A.’s Australian counterpart, the Australian Signals Directorate, notified the agency that it was conducting surveillance of the talks, including communications between Indonesian officials and the American law firm, and offered to share the information. The Australians told officials at an N.S.A. liaison office in Canberra, Australia, that “information covered by attorney-client privilege may be included” in the intelligence gathering, according to the document, a monthly bulletin from the Canberra office. The law firm was not identified, but Mayer Brown, a Chicago-based firm with a global practice, was then advising the Indonesian government on trade issues.  On behalf of the Australians, the liaison officials asked the N.S.A. general counsel’s office for guidance about the spying. The bulletin notes only that the counsel’s office “provided clear guidance” and that the Australian agency “has been able to continue to cover the talks, providing highly useful intelligence for interested US customers.”  The N.S.A. declined to answer questions about the reported surveillance, including whether information involving the American law firm was shared with United States trade officials or negotiators. Most attorney-client conversations do not get special protections under American law from N.S.A. eavesdropping. Amid growing concerns about surveillance and hacking, the American Bar Association in 2012 revised its ethics rules to explicitly require lawyers to “make reasonable efforts” to protect confidential information from unauthorized disclosure to outsiders."
Spying by N.S.A. Ally Entangled U.S. Law Firm
New York Times, 15 February 2014

"The state of free press in the U.S. is bad, according to the 2014 World Press Freedom Index compiled by Reporters Without Borders (Reporters sans frontières). The U.S. was ranked 46th among the 180 nations surveyed, falling 13 places since last year. Finland, the Netherlands and Norway are among the most free nations for journalists. Iran, China and North Korea are among the most restrictive for reporters. America's bad ranking was based on the conviction of WikiLeaks' informant Bradley (Chelsea) Manning and the treatment of NSA whistleblower Edward Snowden, along with the Obama administration's 'increased efforts to track down whistleblowers and the sources of leaks,' the watchdog group said. In 2013, it came to light that the Justice Department had secretly obtained phone logs of Associated Press reporters, monitored the personal email account for FOX News reporter James Rosen in order to discover officials speaking to the press, and subpoenaed James Risen of The New York Times to testify against a former CIA employee accused of leaking classified information. Obama said in May 2013 that he was 'troubled' at the possible overreach by the Justice Department and ordered the agency to review its guidelines on dealing with press investigations. Additionally, the Obama White House has been accused of shielding the President from the press by not allowing the White House Press Corps sufficient access to photograph and question Obama during his official duties. 'I would say it is the most secretive White House that I have ever been involved in covering,' New York Times Executive Editor Jill Abramson told Al Jazeera America in late January. 'The Obama administration has had seven criminal leak investigations. That is more than twice the number of any previous administration in our history. It's on a scale never seen before,' she added."
U.S. drops in press freedom ranking, to #46 out of 180 countries measured
New York Daily News, 12 February 2014

"James Clapper, President Obama’s top national security official, is probably best known for having been caught lying outright to Congress about NSA activities, behavior which (as some baseball players found out) happens to be a felony under federal law. But – like torturers and Wall Street tycoons before him – Clapper has been not only shielded from prosecution, and not only allowed to keep his job; he has has now been anointed the arbiter of others’ criminality, as he parades around the country calling American journalists 'accomplices'. Yesterday, as Wired’s Dave Kravets reports, the 'clearly frustrated' Clapper went before a Senate committee (different than the one he got caught lying to) to announce that the Snowden disclosures are helping the terrorists... As Kravets notes, 'Clapper is not the most credible source on Snowden and the NSA leaks.' Moreover, it’s hardly surprising that Clapper is furious at these disclosures given that 'Snowden’s very first leak last June' – revelation of the domestic surveillance program – 'had the side-effect of revealing that Clapper had misled the public and Congress about NSA spying.' And, needless to say, Clapper offered no evidence at all to support his assertions yesterday; he knows that, unlike Kravets, most establishment media outlets will uncritically trumpet his claims without demanding evidence or even noting that he has none.'... Fear-mongering comes naturally to those who wield political power. Particularly in post-9/11 America, shouting 'terrorists!' has been the favorite tactic of the leadership of both parties to spread fear and thus induce submission.... In a recent New York Times op-ed detailing how exploitation of terrorism fears is the key to sustaining the modern surveillance state, Northwestern University Philosophy Professor Peter Ludlow wrote that 'since 9/11 leaders of both political parties in the United States have sought to consolidate power by leaning … on the danger of a terrorist attack'. He recounted that 'Machiavelli notoriously argued that a good leader should induce fear in the populace in order to control the rabble' and that 'Hobbes in ‘The Leviathan’ argued that fear effectively motivates the creation of a social contract in which citizens cede their freedoms to the sovereign.' It would be surprising if people like Clapper didn’t do this.'"
Clapper Reads From the Bush/Cheney/Nixon Playbook to Fear-Monger Over Transparency
The Intercept, 12 February 2014

"The European parliament is to ditch demands on Wednesday that EU governments give guarantees of asylum and security to Edward Snowden, the National Security Agency whistleblower. The parliament's civil liberties committee is to vote on more than 500 amendments to the first ever parliamentary inquiry into the NSA and GCHQ scandal, a 60-page report that is damning about the scale and the impact of mass surveillance. But there is no consensus on an amendment proposed by the Greens calling on EU governments to assure Snowden of his safety in the event that he emerges from hiding in Russia and comes to Europe. Amid what key MEPs have described as intense pressure from national governments on parliament – from the Conservatives and their allies, from the mainstream centre-right and from social democrats – the asylum call has no chance of passing. 'The amendment asking for asylum won't go through,' said Claude Moraes, the British Labour MEP who is the principal author of the report. 'That was a red line for the right. There was never going to be a realistic majority for that.'"
Edward Snowden asylum demand dropped by European parliament
Guardian, 12 February 2014

"The National Security Agency, already under siege in Washington, faces a fresh attempt to curtail its activities from a Utah legislator who wants to cut off the surveillance agency’s water supply. Marc Roberts, a first-term Republican lawmaker in the Beehive State, plans this week to begin a quixotic quest to check government surveillance starting at a local level. He will introduce a bill that would prevent anyone from supplying water to the $1bn-plus data center the NSA is constructing in his state at Bluffdale. The bill is about telling the federal government 'if you want to spy on the whole world and American citizens, great, but we’re not going to help you,' Roberts told the Guardian. Supporters of the bill freely admit they’re at a disadvantage. Roberts is still talking with colleagues to find co-sponsors. His activist allies expect a steep, uphill struggle against the NSA’s supporters in conservative Utah, as well as business groups whom Roberts expects will argue that the data center will create jobs and bolster the local economy."
Utah lawmaker floats bill to cut off NSA data centre's water supply
Guardian, 12 Feburary 2014

"Most of the worry about the National Security Agency's bulk interception of telephone calls, e-mail and the like has centered around threats to privacy. And, in fact, the evidence suggests that if you've got a particularly steamy phone- or Skype-s*x session going on, it just might wind up being shared by voyeuristic NSA analysts. But most Americans figure, probably rightly, that the NSA isn't likely to be interested in their stuff. (Anyone who hacks my e-mail is automatically punished, by having to read it.) There is, however, a class of people who can't take that disinterest for granted: members of Congress and the judiciary. What they have to say is likely to be pretty interesting to anyone with a political ax to grind. And the ability of the executive branch to snoop on the phone calls of people in the other branches isn't just a threat to privacy, but a threat to the separation of powers and the Constitution."
Glenn Harlan Reynolds, professor of law, University of Tennessee
NSA spying undermines separation of powers
USA Today, 10 February 2014

"[Irish] Justice Minister Alan Shatter has demanded a full explanation of allegations that the Garda Ombudsman has been the victim of a sophisticated spying operation using 'government-level' technology. A report carried out for the watchdog by security consultants found a phone had been bugged using eavesdropping equipment to monitor conferences on sensitive investigations, according to weekend accounts. The report allegedly concluded that the ombudsman was being targeted using restricted technology, which is not commercially available or sold to non-government agencies. Mr Shatter is extremely concerned that he was not told of the findings by the Garda Siochana Ombudsman Commission (GSOC), the watchdog which deals with complaints against gardai. Mr Shatter has summoned representatives from the agency to a meeting today for a comprehensive explanation. Underlining how seriously the Government is taking the matter, the Taoiseach has also ordered a report from Mr Shatter for tomorrow's weekly Cabinet meeting. 'I haven't read the detail of it yet, but obviously I will ask the minister to give a report to us at Cabinet on Tuesday,' Enda Kenny told the Irish Independent. Mr Shatter was kept in the dark about the allegations, with his office confirming that he only became aware of the matter through media reports yesterday. Senior gardai appear to have been unaware of the investigation even though the Garda watchdog hired a UK company to 'integrity test' its systems after becoming suspicious that its offices were under surveillance. The surveillance is believed to have started some time after December 2011 when Simon O'Brien, Kieran Fitzgerald and Carmel Foley were appointed by Mr Shatter to lead the body. It is not clear if any individuals were targeted directly. GSOC is an independent statutory body with responsibility for investigating complaints against members of An Garda Siochana. GSOC refused to make any comment on the allegations and would not say why it did not alert either the gardai or Government about its probe."
Garda watchdog to be grilled over failure to report spying probe
Irish Independent, 10 February 2014

"The journalistic venture started by eBay founder Pierre Omidyar and former Guardian reporter Glenn Greenwald launched its first news site Monday, promising more stories based on intelligence documents leaked by Edward Snowden. The Intercept -- at TheIntercept.org -- is the first of several sites that will be published by First Look Media. While announcing the formation of First Look in October, Omidyar said he is contributing $250 million to pursue independent journalism, and tapped Greenwald to lead editorial operations..... Citing Snowden's NSA documents and a former drone operator, the Intercept's first story detailed the NSA's reliance of electronic surveillance for finding targets for lethal drone strikes. The site also published Monday aerial photos of the NSA, the National Reconnaissance Office and the National Geospatial-Intelligence Agency. 'My intention is to expand the visual vocabulary we use to 'see' the U.S. intelligence community,' wrote guest reporter and photographer Trevor Paglen on the site. 'Although the organizing logic of our nation's surveillance apparatus is invisibility and secrecy, its operations occupy the physical world.'"
Greenwald debuts Omidyar-backed The Intercept
USA Today, 10 February 2014

"Intelligence officials investigating how Edward J. Snowden gained access to a huge trove of the country’s most highly classified documents say they have determined that he used inexpensive and widely available software to 'scrape' the National Security Agency’s networks, and kept at it even after he was briefly challenged by agency officials. Using 'web crawler' software designed to search, index and back up a website, Mr. Snowden 'scraped data out of our systems' while he went about his day job, according to a senior intelligence official. 'We do not believe this was an individual sitting at a machine and downloading this much material in sequence,' the official said. The process, he added, was 'quite automated.' The findings are striking because the N.S.A.’s mission includes protecting the nation’s most sensitive military and intelligence computer systems from cyberattacks, especially the sophisticated attacks that emanate from Russia and China. Mr. Snowden’s 'insider attack,' by contrast, was hardly sophisticated and should have been easily detected, investigators found. Moreover, Mr. Snowden succeeded nearly three years after the WikiLeaks disclosures, in which military and State Department files, of far less sensitivity, were taken using similar techniques. Mr. Snowden had broad access to the N.S.A.’s complete files because he was working as a technology contractor for the agency in Hawaii, helping to manage the agency’s computer systems in an outpost that focuses on China and North Korea. A web crawler, also called a spider, automatically moves from website to website, following links embedded in each document, and can be programmed to copy everything in its path. Mr. Snowden appears to have set the parameters for the searches, including which subjects to look for and how deeply to follow links to documents and other data on the N.S.A.’s internal networks. Intelligence officials told a House hearing last week that he accessed roughly 1.7 million files. Among the materials prominent in the Snowden files are the agency’s shared 'wikis,' databases to which intelligence analysts, operatives and others contributed their knowledge. Some of that material indicates that Mr. Snowden 'accessed' the documents. But experts say they may well have been downloaded not by him but by the program acting on his behalf. Agency officials insist that if Mr. Snowden had been working from N.S.A. headquarters at Fort Meade, Md., which was equipped with monitors designed to detect when a huge volume of data was being accessed and downloaded, he almost certainly would have been caught. But because he worked at an agency outpost that had not yet been upgraded with modern security measures, his copying of what the agency’s newly appointed No. 2 officer, Rick Ledgett, recently called 'the keys to the kingdom' raised few alarms. .... from his first days working as a contractor inside the N.S.A.’s aging underground Oahu facility for Dell, the computer maker, and then at a modern office building on the island for Booz Allen Hamilton, the technology consulting firm that sells and operates computer security services used by the government, Mr. Snowden learned something critical about the N.S.A.’s culture: While the organization built enormously high electronic barriers to keep out foreign invaders, it had rudimentary protections against insiders.... Investigators have yet to answer the question of whether Mr. Snowden happened into an ill-defended outpost of the N.S.A. or sought a job there because he knew it had yet to install the security upgrades that might have stopped him. 'He was either very lucky or very strategic,' one intelligence official said. A new book, 'The Snowden Files,' by Luke Harding, a correspondent for The Guardian in London, reports that Mr. Snowden sought his job at Booz Allen because 'to get access to a final tranche of documents' he needed 'greater security privileges than he enjoyed in his position at Dell.' Through his lawyer at the American Civil Liberties Union, Mr. Snowden did not specifically address the government’s theory of how he obtained the files, saying in a statement: 'It’s ironic that officials are giving classified information to journalists in an effort to discredit me for giving classified information to journalists. The difference is that I did so to inform the public about the government’s actions, and they’re doing so to misinform the public about mine.'... Officials say web crawlers are almost never used on the N.S.A.’s internal systems, making it all the more inexplicable that the one used by Mr. Snowden did not set off alarms as it copied intelligence and military documents stored in the N.S.A.’s systems and linked through the agency’s internal equivalent of Wikipedia. The answer, officials and outside experts say, is that no one was looking inside the system in Hawaii for hard-to-explain activity. ... Investigators have found no evidence that Mr. Snowden’s searches were directed by a foreign power, despite suggestions to that effect by the chairman of the House Intelligence Committee, Representative Mike Rogers, Republican of Michigan, in recent television appearances and at a hearing last week. But that leaves open the question of how Mr. Snowden chose the search terms to obtain his trove of documents, and why, according to James R. Clapper Jr., the director of national intelligence, they yielded a disproportionately large number of documents detailing American military movements, preparations and abilities around the world.  In his statement, Mr. Snowden denied any deliberate effort to gain access to any military information. 'They rely on a baseless premise, which is that I was after military information,' Mr. Snowden said."
Snowden Used Low-Cost Tool to Best N.S.A.
New York Times, 8 February 2014

"British spies have developed'dirty tricks' for use against nations, hackers, terror groups, suspected criminals and arms dealers that include releasing computer viruses, spying on journalists and diplomats, jamming phones and computers, and using sex to lure targets into 'honey traps.' Documents taken from the National Security Agency by Edward Snowden and exclusively obtained by NBC News describe techniques developed by a secret British spy unit called the Joint Threat Research and Intelligence Group (JTRIG) as part of a growing mission to go on offense and attack adversaries ranging from Iran to the hacktivists of Anonymous. According to the documents, which come from presentations prepped in 2010 and 2012 for NSA cyber spy conferences, the agency’s goal was to'destroy, deny, degrade [and] disrupt' enemies by 'discrediting' them, planting misinformation and shutting down their communications. Both PowerPoint presentations describe 'Effects' campaigns that are broadly divided into two categories: cyber attacks and propaganda operations. The propaganda campaigns use deception, mass messaging and 'pushing stories' via Twitter, Flickr, Facebook and YouTube. JTRIG also uses 'false flag' operations, in which British agents carry out online actions that are designed to look like they were performed by one of Britain’s adversaries. In connection with this report, NBC is publishing documents that Edward Snowden took from the NSA before fleeing the U.S., which can be viewed by clicking here and here. The documents are being published with minimal redactions. The spy unit’s cyber attack methods include the same'denial of service' or DDOS tactic used by computer hackers to shut down government and corporate websites..... Civil libertarians said that in using a DDOS attack against hackers the British government also infringed free speech by individuals not involved in any illegal hacking, and may have blocked other websites with no connection to Anonymous. While GCHQ defends the legality of its actions, critics question whether the agency is too aggressive and its mission too broad. Eric King, a lawyer who teaches IT law at the London School of Economics and is head of research at Privacy International, a British civil liberties advocacy group, said it was 'remarkable' that the British government thought it had the right to hack computers, since none of the U.K.’s intelligence agencies has a 'clear lawful authority' to launch their own attacks.' GCHQ has no clear authority to send a virus or conduct cyber attacks,' said King.'Hacking is one of the most invasive methods of surveillance.' King said British cyber spies had gone on offense with 'no legal safeguards' and without any public debate, even though the British government has criticized other nations, like Russia, for allegedly engaging in cyber warfare.... One intelligence official also said that the newest set of Snowden documents published by NBC News that describe 'Effects' campaigns show that British cyber spies were 'slightly ahead' of U.S. spies in going on offense against adversaries, whether those adversaries are hackers or nation states. The documents also show that a one-time signals surveillance agency, GCHQ, is now conducting the kinds of active espionage operations that were once exclusively the realm of the better-known British spy agencies MI5 and MI6. According to notes on the 2012 documents, a computer virus called Ambassadors Reception was 'used in a variety of different areas' and was 'very effective.' When sent to adversaries, says the presentation, the virus will 'encrypt itself, delete all emails, encrypt all files, make [the] screen shake' and block the computer user from logging on. But the British cyber spies’ operations do not always remain entirely online. Spies have long used sexual 'honey traps' to snare, blackmail and influence targets. Most often, a male target is led to believe he has an opportunity for a romantic relationship or a sexual liaison with a woman, only to find that the woman is actually an intelligence operative. The Israeli government, for example, used a 'honey trap' to lure nuclear technician Mordechai Vanunu from London to Rome. He expected an assignation with a woman, but instead was kidnapped by Israel agents and taken back to Israel to stand trial for leaking nuclear secrets to the media. The version of a 'honey trap' described by British cyber spies in the 2012 PowerPoint presentation sounds like a version of Internet dating, but includes physical encounters. The target is lured 'to go somewhere on the Internet, or a physical location' to be met by 'a friendly face.' The goal, according to the presentation, is to discredit the target. A 'honey trap,' says the presentation, is' very successful when it works.' But the documents do not give a specific example of when the British government might have employed a honey trap. The existence of the Royal Concierge program was first reported by the German magazine Der Spiegel in 2013, which said that Snowden documents showed that British spies had monitored bookings of at least 350 upscale hotels around the world for more than three years 'to target, search and analyze reservations to detect diplomats and government officials.' According to the documents obtained by NBC News, the intelligence agency uses the information to spy on human targets through 'close access technical operations,' which can include listening in on telephone calls and tapping hotel computers as well as sending intelligence officers to observe the targets in person at the hotels. The documents ask, 'Can we influence hotel choice? Can we cancel their visits?' The 2010 presentation also describes another potential operation that would utilize a technique called 'credential harvesting' to select journalists who could be used to spread information. According to intelligence sources, spies considered using electronic snooping to identify non-British journalists who would then be manipulated to feed information to the target of a covert campaign. Apparently, the journalist’s job would provide access to the targeted individual, perhaps for an interview. The documents do not specify whether the journalists would be aware or unaware that they were being used to funnel information. The executive director of the Committee to Protect Journalists, Joel Simon, said that the revelation about'credential harvesting' should serve as a 'wake up call' to journalists that intelligence agencies can monitor their communications. Simon also said that governments put all journalists at risk when they use even one for an intelligence operation. 'All journalists generally are then vulnerable to the charge that they work at the behest of an intelligence agency,' said Simon. The journalist operation was never put into action, according to sources, but other techniques described in the documents, like the Ambassadors Reception computer virus and the jamming of phones and computers, have definitely been used to attack adversaries.... The British government’s intelligence apparatus, which also includes MI5 and MI6, had a role in the 2010 Stuxnet computer virus attack on Iran’s nuclear facilities, according to sources at two intelligence agencies. GCHQ would not comment on the newly published documents or on JTRIG’s 'Effects' operations. It would neither confirm nor deny any element of this report, which is the agency’s standard policy. In a statement, a GCHQ spokesperson emphasized that the agency operated within the law."
Snowden Docs: British Spies Used Se** and 'Dirty Tricks'
NBC, 7 February 2014

"On Friday, The Washington Post reported that the N.S.A. is currently taking in data on less than 30 percent of phone calls. The article also said the agency had been collecting nearly all records about Americans’ phone calls in 2006, and that the N.S.A. was now trying to restore comprehensive coverage. Officials partly confirmed The Post’s report, although they said it was difficult to put a precise number on the percentage. But they disputed that the agency had ever had near-universal access to phone data, saying cellphone records have always presented problems. The Wall Street Journal reported in June that T-Mobile and Verizon Wireless were not part of the N.S.A.’s data collection, and a report on surveillance policy last month by a review group appointed by Mr. Obama said that while the program'acquires a very large amount' of phone data each day, that was still 'only a small percentage of the total' calls. One official said intelligence agencies have quietly chafed at assumptions that the N.S.A. was collecting all phone records. But they have been reluctant to correct the record because they did not want to draw attention to the gap and because it is, in fact, the agency’s goal to overcome technical hurdles that stop them from ingesting them all. The greater attention to the gap puts new light on claims about the effectiveness of the program. Critics say the gap may undermine the argument that the program, as it currently exists, can provide peace of mind about links to potential terrorists: a negative result might instead mean only that the data was missing. Supporters, however, say the gap might undermine the argument that the program is ineffective because it has thwarted no attacks and uncovered only a minor case in which some men sent several thousand dollars to a Somali terrorist group.'We should have a debate about how effective would it be if it were fully implemented,' one official said."
N.S.A. Program Gathers Data on a Third of Nation’s Calls, Officials Say
New York Times, 7 February 2014

"A US official has acknowledged that the NSA likely scoops up data on congressional telephone communications but stopped short of saying whether such action extended to calls made by President Barack Obama. The tense exchange occurred on Tuesday during a hearing on the status of the administration's reforms of the bulk data collection programme exposed last year by former National Security Agency contractor Edward Snowden. Deputy Attorney General James Cole, testifying before the House Judiciary Committee, hesitated when asked whether the controversial NSA programme that gathers the numbers, call times and lengths of virtually every US phone call extended to communications by members of Congress and executive branch officials. Congressman Darrell Issa, a House Republican known for his criticism of the Obama White House, asked specifically whether the programme was scooping up information from '202-225-and four digits', the phone exchange for House of Representatives offices. 'Without going specifically, probably we do, congressman,' Cole said. Issa then asked whether the president's phone calls were targeted by the programme. 'I believe every phone number that is with the providers that get those orders comes in under the scope of that order,' Cole said, without clarifying whether the president's phones fell within such an order. Cole agreed to get back to Issa with clarification, to which Issa responded: 'Especially if he [Obama] calls Chancellor Merkel.' The remark was an apparent swipe at charges that the NSA had been listening in on the telephones of several world leaders including Germany's Angela Merkel, who told Obama in October that such action would be a 'breach of trust' between two allies. The hearing came amid growing congressional and public concern over the scope of domestic intelligence gathering."
NSA 'probably' collects US Congress telephone call data, official admits
Agence France Presse, 6 February 2014

"The Swiss government has ordered tighter security for its own computer and telephone systems that could block foreign companies from key technology and communications contracts. The governing Federal Council's decision Wednesday cited concerns about foreign spies targeting Switzerland. National Security Agency leaker Edward Snowden, who worked for the CIA at the U.S. mission to the U.N. in Geneva from 2007 to 2009, has released documents indicating that large American and British IT companies cooperated with those countries' intelligence services. According to a Swiss government statement, contracts for critical IT infrastructure will 'where possible, only be given to companies that act exclusively according to Swiss law, where a majority of the ownership is in Switzerland and which provides all of its services from within Switzerland's borders."
Swiss govt tightens tech security over NSA spying
New Zealand Herald, 6 February 2014

"As Americans have grown increasingly comfortable with traditional surveillance cameras, a new, far more powerful generation is being quietly deployed that can track every vehicle and person across an area the size of a small city, for several hours at a time. Although these cameras can’t read license plates or see faces, they provide such a wealth of data that police, businesses and even private individuals can use them to help identify people and track their movements. Already, the cameras have been flown above major public events such as the Ohio political rally where Sen. John McCain (R-Ariz.) named Sarah Palin as his running mate in 2008, McNutt said. They’ve been flown above Baltimore; Philadelphia; Compton, Calif.; and Dayton in demonstrations for police. They’ve also been used for traffic impact studies, for security at NASCAR races and at the request of a Mexican politician, who commissioned the flights over Ciudad Juárez.... In addition to normal cameras, the planes can carry infrared sensors that permit analysts to track people, vehicles or wildlife at night — even through foliage and into some structures, such as tents. Courts have put stricter limits on technology that can see things not visible to the naked eye, ruling that they can amount to unconstitutional searches when conducted without a warrant. But the lines remain fuzzy as courts struggle to apply old precedents — from a single overflight carrying an officer equipped with nothing stronger than a telephoto lens, for example — to the rapidly advancing technology. 'If you turn your country into a totalitarian surveillance state, there’s always some wrongdoing you can prevent,' said Jay Stanley, a privacy expert with the American Civil Liberties Union. 'The balance struck in our Constitution tilts toward liberty, and I think we should keep that value.' Police and private businesses have invested heavily in video surveillance since the Sept. 11, 2001, attacks. Although academics debate whether these cameras create significantly lower crime rates, an overwhelming majority of Americans support them. A Washington Post poll in November found that only 14 percent of those surveyed wanted fewer cameras in public spaces. But the latest camera systems raise new issues because of their ability to watch vast areas for long periods of time — something even military-grade aerial cameras have struggled to do well."
New surveillance technology can track everyone in an area for several hours at a time
Washington Post, 5 February 2014

"US intelligence spied on former German chancellor Gerhard Schroeder from 2002, a German report has claimed, adding fuel to the flames of a row over spying on incumbent Angela Merkel. According to NDR, Mr Schroeder, the Social Democrat chancellor who served from 1998 to 2005, appears on a list of names of people and institutions put under surveillance by the US National Security Agency (NSA) from 2002, at the start of his second mandate as German head of state. At the time Germany was opposing intervention in Iraq. The NSA has been at the heart of a spying scandal which erupted last year. US-German ties soured amid revelations leaked by former CIA contractor Edward Snowden that US intelligence agencies had eavesdropped on Merkel and collected vast amounts of online data and telephone records from average citizens. The dispute has threatened to derail negotiations on a sweeping transatlantic free trade agreement known as TTIP. Mr Schroeder said he was unsurprised by the latest spying report. 'At the time the idea would never have occurred to me, but now it doesn't surprise me,' he told NDR and the Sueddeutsche Zeitung daily."
NSA 'spied on former German chancellor Gerhard Schroeder'
Telegraph, 5 February 2014

"The U.S. Congress needs to help restore global trust in the nation’s technology vendors by reining in surveillance programs at the National Security Agency, an industry representative told lawmakers Tuesday. Recent revelations about NSA surveillance programs have created a 'misimpression' about the U.S. technology industry and are eroding trust in those companies, said Dean Garfield, president and CEO of the Information Technology Industry Council (ITI). The furor over the NSA surveillance programs could lead to lost income in the tens of billions of dollars for U.S. cloud providers, and many U.S. tech vendors are already hearing complaints, he said. The U.S. needs a 'public policy course correction' on NSA surveillance, Garfield told the U.S. House of Representatives Judiciary Committee. 'Made in the U.S.A. is no longer a badge of honor, but a basis for questioning the integrity and the independence of U.S.-made technology,' Garfield said.'Many countries are using the NSA’s disclosures as a basis for accelerating their policies around forced localization and protectionism.' To stop a'protectionist downward spiral,' Congress needs to ensure greater transparency over NSA surveillance and provide stronger oversight, including a civil liberties advocate at the U.S. Foreign Intelligence Surveillance Court. Congress also needs to find ways to restore trust in the encryption standards process at the U.S. National Institute of Standards and Technology (NIST), he said, after revelations by former NSA contractor Edward Snowden that the NSA worked to compromise the process."
How many criminals have NSA's phone records busted? Maybe one
PCWorld, 4 February 2014

"The U.S. Congress needs to help restore global trust in the nation’s technology vendors by reining in surveillance programs at the National Security Agency, an industry representative told lawmakers Tuesday.... Several lawmakers, both Republicans and Democrats, questioned the legality of the phone records program. Representative Ted Poe, a Texas Republican, questioned how many criminal cases federal investigators have filed using information from the phone records program. There'may be one,' said James Cole, deputy attorney general in the U.S. Department of Justice.'One criminal case?' Poe said.'[The program] is an invasion of personal privacy, and it’s justified on the idea that we’re going to capture these terrorists. The evidence that you’ve told is all this collection has resulted in one bad guy having criminal charges filed on him.'"
How many criminals have NSA's phone records busted? Maybe one
PCWorld, 4 February 2014

"Professor Jean-Jacques Quisquater, a Belgian cryptographer whose work is said to have informed card payment systems worldwide, has reportedly become the victim of a spear-phishing attack by the NSA and/or GCHQ. Belgium's De Standaaard reports that Professor Quisquater clicked on a fake LinkedIn invitation that infected his computer with something even nastier than the endless claims of industry leadership spouted by those most active on that network. The malware is said to have allowed tracking of the Professor's work, including consultancy for various firms. Professor Quisquater's oeuvre, listed here at Google Scholar, bristles with cryptographic research. He also shared 2013's RSA Conference Award for Excellence in the Field of Mathematics for his work on'efficient zero-knowledge authentication schemes'. RSA's (PDF) notes for the award describe his efforts as'a seminal translation of cryptographic theory into practice' and as having'had a major impact on the early development of the smartcard industry.' The professor is therefore a juicy target, as understanding either his research or the advice he offers could conceivably yield insights into real-world operations of cryptosystems or qualities of future schemes. There's also the possibility of monitoring the professor's e-mail, which again could yield interesting information. De Standaard says the hack on Quisquater's kit was discovered as part of the investigation into an attack on Belgacom described by one E. Snowden, late of Moscow. The Belgian paper doesn't say why it is willing to put the NSA and GCHQ in the frame for the hack, saying only that its understanding of what went on indicates their involvement. As the story points out, the attack could be the first known instance of a spookhaus action against a private individual not under investigation for something nefarious. Quisquater's clearly not a 'civilian' , but nor does he appear to be a legitimate target whose activities could reveal the nature of a threat against either the USA or UK. If he has indeed been targeted to gather intelligence about cryptology in general, the Snowden snowball looks set to gather yet more size and speed."
NSA, GCHQ, accused of hacking Belgian smartcard crypto guru
The Register, 3 February 2014ding motorists on M1, M6 and M25
Mail, 3 February 2014

"Speed cameras to catch motorists driving in excess of 70mph are to be installed along hundreds of miles of motorway for the first time. New so-called ‘stealth cameras’ - which may be grey rather than bright yellow - will be placed on stretches of some of the most important motorways including the M1, M6 and M25. Previously, motorway speed cameras have mainly been situated on stretches undergoing roadworks, in order to enforce variable speed limits for safety reasons. Some ‘safety camera partnerships’ have also placed them in vans which are parked on bridges above the motorway. The Highways Agency is looking at the widespread introduction of cameras to target drivers exceeding the maximum allowed speed of 70mph. According to officials, this will prevent jams and allow better traffic flow by controlling speed limits and opening hard shoulders to traffic during busy periods. But motoring groups claim the introduction of cameras is not about road safety but about generating income through fines....A recent poll in Autocar found that 94.6 per cent of motorists admitted driving in excess of 70mph while on the motorway. Critics have pointed out that less visible cameras will have no impact on actually slowing drivers down."
'Stealth' cameras to enforce 70mph limit on motorways: Devices will target spee

"If you're a person who hates it when your supervisor looks over your shoulder at work, you may want to stop reading this column right now. Because what follows is only going to depress you. Hitachi, the big electronics company based in Japan, is manufacturing and selling to corporations a device intended to increase efficiency in the workplace. It has a rather bland and generic-sounding name: the Hitachi Business Microscope. But what it is capable of doing ... well, just imagine being followed around the office or the factory all day by the snoopiest boss in the world. Even into the restroom. And, the thing is, once you hear about it, you just know that, from a management point of view, it is an innovation of absolute genius. Here's how it works: The device looks like an employee ID badge that most companies issue. Workers are instructed to wear it in the office. Embedded inside each badge, according to Hitachi, are 'infrared sensors, an accelerometer, a microphone sensor and a wireless communication device.' Hitachi says that the badges record and transmit to management 'who talks to whom, how often, where and how energetically.' It tracks everything. If you get up to walk around the office a lot, the badge sends information to management about how often you do it, and where you go. If you stop to talk with people throughout the day, the badge transmits who you're talking to (by reading your co-workers' badges), and for how long. Do you contribute at meetings, or just sit there? Either way, the badge tells your bosses. The stated intention of this is to increase productivity and get the most out of employees. But a case can be made that, however much we worry that the National Security Agency may be peeking into our lives, we should be just as concerned -- or more -- about the potential for corporations to become their own, private NSAs. And there's not much, in the future, that employees will be able to do about it. With government surveillance, the public can complain that the state has no right to be scrutinizing the lives of its citizens so intrusively. But corporations can make the argument that supervisors have always been encouraged to keep an eye on how workers are spending their time when they're on the clock -- and that electronic tools such as the Business Microscope are simply a 21st-century way to do that. The employers are paying for their workers' time, the argument will go -- and if the employees don't like being accountable for how they spend that time, they can always choose to work elsewhere. Hitachi says that by analyzing the 'enormous amount of data collected with the Business Microscope, it will be possible to propose methods to improve organizational communication and quantitatively evaluate efficacy.' Among the activities the badges record and transmit, according to Hitachi, are 'the distance between people talking face-to face' and 'an individual's activity level (active or nonactive), which is determined on the basis of subtle movements detected (such as talking, nodding and silence). And the sensor badges never sleep. They never take breaks. They don't go to lunch. As H. James Wilson, a senior researcher at Babson Executive Education, wrote in the Wall Street Journal, the badges not only transmit who employees are talking to and how long the conversations go on, but can 'also measure how well they're talking to them.' If you're in a conference room with colleagues and they are animated participants in a discussion about, say, sales strategy, while you just remain quiet in your seat, the badge knows it. Businesses have long dreamed of maximum efficiency, and Hitachi says that, since the Business Microscope was first developed in its labs in 2007, 'over one million days of human behavior and big data' have been collected.... The long-term question will be whether companies, in the name of workplace output, will want to risk the morale problems that will inevitably arise among employees who are instructed to wear such devices, manufactured either by Hitachi or by other firms that will engineer their own digital tracking machinery. Technology always wins, but victory can come with a price. And if employees bristle and become resentful about being kept on such a short electronic leash, that could bring about productivity problems of a different sort. Unhappy workers are not motivated to put in extra effort. Of course, the employees could get up from their desks, congregate in an out-of-the-way corner of the office, and bitterly complain about it all. But the badges would know. And tell."
How your boss can keep you on a leash
CNN, 2 February 2014

"Hey, big spenders. Facial recognition technology, already employed by some retail stores to spot and thwart shoplifters, may soon be used to identify and track the freest spenders in the aisles. The NEC Corporation, for instance, is working on 'V.I.P. identification' software, based on face recognition, for hotels and other businesses 'where there is a need to identify the presence of important visitors.' And companies like FaceFirst, in Camarillo, Calif., hope to soon complement their shoplifter-identification services with parallel programs to help retailers recognize customers eligible for special treatment. 'Just load existing photos of your known shoplifters, members of organized retail crime syndicates, persons of interest and your best customers into FaceFirst,' a marketing pitch on the company’s site explains. 'Instantly, when a person in your FaceFirst database steps into one of your stores, you are sent an email, text or SMS alert that includes their picture and all biographical information of the known individual so you can take immediate and appropriate action.' Joseph Rosenkrantz, the chief executive of FaceFirst, envisages stores using the software to recognize shoppers and immediately send personalized offers to their phones. But he expects retailers to seek permission from their customers first. 'That would require opt-in consent,' he told me recently. The ability to surreptitiously offer some customers better treatment — and to link their faces and names with biographical profiles — is among the issues that technology industry experts and consumer advocates are likely to confront on Thursday, when they meet in Washington to discuss facial recognition. The event is the first of a series on the topic organized by the National Telecommunications and Information Administration. Agency officials expect that participants will eventually hammer out a voluntary industry code of conduct for the technology’s use. 'Commercial facial recognition technology has the potential to provide important benefits and to support a new wave of technological innovation,' says John Verdi, the agency’s director of privacy initiatives, 'but it also poses consumer privacy challenges.' The meetings are part of an initiative, introduced in 2012 by the White House, to draft and enact baseline federal consumer privacy legislation. Last year, the telecommunications agency held similar forums about data collection by mobile apps. Participants eventually agreed to endorse notices that apps could display before they were downloaded, alerting users if an app collected material, like photos or contact lists, from their phones. But facial recognition seems more fraught because, like DNA sequencing, it measures and records biological patterns unique to individuals. Like concerns over the proliferation of genetic data, the debate over facial recognition ultimately revolves around whether a person has a right to control who has access to his or her biometric data and how it can be used. Because facial recognition can be used covertly to identify and track people by name at a distance, some civil liberties experts call it unequivocally intrusive. In view of intelligence documents made public by Edward J. Snowden, they also warn that once companies get access to such data, the government could, too. 'This is you as an individual being monitored over time and your movements and habits being recorded,' says Christopher Calabrese, legislative counsel for privacy issues at the American Civil Liberties Union. 'That is a very scary technological reality.' For the technology to work, a company or government agency must create a database containing photos or video stills of individuals. Next, a typical system extracts complex measurements — often topological — of each face. Then it converts each person’s facial data into a mathematical code, or 'faceprint.' If security cameras record someone at, say, a store or a casino, the system can compare the faceprint of that live image to those in the database, taking only a few seconds to run through millions of faceprints and find a match. Some international airports use the technology to identify employees as well as frequent fliers who have been cleared by government security services. Facebook offers face-matching software, called 'Tag Suggestions,' to automatically suggest to members the names of people in photos they’ve uploaded. Google said last year that it would not approve 'at this time' apps for Google Glass that use facial recognition. Now retailers and marketers are weighing the possible ramifications of facial recognition and the practices they may need to employ it securely and ethically. Mr. Rosenkrantz of FaceFirst argues that its current shoplifter-recognition service is less intrusive than typical in-store video security systems. Video cameras capture everyone who walks into a store and the images are usually kept for 30 days, he says, whereas FaceFirst destroys faceprints of all consumers except those whom retailers have previously caught shoplifting. 'We purposely do not store information on people not being looked for,' he says."
When No One Is Just a Face in the Crowd
New York Times, 1 February 2014

"The 2003 US-led invasion of Iraq prompted Snowden to think seriously about a career in the military. 'I wanted to fight in the Iraq war because I felt like I had an obligation as a human being to help free people from oppression,' he has said.... In May 2004, Snowden took the plunge and enlisted, reporting to Fort Benning in Georgia. It was a disaster. He was in good physical shape but an improbable soldier, shortsighted and with unusually narrow feet. During infantry training, he broke both his legs. After more than a month's uncertainty, the army finally discharged him. Back in Maryland, he got a job as a 'security specialist' at the University for Maryland's Centre for Advanced Study of Language. It was 2005. (He appears to have begun as a security guard, but then moved back into IT.) Snowden was working at a covert NSA facility on the university's campus. Thanks perhaps to his brief military history, he had broken into the world of US intelligence, albeit on a low rung. The centre worked closely with the US intelligence community, providing advanced language training.In mid-2006, Snowden landed a job in IT at the CIA. .... In 2007, the CIA sent Snowden to Geneva on his first foreign tour. Switzerland was an awakening and an adventure. He was 24. His job was to maintain security for the CIA's computer network and look after computer security for US diplomats. He was a telecommunications information systems officer. ... he would trace the beginning of his own disillusionment with government spying to this time. 'Much of what I saw in Geneva really disillusioned me about how my government functions and what its impact is in the world. I realised that I was part of something that was doing far more harm than good,' he later said..... Between 2009 and 2012, he says he found out just how all-consuming the NSA's surveillance activities are: 'They are intent on making every conversation and every form of behaviour in the world known to them.' He also realised that the mechanisms built into the US system and designed to keep the NSA in check had failed. 'You can't wait around for someone else to act. I had been looking for leaders, but I realised that leadership is about being the first to act.' He left Japan for Hawaii in 2012, a whistleblower-in-waiting."
How Edward Snowden went from loyal NSA contractor to whistleblower
Guardian, 1 February 2014

"The first rendezvous [with journalists] was in Kowloon's Mira hotel, a chic, modern edifice in the heart of the tourist district [of Hong Kong].... Over the course of the day, however, [Edward] Snowden told his story. He had access to tens of thousands of documents taken from NSA and GCHQ's internal servers. Most were stamped Top Secret. Some were marked Top Secret Strap 1 – the British higher tier of super-classification for intercept material – or even Strap 2, which was almost as secret as you could get. No one – apart from a restricted circle of security officials – had ever seen documents of this kind before. What he was carrying, Snowden indicated, was the biggest intelligence leak in history.... As he gave his answers, they began to feel certain Snowden was no fake. And his reasons for becoming a whistleblower were cogent, too. The NSA could bug 'anyone', from the president downwards, he said. In theory, the spy agency was supposed to collect only 'signals intelligence' on foreign targets. In practice this was a joke, Snowden told Greenwald: it was already hoovering up metadata from millions of Americans. Phone records, email headers, subject lines, seized without acknowledgment or consent. From this you could construct a complete electronic narrative of an individual's life: their friends, lovers, joys, sorrows.... What's more, pretty much all of Silicon Valley was involved with the NSA, Snowden said – Google, Microsoft, Facebook, even Steve Jobs's Apple. The NSA claimed it had 'direct access' to the tech giants' servers. It had even put secret back doors into online encryption software – used to make secure bank payments – weakening the system for everybody. The spy agencies had hijacked the internet. Snowden told Greenwald he didn't want to live in a world 'where everything that I say, everything that I do, everyone I talk to, every expression of love or friendship is recorded'....   The young technician explained that the spy agency was capable of turning a mobile phone into a microphone and tracking device... [Guardian journalist] MacAskill asked Snowden, almost as an afterthought, whether there was a UK role in this mass data collection. It didn't seem likely to him. MacAskill knew that GCHQ had a longstanding intelligence-sharing relationship with the US, but he was taken aback by Snowden's vehement response. 'GCHQ is worse than the NSA,' Snowden said. 'It's even more intrusive.'.... Snowden now declared his intention to go public. Poitras recorded Greenwald interviewing him. She made a 12-minute film and got the video through to [the Guardian office in] New York..... Five people, including [Guardian editor Alan] Rusbridger [who had flown in from London], were in the office. The video went up about 3pm local time on Sunday 9 June. 'It was like a bomb going off,' Rusbridger says. 'There is a silent few seconds after a bomb explodes when nothing happens.' The TV monitors were put on different channels; for almost an hour they carried prerecorded Sunday news. Then at 4pm the story erupted. Each network carried Snowden's image. It was 3am in Hong Kong when the video was posted online. It was the most-viewed story in the Guardian's history. Snowden had just become the most hunted man on the planet.'"
How Edward Snowden went from loyal NSA contractor to whistleblower
Guardian, 1 February 2014

"The Deregulation Bill is coming before the UK House of Commons on Monday,