Sun4.jpg (8555 bytes)

NLPWESSEX, natural law publishing

nlpwessex.org

"I don't think in the last two or three hundred years we've faced such a concatenation
of  problems all at the same time.... If we are to solve the issues that are ahead of us,

we are going to need to think in completely different ways."

  Paddy Ashdown, High Representative for Bosnia and Herzegovina 2002 - 2006


SURVEILLANCE SOCIETY NEWS ARCHIVE 2015

Resources

** To Go Direct To Current Surveillance News Reports - Click Here **
**
To Go Direct To 2015 Surveillance News Reports - Click Here **

Home

Surveillance Society News Reports

Current

2015

2014

2013

2012

2011

2010

2009

2008

Selected News Extracts 2015

"A police database that contains details of 22billion vehicle journeys is illegal, Britain's surveillance tsar has warned. A network of around 8,300 'Big Brother' spy cameras takes photos of about 30million number plates each day, with senior officers claiming it is invaluable in preventing and solving serious crimes and terrorist attacks. The Automatic Number Plate Recognition (ANPR) technology is also fitted to police vehicles, and is used to find stolen cars and tackle uninsured drivers. But Tony Porter, the independent surveillance camera commissioner, has questioned the database's legality. ... Mr Porter's warning is troubling because police want to extend retention of details to seven years ......Daniel Nesbitt, research director of pressure group Big Brother Watch, said: 'If there is to be any confidence in this system the questions about its legality need to be resolved as a matter of urgency. 'It's now virtually impossible for motorists to travel without having their details stored, regardless of whether or not they are doing anything wrong.'As this report shows, a proper debate about how this technology is used and to what extent it invades the privacy of ordinary motorists is long overdue.' Bella Sankey, director of policy at Liberty, the civil liberties pressure group, added: 'The slow creep of ANPR use, without public or parliamentary consent, undermines the bedrock principle of policing by consent – how can we consent when we haven't been consulted?'"
Police 'illegally logged 22billion car journeys'
Mail, 30 December 2015

"The "Big Brother" comprehensive national database system feared by many MPs has been built behind their backs over the last decade, and even has a name for its most intrusive component: a central London national phone and internet tapping centre called PRESTON. PRESTON, which collects about four million intercepted phone calls a year, has also recently been used to plant malware on iPhones, according to disclosures by former NSA contractor Edward Snowden. The phones were then targetted for MI5 "implants" (malware), authorised by a ministerial warrant. The location and role of the PRESTON tapping centre has never previously been publicly identified, although published Crown Prosecution Service guidance to senior prosecutors refers to secret "Preston briefings" which they can be given if tapping evidence in a case they are prosecuting reveals that a defendant may be innocent."
Big Brother is born. And we find out 15 years too late to stop him
The Register, 16 December 2015

"Proposed new surveillance laws are so broad they could allow spies to monitor people's banking and shopping habits, MPs and peers have been told. The draft Investigatory Powers Bill includes plans to store the online activity of everyone in the UK. But a lesser-known clause would let the security services download personal details from "bulk" databases. Internet privacy campaigner Jim Killock claimed it could even include things like the Tesco Clubcard scheme. It was revealed earlier this year that GCHQ is downloading large amounts of personal data, known as "bulk personal datasets", under old pieces of legislation."
GCHQ could 'grab' UK shopping data, committee told
BBC News, 10 December 2015

"For the first time, UK intelligence agency GCHQ has admitted that it does hack into computers and devices to install malware to spy on people both in the UK and abroad. The admission was made before the UK's independent Investigatory Powers Tribunal, which is hearing complaints by human rights advocacy group Privacy International and seven internet service providers (ISPs) that GCHQ and the Foreign Office broke privacy laws to illegally hack into phones, computers and networks around the world."
GCHQ finally admits it 'persistently' hacked computers and phones in the UK and abroad
International Business Times, 3 December 2015

"The majority of the UK cabinet were never told the security services had been secretly harvesting data from the phone calls, texts and emails of a huge number of British citizens since 2005, Nick Clegg has disclosed. Clegg says he was informed of the practice by a senior Whitehall official soon after becoming David Cameron’s deputy in 2010, but that“only a tiny handful” of cabinet ministers were also told – likely to include the home secretary, the foreign secretary and chancellor. He said he was astonished to learn of the capability and asked for its necessity to be reviewed. The former deputy prime minister’s revelation in the Guardian again raises concerns about the extent to which the security services felt they were entitled to use broadly drawn legislative powers to carry out intrusive surveillance and keep this information from democratically elected politicians. The government finally admitted on Wednesday that the mass surveillance of British citizens began in 2001 after 9/11 and was stepped up in 2005, using powers under national security directions largely hidden in the 1984 Telecommunications Act. It is not known if government law officers sanctioned the use of the act in this way, but it appears the intelligence and security committee responsible for parliamentary oversight was not informed, adding to the impression of a so-called deep state operating outside the scrutiny of parliament."
Only 'tiny handful' of ministers knew of mass surveillance, Clegg reveals
Guardian, 5 November 2015

"Smartphone users can do "very little" to stop security services getting "total control" over their devices, US whistleblower Edward Snowden has said. The former intelligence contractor told the BBC's Panorama that UK intelligence agency GCHQ had the power to hack into phones without their owners' knowledge. Mr Snowden said GCHQ could gain access to a handset by sending it an encrypted text message and use it for such things as taking pictures and listening in. The UK government declined to comment. He did not suggest that either GCHQ or the NSA were interested in mass-monitoring of citizens' private communications but said both agencies had invested heavily in technology allowing them to hack smartphones. "They want to own your phone instead of you," he said.  Mr Snowden talked about GCHQ's "Smurf Suite", a collection of secret intercept capabilities individually named after the little blue imps of Belgian cartoon fame. "Dreamy Smurf is the power management tool which means turning your phone on and off with you knowing," he said. "Nosey Smurf is the 'hot mic' tool. For example if it's in your pocket, [GCHQ] can turn the microphone on and listen to everything that's going on around you - even if your phone is switched off because they've got the other tools for turning it on. "Tracker Smurf is a geo-location tool which allows [GCHQ] to follow you with a greater precision than you would get from the typical triangulation of cellphone towers.... Mr Snowden also referred to a tool known as Paronoid Smurf. "It's a self-protection tool that's used to armour [GCHQ's] manipulation of your phone. For example, if you wanted to take the phone in to get it serviced because you saw something strange going on or you suspected something was wrong, it makes it much more difficult for any technician to realise that anything's gone amiss.' "
Edward Snowden interview: 'Smartphones can be taken over'
BBC Online, 5 October 2015

"There was a simple aim at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear. Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities. One system builds profiles showing people’s web browsing histories. Another analyzes instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on “suspicious” Google searches and usage of Google Maps. The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant. Metadata reveals information about a communication — such as the sender and recipient of an email, or the phone numbers someone called and at what time — but not the written content of the message or the audio of the call. As of 2012, GCHQ was storing about 50 billion metadata records about online communications and Web browsing activity every day, with plans in place to boost capacity to 100 billion daily by the end of that year. The agency, under cover of secrecy, was working to create what it said would soon be the biggest government surveillance system anywhere in the world."
Profiled
The Intercept, 25 September 2015

"A "Snowden Treaty" designed to counter mass surveillance and protect whistleblowers around the world has been proposed by Edward Snowden, and three of the people most closely associated with his leaks: the documentary film-maker Laura Poitras; David Miranda, who was detained at Heathrow airport, and is the Brazilian coordinator of the campaign to give asylum to Snowden in Brazil; and his partner, the journalist Glenn Greenwald."
“Snowden Treaty” proposed to curtail mass surveillance and protect whistleblowers
ArsTechnica, 25 September 2015

"Microsoft can track every word you type, or say out loud, while using its latest operating system, Windows 10. Windows 10, which unites the Microsoft ecosystem across a host of devices including smartphones, tablet and desktops PC, first rolled out back in July. The Microsoft OS saw huge adoption within the first few hours of its release – but the free upgrade process has not been without issues.  Users have reported agonisingly slow boot-up speeds, wifi issues and problems with child safety features following the jump to Windows 10. "
Windows 10: Microsoft is recording EVERYTHING you type, but here's how to stop it
Express, 8 September 2015

"The NSA is gathering and eavesdropping on practically all communications emerging from South America, WikiLeaks founder Julian Assange told Chilean publication El Mostrador Tuesday. 'Ninety-eight percent of Latin American communications are intercepted by the NSA while passing through the United States to the world,' Assange said in an interview with the publication. A large focus of Assange was related to the large swaths of information being collected by American tech companies, specifically Google and Facebook, and their relationship with the U.S. intelligence communities."
NSA Intercepts 98% Of South American Communications: Assange
TechCrunch, 8 July 2015

"Documents released by WikiLeaks appear to show the US spied on close aides of German Chancellor Angela Merkel and other officials for years. The leaks show Merkel's private and professional opinions on a range of issues. The WikiLeaks report, released on Wednesday, suggests NSA spying on German officials went on far longer and more widely than previously thought. The website published a new list of German phone numbers it claims showed the NSA targeted the officials for surveillance. The list of 56 partially redacted phone numbers includes those belonging to staff of the former German Chancellor Gerhard Schröder as well as his predecessor, Helmut Kohl. Also on the list were numbers attributed to former diplomat Geza Andreas von Geyr, who now works for the Ministry of Defense, and Ronald Pofalla, who was the former head of Angela Merkel's chancellery between 2009 and 2013. WikiLeaks also gave a cell phone number it claimed was used by the German leader up until 2013. The website published what it said were three intercepts by the US National Security Agency (NSA) of conversations involving Merkel."
WikiLeaks says NSA spied on top German politicians 'for decades'
Deutsche Welle, 8 July 2015

"Campaign group Amnesty International has called for an independent inquiry after it was confirmed it was spied on by British surveillance agency GCHQ. It said it was "outrageous" that human rights bodies were being monitored. It came after the Investigatory Powers Tribunal (IPT) informed Amnesty that GCHQ had breached rules by keeping data intercepted from it for too long - although it had been collected legally. The IPT was revising an earlier ruling that had failed to name Amnesty. "
Amnesty calls for GCHQ spying inquiry
BBC Online, 2 July 2015

"The United States National Security Agency spied on French presidents Jacques Chirac, Nicolas Sarkozy and Francois Hollande, WikiLeaks said in a press statement published on Tuesday, citing top secret intelligence reports and technical documents. The revelations were first reported in French daily Liberation and on news website Mediapart, which said the NSA spied on the presidents during a period of at least 2006 until May 2012, the month Hollande took over from Sarkozy. WikiLeaks said the documents derived from directly targeted NSA surveillance of the communications of Hollande (2012–present), Sarkozy (2007–2012) and Chirac (1995–2007), as well as French cabinet ministers and the French ambassador to the U.S. According to the documents, Sarkozy is said to have considered restarting Israeli-Palestinian peace talks without U.S. involvement and Hollande feared a Greek euro zone exit back in 2012. These latest revelations regarding spying among allied Western countries come after it emerged that the NSA had spied on Germany and Germany's own BND intelligence agency had cooperated with the NSA to spy on officials and companies elsewhere in Europe.... The documents include summaries of conversations between French government officials on the global financial crisis, the future of the European Union, the relationship between Hollande's administration and Merkel's government, French efforts to determine the make-up of the executive staff of the United Nations, and a dispute between the French and U.S. governments over U.S. spying on France. "
NSA spied on French presidents: WikiLeaks
Reuters, 23 June 2015

"The British government quietly changed anti-hacking laws to exempt GCHQ and other law enforcement agencies from criminal prosecution, it has been claimed. Details of the change were revealed at the Investigatory Powers Tribunal which is hearing a challenge to the legality of computer hacking by UK law enforcement and intelligence agencies. The Government amended the Computer Misuse Act (CMA) two months ago."
UK government rewrites surveillance law to get away with hacking and allow cyber attacks, campaigners claim
Independent, 15 May 2015

"Germany's intelligence service, the Bundesnachrichtendienst (BND), has been helping the NSA spy on European politicians and companies for years, according to the German news magazine Der Spiegel. The NSA has been sending lists of 'selectors'—identifying telephone numbers, e-mail and IP addresses—to the BND, which then provides related information that it holds in its surveillance databases. According to the German newspaper Die Zeit, the NSA sent selector lists several times a day, and altogether 800,000 selectors have been requested. .... According to Der Spiegel, investigators found that the BND had provided information on around 2,000 selectors that were clearly against European and German interests. Not only were European businesses such as the giant aerospace and defense company EADS, best-known as the manufacturer of the Airbus planes, targeted, so were European politicians—including German ones. However, the BND did not inform the German Chancellor's office, which only found out about the misuse of the selector request system in March 2015. Instead, the BND simply asked the NSA to make requests that were fully covered by the anti-terrorism agreement between the two countries. According to Die Zeit, this was because the BND was worried that the NSA might curtail the flow of its own intelligence data to the German secret services if the selector scheme became embroiled in controversy. The information about this activity has finally come out thanks to a long-running committee of inquiry, set up by the German Bundestag (federal parliament), which has been trying to get to the bottom of the NSA activities in Germany, and of the BND's involvement in them. "
NSA spied on EU politicians and companies with help from German intelligence
Arstechnica, 24 April 2015

"While you’ve likely never heard of companies like Yesware, Bananatag, and Streak, they almost certainly know a good deal about you. Specifically, they know when you’ve opened an email sent by one of their clients, where you are, what sort of device you’re on, and whether you’ve clicked a link, all without your awareness or consent. That sort of email tracking is more common than you might think. A Chrome extension called Ugly Mail shows you who’s guilty of doing it to your inbox. Sonny Tulyaganov, Ugly Mail’s creator, says he was inspired to write the'tiny script'when a friend told him about Streak, an email-tracking service whose Chrome extension has upwards of 300,000 users. Tulyaganov was appalled.'[Streak] allowed users track emails, see when, where and what device were used to view email,'he recalled to WIRED.'I tried it out and found it very disturbing, so decided to see who is actually tracking emails in my inbox.'Once the idea for Ugly Mail was born, it only took a few hours to make it a reality. The reason it was so easy to create is that the kind of tracking it monitors is itself a simple procedure."
A Clever Way to Tell Which of Your Emails Are Being Tracked
Wired, 20 March 2015

"The government has admitted that its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justified to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime. That is the claim of pressure group Privacy International, following admissions by the government in a court document published today by the organisation. It follows two court cases initiated last year against GCHQ that challenge what Privacy International claims is invasive state-sponsored hacking that was revealed by Edward Snowden. In the document, the government outlines the broad authority it has given UK intelligence services to infiltrate personal devices, the internet, and social media websites. In addition, government lawyers claim that while the intelligence services require authorisation before they are allowed to hack into the computer and mobile phones of 'intelligence targets', GCHQ is equally permitted to break into computers anywhere in the world, even if they are not connected to a crime or a threat to national security. 'Such powers are a massive invasion of privacy. Hacking is the modern equivalent of entering someone's house, searching through filing cabinets, diaries and correspondence, and planting devices to permit constant surveillance in future,' commented the organisation. 'If mobile devices are involved, the government can obtain historical information, including every location visited in the past year and the ongoing surveillance will capture the affected individual wherever they go.' The court document relies heavily on a draft code on 'equipment interference', according to the pressure group, which was quietly released to the public on the same day that the Investigatory Powers Tribunal found that GCHQ had engaged in unlawful information sharing with the US National Security Agency (NSA). For the past decade, GCHQ has been involved in state-sponsored hacking without this code being available to the public, claims Privacy International, which means that they have almost certainly been acting against the law. Indeed, the draft code has not even been approved by Parliament yet, and remains open for public comment until 20 March. Privacy International has been involved in two separate complaints to the Investigatory Powers Tribunal, one filed on its own that challenges the UK security services' presumed rights to attack any computer devices in the perceived pursuit of its work; the other is with seven internet service providers and communications companies, which calls for GCHQ to be stopped from attacks against communications networks. 'The government has been deep in the hacking business for nearly a decade, yet they have never once been held accountable for their actions. They have granted themselves incredible powers to break into the devices we hold near and dear, the phones and computers that are so integral to our lives,' said Eric King, deputy director of Privacy International. He continued: 'What's worse is that without any legitimate legal justification, they think they have the authority to target anyone they wish, no matter if they are suspected of a crime. This suspicionless hacking must come to an end and the activities of our intelligence agencies must be brought under the rule of law.'"
Government admits: security services can do what they like – claims Privacy International
Computing, 17 March 2015

"Every time you email someone overseas, the NSA copies and searches your message. It makes no difference if you or the person you're communicating with has done anything wrong. If the NSA believes your message could contain information relating to the foreign affairs of the United States – because of whom you're talking to, or whom you're talking about – it may hold on to it for as long as three years and sometimes much longer. A new ACLU lawsuit filed today challenges this dragnet spying, called 'upstream' surveillance, on behalf of Wikimedia and a broad coalition of educational, human rights, legal, and media organizations whose work depends on the privacy of their communications. The plaintiffs include Amnesty International USA, the National Association of Criminal Defense Lawyers, and The Nation magazine, and many other organizations whose work is critical to the functioning of our democracy. .... The NSA's targets may include journalists, academics, government officials, tech workers, scientists, and other innocent people who are not connected even remotely with terrorism or suspected of any wrongdoing. The agency sweeps up Americans' communications with all of those targets. ..... As former NSA Director Michael Hayden recently put it, '[L]et me be really clear. NSA doesn't just listen to bad people. NSA listens to interesting people. People who are communicating information.'"
The NSA Has Taken Over the Internet Backbone. We're Suing to Get it Back.
American Civil Liberties Union, 10 March 2015

"GCHQ unlawfully spied on British citizens, a secretive UK court has ruled. The decision could mean GCHQ will be forced to delete the information it acquired from people that were spied on. The Investigatory Powers Tribunal (IPT), the secretive court that was created to keep Britain’s intelligence agencies in check, said that GCHQ’s access to information intercepted by the NSA breached human rights laws. The court found that the collection contravened Article 8 of the European Convention on Human Rights, which protects the right to a private and family life. It also breaches Article 6, which protects the right to a fair trial. The breaches open up the possibility of anyone who 'reasonably believes' they were spied on to ask for the information that GCHQ holds on them to be deleted. Citizens can send complaints to the IPT to find out whether they were spied on and ask for a deletion. Some of the privacy groups that brought the complaint are beginning proceedings to do so. The IPT has never ruled against any intelligence agency since it was set up in 2000. It found in December that GCHQ’s access to the data was lawful from that point onward, and it re-affirmed that decision today. That ruling is now being appealed. GCHQ pointed to that decision in its response to today's ruling, which it said it welcomed. A GCHQ spokesperson said: 'We are pleased that the Court has once again ruled that the UK’s bulk interception regime is fully lawful. It follows the Court’s clear rejection of accusations of ‘mass surveillance’ in their December judgment.' But the court said today that historical collection was unlawful because the rules governing how the UK could access information received from the NSA were kept secret."
GCHQ spying on British citizens was unlawful, secret court rules in shock decision
Independent, 6 February 2015

"Edward Snowden, the infamous former contractor for the National Security Agency who leaked thousands of pages of previously classified NSA intelligence documents, reportedly thinks that Apple's iPhone has 'special software' that authorities can activate remotely to be able to gather information about the user. 'Edward never uses an iPhone; he's got a simple phone,' said the lawyer of Snowden, Anatoly Kucherena, in an interview with the Russian media company RIA Novosti."
Edward Snowden: Apple iPhone with Secret iFeature Allows Government to Spy on You
Tech Times, 24 January 2015

"GCHQ’s bulk surveillance of electronic communications has scooped up emails to and from journalists working for some of the US and UK’s largest media organisations, analysis of documents released by whistleblower Edward Snowden reveals. Emails from the BBC, Reuters, the Guardian, the New York Times, Le Monde, the Sun, NBC and the Washington Post were saved by GCHQ and shared on the agency’s intranet as part of a test exercise by the signals intelligence agency. The disclosure comes as the British government faces intense pressure to protect the confidential communications of reporters, MPs and lawyers from snooping. The journalists’ communications were among 70,000 emails harvested in the space of less than 10 minutes on one day in November 2008 by one of GCHQ’s numerous taps on the fibre-optic cables that make up the backbone of the internet. The communications, which were sometimes simple mass-PR emails sent to dozens of journalists but also included correspondence between reporters and editors discussing stories, were retained by GCHQ and were available to all cleared staff on the agency intranet. There is nothing to indicate whether or not the journalists were intentionally targeted. The mails appeared to have been captured and stored as the output of a then-new tool being used to strip irrelevant data out of the agency’s tapping process. New evidence from other UK intelligence documents revealed by Snowden also shows that a GCHQ information security assessment listed 'investigative journalists' as a threat in a hierarchy alongside terrorists or hackers. Senior editors and lawyers in the UK have called for the urgent introduction of a freedom of expression law amid growing concern over safeguards proposed by ministers to meet concerns over the police use of surveillance powers linked to the Regulation of Investigatory Powers Act 2000 (Ripa). More than 100 editors, including those from all the national newspapers, have signed a letter, coordinated by the Society of Editors and Press Gazette, to the UK prime minister, David Cameron, protesting at snooping on journalists’ communications. In the wake of terror attacks on the Charlie Hebdo offices and a Jewish grocer in Paris, Cameron has renewed calls for further bulk-surveillance powers, such as those which netted these journalistic communications. .....The GCHQ document goes on to warn that the fact that billing records 'kept under Ripa are not limited to warranted targets' must be kept as one of the agency’s most tightly guarded secrets, at a classification known as 'Top secret strap 2'. That is two levels higher than a normal top secret classification as it refers to 'HMG [Her Majesty’s government] relationships with industry that have areas of extreme sensitivity'. Internal security advice shared among the intelligence agencies was often as preoccupied with the activities of journalists as with more conventional threats such as foreign intelligence, hackers or criminals. One restricted document intended for those in army intelligence warned that 'journalists and reporters representing all types of news media represent a potential threat to security'. It continued: 'Of specific concern are ‘investigative journalists’ who specialise in defence-related exposés either for profit or what they deem to be of the public interest. 'All classes of journalists and reporters may try either a formal approach or an informal approach, possibly with off-duty personnel, in their attempts to gain official information to which they are not entitled.' It goes on to caution 'such approaches pose a real threat', and tells staff they must be 'immediately reported' to the chain-of-command. GCHQ information security assessments, meanwhile, routinely list journalists between 'terrorism' and 'hackers' as 'influencing threat sources', with one matrix scoring journalists as having a 'capability' score of two out of five, and a 'priority' of three out of five, scoring an overall 'low' information security risk. Terrorists, listed immediately above investigative journalists on the document, were given a much higher 'capability' score of four out of five, but a lower 'priority' of two. The matrix concluded terrorists were therefore a 'moderate' information security risk."
GCHQ captured emails of journalists from top international media
Guardian, 19 January 2015

"British spooks intercepted emails from US and UK media organisations and rated ‘investigative journalists’ alongside terrorists and hackers as potential security threats, secret documents reveal. Internal advice circulated by intelligence chiefs at the Government spy centre GCHQ claims ‘journalists and reporters representing all types of news media represent a potential threat to security’. Intelligence documents leaked by the fugitive US whistleblower Edward Snowden also show that British security officers scooped up 70,000 emails in just 10 minutes during one interception exercise in 2008. "
British spooks tapped emails from UK and US media
Mail, 19 January 2015

"... the [NSA] isn't just trying to achieve mass surveillance of Internet communication, either. The digital spies of the Five Eyes alliance -- comprised of the United States, Britain, Canada, Australia and New Zealand -- want more. According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money.  During the 20th century, scientists developed so-called ABC weapons -- atomic, biological and chemical. It took decades before their deployment could be regulated and, at least partly, outlawed. New digital weapons have now been developed for the war on the Internet. But there are almost no international conventions or supervisory authorities for these D weapons, and the only law that applies is the survival of the fittest. Canadian media theorist Marshall McLuhan foresaw these developments decades ago. In 1970, he wrote, 'World War III is a guerrilla information war with no division between military and civilian participation.' That's precisely the reality that spies are preparing for today.... From a military perspective, surveillance of the Internet is merely 'Phase 0' in the US digital war strategy. ..... In recent years, malware has emerged that experts have attributed to the NSA and its Five Eyes alliance based on a number of indicators. They include programs like Stuxnet, used to attack the Iranian nuclear program. Or Regin, a powerful spyware trojan that created a furor in Germany after it infected the USB stick of a high-ranking staffer to Chancellor Angela Merkel. Agents also used Regin in attacks against the European Commission, the EU's executive, and Belgian telecoms company Belgacom in 2011. Given that spies can routinely break through just about any security software, virtually all Internet users are at risk of a data attack.... Intelligence agencies have adopted 'plausible deniability' as their guiding principle for Internet operations. To ensure their ability to do so, they seek to make it impossible to trace the author of the attack. It's a stunning approach with which the digital spies deliberately undermine the very foundations of the rule of law around the globe. This approach threatens to transform the Internet into a lawless zone in which superpowers and their secret services operate according to their own whims with very few ways to hold them accountable for their actions."
The Digital Arms Race: NSA Preps America for Future Battle
Der Speigel, 17 January 2015



MORE SURVEILLANCE INFORMATION
SURVEILLANCE SOCIETY BULLETINS



Contact

'We Need A New Way Of Thinking' - Consciousness-Based Education


     

2015

"Microsoft Corp said on Wednesday it will begin warning users of its consumer services including Outlook.com email when the company suspects that a government has been trying to hack into their accounts. The policy change comes nine days after Reuters asked the company why it had decided not tell victims of a hacking campaign, discovered in 2011, that had targeted international leaders of China's Tibetan and Uighur minorities in particular. According to two former employees of Microsoft, the company's own experts had concluded several years ago that Chinese authorities had been behind the campaign but the company did not pass on that information to users of its Hotmail service, which is now called Outlook.com. In its statement, Microsoft said neither it nor the U.S. government could pinpoint the sources of the hacking attacks and that they didn't come from a single country. The policy shift at the world's largest software company follows similar moves since October by Internet giants Facebook Inc, Twitter Inc and most recently Yahoo Inc. Google Inc pioneered the practice in 2012 and said it now alerts tens of thousands of users every few months. For two years, Microsoft has offered alerts about potential security breaches without specifying the likely suspect."
Microsoft to warn email users of suspected hacking by governments
Reuters, 31 December 2015

"A police database that contains details of 22billion vehicle journeys is illegal, Britain's surveillance tsar has warned. A network of around 8,300 'Big Brother' spy cameras takes photos of about 30million number plates each day, with senior officers claiming it is invaluable in preventing and solving serious crimes and terrorist attacks. The Automatic Number Plate Recognition (ANPR) technology is also fitted to police vehicles, and is used to find stolen cars and tackle uninsured drivers. But Tony Porter, the independent surveillance camera commissioner, has questioned the database's legality. In his report, Mr Porter said: 'There is no statutory authority for the creation of the national ANPR database, its creation was never agreed by Parliament, and no report on its operation has even been laid before Parliament. 'I have referred these concerns over the legality of ANPR to the Home Office. The Government may wish to consider the statutory framework on which ANPR is based.' Each time a vehicle passes an ANPR camera it takes a picture of the number plate and the front of the car, including the driver's face. Police say this allows them to track criminals and terrorists in real time as they drive around. But privacy campaigners have long argued that the system, which allows officers to access the mountains of data for up to two years, is intrusive. Mr Porter's warning is troubling because police want to extend retention of details to seven years and DVLA officials could be permitted access to track down road tax cheats – increasing the risk of data being abused. While there is almost no chance of the system being shut down, it raises the prospect of motorists – including criminals – taking legal action against the authorities for breaches of privacy. A source close to the surveillance camera commissioner said: 'Previous home secretaries have been told about this but nothing has been done. Civil liberties groups have told us they might take a test case.' Daniel Nesbitt, research director of pressure group Big Brother Watch, said: 'If there is to be any confidence in this system the questions about its legality need to be resolved as a matter of urgency. 'It's now virtually impossible for motorists to travel without having their details stored, regardless of whether or not they are doing anything wrong.'As this report shows, a proper debate about how this technology is used and to what extent it invades the privacy of ordinary motorists is long overdue.' Bella Sankey, director of policy at Liberty, the civil liberties pressure group, added: 'The slow creep of ANPR use, without public or parliamentary consent, undermines the bedrock principle of policing by consent – how can we consent when we haven't been consulted?'"
Police 'illegally logged 22billion car journeys'
Mail, 30 December 2015

"US intelligence agencies discovered the Israeli government leaked details of the US-Iran nuclear negotiations and coordinated efforts with Jewish-American groups to undermine the talks, it is claimed. The NSA - which has faced intense criticism for tapping the phone conversations of its allies in recent years - reportedly eavesdropped on the conversations of Israeli Prime Minister Benjamin Netanyahu and his advisers as the talks progressed. According to the Wall Street Journal, Mr Netanyahu was caught on tape negotiating with undecided congressman and senators about what it would take to get them to vote against the nuclear deal agreed in July this year. A US intelligence official who has reportedly heard the intercepts said Israeli officials were heard asking the undecided American lawmakers questions such as 'How can we get your vote? What’s it going to take'.... The NSA and its Israeli counterpart, Unit 8200, have had close links in the past. The American organisation helped Israeli expand its electronic spying systems to monitor its regional enemies and the information was then shared with the US. The two are believed to be still working together at the start of the Obama administration but revelations by Edward Snowden about American surveillance have raised tensions in recent years."
US surveillance of Israel shows Netanyahu government 'tried to persuade Congressmen to vote against Iran nuclear deal'
Independent, 30 December 2015

"Bosses at Twitter and other social media giants face prison if they tip off their customers about spying operations by police and the security services, under a sweeping new law. Ministers have lost patience with the tech giants after it emerged that some companies were warning users of requests for communications data by MI5, MI6 and GCHQ. Bosses of any technology firm which ignores the Home Office edict to keep operations secret will face up to two years in prison. It will become an explicit criminal offence to notify the subject of a surveillance operation that requests for their data have been made, unless they have permission to do so. This could include tweets, text messages or emails. The move, included in the controversial draft Investigatory Powers Bill, will further stoke tensions between the authorities and the communications companies, who officials say have become less co-operative in the wake of the Edward Snowden leaks. Snowden – an ex-security official for the US Government, now a fugitive in Russia –revealed details of mass surveillance operations by British and American agencies. In response, technology companies said they would take greater steps to protect their customers’ ‘privacy’. Antony Walker, deputy chief executive officer at techUK, which represents communications and internet firms, said: ‘A right of redress by the citizen depends upon individuals being notified at some appropriate time that requests have been made to access their data. ‘By preventing companies from notifying consumers about requests for access to data the Investigatory Powers Bill risks being out of step with the direction of international law. ‘This will make co-operation between jurisdictions more difficult and could slow down the sharing of information between international agencies. So from that perspective preventing companies from being more transparent about the data requests they receive appears counter-productive.’ Details of the plan emerged in a note to the Investigatory Powers Bill, which will itself require communications firms to store details of the public’s use of the internet and apps for 12 months."
Social media bosses face two years in jail if they warn users MI5 is watching them after ministers lose patience with tech giants
Mail, 28 December 2015

"The Home Office has refused to make Theresa May’s internet browsing history public under freedom of information rules, arguing that a request to do so is “vexatious”. The Independent requested the Home Secretary’s work browsing history for the last week of October under the Freedom of Information Act. Under the new Investigatory Powers Bill announced by Ms May the internet browsing history of everyone in the UK will have to be stored for a year and police and security services will be able to access the list of visited websites without any warrant. The Home Secretary described such information, which her department refused to release in relation to her, as “the modern equivalent of an itemised phone bill". Itemised phone bills have previously been released under the Freedom of Information Act. The Freedom of Information Act is in theory supposed to allow for information held by government bodies to be disclosed, subject to certain conditions. On 4 November the Independent invoked the Act to ask the Home Office to disclose “‘the web browser history of all web browsers on the Home Secretary Theresa May's GSI network account for the week beginning Monday 26 October”. The only reason given by officials against disclosure of Ms May’s browsing history was that the request for transparency was a “scattergun” approach conducted “without any idea of what might be revealed”. If the Department had agreed to the request, it would have shown a list of websites visited on the Home Secretary’s computer account for a week."
Theresa May wants to see your internet history, so we thought it was only fair to ask for hers
Independent, 24 December 2015

"Simply using certain encryption services or investigating alternatives to Microsoft Windows could get you placed under surveillance by the National Security Agency (NSA) and other intelligence organizations, according to a new report. Utilizing encryption solutions such as TOR could result in monitoring by the NSA and its allies, including Britain’s Government Communications Headquarters (GCHQ), according to the report in the German media outlet Tagesschau. The NSA tracks people with a surveillance tool called XKeyscore. “Anyone who is determined to be using Tor is also targeted for long-term surveillance and retention,” Corey Doctorow wrote at the BoingBoing.net blog. The German outlet said computer experts watched the XKeyscore code and found that the NSA was constantly monitoring TOR users on servers at MIT’s Computer Science and Artificial Intelligence Laboratory, the National Journal reported. TOR is a program that lets a person stay private by routing communications through computers and servers all over the world. It makes it much harder for the NSA and other agencies to track. The German report listed a number of seemingly innocent and harmless behaviors that can trigger NSA surveillance, the National Journal said. They include:  * Going to Linux Journal, a popular forum for the open-sourced operating system Linux. The NSA apparently regards Linux Journal as an extremist forum.   * Searching for information about Tails, a popular operating system used by human rights advocates. *Searching for information about any Windows alternative. * Searching for information about online privacy. -  “The better able you are at protecting your privacy online, the more suspicious you become,” National Journal’s Paul Tucker wrote."
Online Actions That Spark NSA Monitoring
Off The Grid News, 19 December 2015

"There is a huge difference between legal programs, legitimate spying, legitimate law enforcement - where individuals are targeted based on a reasonable, individualized suspicion - and these programs of dragnet mass surveillance that put entire populations under an all-seeing eye and save copies forever. These programs were never about terrorism: they’re about economic spying, social control, and diplomatic manipulation. They’re about power."
Snowden’s open letter to Brazil: Read the text
Washington Post, 17 December 2015

"The "Big Brother" comprehensive national database system feared by many MPs has been built behind their backs over the last decade, and even has a name for its most intrusive component: a central London national phone and internet tapping centre called PRESTON. PRESTON, which collects about four million intercepted phone calls a year, has also recently been used to plant malware on iPhones, according to disclosures by former NSA contractor Edward Snowden. The phones were then targetted for MI5 "implants" (malware), authorised by a ministerial warrant. The location and role of the PRESTON tapping centre has never previously been publicly identified, although published Crown Prosecution Service guidance to senior prosecutors refers to secret "Preston briefings" which they can be given if tapping evidence in a case they are prosecuting reveals that a defendant may be innocent. (The guidance also notes that the briefing may be given after exculpatory intercept evidence has been destroyed.) Located inside the riverside headquarters of the Security Service, MI5, in Thames House, PRESTON works alongside and links to massive databases holding telephone call records, internet use records, travel, financial, and other personal records held by the National Technical Assistance Centre (NTAC), a little known intelligence support agency set up by Tony Blair's government in a 1999 plan to combat encryption and provide a national centre for internet surveillance and domestic codebreaking. Soon after, the Parliamentary Intelligence and Security Committee were told that the spy agencies would fund NTAC as "a twenty-four hour centre operated on behalf of all the law enforcement, security and intelligence agencies, providing a central facility for the complex processing needed to derive intelligence material from lawfully intercepted computer-to-computer communications and from lawfully seized computer data ... The NTAC will also support the technical infrastructure for the lawful interception of communications services including Internet Services." The Home Office then commissioned and funded a technical plan to establish an interception network for the domestic internet, and allocated a £25m budget to get NTAC started."
Big Brother is born. And we find out 15 years too late to stop him
The Register, 16 December 2015

"Proposed new surveillance laws are so broad they could allow spies to monitor people's banking and shopping habits, MPs and peers have been told. The draft Investigatory Powers Bill includes plans to store the online activity of everyone in the UK. But a lesser-known clause would let the security services download personal details from "bulk" databases. Internet privacy campaigner Jim Killock claimed it could even include things like the Tesco Clubcard scheme. It was revealed earlier this year that GCHQ is downloading large amounts of personal data, known as "bulk personal datasets", under old pieces of legislation. The Home Office wants to put the practice on a firmer legal footing and has promised tougher safeguards - including six month warrants issued by the home secretary - and judicial oversight. But Open Rights Group director Jim Killock, giving evidence to the Parliamentary committee examining the draft bill, said it appeared to suggest mass surveillance. "What is a bulk data set? Which have been accessed and grabbed by GCHQ so far? Who might that apply to?  "Just about every business in the country operates a database with personal information in it.   "This could be Tesco Clubcard information. It could be Experian's data around people's financial transactions, it could be banking details, it could certainly be any government database that you care to mention. "It's kind of hard to see where surveillance ends with bulk data sets."... The draft bill would also give legal cover to the security services to carry out bulk internet traffic surveillance of the kind uncovered by US whistleblower Edward Snowden. Shami Chakrabarti, of Liberty, urged the Home Office to come up with a "new bill" to protect the public that did not have such sweeping powers. She told the committee: "I think my fundamental objection is too much of this is about sanctioning mass surveillance of entire populations and departing from traditional democratic norms of targeted, suspicion-based surveillance for limited purposes, and there are insufficient safeguards against abuse."
GCHQ could 'grab' UK shopping data, committee told
BBC News, 10 December 2015

"Britain’s intelligence agencies could take over children’s toys and use them to spy on suspects, MPs have been told.   Antony Walker of techUK said that anything connected to the Internet could “in theory” be hacked into remotely. The draft Investigatory Powers Bill being considered by MPs would put a legal duty on Internet providers to assist in hacking devices. With a growing number of toys now including Internet software it would be possible for Britain’s spooks to hack them, Mr Walker suggested. He urged the Home Office to define more tightly what "equipment interference” entailed and raised concerns about “smart toys” during an appearance before the Commons science and technology committee. "A range of devices that have been in the news recently, in relation to a hack, are children's toys, that children can interact with," Mr Walker said. "These are devices that may sit in a child's bedroom but are accessible. "In theory, the manufacturer of those products could be the subject of a warrant to enable equipment interference with those devices. "So the potential extent, I think, is something that needs to be carefully considered." Hello Barbie, My Friend Cayla and other talking dolls have reportedly been looked at by security experts in recent months amid concerns. The draft legislation would increase the legal footing “equipment interference" warrants would be put on and make sure they are "only used when necessary and proportionate for a legitimate purpose". Mr Walker, whose organisation represents 850 UK technology firms, added: “When we start to think, not just about the world today, but the world in five, 10 years' time as the Internet of Things becomes more real, and more pervasive.  "I think it requires careful thought in terms of where the limits should be." "
British spooks 'could hack into children's toys for spying'
Telegraph, 9 December 2015

"Director of National Intelligence James Clapper now has a fifth reason for why he lied to the US Congress over the NSA's spying program: he just plain forgot it existed. Speaking during a panel discussion last week, Clapper's general counsel Robert Litt said that Clapper had not had time to prepare an answer to the question posed to him by Senator Ron Wyden (D-OR) about storing data on Americans. "We were notified the day before that Sen. Wyden was going to ask this question and the director of national intelligence did not get a chance to review it," Litt said, according to The Hill. "He was hit unaware by the question. After this hearing I went to him and I said, 'Gee, you were wrong on this.' And it was perfectly clear that he had absolutely forgotten the existence of the 215 program." If that answer sounds incredibly unlikely, it is actually more plausible than the other four reasons Clapper has given over why he denied the existence of the NSA's spying programs. Clapper's first response when revelations from Edward Snowden made it clear he thought Wyden was just talking about the collection of email. That argument held no water, as a recording of the session clearly showed Wyden asking a very clear question that made no mention of email. He asked: "Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?" Clapper's second response – about a week later – was to impugn Wyden by saying that he had asked a loaded question. Being interviewed on NBC and asked "Can you explain what you meant when you said that there was no data collection on millions of Americans?", Clapper responded: 'In retrospect, I was asked – 'When are you going to stop beating your wife' kind of question, which is meaning not answerable necessarily by a simple yes or no. So I responded in what I thought was the most truthful, or least untruthful manner by saying no.' When that response was widely mocked, a month later Clapper came up with yet another reason for his entirely incorrect response: it was an honest mistake. "My response was clearly erroneous – for which I apologize," he said in a letter to the intelligence committee. "While my staff acknowledged the error to Senator Wyden's staff soon after the hearing, I can now openly correct it because the existence of the metadata collection program has been declassified. Mistakes will happen, and when I make one, I correct it." Except of course, Clapper didn't correct it. After his response to Wyden, the Senator sent a letter the next day asking him if he wished to change his response: Clapper's office responded with a clear "No.""
James Clapper has found another reason why he lied about NSA spying
The Register, 7 December 2015

"For the first time, UK intelligence agency GCHQ has admitted that it does hack into computers and devices to install malware to spy on people both in the UK and abroad. The admission was made before the UK's independent Investigatory Powers Tribunal, which is hearing complaints by human rights advocacy group Privacy International and seven internet service providers (ISPs) that GCHQ and the Foreign Office broke privacy laws to illegally hack into phones, computers and networks around the world. Prior to the case being brought before the tribunal, GCHQ had refused to confirm or deny whether it had the capability to perform Computer and Network Exploitation (CNE), in which computers, devices and private networks are accessed without their owners' knowledge in order to steal information or monitor users' activities by surreptitiously turning on the device's camera and microphone, or by installing malware. The GCHQ confirmed that it undertook what it called "persistent operations", where an implant resided in the targeted computer or device to transmit information for an extended period of time, or "non-persistent operations" where the spying only took place during a user's internet session and the implant expired when the internet session ended. "If CNE were carried out on my mobile you would get all the meetings I attend by turning on the microphone and access to all my chamber's files, bank details, my passwords, all my personal material and all my photos," said Ben Jaffey QC, lawyer for Privacy International and the seven ISPs, according to the Financial Times." [This is] equal to carrying a bug everywhere I go....In May 2014, Privacy International teamed up with seven ISPs to sue the government, filing complaints with the IPT that the GCHQ's hacking activities were not legal under Article 8 of the European Convention on Human Rights. However, in May 2015, one day before the court case was scheduled to begin, Privacy International claimed it was told by the UK government that amendments had been made to the Computer Misuse Act in March that provided a new exception for law enforcement and GCHQ to hack without criminal liability. Privacy International has argued that there was no public consultation or debate about the amendments and that all hacking activities performed by GCHQ up until the law change in March 2015 were still deemed illegal.""
GCHQ finally admits it 'persistently' hacked computers and phones in the UK and abroad
International Business Times, 3 December 2015

"The FBI can compel companies and individuals to turn over vast sums of personal data without a warrant, it has been revealed for the first time. In a case that's lasted more than a decade, a court filing released Monday showed how the FBI used secret interpretations to determine the scope of national security letters (NSLs). Nicholas Merrill, founder of internet provider Calyx Internet Access, who brought the 11-year-old case to court after his company was served a national security letter, won the case earlier this year. National security letters are almost always bundled with a gag order, preventing Merrill from speaking freely about the letter he received. While it was known that national security letters can demand customer and user data, it wasn't known exactly what.  In a statement on Monday, Merrill revealed the FBI has used its authority to force companies and individuals to turn over complete web browsing history; the IP addresses of everyone a person has corresponded with; online purchase information, and also cell-site location information, which he said can be used to turn a person's phone into a "location tracking device." According to a release, the FBI can also force a company to release postal addresses, email addresses, and "any other information which [is] considered to be an electronic communication transactional record." Merrill said in remarks: "The FBI has interpreted its NSL authority to encompass the websites we read, the web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs.""
FBI can demand web history, phone location data without a warrant
ZDNet, 30 November 2015

"OUR Walmart, a group of employees backed and funded by a union, was asking for more full-time jobs with higher wages and predictable schedules. Officially they called themselves the Organization United for Respect at Walmart. Walmart publicly dismissed OUR Walmart as the insignificant creation of the United Food and Commercial Workers International (UFCW) union. “This is just another union publicity stunt, and the numbers they are talking about are grossly exaggerated,” David Tovar, a spokesman, said on CBS Evening News that November. Internally, however, Walmart considered the group enough of a threat that it hired an intelligence-gathering service from Lockheed Martin, contacted the FBI, staffed up its labor hotline, ranked stores by labor activity, and kept eyes on employees (and activists) prominent in the group. During that time, about 100 workers were actively involved in recruiting for OUR Walmart, but employees (or associates, as they’re called at Walmart) across the company were watched; the briefest conversations were reported to the “home office,” as Walmart calls its headquarters in Bentonville, Ark. The details of Walmart’s efforts during the first year it confronted OUR Walmart are described in more than 1,000 pages of e-mails, reports, playbooks, charts, and graphs, as well as testimony from its head of labor relations at the time. The documents were produced in discovery ahead of a National Labor Relations Board hearing into OUR Walmart’s allegations of retaliation against employees who joined protests in June 2013. The testimony was given in January 2015, during the hearing. OUR Walmart, which split from the UFCW in September, provided the documents to Bloomberg Businessweek after the judge concluded the case in mid-October. A decision may come in early 2016.... Lockheed Martin is one of the biggest defense contractors in the world. Although it’s best known for making fighter jets and missile systems, it also has an information technology division that offers cybersecurity and data analytics services. Tucked into that is a little-known operation called LM Wisdom, which has been around since 2011. LM Wisdom is described on Lockheed’s website as a tool “that monitors and analyzes rapidly changing open source intelligence data…[that] has the power to incite organized movements, riots and sway political outcomes.” A brochure depicts yellow tape with “crime scene” on it, an armored SWAT truck, and a word cloud with “MAFIA” in huge type. Neither Walmart nor Lockheed would comment on their contract in 2012 and 2013, or talk specifically about Wisdom. Christian Blandford, a Lockheed analyst, was monitoring the social media of activists in Bentonville for Walmart’s 2013 shareholder meeting....Companies have always kept an eye on their workers. “Everybody from General Motors to the Pacific Railroad had clippings files,” says Nelson Lichtenstein, a labor historian. “It’s more sophisticated and efficient now, but it’s the same thing.” Companies can’t legally put in place rules—or surveillance—that apply only to labor activists. But they can restrict solicitation during work hours or in customer areas and keep security cameras throughout. And they can set up systems for managers to report concerns of any kind to headquarters. Employers can send people to open meetings or rallies or demonstrations. But there’s little labor law regarding companies’ monitoring of their employees’ own social media accounts. “It’s a tricky issue when you are doing something so openly,” says Wilma Liebman, who was head of the NLRB from 2009 to 2011. Casey said in her testimony that to her knowledge, Walmart doesn’t monitor individual workers’ Twitter accounts. While most of the OUR Walmart activists being watched expected to be, none thought it would be by a company like Lockheed Martin. “We’re artists, not ISIS,” Rodriguez says....Walmart’s aim isn’t only to watch 100 or so active members of OUR Walmart, says Kate Bronfenbrenner, a lecturer at Cornell’s School of Industrial and Labor Relations. “They are looking for the thousands who are supportive so they can intimidate them.” "
How Walmart Keeps an Eye on Its Massive Workforce
Bloomberg, 24 November 2015

"Newly revealed documents (not from Snowden this time) show that the NSA has continued to collect Americans' email traffic en masse using overseas offices to get around curbs introduced domestically. Shortly after the September 11 attacks, President Bush authorized the NSA to collect bulk metadata on emails sent by Americans (although not the content) to help The War Against Terror (TWAT). The surveillance was authorized by the US Foreign Intelligence Surveillance Court, which mostly rubberstamped such requests. But the collection was stopped in 2011, the NSA said, although it still monitored emails from Americans to people outside the nation's borders. However, a Freedom of Information Act lawsuit started by The New York Times against the NSA's Inspector General has uncovered documents showing that the NSA carried on collecting domestic data. To get around the restrictions on operating in the USA, the NSA simply started using its overseas offices to do the collection. Stations like RAF Menwith Hill in Yorkshire were tasked with collecting the metadata and feeding it back to the NSA headquarters in Maryland. There's no evidence that the content of emails was being examined by NSA analysts. Instead the metadata was used to try and divine linkages between individuals the agency was looking to monitor. But that metadata is very useful. "We have known for some time that traffic analysis is more powerful than content analysis," said Dan Geer, chief information security officer of the CIA's venture capital firm In-Q-Tel. "If I know everything about you, about who you communicate with, when, where, with what frequency, what length, and at what location, I know you. The soothing mendacity of proxies from the president that claim that it is only metadata, is to rely on the profound ignorance of the listener."
How NSA continued to spy on American citizens' email traffic – from overseas
The Register, 20 November 2015

"Edward Snowden has strongly criticised online ads, and advised Internet users to employ an ad blocker to protect their privacy online. "Everybody should be running adblock software, if only from a safety perspective. "We’ve seen internet providers inserting their own ads into your plaintext http connections. As long as service providers are serving ads with active content that require the use of Javascript to display or that have some kind of active content like Flash embedded in it, you should be actively trying to block these. Because if the service provider is not working to protect the sanctity of the relationship between reader and publisher, you have not just a right but a duty to take every effort to protect yourself in response," he told online publication The Intercept."
Edward Snowden urges internet users to install ad blockers to boost online privacy
Indepenent (Ireland), 18 November 2015

"A truly superb New York Times editorial this morning mercilessly shames the despicable effort by U.S. government officials to shamelessly exploit the Paris attacks to advance long-standing agendas. Focused on the public campaign of the CIA to manipulate post-Paris public emotions to demonize transparency and privacy and to demand still-greater surveillance powers for themselves, the NYT editors begin: It’s a wretched yet predictable ritual after each new terrorist attack: Certain politicians and government officials waste no time exploiting the tragedy for their own ends. The remarks on Monday by John Brennan, the director of the Central Intelligence Agency, took that to a new and disgraceful low. The editorial, which you should really read in its entirety, destroys most of the false, exploitative, blame-shifting claims uttered by U.S. officials about these issues. Because intelligence agencies knew of the attackers and received warnings, the NYT editors explain that “the problem in [stopping the Paris attacks] was not a lack of data, but a failure to act on information authorities already had.” They point out that the NSA’s mass surveillance powers to be mildly curbed by post-Snowden reforms are ineffective and, in any event, have not yet stopped. And most importantly, they document that the leader of this lowly campaign, CIA chief John Brennan, has been proven to be an inveterate liar: It is hard to believe anything Mr. Brennan says. Last year, he bluntly denied that the CIA had illegally hacked into the computers of Senate staff members conducting an investigation into the agency’s detention and torture programs when, in fact, it did. In 2011, when he was President Obama’s top counterterrorism adviser, he claimed that American drone strikes had not killed any civilians, despite clear evidence that they had. And his boss, James Clapper Jr., the director of national intelligence, has admitted lying to the Senate on the NSA’s bulk collection of data. Even putting this lack of credibility aside, it’s not clear what extra powers Mr. Brennan is seeking. Indeed, what more powers could agencies like the CIA, NSA, MI6 and GCHQ get? They’ve been given everything they’ve demanded for years, no questions asked. They have virtually no limits. Of course it’s “not clear what extra powers Mr. Brennan is seeking.”"
NYT Editorial Slams “Disgraceful” CIA Exploitation of Paris Attacks, But Submissive Media Role Is Key
The Intercept, 18 November 2015

"Despite the intelligence community’s attempts to blame NSA whistleblower Edward Snowden for the tragic attacks in Paris on Friday, the NSA’s mass surveillance programs do not have a track record — before or after Snowden — of identifying or thwarting actual large-scale terrorist plots. CIA Director John Brennan asserted on Monday that “many of these terrorist operations are uncovered and thwarted before they’re able to be carried out,” and lamented the post-Snowden “handwringing” that has made that job more difficult. But the reason there haven’t been any large-scale terror attacks by ISIS in the U.S. is not because they were averted by the intelligence community, but because — with the possible exception of one that was foiled by local police — none were actually planned. And even before Snowden, the NSA wasn’t able to provide a single substantiated example of its surveillance dragnet preventing any domestic attack at all. The recent history of terror arrests linked to ISIS is documented in an internal unclassified Department of Homeland Security document provided to The Intercept via SecureDrop. It shows that terror arrests between January 2014 and September 2015 linked to ISIS were largely of people trying to travel abroad, provide material support, or plan attacks that were essentially imaginary. The document, dated before the Paris attacks, includes a list and map of 64 U.S. persons arrested on terror-related charges over the course of nine months who were “assessed to be inspired by the Islamic State of Iraq and the Levant,” or ISIS. The document assigns six categories to types of arrests made in the given time period: a foiled attack, “aspirational” planning, “advanced attack plotting,” failed travel, travel, or material support. The only foiled attack involved the arrests of Elton Simpson and Nadir Soofi, who traveled from Arizona to Garland, Texas, bearing assault weapons and body armor, intending to shoot up an art contest involving the drawing of cartoons of the Prophet Muhammad. Both attackers were shot by local police officers. There are just five instances of what the report’s authors call “advanced attack plotting” — two of which involve the FBI providing assistance in planning or acquiring supplies for an attack before making an arrest.... The U.S. government initially responded to Snowden’s disclosures in 2013 by suggesting that he had irreparably damaged valuable, life-saving capabilities. Two weeks after the media first reported on Snowden’s leaks, President Barack Obama said that the NSA “averted … at least 50 threats … because of this information,” gathered through communications collection in the United States and abroad. Members of Congress and the administration alike subsequently repeated that claim, upping the total to 54 attacks thwarted. But only 13 of the 54 cases “had some nexus to the U.S.,” Senator Patrick Leahy, D-Vt., said in a Senate Judiciary Committee hearing in October 2013. And they were not all terror “plots”; a majority involved providing “material support,” like money, to foreign terror organizations. Then-NSA Director Keith Alexander was forced to dial back the rhetoric, eventually saying only that the intelligence programs “contributed to our understanding” and “helped enable the disruption of terrorist plots.” The only incident the NSA has ever disclosed in which its domestic metadata collection program played a key role involved a San Diego man who was convicted of transferring $8,500 to al Shabaab in Somalia — the terror group responsible for a mass shooting at a mall in Kenya. And the metadata program is the only one that has been reigned in since the Snowden disclosures. The three other terrorism cases the NSA cited as warrantless surveillance success stories were debunked. Either the government could have gotten a warrant, or it received a tip from British intelligence, or it was a case of fraud, not terrorism. A White House panel concluded in December 2013 that the NSA’s bulk collection of Americans’ telephone information was “not essential in preventing attacks.” A member of the panel took it one step further, when he told NBC News that there were no examples of the NSA stopping “any [terror attacks] that might have been really big” using the program."
U.S. Mass Surveillance Has No Record of Thwarting Large Terror Attacks, Regardless of Snowden Leaks
The Intercept, 17 November 2015

"Lord Carlile’s call for the investigatory powers bill to be “fast-tracked” through parliament in the wake of the tragic events in Paris was as unsurprising as it was disappointing. It would be far from the first time that laws giving additional powers to the security services were rushed through on a wave of emotion, without an opportunity for proper scrutiny and with far-reaching consequences. Carlile himself has particular form. He was one of those who advised the coalition government on the ill-fated communications data bill – dubbed by many the “snooper’s charter” – and after the killing in Woolwich of Lee Rigby in 2013 he suggested that the murder should “haunt” Nick Clegg, while proposing pushing the rejected bill through parliament once more. He tried the same again after the Charlie Hebdo shootings in Paris in January 2015, working with three other peers to add most of the communications data bill as a late-stage amendment to another already complex bill that had already made most of its way through parliament. Carlile may not be an entirely disinterested party here: as revealed in the Guardian two weeks ago, he has earned £400,000 from a consultancy business that he formed in 2012 with ex-MI6 chief Sir John Scarlett that specialises in the field. And yet there is very little reason to suggest that the kinds of powers envisaged in either the old communications data bill or the new investigatory powers bill would have had any effect on the events concerned. The men convicted of the murder of Lee Rigby, as well as the Charlie Hebdo shooters, the Boston bombers, the man behind the Sydney siege in 2014 – indeed all the major terrorist attacks in the west in recent years – were already known to the authorities. Though there is very little information to go on about the latest Paris atrocities, the first man named as being involved, Omar Ismail Mostefai, had been identified as a “high priority for radicalisation” by the authorities as long ago as 2010."
Don’t fast-track the new surveillance bill: it needs considered scrutiny
Guardian, 16 November 2015

"Britain will increase its intelligence agency staff by 15 percent and more than double spending on aviation security to defend against Islamist militants plotting attacks from Syria, Prime Minister David Cameron said on Monday..... Speaking in London after attending a meeting of G20 leaders in Turkey where security issues dominated, Cameron said Britain would demonstrate the same resolve in the fight against terrorism as it showed against Nazi Germany in World War Two.... As part of its broader five-year defence and security review, which is due to be published on Nov. 23, Britain will fund an extra 1,900 officers at its MI5 and MI6 spy agencies and the GCHQ eavesdropping agency, Cameron said.  It will also spend 2 billion pounds by 2020 on boosting the capabilities of British special forces, including investing in communications equipment, weapons and vehicles."
Britain to hire 1,900 more spies to combat Islamic State militants
Reuters, 16 November 2015

"Microsoft is opening new data centers in Germany to allow European customers to hide their digital information from US government surveillance. The new data centers will open in late 2016 and will be operated by a subsidiary of Deutsche Telekom. However, The Financial Times notes that customers will have to pay extra to store their data in this way. "These new data centre regions will enable customers to use the full power of Microsoft’s cloud in Germany [...] and ensure that a German company retains control of the data," said Microsoft CEO Satya Nadella at a press conference in Berlin this morning. The announcement is the latest move in an ongoing battle between US tech companies and the American government over access to foreign-held data. Companies like Microsoft and Google want to retain the trust of their users after the Snowden revelations, but have to contend with American police and spy agencies who want the same privileged access they've always enjoyed. An ongoing legal battle between Microsoft and a New York court exemplifies the debate, with the US authorities demanding access to the emails of an American citizen stored in Ireland and Microsoft refusing to hand over the data. Although Microsoft could still lose in this particular case, opening new data centers in Germany will provide a future safeguard against US demands for data. The company has also announced plans for new data centers in the UK, but Germany's data-protection laws are some of the most rigorous in Europe. By placing its data centers under the control of a Germany company as a "data trustee," Microsoft is forcing any requests for information to be routed through Germany authorities. It's an approach that's comparable to Apple's use of encryption that even the iPhone-maker can't break — theoretically taking away the option of government authorities forcing the company to give up users' data. However, none of these tactics are ever completely secure. For example, the Snowden revelations showed that despite Europe's outward desire for data sovereignty, many local spy agencies still funneled European citizens' data to the NSA. Paul Miller, an analyst for Forrester, notes that although Microsoft is confident in the security of German servers, this arrangement has yet to be tested in the courts. "To be sure, we must wait for the first legal challenge. And the appeal. And the counter-appeal," said Miller."
Microsoft will host data in Germany to hide it from US spies
News Forage, 13 November 2015

"The former spymaster accused of helping Tony Blair to 'sex up' the case for invading Iraq is now cashing in, it emerged yesterday. Sir John Scarlett is following in his former boss's money-making footsteps with a series of lucrative posts in the private sector. His ownership of two private companies – including one co-owned with former terrorism legislation reviewer Lord Carlile – as well as consultancy roles with six global firms are likely to reap payments topping £1million a year. Sir John was head of the Joint Intelligence Committee when the 'dodgy dossier' about weapons of mass destruction made its notorious claim that we were '45 minutes from doom' in September 2002. Critics say he let Blair's spin-doctor Alastair Campbell pressure him into 'sexing up' the document to enable the prime minister to launch the devastating war. Sir John is expected to be heavily criticised when the much-delayed Chilcot Inquiry finally reports. Last night relatives of soldiers killed in Iraq expressed their outrage as details emerged of his exploits since leaving public service. Elsie Manning, 73, who today marks the anniversary of her 34-year-old daughter Staff Sergeant Sharron Elliott's death in Iraq in 2006, said: 'You get the impression that all some people can think about is money, money, money. 'It makes me sick to my stomach. The fact that people like Sir John Scarlett can get away with making so much money just beggars belief.' After Sir John left the Joint Intelligence Committee in 2004, a year after the invasion of Iraq, Blair promoted him to 'C' – the head of MI6 – which many saw as a reward for providing 'evidence' to justify the war. And within weeks of leaving MI6 in October 2009, Sir John took up his first lucrative post in the private sector. He had to clear his new roles with the Advisory Committee on Business Appointments (Acoba) – a watchdog set up to tackle the 'revolving door' between government service and the private sector. Acoba did not block any of his applications. In January 2010, he joined the advisory board of accountancy giant PricewaterhouseCoopers. The same month, he became a paid adviser to Swiss Re, a global reinsurance company. Two months later, he took a lucrative position as senior adviser to US investment bank Morgan Stanley. In April last year, he spent three days at the luxury Ritz-Carlton hotel in Hawaii with a hundred of the bank's top performing brokers.Sir John also joined the board of global intelligence firm The Chertoff Group, run by former US Homeland Security Secretary Michael Chertoff, in April 2010. Acoba approved this job on condition that he must not lobby the UK Government for a year. In December 2010, Acoba approved a position on the board of Times Newspapers, which publishes the Times and the Sunday Times. And in February 2011, Sir John accepted consultancy job number six – as an adviser to the multinational oil company Statoil. This time, Acoba approved the role unconditionally. Speaking to the Independent, which uncovered the details of Sir John's ventures, a former MI6 official said: 'After 9/11 there was an intelligence free-for-all in the United States. The division between state and commercial security got shot to hell.' PwC said he was no longer an adviser. None of the companies would discuss the money they paid him. Sir John also runs a private company, J&G Consulting Ltd, with his wife Gwenda, which had cash assets of £89,573 in 2012, according to Companies House records. These had swelled to £683,625 the following year. He has also shared £800,000 from another consultancy, SC Strategy, which he co-owns with Lord Carlile. The firm has lucrative dealings with the oil-rich government of Qatar, with whom Mr Blair also enjoys close links. Next month Sir John will address a conference in Qatar at the Ritz-Carlton hotel."
How Blair's head of MI6 cashed in after that dodgy dossier: Former spymaster has series of lucrative posts in the private sector that earn £1million a year
Mail, 12 November 2015

"UK ISPs have warned MPs that the costs of implementing the Investigatory Powers Bill (aka the Snooper's Charter) will be much greater than the £175 million the UK government has allotted for the task, and that broadband bills will need to rise as a result. Representatives from ISPs and software companies told the House of Commons Science and Technology Committee that the legislation greatly underestimates the "sheer quantity" of data generated by Internet users these days. They also pointed out that distinguishing content from metadata is a far harder task than the government seems to assume."
ISPs say the “massive cost” of Snooper’s Charter will push up UK broadband bills
ArsTechnica, 12 November 2015

"Facebook today released its biannual report on government data requests, indicating that total law enforcement requests are at their highest level ever at 41,214 for the first half of 2015. That's an 18 percent jump over the back half of last year, according to the social network's publicly available database that began tracking requests two years ago. The company also said it saw a 112 percent rise in content it hides due to violations of local laws. Roughly 75 percent of that restricted content is coming from users in India, where the company's Computer Emergency Response Team is said to censor social media posts critical of religion or the state. The US is still far and away the global leader in data requests, with 17,577 total requests affecting 26,579 users. In 80 percent of those cases, Facebook handed over some type of data. That rate fluctuates by roughly 10 percentage points depending on the type of data request. Search warrants remain the leading request type with 9,737 related requests made by US law enforcement, followed by subpoenas at 5,375 requests."
Facebook says government data requests are at their highest level ever
The Verge, 11 November 2015

"The UK government's proposed surveillance legislation is "worse than scary", the United Nations privacy chief has said. Joseph Cannataci, the UN's special rapporteur on privacy, attacked the government's draft Investigatory Powers Bill, saying he had never seen evidence that mass surveillance works. He also accused MPs of leading an "absolute offensive" and an "orchestrated" media campaign to distort the debate and take hold of new powers. The comments came during a live streamed keynote presentation at the Internet Governance Forum in Brazil, where leading experts from around the world have gathered to discuss the future of the internet and web policy. In a wide-ranging presentation and discussion panel Cannataci -- who has previously said the UK's digital surveillance is similar to George Orwell's 1984 -- discussed the state of surveillance and privacy around the world. Pausing to briefly talk about the Home Office's new bill, but without going deeply into detail, Cannataci said: "The snoopers' charter in the UK is just a bit worse than scary, isn't it." He went on to say one of the "misleading comments that has been made in the UK parliament" is that people shouldn't worry about the bill, which will see communications service providers be forced to retain everyone's website data for up to 12 months. Under the bill, as it currently stands, police and surveillance agencies will be able to access the metadata -- the who, what, when, and where of communications, but not their content -- of websites suspected criminals have visited, without a warrant. Cannataci said that the ability to intercept communications now is completely different to when original surveillance legislation was passed, and that metadata is still important. "What we're talking about here is the context, and the context is completely different. When those laws were put into place there was no internet or the internet was not used in the way it is today," he said. "It is the golden age of surveillance, they've never had so much data. I am just talking about metadata, I haven't got down to content." The Home Office has said that authorities will only access internet connection records on a "case-by-case basis and only where it was necessary and proportionate" to do so. .... As part of the documentation with the proposed legislation the government confirmed it had been using previous laws to collect vast amounts of data about phone calls for the previous ten years, as reported by the BBC.  "I won't mince my words, but many governments at this moment in time are putting in new laws to legitimise that which they are already doing or which that they had to do," Cannataci said, although not directly speaking about the UK at the time. "Mass surveillance is alive and well but governments are finding ways of making that the law of the land. "It can be necessary and proportionate to have targeted surveillance and what I am saying is that there's not yet any evidence which convinces me that it is necessary and proportionate to have mass surveillance."
UN privacy chief: UK surveillance bill is 'worse than scary'
Wired, 10 November 2015

"Apple’s chief executive has sharply criticised surveillance powers proposed by the British government, warning that allowing spies a backdoor route into citizens’ communications could have “very dire consequences”. Questioning a key element of the draft investigatory powers bill, which places a new legal obligation on companies to assist in these operations to bypass encryption, Tim Cook insisted that companies had to be able to encrypt in order to protect people. Speaking during a visit to the UK, he said that halting or weakening encryption would hurt “the good people” rather than those who want to do bad things, who “know where to go”. “You can just look around and see all the data breaches that are going on. These things are becoming more frequent,” Cook told the Daily Telegraph. “They can not only result in privacy breaches but also security issues. We believe very strongly in end-to-end encryption and no back doors. We don’t think people want us to read their messages. We don’t feel we have the right to read their emails. “Any back door is a back door for everyone. Everybody wants to crack down on terrorists. Everybody wants to be secure. The question is how. Opening a back door can have very dire consequences.”"
UK surveillance bill could bring 'very dire consequences', warns Apple chief
Guardian, 10 November 2015

"A federal judge on Monday partly blocked the National Security Agency’s program that systematically collects Americans’ domestic phone records in bulk just weeks before the agency was scheduled to shut it down and replace it. The judge said the program was most likely unconstitutional. In a separate case challenging the program, a federal appeals court in New York on Oct. 30 had declined to weigh in on the constitutional issues, saying it would be imprudent to interfere with an orderly transition to a replacement system after Nov. 29. But on Monday, in a 43-page ruling, Judge Richard J. Leon of United States District Court for the District of Columbia wrote that the constitutional issues were too important to leave unanswered in the history of the program, which traces back to after the Sept. 11 terrorist attacks and came to light in 2013 in leaks by Edward J. Snowden, the former intelligence contractor. “With the government’s authority to operate the bulk telephony metadata program quickly coming to an end, this case is perhaps the last chapter in the judiciary’s evaluation of this particular program’s compatibility with the Constitution,” he wrote. “It will not, however, be the last chapter in the ongoing struggle to balance privacy rights and national security interests under our Constitution in an age of evolving technological wizardry.” Under the program, the N.S.A. has been collecting Americans’ phone records in bulk from telephone companies. It uses the data to analyze social links between people to hunt for hidden associates of terrorism suspects. Judge Leon specifically ordered the N.S.A. to stop collecting phone records for one customer of Verizon: a lawyer in California and his law firm. But he did so, he wrote, knowing that the Justice Department had said that blocking the collection of just one person’s records might require shutting down the entire program because it would be technically difficult to screen him out."
Judge Deals a Blow to N.S.A. Data Collection Program
New York Times, 9 November 2015

"The former heads of MI6 and GCHQ, Sir John Sawers and Sir Iain Lobban, are scheduled to appear together at an exclusive dinner at the luxury five-star Gleneagles estate in Scotland. The pair, who both left public office late last year, will address a “top-tier” audience of fund managers on the first evening of a high-profile conference sponsored by hedge funds and investment banks. Sawers is familiar with an audience of this kind, having delivered a keynote speech at a prestigious hedge fund summit in Paris in April. The former spy chiefs last appeared together publicly in November 2013 in the wake of the Edward Snowden revelations. Sitting side by side before a committee of MPs, they mounted impassioned defences of the necessity of bulk interception of communications data – controversial arguments both have continued to make since. Since leaving office, Sawers has taken up two influential private-sector jobs and followed his predecessors at MI6, Sir John Scarlett and Sir Richard Dearlove, into a network of small, London-based private intelligence and strategic consultancy firms that advise top corporate clients, from sovereign wealth funds to blue-chip companies and foreign governments. Three months after leaving MI6, Sawers became chairman of Macro Advisory Partners, a small consultancy with ties to former UK government figures and one of Barack Obama’s top intelligence advisers. He also joined the board of BP, a move which Lobban has since mirrored by taking on an advisory role to the board of Shell. Fresh details about Sawers’ activities with Macro Advisory Partners emerged after the Guardian reported last week on the former intelligence chiefs’ private-sector appointments. Scrutiny of his work comes amid a contentious debate in the UK about the powers enjoyed by the security and intelligence agencies. Sawers became MI6 chief – or “C” as insiders refer to the top job – in 2009 after receiving a tap on the shoulder from then foreign secretary, David Miliband. Shortly after departing, the Foreign Office approved the appointment on the condition Sawers would not draw on “privileged information” available to him while in office or lobby the government for two years after retiring from the agency. According to its website, Macro Advisory Partners provides leading investors, corporations, and governments with “strategic insights”. The company was co-founded in 2013 by David Claydon, a former adviser to David Miliband and donor to his unsuccessful leadership campaign in 2010. Miliband, who now lives and works in New York, sits on the company’s advisory board."
Former spy chiefs to meet financiers at Gleneagles
Guardian, 8 November 2015

"The U.S. National Security Agency, seeking to rebut accusations that it hoards information about vulnerabilities in computer software, thereby leaving U.S. companies open to cyber attacks, said last week that it tells U.S. technology firms about the most serious flaws it finds more than 90 percent of the time. The re-assurances may be misleading, because the NSA often uses the vulnerabilities to make its own cyber-attacks first, according to current and former U.S. government officials. Only then does NSA disclose them to technology vendors so that they can fix the problems and ship updated programs to customers, the officials said. At issue is the U.S. policy on so-called "zero-days," the serious software flaws that are of great value to both hackers and spies because no one knows about them. The term zero-day comes from the amount of warning users get to patch their machines protectively; a two-day flaw is less dangerous because it emerges two days after a patch is available. The best-known use of zero-days was in Stuxnet, the attack virus developed by the NSA and its Israeli counterpart to infiltrate the Iranian nuclear program and sabotage centrifuges that were enriching uranium. Before its discovery in 2010, Stuxnet took advantage of previously unknown flaws in software from Microsoft Corp and Siemens AG to penetrate the facilities without triggering security programs. A shadowy but robust market has developed for the buying and selling of zero-days, and as Reuters reported in May 2013, the NSA is the world's top buyer of the flaws.[here] The NSA also discovers flaws through its own cyber programs, using some to break into computer and telecommunications systems overseas as part of its primary spying mission."
NSA says how often, not when, it discloses software flaws
Reuters, 6 November 2015

"A former head of GCHQ has become an adviser to Shell and an influential private intelligence company after retiring from the UK’s electronic eavesdropping agency late last year. Sir Iain Lobban’s consultancy with Shell and the holding company of Hakluyt & Co, a boutique corporate intelligence firm established by former MI6 spies, are among a series of private sector jobs the retired spook has taken up over the past year. Both roles are expected primarily to involve advising on risk and cybersecurity. Lobban has also accepted advisory positions at companies including C5 Capital, a multimillion-dollar venture capital fund focused on cybersecurity, and Cambridge Security Initiative, an intelligence consultancy established by Sir Richard Dearlove, the head of MI6 between 1999 and 2004. According to its website, recent clients of CSi include UK and US government agencies. The advisory committee on business appointments (Acoba), which reviews the jobs taken by former ministers and crown servants after they leave their posts, has approved each of the new roles on the condition that Lobban does not draw on privileged information available to him while in office, or advise on business dealings “relating directly to the work of GCHQ” for 12 months....Details of the latest appointments come after the Guardian reported this week that Sir John Scarlett, the head of MI6 from 2004 to 2009, and Lord Carlile, the government’s independent reviewer of national security policy in Northern Ireland, have each received £400,000 in dividends from a company they co-own.On Monday, Carlile defended the security and intelligence agencies and their bulk surveillance powers. His intervention came ahead of the government’s publication on Wednesday of controversial draft legislation that permits mass surveillance activities by intelligence agencies and police."
Former head of GCHQ advising Shell and private intelligence firm
Guardian, 5 November 2015

"MI5 has secretly been collecting vast amounts of data about UK phone calls to search for terrorist connections. The programme has been running for 10 years under a law described as "vague" by the government's terror watchdog. It emerged as Home Secretary Theresa May unveiled a draft bill governing spying on communications by the authorities. If it becomes law, the internet activity of everyone in Britain will be held for a year by service providers. Police and intelligence officers will then be able to see the names of sites suspected criminals have visited, without a warrant. Mrs May told MPs the proposed powers were needed to fight crime and terrorism but civil liberties campaigners warned it represented to a "breathtaking" attack on the internet security of everyone living in the UK. The draft bill aims to give stronger legal cover to the activities of MI5, MI6 and the police and introduce judicial oversight of spying operations. It confirmed that Britain's secret listening post GCHQ has been intercepting internet messages flowing through Britain in bulk, as revealed by US whistleblower Edward Snowden, "to acquire the communications of terrorists and serious criminals that would not otherwise be available". It also revealed that the UK security services have been allowed to collect large amounts of data on phone calls "to identify subjects of interest within the UK and overseas", provided they comply with certain safeguards, set out in a supporting document also published on Wednesday. The draft bill aims to tighten up these safeguards and put the bulk collection of data on a firmer legal footing. Taken together with the other measures, the home secretary said the bill would give the security services a "licence to operate". While GCHQ's programmes were exposed by Snowden, this one by MI5 remained secret. And in a way that became increasingly awkward for the security service as the drive towards being more open about capabilities picked up pace in the wake of the report by David Anderson, the independent reviewer of terrorism legislation, earlier in the year. There were hints about the capability in the speech by MI5 boss Andrew Parker the week before the draft Investigatory Powers Bill was published, when he talked about how "accessing data quickly, reliably and at scale is as fundamental to our work…..without communications data for example we could not have detected and disrupted numerous plots over the last decade. He, like the home secretary, claimed that bulk communications data was used to "identify, at speed, links between the individuals plotting to bomb the London Stock Exchange in 2010". Now - along with other capabilities - the bulk data programme is out in the public and up for debate. In her Commons statement, Mrs May referred to the 1984 Telecommunications Act, under which she said successive governments had allowed security services to access data from communications companies. The data involved the bulk records of phone calls - not what was said but the fact that there was contact - with companies required to hand over domestic phone records. BBC security correspondent Gordon Corera said the programme, which sources said was used to track terrorists and save lives, was "so secret that few even in MI5 knew about it, let alone the public. The government's independent reviewer of terrorism legislation, David Anderson QC, told the BBC the legislation used to authorise the collection was "so vague that anything could be done under it". He added: "It wasn't illegal in the sense that it was outside the law, it was just that the law was so broad and the information was so slight that nobody knew it was happening". Mr Anderson has called for a "comprehensive" new law governing surveillance, which the government has produced with the wide-ranging draft Investigatory Powers Bill."
MI5 'secretly collected phone data' for decade
BBC Online, 5 November 2015

"The majority of the UK cabinet were never told the security services had been secretly harvesting data from the phone calls, texts and emails of a huge number of British citizens since 2005, Nick Clegg has disclosed. Clegg says he was informed of the practice by a senior Whitehall official soon after becoming David Cameron’s deputy in 2010, but that“only a tiny handful” of cabinet ministers were also told – likely to include the home secretary, the foreign secretary and chancellor. He said he was astonished to learn of the capability and asked for its necessity to be reviewed. The former deputy prime minister’s revelation in the Guardian again raises concerns about the extent to which the security services felt they were entitled to use broadly drawn legislative powers to carry out intrusive surveillance and keep this information from democratically elected politicians. The government finally admitted on Wednesday that the mass surveillance of British citizens began in 2001 after 9/11 and was stepped up in 2005, using powers under national security directions largely hidden in the 1984 Telecommunications Act. It is not known if government law officers sanctioned the use of the act in this way, but it appears the intelligence and security committee responsible for parliamentary oversight was not informed, adding to the impression of a so-called deep state operating outside the scrutiny of parliament. Clegg writes: “When I became deputy prime minister in 2010, I was the leader of a party that had been out of government for 65 years. There were a lot things that we had to re-learn, and a lot that was surprising and new. “When a senior official took me aside and told me that the previous government had granted MI5 direct access to records of millions of phone calls made in the UK – a capability that only a tiny handful of senior cabinet ministers knew about – I was astonished that such a powerful capability had not been avowed to the public or to parliament and insisted that its necessity should be reviewed. “That the existence of this previously top secret database was finally revealed in parliament by the home secretary on Wednesday, as part of a comprehensive new investigatory powers bill covering many other previously secret intelligence capabilities, speaks volumes about how far we’ve come in a few short years.”"
Only 'tiny handful' of ministers knew of mass surveillance, Clegg reveals
Guardian, 5 November 2015

"Home Secretary Theresa May on Wednesday (4 November) revealed that the MI5 and GCHQ have been secretly collecting vast amounts of telephone and email data of the UK public for the past 15 years. May's revelation came with the unveiling of the Investigatory Power Bill, which seeks to give police and security agencies the power to spy on the online communication of suspects. May said she and her predecessors had secretly approved the bulk collection of communication data in the UK since 2001. It was earlier thought that most of the data collected were from individuals based overseas. The data collection has reportedly been going on since the 9/11 attacks in the US. The programme was "so secret that few even in MI5 knew about it, let alone the public", sources told BBC security correspondent Gordon Corera. David Anderson QC, who is an independent reviewer of terrorism legislation, said the programme was "so vague that anything could be done under it". "It wasn't illegal in the sense that it was outside the law, it was just that the law was so broad and the information was so slight that nobody knew it was happening," he added.... Under the bill, internet and communication companies will need to keep the web browsing history of the public for up to a year, which police and spy agencies can use when investigating terrorism and criminal cases. The bill will also require the companies to hack into phones and computers of suspects so as to allow police and spy agencies to eavesdrop and take remote access of those devices."
MI5 and GCHQ secretly collected phone and email data for 15 years says Theresa May
International Business Times, 5 November 2015

"New surveillance powers will be given to the police and security services, allowing them to access records tracking every UK citizen’s use of the internet without any need for any judicial check, under the provisions of the draft investigatory powers Bill unveiled by home secretary Theresa May. It includes new powers requiring internet and phone companies to keep “internet connection records” – tracking every website visited but not every page – for a maximum of 12 months but will not require a warrant for the police, security services or other bodies to access the data. Local authorities will be banned from accessing internet records."
UK police to be able to track internet use without warrant
Irish Times, 4 November 2015

"MI5 and GCHQ have been secretly scooping up the telephone and email records of the British public for almost 15 years, the Home Secretary has revealed for the first time. The revelation came as Theresa May unveiled a raft of new snooping measures in the Investigatory Power Bill, which includes forcing communication companies in law to help spy agencies snoop on suspects. Other proposals will see the collection of the public’s web browsing history for up to a year and judges signing off warrants for intrusive surveillance. The biggest overhaul of spying laws still face tough opposition but could now make it through parliament and in to law after Labour appeared to back the measures.  In a surprise development, Mrs May confirmed to MPs that she and her predecessors have quietly approved warrants for bulk collection of communication data in the UK since 2001. The public avowal of the spy agencies’ tactic was described by the terrorism laws watchdog as a “significant and necessary” move. It is the first formal confirmation that there has been mass collection of phone and email records in the UK, including those of innocent people. The records are kept for no more than a year and more detailed examination of the content of calls or messages would only be allowed via a separate warrant. However, it was previously believed that bulk collection of data only referred to individuals based overseas. The secret authorisations have been happening since 2001, in the wake of the 9/11 attacks on America and senior Whitehall sources insist the bulk collection is vital in the fight against terrorism and crime."
MI5 and GCHQ secretly bulk collecting British public's phone and email records for years, Theresa May reveals
Telegraph, 4 November 2015

"The total redrafting of UK surveillance laws was under growing challenge on Wednesday night after an initially broad political welcome gave way to alarm at the detail of the proposed sweeping powers for spies. MPs and privacy groups raised concerns about the proposed judicial oversight regime set out by the home secretary, Theresa May, who made the dramatic admission that ministers had issued secret directions since 2001 to internet and phone companies to hand over the communications data of British citizens in bulk.... May said the new system of judicial oversight amounted to a “double lock” with a minister first issuing an intercept warrant and , within five days, a judge making a decision on whether to authorise the warrant on the same basis. David Davis, the prominent Conservative backbencher, said: “This is not the judge checking the evidence, it is the judge checking the correct procedure has been followed”, meaning the home secretary “would had to have behaved in an extraordinary manner for her decision to be blocked by a judge”.... The former Liberal Democrats leader, Nick Clegg, who fought the Conservatives over surveillance throughout the coalition government, said he feared flaws lurked under the bonnet of the proposals. They will cost £250m to implement over the next 10 years, including £175m to pay for the internet providers’ storage costs. The draft bill, regarded as the single most important piece of legislation in this parliament by the prime minister, is in part a response to revelations by the former NSA contractor Edward Snowden and is designed to restore public trust in the activities of the intelligence agencies. It will be subject to more than a year’s parliamentary scrutiny and is likely to be changed substantially, mainly in the Lords next autumn before it reaches the statute book. The draft bill proposes that police, security services or other bodies will be given access to “internet connection records” – the weblog of every website visited – without the need for a warrant. May told MPs that this power, which is banned in the US and every European country as too intrusive, was “simply the modern equivalent of an itemised phone bill” and would not give security services access to the specific pages of a website viewed. However, Snowden, tweeting from exile in Russia, countered: “’It’s only communications data’ equals ‘It’s only a comprehensive record of your private activities’. It’s the activity log of your life.” May’s revelation of secret directions by successive governments demanding that internet and phone companies hand over communications data in bulk to the security services caused a surprise."
Surveillance bill triggers alarm over sweeping powers for spies
Guardian, 4 November 2015

"Lord Carlile, the former independent reviewer of terrorism legislation who this week mounted a spirited defence of the intelligence services, has received £400,000 from a private consultancy he co-owns with a former head of MI6. SC Strategy Ltd, the company that Carlile established with Sir John Scarlett, who ran MI6 from 2004 to 2009, is described as offering clients strategic advice on UK policy and regulation and has paid out dividends to the pair totalling £800,000 over the past three years, according to accounts filed with Companies House. On Monday, Carlile made a pointed intervention in the debate over the extent of powers enjoyed by the security and intelligence agencies in advance of the government’s publication of the draft investigatory powers bill on Wednesday. Speaking on BBC Radio 4’s Today programme, Carlile called for an end to the 'demonisation' of the security services. The peer also defended politicians’ powers to authorise interception warrants. “I cannot think of any example – certainly in the period since 2001 when I’ve been intimately involved in this kind of work – in which I have seen a politician make a decision that was against the interest of the privacy of the public.' Carlile and Scarlett’s only known client is Qatar’s sovereign wealth fund."
Former reviewer of anti-terror laws co-owns firm with ex-MI6 chief
Guardian, 3 November 2015

"Lord Carlile, the former independent reviewer of terrorism legislation who this week mounted a spirited defence of the intelligence services, has received £400,000 from a private consultancy he co-owns with a former head of MI6. SC Strategy Ltd, the company that Carlile established with Sir John Scarlett, who ran MI6 from 2004 to 2009, is described as offering clients strategic advice on UK policy and regulation and has paid out dividends to the pair totalling £800,000 over the past three years, according to accounts filed with Companies House. On Monday, Carlile made a pointed intervention in the debate over the extent of powers enjoyed by the security and intelligence agencies in advance of the government’s publication of the draft investigatory powers bill on Wednesday. Speaking on BBC Radio 4’s Today programme, Carlile called for an end to the “demonisation” of the security services. The peer also defended politicians’ powers to authorise interception warrants. “I cannot think of any example – certainly in the period since 2001 when I’ve been intimately involved in this kind of work – in which I have seen a politician make a decision that was against the interest of the privacy of the public.” Carlile and Scarlett’s only known client is Qatar’s sovereign wealth fund."
Former reviewer of anti-terror laws co-owns firm with ex-MI6 chief
Guardian, 3 November 2015

"Police are to get the power to view the web browsing history of everyone in the country. Home Secretary Theresa May will announce the plans when she introduces the Government's new surveillance bill in the House of Commons on Wednesday. The Telegraph understands the new powers for the police will form part of the new bill. It would make it a legal requirement for communications companies to retain all the web browsing history of customers for 12 months in case the spy agencies or police need to access them. Police would be able to access specific web addresses visited by customers. The new powers would allow the police to seize details of the website and searches being made by people they wanted to investigate. They will still need to apply for judicial approval to be able to access the content of the websites."
Police to be granted powers to view your internet history
Telegraph, 30 October 2015

"Edward Snowden on Thursday hailed as “extraordinary” and a “game-changer” a vote in the European parliament calling on member states to prevent his extradition to the US. The parliament voted 285-281 to pass a largely symbolic measure, a resolution that called on European Union member states to “drop any criminal charges against Edward Snowden, grant him protection and consequently prevent extradition or rendition by third parties, in recognition of his status as whistleblower and international human rights defender”. Snowden has lived in exile in Russia since revealing secret US government surveillance programs in June 2013. The European parliament is a directly elected legislature with members from all 28 EU member states. Its legislative authority is limited. The resolution amounted to a request that member states reject attempts by the US to arrest and prosecute Snowden. “This is not a blow against the US government, but an open hand extended by friends,” Snowden tweeted. “It is a chance to move forward.” The US government did not, however, seem to see it that way. “Our position has not changed,” Ned Price, spokesperson for the National Security Council, said in a statement emailed to the Guardian. “Mr Snowden is accused of leaking classified information and faces felony charges here in the United States. As such, he should be returned to the US as soon as possible, where he will be accorded full due process.”While the US has promised Snowden due process, it has charged him under the Espionage Act of 1917, which forbids the disclosure of state secrets and which would not allow Snowden to argue in his defense that his disclosures had a public benefit."
Edward Snowden praises EU parliament vote against US extradition
Guardian, 29 October 2015

"The Internal Revenue Service is the latest in a growing list of US federal agencies known to have possessed the sophisticated cellphone dragnet equipment known as Stingray, according to documents obtained by the Guardian. Invoices obtained following a request under the Freedom of Information Act show purchases made in 2009 and 2012 by the federal tax agency with Harris Corporation, one of a number of companies that manufacture the devices. Privacy advocates said the revelation “shows the wide proliferation of this very invasive surveillance technology”. The 2009 IRS/Harris Corp invoice is mostly redacted under section B(4) of the Freedom of Information Act, which is intended to protect trade secrets and privileged information. However, an invoice from 2012, which is also partially redacted, reports that the agency spent $65,652 on upgrading a Stingray II to a HailStorm, a more powerful version of the same device, as well as $6,000 on training from Harris Corporation. Stingrays are the best-known example of a type of device called an IMSI-catcher, also known as “cell-site simulators”. About the size of a briefcase, they work by pretending to be cellphone towers in order to strip metadata and in some cases even content from phones which connect to them. Despite their extensive capabilities, they require only a low-level court order called a PEN register, also known as a “trap and trace”, to grant permission for their use. Immense secrecy has so far surrounded these devices, but a picture is slowly emerging which shows widespread use. Various revelations by the American Civil Liberties Union and news outlets including the Guardian had shown that at least 12 federal agencies are already known to have these devices, including the National Security Agency and the Federal Bureau of Investigation. The IRS makes 13."
IRS possessed Stingray cellphone surveillance gear, documents reveal
Guardian, 26 October 2015

"Daniel Craig has told Sky News he thinks there is "too much surveillance and too much information gathering" in the world. The Bond star was talking as he promoted the 24th film in the franchise Spectre. The film follows the secret agent as he confronts enemies from his past, including his nemesis Franz Oberhauster, played by double Oscar winner Christoph Waltz. 007 is no stranger to using surveillance methods himself and in Spectre a new high-tech intelligence agency is being created in London, which will make employees like Bond superfluous. Director Sam Mendes said he shared concerns about the increasing creep of surveillance into private lives. "I feel like there’s a great danger that we lose all privacy," he said. "It’s of course a very good argument the Government and MI5 make about a need for surveillance in terms of the prevention of terrorism. However, it doesn’t mean that everybody should be treated equally and everyone should, be equally guilty or should be treated as if they’re guilty. "There was a time when it was presumably accepted MI6 were the good guys but now the public is ambivalent about surveillance and about secret service and about the security services generally both national and international.'"
James Bond Says There Is Too Much Surveillance
Sky News, 23 October 2015

"A federal district court has dismissed a lawsuit brought by the American Civil Liberties Union against the National Security Agency. Lawyers for the plaintiffs argued that the surveillance program was innately harmful, despite the NSA’s silence on it in court. “The NSA’s mass surveillance violates our clients’ constitutional rights to privacy, freedom of speech, and freedom of association, and it poses a grave threat to a free internet and a free society,” said Ashley Gorski, a staff attorney with the ACLU national security project. “The private communications of innocent people don’t belong in government hands.” The judge in the case, TS Ellis III, said the suit relied on “the subjective fear of surveillance”, because the NSA did not admit to having collected any of the information it was alleged to have collected by the ACLU. Ellis admitted that acquiring enough information to prove illegal spying was difficult whether or not illegal spying had occurred, but said that difficulty was a feature, not a bug. “Establishing standing to challenge section 702 in a civil case is plainly difficult,” he wrote. “But such difficulty comes with the territory.” “The court has wrongly insulated the NSA’s spying from meaningful judicial scrutiny,” said ACLU National Security Project staff attorney Patrick Toomey, who argued the case."
ACLU lawsuit against NSA mass surveillance dropped by federal court
Guardian, 23 October 2015

"Britain’s spies are about to be given huge new powers that will allow them to look in on people’s phones and computers, according to reports. A revived and re-named version of the hugely-controversial “Snoopers’ Charter” is set to give spies a “dizzying” range of surveillance and hacking powers, The Times has reported. The new legislation will be introduced next month, the paper reported. The new powers will please MI5, MI6 and GCHQ, which have said in the past that they lack the powers to be able to protect the country against threats. But they are likely to anger privacy campaigners, many of whom united to defeat the Snoopers’ Charter when it was first presented. The new powers could include giving Britain’s spying agencies the power to take over a phone remotely and access all of the documents – including text messages and emails – and photos that are stored on it. They will then be able to install software that will allow them to look in on the messages and data of people at any time, according to reports. Earlier this year, a major report recommended that the UK should completely overhaul the law that regulates the powers that spies have to intercept people’s communications. The new legislation will partly respond to those problems with the current regulation – but will also introduce huge new powers allowing people to spy on targets with little restriction, according to the reports. The new powers will also partly work to bring back some of the powers of the Snoopers’ Charter. That law was defeated by the Liberal Democrats during the last government, but the Conservatives indicated almost as soon as they were elected that they would look to revive it."
New laws to allow spies to hack into smartphones and computers ‘to be introduced in the coming weeks’
Independent, 21 October 2015

"New laws will allow spies in Britain to hack people’s smartphones and computers, according to reports. The investigatory powers bill, due to be outlined next month, will give greater powers to MI5, MI6 and GCHQ, permitting them to take control over electronic devices and access all documents and photographs. The news comes days after David Cameron announced a counter-terrorism strategy including a review into whether Islamist extremists have infiltrated the NHS, the civil service, local authorities and the country’s education system. There has been a rise in the number of criminals using complex data between devices to hide illegal activity. But with the new law in place, intelligence agents will be able to access anyone’s phone, install software and track potential criminals. The investigatory powers bill will sharpen and simplify the current rules surrounding the interception, surveillance and monitoring of electronic communications, the Times reported. After obtaining a warrant from the home secretary, agents will be able to interrupt communications as they happen, take photographs of targets and listen in on phone conversations. Privacy campaigners are likely to oppose the new bill which is expected in coming weeks."
New laws to allow spies to hack people’s smartphones and computers
Telegraph, 21 October 2015

"Facebook will explicitly notify users it believes have been targeted by an attacker suspected of working on behalf of a nation state, the company has announced. Users whose accounts are targeted or compromised by state-sponsored hackers will now receive a notification upon login, warning them that “we believe your Facebook account and your other online accounts may be the target of attacks from state-sponsored actors”. The user is then prompted to turn on Facebook’s “login approvals”, a form of two-factor authorisation which texts a login code to the user when they (or anyone else) tries to access the app using their phone. The company’s chief security officer, Alex Stamos, explains that the warning is necessary because government-sponsored attacks “tend to be more advanced and dangerous than others”, necessitating active defence on the part of the target. He also emphasised that being the target of such an attack may indicate that other devices have already been compromised. “Ideally, people who see this message should take care to rebuild or replace [their computers or mobile devices] if possible.” Stamos declined to explain how Facebook identifies attacks from nation states as opposed to conventional malicious actors, citing the need “to protect the integrity of our methods and processes”. But specialists in “advanced persistent threats”, such as large criminal enterprises and nation-states, say there are a number of tell-tale signs that can point towards such an actor."
Victim of state spying? Facebook will tell you
Guardian, 19 October 2015

"Facebook already warns you if someone tries to access your account without your permission but it is now taking this a step further. From today, if it believes your account has been targeted by someone it thinks works for a 'nation-state', it will show a warning message. In this message, Facebook describes these attackers as 'state-sponsored actors', although it has not specified exactly what this means or how it monitors such activity. The announcement was made by Facebook's chief security officer Alex Stamos in a blog post. Mr Stamos explained: 'The security of people's accounts is paramount at Facebook, which is why we constantly monitor for potentially malicious activity and offer many options to proactively secure your account. 'Starting today, we will notify you if we believe your account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state.'"
Facebook clamps down on government spies: Site now warns you if your account has been hacked by 'nation states'
Mail, 19 October 2015

"MPs have no protection from having their communications read by UK security agencies, a tribunal has said. Green Party politicians Caroline Lucas MP and Baroness Jenny Jones argued a long-standing doctrine protecting MPs' communications was being breached. But in a landmark decision the Investigatory Powers Tribunal said the so-called "Wilson Doctrine" was no bar to the incidental collection of data. Ms Lucas said the decision was a "body blow" for democracy. The Wilson Doctrine came into being in 1966 when the then Labour prime minister, Harold Wilson, gave assurances to MPs that their phone calls would not be intercepted without him knowing - and that he would tell Parliament of any change in that policy. The doctrine has been repeatedly reaffirmed, including by Prime Minister David Cameron. However, Ms Lucas, Baroness Jones and former MP George Galloway argued that GCHQ was acting outside the long-standing doctrine by bulk collecting communications data from the internet, which would inevitably include correspondence between parliamentarians and their constituents."
MPs' communications 'not protected', tribunal rules
BBC Online, 14 October 2015

"Max Schrems, a 28-year-old Austrian law student, became an international sensation last week, when years of campaigning ended with him forcing Europe’s top court to deal a huge blow to America’s technology industry. The European Court of Justice issued a bombshell ruling, declaring invalid a treaty that gave thousands of US companies the freedom to move Europeans’ data across the Atlantic. “Safe Harbour”, a pact signed in 2000 between the European Commission, the US and Switzerland, allowed more than 4,400 American businesses operating in Europe including Facebook, Google and Apple to effectively bypass rules on moving data abroad. In scrapping Safe Harbour, the European Court of Justice threatened to spark a diplomatic row. The White House said it was “deeply disappointed” with the decision. One US senator accused the European court of “nothing less than protectionism… that will wreak havoc on businesses on both sides of the Atlantic”. Several tech companies said they would have to make changes to ensure they could continue to operate."
How America lost the right to hold your data
Telegraph, 10 October 2015

"Smartphone users can do "very little" to stop security services getting "total control" over their devices, US whistleblower Edward Snowden has said. The former intelligence contractor told the BBC's Panorama that UK intelligence agency GCHQ had the power to hack into phones without their owners' knowledge. Mr Snowden said GCHQ could gain access to a handset by sending it an encrypted text message and use it for such things as taking pictures and listening in. The UK government declined to comment. He did not suggest that either GCHQ or the NSA were interested in mass-monitoring of citizens' private communications but said both agencies had invested heavily in technology allowing them to hack smartphones. "They want to own your phone instead of you," he said.  Mr Snowden talked about GCHQ's "Smurf Suite", a collection of secret intercept capabilities individually named after the little blue imps of Belgian cartoon fame. "Dreamy Smurf is the power management tool which means turning your phone on and off with you knowing," he said. "Nosey Smurf is the 'hot mic' tool. For example if it's in your pocket, [GCHQ] can turn the microphone on and listen to everything that's going on around you - even if your phone is switched off because they've got the other tools for turning it on. "Tracker Smurf is a geo-location tool which allows [GCHQ] to follow you with a greater precision than you would get from the typical triangulation of cellphone towers.... Mr Snowden also referred to a tool known as Paronoid Smurf. "It's a self-protection tool that's used to armour [GCHQ's] manipulation of your phone. For example, if you wanted to take the phone in to get it serviced because you saw something strange going on or you suspected something was wrong, it makes it much more difficult for any technician to realise that anything's gone amiss." Once GCHQ had gained access to a user's handset, Mr Snowden said the agency would be able to see "who you call, what you've texted, the things you've browsed, the list of your contacts, the places you've been, the wireless networks that your phone is associated with. "And they can do much more. They can photograph you". Mr Snowden also explained that the SMS message sent by the agency to gain access to the phone would pass unnoticed by the handset's owner. "It's called an 'exploit'," he said. "That's a specially crafted message that's texted to your number like any other text message but when it arrives at your phone it's hidden from you. It doesn't display. You paid for it [the phone] but whoever controls the software owns the phone."
Edward Snowden interview: 'Smartphones can be taken over'
BBC Online, 5 October 2015

"The British government has been running a web surveillance program far more intrusive than anything attempted by the NSA, according to Snowden documents published this morning at The Intercept. Dubbed "Karma Police," the GCHQ program pulls web data from intercontinental data cables landing at Cornwall, giving it ongoing access to as much as a quarter of global web traffic since 2009. The data collected is officially classified as metadata, but it contains full records of sites visited, usernames, and even passwords. Unlike equivalent NSA programs, which require FISA court approval of specific queries to the database, there appears to be no meaningful judicial oversight of Karma Police, giving the GCHQ a free hand in picking through the data. In one example, the agency targeted any internet radio station broadcasting spoken recitations from the Quran, then used the Karma Police database to track down more information on the station's listeners. By exploiting tracking cookie networks, the program was able to find other accounts held by the listeners on Skype, Yahoo, and Facebook, enabling even broader tracking."
British 'Karma Police' program carries out mass surveillance of the web
The Verge, 25 September 2015

"There was a simple aim at the heart of the top-secret program: Record the website browsing habits of “every visible user on the Internet.” Before long, billions of digital records about ordinary people’s online activities were being stored every day. Among them were details cataloging visits to porn, social media and news websites, search engines, chat forums, and blogs. The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ. The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear. Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities. One system builds profiles showing people’s web browsing histories. Another analyzes instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on “suspicious” Google searches and usage of Google Maps. The surveillance is underpinned by an opaque legal regime that has authorized GCHQ to sift through huge archives of metadata about the private phone calls, emails and Internet browsing logs of Brits, Americans, and any other citizens — all without a court order or judicial warrant. Metadata reveals information about a communication — such as the sender and recipient of an email, or the phone numbers someone called and at what time — but not the written content of the message or the audio of the call. As of 2012, GCHQ was storing about 50 billion metadata records about online communications and Web browsing activity every day, with plans in place to boost capacity to 100 billion daily by the end of that year. The agency, under cover of secrecy, was working to create what it said would soon be the biggest government surveillance system anywhere in the world."
Profiled
The Intercept, 25 September 2015

"A "Snowden Treaty" designed to counter mass surveillance and protect whistleblowers around the world has been proposed by Edward Snowden, and three of the people most closely associated with his leaks: the documentary film-maker Laura Poitras; David Miranda, who was detained at Heathrow airport, and is the Brazilian coordinator of the campaign to give asylum to Snowden in Brazil; and his partner, the journalist Glenn Greenwald. The "International Treaty on the Right to Privacy, Protection Against Improper Surveillance and Protection of Whistleblowers," to give it its full title, was launched yesterday in New York by Miranda, with Snowden and Greenwald speaking via video. The treaty's proponents say that Snowden's leaks, and the treatment he received as a whistleblower, have "revealed the need for greater rights protections for citizens globally." In order to achieve that, they write: "We are campaigning for governments to sign up to the Snowden Treaty, a proposed treaty that would curtail mass surveillance and protect the rights of whistleblowers.""
“Snowden Treaty” proposed to curtail mass surveillance and protect whistleblowers
ArsTechnica, 25 September 2015

"The Government's intelligence-gathering agency created a mass surveillance project designed to map every single user on the internet, according to newly leaked documents. Spy chiefs at Government Communications Headquarters (GCHQ) allegedly set up the tracking mechanism in 2007 - which they named Karma Police in an apparent reference to the hit Radiohead song. According to The Intercept website - which has been passed documents by NSA leaker Edward Snowden - the service was used to spy on internet radio listeners as an example of its capabilities."
GCHQ spooks 'spied on EVERY internet user in an operation called Karma Police' according to leaked documents
Mail, 25 September 2015

"The NSA will probably spy on foreign leaders like Iranian President Hassan Rouhani during the UN General Assembly in New York this week, applying a "full court press" that includes intercepting cellphone calls and bugging hotel rooms, former intelligence analysts told NBC News. A top-secret report on a previous NSA operation against Iran's U.N. delegation illustrates just how extensive this electronic surveillance can be. The document, obtained by NBC News, shows the U.S. bugged the hotel rooms and phones of then-Iranian President Mahmoud Ahmadinejad and his entire 143-member delegation in 2007, listening to thousands of conversations and learning the "social networks" of Iran's leadership. The three-page document, called "Tips for a Successful Quick Reaction Capability," recounted what happened when the NSA was asked by the Bush administration for blanket surveillance of Ahmadinejad's September 2007 trip to the UNGA. Ahmadinejad was then in his first term as president but already notorious in the West for questioning the Holocaust and saying Israel should be wiped off the map."
Secret Document: How the NSA Spied on Iranians in New York
NBC News, 23 September 2015

"Almost half of Americans, 49%, say the federal government poses "an immediate threat to the rights and freedoms of ordinary citizens," similar to what was found in previous surveys conducted over the last five years. When this question was first asked in 2003, less than a third of Americans held this attitude."
Half in U.S. Continue to Say Gov't Is an Immediate Threat
Gallup, 21 September 2015

"President George W. Bush sought to retroactively authorize portions of the National Security Agency’s post-9/11 surveillance and data collection program after a now-famous incident in 2004 in which his attorney general refused to certify the program as lawful from his hospital bed, according to newly declassified portions of a government investigation. Mr. Bush’s effort to salvage the surveillance program without changes did not satisfy top Justice Department officials, who threatened to resign. But the newly disclosed passages of a report by inspectors general of six agencies suggest that the confrontation in the hospital room came after the Justice Department identified several problems, including a “gap” between what Mr. Bush had authorized the N.S.A. to collect and what the agency was collecting in practice. A leak of government documents in 2013 revealed that the fight had been partly about the legality of the N.S.A.’s collection of data about Americans’ emails in bulk. But the latest disclosure shows that the Justice Department had additional concerns. For example, Mr. Bush’s secret directives to the agency, starting in October 2001, said the N.S.A. could “acquire” phone and email metadata — logs showing who contacted whom, but not what they said — if at least one end was foreign or if a specific message were linked to terrorism. But the agency was apparently gathering purely domestic metadata in bulk, too, the Justice Department found. Mr. Bush, in response to the discrepancy identified by the Justice Department, declared that the N.S.A. was authorized to systematically collect the metadata of purely domestic communications, too, so long as analysts only looked at records linked to terrorism. He also declared that the agency had been authorized to do that all along. The authorization “gap” was among the disclosures in newly declassified passages of a 746-page report by six agencies’ inspectors general about the N.S.A. program, code-named Stellarwind. The report also shows that after March 2004, the Justice Department persuaded the White House to limit the program to investigations of Al Qaeda, rather than allowing it to be used for other types of international counterterrorism investigations, to make the argument that the program was legally justified as a wartime measure."
George W. Bush Made Retroactive N.S.A. ‘Fix’ After Hospital Room Showdown
New York Times, 20 September 2015

"Former US intelligence contractor Edward Snowden’s revelations rocked the world. According to his detailed reports, the US had launched massive spying programs and was scrutinizing the communications of American citizens in a manner which could only be described as extreme and intense. The US’s reaction was swift and to the point. “Nobody is listening to your telephone calls,” President Obama said when asked about the NSA. As quoted in The Guardian, Obama went on to say that surveillance programs were “fully overseen not just by Congress but by the Fisa court, a court specially put together to evaluate classified programs to make sure that the executive branch, or government generally, is not abusing them”. However, it appears that Snowden may have missed a pivotal part of the US surveillance program. And in stating that the “nobody” is not listening to our calls, President Obama may have been fudging quite a bit. In fact, Great Britain maintains a “listening post” at NSA HQ. The laws restricting live wiretaps do not apply to foreign countries and thus this listening post is not subject to US law. In other words, the restrictions upon wiretaps, etc. do not apply to the British listening post. So when Great Britain hands over the recordings to the NSA, technically speaking, a law is not being broken and technically speaking, the US is not eavesdropping on our each and every call. It is Great Britain which is doing the eavesdropping and turning over these records to US intelligence. According to John Loftus, formerly an attorney with the Department of Justice and author of a number of books concerning US intelligence activities, back in the late seventies the USDOJ issued a memorandum proposing an amendment to FISA. Loftus, who recalls seeing the memo, stated in conversation this week that the DOJ proposed inserting the words “by the NSA” into the FISA law so the scope of the law would only restrict surveillance by the NSA, not by the British. Any subsequent sharing of the data culled through the listening posts was strictly outside the arena of FISA. Obama was less than forthcoming when he insisted that “What I can say unequivocally is that if you are a US person, the NSA cannot listen to your telephone calls, and the NSA cannot target your emails … and have not.” According to Loftus, the NSA is indeed listening as Great Britain is turning over the surveillance records en masse to that agency. Loftus states that the arrangement is reciprocal, with the US maintaining a parallel listening post in Great Britain. In an interview this past week, Loftus told this reporter that he believes that Snowden simply did not know about the arrangement between Britain and the US. As a contractor, said Loftus, Snowden would not have had access to this information and thus his detailed reports on the extent of US spying, including such programs as XKeyscore, which analyzes internet data based on global demographics, and PRISM, under which the telecommunications companies, such as Google, Facebook, et al, are mandated to collect our communications, missed the critical issue of the FISA loophole.... in light of the reciprocal agreement between the US and Great Britain, the entire hoopla over NSA surveillance, Section 215, FISA courts and the USA Freedom Act could be seen as a giant smokescreen. If Great Britain is collecting our real time phone conversations and turning them over to the NSA, outside the realm or reach of the above stated laws, then all this posturing over the privacy rights of US citizens and surveillance laws expiring and being resurrected doesn’t amount to a hill of CDs. The NSA was contacted with a query about the GB listening post, as was British intelligence. A GCHQ spokesperson stated: “Our response is that we do not comment on intelligence matters.” The NSA also declined to comment."
Janet Phelan - The Fundamentals of US Surveillance: What Edward Snowden Never Told Us?

New Eastern Outlook, 19 September 2015

"Much more significant than the hysteria about 'mass surveillance' that accompanied Snowden was the realisation that governments had no clear idea of what their spies were up to."
Out of the shadows
London Times, 18 September 2015, Print Edition, P18

"The National Security Agency routinely shares raw intelligence data with Israel without first sifting it to remove information about US citizens, a top-secret document provided to the Guardian by whistleblower Edward Snowden reveals. Details of the intelligence-sharing agreement are laid out in a memorandum of understanding between the NSA and its Israeli counterpart that shows the US government handed over intercepted communications likely to contain phone calls and emails of American citizens. The agreement places no legally binding limits on the use of the data by the Israelis....The NSA declined to answer specific questions about the agreement, including whether permission had been sought from the Foreign Intelligence Surveillance (Fisa) court for handing over such material. The memorandum of understanding, which the Guardian is publishing in full, allows Israel to retain "any files containing the identities of US persons" for up to a year. The agreement requests only that the Israelis should consult the NSA's special liaison adviser when such data is found. Notably, a much stricter rule was set for US government communications found in the raw intelligence. The Israelis were required to "destroy upon recognition" any communication "that is either to or from an official of the US government". Such communications included those of "officials of the executive branch (including the White House, cabinet departments, and independent agencies), the US House of Representatives and Senate (member and staff) and the US federal court system (including, but not limited to, the supreme court)". It is not clear whether any communications involving members of US Congress or the federal courts have been included in the raw data provided by the NSA, nor is it clear how or why the NSA would be in possession of such communications. In 2009, however, the New York Times reported on "the agency's attempt to wiretap a member of Congress, without court approval, on an overseas trip"."
NSA shares raw intelligence including Americans' data with Israel
Guardian, 11 September 2013

"Microsoft can track every word you type, or say out loud, while using its latest operating system, Windows 10. Windows 10, which unites the Microsoft ecosystem across a host of devices including smartphones, tablet and desktops PC, first rolled out back in July. The Microsoft OS saw huge adoption within the first few hours of its release – but the free upgrade process has not been without issues.  Users have reported agonisingly slow boot-up speeds, wifi issues and problems with child safety features following the jump to Windows 10. The news comes days after it was revealed Microsoft was working on a major update for its latest operating system, which featured a visual refresh. Now a keylogger has reportedly been discovered within the latest Microsoft operating system. The Redmond firm included the software, which tracks every keystroke made on the Windows 10 device, to try and improve its products and services. Voice data is also collected and analysed every time virtual assistant Cortana is used on the desktop operating system. It was thought that Microsoft would only include the key logger within the Technical Preview versions of the operating system, so that it could use the vast data supplied by beta testers to tweak the final release. However the slightly creepy software has now been included in the commercial version of Windows 10, PC World has confirmed."
Windows 10: Microsoft is recording EVERYTHING you type, but here's how to stop it
Express, 8 September 2015

"A new phone is supposed to be a clean slate. But alarmingly, that's not always the case. Security company G Data has identified more than 20 mobile phones that have malware installed despite being marketed as new, according to a research report. And it doesn't appear the infection is occurring during manufacturing. "Somebody is unlocking the phone and putting the malware on there and relocking the phone," said Andy Hayter, security evangelist for G Data. Many of the suspect phones are sold in Asia and Europe through third parties or middleman and aren't coming directly from the manufacturers, Hayter said. Brands of affected phones include Xiaomi, Huawei, Lenovo, Alps, ConCorde, DJC, Sesonn and Xido. G Data has contacted some manufacturers, including Lenovo, whose S860 Android smartphone in one instance was found to have the malware. Ray Gorman, Lenovo's executive director of external communications, wrote in an email that the device G Data analyzed came from a third-party marketplace. The malware was installed by middlemen, he wrote."
Your brand new phone could still have malware
PCWorld, 1 September 2015

"Intelligence agencies around the world are trawling leaked data from the Ashley Madison adultery website hack to glean personal information and even use it as a possible blackmail tool, sources have said. British spy agencies have already checked the leaked records to see if their own staff could be vulnerable, but are also checking the data for details on potential intelligence targets. The millions of worldwide accounts whose details have been stolen and leaked are likely to include members who hold jobs in sensitive areas of government and industry. The leaked membership details of the site used by people to set up extramarital affairs could also now be checked when vetting those who need security clearance for sensitive posts. A senior Government source said the data which has been published on the dark web was being checked by British agencies and was considered by spies around the world as a trove of potential information. The source said: 'We have been looking at it to see if our people are vulnerable. But there are also people looking at it to see how it can be used. Some countries will be looking at it for blackmail.' Details of people’s personal lives and online habits could also be used by spies plotting ways to approach them. Nigel Inkster, a former assistant chief of MI6, said British intelligence agencies did not engage in blackmail, but 'other intelligence agencies are less scrupulous'. He said: 'If you are looking at a person as a potential intelligence target, then of course knowing as much as possible about what’s missing from their lives and what they are doing to fill it is of potential interest.' "
British spies trawl Ashley Madison leak for intelligence
Telegraph, 31 August 2015

"A challenge to the National Security Agency’s bulk collection of telephone-call data was dealt a setback when a U.S. appeals court ruled a judge who called the initiative 'almost Orwellian' was wrong to block the program. U.S. District Judge Richard Leon in 2013 granted legal activist Larry Klayman’s request that he halt the NSA’s collection of his data. Leon then put that ruling on hold pending a government appeal. A divided three-judge panel Friday overturned Leon's order, while saying Klayman's case may still proceed. The judges all agreed Klayman hadn’t shown he is likely to succeed in his lawsuit, but two of them said he should have the opportunity. One of those two, U.S. Circuit Judge Janice Rogers Brown, said it was entirely possible the Obama administration may rightfully refuse to turn over the information Klayman requests."
Obama Administration Wins Ruling in NSA Data Collection Case
Bloomberg, 28 August 2015

"In July 2013, GCHQ, Britain’s equivalent of the U.S. National Security Agency, forced journalists at the London headquarters of The Guardian to completely obliterate the memory of the computers on which they kept copies of top-secret documents provided to them by former NSA contractor and whistleblower Edward Snowden.... At a speech given at the Chaos Communication Camp technology conference a few weeks ago in Germany, Al-Bassam and Tynan explored the details surrounding GCHQ’s decisions about how to destroy the devices, and hypothesized about what the government’s intentions might have been beyond intimidation. 'Normally people just destroy the hard drive,' said Al-Bassam. But GCHQ took it several steps further. The spy agency instructed Guardian editors to destroy parts of multiple MacBook Airs’ track pad controllers, power controllers, keyboards, CPUs, inverting converters, USB drives, and more. According to 'Joint Services Publication 440,' a 2001 British government document released by WikiLeaks, the U.K. Ministry of Defense mandates total destruction of top-secret information in order to protect it from 'FISs [foreign intelligence services], extremist groups, investigative journalists, and criminals.' However, when Al-Bassam and Tynan sent an email asking the British government for the 'HMG (Her Majesty’s Government) Information Assurance Note 5,' the government-wide document that contains the U.K.’s 'sanitization' policies — i.e., the specific steps necessary to destroy top-secret data — the government denied their request. The sanitization policies of the other members of the so-called 'Five Eyes' intelligence alliance — the U.S., New Zealand, Canada and Australia — are public, and appeared to have very similar requirements to the techniques used to destroy The Guardian’s computers. But in allowing The Guardian’s editors to destroy the devices themselves, and hold onto the remaining shards of computer dust, the British government essentially revealed those policies — by making it possible for people like Al-Bassam and Tynan to analyze just why they might have destroyed each part in such a specific way. What Al-Bassam and Tynan theorized was that the government may have targeted parts of the Apple devices that it 'doesn’t trust': pieces that can retain bits of electronic information even after the hard drive is obliterated. The track pad controller, they said, can hold up to 2 megabits of memory. All the different 'chips' in your computer — from the part that controls the device’s power to the chips in the keyboard — also have the capacity to store information, like passwords and keys to other data, which can be uploaded through firmware updates. According to the public documents from other members of Five Eyes, it is incredibly difficult to completely sanitize a device of all its content. New Zealand’s data deletion policies state that USB memory is only destroyed when the dust is just a few millimeters in length. 'This wasn’t a random thing,' said Tynan, pointing to a slide displaying a photo of a completely destroyed pile of USB chip shards. These hidden memory storage locations could theoretically be taken advantage of, Tynan and Al-Bassam said, by a computer’s owner, hackers, or even the government itself, either during its design phase or after the computer is purchased. The Russian cybersecurity firm Kaspersky Lab has presented evidence that an organization it calls 'Equation Group,' which is reportedly linked to the NSA, has developed ways to 'create an invisible, persistent area hidden inside [a computer’s] hard drive' that would be virtually undetectable by the computer’s owner. This area could be used 'to save exfiltrated information which can be later retrieved by the attackers.' Other technologists and computer experts agreed with Al-Bassam and Tynan that significant data could theoretically be stored on a computer’s various chips. 'It’s actually possible to store quite a bit of data in a small space — look at Micro SD cards!' wrote Dan Kaminsky, a computer security specialist, in an e-mail to The Intercept. 'But generally these other data stores are small. [They] can certainly store cryptographic keys pretty much anywhere though; those things are minuscule.' Steve Burgess, a computer forensics and data recovery expert, echoed Kaminsky’s technical points: 'Certainly data could be stored on any kind of flash memory or SSD (if there was one), or on the computer’s BIOS, and of course on the hard disk’s rotating media — and its own on-board flash storage.'"
The Way GCHQ Obliterated The Guardian’s Laptops May Have Revealed More Than It Intended
The Intercept, 26 August 2015

"Switzerland's top data cop says Microsoft has 'gone too far' in abusing people’s privacy. The Federal Commissioner for Data Protection, Jean-Philippe Walter, told Le Temps on Sunday that he was prepared to take Microsoft to court if it does not alter its privacy policy for Windows 10. According to Walter, the installation procedure does not properly inform users about the scope of the default settings. In France, the data protection authority CNIL issued public advice on how to set up privacy controls for Windows 10 earlier this month, but CNIL's Swiss counterpart is feeling more combative. 'If necessary, we will issue a recommendation,' he warned – a recommendation which could be for the authorities to ban the sale of Windows 10 in Switzerland. But it’s not just Microsoft. Walter sees demons elsewhere: 'We cannot let citizens become completely enslaved to big companies such as Google and Facebook,' said Walter. 'They eat away at our freedom every day. If we do not respond, one day it will be too late. Some analysts expect the end of the private sphere in the next 20 years,' he added."
Swiss watch: Cuckoo-clock cops threaten Win 10 whup-ass can pop
The Register, 25 August 2015

"The newly appointed UN special rapporteur on privacy, Joseph Cannataci, has called the UK's oversight of surveillance "a rather bad joke at its citizens’ expense," and said that the situation regarding privacy is "worse" than anything George Orwell imagined in his novel 1984. Speaking to The Guardian, Cannataci said: "at least Winston [a character in Orwell's 1984] was able to go out in the countryside and go under a tree and expect there wouldn’t be any screen, as it was called. Whereas today there are many parts of the English countryside where there are more cameras than George Orwell could ever have imagined. So the situation in some cases is far worse already." Cannataci is also concerned about the routine surveillance carried out by Internet companies as a key part of their business model. "They just went out and created a model where people’s data has become the new currency," he said. "And unfortunately, the vast bulk of people sign their rights away without knowing or thinking too much about it." The mandate of the new post of UN special rapporteur on privacy is broad. Cannataci, who is a professor of law at the University of Malta, and uses neither Facebook nor Twitter, is empowered to review government policies on digital surveillance and the collection of personal data, and to identify activities that harm privacy protection without any compelling justification. He can also give his views on how the private sector should be addressing its human rights responsibilities in this field. There are four main tasks he has set himself: drawing up a universal law on surveillance; tackling the business models of the big Internet companies; defining what "privacy" exactly entails; and raising awareness of these issues among the public. The Guardian quotes him as saying the world "needs a 'Geneva convention for the internet" to safeguard data and combat the threat of massive clandestine digital surveillance." Cannataci recognises that he will be unable to achieve this within his three-year mandate, or even if it is renewed, but believes that it is important to take a long-term view. He acknowledges that Edward Snowden will be looked upon as "a traitor by some and a hero by others," but says that his leaks were "very important" because they confirmed what many working in the fields of privacy and data protection had believed to be the case. Snowden's revelations also demonstrated "the extent to which [government surveillance] has gone out of control," something many hope Cannataci will try to address in his new role. Cannataci was chosen for the role after the first-ranked candidate, the Estonian Katrin Nyman-Metcalf, was blocked on the grounds that "she would not be a strong enough critic of US surveillance.""
UK surveillance 'worse than 1984,' says new UN privacy chief
ArsTechnica, 25 August 2015

"Ex-US president George W Bush, former Vice President Dick Cheney, and senior law enforcement officials have been named in a class-action lawsuit for authorizing blanket phone, email, and text message surveillance of Utah citizens during the 2002 Winter Olympics. In 2013 the Wall Street Journal reported that the FBI and NSA had done a deal with telco Qwest Communications for blanket surveillance coverage for Salt Lake City during the Winter Olympics. Then-mayor Ross "Rocky" Anderson has now taken up the case and has filed the class action suit. "This is the first time anyone knows of that a surveillance cone has been placed over a specific geographical area in the United States," he told The Register on Thursday. "What was so alarming was that they were reading the contents of the text messages and emails."...There are currently six plaintiffs, including Utah State Senator Howard Stephenson (R-Draper), former Salt Lake City Council member Deeda Seed, and local historian Will Bagley. In addition to the presidential duo, the suit names former NSA Director Michael Hayden and Cheney's attorney David Addington, who authorized the surveillance. The case is going to prove interesting. If it is allowed to proceed, it could bring to light just how the mass surveillance introduced days after the September 11 attacks was carried out, and – crucially – if there was proper legal authority to do so. When in office, Anderson was a vocal opponent of the domestic surveillance program carried out by the government and was a fierce critic of George Bush. He called for Bush's impeachment over the Iraq War and has been active in investigating cases of surveillance overreach."
Ex-Prez Bush, Cheney sued for email, phone spying during Olympics
The Register, 20 August 2015

"Hackers are able to spy on smartphone users anywhere in the world. In one of the biggest threat to privacy breaches the world has ever seen, Australians may have their names, addresses, bank account details and medical data stolen due to a security vulnerability. Channel Nine's 60 Minutes has uncovered a security hole in modern telecommunications that enables cyber criminals to listen in on phone conversations and read text messages.... Criminals, commercial spies and suspected terrorists are allegedly exploiting the security loophole for their own benefit by accessing the system, which is being used by major Australian providers."
Hackers can access EVERY call and message you send
Mail, 16 August 2015

"John Brennan was about to say he was sorry. On July 28, 2014, the CIA director wrote a letter to senators Dianne Feinstein and Saxby Chambliss — the chairwoman of the Senate Intelligence Committee (SSCI) and the panel's ranking Republican, respectively. In it, he admitted that the CIA's penetration of the computer network used by committee staffers reviewing the agency's torture program — a breach for which Feinstein and Chambliss had long demanded accountability — was improper and violated agreements the Intelligence Committee had made with the CIA. The letter was notable in part because Brennan initially denied the January 2014 search of the Senate's computer network even took place. And later, when it became clear that it had — and that he had known of it while publicly denying that it happened — he refused to acknowledge that it was wrong. For months, Feinstein and other committee members were clamoring for a written apology to make part of the official record. Brennan's mea culpa was prompted by a memo he'd received 10 days earlier from CIA Inspector General David Buckley. After the Office of the Inspector General (OIG) was tasked with looking into the intrusion, it found that the CIA employees who broke into the Senate's computer network in hopes of tracking down CIA documents the Senate wasn't allowed to see (according to the agency) may have broken federal laws. "I recently received a briefing on the [OIG's] findings, and want to inform you that the investigation found support for your concern that CIA staff had improperly accessed the [Intelligence Committee] shared drive on the RDINet [an acronym for rendition, detention, and interrogation] when conducting a limited search for CIA privileged documents," Brennan wrote. "In particular, the [OIG] judged that Agency officers' access to the… shared drive was inconsistent with the common understanding reached in 2009 between the Committee and the Agency regarding access to RDINet. Consequently, I apologize for the actions of CIA officers…. I am committed to correcting the shortcomings that this report has revealed." But Brennan didn't sign or send the apology letter. Instead, four days later, he sent Feinstein and Chambliss a different letter — one without an apology or admission that the search of their computer network was improper. He did say, however, that he was going to "stand up" an "independent" accountability review board, whose members would be appointed by Brennan, to look into the OIG findings and determine whether the CIA employees who conducted the search should be punished. Last December, that accountability board issued a report and overturned nearly all of Buckley's findings and conclusions. It also exonerated Brennan and the CIA personnel who searched the Senate's computer network. Brennan did verbally apologize to Feinstein and Chambliss during an in-person briefing about the findings of the OIG report, but Intelligence Committee members told VICE News it was unacceptable because there was not a written record of it. The lawmakers also noted that Brennan should have apologized to them — and to the Senate staffers who the CIA referred to the Justice Department for criminal prosecution....The draft apology letter Brennan wrote to Feinstein and Chambliss are two of more than 300 pages of documents [pdf at the bottom of this story] VICE News obtained in response to a joint Freedom of Information Act (FOIA) lawsuit filed against the CIA with Ryan Shapiro, a historian and doctoral candidate at the Massachusetts Institute of Technology who specializes in national security research....After VICE News received the documents, the CIA contacted us and said Brennan's draft letter had been released by mistake. The agency asked that we refrain from posting it. We declined the CIA's request."
The Google Search That Made the CIA Spy on the US Senate
Vice News, 14 August 2015

"A divided appellate court panel in Richmond, Virginia, ruled on Wednesday that citizens do not give up their privacy rights just because their mobile-phone providers know where to reach them. The decision is the strongest assertion of the Fourth Amendment rights of mobile phone users out of three appellate court decisions on the matter, setting up a likely Supreme Court hearing. 'The tide I think is turning,' said Hanni Fakhoury, a senior staff attorney with the Electronic Frontier Foundation, which joined a friend-of-the-court brief in the case of Aaron Graham, a man convicted of armed robbery after his cell phone location information over seven months was obtained by the government from Sprint. The Fourth Circuit Court of Appeals ruling rejected the 'third party doctrine,' a legal theory that private information held by a company is not protected by the Fourth Amendment’s prohibitions against unreasonable search and seizure. The ruling acknowledged the prevalence and advancement of technology in our lives. 'People cannot be deemed to have volunteered to forfeit expectations of privacy by simply seeking active participation in society through use of their cell phones,' the court wrote. 'It’s great for us going forward,' says Nate Wessler, a staff attorney with the American Civil Liberties Union’s Speech, Privacy, and Technology Project. 'It’s a robust recognition of how much private information can be revealed through our cell phone records — doctor’s office visits, AA meetings … in the aggregate, it paints a strong picture of our lives.' Wessler said a Supreme Court hearing on the case is now more likely."
Court Rules Warrantless Cell Phone Tracking Violates Fourth Amendment
The Intercept, 5 August 2015

"When I published the ECHELON story in August 1988, it got little mainstream attention. It was ignored for a decade, downplayed by many as European paranoia. In 1999, at last, ECHELON attracted the concern of Europe’s Parliament, which commissioned an investigation. My report, 'Interception Capabilities 2000,' outlined what ECHELON was and was not. With ECHELON under investigation in Europe, Margaret Newsham decided to reveal her identity as the whistleblower, and retold her story on CBS’s '60 Minutes.' The European Parliament then mandated extensive action against mass surveillance. Their recommendations were passed in full on September 5, 2001. Six days later, the Twin Towers came down. Any plans for limiting mass surveillance were buried with the victims of 9/11, and never formally published. But proof of ECHELON has become available. In December 2014, I asked fellow Scottish journalist and Intercept reporter Ryan Gallagher to check Snowden’s documents. Was there evidence of ECHELON? There was; the documents included details of the 'ECHELON agreement' and more — a batch of GCHQ and NSA documents confirming what whistleblower Margaret Newsham had revealed 27 years ago. ECHELON was indeed 'a system targeting communications satellites' that began nearly 50 years ago. 'In 1966, NSA established the FROSTING program, an umbrella program for the collection and processing of all communications emanating from communication satellites,' according to a January 2011 newsletter published by the NSA’s Yakima Research Station. 'FROSTING’s two sub-programs were TRANSIENT, for all efforts against Soviet satellite targets, and ECHELON, for the collection and processing of INTELSAT communications.' Another report, published in NSA’s 'SID Today' newsletter in 2005, stated that 'yes, there is an ECHELON system,' and noted that the 'extensive story of ECHELON would be part of the forthcoming history initiative.' A 2010 GCHQ report noted that 'historically, NSA has been a large source of funding for COMSAT [interception]. Many current COMSAT assets were purchased by NSA and are supported by GCHQ under the Echelon Agreement.' The documents also confirmed the role of ECHELON Dictionaries as 'text keyword scanning engines.' Other previously published Snowden documents show that CARBOY, whose expansion plans Newsham gave me, was a 'primary' foreign satellite collection operation at Bude. The most shocking part of ECHELON, confirmed by the Snowden documents, is that it was built to target Intelsat satellites, which in the early years were used primarily by Western countries; the United States was the largest owner and user. The Soviet Union, China and their allies didn’t have ground stations, nor the equipment to connect to Intelsat, until years later. The Yakima site, which started operating in May 1973, was 'established under the ECHELON program to collect and process INTELSAT communications during the height of the Cold War,' reads a July 2012 newsletter published by the NSA’s Yakima Research Station. One more GCHQ document linked Edward Snowden’s archive back to where my journey first began, with John Berry and the ABC case. The GCHQ station in Cyprus where Berry served has the code name 'SOUNDER.' Here, too, NSA was heavily involved, according to the document: 'Under the ECHELON Agreement, NSA provides 50% of the funding for the SOUNDER Comsat facility.' The NSA’s 'SID Today' newsletter concludes by recounting that the agency showed arrogance in evading public scrutiny. It describes how ECHELON 'caught the ire of Europeans,' prompting a European Parliament investigation in 2000. The NSA newsletter writer wrote that when a European delegation came to Washington to visit NSA and other agencies, they were snubbed and their appointments were cancelled. 'Our interests, and our SIGINT partners’ interests, were protected throughout the ordeal,' reads the report. NSA claimed that the Parliament investigation 'reflected not only that NSA played by the rules, with congressional oversight, but that those characteristics were lacking when the [European delegation] applied its investigatory criteria to other European nations.' According to the NSA writer, the Europeans were 'pigs' wading in filth. 'The 'pig rule' applied when dealing with this tacky matter: 'Don’t wrestle in the mud with the pigs. They like it, and you both get dirty.' Attitudes like this have made the secret dirty world of electronic mass surveillance difficult to expose, and more difficult to get changed. Even today, neither GCHQ nor NSA will comment on ECHELON or other specific issues raised in the Snowden documents. ('It is long standing policy that we do not comment on intelligence matters,' GCHQ said in a statement.) Yet change has happened, and at increasing speed." In May 2015, two years after Edward Snowden’s revelations were first published, I was invited on behalf of a former 'C' — chief of the U.K.’s Secret Intelligence Service — to co-introduce a conference on intelligence, security and privacy. Nearly three decades after almost going to prison for allegedly exposing GCHQ’s secrets, my partner in starting the conference was the agency’s newly appointed director, Robert Hannigan. No one present argued against greater openness. Thanks to Edward Snowden and those who courageously came before, the need for public accountability and review has become unassailable."
Duncan Campbell - GCHQ and Me
The Intercept, 3 August 2015

"Prime Minister Shinzo Abe, key figures of his former administration and several of Japan’s most powerful companies have been the targets of long-term US spying operations, according to documents published on the WikiLeaks website. The alleged operations to bug phones and intercept communications date back at least a decade and suggest that the US maintained extensive surveillance of its closest ally in Asia.  That surveillance appears to have allowed the US to gather intelligence from conversations held at the prime minister’s residence in Tokyo, according to the WikiLeaks documents. One of the documents, which dates from Mr Abe’s first, year-long stint as prime minister in 2007, details his preparations for a visit to Washington in April that year and his expected stance on climate change. The WikiLeaks website, drawing on secrets stolen by US whistleblower Edward Snowden in 2013, has previously alleged systematic spying by the US on the governments of Brazil, France and Germany. Revelations that the mobile phone of German Chancellor Angela Merkel had been tapped created a frost in US-German ties. One senior adviser to the Japanese cabinet office said that, since the tapping of Ms Merkel’s phone had come to light, 'Japan’s top leaders assumed they were being listened to as well'. The US appears to have used its deep access to the inner workings of Japan’s government and corporations to secretly observe the country’s preparations for other international summits and forums where Japan-US relations might be tested. Trade and climate change issues emerge as a keen area of focus for the US spying agency. The leaked documents, which WikiLeaks claims to have obtained from the US National Security Agency, include four 'top secret' reports and a list of 35 Japanese targets for telephone intercepts. The documents range between 2007 and 2009 — a period that saw Japan shuffle through four prime ministers. The phone intercept targets appear to have been identified from as early as 2003. As well as the main switchboard for the cabinet office, the target list suggests that the NSA has attempted to intercept the phone calls of staff belonging to Japan’s chief cabinet secretary, the minister of economy trade and industry, senior officials within the finance ministry and the governor of the Bank of Japan. The list of targets also suggested that the energy divisions of both Mitsui and Mitsubishi were victims of the NSA’s spying operations. One person close to the Japanese cabinet said that the documents, published as Mr Abe is facing heavy public opposition to security legislation, 'could not have come at a worse time'. The controversial changes being pushed into law by Mr Abe would allow Japan to reinterpret its pacifist constitution, enabling the military to extend its role and join allies such as the US in overseas operations of collective self-defence."
WikiLeaks: NSA spied on Abe and Japanese companies
Financial Times, 31 July 2015

"[Windows 10] will automatically sync with the Microsoft servers and silently pass along and store information about you including; your browser history, favourites and the websites you’re currently viewing. Mobile hotspot passwords and Wi-Fi network names and passwords are also logged. Cortana, the new personal virtual assistant records and shares everything you do to function properly....These settings can be turned off, but that may effect the performance of the operating system – in particular Cortana."
Windows 10 might be free, but your privacy is priceless
Acclaimed News, 30 July 2015

"Historic phone records collected in bulk by the National Security Agency are poised to be purged from the NSA’s database later this year, the Office of the Director of National Intelligence said this week. Effective Nov. 29, NSA analysts will no longer have access to a trove of millions of call records and other so-called metadata that had been collected by U.S. intelligence officials pursuant to an interpretation of part of the post-9/11 Patriot Act that was reined in earlier this year. In light of ongoing litigation, however, the ODNI acknowledged that any of those records that were collected during the last five years cannot be expunged until those legal matters are resolved. The telephony metadata preserved solely because of preservation obligations in pending civil litigation will not be used or accessed for any other purpose, and, as soon as possible, NSA will destroy the Section 215 bulk telephony metadata upon expiration of its litigation preservation obligations,' the ODNI said. Under Section 215 authority, telephony metadata containing basic information such as the duration of phone calls and the parties involved had been collected by the NSA and stored to be queried during late possible investigations. Former intelligence contractor Edward Snowden leaked details about that program in 2013, which spawned an international debate concerning the American surveillance apparatus and its capabilities that had previously been kept hidden from the public and subsequent scrutiny. The program faced challenges in several federal courts and the House and Senate. In June, Congress approved the USA Freedom Act, in turn ending the intelligence community’s ability to conduct dragnet phone surveillance that had been codified shortly after the Sept. 11, 2001, terrorist attacks. Passage of the USA Freedom Act provided for a six-month transition period in which private telecommunication companies will prepare to be the sole collectors of user call records."
NSA bulk-collected phone records to be purged in November
Washington Times, 28 July 2015

"In what has become an ongoing struggle to maintain Americans’ privacy rights in national security measures, the National Security Agency (NSA) has agreed to destroy millions of Americans’ phone records collected under its contentious surveillance program, the Associated Press reports. The Bush administration created the bulk collection program under Section 215 of the USA Patriot Act following the Sept. 11 attacks in 2001. But it garnered international attention after former NSA contractor Edward Snowden unveiled the large-scale intelligence gathering effort in 2013. After Congress’s inaction let Section 215 expire on June 1, 2015, President Obama passed the USA Freedom Act the next day. Under this legislation, phone companies, rather than the federal government, will gather and store metadata – numbers dialed and the duration of phone calls – but not their content. Intelligence officials can still access records relevant to a national security investigation, but will need a warrant from the Foreign Intelligence Surveillance Act (FISA) to do so. The law gave the government six months to make the transition, but didn’t specify whether or not the NSA would still be able to access records it’s already collected. Though the program has been around for a decade, most of its records are purged every five years, so half of the collection has already been discarded, reports the Associated Press. In a statement released Monday, the director of national intelligence said the NSA will no longer examine those records in terrorism investigations after Nov. 29, 2015. Because the agency is still undergoing lawsuits over the records, it’s legally obliged to preserve them until then. But once that date passes, they will be destroyed "as soon as possible," the statement reads. Reforms to Section 215 of the Patriot Act drew bipartisan approval in Congress. Yet hardline privacy advocates such as Sen. Rand Paul (R) of Kentucky, said they could have done more to restore civil liberties, wrote The Christian Science Monitor’s Francine Kiefer in June. On the other hand, Sen. Mitch McConnell (R) of Kentucky, said the USA Freedom Act 'undermines American security by taking one more tool from our war fighters at exactly the wrong time.' Most Americans agree that their privacy rights should trump national security concerns. According to a Pew Research Survey conducted in June 2014, 74 percent of those polled say Americans shouldn’t have to give up privacy and freedom in order to be safe from terrorism, while just 23 percent argue the opposite. But opinion is more divided when asked specifically about the NSA’s data collection program. Fifty-four percent of Americans disapprove of the government’s collection of telephone and Internet data as part of anti-terrorism efforts, while 42 percent approve of the program. Yet among privacy advocates, surveillance is a common enemy that cuts across political ideologies and party lines, Josh Withrow, legislative affairs manager for FreedomWorks, told the Monitor. According to the same Pew Research study, nearly 70 percent of surveyors identified as steadfast conservatives oppose the government’s data collection program, as do 61 percent of business conservatives and 58 percent of solid liberals."
NSA to destroy millions of Americans’ phone records (+video)
Christian Science Monitor, 28 July 2015

"Official guidance about the surveillance of politicians shows that MEPs can have their telephones tapped and their emails intercepted. Documents disclosed at a tribunal reveal that while the security services are prevented from intercepting the communications of MPs and peers, they can put members of the European parliament, the Northern Ireland assembly, the Welsh assembly and the Scottish parliament under electronic surveillance. The 'Wilson doctrine', devised by the former prime minister Harold Wilson, gives politicians protection against snooping unless the prime minister approves it under exceptional circumstances. Until now this safeguard was assumed to extend to all parliamentarians. But an internal M15 document from February 2015 details exceptions: 'It follows that the Wilson doctrine would not apply to . . . a member of the European parliament or a devolved administration.'"
MI5 at liberty to snoop on MEPs
Sunday Times, 26 July 2015

"POLICE Scotland were yesterday urged to come clean over whether officers broke new laws making it harder for them to spy on journalists. Since March, officers have needed a judge’s permission before using electronic surveillance techniques to identify reporters’ sources. Previously, they only needed a superintendent’s permission to seize data from their phones . Since the law was changed two forces have been accused of accessing journalists’ or their sources’ phones without the permission of a judge. David Cameron described the alleged breaches as a 'serious error' two weeks ago."
Police urged to reveal if they broke laws to spy on journalists
Daily Record, 26 July 2015

"GCHQ could be spying on MSPs and other politicians after reportedly changing guidance on snooping restrictions. Nicola Sturgeon, the Scottish First Minister, has demanded urgent assurances from David Cameron after claims the spy agency told staff that rules on monitoring politicians did not apply to devolved governments. It raises the prospect that the intelligence agency could be monitoring representatives of the Scottish, Welsh and Irish assemblies as well as MEPs. It came as a Government lawyer told a tribunal that the rules protecting Westminster MPs could not survive in an age of bulk data collection. GCHQ has recently change guidance surrounding the so-called Wilson Doctrine, according to the Daily Record. It was introduced in 1966 under former Labour Prime Minister Harold Wilson to ban the tapping of UK MPs' and peers' phones and was later extended to cover emails. The doctrine was drawn up before the devolved governments existed but even as recently as March the agency said it applied the principles to UK MEPs, and members of the Scottish, Welsh and Northern Irish assemblies." However, according to papers obtained by the newspaper, the guidance changed last month to say: "The doctrine does not apply to ... the interception of communications of Members of the European Parliament or devolved assemblies." ... The papers were obtained as a legal challenge over the Wilson Doctrine is being heard by the Investigatory Powers Tribunal, which considers complaints against the spy agencies. It has been brought by Green party parliamentarians Caroline Lucas and Lady Jones, and the former Respect MP George Galloway, who argue that their communications must have been intercepted by the sort of programmes exposed by the CIA whistleblower Edward Snowden.  James Eadie QC, for the Government, told the hearing on Friday that the doctrine 'simply cannot work sensibly' when bulk interception of data is taking place."
Fears GCHQ could be spying on MSPs
Telegraph, 24 July 2015

"Car brakes and other critical systems can be hacked via car infotainment systems, security researchers at NCC Group have revealed.The ingenious hack, demonstrated in an off-road environment, works by sending attack data via digital audio broadcasting (DAB) radio signals. This is similar to a hack that allowed security researchers Chris Valasek and Charlie Miller to take control of a Jeep Cherokee after sending data to its entertainment and navigation systems via a mobile phone, as previously reported. Car owners are strongly advised to apply a patch developed by Chrysler to guard against attacks that facilitate remote control of a car's engine, brakes and more from distance, simply by knowing the car's public IP address. NCC's work shows that even cars whose systems are not connected to mobile networks might be vulnerable. The hack was demonstrated to BBC Radio 4's PM programme. Andy Davis, NCC's research director, explained that an attack rig could be put together using cheap components connected to a laptop. The infotainment system of a targeted car, once compromised, could be used as a stepping stone to attack more critical systems, including steering and braking. Depending on power, a DAB broadcast could be used to attack multiple cars. 'If you had a vulnerability within a certain infotainment system in a certain manufacturer's vehicle, by sending one stream of data you could attack many cars simultaneously," he told the BBC, adding that attack data could be steganographically implanted within an audio or music stream. "[An attacker] would probably choose a common radio station to broadcast over the top of to make sure they reached the maximum number of target vehicles." The approach has only been attempted in the lab. Davis has previously hacked into a real vehicle's automatic braking system through manipulating its infotainment system. A similar approach could be replicated through a DAB broadcast, he suggested."
Now car hackers can bust in through your motor's DAB RADIO
The Register, 24 July 2015

"British intelligence agencies have been spying on MPs and peers in contravention of a decades-old convention prohibiting surveillance of politicians’ communications, a tribunal has heard. Hitherto-secret MI5, MI6 and GCHQ documents revealed in court that the agencies amended internal policies on surveillance of parliamentarians eight times in the past 12 months. The updated internal rules fail to comply with a 50-year-old political convention, known as the Wilson doctrine, which states that no parliamentarian’s telephone can be tapped unless there is a major national emergency and that changes to the policy will be reported to Parliament by the Prime Minister. Green Party politicians Caroline Lucas MP and Baroness Jones of Moulsecoomb, together with former Respect MP George Galloway, brought the legal action following CIA whistleblower Edward Snowden’s revelations about surveillance and the collection of metadata. The trio believes it is likely their communications were intercepted. Their case, contested by the intelligence agencies, is being fought in a rare public hearing before the Investigatory Powers Tribunal, although some parts of the Government’s defence will be kept secret. The IPT panel is being asked to confirm that the Wilson doctrine has force in law. Ben Jaffey, representing the Green party politicians, said the case was about what safeguards were required before members of the legislature were subject to intercept or surveillance. He said MPs need to communicate privately with their constituents and potential whistleblowers. The tribunal heard that officers from the three spy agencies have operated under eight different policies concerning interception of parliamentarians’ communications in the last 12 months alone. GCHQ introduced a policy in March this year that did not require approval by the Prime Minister, or any Minister, before deliberately targeting the communications of a parliamentarian. The policy was then revised in June. Mr Jaffey said: 'All protection for communications data and devolved legislators has been removed.' In February 2008 the then-Foreign Secretary David Miliband approved a change in MI6 policy that 'misstated' the Wilson doctrine in three ways, Mr Jaffey said, including that MI6 may continue to intercept or carry out surveillance even where the purpose is to discover further information about a Parliamentarian. The new MI6 policy from February 2015 states the Wilson doctrine 'does not prohibit the interception of Parliamentarians’ communications'. However, the Home Secretary, Theresa May, told Parliament last year in a debate on the Data Retention and Investigatory Powers Bill that the doctrine 'obviously applies to Parliamentarians', barring exceptional circumstances. Mr Jaffey said: 'The difference in emphasis between the statements made in Parliament and hitherto-secret internal guidance is notable… The material now disclosed is not sensitive. It should not have been kept secret. It shows that the Wilson doctrine has been operated in secret differently from the assurances given to Parliament about interception of Parliamentarians.'"
British intelligence service spying on MPs in defiance of laws prohibiting it
Independent, 23 July 2015

"An ongoing investigation into the security of Chrysler vehicles bears some pretty startling conclusions. In a couple of weeks, security researchers will reveal the details of a zero-day exploit that affects some 471,000 cars. Put bluntly: Hackers can take complete control of the cars from thousands of miles away. Longtime car hackers Charlie Miller and Chris Valasek recently demonstrated the dangerous possibilities of the Chrysler exploit to Wired’s Andy Greenberg. The journalist actually took a Jeep Cherokee onto the highway outside St. Louis, while the hackers took over control of the car. Using the Jeep’s Uconnect system, which plugs into a cellular network, the security researchers were able to gain control of the car’s entertainment system and then rewrite the firmware to send commands to critical systems like the brakes, steering, and transmission."
Hackers Have the Power to Remotely Hijack Half a Million Chrysler Cars
Gizmodo, 21 July 2015

"WikiLeaks has published evidence that the NSA systematically spied on German Foreign Minister Frank-Walter Steinmeier, as well as other officials. The alleged spying reportedly predates the September 11, 2001 attacks. German Foreign Minister Frank-Walter Steinmeier was reportedly the target of systematic spying by the US National Security Agency (NSA), according to information released Monday by transparency organization WikiLeaks. WikiLeaks documented an intercepted conversation or phone call held by Steinmeier on November 29, 2005 shortly after he had completed his first official visit to the United States as foreign minister. It is unclear with whom Steinmeier was speaking at the time, but the subject of the call was the US Central Intelligence Agency's (CIA) controversial renditions program. It was alleged that the US had used the airspace and airport facilities of cooperating European countries to illegally abduct European citizens and residents in order to interrogate them at secret "black site" prisons. Steinmeier denied knowledge of the alleged rendition flights in 2005 and according to the intercept, "seemed relieved that he had not received any definitive response from the US secretary of state regarding press reports of CIA flights through Germany to secret prisons in Eastern Europe allegedly used for interrogating terrorism subjects." Human rights groups have accused the United States of having used the so-called "extraordinary renditions" in order to interrogate suspected terrorists using methods not allowed in the US itself, including torture."
WikiLeaks: Steinmeier target of systematic NSA spying
Deutsche Welle, 20 July 2015

"There are lots of ways that government spies can attack your computer, but a U.S. drone company is scheming to offer them one more. Boeing subsidiary Insitu would like to be able to deliver spyware via drone. The plan is described in internal emails from the Italian company Hacking Team, which makes off-the-shelf software that can remotely infect a suspect’s computer or smartphone, accessing files and recording calls, chats, emails and more. A hacker attacked the Milan-based firm earlier this month and released hundreds of gigabytes of company information online. Among the emails is a recap of a meeting in June of this year, which gives a 'roadmap' of projects that Hacking Team’s engineers have underway. On the list: Develop a way to infect computers via drone. ...attaching a small network injector to a drone would give the ability to attack Wi-Fi networks from above, or at a greater distance. The system operator wouldn’t have to get physically near the target. Insitu did not respond to The Intercept’s requests for comment.Hacking Team gained notoriety in recent years as human rights and digital security advocates found traces of its spyware on the computers of journalists and political activists from Ethiopia, Morocco and elsewhere."
Hacking Team and Boeing Subsidiary Envisioned Drones Deploying Spyware
The Intercept, 18 July 2015

"Surveillance legislation the government considered 'vital' and rushed through parliament last year has been struck down by the High Court. The Data Retention and Investigatory Powers Act, which compels telecoms providers to retain user data for 12 months and make it available to public bodies, was inconsistent with European law, the court ruled. David Cameron had argued that the legislation was 'vital' for law enforcement and intelligence agencies 'to keep us all safe' from criminals and terrorists. The government rushed the law act through parliament last year after the European Court of Justice struck down an EU directive requiring phone and internet companies to retain communications data on the grounds that it infringed human rights. But in its judgment on Friday, the High Court said the so-called Drip Act should be 'disapplied', although it gave the government until next March to come up with a replacement. The challenge to the contentious legislation was brought by two MPs: Labour’s Tom Watson and the former Tory shadow home secretary David Davis. Mr Davis said: 'This is a massively important ruling. The court has told the government to go away and rewrite the law on the collection of all our phone data, all our email data, who we called and when we called them.' The High Court’s ruling said the authorisation of access to communications data should be governed by an independent body. Under the current system, law enforcement and intelligence agencies themselves are able to authorise access to this data. Mr Davis said the ruling meant that 'nobody’s privacy will be unnecessarily invaded'. The government disagreed with the judgment and said it would seek an appeal. .... Meanwhile, the government announced that a commission would review freedom-of-information laws, prompting campaigners to give warning that ministers were planning to curb the public’s ability to force the disclosure of official documents. The commission will be chaired by Lord Burns, former head civil servant at the Treasury and former chairman of Santander UK bank. Other members include Jack Straw, the former home secretary and regular critic of FoI laws; and Lord Howard, the former Conservative leader who once found himself the target of FoI requests from Labour aimed at uncovering potentially embarrassing revelations. Campaigners say that the make-up of the commission is slanted to ensure its members recommend new limits on what the public is allowed to request from government. Maurice Frankel, of the Campaign for Freedom of Information, said: 'Ministers want certainty that policy discussions will not only take place in secret but be kept secret afterwards. They don’t like the fact that the act requires the case for confidentiality to be weighed against the public interest in disclosure.'"
Judges strike down ‘vital’ data gathering law
Financial Times, 17 July 2015

"Emergency mass surveillance laws rushed through Parliament last year have been ruled unlawful by the High Court. The Data Retention and Investigatory Powers Bill (Dripa), which was pushed through in three days in July 2014, was designed to give GCHQ and other public intelligence authorities the power to gather and retain information on phones calls, text messages and online communications, and force telecommunications companies to retain data for 12 months. It was deemed necessary by the then-coalition government due to existing powers being invalidated by a ruling from the European Union's Court of Justice. In order to maintain effective guards against serious crime and terrorism, the Home Office argued at the time, new emergency powers were required. A group of British legal experts published an open letter protesting the emergency bill, which gave MPs no time to deliberate the complex legislation. But with little time to raise a strong opposition, the bill was passed and later cemented in law. In what will be seen as a big win for privacy activists everywhere, a challenge brought by MPs David Davis and Tom Watson has now been proven legitimate. The High Court ruled today that sections 1 and 2 of Dripa are unlawful because they breach Articles 7 and 8 of the EU Charter of Fundamental Rights. "The court has recognised what was clear to many last year, that the government's hasty and ill-thought through legislation is fatally flawed," said triumphant MP for Haltemprice and Howden, Davis. "They will now have to rewrite the law to require judicial or independent approval before accessing innocent people's data, reflecting the new consensus amongst experts in the Anderson and RUSI reports. This change will improve both privacy and security, as whilst the government gave Parliament one day to consider its law, the court has given almost nine months." The High Court ruled that the law fails to provide the "clear and precise rules" necessary to ensure data is only accessed in the most serious cases to prevent crime, or accessed when conducting criminal prosecutions relating to those serious offences. Dripa also fails to demand a warrant from a court or independent body. In the ruling the High Court concluded: "The need for that approval to be by a judge or official wholly independent of the force or body making the application should not, provided the person responsible is properly trained or experienced, be particularly cumbersome." Just a few days ago, a report by the Royal United Services Institute (RUSI) recommended that intelligence agencies be required to attain judicial sign off -- rather than ministerial -- for interception warrants. It is the second report in the space of two months to come to this conclusion, with the official government reviewer of terrorism legislation, David Anderson QC, calling Dripa "undemocratic and unnecessary" in June. Under the temporary law, around 500,000 requests are granted each year, without judicial oversight, and this is likely to remain the status quo until the emergency bill expires in March 2016 and the government is forced to reassess the legislation. This ruling is likely to carry great weight when it comes to that period of deliberation across Parliament. "Campaigners, MPs across the political spectrum, the government's own reviewer of terrorism legislation are all calling for judicial oversight and clearer safeguards,' said James Welch, legal director for Liberty, which helped bring the case. "The High Court has now added its voice, ruling key provisions of Dripa unlawful. Now is the time for the Home Secretary to commit publicly to surveillance conducted with proper respect for privacy, democracy and the rule of law -- not plough on with more of the same."
UK mass surveillance laws are unlawful, it's official
Wired, 17 July 2015

"Three former spy chiefs have conceded that Britain's police and intelligence agencies may have unwittingly broken the 'antiquated laws' that govern their surveillance activities. A report published today says there is no evidence that police forces, MI5, MI6 AND GCHQ 'knowingly' acted illegally, but expresses concern at the condition of the law governing the state's most intrusive powers. A panel assembled by the Royal United Services Institute (Rusi) is calling for a 'new, comprehensive and clearer legal framework' to govern surveillance, accompanied by stronger oversight of the spy agencies.... The Rusi report is the third in a series of documents analysing the privacy debate after the Edward Snowden leaks, which will shape new surveillance legislation being published by the government in the autumn. It is an attempt to address the debate over privacy versus security by assembling a panel that included former intelligence chiefs - Lord Evans of Weardale, the ex-MI5 head, Sir John Scarlett, the ex-MI6 boss, and Sir David Omand, the former GCHQ director - with Professor Heather Brooke, the freedom of information campaigner, and Baroness Lane-Fox of Soho, the dotcom entrepeneur. There were heated arguments between the panel members before all were prepared to signg off on the report which...... urges greater protection form surveillance for journalists and lawyers, saying that 'those who challenge the state.... need to be confident they are not spied upon, otherwise they cannot do their jobs effectively'."
We may have broken the law, ex-spy chiefs admit
London Times, 14 July 2015, Print Edition, P2

"The filmmaker behind last year’s Oscar-winning documentary starring government leaker Edward Snowden is suing the Obama administration for keeping secret documents about her. Laura Poitras claims to have been needlessly detained by 'Kafkaesque' searches at the U.S. border each and every time she traveled through the country from 2006 to 2012. But government agencies have refused to meaningfully respond to requests under the Freedom of Information Act (FOIA) to release documents about the searches, she claims, which only ended after they were featured in a news article and became the subject of a petition protesting her treatment. 'I’m filing this lawsuit because the government uses the U.S. border to bypass the rule of law,' Poitras said in a statement. 'This simply should not be tolerated in a democracy. 'We have a right to know how this system works and why we are targeted.' Poitras now lives in Berlin, as part of a growing community of technology-focused activists.  Earlier this year, she won the Academy Award for her documentary about Snowden and other government whistleblowers, called 'Citizenfour.' As part of the reporting team to break news of the Snowden document, she also received the Pulitzer Prize last year and has been closely tied to the fate of the former government leaker."
Snowden filmmaker sues US government
The Hill, 13 July 2015

"Magshimim serves as a feeder system for potential recruits to Unit 8200, the Israeli military’s legendary high-tech spy agency, considered by intelligence analysts to be one of the most formidable of its kind in the world. Unit 8200, or shmone matayim as it’s called in Hebrew, is the equivalent of America’s National Security Agency and the largest single military unit in the Israel Defence Forces.....In some ways, 8200 is Israel at its best and worst: a high-tech incubator that trains some of Israel’s smartest young people but effectively excludes minority Arabs — 20 per cent of Israel’s population — because so few do military service, which is compulsory for Jewish Israelis. Unit 8200 also snoops on Palestinians living under Israeli occupation in the West Bank or naval and air blockade in the Gaza Strip, according to a whistle-blowing leak that created a stir last year. In an open letter in September 2014, published by Israel’s Yedioth Ahronoth newspaper and broadcast on Channel 10, a group of 43 serving and former 8200 reservists revealed what they said were coercive spying tactics being used on innocent Palestinians, including the collection of embarrassing sexual, financial or other information. One of the whistle-blowers, in a statement released along with the letter, described his “moment of shock” when watching The Lives of Others, the 2006 film about the Stasi’s pervasive spying in East Germany.... But what does 8200 actually do? Israel, as Netanyahu never tires of saying, lives in a “bad neighbourhood” in the Middle East, surrounded by several countries it classifies as enemy states. This requires world-class hacking and artificial intelligence tools as warfare moves from conventional battlefields — land, sea and air — to include cyber terrain. This new theatre of operations needs both offensive and defensive tools. According to some media reports, which the IDF won’t confirm, the unit was responsible for the Stuxnet computer worm deployed in 2010 against Iran’s computers, including ones at its nuclear facilities. .... According to intelligence analysts, 8200’s remit is similar to that of the NSA or Britain’s Government Communications Headquarters, covering everything from analysis of information in the public domain to use of human operators and special signal intelligence. Its geographical remit is primarily outside Israel but it does include the Palestinian territories. “Unit 8200 is probably the foremost technical intelligence agency in the world and stands on a par with the NSA in everything except scale,” Peter Roberts, senior research fellow at Britain’s Royal United Services Institute, told me. “They are highly focused on what they look at — certainly more focused than the NSA — and they conduct their operations with a degree of tenacity and passion that you don’t experience elsewhere.”... Once intelligence is gathered and organised into a database, an analyst needs to look for a common denominator. This is what big data experts call fusion: the ability to make sense of, for example, an object spotted from different angles by different means — maybe a drone in the air, a camera on the ground, or a listening device in a phone. .... Over time, though, Gilad became troubled by the intrusive methods being used against Palestinians in the West Bank and Gaza. The refuseniks say they were asked to gather information not only on people suspected of plotting to harm Israel but on their family members, neighbours and others who might supply information about them. This included information about medical conditions, financial problems and sexual orientation — a sensitive topic in deeply conservative Palestinian society. One of them said that during his training for 8200, he had been assigned to memorise different Arabic words for “gay”. Another said that soldiers would call one another over to listen when one of their targets was discussing a “funny” medical condition such as haemorrhoids. From the protest, a picture emerged of bright young Israelis, still in their teens and twenties, making decisions that would affect the fate of Palestinians years older. “In a way, this power is intoxicating,” Gilad told me. “You get inside people’s lives and you laugh about their sexual habits or medical problems. And it shows how far it goes. It shows you how power can corrupt.”...Privacy International, a human rights watchdog group, recently reported that two multinational companies with Israeli roots, Verint and Nice Systems, were supplying surveillance technology to repressive Central Asian countries, allowing “unchecked access to citizens’ telephone calls and internet activity on a mass, indiscriminate scale”. "
Unit 8200: Israel’s cyber spy agency
Financial Times, 10 July 2015

"When you pick up the phone, who you’re calling is none of the government’s business. The NSA’s domestic surveillance of phone metadata was the first program to be disclosed based on documents from whistleblower Edward Snowden, and Americans have been furious about it ever since. The courts ruled it illegal, and Congress let the section of the Patriot Act that justified it expire (though the program lives on in a different form as part of the USA Freedom Act). Yet XKEYSCORE, the secret program that converts all the data it can see into searchable events like web pages loaded, files downloaded, forms submitted, emails and attachments sent, porn videos watched, TV shows streamed, and advertisements loaded, demonstrates how Internet traffic can be even more sensitive than phone calls. And unlike the Patriot Act’s phone metadata program, Congress has failed to limit the scope of programs like XKEYSCORE, which is presumably still operating at full speed. Maybe Verizon stopped giving phone metadata to the NSA, but if a Verizon engineer uploads a spreadsheet full of this metadata without proper encryption, the NSA may well get it anyway by spying directly on the cables that the spreadsheet travels over. The outrage over bulk collection of our phone metadata makes sense: Metadata is private. Americans call suicide prevention hotlines, HIV testing services, phone sex services, advocacy groups for gun rights and for abortion rights, and the people they’re having affairs with. We use the phone to schedule job interviews without letting our current employer know, and to manage long-distance relationships. Most of us, at one point or another, have spent long hours on the phone discussing the most intimate details about our lives. There isn’t an American alive today who didn’t grow up with at least some access to a telephone, so Americans understand this well. But Americans don’t understand the Internet yet. Bulk collection of phone metadata is, without a doubt, a violation of your privacy, but bulk surveillance of Internet traffic is orders of magnitude more invasive. People also use the Internet in all the ways they use phones — often inadvertently sharing even more intimate details through online searches. In fact, the phone network itself is starting to go over the Internet, without customers even noticing."
Spying on the Internet is Orders of Magnitude More Invasive Than Phone Metadata
The Intecept, 9 July 2015

"The NSA is gathering and eavesdropping on practically all communications emerging from South America, WikiLeaks founder Julian Assange told Chilean publication El Mostrador Tuesday. 'Ninety-eight percent of Latin American communications are intercepted by the NSA while passing through the United States to the world,' Assange said in an interview with the publication. A large focus of Assange was related to the large swaths of information being collected by American tech companies, specifically Google and Facebook, and their relationship with the U.S. intelligence communities. 'They are physically in the United States and therefore under their legal jurisdiction, with punitive laws used to force them to deliver the information they are collecting,' Assange said. WikiLeaks seems to be in the midst of a major information push regarding Latin America. Over the weekend, Wikileaks released a variety of documents related to NSA spying in Brazil on the Rousseff administration."
NSA Intercepts 98% Of South American Communications: Assange
TechCrunch, 8 July 2015

"Documents released by WikiLeaks appear to show the US spied on close aides of German Chancellor Angela Merkel and other officials for years. The leaks show Merkel's private and professional opinions on a range of issues. The WikiLeaks report, released on Wednesday, suggests NSA spying on German officials went on far longer and more widely than previously thought. The website published a new list of German phone numbers it claims showed the NSA targeted the officials for surveillance. The list of 56 partially redacted phone numbers includes those belonging to staff of the former German Chancellor Gerhard Schröder as well as his predecessor, Helmut Kohl. Also on the list were numbers attributed to former diplomat Geza Andreas von Geyr, who now works for the Ministry of Defense, and Ronald Pofalla, who was the former head of Angela Merkel's chancellery between 2009 and 2013. WikiLeaks also gave a cell phone number it claimed was used by the German leader up until 2013. The website published what it said were three intercepts by the US National Security Agency (NSA) of conversations involving Merkel. These included discussions such as "Chancellor Merkel's plans on how to respond to the international financial crisis and the eurozone bank bailout." An intercept from 2009 details Merkel's criticism that the US Federal Reserve was "taking risks" concerning the previous year's global financial crisis. Also disclosed were Merkel's private opinions on US President Barack Obama's involvement with Iran, from conversations she had with Crown Prince of Abu Dhabi Sheikh Mohammed bin Zayed al-Nahyan. These latest disclosures come barely a week after WikiLeaks posted documents from the 1990s revealing contact details of various officials in Germany's Finance Ministry, as well as staff in the Ministry of Agriculture, European policy advisers and an official working in the European Central Bank. The leaks display a special interest in Merkel's handling of the financial crisis in Greece, and her thoughts on the heads of key financial institutions. The secret-spilling site says both sets of reports illustrate that "the NSA explicitly targeted, for long-term surveillance, 125 phone numbers for top German officials, and did so for political and economic reasons." It claimed the lists were updated for more than a decade after 2002, and a "close study" of it reveals it evolved from a previous list in the 1990s. By publishing these communications, WikiLeaks is threatening the already fragile relationship between Germany and the United States, still struggling to recover from reports two years ago that Chancellor Merkel's own cell phone was tapped. It also led to allegations the German government turned a blind eye to, and even helped, the NSA spy on European businesses and officials. Last week the chancellery called in the US ambassador to Germany to ask for an explanation on the WikiLeaks disclosures."
WikiLeaks says NSA spied on top German politicians 'for decades'
Deutsche Welle, 8 July 2015

"The judge who oversees the use of surveillance powers had to deliver a top secret letter to a senior Whitehall security official by hand because his 'antiquated' encryption equipment was unreliable. In his final report after nine years as chief surveillance commissioner, Sir Christopher Rose complained about long delays in appointing staff, mountains of paperwork and 'outmoded and increasingly unreliable' computers. 'In the 21st century, with the wide availability of so much advanced technology, I find it hugely frustrating that this office continues to operate with 20th century equipment which is inadequate,' he wrote."
Surveillance chief has to send secrets by hand
London Times, 7 July 2015

"In 2013, NSA whistleblower Edward Snowden revealed that the British government had been snooping on citizens on a mass scale. Every email entering and leaving this supposedly modern, democratic and accountable country was being secretly intercepted, all in the interest of "national security" – which is totally justified, of course; people planning terror plots routinely send each other "just spilt some of the liquid explosive on my foot lol" memos from their unencrypted Hotmail accounts. Over a seven-day period last July, things got worse. The Data Retention and Investigatory Powers Act – which demands that communications companies retain their customers' data for up to 12 months – was rushed into being. If a government department makes a request, they are now allowed to access the details of any text, call, email, tweet, Instagram post or Facebook update they like. What this means, of course, is that your inane Twitter ramblings about Philip Schofield's weirdly smooth face have likely been viewed by a bigger audience than your 163 followers. But even worse is the huge amount of money being poured into this process. "The costs of interception are largely met by the government, who pay service providers money to put in place the technology and processes to intercept emails," says David Mulcahy, a spokesperson for civil liberties campaign group Liberty. "We don't know the amount spent by government on this, but a report revealed that, in practice, it pays for 80 percent of the capital cost of new interception capabilities and 100 percent of the ongoing operational costs." The full figures have not been made public, but the costs of the programme have been estimated at around £11.1 billion – a little more than the optimistic £1.8 billion estimate back in 2012. "As far as I am aware, there was no explanation at the time as to how the figure of £1.8 billion was calculated," says Mike Jackson, a business professor at Birmingham City University. "Essentially, this was viewed as the amount internet companies would need to be compensated over 10 years for the additional effort of storing records." The £1.8 billion figure supposedly took into account data retention by communications companies, training investigators, strategic work to cope with new and emerging technologies, and identification of (but not solutions for) the technical and operational challenges of the surveillance programme. However, it failed to consider the cost of inflation, VAT and depreciation, as well as the growing volume of data being transmitted and received in the UK. The government also didn't consult with communications service providers to calculate its figures, prompting companies like Vodafone, Twitter, Microsoft and Facebook to question – and then distance themselves – from the estimate. Lord Marks QC, a Liberal Democrat peer, made his own calculations based on Labour's nixed plans to introduce national ID cards, and estimated an overrun of £9.3 billion, taking the total cost of the bill up to £11.1 billion – or £500 per household – over ten years."
This Is How Much You Could End Up Paying to Fund Britain's Mass Surveillance Programme
Vice, 6 July 2015

"It is rare for the Investigatory Powers Tribunal to find against the Security Services. Despite being set up in 2000 and hearing hundreds of complaints, it upheld one for the first time in February. So it was highly significant when it found against GCHQ again two weeks ago. The tribunal was considering the complaints of a number of civil liberties groups and human rights organisations, including Amnesty International. It found that the communications of two of the claimants, the Egyptian Initiative for  Personal Rights and the Legal Resources Centre in South Africa, had been intercepted by GCHQ and unlawfully retained beyond the permitted period. This was spun by the government as a procedural infraction against two minor organisations - an oversight, rather than anything more malicious - and, as such, there was little coverage or public interest. But the story does not stop there. Late last Wednesday night, the tribunal sent a short email to correct is original judgement. It was not the Egyptian Initiative for Personal Rights that had its communications unlawfully retained. It was Amnesty International. Without this correction, Amnesty would not even have known its communications were being intercepted, let alone unlawfully retained. ... The government always responds to inquiries in this area with the standard line that it does no comment on intelligence matters. I have asked several such questions of the government, and have always received the same response. Indeed, I have submitted a number recently, asking which statute is used to authorise surveillance in instances where the courts have confirmed it occurred. There is a serious problem with the accountability of the security services to parliament if they won't even state under which statute they are authorised to act. How can we hold them to account, or even attempt to do so, if even this basic information is withheld? What possible security justification can be proposed to warrant such evasion? .... How can people expect a fair trial when privileged communications with their lawyers are intercepted by the government? How can journalists hold the government to account when the identities of their confidential sources are stolen from them? And how can organisations such as Liberty and Amnesty expect people to come to them for help if they known the security services are listening..... There are situations where privacy, especially privacy from the government, is vital for the rule of law and functioning of modern society. Our intelligence agencies' mass surveillance programmes indiscriminately trample on this privacy..... If the government insists on extending our agencies' surveillance powers and resurrecting the snooper's charter then first it has questions to answer. The first is what could possibly be the security justification for snooping on respected human rights groups?"
David Davis MP - The one thing our rampant spooks won't find is our trust
Sunday Times, 5 July 2015, Print Edition, P 25

"This last week something little-noticed happened which could have very worrying consequences for the future.   All local authorities, NHS trusts, schools, universities, further education colleges, and prisons had a new statutory duty imposed on themto prevent extremist radicalisation taking place within their ambit.   These new duties will be vastly intrusive.   Local authorities will have to make checks on the use of its public buildings, its internet filters, and on any unregulated settings such as school clubs and groups and tuition centres.   In case there is any backsliding, government inspectors will check to make sure all necessary actions are taken.    And most sinister of all, the target for all this isn’t just extremist behaviour (whatever exactly that means), but ‘non-violent extremism’. This embeds a further level of surveillance of the population than has ever been attempted in the UK in peacetime.   The adverse effects of this mass spying have already been felt under the government’s so-called Prevent programme which led to children being reported for supporting Palestinian rights and opposing the British military presence in Afghanistan. ... The new powers involve banning orders on non-violent individuals and organisations deemed politically unacceptable, physical restriction orders on non-violent individuals deemed ‘harmful’. ... All this exposes the deeply authoritarian streak in this government.   It follows Theresa May’s repeated efforts on every occasion to introduce the mass surveillance snooper’s charter the spook are so keen on ( and already exercising, which is why they’re so anxious to get legal cover to regularise it)."
Tories talk of freedom, but authoritarianism is their hallmark
Michael Meacher Blog, 4 July 2015

"An investigation by the German parliament is raising questions on whether the Obama administration not only spied on journalists in that country, but also interfered in the exercise of the free press under the guise of U.S. national security. On Thursday, Germany's intelligence coordinator, Günter Heiss, testified before a parliamentary investigative committee of the German parliament, the Bundestag, focused on the activities of the U.S. National Security Agency's spying on Germany and whether the German intelligence agency BND had any knowledge of it. That the NSA was spying on German officials is not new, though it continues to upset free press advocates and those with memories of repressive governments both Communist and Nazi. In 2013, the German magazine Der Spiegel, using information gleaned from files stolen and leaked by Edward Snowden, first reported that the NSA was intercepting German Chancellor Angela Merkel's cell phone communications. On Thursday, WikiLeaks released more information, presumably from that surveillance, from a conversation between Merkel and her personal assistant in October 2011, saying the Chancellor "professed to be at a loss" between two courses of action to take in the Greek financial crisis. The WikiLeaks release also suggested that the NSA was spying on German ministers in addition to Merkel. The U.S. ambassador to Germany, John Emerson, was summoned to meet with the Chancellery chief of staff, Peter Altmaier, to discuss the news. Less observed this week was news that the NSA was eavesdropping not only on Merkel, but also in some capacity on Germany's free press, specifically Der Spiegel. CNN has learned that in early summer 2011, the CIA station chief in Berlin (also representing the NSA at the U.S. Embassy) met with Heiss and his assistant Guido Müller. The CIA station chief urged the two men to take action against Heiss' deputy, Hans-Josef Vorbeck, who he said was leaking classified information to journalists."
Obama administration spied on German media as well as its government
CNN, 4 July 2015

"Campaign group Amnesty International has called for an independent inquiry after it was confirmed it was spied on by British surveillance agency GCHQ. It said it was "outrageous" that human rights bodies were being monitored. It came after the Investigatory Powers Tribunal (IPT) informed Amnesty that GCHQ had breached rules by keeping data intercepted from it for too long - although it had been collected legally. The IPT was revising an earlier ruling that had failed to name Amnesty. The tribunal had said in June that GCHQ failed to delete data intercepted from two other rights groups on time. But it confirmed on Thursday that it was mistaken, and that one of the groups was Amnesty. In a letter to the claimants in the case, IPT president Sir Michael Burton said: "The Tribunal wishes to apologise for and correct an error in its Determination of 22 June 2015." The original action was brought by non-governmental organisations (NGOs) including Liberty, Privacy International, American Civil Liberties Union, Amnesty and Bytes For All - who accused the intelligence agencies of intercepting their communications. In most of the cases there was no determination given - implying the bodies were not spied on, or if they were no rules were breached. But the IPT ruled that GCHQ had not followed proper internal procedures in the cases of the Egyptian Initiative for Personal Rights and South Africa-based The Legal Resources Centre. The tribunal has now made it clear that it was Amnesty and not the Egyptian organisation that had been spied on. Amnesty secretary general Salil Shetty said: "It's outrageous that what has been often presented as being the domain of despotic rulers has been done on British soil, by the British government. "How can we be expected to carry out our crucial work around the world if human rights defenders and victims of abuse can now credibly believe their confidential correspondence with us is likely to end up in the hands of governments?  "After 18 months of litigation and all the denials and subterfuge that entailed, we now have confirmation that we were in fact subjected to UK government mass surveillance. "The revelation that the UK government has been spying on Amnesty International highlights the gross inadequacies in the UK's surveillance legislation." He continued: "If they hadn't stored our communications for longer than they were allowed to, we would never even have known. What's worse, this would have been considered perfectly lawful." At the time of the original judgement the government said it welcomed "the IPT's confirmation that any interception by GCHQ in these cases was undertaken lawfully and proportionately"."
Amnesty calls for GCHQ spying inquiry
BBC Online, 2 July 2015

"One of the National Security Agency’s most powerful tools of mass surveillance makes tracking someone’s Internet usage as easy as entering an email address, and provides no built-in technology to prevent abuse. Today, The Intercept is publishing 48 top-secret and other classified documents about XKEYSCORE dated up to 2013, which shed new light on the breadth, depth and functionality of this critical spy system — one of the largest releases yet of documents provided by NSA whistleblower Edward Snowden. The NSA’s XKEYSCORE program, first revealed by The Guardian, sweeps up countless people’s Internet searches, emails, documents, usernames and passwords, and other private communications. XKEYSCORE is fed a constant flow of Internet traffic from fiber optic cables that make up the backbone of the world’s communication network, among other sources, for processing. As of 2008, the surveillance system boasted approximately 150 field sites in the United States, Mexico, Brazil, United Kingdom, Spain, Russia, Nigeria, Somalia, Pakistan, Japan, Australia, as well as many other countries, consisting of over 700 servers. These servers store 'full-take data' at the collection sites — meaning that they captured all of the traffic collected — and, as of 2009, stored content for 3 to 5 days and metadata for 30 to 45 days. NSA documents indicate that tens of billions of records are stored in its database. 'It is a fully distributed processing and query system that runs on machines around the world,' an NSA briefing on XKEYSCORE says. 'At field sites, XKEYSCORE can run on multiple computers that gives it the ability to scale in both processing power and storage.'"
XKEYSCORE: NSA’s Google for the World’s Private Communications
The Intercept, 1 July 2015

"The Foreign Intelligence Surveillance Court ruled late Monday that the National Security Agency may temporarily resume its once-secret program that systematically collects records of Americans’ domestic phone calls in bulk. But the American Civil Liberties Union said Tuesday that it would ask the United States Court of Appeals for the Second Circuit, which had ruled that the surveillance program was illegal, to issue an injunction to halt the program, setting up a potential conflict between the two courts. The program lapsed on June 1, when a law on which it was based, Section 215 of the USA Patriot Act, expired. Congress revived that provision on June 2 with a bill called the USA Freedom Act, which said the provision could not be used for bulk collection after six months. The six-month period was intended to give intelligence agencies time to move to a new system in which the phone records — which include information like phone numbers and the duration of calls but not the contents of conversations — would stay in the hands of phone companies. Under those rules, the agency would still be able to gain access to the records to analyze links between callers and suspected terrorists. But, complicating matters, in May the Court of Appeals for the Second Circuit, in New York, ruled in a lawsuit brought by the A.C.L.U. that Section 215 of the Patriot Act could not legitimately be interpreted as permitting bulk collection at all."
Surveillance Court Rules That N.S.A. Can Resume Bulk Data Collection
New York Times, 30 June 2015

"The U.S. National Security Agency wiretapped the communications of two successive French finance ministers and collected information on French export contracts, trade and budget talks, according to a report by WikiLeaks. The transparency website said the ministers targeted were Francois Baroin and Pierre Moscovici, who between them headed the finance ministry from 2011 to 2014. The allegations, published jointly with newspaper Liberation and online outlet Mediapart, came a week after Wikileaks reported that the NSA had spied on three French presidents from at least 2006 to May 2012, prompting the government to protest to Washington that such behavior between allies was unacceptable. Wikileaks said that in one document dating from 2002 and renewed in 2012, the NSA asked intelligence services from Australia, the United Kingdom, Canada, and New Zealand to collect information on proposed French export contracts worth more than $200 million in sectors including telecoms, electricity, nuclear energy, transport, and health. No specific French companies were named in the Wikileaks documents."
NSA wiretapped two French finance ministers: Wikileaks
Reuters, 29 June 2015

"It's not the cold war any more. It's much more like the 19th century, in the sense that nation states look out for themselves....[During the cold war] we [in the United States] didn't spy on allies, Nato allies ... We're in a situation where we're all [economic] competitors now. We have no need for unity. There is no threat. We've manufactured this threat about Mr Putin, but otherwise there's not a real threat."
Mike Scheuer, former CIA intelligence officer (head of the Bin Laden Unit) and Professor of Security Studies at Georgetown University
BBC Radio 4 Today Progamme (after 7.30 news), 24 June 2015

"I won't make any specific accusations about France, but there are several nations on the continent that use their intelligence services to spy on the granting of contracts internationally to help their own countries' corporations - to help those corporations bribe others in order to give contracts to their own countries' companies. If they would stop bribing then we would stop spying on them."
James Woolsey, former Director of the CIA, following the revelation that America's NSA had been intercepting the phone calls of Frence Presidents
BBC Radio 4 Today Progamme (6.00 am news bulletin), 24 June 2015

"The British and American spy agencies deliberately broke anti-virus software so that they could read the messages of their citizens, according to new leaks. Both the NSA and GCHQ have long been said to have deliberately reversed engineer software so that they could find weaknesses in software and exploit them to read communications. But new documents show that the agencies did so to some of the most popular antivirus software, potentially exposing hundreds of millions of people to dangerous viruses, according to a report from The Intercept. The agencies reverse engineered Kaspersky antivirus software so that they could see how it worked and ensure that it didn’t keep them from looking through computers, according to the report. They also looked through emails that had been sent to the company flagging up viruses and vulnerabilities, the Intercept reported....GCHQ obtained a warrant for the reverse engineering because it might otherwise be considered 'unlawful', according to The Intercept, which saw the details of the request for permission in files leaked by Edward Snowden. The Intercept says that the warrant is 'legally questionable on several grounds'."
GCHQ and NSA broke antivirus software so that they could spy on people, leaks indicate
Independent, 23 June 2015

"British spies build fake websites, impersonate people, and create 'persuasive' YouTube videos to disrupt their targets' activities, according to documents obtained by The Intercept. JTRIG, or the Joint Threat Research Intelligence Group, is part of British spy agency GCHQ, and was first revealed publicly in documents leaked by exiled NSA whistleblower Edward Snowden. A newly published document dating from 2011, which Business Insider has been unable to independently verify, appears to shed more light on the secretive group's activities. In one section, the document lists a number of the tactics that JTRIG staff have employed....These techniques are deployed against a number of law enforcement targets, including suspects believed to be engaged in 'online credit card fraud and child exploitation.' It also co-operates with other domestic British law enforcement agencies, and helps '[provide] evidence for judicial outcomes' and monitoring domestic terrorist groups. The documents also go into detail about psychological research that could be used to help promote JTRIG's goals. 'Theories and research in the field of social psychology may prove particularly useful for informing JTRIG's effects and online HUMINT operations,' one document says, identifying topics including 'conformity,' 'obedience,' and 'psychological profiling' as 'particularly relevant for social influence.' In short: The documents — if accurate — demonstrate how the British spy agency uses sophisticated psychological techniques to try and shape the flow of information online to achieve its strategic goals."
How British spies covertly shape the flow of information online to 'discredit' their targets
Business Insider, 23 June 2015

"The company behind the open-source blogging platform Ghost is moving its paid-for service out of the UK because of government plans to weaken protection for privacy and freedom of expression. Ghost's founder, John O'Nolan, wrote in a blog post: 'we’ve elected to move the default location for all customer data from the UK to DigitalOcean’s [Amsterdam] data centre. The Netherlands is ranked #2 in the world for Freedom of Press, and has a long history of liberal institutions, laws and funds designed to support and defend independent journalism.' O'Nolan was particularly worried by the UK government's plans to scrap the Human Rights Act, which he said enshrines key rights such as 'respect for your private and family life' and 'freedom of expression.' The Netherlands, by contrast, has 'some of the strongest privacy laws in the world, with real precedents of hosting companies successfully rejecting government requests for data without full and legal paperwork,' he writes. This is by no means the first software company to announce that it will be leaving the UK because of the government's plans to attack privacy through permanent bulk surveillance of online activities and weakened crypto."
Software companies are leaving the UK because of government’s surveillance plans
Arstechnica, 23 June 2015

"Privacy campaigners and open source developers are up in arms over the secret installing of Google software which is capable of listening in on conversations held in front of a computer. First spotted by open source developers, the Chromium browser – the open source basis for Google’s Chrome – began remotely installing audio-snooping code that was capable of listening to users. It was designed to support Chrome’s new 'OK, Google' hotword detection – which makes the computer respond when you talk to it – but was installed, and, some users have claimed, it is activated on computers without their permission. 'Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room,' said Rick Falkvinge, the Pirate party founder, in a blog post. 'Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by … an unknown and unverifiable set of conditions.' The feature is installed by default as part of Google’s Chrome browser. But open source advocates are up in arms about it also being installed with the open source variant Chromium, because the listening code is considered to be 'black box', not part of the open source audit process. 'We don’t know and can’t know what this black box does,' said Falkvinge. Google responded to complaints via its developer boards. It said: 'While we do download the hotword module on startup, we do not activate it unless you opt in to hotwording.' However, reports from developers indicate otherwise."
Google eavesdropping tool installed on computers without permission
Guardian, 23 June 2015

"The United States National Security Agency spied on French presidents Jacques Chirac, Nicolas Sarkozy and Francois Hollande, WikiLeaks said in a press statement published on Tuesday, citing top secret intelligence reports and technical documents. The revelations were first reported in French daily Liberation and on news website Mediapart, which said the NSA spied on the presidents during a period of at least 2006 until May 2012, the month Hollande took over from Sarkozy. WikiLeaks said the documents derived from directly targeted NSA surveillance of the communications of Hollande (2012–present), Sarkozy (2007–2012) and Chirac (1995–2007), as well as French cabinet ministers and the French ambassador to the U.S. According to the documents, Sarkozy is said to have considered restarting Israeli-Palestinian peace talks without U.S. involvement and Hollande feared a Greek euro zone exit back in 2012. These latest revelations regarding spying among allied Western countries come after it emerged that the NSA had spied on Germany and Germany's own BND intelligence agency had cooperated with the NSA to spy on officials and companies elsewhere in Europe.... The documents include summaries of conversations between French government officials on the global financial crisis, the future of the European Union, the relationship between Hollande's administration and Merkel's government, French efforts to determine the make-up of the executive staff of the United Nations, and a dispute between the French and U.S. governments over U.S. spying on France. The documents also contained the cell phone numbers of numerous officials in the Elysee presidential palace including the direct cell phone of the president, WikiLeaks said. Last week, WikiLeaks published more than 60,000 diplomatic cables from Saudi Arabia and said on its website it would release half a million more in the coming weeks.... Former NSA employee Edward Snowden created an uproar in Germany after he revealed that Washington had carried out large-scale electronic espionage in Germany and claimed the NSA had bugged Merkel's phone. 'While the German disclosures focused on the isolated fact that senior officials were targeted by U.S. intelligence, WikiLeaks' publication today provides much greater insight into U.S. spying on its allies,' WikiLeaks said. This includes 'the actual content of intelligence products deriving from the intercepts, showing how the U.S. spies on the phone calls of French leaders and ministers for political, economic and diplomatic intelligence'."
NSA spied on French presidents: WikiLeaks
Reuters, 23 June 2015

"GCHQ spied on two human rights organisations, it has emerged, and breached its own internal policies in how it handled the information. The intelligence agency lawfully monitored communications at the Egyptian Initiative for Personal Rights (EIPR) and the Legal Resources Centre (LRC) in South Africa, the Investigatory Powers Tribunal found. But it ruled that the data on the EIPR was kept beyond the permitted time and GCHQ breached its own procedures on how to select which communications to monitor in the case of the LRC. The tribunal, which handles complaints against the spy agencies, ruled the breaches were 'technical' ones and did not award damages. It also dismissed claims by other civil liberty groups such as Liberty, Privacy International and Amnesty International as to whether their communications were unlawfully intercepted."
GCHQ spied on two human rights bodies
Telegraph, 22 June 2015

"Privacy International and Liberty failed today to convince the Investigatory Powers Tribunal (IPT) that GCHQ had unlawfully intercepted the communications of, and snooped on, UK-based human rights groups. The IPT, in its third and final judgment relating to the spying activities of Blighty spooks, said in its ruling on Monday that 'no determination' had been made in favour of the UK claimants in the case. However, it found that GCHQ had acted unlawfully with the handling of communications data it had secretly slurped from two foreign civil liberties outfits. In the first instance, Blighty's spies used RIPA to 'lawfully and proportionately' intercept and access the email comms of the Egyptian Initiative for Personal Rights. The IPT added, however, that GCHQ held onto the information 'for materially longer than permitted' under UK law's data retention policies. It ruled that British spies had breached Article 8, under the European Convention on Human Rights. As a result of that decision, GCHQ has been ordered to destroy any of the comms data that it had retained for longer than the retention limit."
GCHQ didn't illegally spy on Brit NGOs, tribunal rules
The Register, 22 June 2015

"When the Russian security firm Kaspersky Lab disclosed recently that it had been hacked, it noted that the attackers, believed to be from Israel, had been in its network since sometime last year. The company also said the attackers seemed intent on studying its antivirus software to find ways to subvert the software on customer machines and avoid detection. Now newly published documents released by Edward Snowden show that the NSA and its British counterpart, GCHQ, were years ahead of Israel and had engaged in a systematic campaign to target not only Kaspersky software but the software of other antivirus and security firms as far back as 2008. The documents, published today by The Intercept, don’t describe actual computer breaches against the security firms, but instead depict a systematic campaign to reverse-engineer their software in order to uncover vulnerabilities that could help the spy agencies subvert it. The British spy agency regarded the Kaspersky software in particular as a hindrance to its hacking operations and sought a way to neutralize it. 'Personal security products such as the Russian anti-virus software Kaspersky continue to pose a challenge to GCHQ’s CNE [Computer Network Exploitation] capability,' reads one of the documents, 'and SRE [software reverse-engineering] is essential in order to be able to exploit such software and to prevent detection of our activities.' An NSA slide describing 'Project CAMBERDADA' lists at least 23 antivirus and security firms that were in that spy agency’s sights. They include the Finnish antivirus firm F-Secure, the Slovakian firm Eset, Avast software from the Czech Republic. and Bit-Defender from Romania. Notably missing from the list are the American anti-virus firms Symantec and McAfee as well as the UK-based firm Sophos."
US and British Spies Targeted Antivirus Companies
Wired, 22 June 2015

"A Sunday Times article stating that British spies had been 'betrayed' to Russian and Chinese intelligence services as a result of Edward Snowden’s mass-surveillance revelations to the press is 'utter nonsense,' claims the whistleblower’s lawyer. Robert Tibbo could not be more straightforward. 'There was no possibility of interception. Zero,' says the Canadian lawyer from Montreal who has represented Edward Snowden in Hong Kong since June of 2013. That was when the former U.S. National Security Agency contractor leaked classified documents on America’s mass surveillance programs to members of the press. Mr. Tibbo’s client came under pressure after British sources revealed last weekend that spies were pulled out of operations because China and Russia have cracked Mr. Snowden’s files. 'He left this place [Hong Kong] with no data on him', Mr. Tibbo claimed in a telephone interview from Hong Kong on Monday. He was one of the only two people, along with solicitor Jonathan Man, who had any knowledge of Mr. Snowden’s whereabouts in the city at the time. In an interview Mr. Tibbo was with Mr. Snowden when the whistleblower left Hong Kong for Russia. 'There was no data in a cloud. He passed the data on to the journalists and that was it. Any actual copy he had with him was destroyed [before he left Hong Kong], precisely to avoid it from being seized or intercepted. I was a witness to all of that. 'The Sunday Times, a British newspaper owned by media mogul Rupert Murdoch, published a story last weekend claiming that Britain was forced to 'pull agents out of live operations in hostile countries' as a result of China and Russia having cracked the 'top secret cache of files stolen' by Edward Snowden. The article cited only anonymous sources identified as coming from Downing Street, the Home Office and security services. But there was no such cache, claims Mr. Tibbo. 'No one has accessed these files from the Chinese or Russian governments. They’ve never even had access to any of it. Any speculation to the effect that Mr. Snowden would or may have provided documents to the Chinese or the Russians is false.' None of the files that he personally saw referred to the identity of U.S. or U.K. field agents, he added."
Snowden’s lawyer slams Times story claiming leaks ‘betrayed’ British spies
Globe and Mail, 16 June 2015

"Britain has pulled out agents from live operations in 'hostile countries' after Russia and China cracked top-secret information contained in files leaked by former U.S. National Security Agency contractor Edward Snowden, the Sunday Times reported....The revelations about the impact of Snowden on intelligence operations comes days after Britain's terrorism law watchdog said the rules governing the security services' abilities to spy on the public needed to be overhauled. Conservative lawmaker and former minister Andrew Mitchell said the timing of the report was 'no accident'."
Britain pulls out spies as Russia, China crack Snowden files - report
Reuters, 14 June 2015

"Who needs the movies when life is full of such spectacular coincidences? On Thursday, David Anderson, the government’s reviewer of terrorism legislation, condemned snooping laws as 'undemocratic, unnecessary and – in the long run – intolerable', and called for a comprehensive new law incorporating judicial warrants – something for which my organisation, Liberty, has campaigned for many years. This thoughtful intervention brought new hope to us and others, for the rebuilding of public trust in surveillance conducted with respect for privacy, democracy and the law. And it was only possible thanks to Edward Snowden. Rumblings from No 10 immediately betrayed they were less than happy with many of Anderson’s recommendations – particularly his call for judicial oversight. And three days later, the empire strikes back! An exclusive story in the Sunday Times saying that MI6 'is believed' to have pulled out spies because Russia and China decoded Snowden’s files. The NSA whistleblower is now a man with 'blood on his hands' according to one anonymous 'senior Home Office official'. Low on facts, high on assertions, this flimsy but impeccably timed story gives us a clear idea of where government spin will go in the coming weeks. It uses scare tactics to steer the debate away from Anderson’s considered recommendations – and starts setting the stage for the home secretary’s new investigatory powers bill. In his report, Anderson clearly states no operational case had yet been made for the snooper’s charter. So it is easy to see why the government isn’t keen on people paying too close attention to it. But then, when it comes to responding to criticism, the approach of the Conservative leadership has been the same for some time: shut down all debate by branding Snowden – or anyone else who dares question the security agencies – as an enemy of the state and an apologist for terror."
Sharmi Chakrabati - Let me be clear – Edward Snowden is a hero
Guardian, 14 June 2015

"We all know we need to protect our PCs from cyber villains and are starting to become aware of threats to our smartphones, but our cars? Come on. With the dawn of connected and autonomous vehicles well and truly upon us, mutterings of potential concerns have quickly followed. According to security specialist Kaspersky Lab, however, the threats are very much real, and already here. As drivers and passengers alike hand over more and more data to their increasingly electronic vehicles, Kaspersky has warned there are a already number of very serious security concerns which surround the automotive industry. 'You don’t need autonomous cars to be hacked,' Alexander Moiseev, Kaspersky’s Managing Director of Europe explained speaking with TrustedReviews. 'The car is built on the premise that the internal combustion engine is not accessible, which is not true. The threat to cars is already an issue.' Looking to the reality of car concerns, he added: 'There have been a few security breaches in the car recently. The problem is that IT security was never involved into the design of the cars themselves. 'It’s like living in a house with no roof and being worried about security. You can put bars on the windows, but that won’t help.' Looking at areas of the car already open to attack, Moiseev highlighted two seemingly innocuous features found on many modern motors – parking assist and in-car microphones. 'You have park assist, you press a button and it parks your car. It’s the ultimate proof of concept,' he explained. 'It is a piece of software that resides on the head unit, which is connected to different components. It can steer the wheel for you, it can use the breaks, it can use the throttle, it can lock the doors, and it can use the sensors. 'I don’t need anything else to drive the car, and this is a piece of software. 'Is the head unit accessible? Yes, it is. This is accessible, people could change this software.' Discussing the car’s integrated mics, he added: 'Imagine a mega VIP who visits rooms which are completely secured. He has tonnes of bodyguards, he is totally protected and everyone is interested in the data he knows, but then suddenly you can gain access to the microphone in his car. 'The real problem right now is that nobody can tell you for sure that those threats are not active.'"
Your car is a cyber security risk, Kaspersky warns
TrustedReviews, 12 June 2015

"As if being ankle deep in muddy field, surrounded by pretend hippies seemingly re-enacting highlights of the Battle of Waterloo was bad enough, attendees of the aptly named Download Festival will be subjected to a new police facial recognition system, and surveillance of their onsite location and expenditure via the debut of RFID wristbands. The debut surveillance technologies are a new facial recognition system being rolled out by Leicestershire Police, and Download's own RFID wristbands, provided by German RFID specialists YouChip. Leicestershire Police have been trialling NEC Corporation's NeoFace facial recognition system since April 2014, though only announced the trial in July of that year, and seem to have been delighted with its results to date. NeoFace has compared facial images, captured by CCTV/IPTV recordings, with facial images stored in Leicestershire's local custody database. NEC, however, advertises its NeoFace suite as able to offer much more in biometrics surveillance, and while the particular system to be used at Download has not been revealed, it may also be part of the company's suite. NeoFace Watch is the mobile surveillance platform from the NeoFace suite, which functions by "integrating face matching technology with video surveillance input, while checking individuals against known photographic watch lists, and producing real-time alerts" according to a product brochure. According to an interview with DC Kevin Walker, published in Police Oracle on Monday, 'Strategically placed cameras will scan faces at the Download Festival site in Donington before comparing [them] with a database of custody images from across Europe.' The Register has been told the database of 'lawfully held European custody photos' is 'a stand-alone database of legally held custody photographs drawn together with partners in Europol'. In response to a freedom of information request we filed to Leicestershire Police in April asking whether NeoFace had, or could, utilise information received from outside of its custody database — making specific reference to SIS II — we were told: 'NeoFace has been intentionally limited in scope to ensure that it only uses images held on our custody database. It is a stand-alone system that does not link with other national databases such as the PNC.' This is true, The Register understands, as the real-time facial recognition system is being considered as a 'totally different project' from the existing facial recognition system that the coppers are using. We have also learned that the Police Oracle's publication of the interview has caused significant upset for management at Leicestershire Police, who did not want any advance publicity of their "new" surveillance project. In addition to police surveillance, Download Festival will be "the first major UK festival to use RFID technology for full cashless payment and access control". Download's 'customers' will be issued with an RFID festival wristband on arrival which will determine what areas of Donington Park they have access to, and will also function as an electronic payment system, linked to specifically set-up customer accounts through which 'customers' will have to pay for food, drinks and merchandise. 'Every single person on site, including staff, children, RIP and VIP customers will need a dog tag to get around the festival,' according to the FAQ section of the site. 'The only way to get around the festival and pay for stuff is to use this system. It’s not possible to opt out of this.' Download's privacy policy acknowledges that it will collect your information through the use of the cashless payment wristbands and will, typically, share that information with other companies, who will collaborate to establish your interests, purchases and household type to aid in profiling you for advertising purposes. The FAQ also asks whether your 'movement[s] can be tracked with RFID technology?' 'No, it can't' cometh the answer: 'Your dog tag will not be equipped with GPS technology and therefore it will be impossible to track your movements.' This is quite a cynical response which relies upon a very specific definition of what constitutes the tracking of movements. While correctly distinguished from a positioning system, RFID 'control access' functions allow a database operator to locate the wrist-bound devices by logging its passage into each access-controlled area. Another statement in the FAQs says: 'All payments on the website are encrypted and use 3D secure technology. Each RFID chip is encrypted and unique to you'. This does not mean that the RFIDs themselves use encryption. The Register understands that this is possible, but will not be commercially available until 2015 Q3. Talking to The Register, Raj Samani, chief technology officer at Intel Security, said: 'There is a risk that RFID tags could be used for the profiling and/or tracking of individuals because identifiers could be used to re-identify a particular individual. It is important for consumers to be made aware of the policy, and give their consent for the tags to be made operational. Without appropriate consent retailers who pass RFID tags to customers without automatically deactivating or removing them may enable this risk of RFID tags being used for tracking individuals.'"
Cops turn Download Festival into an ORWELLIAN SPY PARADISE
The Register, 11 June 2015

"Fake mobile towers that scoop up data from passing phones are routinely being used in London, an investigation by Sky News suggests. Working with German security company GMSK Cryptophone, it claims to have uncovered direct evidence, the first in the UK, of at least 20 instances of the use of these cell site simulators. These portable Stingray boxes could be used to track police suspects. The Metropolitan Police Service refused to confirm or deny it was using them. All the data captured by the investigation has been put in a Google document. By mimicking a legitimate mobile tower and tricking every phone in range into connecting to them, the boxes 'catch' the international mobile subscriber number (IMSI) and electronic serial number (ESN) of each and reveal the exact location of its user. Met Commissioner Bernard Hogan-Howe told Sky News: 'We're not going to talk about it, because the only people who benefit are the other side, and I see no reason in giving away that sort of thing.' Privacy International (PI), which has been campaigning for more transparency about the use of surveillance equipment, described the Met's stance as 'laughable'. Advocacy officer Matthew Rice said: 'We can't be sure that all these are used by law enforcement agencies. They can be used by criminals, and are easily bought from the internet for about £1,000. " The police need to explain what they are doing to protect the public from criminals using such equipment as well as explaining how they use it. Even when used by police, IMSI catchers are very difficult to use in a targeted manner, meaning when used in urban areas thousands of people's mobile phones would be swept up in that dragnet...'"
Mass snooping fake mobile towers 'uncovered in UK'
BBC News, 10 June 2015

"In an effort to put an end to the bulk data collection of phone records and other large datasets from millions of people, campaign group Privacy International has filed a complaint with a U.K. court. The complaint was filed with the U.K. Investigatory Powers Tribunal, which deals with claims against U.K. intelligence agencies, including the country’s Government Communications Headquarters (GCHQ). It is meant to put an end to bulk data collection that was already banned in the U.S. Last Tuesday, the U.S. Senate passed the USA Freedom Actwhich put a stop to the old U.S. National Security Agency’s (NSA) bulk collection of domestic telephone records, restoring a limited telephone records program. The U.S. is so much further ahead on the issue than the U.K., the campaign group said, adding that the bulk collection of data of millions of people who have no ties to terrorism and are not suspected of any crime is plainly wrong. In the U.K., intelligence agencies also collect bulk personal datasets, a report by the U.K. Parliament’s Intelligence and Security Committee showed in March. The Committee considered the bulk collection of data to be relevant to national security investigations."
UK spies sued over phone data collection scheme already banned in US
CIO, 8 June 2015

"If you’re one of those people that gets a bit vocal about politics, you’ll be interested to know that your Facebook, Twitter and personal blog are about to begin being monitored for references to the Government. Ministers announced yesterday that the Government had awarded a contract to five companies who will monitor what people tweet, post to Facebook or blog about the Government and provide updates to Whitehall in real time."
Your Facebook, Twitter and blog are about to be monitored for references to the Government
Metro, 5 June 2015

"Two years ago today, three journalists and I worked nervously in a Hong Kong hotel room, waiting to see how the world would react to the revelation that the National Security Agency had been making records of nearly every phone call in the United States. In the days that followed, those journalists and others published documents revealing that democratic governments had been monitoring the private activities of ordinary citizens who had done nothing wrong. Within days, the United States government responded by bringing charges against me under World War I-era espionage laws. The journalists were advised by lawyers that they risked arrest or subpoena if they returned to the United States. Politicians raced to condemn our efforts as un-American, even treasonous. Privately, there were moments when I worried that we might have put our privileged lives at risk for nothing — that the public would react with indifference, or practiced cynicism, to the revelations. Never have I been so grateful to have been so wrong. Two years on, the difference is profound. In a single month, the N.S.A.’s invasive call-tracking program was declared unlawful by the courts and disowned by Congress. After a White House-appointed oversight board investigation found that this program had not stopped a single terrorist attack, even the president who once defended its propriety and criticized its disclosure has now ordered it terminated. This is the power of an informed public. Ending the mass surveillance of private phone calls under the Patriot Act is a historic victory for the rights of every citizen, but it is only the latest product of a change in global awareness. Since 2013, institutions across Europe have ruled similar laws and operations illegal and imposed new restrictions on future activities. The United Nations declared mass surveillance an unambiguous violation of human rights. In Latin America, the efforts of citizens in Brazil led to the Marco Civil, an Internet Bill of Rights. Recognizing the critical role of informed citizens in correcting the excesses of government, the Council of Europe called for new laws to protect whistle-blowers. Beyond the frontiers of law, progress has come even more quickly. Technologists have worked tirelessly to re-engineer the security of the devices that surround us, along with the language of the Internet itself. Secret flaws in critical infrastructure that had been exploited by governments to facilitate mass surveillance have been detected and corrected. Basic technical safeguards such as encryption — once considered esoteric and unnecessary — are now enabled by default in the products of pioneering companies like Apple, ensuring that even if your phone is stolen, your private life remains private. Such structural technological changes can ensure access to basic privacies beyond borders, insulating ordinary citizens from the arbitrary passage of anti-privacy laws, such as those now descending upon Russia. Though we have come a long way, the right to privacy — the foundation of the freedoms enshrined in the United States Bill of Rights — remains under threat. Some of the world’s most popular online services have been enlisted as partners in the N.S.A.’s mass surveillance programs, and technology companies are being pressured by governments around the world to work against their customers rather than for them. Billions of cellphone location records are still being intercepted without regard for the guilt or innocence of those affected. We have learned that our government intentionally weakens the fundamental security of the Internet with 'back doors' that transform private lives into open books. Metadata revealing the personal associations and interests of ordinary Internet users is still being intercepted and monitored on a scale unprecedented in history: As you read this online, the United States government makes a note.... At the turning of the millennium, few imagined that citizens of developed democracies would soon be required to defend the concept of an open society against their own leaders. Yet the balance of power is beginning to shift. We are witnessing the emergence of a post-terror generation, one that rejects a worldview defined by a singular tragedy. For the first time since the attacks of Sept. 11, 2001, we see the outline of a politics that turns away from reaction and fear in favor of resilience and reason. With each court victory, with every change in the law, we demonstrate facts are more convincing than fear. As a society, we rediscover that the value of a right is not in what it hides, but in what it protects."
Edward Snowden - Edward Snowden: The World Says No to Surveillance
New York Times, 4 June 2015

"Two MPs – the Conservative David Davis and Labour’s Tom Watson – have joined forces for a combined challenge against emergency surveillance legislation introduced by the coalition last year. Their high court claim aims to overturn powers created by the Data Retention and Investigatory Powers Act 2014 (Dripa) which was rushed through parliament last July. Dinah Rose QC, appearing for both MPs at London’s high court, said: 'The claimants I represent are both distinguished members of parliament who are not very often to be seen sitting next to each other on the same front bench.'  Both MPs, she said, had a particular need to protect the confidentiality of their contacts with constituents and other members of the public – including whistleblowers – who might approach them with sensitive information. Both appreciated the importance of communications data in relation to the fight against crime and terrorism. However, Rose continued: 'Their concern is that this legislation doesn’t contain the necessary minimum safeguards to protect against the risk of arbitrary, disproportionate or abusive retention and use of personal data, and for that reason it breaches the fundamental right to privacy.' Dripa contains the same flaws as those identified in an EU directive on data retention that was overturned by the European court of justice (ECJ) last year in the case of Digital Rights Ireland, she told Lord Justice Bean and Mr Justice Collins. During Rose’s submission, Collins said that there were plenty of examples of speedy legislation that had 'frequently led to disastrous results'. In the legal challenge, which is backed by the human rights organisation Liberty, the MPs argue that the legislation is incompatible with Article 8 of the European convention on human rights, the right to respect for private and family life, and Articles 7 and 8 of the EU charter of fundamental rights, respect for private and family life and protection of personal data. The MPs complain that use of communications data is not limited to cases involving serious crime, that individual notices of data retention are kept secret and that no provision is made for those under obligation of professional secrecy, in particular lawyers and journalists. Nor, they argue, are there adequate safeguards against communications data leaving the European Union. The prime minister, David Cameron, and the then deputy prime minister, Nick Clegg, said last year that the acceleration of Dripa through parliament was necessary because of an emergency created by a ruling in April last year by the ECJ, which they said would have the effect of denying police and security services access to vital data about phone and email communications. They insisted the act would simply maintain existing powers, which required communications companies to retain data for 12 months for possible investigation, but did not allow police or security agencies to access the content of calls or emails without a warrant.  According to the Interception of Communications Commissioner’s Office, the court was told, there were 517,236 notices and authorisations for communications data issued by public authorities last year plus a further 55,346 urgent oral authorisations. Each authorisation may cover numerous individuals. Emma Norton, legal officer for Liberty, said in a statement: 'The executive dominance of parliament in rushing through this legislation – using a wholly fabricated ‘emergency’ – made a mockery of parliamentary sovereignty and the rule of law, and showed a staggering disregard for the entire population’s right to privacy. 'It is thanks to the Human Rights Act that we are able to challenge the government’s actions – the same government which now seeks to axe that very piece of legislation and, by doing so, curb the British people’s ability to do so in future.'"
MPs David Davis and Tom Watson in court challenge over surveillance act
Guardian, 4 June 2015

"Apple chief executive Tim Cook has heavily criticised tech companies which attempt to monetise customer data for advertising purposes, saying such a trade comes at 'a very high cost'. While Cook did not explicitly identify the companies, his assertion that some of Silicon Valley's most prominent and successful companies 'have built their businesses by lulling their customers into complacency about their personal information' can be read as referring to Facebook and Google, who use targeted advertising and store vast amounts of user data. Speaking by video link during EPIC’s Champions of Freedom event in Washington upon being honoured by the research centre for corporate leadership, Cook said he and his team at Apple firmly believed customers should not have to compromise between privacy and security. 'We can, and we must provide both in equal measure,' he said. 'We believe that people have a fundamental right to privacy. The American people demand it, the constitution demands it, morality demands it.' 'I’m speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. They’re gobbling up everything they can learn about you and trying to monetise it. We think that’s wrong. And it’s not the kind of company that Apple wants to be.' Google launched its new Google Photos product at its annual I/O developers conference last week, which offers customers unlimited photo storage for free. The app organises images by person, subject, place or date, using advanced facial and landmark recognition technology.  'We don’t think you should ever have to trade it for a service you think is free but actually comes at a very high cost,' Cook continued. 'This is especially true now that we’re storing data about our health, our finances and our homes on our devices. We believe the customer should be in control of their own information. You might like these so-called free services, but we don’t think they’re worth having your email, your search history and now even your family photos data mined and sold off for god knows what advertising purpose. And we think some day, customers will see this for what it is.' "
Tim Cook attacks tech rivals that mine and sell personal data
Telegraph, 3 June 2015

"A top secret report to the British prime minister has recommended that a new international treaty be negotiated to force the cooperation of the big US internet companies in sharing customers’ personal data, the Guardian has learned. Privacy campaigners said the decision to classify the report, written by the former diplomat Sir Nigel Sheinwald, as top secret was designed to bury it and its key recommendation for an international treaty could provide a legal, front-door alternative to the government’s renewed 'snooper’s charter' surveillance proposals. It is believed the former British ambassador to Washington concluded that such a treaty could overcome US laws that prevent web giants based there, including Facebook, Google, Twitter, Microsoft and Yahoo, from sharing their customers’ private data with British police and security services. It would also mean not having to revive the powers, which require British phone companies to share data from the US giants passing over their networks, from the 2012 communications data bill that would enforce their compliance. Jim Killock of the Open Rights Group said: 'The Sheinwald report should be published. Any attempt to hide it can only be interpreted as an attempt to close down debate about whether the snooper’s charter is really needed. 'A new international treaty is the right approach to cross-border requests for data by law enforcement agencies. This approach undermines Theresa May’s claim that there is a need for a new snooper’s charter when there is a simple, transparent and workable solution.' But the Cabinet Office defended its decision to keep the report secret. It said Shinewald 'reports on progress to the prime minister but … is not undertaking a public review'. The Guardian understands the report has been classified as top secret by the Cabinet Office because it goes into the detail of each company’s operations. Shinewald was appointed by Cameron in September 2014 as his special envoy on intelligence and law enforcement data sharing."
Secret report urges treaty forcing US web firms' cooperation in data sharing
Guardian, 2 June 2015

"David Cameron could have been spied on by the US because they have already collected his phone records, Edward Snowden claimed. The former CIA contractor said the US National Security Agency had stored everyone's communication records under its mass surveillance programmes and the Prime Minister’s would be among them. He said spy chiefs in America could therefore look at such records anytime their wished. It would include the 'who, when and where' details such as the time, date of Mr Cameron’s calls and who he phoned. Mr Snowden’s was speaking via a live link from Russia to an audience in London two years after he exposed the tactics of the NSA and GCHQ after stealing tens of thousands of sensitive files and going on the run.... Asked if the US had spied on Mr Cameron, Mr Snowden referred to a request by American Congressman Bernie Sanders last year to the Director of the NSA as to whether it spied on him and his colleagues.  He said: 'The Director wrote a very wordy reply that basically boiled down to ‘yes, of course, because we are intercepting everyone’s’.' 'So, yes, David Cameron’s is in the database alongside everyone else and if the NSA director decides he wants to look at it he can.' He said his leaks had been 'worth it' but repeated again that 21 countries had turned him down for asylum. He said the UK Government was trying to reform surveillance laws in a very negative way, adding: 'Rather than preserving civil liberties, they are trying to limit it'. Surveillance methods being used around the world gave government a window into 'anybody's life at any given time'. He asked: 'Do we really want the Government watching everybody all the time?'"
Edward Snowden: 'David Cameron could have been spied on by the US'
Telegraph, 2 June 2015

"The first revelation from the Snowden documents, less than two years ago, exposed systematic storage and analysis of all Americans’ telephone records by the National Security Agency and the FBI. As of midnight last night, that programme – launched in secrecy soon after 9/11 by the then vice-president, Dick Cheney – is over. Congress refused to sanction the continuation of domestic mass surveillance in the guise of collecting 'business records'. The clear mood was that substantial restrictions on NSA surveillance had become inevitable. Outside the US, some proponents of surveillance have travelled in the opposite direction. France passed an intrusive new internet surveillance law less than a month ago. Australia has done the same. Emboldened by the election victory and no longer restrained by principled Lib Dem concerns, Theresa May now pledges to force her souped-up investigatory powers bill on the UK. I was asked to start the conference discussions, sitting beside GCHQ’s new director, Robert Hannigan But despite the machismo of political discourse, and what intelligence chiefs have publicly professed about 'capability gaps', it appears that in private many lessons from Snowden have been understood. Two weeks ago at Ditchley Park, a thinktank and conference centre near Oxford, a remarkable follow-up to the revelations took place when Sir John Scarlett, the former chief of SIS – the Secret Intelligence Service, or MI6 – presided as 40-plus participants from around the world spent three days intensively reviewing changed approaches to intelligence, security and privacy.  I was asked to start the conference discussions, sitting beside GCHQ’s new director, Robert Hannigan. In attendance was a veritable band of Big Brothers – current and former CIA, GCHQ and SIS chiefs, current and former European spy bosses, counter-terrorism commanders. From the private sector, there were Google, Apple and Vodafone policy staff, alongside European legal experts. Although Hannigan attended only the first discussion, another senior GCHQ director stayed to the second day. Discussions followed the Chatham House rule, freeing officials to offer personal opinions, with other participants undertaking not to say who said what. Following Hannigan, I emphasised transparency, accountability, disclosure (including post hoc disclosure to surveillance subjects), and legal sanctions for breaches as means to deal properly with competing human rights. No one present argued against calls for greater openness. That’s a first: coming 40 years after a time when it was in effect a crime in Britain even to mention the existence of GCHQ, and programmes on the subject were banned. Nor was trust a given. 'There must be oversight – do not assume agencies will follow the rules,' one discussion concluded. Perhaps to many participants’ surprise, there was general agreement across broad divides of opinion that Snowden – love him or hate him – had changed the landscape; and that change towards transparency, or at least 'translucency', and providing more information about intelligence activities affecting privacy, was both overdue and necessary. 'We should have seen it coming in the first place, and put more information in the public domain first,' was another observation. I did not hear the phrase 'capability gap' mentioned. That sort of rhetoric seemed to be reserved for the political arena. Away from the populist headlines, I heard some unexpected comments from senior intelligence voices, including that 'cold winds of transparency' were here to stay. An event like this would have been inconceivable without Snowden. One of the stipulations made by the intelligence officials and regulators alike was that there should be 'no secret laws' unavailable to the public. Sir David Omand, the former GCHQ director and Home Office permanent secretary, has written that 'investigative activity should be regulated by ‘black letter law’'. Another suggestion made by Omand (who attended the Ditchley conference) that 'not everything that technically can be done should be done' was not disputed at the event. Other points of agreement were that agencies needed strong external controls, including supervision of internal ethical controls. Oversight should not govern just what was collected, but needed to expand to include the 'combination of data' (such as massive metadata analysis), 'information sharing', and the 'use of intelligence collected'. Internet companies should not have to face 'ad hoc approaches and conflicts of law'. Agencies were asked to use the front door in making requests for law enforcement data, and not (as hitherto) steal it from internal networks by hacking or by intercepting data flows. A different senior speaker reflected that Snowden’s actions were an inevitable, and perhaps necessary, counterbalance to excesses of intelligence collection after 9/11, while also considering his disclosures 'hugely damaging'."
Duncan Campbell - Spooks admit it in private: Snowden has made them rethink their methods
Guardian (Comment Is Free), 2 June 2015

"Police forces are asking permission to snoop into Britons' phone records, text messages and emails every two minutes. The astonishing extent to which officers are spying on people's mobiles and computers using the Regulation of Investigatory Powers Act (Ripa) is laid bare today in a new report. Under the legislation, supposedly brought in to fight terrorism, police can access a range of communications data, including records of who someone called or texted, or any web searches they carried out, as long as they do not access the content. But the report by the civil liberties group Big Brother Watch has found a significant increase in intrusive surveillance. Between 2012 and 2014, police forces requested access to communications data stored by mobile phone operators and internet firms 733,237 times – the equivalent of 28 requests an hour, or one every 128 seconds. Some 96 per cent of requests were approved – mostly by a senior officer in the same force. It means that typically, just one in every 25 requests for data is rejected. The report also highlighted huge disparities between how much different forces tap into personal information. The Metropolitan Police made the most requests for phone and computer records over the three-year period – 177,287 – and had 18 per cent refused. West Midlands Police came second with 99,444, but had only 1.3 per cent turned down. Requests soared by 12 per cent from 219,487 in 2012 to 246,329 last year. Critics say this undermines Home Office claims that police access to communications data is falling. Big Brother Watch wants all Ripa requests to be approved by a judge, rather than a senior officer in the force carrying out the checks. It said the findings were worrying at a time when the police and security services are to be given the right to spy on encrypted websites and social media such as WhatsApp."
Police try to spy on calls, texts and emails every TWO minutes as scale of access to data is laid bare
Mail, 1 June 2015

"The legal authority for US spy agencies to bulk collect Americans' phone data has expired, after the Senate failed to reach a deal. Republican presidential hopeful Rand Paul blocked a Patriot Act extension and it lapsed at midnight (04:00 GMT). However, the Senate did vote to advance the White House-backed Freedom Act so a new form of data collection is likely to be approved in the coming days. The Freedom Act imposes more controls, after revelations by Edward Snowden. The former National Security Agency (NSA) contractor first exposed the extent of the data collection in 2013. The White House described the expiry of the deadline as an 'irresponsible lapse' by the Senate.... The failure to reach a deal means that security services have temporarily lost the right to bulk collect Americans' phone records, to monitor 'lone wolf' terror suspects and to carry out 'roving wiretaps' of suspects. The government can still continue to collect information related to any foreign intelligence investigations. Analysts also said there could be workarounds to allow continued data collection in some cases. Authorities could try to argue that older legal provisions - so-called grandfather clauses - still apply. A Senate vote on the Freedom Act can come no earlier than 01:00 local time on Tuesday. The NSA, which runs the majority of surveillance programmes, stopped collecting the affected data at 19:59 GMT on Sunday. The failure to reach any agreement in the rare Sunday sitting of the Senate was the result of the actions of Rand Paul. A libertarian, Mr Paul led a filibuster - using extended debates to delay or block the passing of legislation - to stop the quick passage of the Freedom Act, arguing that data collection is illegal and unconstitutional. He also blocked an extension of the Patriot Act. On Sunday he said: 'This is what we fought the revolution over, are we going to so blithely give up our freedom?'"
US surveillance powers expire as Senate deal fails
BBC Online, 1 June 2015

"Tim Berners-Lee, the inventor of the world wide web, has urged Britons to fight the government’s plans to extend the country’s surveillance powers, and act as a worldwide leader for promoting good governance on the web. Berners-Lee said Britain had 'lost the moral leadership' on privacy and surveillance, following the revelations of the former National Security Agency contractor, Edward Snowden. Speaking before the Web We Want Festival in London’s Southbank Centre, which starts on Saturday, Berners-Lee expressed concern about the UK government’s decision to reintroduce a beefed-up version of the 'snooper’s charter'. In an unexpected move announced in the Queen’s Speech earlier this week, the government is to introduce an investigatory powers bill far more wide-ranging than expected. The legislation will include not only the expected snooper’s charter, enabling the tracking of everyone’s web and social media use, but also moves to strengthen the security services’ warranted powers for the bulk interception of the content of communications. 'The discussion [in the Queen’s Speech] of increased monitoring powers is something which is a red flag … this discussion is a global one, it’s a big one, it’s something that people are very engaged with, they think it’s very important, and they’re right, because it is very important for democracy, and it’s very important for business. 'So this sort of debate is something that should be allowed to happen around legislation. It’s really important that legislation is left out for a seriously long comment period,' and not simply rushed through into law.... On the 800th anniversary of the signing of Magna Carta, Berners-Lee and the Web We Want festival have convened to produce a Magna Carta for the 21st century. But while the document is intended to inspire change globally, Berners-Lee bemoaned the loss of Britain’s 'moral high ground', following the Edward Snowden revelations in 2013. 'It has lost a lot of that moral high ground, when people saw that GCHQ was doing things that even the Americans weren’t,' Berners-Lee said. 'So now I think, if Britain is going to establish a leadership situation, it’s going to need to say: ‘We have solid rules of privacy, which you as an individual can be assured of, and that you as a company can be assured of.’' That way, he said, 'if you want to start a company in Britain, then you can offer privacy to your users, because you’ll know that our police force won’t be demanding the contents of your discs willy-nilly, they’ll only be doing so under a very well defined and fairly extreme set of circumstances.' He accepts it was an uphill battle to get people in Britain to care, however. 'This is a wild generalisation, but traditionally, people in the US are brought up in kindergarten to learn to distrust the government. That’s what the constitution’s for. Whereas people in the UK are brought up more to trust the government by default, and distrust corporations. People in America tend not to have a natural distrust of large corporations. 'So that seems to be where people are coming from. In the light of that, it’s not so surprising that UK folks tended to feel more comfortable with government surveillance - but they also feel less comfortable with surveillance by corporations.'"
Tim Berners-Lee urges Britain to fight 'snooper's charter'
Guardian, 29 May 2015

"More than 10,000 websites blocked users from computers in Congress on Friday, in a demonstration against any possible re-authorization of NSA surveillance powers. 'This is a blackout,' read the site to which computers from congressional IP addresses were redirected. 'We are blocking your access until you end mass surveillance laws.' 'Right now the code affects only visitors from Congress, we’re willing to keep it up,' said Holmes Wilson, a co-founder of Fight for the Future, the group which wrote the code and is leading the online protest. The redirect site also includes semi-nude, sometimes explicit photos submitted by people, under the heading: 'NSA spying makes me feel naked.' 'We’ll keep blocking sites until either the USA Freedom Act is either dramatically improved or dead, or until the Patriot Act provisions have sunset,' Wilson said, referring to the debate in Congress over whether to let some of the NSA’s full surveillance powers expire on 1 June or to pass a bill, called the USA Freedom Act, that eliminates or changes some of those powers. Wilson said the group does not support the USA Freedom Act in its current incarnation, and wants Section 215 of the Patriot Act, which the NSA and FBI use to collect massive amounts of Americans’ data, to expire. 'The NSA considers the USA Freedom Act completely benign and it will not change their operations in the slightest,' Wilson said, adding that passing the reform-minded act would 'throw away' the recent decision by a federal appeals court that bulk collection under Section 215 is illegal. 'USA Freedom would change the way that program is done but would effectively wipe out the court’s determination,' he said. Many privacy and civil liberties activists, including Republican senator Rand Paul, argue that the USA Freedom Act has been 'looted by surveillance hawks', as Wilson put it. The bill represents the first legislative reforms of US surveillance law in more than a decade, but critics say it does not go nearly far enough."
More than 10,000 websites 'blackout' Congress in protest of NSA surveillance laws
Guardian, 29 May 2015

"As member of congress struggle to agree on which surveillance programs to re-authorize before the Patriot Act expires, they might consider the unusual advice of an intelligence analyst at the National Security Agency who warned about the danger of collecting too much data. Imagine, the analyst wrote in a leaked document, that you are standing in a shopping aisle trying to decide between jam, jelly or fruit spread, which size, sugar-free or not, generic or Smucker’s. It can be paralyzing.'We in the agency are at risk of a similar, collective paralysis in the face of a dizzying array of choices every single day,' the analyst wrote in 2011. '’Analysis paralysis’ isn’t only a cute rhyme. It’s the term for what happens when you spend so much time analyzing a situation that you ultimately stymie any outcome …. It’s what happens in SIGINT [signals intelligence] when we have access to endless possibilities, but we struggle to prioritize, narrow, and exploit the best ones.' The document is one of about a dozen in which NSA intelligence experts express concerns usually heard from the agency’s critics: that the U.S. government’s 'collect it all' strategy can undermine the effort to fight terrorism. The documents, provided to The Intercept by NSA whistleblower Edward Snowden, appear to contradict years of statements from senior officials who have claimed that pervasive surveillance of global communications helps the government identify terrorists before they strike or quickly find them after an attack."
Inside NSA, Officials Privately Criticize 'Collect It All' Surveillance
The Intercept, 28 May 2015

"Security officials are to be given sweeping surveillance powers, including the right to spy on social media and encrypted websites. Ministers say the extra weapons for MI5, MI6, GCHQ and the police will help repair the damage caused by US traitor Edward Snowden. The proposals, which will also force technology firms to record every internet visit, text message and phone call for up to 12 months, are far broader than expected. Dubbed a ‘turbo-charged snoopers’ charter’, the measures will enrage privacy campaigners, who defeated a far weaker scheme. Some backbench Tory MPs could revolt. Central to the debate will be official access to encrypted apps and other internet services that allow users to swap messages on social media in secret.... Lib Dem Nick Clegg said his party’s determination to fight the proposals was ‘clearer than ever’. He dubbed them a ‘turbo-charged snoopers’ charter’. Nicholas Lansman, of the Internet Services Providers’ Association, said the Government must ‘properly balance security, privacy, costs to industry, technical feasibility and the need to maintain the UK’s reputation as a leading place to do business online’. Jim Killock, of the Open Rights Group, said: ‘We should expect attacks on encryption, which protects all our security.’"
Snoopers' charter to halt online extremists: Security services to be given sweeping new powers to spy on social media and website visits
Mail, 27 May 2015

"The ability to track subway riders represents a significant cybersecurity threat to the tens of millions of people who use public transportation every day. There are more than 5.5 million daily New York City subway passengers, and over half of those people are carrying smartphones, thus exposing themselves to tracking. 'If an attacker can trace a smartphone user for a few days, he may be able to infer the user’s daily schedule and living/working areas and thus seriously threaten her physical safety,' wrote Jingyu Hua, Zhenyu Shen, and Sheng Zhong of Nanjing University, one of China’s oldest universities. 'Another interesting example is that if the attacker finds Alice and Bob often visit the same stations at similar non-working times, he may infer that Bob is dating Alice." Smartphones have long been considered God’s gift to spies. They offer myriad tracking tools, from the browser to the GPS sensor, and they stay with their owners almost all day, every day. The new research, which has not yet been peer reviewed, shows hackers can track people without either cell service or GPS, both of which are heavily protected from attackers and often don't work underground anyway. By contrast, motion sensors, like the accelerometer that enables screen rotation, are much more vulnerable and can give everything away. Every subway in the world has a unique fingerprint, the researchers said, and every time a train runs between two stations, that fingerprint can be read in the accelerometer, potentially giving attackers access to crucial information. 'The cause is that metro trains run on tracks, making their motion patterns distinguishable from cars or buses running on ordinary roads,' the researchers wrote. 'Moreover, due to the fact that there are no two pairs of neighboring stations whose connecting tracks are exactly the same in the real world, the motion patterns of the train within different intervals are distinguishable as well.' To make this attack a reality, the researchers propose a new attack that learns each subway’s fingerprint and then installs malware on a target’s phone that steals accelerometer readings. The trio of researchers performed experiments in China by tracking volunteers carrying smartphones through subways in Nanjing. Tracking accuracy reached 70 to 92 percent. The attack is "more effective and powerful than using GPS or cellular network to trace metro passengers," the researchers assert. Accelerometers simply aren't protected the way GPS and cell networks are. An accelerometer can be accessed, run, and read without the user knowing, whereas smartphones display indicators when either GPS or cell service is being used. There are several defenses against this hack, the most interesting one being power-consumption scrutiny. To track someone using this method, a hacker would have to continuously access the phone's accelerometer, draining significant power no matter how well the malware was concealed. If you monitor your phone's power consumption, you should notice when an app is using too much of the battery—possibly for nefarious reasons."
New research suggests that hackers can track subway riders through their phones
The Daily Dot, 25 May 2015

"Keith Harding, former membership secretary of the Paedophile Information Exchange (Pie) was made Worshipful Master of the Mercurius Lodge in Cheltenham, Gloucestershire, in 2011. The child molester, who died last summer, presided over ceremonies and rituals from an ornate throne. Harding was convicted of an indecent assault against four children aged eight and nine in 1958 and classified a Schedule-1 offender, which meant the offence remained on his criminal record all his life. His name was also on a list of about 400 Pie members seized by police in 1984, the year the organisation disbanded. The Sunday Express revealed earlier this month how Harding met MPs Cyril Smith and Leon Brittan in the 1980s when he ran a north London antiques store. Thirty-five years ago he appeared alongside paedophile television presenter Jimmy Savile in a Christmas special of Jim’ll Fix It. The lodge boasts of its Government Communications Headquarters heritage on its website. A source close to Harding revealed: 'The Mercurius Lodge is known as the Spies Lodge because it was set up by GCHQ and over the years many intelligence officers have become members. 'These are people trained to find out sensitive information and yet none of them had any idea of Keith’s background and past convictions. 'They even voted him the highest honour by making him Worshipful Master. 'Keith felt the Freemasons were somewhere he finally belonged, he called them his 'brotherhood'. 'When he died last year, they arranged his funeral and made sure the ceremony started at midday because the time apparently has significance within Masonic ritual.' Spies displaced from London and Bletchley Park in Buckinghamshire, where the German wartime Enigma code was cracked, set up the Mercurius Lodge in 1957."
Paedophile Mason ran lodge set up for GCHQ
Express, 23 May 2015

"Canada and its spying partners exploited weaknesses in one of the world's most popular mobile browsers and planned to hack into smartphones via links to Google and Samsung app stores, a top secret document obtained by CBC News shows. Electronic intelligence agencies began targeting UC Browser — a massively popular app in China and India with growing use in North America — in late 2011 after discovering it leaked revealing details about its half-billion users. Their goal, in tapping into UC Browser and also looking for larger app store vulnerabilities, was to collect data on suspected terrorists and other intelligence targets — and, in some cases, implant spyware on targeted smartphones. The 2012 document shows that the surveillance agencies exploited the weaknesses in certain mobile apps in pursuit of their national security interests, but it appears they didn't alert the companies or the public to these weaknesses. That potentially put millions of users in danger of their data being accessed by other governments' agencies, hackers or criminals. 'All of this is being done in the name of providing safety and yet … Canadians or people around the world are put at risk,' says the University of Ottawa's Michael Geist, one of Canada's foremost experts on internet law. CBC News analysed the top secret document in collaboration with U.S. news site The Intercept, a website that is devoted in part to reporting on the classified documents leaked by U.S. whistleblower Edward Snowden."
Spy agencies target mobile phones, app stores to implant spyware
CBC, 21 May 2015

"The National Security Agency and its closest allies planned to hijack data links to Google and Samsung app stores to infect smartphones with spyware, a top-secret document reveals. The surveillance project was launched by a joint electronic eavesdropping unit called the Network Tradecraft Advancement Team, which includes spies from each of the countries in the 'Five Eyes' alliance — the United States, Canada, the United Kingdom, New Zealand and Australia. The top-secret document, obtained from NSA whistleblower Edward Snowden, was published Wednesday by CBC News in collaboration with The Intercept. The document outlines a series of tactics that the NSA and its counterparts in the Five Eyes were working on during workshops held in Australia and Canada between November 2011 and February 2012. The main purpose of the workshops was to find new ways to exploit smartphone technology for surveillance. The agencies used the Internet spying system XKEYSCORE to identify smartphone traffic flowing across Internet cables and then to track down smartphone connections to app marketplace servers operated by Samsung and Google. (Google declined to comment for this story. Samsung said it would not be commenting 'at this time.') As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious 'implants' to targeted devices. The implants could then be used to collect data from the phones without their users noticing. Previous disclosures from the Snowden files have shown agencies in the Five Eyes alliance designed spyware for iPhones and Android smartphones, enabling them to infect targeted phones and grab emails, texts, web history, call records, videos, photos and other files stored on them. But methods used by the agencies to get the spyware onto phones in the first place have remained unclear."
NSA Planned to Hijack Google App Store to Hack Smartphones
The Intercept, 21 May 2015

"Senate majority leader Mitch McConnell said on Sunday that legislation concerning the federal government’s powers of surveillance that was passed by the House of Representatives this week could cause the country to 'go dark' when it comes to collecting Americans’ phone records. McConnell said that if such a state of affairs came about, 'we’ll not be able to have yet another tool that we need to combat this terrorist threat from overseas'. The USA Freedom Act, which would end the bulk collection of phone records by the National Security Agency – as revealed in the Guardian in 2013 through the whistleblower Edward Snowden – passed the House this week by a wide margin. It is now headed for the Senate. Earlier this month, such mass phone surveillance was ruled illegal by the US court of appeals. Under the USA Freedom Act, intelligence officials would only be able to search data held by telephone companies on a case-by-case basis. McConnell opposes that, instead seeking an extension of section 215 of the Patriot Act, under which the bulk collection of phone records has taken place, for a few months, while legislators took a closer look at the House plan... If Congress does not act by 1 June, authority to collect the phone records will expire, along with two other intelligence-related provisions."
Proposed surveillance limits could force US to 'go dark', says Mitch McConnell
Guardian, 17 May 2015

"The UK government has quietly passed new legislation that exempts GCHQ, police, and other intelligence officers from prosecution for hacking into computers and mobile phones. While major or controversial legislative changes usually go through normal parliamentary process (i.e. democratic debate) before being passed into law, in this case an amendment to the Computer Misuse Act was snuck in under the radar as secondary legislation. According to Privacy International, "It appears no regulators, commissioners responsible for overseeing the intelligence agencies, the Information Commissioner's Office, industry, NGOs or the public were notified or consulted about the proposed legislative changes... There was no public debate." Privacy International also suggests that the change to the law was in direct response to a complaint that it filed last year. In May 2014, Privacy International and seven communications providers filed a complaint with the UK Investigatory Powers Tribunal (IPT), asserting that GCHQ's hacking activities were unlawful under the Computer Misuse Act. On June 6, just a few weeks after the complaint was filed, the UK government introduced the new legislation via the Serious Crime Bill that would allow GCHQ, intelligence officers, and the police to hack without criminal liability. The bill passed into law on March 3 this year, and became effective on May 3. Privacy International says there was no public debate before the law was enacted, with only a rather one-sided set of stakeholders being consulted (Ministry of Justice, Crown Prosecution Service, Scotland Office, Northern Ireland Office, GCHQ, police, and National Crime Agency)."
UK government quietly rewrites hacking laws to give GCHQ immunity
Arstechnica, 17 May 2015

"The British government quietly changed anti-hacking laws to exempt GCHQ and other law enforcement agencies from criminal prosecution, it has been claimed. Details of the change were revealed at the Investigatory Powers Tribunal which is hearing a challenge to the legality of computer hacking by UK law enforcement and intelligence agencies. The Government amended the Computer Misuse Act (CMA) two months ago. It used a little-noticed addition to the Serious Crime Bill going through parliament to provide protection for the intelligence services. The change was introduced just weeks after the Government faced a legal challenge that GCHQ’s computer hacking to gather intelligence was unlawful under the CMA. The challenge, by the charity Privacy International and seven internet service providers, claims GCHQ’s actions were unlawful and called for the techniques to be stopped. It followed revelations by Edward Snowden, the US intelligence whistle-blower, that US and UK agencies were carrying out mass surveillance operations of internet traffic. He claimed that GCHQ and its US counterpart – the National Security Agency – had the ability to infect potentially millions of computer and mobile handsets with malware which enabled them to gather up immense amounts of digital content, switch on microphones or cameras on user’s computers, listen to phone calls and track their locations.Eric King, the deputy director of Privacy International, said: 'The underhand and undemocratic manner in which the Government is seeking to make lawful GCHQ’s hacking operations is disgraceful. 'Hacking is one of the most intrusive surveillance capabilities available to any intelligence agency, and its use and safeguards surrounding it should be the subject of proper debate. Instead, the Government is continuing to neither confirm nor deny the existence of a capability it is clear they have, while changing the law under the radar.'Government sources insisted the amendment did not change the law as the intelligence agencies had powers under the Intelligence Services Act. Parliamentary guidance notes explaining the amendment described its purpose was to 'remove any ambiguity over the interaction between the lawful exercise of powers … and the offence provisions.'Privacy International insisted that the notes accompanying the changes to the Serious Crime Bill did not explain its full impact, and that no regulators, commissioners, industry or members of the public were consulted before it came into law. The legislation came into effect on 3 May. The charity said it wasn’t the first time the Government has changed the law. In February, a code of practice for GCHQ which gives 'spy agencies sweeping powers to hack targets, including those who are not a threat to national security nor suspected of any crime', was released, a charity spokesman claimed. The Home Office rejected the activists' claims. A spokesperson said: "There have been no changes made to the Computer Misuse Act 1990 by the Serious Crime Act 2015 that increase or expand the ability of the intelligence agencies to carry out lawful cyber crime investigation."
UK government rewrites surveillance law to get away with hacking and allow cyber attacks, campaigners claim
Independent, 15 May 2015

"Marios Savvides, a Carnegie Mellon engineering professor, says he’s invented .... a long-range iris scanner that can identify someone as they glance at their rear-view mirror.... 'There’s no X-marks-the-spot. There’s no place you have to stand. Anywhere between six and 12 meters, it will find you, it will zoom in and capture both irises and full face,' he said. Carnegie Mellon describes a whole host of functions for the scanner beyond just police use. It could replace government IDs at the airport and elsewhere. Like other types of biometrics, it could replace a laptop’s login system. As a sector, biometrics are undoubtedly important. Many security experts believe that passwords—and the security regime that accompanies them—are fundamentally broken. Savvides, for his part, sees biometrics as one more method of human-computer interaction. ... Yet there’s something threatening about long-range iris scanning. Identification to a degree comparable to finger prints, at a distance, is not something our social habits and political institutions are wired for.... It’s just not hard at all to imagine sinister applications of this technology. If Savvides’s invention works as well as he says it does, governments could scan the face of everyone walking on a city block. It could algorithmically identify a disguised political activist walking down a city street, driving a car, or passing through airport security."
Long-Range Iris Scanning Is Here
Atlantic, 13 May 2015

"Last week a federal appeals court said police do not need a warrant to look at cellphone records that reveal everywhere you've been. Two days later, another appeals court said the National Security Agency (NSA) is breaking the law by indiscriminately collecting telephone records that show whom you call, when you call them, and how long you talk.  On the face of it, that's one victory for government snooping and one defeat. But both decisions highlight the precariousness of privacy in an age when we routinely store huge amounts of sensitive information outside our homes. The Fourth Amendment prohibits "unreasonable searches and seizures" of our "persons, houses, papers, and effects." But according to the Supreme Court, the Fourth Amendment does not protect our papers once we entrust them to someone else. In a 1976 case involving bank records, the Court declared that "the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed." Three years later, in a case involving phone records, the Court reiterated that "a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties." This dubious "third-party doctrine," enunciated before the Internet existed and mobile phones became ubiquitous, was crucial to the outcome of a case decided by the U.S. Court of Appeals for the 11th Circuit last week. The court said an armed robber named Quartavius Davis had no constitutional grounds to object when the FBI linked him to several crime scenes with cellphone location data that it obtained without a probable-cause warrant. The court's logic was straightforward: Those records did not belong to Davis; they belonged to MetroPCS, his mobile phone company. So even though they revealed everywhere he went over the course of 67 days, he had no reasonable expectation that the information would remain private. Dissenting Judge Beverly Martin noted that the majority's reasoning invites even bigger intrusions. "Under a plain reading of the majority's rule," she said, "by allowing a third-party company access to our e-mail accounts, the websites we visit, and our search-engine history—all for legitimate business purposes—we give up any privacy interest in that information." That means the government can find out what we watch on YouTube, what we look up on Wikipedia, what we buy on Amazon, and whom we "friend" on Facebook or date via Match.com—"all without a warrant." In fact, Martin noted, "the government could ask 'cloud'-based file-sharing services like Dropbox or Apple's iCloud for all the files we relinquish to their servers.""
Warrantless Snooping Goes Far Beyond the NSA's Phone-Record Dragnet
Reason.com, 13 May 2015

"The debate over the NSA’s bulk collection of phone records has reached a critical point after a federal appeals court last week ruled the practice illegal, dramatically raising the stakes for pending Congressional legislation that would fully or partially reinstate the program. An army of pundits promptly took to television screens, with many of them brushing off concerns about the surveillance. The talking heads have been backstopping the NSA’s mass surveillance more or less continuously since it was revealed. They spoke out to support the agency when NSA contractor Edward Snowden released details of its programs in 2013, and they’ve kept up their advocacy ever since — on television news shows, newspaper op-ed pages, online and at Congressional hearings. But it’s often unclear just how financially cozy these pundits are with the surveillance state they defend, since they’re typically identified with titles that give no clues about their conflicts of interest. Such conflicts have become particularly important, and worth pointing out, now that the debate about NSA surveillance has shifted from simple outrage to politically prominent legislative debates."
Many of the NSA’s Loudest Defenders Have Financial Ties to NSA Contractors
The Intercept, 12 May 2014

"Theresa May, who retains her position as Home Secretary after last week's general election, has indicated that bringing back the 'Snooper's Charter' is a priority for the UK's new Conservative government. According to the Guardian, she told the BBC: 'David Cameron has already said, and I’ve said, that a Conservative government would be giving the security agencies and law enforcement agencies the powers that they need to ensure they’re keeping up to date as people communicate with communications data.' May made clear that it was only because of a veto by the Liberal Democrats in the previous coalition government that the Draft Communications Data Bill (aka the Snooper's Charter) was dropped when it was first presented. She added: 'we are determined to bring that [legislation] through, because we believe that is necessary to maintain the capabilities for our law enforcement agencies such that they can continue to do the excellent job, day in and day out, of keeping us safe and secure.' In its manifesto, the Conservative party wrote: 'we continue to reject any suggestions of sweeping, authoritarian measures that would threaten our hard-won freedoms.' It also attempted to distinguish between metadata and content retention: 'We will keep up to date the ability of the police and security services to access communications data—the ‘who, where, when and how’ of a communication, but not its content." However, speaking from Russia at a conference in Australia on Friday evening, the whistleblower Edward Snowden warned against accepting this distinction: 'The impacts of metadata can’t be overstated, they are collecting data on everyone regardless of wrongdoing. When you have metadata, it’s a proxy for content, so when politicians split hairs about metadata you should be very sceptical.' He went on to say that adopting these data retention laws was a 'radical departure from the operation of traditional liberal societies around the world,' and pointed out that mass surveillance had not stopped the Sydney siege, the Boston marathon bombings, or the attack on the Charlie Hebdo magazine in France."
UK government will bring back Snooper’s Charter; Snowden warns of dangers
Arstechnica, 11 May 2015

"The Conservatives are already planning to introduce the huge surveillance powers known as the Snoopers’ Charter, hoping that the removal from government of the Liberal Democrats that previously blocked the controversial law will allow it to go through. The law, officially known as the Draft Communications Data Bill, is already back on the agenda according to Theresa May. It is expected to force British internet service providers to keep huge amounts of data on their customers, and to make that information available to the government and security services. The snoopers’ charter received huge criticism from computing experts and civil liberties campaigners in the wake of introduction. It was set to come into law in 2014, but Nick Clegg withdrew his support for the bill and it was blocked by the Liberal Democrats. Theresa May, who led the legislation as home secretary, said shortly after the Conservatives' election victory became clear that she will seek to re-introduce it to government. With the re-election of May and the likely majority of her party, the bill is likely to find success if the new government tries again. David Cameron has suggested that his party could introduce even more wide-ranging powers if he was re-elected to government. Speaking in January, he said that there should be no form of communication that the government was unable to read — likely causing chaos among the many internet services that rely on encryption to keep users’ data safe."
Snoopers' charter set to return to law as Theresa May suggests Conservative majority could lead to huge increase in surveillance powers
Independent, 8 May 2015

"The US court of appeals has ruled that the bulk collection of telephone metadata is unlawful, in a landmark decision that clears the way for a full legal challenge against the National Security Agency. A panel of three federal judges for the second circuit overturned an earlier ruling that the controversial surveillance practice first revealed to the US public by NSA whistleblower Edward Snowden in 2013 could not be subject to judicial review."
NSA mass phone surveillance revealed by Edward Snowden ruled illegal
Guardian, 7 May 2015

"Most people realize that emails and other digital communications they once considered private can now become part of their permanent record. But even as they increasingly use apps that understand what they say, most people don’t realize that the words they speak are not so private anymore, either. Top-secret documents from the archive of former NSA contractor Edward Snowden show the National Security Agency can now automatically recognize the content within phone calls by creating rough transcripts and phonetic representations that can be easily searched and stored. The documents show NSA analysts celebrating the development of what they called 'Google for Voice' nearly a decade ago. Though perfect transcription of natural conversation apparently remains the Intelligence Community’s 'holy grail,' the Snowden documents describe extensive use of keyword searching as well as computer programs designed to analyze and 'extract' the content of voice conversations, and even use sophisticated algorithms to flag conversations of interest. The documents include vivid examples of the use of speech recognition in war zones like Iraq and Afghanistan, as well as in Latin America. But they leave unclear exactly how widely the spy agency uses this ability, particularly in programs that pick up considerable amounts of conversations that include people who live in or are citizens of the United States. Spying on international telephone calls has always been a staple of NSA surveillance, but the requirement that an actual person do the listening meant it was effectively limited to a tiny percentage of the total traffic. By leveraging advances in automated speech recognition, the NSA has entered the era of bulk listening. And this has happened with no apparent public oversight, hearings or legislative action. Congress hasn’t shown signs of even knowing that it’s going on.... Civil liberty experts contacted by The Intercept said the NSA’s speech-to-text capabilities are a disturbing example of the privacy invasions that are becoming possible as our analog world transitions to a digital one. 'I think people don’t understand that the economics of surveillance have totally changed,' Jennifer Granick, civil liberties director at the Stanford Center for Internet and Society, told The Intercept. 'Once you have this capability, then the question is: How will it be deployed? Can you temporarily cache all American phone calls, transcribe all the phone calls, and do text searching of the content of the calls?' she said. 'It may not be what they are doing right now, but they’ll be able to do it.' And, she asked: 'How would we ever know if they change the policy?' Indeed, NSA officials have been secretive about their ability to convert speech to text, and how widely they use it, leaving open any number of possibilities."
The Computers are Listening
The Intercept, 5 May 2015

"The European Commission's top chief has admitted that he has recommended the implementation of a European spy agency in order to combat spying from within the European Union, according to reports. At a meeting of the EU's 28 commissioners, Jean-Claude Juncker proposed the creation of Europe's own supranational spy service to combat spying by agencies such as Germany's foreign intelligence body, the Bundesnachrichtendienst (BND), who monitored officials in the European Commission, the French foreign ministry and France's Elysee Palace, according to The Times. German media reports claimed that the intelligence agency gathered information on 'high-ranking officials' in what amounted to 'political espionage' before passing it to the US National Security Agency (NSA). 'At a college meeting, I said that the European Commission should have a secret service, because the agents are here,' Juncker revealed yesterday.....Juncker spoke of his own experience with spying in Europe, after resigning as Luxembourg's prime minister in 2013 because of the country's own illegal covert activity. 'I'm a sort of specialist of secret services,' he said. "I know by personal experience that they are very difficult to keep under under control.'"
EU chief Juncker seeks European secret service
Newsweek, 1 May 2015

"A former National Security Agency official turned whistleblower has spent almost a decade and a half in civilian life. And he says he's still "pissed" by what he's seen leak in the past two years. In a lunch meeting hosted by Contrast Security founder Jeff Williams on Wednesday, William Binney, a former NSA official who spent more than three decades at the agency, said the US government's mass surveillance programs have become so engorged with data that they are no longer effective, losing vital intelligence in the fray. That, he said, can -- and has -- led to terrorist attacks succeeding. Binney said that an analyst today can run one simple query across the NSA's various databases, only to become immediately overloaded with information. With about four billion people -- around two-thirds of the world's population -- under the NSA and partner agencies' watchful eyes, according to his estimates, there is too much data being collected....Binney left the NSA a month after the September 11 attacks in New York City in 2001, days after controversial counter-terrorism legislation was enacted -- the Patriot Act -- in the wake of the attacks. Binney stands jaded by his experience leaving the shadowy eavesdropping agency, but impassioned for the job he once had. He left after a program he helped develop was scrapped three weeks prior to September 11, replaced by a system he said was more expensive and more intrusive. Snowden said he was inspired by Binney's case, which in part inspired him to leak thousands of classified documents to journalists.Since then, the NSA has ramped up its intelligence gathering mission to indiscriminately "collect it all." ...Binney said the NSA is today not as interested in phone records -- such as who calls whom, when, and for how long. Although the Obama administration calls the program a "critical national security tool," the agency is increasingly looking at the content of communications, as the Snowden disclosures have shown. Binney said he estimated that a "maximum" of 72 companies were participating in the bulk records collection program -- including Verizon, but said it was a drop in the ocean. He also called PRISM, the clandestine surveillance program that grabs data from nine named Silicon Valley giants, including Apple, Google, Facebook, and Microsoft, just a "minor part" of the data collection process. The Upstream program is where the vast bulk of the information was being collected," said Binney, talking about how the NSA tapped undersea fiber optic cables. With help from its British counterparts at GCHQ, the NSA is able to "buffer" more than 21 petabytes a day. Binney said the "collect it all" mantra now may be the norm, but it's expensive and ineffective.  "If you have to collect everything, there's an ever increasing need for more and more budget," he said. "That means you can build your empire.""
NSA is so overwhelmed with data, it's no longer effective, says whistleblower
ZDNet, 30 April 2015

"Germany has been spying and eavesdropping on its closest partners in the EU and passing the information to the US for more than a decade, a parliamentary inquiry in Berlin has found, triggering allegations of lying and coverups reaching to the very top of Angela Merkel’s administration. There was outrage in Germany two years ago over the revelations by NSA whistleblower Edward Snowden of US and British surveillance activities in Europe. The fresh disclosures are embarrassing for Berlin, which stands accused of hypocrisy in its protests about the US spying on its allies. 'You don’t spy on your friends,' said the chancellor when it was made known to her that her mobile phone was being monitored by the US National Security Agency (NSA). Since then, both sides have been embroiled in arguments about data privacy, with much talk among officials and diplomats of a collapse of German trust in the Americans. But according to reports on a confidential Bundestag committee of inquiry into the NSA scandal, under a 2002 pact between German intelligence (BND) and the NSA, Berlin used its largest electronic eavesdropping facility in Bavaria to monitor email and telephone traffic at the Élysée Palace, the offices of the French president, and of key EU institutions in Brussels including the European commission. Thomas de Maizière, the interior minister and a Merkel confidant, is in the firing line for allegedly lying about or covering up the German collaboration with the Americans. The minister has denied the allegations robustly and promised to answer before the parliamentary inquiry 'the sooner the better'. The best-selling tabloid Bild depicted de Maiziere as Pinocchio this week and accused him of 'lying with impunity'. From 2005-9 he served as Merkel’s chief of staff, the post in Berlin that exercises authority over the BND. He is said to have been told of the spying activities in 2008....According to the newspaper Süddeutsche Zeitung and the public broadcasters WDR and NDR, citing information from the closed parliamentary inquiry, the BND’s biggest listening post at Bad Aibling in Bavaria 'was abused for years for NSA spying on European states'..... 'The core is the political spying on our European neighbours and EU institutions,' an unnamed source said to be familiar with the evidence told the Süddeutsche. As well as the political intelligence activities, the NSA also got the BND to spy on European aerospace and defence firms, the reports allege. German and American individuals and companies were not monitored under the terms of the espionage pact. The Bad Aibling complex of listening posts was an NSA facility for years. Under an agreement in 2002, it was handed over to the Germans in 2004, since when much of the information gleaned was routinely passed to the Americans. According to the Süddeutsche, the Americans supplied search terms on a weekly basis to the Germans – totalling 690,000 phone numbers and 7.8m IP addresses up until 2013."
Coverup claims over revelation that Germany spied on EU partners for US
Guardian, 30 April 2015

"GCHQ has been ordered to destroy documents arising from its illegal interception of communications between a Libyan dissident kidnapped with the aid of British intelligence and his lawyers. The watchdog body for Britain’s intelligence agencies found that the Government’s listening station had breached the human rights of Sami al-Saadi, an opponent of former dictator Muammar Gaddafi who was forcibly removed from Hong Kong with his family in 2004 and placed into Libyan custody with the apparent connivance of MI6. Lawyers for Mr Al-Saadi, who received a £2.2m settlement from the British Government two years ago, said the ruling by the Investigatory Powers Tribunal (IPT) was the first time in its 15-year history that it had upheld a complaint against the security services. It is also the first time that one of Britain’s intelligence agencies has been ordered to surrender surveillance material. The IPT gave GCHQ 14 days in which to confirm it has destroyed the two documents, which contained material based on contacts between Mr Al-Saadi and his British lawyers in the run up to his legal claim against the authorities. In a separate case relating to Government secrecy, another tribunal yesterday heard claims that documents relating to alleged corruption in a deal to arm the Saudi military were being wrongly withheld to protect national security."
GCHQ ordered to destroy documents from illegal communication interceptions between kidnapped Libyan dissident and his lawyers
Independent, 29 April 2015

"A study has found that many people in the UK are worried about having smart meters in their homes because they fear that data about their personal energy use will be shared. The UK government says it wants all homes to have smart meters within five years. These will allow users to set equipment that only needs energy intermittently – such as washing machines and freezers – to switch on at times when the grid has spare capacity and power is cheap. The meters will save people money, as well as making it easier for the grid to incorporate fluctuating sources of renewable energy such as wind and solar power – thus helping to cut greenhouse-gas emissions. But in an online survey of more than 2400 people in the UK, Alexa Spence of Nottingham University found that a fifth would be "uncomfortable" with the data sharing needed to do that. Strangely, she says, people who were worried about their energy bills were the most fearful, whereas those who were more concerned about climate change tended to be more amenable to data sharing."
UK people happy to cut energy use, but wary of smart meters
New Scientist, 27 April 2015

"The secrecy surrounding the National Security Agency’s post-9/11 warrantless surveillance and bulk data collection program hampered its effectiveness, and many members of the intelligence community later struggled to identify any specific terrorist attacks it thwarted, a newly declassified document shows. The document is a lengthy report on a once secret N.S.A. program code-named Stellarwind. The report was a joint project in 2009 by inspectors general for five intelligence and law enforcement agencies, and it was withheld from the public at the time, although a short, unclassified version was made public. The government released a redacted version of the full report to The New York Times on Friday evening in response to a Freedom of Information Act lawsuit. Shortly after the terrorist attacks on Sept. 11, 2001, President George W. Bush secretly told the N.S.A. that it could wiretap Americans’ international phone calls and collect bulk data about their phone calls and emails without obeying the Foreign Intelligence Surveillance Act. Over time, Stellarwind’s legal basis evolved, and pieces of it emerged into public view, starting with an article in The Times about warrantless wiretapping in 2005. The report amounts to a detailed history of the program. While significant parts remain classified, it includes some new information. For example, it explains how the Bush administration came to tell the chief judge of the Foreign Intelligence Surveillance Court at the time of the Sept. 11 attacks, Royce C. Lamberth, about the program’s existence in early 2002. James A. Baker, then the Justice Department’s top intelligence lawyer, had not been told about the program. But he came across 'strange, unattributed' language in an application for an ordinary surveillance warrant and figured it out, then insisted on telling Judge Lamberth. Mr. Baker is now the general counsel to the F.B.I. It also says that Mr. Baker developed procedures to make sure that warrant applications using information from Stellarwind went only to the judges who knew about the program: first Judge Lamberth and then his successor, Judge Colleen Kollar-Kotelly....After the warrantless wiretapping part became public, Congress legalized it in 2007; the report said this should have happened earlier to remove 'the substantial restrictions placed on F.B.I. agents’ and analysts’ access to and use of program-derived information due to the highly classified status' of Stellarwind.... The report has new details about a dramatic episode in March 2004, when several Justice Department officials confronted Alberto R. Gonzales, the White House counsel at the time, in the hospital room of Mr. Ashcroft over the legality of the program. The officials included Mr. Thompson’s successor as deputy attorney general, James B. Comey, who is now the F.B.I. director, and the new head of the office where Mr. Yoo had worked, Jack Goldsmith. The showdown prompted Mr. Bush to make two or three changes to Stellarwind, the report said. But while the report gives a blow-by-blow account of the bureaucratic fight, it censors an explanation of the substance of the legal dispute and Mr. Bush’s changes....Last year, the Obama administration released a redacted version of a memo that Mr. Goldsmith later wrote about Stellarwind and similarly censored important details. Nevertheless, it is public knowledge, because of documents leaked by the former intelligence contractor Edward J. Snowden, that one part of the dispute concerned the legality of the component of Stellarwind that collected bulk records about Americans’ emails...... In 2004, the F.B.I. looked at a sampling of all the tips to see how many had made a 'significant contribution' to identifying a terrorist, deporting a terrorism suspect, or developing a confidential informant about terrorists. Just 1.2 percent of the tips from 2001 to 2004 had made such a contribution. Two years later, the F.B.I. reviewed all the leads from the warrantless wiretapping part of Stellarwind between August 2004 and January 2006. None had proved useful."
Declassified Report Shows Doubts About Value of N.S.A.’s Warrantless Spying
New York Times, 24 April 2015

"Germany's intelligence service, the Bundesnachrichtendienst (BND), has been helping the NSA spy on European politicians and companies for years, according to the German news magazine Der Spiegel. The NSA has been sending lists of 'selectors'—identifying telephone numbers, e-mail and IP addresses—to the BND, which then provides related information that it holds in its surveillance databases. According to the German newspaper Die Zeit, the NSA sent selector lists several times a day, and altogether 800,000 selectors have been requested. The BND realized as early as 2008 that some of the selectors were not permitted according to its internal rules, or covered by a 2002 US-Germany anti-terrorism 'Memorandum of Agreement' on intelligence cooperation. And yet it did nothing to check the NSA's requests systematically. It was only in the summer of 2013, after Edward Snowden's revelations of massive NSA and GCHQ surveillance, that the BND finally started an inquiry into all the selectors that had been processed. According to Der Spiegel, investigators found that the BND had provided information on around 2,000 selectors that were clearly against European and German interests. Not only were European businesses such as the giant aerospace and defense company EADS, best-known as the manufacturer of the Airbus planes, targeted, so were European politicians—including German ones. However, the BND did not inform the German Chancellor's office, which only found out about the misuse of the selector request system in March 2015. Instead, the BND simply asked the NSA to make requests that were fully covered by the anti-terrorism agreement between the two countries. According to Die Zeit, this was because the BND was worried that the NSA might curtail the flow of its own intelligence data to the German secret services if the selector scheme became embroiled in controversy. The information about this activity has finally come out thanks to a long-running committee of inquiry, set up by the German Bundestag (federal parliament), which has been trying to get to the bottom of the NSA activities in Germany, and of the BND's involvement in them. The committee's investigation suggests that as many as 40,000 of the selectors were targeting European and German interests—far more than the 2,000 found by the BND. There is likely to be considerable political fallout from the latest news. Because of the way the affair has been handled, with the German Chancellor kept in the dark for years, it is widely expected that the head of the BND, Gerhard Schindler, will be forced to resign. News that the BND has been actively helping the NSA to spy on European companies and politicians will also deepen the public's already considerable anger at US surveillance of Germans, first revealed by Snowden's leaks. That, in its turn, could make it even harder to persuade them to accept the huge US-EU trade agreement currently being negotiated behind closed doors, known as the Transatlantic Trade and Investment Partnership (TTIP). The Germans are already the leading skeptics: over a million of them have signed an online petition calling for the TTIP talks to be halted, while thousands took to the streets earlier this month to protest against the proposed deal."
NSA spied on EU politicians and companies with help from German intelligence
Arstechnica, 24 April 2015

"Escaping from the hectic world to curl up with a good book is one of life’s simple pleasures. But thanks to the popularity of e-readers, it seems that when you settle down to enjoy a novel you’re no longer alone. The digital devices not only track which books you read, but can monitor the passages you dwell on and the time you put your book down at night to go to sleep. Michael Tamblyn, of Kobo, which supplies e-readers to WHSmith, John Lewis and Tesco, said it collects information from users to recommend new books and boost sales. ‘We’re synchronising a bookmark constantly as you move along,’ he said.... Renate Samson, of the privacy campaign group Big Brother Watch, said: ‘It is rather alarming to think that whilst you read your e-book your e-reader device is reading you.‘That these products feel the need to monitor more than just what we read, but to actively store data on what page we might linger on or more worryingly what time of day or night we choose to read seems disproportionately intrusive on what is to most of us a moment of personal quiet time.’... At the moment e-books account for around a fifth of all book sales in the UK, across all age groups. Many older readers have adopted the gadgets because they can easily increase the font size, making books easier to read without having to pay for a special large-print edition."
Electronic book lovers beware, your e-reader is watching you
Mail Online, 21 April 2015

"About a year ago, a thirtysomething sculptor in Los Angeles began working on a bust of Edward Snowden. When he was done, he shipped the bust to his artist friends on the East Coast. Just before dawn April 6, the artists crept under cover of darkness into Brooklyn's Fort Greene Park and installed the 100-pound bust atop a Revolutionary War memorial. 'We chose to pay tribute to Snowden through the medium of a bust because that is one of the visual pieces society uses as a guidepost to who a hero is,' one of the artists said in a video released after the bust was installed. By 3 p.m. the New York Parks Department and police had taken the bust down. But the next morning, a different group of artists cast a holographic image of Snowden where the bust had stood. The message to the authorities could not be clearer: Snowden is not going away. A large and important segment of our society sees Snowden as hero and whistleblower — and its members are the future. In late February, the American Civil Liberties Union commissioned a global poll surveying millennials (18- to 34-year-olds) in 10 countries, including the United States, about their opinions of Snowden and what the effect of his disclosures will mean for privacy. The results confirmed that surveillance reform, like marriage equality, will come about because of generational change. The poll showed that in every country surveyed — Australia, Canada, France, Germany, Britain, Italy, New Zealand, the Netherlands, Spain and the U.S. — millennials have an overwhelmingly positive opinion of Snowden. In continental Europe, 78% to 86% has positive opinions of him. Even in the United States, where the Justice Department has charged Snowden with espionage, 56% view him favorably. The poll also found that millennials believe Snowden's disclosures will benefit privacy rights. In Germany, Italy, Spain and the Netherlands, 54% to 59% said they thought Snowden's actions would lead to more privacy protection. It might seem counterintuitive to think that Snowden's disclosures will lead to greater privacy protections when many of the governments in the countries polled are insistent on maintaining or enhancing their abilities to spy on their citizens. Canada, France and the Netherlands are considering expansive surveillance powers similar to the Patriot Act, and Australia already has enacted such a law. Though surveillance reform may confront resistance in the near term, millennials have made it clear that they don't want government agencies tracking them online or collecting data about their phone calls. In the United States, millennials will surpass the baby boomer generation this year, and by 2020, they will represent 1 out of 3 adults. As they grow in influence, so too will the demand to rein in the surveillance state. Conventional wisdom says that the young and idealistic grow up and shed their naive ideals as they confront the real world. By that logic, as millennials age, they will recognize the need for the surveillance state to keep us safe from terrorism. But given the lack of evidence that mass surveillance works — President Obama's own review group concluded that the National Security Agency's call-records program never played a pivotal role in any investigation — it is unlikely this generation of digital natives will shed a fundamental commitment to the free exchange of information."
With millennials gaining influence, surveillance reform is inevitable
Los Angeles Times, 20 April 2015

"Want to see how secrecy is corrosive to democracy? Look no further than a series of explosive investigations by various news organizations this week that show the government hiding surveillance programs purely to prevent a giant public backlash. USA Today’s Brad Heath published a blockbuster story on Monday about the Drug Enforcement Administration (DEA) running a massive domestic spying operation parallel to the NSA’s that was tracking billions of international calls made by Americans. They kept it secret for more than two decades. According to the USA Today report, the spying program was not only used against alleged terrorist activity, but countless supposed drug crimes, as well as 'to identify US suspects in a wide range of other investigations'. And they collected information on millions of completely innocent Americans along the way. Heath’s story is awash with incredible detail and should be read in full, but one of the most interesting parts was buried near the end: the program was shut down by the Justice Department after the Snowden leaks, not because Snowden exposed the program, but because they knew that when the program eventually would leak, the government would have no arguments to defend it. The justification they were using for the NSA’s program - that it was only being used against dangerous terrorists, not ordinary criminals - just wasn’t true with the DEA. The public would clearly be outraged by the twisted legal justification that radically re-interpreted US law in complete secrecy. 'They couldn’t defend both programs', a former Justice Department official told Heath. The piece also reveals that Attorney General Eric Holder 'didn’t think we should have that information' in the first place, which is interesting because Holder was one of the first Justice Department officials to approve the program during the Clinton administration. It’s nice he came to his senses, but if the program never risked going public, would he have felt the same? There are many other surveillance programs the government is desperate to keep hidden. Consider Stingray devices, the mini fake cell phone towers that can vacuum up cell phone data of entire neighborhoods at the same time and which are increasingly being used by local cops all around the country. The Associated Press reported this week that the Baltimore police have used these controversial devices thousands of times in the course of ordinary investigations and have tried to hide how the devices are used from judges. The lengths to which the FBI will go to keep these devices secret from the public is alarming. As a Guardian investigation detailed on Friday, the FBI makes local police that use them sign non-disclosure agreements, and goes as far as to direct them to dismiss charges against potential criminals if the phone surveillance will be exposed at trial (as is required by due process rights in the Fifth Amendment)."
The government hides surveillance programs just because people would freak out
Guardian, Comment Is Free, 11 April 2015

"The U.S. government started keeping secret records of Americans' international telephone calls nearly a decade before the Sept. 11 terrorist attacks, harvesting billions of calls in a program that provided a blueprint for the far broader National Security Agency surveillance that followed. For more than two decades, the Justice Department and the Drug Enforcement Administration amassed logs of virtually all telephone calls from the USA to as many as 116 countries linked to drug trafficking, current and former officials involved with the operation said. The targeted countries changed over time but included Canada, Mexico and most of Central and South America....The data collection began in 1992 during the administration of President George H.W. Bush, nine years before his son, President George W. Bush, authorized the NSA to gather its own logs of Americans' phone calls in 2001. It was approved by top Justice Department officials in four presidential administrations and detailed in occasional briefings to members of Congress but otherwise had little independent oversight, according to officials involved with running it. The DEA used its data collection extensively and in ways that the NSA is now prohibited from doing. Agents gathered the records without court approval, searched them more often in a day than the spy agency does in a year and automatically linked the numbers the agency gathered to large electronic collections of investigative reports, domestic call records accumulated by its agents and intelligence data from overseas.... The DEA asked the Pentagon for help. The military responded with a pair of supercomputers and intelligence analysts who had experience tracking the communication patterns of Soviet military units. "What they discovered was that the incident of a communication was perhaps as important as the content of a communication," a former Justice Department official said.The military installed the supercomputers on the fifth floor of the DEA's headquarters, across from a shopping mall in Arlington, Va."
U.S. secretly tracked billions of calls for decades
USA Today, 7 April 2015

"In a case before the Court of Justice of the European Union (CJEU), the European Commission admitted that the Safe Harbor Framework doesn’t adequately protect EU citizens’ data from potential U.S. spying. And a fix isn’t really coming anytime soon, Ars Technica reveals, quoting a report from euobserver. The best way for preventing such spying operations, for anyone worried about NSA snooping, would be to stop using certain U.S.-based online services, including Facebook, at least until they open data centers in Europe.'You might consider closing your Facebook account, if you have one,'European Commission attorney Bernhard Schima told attorney-general Yves Bot at the CJEU on Tuesday, suggesting that personal data transferred from Europe to the U.S. isn’t necessarily protected under the U.S.-EU pact, even though the Framework should ensure data privacy and security. The case was brought before the CJEU after Austrian privacy activist Max Schrems filed complaints with the Irish High Court following the Prism revelations against the five U.S. companies mentioned above. The Irish court then referred it to the higher European body. Schrems basically says that data passed to the U.S. can’t be considered as adequately protected, as it’s not clear what happens with it in light of the Prism program leaks. The European Commission is still in talks about improving data protection for EU citizens, even though the Safe Harbour Framework can’t yet guarantee that protection."
EU: Don’t use Facebook if you’re worried about NSA snooping
BGR, 25 March 2015

"Spying by the GCSB on those competing against National Government minister Tim Groser for the World Trade Organisation's top job has appalled a former foreign affairs and trade minister and astonished one of the country's most experienced diplomats. An inquiry is likely into the actions of the GCSB after Labour leader Andrew Little said he would ask the Inspector-General of Intelligence and Security to investigate today. The Herald and US news site the Intercept yesterday revealed a top secret GCSB document showing the electronic surveillance agency had been searching for email communications which mentioned Mr Groser, the Trade Minister, in association with names of candidates competing against him. The news broke as Prime Minister John Key and Mr Groser prepared to sign a Free Trade Agreement in South Korea, whose former trade minister was among the surveillance targets vying for the $700,000 WTO job. Mr Key told reporters the South Korean hosts "wouldn't give a monkey's" and "wouldn't believe it" but refused to comment further. A spokeswoman last night said Mr Key was confident the inspector-general would investigate "any matters as she sees fit". Mr Groser also refused comment but told TVNZ: "I assume that everything I say on the phone is being intercepted.""
Former diplomat, minister shocked by WTO spy claims
New Zealand Herald, 24 March 2015

"Top-secret documents obtained by the CBC show Canada's electronic spy agency has developed a vast arsenal of cyberwarfare tools alongside its U.S. and British counterparts to hack into computers and phones in many parts of the world, including in friendly trade countries like Mexico and hotspots like the Middle East. The little known Communications Security Establishment wanted to become more aggressive by 2015, the documents also said. Revelations about the agency's prowess should serve as a 'major wakeup call for all Canadians,' particularly in the context of the current parliamentary debate over whether to give intelligence officials the power to disrupt national security threats, says Ronald Deibert, director of the Citizen Lab, the respected internet research group at University of Toronto's Munk School of Global Affairs. 'These are awesome powers that should only be granted to the government with enormous trepidation and only with a correspondingly massive investment in equally powerful systems of oversight, review and public accountability,' says Deibert. Details of the CSE’s capabilities are revealed in several top-secret documents analyzed by CBC News in collaboration with The Intercept, a U.S. news website co-founded by Glenn Greenwald, the journalist who obtained the documents from U.S. whistleblower Edward Snowden. The CSE toolbox includes the ability to redirect someone to a fake website, create unrest by pretending to be another government or hacker, and siphon classified information out of computer networks, according to experts who viewed the documents. The agency refused to answer questions about whether it's using all the tools listed, citing the Security of Information Act as preventing it from commenting on such classified matters. In a written statement, though, it did say that some of the documents obtained by CBC News were dated and do 'not necessarily reflect current CSE practices or programs. Canada's electronic spy agency and the U.S. National Security Agency 'cooperate closely' in 'computer network access and exploitation' of certain targets, according to an April 2013 briefing note for the NSA. Their targets are located in the Middle East, North Africa, Europe and Mexico, plus other unnamed countries connected to the two agencies' counterterrorism goals, the documents say. Specific techniques used against the targets are not revealed. Deibert notes that previous Snowden leaks have disclosed that the CSE uses the highly sophisticated WARRIORPRIDE malware to target cellphones, and maintains a network of infected private computers — what's called a botnet ?— that it uses to disguise itself when hacking targets. Other leaked documents revealed back in 2013 that the CSE spied on computers or smartphones connected to Brazil's mining and energy ministry to get economic intelligence."
Communication Security Establishment's cyberwarfare toolbox revealed
CBC, 23 March 2015

"Air-gapped systems, which are isolated from the Internet and are not connected to other systems that are connected to the Internet, are used in situations that demand high security because they make siphoning data from them difficult. Air-gapped systems are used in classified military networks, the payment networks that process credit and debit card transactions for retailers, and in industrial control systems that operate critical infrastructure. Even journalists use them to prevent intruders from remotely accessing sensitive data. To siphon data from an air-gapped system generally requires physical access to the machine, using removable media like a USB flash drive or a firewire cable to connect the air-gapped system directly to another computer. But security researchers at Ben Gurion University in Israel have found a way to retrieve data from an air-gapped computer using only heat emissions and a computer’s built-in thermal sensors. The method would allow attackers to surreptitiously siphon passwords or security keys from a protected system and transmit the data to an internet-connected system that’s in close proximity and that the attackers control. They could also use the internet-connected system to send malicious commands to the air-gapped system using the same heat and sensor technique. In a video demonstration produced by the researchers, they show how they were able to send a command from one computer to an adjacent air-gapped machine to re-position a missile-launch toy the air-gapped system controlled. The proof-of-concept attack requires both systems to first be compromised with malware. And currently, the attack allows for just eight bits of data to be reliably transmitted over an hour—a rate that is sufficient for an attacker to transmit brief commands or siphon a password or secret key but not large amounts of data. It also works only if the air-gapped system is within 40 centimeters (about 15 inches) from the other computer the attackers control. But the researchers, at Ben Gurion’s Cyber Security Labs, note that this latter scenario is not uncommon, because air-gapped systems often sit on desktops alongside Internet-connected ones so that workers can easily access both. The method was developed by Mordechai Guri in a project overseen by his adviser Yuval Elovici. The research represents just a first step says Dudu Mimran, chief technology officer at the lab, who says they plan to present their findings at a security conference in Tel Aviv next week and release a paper describing their work later on.'We expect this pioneering work to serve as the foundation of subsequent research, which will focus on various aspects of the thermal channel and improve its capabilities,'the researchers note in their paper. With additional research, they say they may be able to increase the distance between the two communicating computers and the speed of data transfer between them.... This isn’t the only way to communicate with air-gapped systems without using physical media. Past research by other teams has focused on using acoustic inaudible channels, optical channels and electromagnetic emissions. All of these, however, are unidirectional channels, meaning they can be used to siphon data but not send commands to an air-gapped system. The same Ben Gurion researchers previously showed how they could siphon data from an air-gapped machine using radio frequency signals and a nearby mobile phone. That proof-of-concept hack involved radio signals generated and transmitted by an infected machine’s video card, which could be used to send passwords and other data over the air to the FM radio receiver in a mobile phone. The NSA reportedly has been using a more sophisticated version of this technique to not only siphon data from air-gapped machines in Iran and elsewhere but also to inject them with malware, according to documents leaked by Edward Snowden. Using an NSA hardware implant called the Cottonmouth-I, which comes with a tiny embedded transceiver, the agency can extract data from targeted systems using RF signals and transmit it to a briefcase-sized relay station up to 8 miles away. There’s no evidence yet that the spy agency is using heat emissions and thermal sensors to steal data and control air-gapped machines— their RF technique is much more efficient than thermal hacking. But if university researchers in Israel have explored the idea of thermal hacking as an attack vector, the NSA has likely considered it too."
Stealing Data From Computers Using Heat
Wired, 23 March 2015

"How would you feel if your phone carrier accidentally leaked every record of every call you made—and didn’t even tell you? If you’re like most Americans, you would be livid, because the vast majority of us care deeply about the privacy of our phone records. A November report from the Pew Research Center found that 82 percent of Americans consider location information gathered by their phones to be'sensitive'or'very sensitive,'and 75 percent feel that way about the numbers they have called or texted. But a forthcoming bill from Congress could dramatically reduce the security of that information—amid a number of high-profile data breaches. The threat comes from a bill—scheduled to be introduced in the House this week—called (incongruously) the'Data Security and Breach Notification Act of 2015.'As I explained in testimony before the House of Representatives last week, counter to its name, this piece of legislation would actually eliminate key legal protections for phone, cable, and satellite records. What would this mean for you? You could no longer assume that any information your phone, cable, or satellite provider collects about you is protected, and companies would no longer be obligated to tell you if that information is compromised. The results could be disastrous. Just a list of the phone numbers called by a customer would reveal not only information about that customer’s ties to other individuals, but also ties to organizations, health-related entities, hotlines, support groups, and so on. That list of numbers could reveal that the customer had called a hotline for suicidal thoughts or domestic violence. It could indicate that the customer likely had an abortion, needed 911 services, battled addiction, or struggled to come to terms with her sexual orientation. And analyzing the records further would reveal even more intimate details, including, in the words of computer scientist Ed Felten: - '[W]hen we are awake and asleep; our religion, if a person regularly makes no calls on the Sabbath, or makes a large number of calls on Christmas Day; our work habits and our social attitudes; the number of friends we have; and even our civil and political affiliations.' - Phone records also contain location information. Even when customers turn off GPS on their phones, carriers keep a record of which network antenna is communicating with the phone during every call. As computer scientist Vitaly Shmatikov explained last year in a letter to the Federal Communications Commission, this information can be used to reconstruct a customer’s movements, revealing the path someone takes to drive to work or walk to her children’s school, or the location of his gym or place of worship. As for cable and satellite customers’ viewing histories, it’s hard to imagine a class of information with greater potential for humiliation than an account of what we watch in the privacy of our own homes. Indeed, Congress was so spooked by the publication of Supreme Court nominee Robert Bork’s innocuous video rental history in 1988 that they almost immediately passed the Video Privacy Protection Act, which protects records about video rentals. Right now, phone carriers have to train personnel on protections for these records, have an express disciplinary process in place for abuses, and annually certify that they are in compliance with the rules. Cable and satellite providers also have to carefully protect all of their customers’ information. The new bill would change all that."
Laura Moy - Congress Wants to Eliminate Protections for Some of Your Most Sensitive Records
Slate, 23 March 2015

"British police claim a criminal investigation they are conducting into journalists who have reported on leaked documents from Edward Snowden has to be kept a secret due to a'possibility of increased threat of terrorist activity.'Following Snowden’s disclosures from the National Security Agency in 2013, London’s Metropolitan Police and a lawyer for the United Kingdom government separately confirmed a criminal probe had been opened into the leaks. One of the Metropolitan Police’s most senior officers publicly acknowledged during a parliamentary hearing that the investigation was focusing on whether reporters at the Guardian had committed criminal offenses for their role in revealing British government mass surveillance operations exposed in Snowden’s documents. But now, the Metropolitan Police, known as the Met, says everything about the investigation’s existence is a secret and too dangerous to disclose."
UK Police Deem Snowden Leak Investigation a State Secret
The Intercept, 20 March 2015

"German Vice Chancellor Sigmar Gabriel (above) said this week in Homburg that the U.S. government threatened to cease sharing intelligence with Germany if Berlin offered asylum to NSA whistleblower Edward Snowden or otherwise arranged for him to travel to that country.'They told us they would stop notifying us of plots and other intelligence matters,'Gabriel said. The vice chancellor delivered a speech in which he praised the journalists who worked on the Snowden archive, and then lamented the fact that Snowden was forced to seek refuge in'Vladimir Putin’s autocratic Russia'because no other nation was willing and able to protect him from threats of imprisonment by the U.S. government (I was present at the event to receive an award). That prompted an audience member to interrupt his speech and yell out:'Why don’t you bring him to Germany, then?'There has been a sustained debate in Germany over whether to grant asylum to Snowden, and a major controversy arose last year when a Parliamentary Committee investigating NSA spying divided as to whether to bring Snowden to testify in person, and then narrowly refused at the behest of the Merkel government. In response to the audience interruption, Gabriel claimed that Germany would be legally obligated to extradite Snowden to the U.S. if he were on German soil. Afterward, however, when I pressed the vice chancellor (who is also head of the Social Democratic Party, as well as the country’s economy and energy minister) as to why the German government could not and would not offer Snowden asylum — which, under international law, negates the asylee’s status as a fugitive — he told me that the U.S. government had aggressively threatened the Germans that if they did so, they would be'cut off'from all intelligence sharing. That would mean, if the threat were carried out, that the Americans would literally allow the German population to remain vulnerable to a brewing attack discovered by the Americans by withholding that information from their government."
Glenn Grenwald - US Threatened Germany Over Snowden, Vice Chancellor Says
The Intercept, 20 March 2015

"While you’ve likely never heard of companies like Yesware, Bananatag, and Streak, they almost certainly know a good deal about you. Specifically, they know when you’ve opened an email sent by one of their clients, where you are, what sort of device you’re on, and whether you’ve clicked a link, all without your awareness or consent. That sort of email tracking is more common than you might think. A Chrome extension called Ugly Mail shows you who’s guilty of doing it to your inbox. Sonny Tulyaganov, Ugly Mail’s creator, says he was inspired to write the'tiny script'when a friend told him about Streak, an email-tracking service whose Chrome extension has upwards of 300,000 users. Tulyaganov was appalled.'[Streak] allowed users track emails, see when, where and what device were used to view email,'he recalled to WIRED.'I tried it out and found it very disturbing, so decided to see who is actually tracking emails in my inbox.'Once the idea for Ugly Mail was born, it only took a few hours to make it a reality. The reason it was so easy to create is that the kind of tracking it monitors is itself a simple procedure. Marketers—or anyone who’s inspired to snoop—simply insert a transparent 1×1 image into an email. When that email is opened, the image pings the server it originated from with information like the time, your location, and the device you’re using. It’s a read receipt on steroids that you never signed up for. Pixel tracking is a long-established practice, and there’s nothing remotely illegal or even particularly discouraged about it; Google even has a support page dedicated to guiding advertisers through the process. That doesn’t make it any less unsettling to see just how closely your inbox activity is being monitored. Using Ugly Mail is as simple as the service is effective. Once you’ve installed it, the code identifies emails that include tracking pixels from any of the three services mentioned above. Those messages will appear in your inbox with an eye icon next to the subject heading, letting you know that once clicked, it will alert the sender. Tulyaganov also confirmed to WIRED that Ugly Mail also doesn’t store, save, or transmit any data from your Gmail account or computer; everything takes place on the user’s end. Ugly Mail appears to work as advertised in our test, but it has its limitations. It’s only built for Gmail (sorry… Outlookers?) and is only available for Chrome, although Tulyaganov says that Firefox and Safari versions are in the works."
A Clever Way to Tell Which of Your Emails Are Being Tracked
Wired, 20 March 2015

"The government has admitted that its intelligence services have the broad power to hack into personal phones, computers, and communications networks, and claims they are legally justified to hack anyone, anywhere in the world, even if the target is not a threat to national security nor suspected of any crime. That is the claim of pressure group Privacy International, following admissions by the government in a court document published today by the organisation. It follows two court cases initiated last year against GCHQ that challenge what Privacy International claims is invasive state-sponsored hacking that was revealed by Edward Snowden. In the document, the government outlines the broad authority it has given UK intelligence services to infiltrate personal devices, the internet, and social media websites. In addition, government lawyers claim that while the intelligence services require authorisation before they are allowed to hack into the computer and mobile phones of 'intelligence targets', GCHQ is equally permitted to break into computers anywhere in the world, even if they are not connected to a crime or a threat to national security. 'Such powers are a massive invasion of privacy. Hacking is the modern equivalent of entering someone's house, searching through filing cabinets, diaries and correspondence, and planting devices to permit constant surveillance in future,' commented the organisation. 'If mobile devices are involved, the government can obtain historical information, including every location visited in the past year and the ongoing surveillance will capture the affected individual wherever they go.' The court document relies heavily on a draft code on 'equipment interference', according to the pressure group, which was quietly released to the public on the same day that the Investigatory Powers Tribunal found that GCHQ had engaged in unlawful information sharing with the US National Security Agency (NSA). For the past decade, GCHQ has been involved in state-sponsored hacking without this code being available to the public, claims Privacy International, which means that they have almost certainly been acting against the law. Indeed, the draft code has not even been approved by Parliament yet, and remains open for public comment until 20 March. Privacy International has been involved in two separate complaints to the Investigatory Powers Tribunal, one filed on its own that challenges the UK security services' presumed rights to attack any computer devices in the perceived pursuit of its work; the other is with seven internet service providers and communications companies, which calls for GCHQ to be stopped from attacks against communications networks. 'The government has been deep in the hacking business for nearly a decade, yet they have never once been held accountable for their actions. They have granted themselves incredible powers to break into the devices we hold near and dear, the phones and computers that are so integral to our lives,' said Eric King, deputy director of Privacy International. He continued: 'What's worse is that without any legitimate legal justification, they think they have the authority to target anyone they wish, no matter if they are suspected of a crime. This suspicionless hacking must come to an end and the activities of our intelligence agencies must be brought under the rule of law.'"
Government admits: security services can do what they like – claims Privacy International
Computing, 17 March 2015

"Barbie’s been a lot of things, but could she be a spy? That’s the fear among thousands of parents in the U.S. and Canada over Hello Barbie, a Mattel doll set to hit store shelves later this year that the toymaker calls'interactive.'Using WiFi and voice recognition technology, Hello Barbie can record conversations and talk back, using the recorded information to mimic a conversation between friends. She can remember. She can learn. Cool? Creepy, according to the U.S.-based Campaign for a Commercial-Free Childhood, which has garnered more than 5,000 names in less than a week from the U.S. and Canada on a petition asking Mattel to yank the toy.'This has taken off like no campaign we’ve ever done. People are outraged. I’ve never seen anything like this,'said Josh Golin, associate director of Campaign for a Commercial-Free Childhood.'I think it’s the creep factor ... It just opens a whole Pandora’s box of what could happen.'Oren Jacob, chief executive officer of ToyTalk, the San Francisco company behind the technology, points out that several billion smartphones and tablets in the world already connect to the Internet and come with built-in microphones.    Voice recognition is widely used in applications that include Apple’s Siri, Google Now and Xbox Kinect. Hello Barbie is a highly controlled experience, according to Jacob. The Hello Barbie microphone can only record when it is activated. On the prototype doll, the microphone button is located on her belt buckle. There is no GPS chip in the doll. Hello Barbie does not ask personal questions or collect personal information. Her possible responses are drafted by content teams at Mattel and ToyTalk. The questions and answers are stored for up to two years, and are used for product development, including improving voice recognition systems for children. Parents can access the comments, using a password. They can also delete the comments."
Mattel in hot water over interactive Hello Barbie
Toronto Star, 17 March 2015

"New Zealand spies programmed an internet mass surveillance system to intercept messages about senior public servants and a leading anti-corruption campaigner in the Solomon Islands, a top-secret document reveals. For the first time, New Zealanders can learn about people their government has targeted as part of its role in Five Eyes, a surveillance alliance that includes New Zealand, the United States, the United Kingdom, Canada, and Australia. The secret document, dated from January 2013, shows some of the names and other search terms that the Government Communications Security Bureau (GCSB) entered into the internet spying system XKeyscore. XKeyscore is run by the US National Security Agency and is used to analyse vast amounts of email, internet browsing sessions and online chats that are intercepted from some 150 different locations worldwide. GCSB has gained access to XKeyscore through its partnership in Five Eyes, and contributes data to the system that is swept up in bulk from a surveillance base in Waihopai Valley. XKeyscore would have searched through the South Pacific communications intercepted by the GCSB and highlighted those containing the specified Solomon Islands target names and search terms. When Prime Minister John Key talks of New Zealand's intelligence operations, he voices concern over the threat of terrorism. In the case of the Solomon Islands, the government and civil society targets appear to be respectable people working in the best interests of their country. The top secret document obtained by the Herald on Sunday and US news site The Intercept gives an unprecedented insight into specific targeting by New Zealand's largest and most secretive intelligence agency. No individual foreign targets of the GCSB have ever before reached the public. The GCSB target list features seven Solomon Islanders by name under the heading "Terms associated with Solomon Islands Government documents". The names are a who's who of senior public servants in the Solomon Islands government at the time the list was written. They include Barnabas Anga, the Permanent Secretary of the Ministry of Foreign Affairs and External Trade, Robert Iroga, Chief of Staff to the Prime Minister, Dr Philip Tagini, Special Secretary to the Prime Minister, Fiona Indu, senior Foreign Affairs official, James Remobatu, Cabinet Secretary, and Rose Qurusu, a Solomon Islands public servant. Targeting emails associated with these officials would have provided day-by-day monitoring of the internal operation of the Solomon Islands government, including its negotiations with the New Zealand, Australian and other Five Eyes governments. The target list includes the usernames of the senior public servants' computer accounts. The surveillance was tailored to intercept documents they or other officials sent between each other..... The seventh person caught up in the GCSB's surveillance sweep is the leading anti-corruption campaigner in the Solomons, Benjamin Afuga. For several years he has run an online publication that exposes corruption, often publishing leaked information and documents from whistleblowers within the government. It has a large following.... The existence of XKeyscore was first revealed by the Guardian in 2013, based on documents leaked by NSA whistleblower Edward Snowden. The documents showed that the NSA views the system as its "widest reaching" surveillance tool because it is capable of seeing "nearly everything a typical user does on the internet"."
Revealed: The names NZ targeted using NSA's XKeyscore system
New Zealand Herald, 15 March 2015

"The names suggest a parade of a C-list websites. There was NewJunk4U.com and Monster-Ads.net, CoffeeHausBlog.com and SuddenPlot.com. But, these sad-sounding domains actually were artful creations of the National Security Agency: They were fronts for distributing and controlling government malware around the world. Those domains and 109 others came to light last month as part of the'Equation Group'report from anti-virus vendor Kaspersky. Researchers at Kaspersky identified 300 such domains, and published 113 of them. The NSA’s malware domains always have been a closely guarded secret—it’s the kind of direct, actionable information that can expose even old cyber espionage operations. Now the agency is in an awkward position: What should it do with these domains now that their covers have been blown? The domains were chosen to look legitimate, which means the US government is effectively cyber squatting on a sizable portfolio of names like newjunk4u.com and businessdealsblog.com that are no longer useful for espionage, but potentially valuable for business."
Psssst: Wanna Buy a Used Spy Website?
Wired, 13 March 2015

"The government is attempting to keep secret the extent of the intelligence services’ unlawful behaviour, a tribunal has heard. An application for a confidential judgment that would never be published has been made by lawyers for MI5, MI6 and GCHQ in a highly sensitive case about the interception of legally privileged conversations between lawyers and their clients. The request was made during a claim before the investigatory powers tribunal (IPT) brought by the Libyan dissident Abdel Hakim Belhaj and his family who were abducted in a UK-US rendition operation and returned to Muammar Gaddafi’s regime in Tripoli. The IPT deals with complaints about the conduct of the intelligence services. Belhaj is suing the government over his treatment. Following revelations by the US National Security Agency whistleblower Edward Snowden about widespread online and phone surveillance by GCHQ and other agencies, Belhaj launched a claim in the IPT alleging that his legally protected exchanges with his lawyers had been intercepted – possibly giving the government an unfair advantage in the compensation case. Belhaj is supported by Amnesty International, Reprieve and other human rights groups. Lawyers for MI5, MI6 and GCHQ have already admitted that the policies and procedures they had in place to deal with legally privileged material were unlawful. No'Chinese walls'were in place to prevent those involved in litigation seeing sensitive intelligence material. Conversations between lawyers and their clients have a protected status under English law. Ben Jaffey, counsel for Belhaj and his family, told the tribunal:'There has been a failure of legal oversight that has allowed this to happen.'We know these policies have had a real-world effect. In at least one case there has been tainting and there’s a risk that it could have given them an unfair advantage.'Jaffey said the government was asking the tribunal to keep secret whether Belhaj had been the victim of'serious interference with his lawyers'and how that might have occurred.'The proposal of [the government] is to deal with this case behind secret curtains. The public exposure of unlawfulness is very painful for the agencies. It may make it more difficult for them to do their job but such is the rule of law.'Hugh Tomlinson QC, for Amnesty, said:'If the tribunal says nothing or says it may have happened, the public will be left thinking: ‘What has happened? Is this a can of worms? Is this an iceberg under the water?’'There’s nothing more likely to undermine confidence in the security services than the impression that there’s dirty dealing behind the curtains and nothing has been revealed.'The IPT, which conducts many of its hearings in secret, is empowered to consider claims on a hypothetical basis. James Eadie QC, for the intelligence agencies, told the tribunal that making a public determination at the end of the case could endanger public safety. Confirming to any claimant that they were being monitored would undermine the well-established government’s principle of'neither confirm nor deny'(NCND), he said."
Government trying to keep secret spy agencies' unlawful conduct, IPT hears
Guardian, 13 March 2015

"...Nigel Inkster of the International Institute for Strategic Studies and former deputy chief at intelligence service MI6, sought to downplay the activities of the spy agencies. Asked whether mass surveillance should be troubling in a free society, Inkster said: 'It would be troubling if it were mass surveillance but it's not what we're talking about here. It is a bulk collection of civilian telecommunications, something which has actually been going on for decades without obvious detriment to civil liberty human rights, in order for the intelligence agencies to identify very narrow and specific sets of information about threats.' This is an interesting statement given that such activities may well have been against the law."
Former MI6 deputy chief: What we're doing is not mass surveillance
Guardian, 12 March 2015

"Town halls were granted permission to access private communications data more times than GCHQ and MI6 last year, according to official figures. Councils were granted permission to access records of internet use and telephone calls in 2,110 cases last year, according to a report by the surveillance watchdog. It compares to 1,291 approved interceptions of communication data for GCHQ, the Government listening service, and 652 approvals for the Secret Intelligence Service, known as MI6. Eric Pickles, the Local Government Secretary, accused councils of'acting out their James Bond fantasies'and said the law on municipal surveillance powers may need tightening up. Quangos including the Environment Agency, the Health and Safety Executive, Royal Mail, the Rail Accident investigation branch and the NHS were given permission to acquire communications data thousands of times. In total, police forces, intelligence agencies and other bodies were granted 517,236 authorisations to look at communications data under the Regulation of Investigatory Powers Act last year, a decline on the previous two years. The so-called'envelope'data can be used to identify who is emailing or telephoning whom, and covers the location and time from which messages are sent. It would typically cover an itemised telephone bill, or the name of an account holder of an email address or Twitter account. Some 2,795 warrants were issued to intercept the actual content of emails and phone calls to nine bodies, including the Metropolitan Police, the intelligence agencies, HMRC and the National Crime Agency. Of the half a million interceptions, 88.9 per cent were granted by police forces and law enforcement agencies, 9.8 per cent by intelligence agencies, 0.4 per cent by local authorities and 0.9 per cent by other public bodies. MI5, the domestic security service, accounted for the lions’ share of the agencies’ requests for communications data: 48,639 out of 50,582."
Town halls monitor more emails than MI6 and GCHQ
Telegraph, 12 March 2015

"Within an hour of FOX31 Denver discovering a hidden camera, which was positioned to capture and record the license plates and facial features of customers leaving a Golden Post Office, the device was ripped from the ground and disappeared. FOX31 Denver investigative reporter Chris Halsne confirmed the hidden camera and recorder is owned and operated by the United State Postal Inspection Service, the law enforcement branch of the U.S. Postal Service. The recording device appeared to be tripped by any vehicle leaving the property on Johnson Road, but the lens was not positioned to capture images of the front door, employee entrance, or loading dock areas of the post office. An alert customer first noticed the data collection device, hidden inside a utilities box, around Thanksgiving 2014. It stayed in place, taking photos through the busy Christmas holidays and into mid-January. Managers inside the post office tell FOX31 Denver they were unaware customers were being photographed outside and that the surveillance was not part of the building’s security monitoring. A spokesperson for Postal Inspection Service declined to address the specific reason for the domestic surveillance, but admitted the agency had a'number of cameras at their disposal.'Pamela Durkee, a Federal Law Enforcement Agent and U.S. Postal Inspector, sent an email to FOX31 Denver explaining,'(We) do not engage in routine or random surveillance. Cameras are deployed for law enforcement or security purposes, which may include the security of our facilities, the safety of our customers and employees, or for criminal investigations. Employees of the Postal Inspection Service are sworn to uphold the United States Constitution, including protecting the privacy of the American public.'FOX31 Denver reviewed criminal search warrants on file in city, county, and federal court but none appeared to be related to the Golden post office camera set-up. The Postal Inspection Service would not confirm or deny that the camera was collecting data for a specific case or cases.""
Mysterious spy cameras collecting data at post offices
Fox31 Denver, 12 March 2015

"David Cameron has moved to close a hole in the oversight of Britain’s intelligence agencies after it was revealed for the first time that they were creating'bulk personal datasets'containing millions of items of personal information, some of it gathered covertly without any statutory accountability. Some of the data appears to have been gathered from other government departments as well as commercial organisations. The disclosure came in a long-awaited 149-page report prepared by parliament’s intelligence and security committee (ISC) examining the oversight and capabilities of the UK intelligence agencies in the wake of the revelations of Edward Snowden, the former US National Security Agency (NSA) contractor. The inquiry found the laws governing the agencies’ activities – including mass surveillance – require a total overhaul to make them more transparent, comprehensible and capable of restoring trust in their work.  The report said the legal framework is unnecessarily complicated and – crucially – almost impenetrable. The current laws could be construed as providing the agencies with a'blank cheque to carry out whatever actives they deem necessary', it said.'The legal framework has developed piecemeal and is unnecessarily complicated,'the report concluded.'We have serious concerns about the resulting lack of transparency, which is not in the public interest.'In its key recommendation the committee proposed that'all the current legislation governing the intrusive capabilities of the security and intelligence agencies be replaced by a new, single act of parliament'. Although all sides welcomed the proposed clarification and consolidation of the complex laws, the precise content of that legislation will be hotly contested in the next parliament as advocates of security and privacy argue over how the new legal lines must be drawn. In a sign of the scope of the existing loopholes David Cameron, the prime minister, rushed out a statement in the wake of the report saying the intelligence services commissioner, Sir Mark Waller, would be given'statutory powers of oversight of use of bulk personal datasets'. In a heavily censored section of the report, the committee said the datasets contain personal information about a wide range of people and vary in size from hundreds to millions of records. It added that there is no legal constraint on storage, restraint, retention, sharing and destruction. Surveillance agencies do not require ministerial authorisation in any way to access the information. Committee members said the information gathered in the bulk personal datasets is not necessarily gathered by the agencies, implying it may have been harvested by either commercial organisations or other government agencies for other purposes, and then handed over. The datasets vary from hundreds to millions of records and are acquired through overt and covert channels, the committee disclosed and are not derived from any specific legal power. Hazel Blears, the leading Labour committee member, was reluctant to disclose the nature of the information collected, but likened the datasets to a telephone directory and added they applied only to people in a certain category of interest to the agencies. The committee state they were'concerned that until publication of its report there had been no public or Parliamentary consideration of the related privacy consideration and safeguards'. It appears that Waller raised the issue of the bulk personal datasets, telling the committee  'it is a risk that some individuals will misuse the powers of access to private data which must be carefully guarded against'. More broadly, the committee found that existing laws are not being broken by the agencies and insisted the bulk collection of data by the government does not amount to mass surveillance or a threat to individual privacy. Blears, said:'What we’ve found is that the way in which the agencies use the capabilities they have is authorised, lawful, necessary and proportionate.'But what we’ve also found is there is a degree of confusion and lack of transparency about the way in which this is authorised in our legal system. It is that lack of transparency that leads to people reaching the conclusion that there is blanket surveillance, indiscriminate surveillance.'The report confirmed that GCHQ does have the capability for bulk interceptions but denied that represents a blanket or indiscriminate surveillance, saying the security services neither have the resources nor motive to look at more than a small fraction of the material available to it. It said GCHQ could theoretically access communications traffic from a small percentage of the 100,000 servers which make up the core infrastructure of the internet, chosen on the basis of the possible intelligence value of the traffic they carry. But in a controversial move, the committee redacted the percentage of items sent across the internet in a single day that are ever selected to be read by a GCHQ analysts, emphasising: 'They will have gone through several stages of targeting filtering and searching so they are believed to be the ones of the very highest intelligence value.'"
David Cameron to close gap in oversight of mass surveillance
Guardian, 12 March 2015

"Spies have been dismissed and disciplined for inappropriately accessing private information on citizens in recent years, the intelligence and security committee (ISC) report on privacy has found. The report reveals a small number of staff at the intelligence agencies misused their surveillance powers, but it is not specific about how the information was wrongly accessed.'Deliberate abuse of access to GCHQ’s systems would constitute gross misconduct (depending on the circumstances) – to date there has only been one case where GCHQ have dismissed a member of staff for misusing access to GCHQ’s systems,'the report states. It adds:'Each agency reported that they had disciplined – or in some cases dismissed – staff for inappropriately accessing personal information held in these datasets in recent years.'One member of the committee, Lord Butler of Brockwell, said there were only'very small single figures of abuse'of surveillance powers by intelligence agents. The report is part of an inquiry triggered by the revelations of Edward Snowden, the former US National Security Agency (NSA) contractor. Overall, the 18-month inquiry has found the existing laws are not being broken by the agencies and insists the bulk collection of data by the government does not amount to mass surveillance or a threat to individual privacy. But it also says the legal framework is unnecessarily complicated and – crucially – lacks transparency. The current laws could be construed as providing the agencies with a'blank cheque to carry out whatever actives they deem necessary', it says. The committee said it had been told by the intelligence agencies that all staff with access to'bulk personal datasets'are trained on their legal responsibilities and all searches must be justified on the basis of necessity and proportionality. Searches made by staff are also subject to audit to ensure any misuse is identified.Asked about the dismissals, committee member Hazel Blears said it was extremely rare and no one should think unauthorised spying was widespread.'We also recommend in our report that these matters should say this should be a criminal offence because we regard this as extremely serious indeed,'she said.'If you are trying to get public confidence around privacy if someone breaches the rules there ought to be absolutely severe sanctions.  'We are not in a position today to give you the detailed information. I’m not sure we would be in a position to give you that detailed information.'"
Handful of UK spies accessed private information inappropriately, ISC says
Guardian, 12 March 2015

"The legal framework surrounding surveillance is 'unnecessarily complicated' and 'lacks transparency', a Parliamentary committee says. The Intelligence and Security Committee (ISC) report also says there should be a single law to govern access to private communications by UK agencies. Its inquiry has considered the impact of such activities on people's privacy. Meanwhile, official regulators revealed a case last year when a GCHQ employee was sacked over unauthorised searches. The Interception of Communications Commissioner's Office (IOCCO) report said it was the first known instance of deliberate abuse of GCHQ's interception and communications data systems in this way. The ISC inquiry began after leaks in 2013 about surveillance by US and UK agencies. Edward Snowden, a former US intelligence contractor, who now lives in Russia after fleeing the US, gave the media details of extensive internet and phone surveillance. BBC security correspondent Gordon Corera said Mr Snowden's revelations raised concerns in some quarters that spies had accrued too much power in secret. The committee's report looked at whether current legislation provides the necessary powers, what the privacy implications are and whether there is sufficient oversight and accountability. Following its publication, Shami Chakrabarti, director of rights campaign group Liberty, said the ISC was 'a simple mouthpiece for the spooks'. Among its findings, the report said that the UK's intelligence and security agencies 'do not seek to circumvent the law' and that its activities do not equate to 'blanket surveillance' or 'indiscriminate surveillance'. Today was not quite a clean bill of health for Britain's spies. The ISC does come firmly down on the side of GCHQ in arguing that collecting data in bulk in order, but only reading small amounts of it, does not constitute mass surveillance. But on a wider issue of transparency and accountability, the committee has taken a tougher line. The legal system is deemed as lacking transparency and requiring a total overhaul. Some of the problems were evident today. The committee revealed that 'bulk datasets' are acquired, but was not able to tell people what they are. The interception commissioner will now also oversee the way in which the 1984 Telecoms Act is used to acquire data but the clear implication is that no one was overseeing this in the past. And finally for GCHQ there is the embarrassing revelation that a member of staff had to be sacked for gross misconduct in conducting unauthorised searches. It also said the Government Communications Headquarters (GCHQ) agency requires access to internet traffic through 'bulk interception' primarily in order to uncover threats by finding 'patterns and associations, in order to generate initial leads', which the report described as an 'essential first step'. 'Given the extent of targeting and filtering involved, it is evident that while GCHQ's bulk interception capability may involve large numbers of emails, it does not equate to blanket surveillance, nor does it equate to indiscriminate surveillance. 'GCHQ is not collecting or reading everyone's emails: they do not have the legal authority, the resources, or the technical capability to do so.' The ISC also said that it had established that bulk interception methods cannot be used to search for and examine the communications of an individual in the UK unless GCHQ 'first obtain a specific authorisation naming that individual, signed by a secretary of state'. Ms Chakrabarti said the ISC was 'so clueless and ineffective that it's only thanks to Edward Snowden that it had the slightest clue of the agencies' antics'.... Nigel Inkster, from the International Institute for Strategic Studies, told the BBC's Today programme that the security and intelligence agencies had 'pretty adequate' powers of surveillance, which should remain. He added: 'What we're talking about here is the bulk collection of civilian telecommunications, something which has actually been going on for decades without obvious detriment to civil liberties or human rights, in order for the intelligence agencies to identify very narrow and specific sets of information about threats.... There were 2,795 interception warrants issued to access communications content in 2014, according to the IOCCO report. Overall, the commissioner Sir Anthony May said there was relatively little change in the number of interception warrants and communications data requests from intelligence agencies and police. In June 2013 the Guardian reported that GCHQ was tapping fibre-optic cables that carry global communications and sharing vast amounts of data with the NSA, its US counterpart."
UK surveillance 'lacks transparency', ISC report says
BBC Online, 12 March 2015

"GCHQ was last night cleared of carrying out mass surveillance of the public using vast trawls of internet traffic. The Intelligence and Security Committee said the central claims made by the Guardian newspaper on the back of documents stolen by American whistle-blower Edward Snowden were wrong and it cleared the Government’s listening station of wrongdoing. After an 18-month inquiry, the committee dismissed the claims that GCHQ had ‘blanket coverage’ of web communications and was rooting indiscriminately through private messages. In reality, it said, GCHQ can access only a small part of the web and operatives see only a ‘tiny fraction’ of the messages collected after a sophisticated filtering process. The committee concluded that the only items seen by analysts were those of the ‘highest intelligence value’, and these amounted to several thousand a day. Tory MP Mark Field, a member of the committee, said: ‘The big mistake that Snowden and the Guardian made in its coverage was to equate bulk data with bulk surveillance. ‘The truth is that the filtering process means that a tiny proportion of the bulk data that is collected is ever examined. ‘That point was never really made by the Guardian, who gave the impression that with every phone call, every email and every text message, the public had a spy on their shoulder.’ Labour MP Hazel Blears said the ‘two main claims’ made off the back of the Snowden leaks were untrue and surveillance was neither blanket nor indiscriminate. ‘What we’ve found is that the way in which the agencies use the capabilities they have is authorised, lawful, necessary and proportionate."
Snowden was wrong: Claim that GCHQ snoops on ALL our internet use is dismissed by MPs' inquiry
Mail, 12 March 20155

"Every time you email someone overseas, the NSA copies and searches your message. It makes no difference if you or the person you're communicating with has done anything wrong. If the NSA believes your message could contain information relating to the foreign affairs of the United States – because of whom you're talking to, or whom you're talking about – it may hold on to it for as long as three years and sometimes much longer. A new ACLU lawsuit filed today challenges this dragnet spying, called 'upstream' surveillance, on behalf of Wikimedia and a broad coalition of educational, human rights, legal, and media organizations whose work depends on the privacy of their communications. The plaintiffs include Amnesty International USA, the National Association of Criminal Defense Lawyers, and The Nation magazine, and many other organizations whose work is critical to the functioning of our democracy. But the effect of the surveillance we're challenging goes far beyond these organizations. The surveillance affects virtually every American who uses the Internet to connect with people overseas – and many who do little more than email their friends or family or browse the web. And it should be disturbing to all of us, because free expression and intellectual inquiry will wither away if the NSA is looking over our shoulders while we're online..... Inside the United States, upstream surveillance is conducted under a controversial spying law called the FISA Amendments Act, which allows the NSA to target the communications of foreigners abroad and to intercept Americans' communications with those foreign targets. The main problem with the law is that it doesn't limit which foreigners can be targeted. The NSA's targets may include journalists, academics, government officials, tech workers, scientists, and other innocent people who are not connected even remotely with terrorism or suspected of any wrongdoing. The agency sweeps up Americans' communications with all of those targets. And, as our lawsuit explains, the NSA is exceeding even the authority granted by the FISA Amendments Act. Rather than limit itself to monitoring Americans' communications with the foreign targets, the NSA is spying on everyone, trying to find out who might be talking or reading about those targets. As a result, countless innocent people will be caught up in the NSA's massive net. For instance, a high school student in the U.S. working on a term paper might visit a foreign website to read a news story or download research materials. If those documents happen to contain an email address targeted by the NSA – like this news report does – chances are the communications will be intercepted and stored for further scrutiny. The same would be true if an overseas friend, colleague, or contact sent the student a copy of that news story in an email message. As former NSA Director Michael Hayden recently put it, '[L]et me be really clear. NSA doesn't just listen to bad people. NSA listens to interesting people. People who are communicating information.'"
The NSA Has Taken Over the Internet Backbone. We're Suing to Get it Back.
American Civil Liberties Union, 10 March 2015

"The Central Intelligence Agency played a crucial role in helping the Justice Department develop technology that scans data from thousands of U.S. cellphones at a time, part of a secret high-tech alliance between the spy agency and domestic law enforcement, according to people familiar with the work."
CIA Aided Program to Spy on U.S. Cellphones
Wall St Journal, 10 March 2015

"Researchers working with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept. The security researchers presented their latest tactics and achievements at a secret annual gathering, called the'Jamboree,'where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released. By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both'physical'and'non-invasive'techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption. The CIA declined to comment for this story. The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store. The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could'force all iOS applications to send embedded data to a listening post.'It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode. Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a'keylogger.'Other presentations at the CIA conference have focused on the products of Apple’s competitors, including Microsoft’s BitLocker encryption system, which is used widely on laptop and desktop computers running premium editions of Windows. The revelations that the CIA has waged a secret campaign to defeat the security mechanisms built into Apple’s devices come as Apple and other tech giants are loudly resisting pressure from senior U.S. and U.K. government officials to weaken the security of their products. Law enforcement agencies want the companies to maintain the government’s ability to bypass security tools built into wireless devices. Perhaps more than any other corporate leader, Apple’s CEO, Tim Cook, has taken a stand for privacy as a core value, while sharply criticizing the actions of U.S. law enforcement and intelligence agencies. Security researchers from Sandia National Laboratories presented their Apple-focused research at a secret annual CIA conference called the Trusted Computing Base Jamboree. The Apple research and the existence of the conference are detailed in documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The conference was sponsored by the CIA’s Information Operations Center, which conducts covert cyberattacks. The aim of the gathering, according to a 2012 internal NSA wiki, was to host'presentations that provide important information to developers trying to circumvent or exploit new security capabilities,'as well as to'exploit new avenues of attack.'NSA personnel also participated in the conference through the NSA’s counterpart to the CIA’s Trusted Computing Base, according to the document. The NSA did not provide comment for this story. The Jamboree was held at a Lockheed Martin facility inside an executive office park in northern Virginia. Lockheed is one of the largest defense contractors in the world; its tentacles stretch into every aspect of U.S. national security and intelligence. The company is akin to a privatized wing of the U.S. national security state — more than 80 percent of its total revenue comes from the U.S. government. Lockheed also owns Sandia Labs, which is funded by the U.S. government, whose researchers have presented Apple findings at the CIA conference.'Lockheed Martin’s role in these activities should not be surprising given its leading role in the national surveillance state,'says William Hartung, director of the Arms and Security Project at the Center for International Policy and author of Prophets of War, a book that chronicles Lockheed’s history.'It is the largest private intelligence contractor in the world, and it has worked on past surveillance programs for the Pentagon, the CIA and the NSA. If you’re looking for a candidate for Big Brother, Lockheed Martin fits the bill.'The Apple research is consistent with a much broader secret U.S. government program to analyze'secure communications products, both foreign and domestic'in order to'develop exploitation capabilities against the authentication and encryption schemes,'according to the 2013 Congressional Budget Justification. Known widely as the'Black Budget,'the top-secret CBJ was provided to The Intercept by Snowden and gives a sprawling overview of the U.S. intelligence community’s spending and architecture. The White House did not respond to a request for comment.... For years, U.S. and British intelligence agencies have consistently sought to defeat the layers of encryption and other security features used by Apple to protect the iPhone. A joint task force comprised of operatives from the NSA and Britain’s Government Communications Headquarters, formed in 2010, developed surveillance software targeting iPhones, Android devices and Nokia’s Symbian phones. The Mobile Handset Exploitation Team successfully implanted malware on iPhones as part of WARRIOR PRIDE, a GCHQ framework for secretly accessing private communications on mobile devices. That program was disclosed in Snowden documents reported on last year by The Guardian."
The CIA Campaign to Steal Apple’s Secrets
Intercept, 10 March 2015

"A complaint has been lodged with the Inspector General of Intelligence and Security claiming the GCSB has broken the law by spying on Kiwis holidaying, living and working in the Pacific. It is a direct challenge to the Prime Minister's assertion the Government Communications Security Bureau acts legally. The Green Party complaint was lodged after documents from whistleblower Edward Snowden showed there was 'full take' collection of satellite communications in the Pacific by the GCSB. This morning, former director of the GCSB Sir Bruce Ferguson told Radio New Zealand that mass surveillance was being undertaken in the Pacific, and it was 'mission impossible' to eliminate New Zealanders' data from the collection.    'It's the whole method of surveillance these days - it's mass collection. To actually individualise that is mission impossible,' he said. He said he supported Mr Key's assurances that the GCSB were not spying on New Zealanders. Sir Bruce said it wasn't happening 'willingly' or intentionally'. 'I'd back those assurances up certainly for my time, nothing illegal is happening there.' He said the data of New Zealanders collected would be 'discarded" and not used. New Zealanders had never been targeted by the GCSB without reason, he said. Following Sir Bruce's, comments, Dr Norman said Mr Key now needed to 'put up, not shut up'. 'Both the American National Security Agency (NSA) papers and Sir Bruce have confirmed there is 'full take collection' in the Pacific. John Key needs to justify how that spying squares with our law. 'I challenge John Key to point to anywhere in the law that says this kind of mass indiscriminate spying on New Zealanders and the wholesale collection of our data is legal,' Dr Norman said."
Snowden revelations / Ex-spy chief Bruce Ferguson: It's 'mission impossible' to eliminate Kiwi data
New Zealand Herald, 6 March 2015

"Glasses might be helpful for improved vision, but a new type are being tested that allow wearers to be invisible in unwanted photographs. Invisibility Glasses by AVG, a software security company, were designed in a bid to help protect people's online identities in the digital age. With the increased use of cell phone cameras in public, the glasses makes it difficult to capture a person's identity in facial recognition software, for example the kind used on Facebook. The wearable technology, which does not hide the rest of the person's body, debuted on Sunday at technology showcase Pepcom in Barcelona, according to Gizmodo. The developers of the privacy glasses, AVG Innovation Labs, said that with the advancement in facial recognition technologies like Facebook's DeepFace system, they began investigating how technology can be used when it comes to securing online privacy. DeepFace will be able to determine whether two captured faces are of the same person with 97.25 per cent accuracy. And this coupled with other advancements left developers questioning how to combat privacy. The glasses, through the use of infrared LED light and retro-reflective materials, block a clear facial capture of the wearer, developers claim."
Privacy glasses that let you go incognito in a world filled with facial recognition software
Mail, 3 March 2015

"China has dropped some of the world's leading technology brands from its approved state purchase lists, while approving thousands more locally made products, in what some say is a response to revelations of widespread Western cybersurveillance. Others put the shift down to a protectionist impulse to shield China's domestic technology industry from competition.Chief casualty is U.S. network equipment maker Cisco Systems Inc (CSCO.O), which in 2012 counted 60 products on the Central Government Procurement Center's (CGPC) list, but by late 2014 had none, a Reuters analysis of official data shows. Smartphone and PC maker Apple Inc (AAPL.O) has also been dropped over the period, along with Intel Corp's (INTC.O) security software firm McAfee and network and server software firm Citrix Systems (CTXS.O).... China's change of tack coincided with leaks by former U.S. National Security Agency (NSA) contractor Edward Snowden in mid-2013 that exposed several global surveillance program, many of them run by the NSA with the cooperation of telecom companies and European governments. "The Snowden incident, it's become a real concern, especially for top leaders," said Tu Xinquan, Associate Director of the China Institute of WTO Studies at the University of International Business and Economics in Beijing. "In some sense the American government has some responsibility for that; (China's) concerns have some legitimacy."
China drops leading technology brands for state purchases
Reuters, 25 February 2015

"Jack Straw and Sir Malcolm Rifkind are feeling sore having been caught boasting of the clout and contacts to representatives of a fake Chinese company pretending to offer them money.... Both men showed woeful judgement in talking to a purported public relations firm apparently without even cursory due diligence.... Sir Malcolm, who has been chairman of the House of Commons' intelligence and security committee for virtually the whole of this parliament, met the phoney firm without adequately checking its bona fides. This is hardly the cool scepticism one would hope for from a scrutineer of Britain's top secret intelligence."
Stung Twice
London Times, 24 February 2015, Print Edition, P 28

"The head of Greenpeace International, Kumi Naidoo, was targeted by intelligence agencies as a potential security threat ahead of a major international summit, leaked documents reveal. Information about Naidoo, a prominent human rights activist from South Africa, was requested from South African intelligence by South Korea’s National Intelligence Service (NIS) in the runup to a meeting of G20 leaders in Seoul in 2010. He was linked in the intelligence request with two other South Africans who had been swept up in an anti-terrorist raid in Pakistan but later released and returned to South Africa. Greenpeace is one of the world’s best known environmental groups, combining lobbying with high-profile direct action protests. South Korean intelligence may have been concerned about possible disruption at the summit. Told this week of the approach, Naidoo described it as outrageous. According to a document, marked confidential and written by South African intelligence, the NIS asked its South African counterpart eight months before the summit 'to indicate any possible security threat against the president of South Africa during the G20 summit to be held in South Korea from 11-12 November 2010'. The document added: 'Specific security assessments were requested on the following SA nationals: the Director of Green Peace [sic], Mr Kim Naidoo; Mr Feerzoz Abubaker Ganchi (DoB 28/01/1971); Mr Zubair Ismail (DoB 06/12/1984).' Ganchi and Ismail were held in jail in Pakistan in 2004 after being arrested by anti-terrorist police hunting al-Qaida members. The two said they had been planning a trek in Pakistan and were released, returning to South Africa. In the runup to the Seoul summit, Naidoo called for action over climate change, international poverty and gender inequality, and for global tax initiatives to back it up. He was involved in the anti-apartheid movement as a teenager and arrested several times. After a period in exile in the UK, he returned to South Africa after the release of Nelson Mandela and worked for the African National Congress. Greenpeace and other environmental groups have long been the target of extensive intelligence operations, both by governments and corporations, across the world. In 1985, the Greenpeace flagship Rainbow Warrior was sunk by French intelligence agents in Auckland, New Zealand, on its way to protest against a French nuclear test, killing a photographer. The FBI, undercover British police and corporations such as Shell and BP have targeted or used private security firms to spy on Greenpeace."
Spy cables: Greenpeace head targeted by intelligence agencies before Seoul G20
Guardian, 24 February 2015

"As a result of cash-for-access allegations, the Conservative party has suspended the whip from former foreign secretary Sir Malcolm Rifkind pending a disciplinary inquiry. However, the MP’s most important, most sensitive – and indeed most controversial – role is the chairmanship of the parliamentary intelligence and security committee (ISC). A huge question mark now hangs over a body whose burden of work is currently greater than it has ever been. ... When Rifkind was appointed chairman of the committee by David Cameron in 2010 he proposed strengthening its powers – up to a point. He conceded that its past investigations had been inadequate, and its resources too meagre. He recognised it suffered from a lack of credibility. But did he do enough to restore that credibility? The committee has found itself fielding a number of increasingly urgent questions surrounding the activities of MI5, MI6, and GCHQ, not least the revelations of the US whistleblower Edward Snowden, and that most vital of issues, the protection of personal privacy against the forces of the national security state. On these issues Rifkind was seen by his detractors as being insufficiently tough on the agencies involved. Of Tempora, the programme that saw GCHQ secretly gain access to private communications, Rifkind said: 'The reality is that the British public are well aware that its intelligence agencies have neither the time nor the remotest interest in the emails or telephone conversations of well over 99% of the population who are neither potential terrorists nor serious criminals.' He added that he was 'yet to hear of any other country' that had 'a more effective and extensive system of independent oversight than the UK and the US'. But Rifkind too often appeared to approach the security services with the attitude of a critical friend, rather than with the dogged scepticism required of a really effective committee chair."
Now Malcolm Rifkind should resign from his most important job
Guardian, 23 February 2015

"Invasive school surveillance practices are the norm in the UK and USA, and according to a University of Adelaide criminologist, such practices are becoming increasingly popular in Australian schools. Associate Professor Andrew Hope’s research into school-based surveillance in the UK, USA, Europe and Australia was published in the British Journal of Sociology of Education. Associate Professor Hope says while the school surveillance revolution is fundamentally fuelled by concerns about the safety and wellbeing of staff and students, these initiatives threaten the inherent nature of schooling. 'An estimated 1.28 million students are fingerprinted in the UK, largely for daily registration purposes; there is an excess of 106,000 closed-circuit television (CCTV) cameras installed in English, Welsh and Scottish secondary schools; while students in a USA high school use pedometers to ensure that they meet their gym class’s physical activity requirement,' says Associate Professor Hope, Head of the Department of Gender Studies and Social Analysis at the University of Adelaide. 'In most cases, school surveillance initiatives are introduced to protect students, and while the safety of children is important, we must not lose sight of their rights to privacy,' he says. 'Excessive use of surveillance devices can threaten the values of a progressive education, undermine trust, stigmatise individuals and limit the potential for student engagement.' Associate Professor Hope says surveillance in Australian schools is steadily growing, with increased safety concerns, including fear of homeland terrorism, influencing people’s attitudes to surveillance."
School Surveillance ''the norm'' in US and UK; on the rise in Australia
TechSwarm, 23 February 2015

"One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer hard drive’s firmware with malicious code. The Kaspersky researchers who uncovered this said its ability to subvert hard drive firmware—the guts of any computer—'surpasses anything else' they had ever seen. The hacking tool, believed to be a product of the NSA, is significant because subverting the firmware gives the attackers God-like control of the system in a way that is stealthy and persistent even through software updates. The module, named 'nls_933w.dll', is the first of its kind found in the wild and is used with both the EquationDrug and GrayFish spy platforms Kaspersky uncovered. It also has another capability: to create invisible storage space on the hard drive to hide data stolen from the system so the attackers can retrieve it later. This lets spies like the Equation Group bypass disk encryption by secreting documents they want to seize in areas that don’t get encrypted. Kaspersky has so far uncovered 500 victims of the Equation Group, but only five of these had the firmware-flashing module on their systems. The flasher module is likely reserved for significant systems that present special surveillance challenges. Costin Raiu, director of Kaspersky’s Global Research and Analysis Team, believes these are high-value computers that are not connected to the internet and are protected with disk encryption."
How the NSA’s Firmware Hacking Works and Why It’s So Unsettling
Wired, 22 February 2015

"British and US intelligence services can tap into mobile voice and data communications of many devices after stealing encryption keys of a major SIM card maker, according to a new report. The report, from investigative website The Intercept, said the US National Security Agency and its British counterpart GCHQ obtained encryption keys of the global SIM manufacturer Gemalto. Citing a 2010 document leaked by former NSA contractor Edward Snowden, the report said that with the encryption keys, the intelligence services can secretly monitor a large portion of global communications over mobile devices without using a warrant or wiretap. The Intercept said a covert operation led by GCHQ with support from the NSA was able to mine private communications of unwitting engineers at Gemalto, which is based in the Netherlands. The report suggests the intelligence services could have access to a wider range of communications than has been previously reported. Other documents have indicated NSA can monitor email and traditional phone communications. The NSA did not immediately respond to an AFP request for comment. A Gemalto spokeswoman said in an email to AFP that the company 'is especially vigilant against malicious hackers and of course has detected, logged and mitigated many types of attempts over the years.'  Gemalto 'at present can make no link between any of those past attempts and what was reported by The Intercept,' the statement said. 'We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated technique to try to obtain SIM card data.'"
British and US spies hacked mobile SIM card keys
Telegraph, 20 February 2015

"If privacy conscious folk aren’t already using encrypted mobile communications apps (I can personally vouch for WhatsApp or TextSecure for texts, and RedPhone or Signal for calls), they should be convinced to do so by the latest Edward Snowden revelations in The Intercept. They outline GCHQ’s 'DAPINO GAMMA' attack on the world’s biggest provider of SIM cards, Gemalto , as well as widespread targeting of telecoms industry employees the world over. With the NSA, GCHQ has effectively destroyed any remaining shred of trust people had in use of everyday telecoms services. From the slides obtained from Snowden, it’s apparent GCHQ acquired emails and other communications of targeted Gemalto employees to obtain access to the crucial encryption keys held in SIM cards, each one known as a 'Ki'. These keys encrypt calls, texts and internet usage between the mobile user and their telecoms provider. By stealing them, GCHQ could harvest communications data, as the agency is known to do, and unlock the content of the messages any time they wanted. An extensive list of telecoms companies use Gemalto’s SIMs (the little chips that act as the core of a modern mobile phone’s telecommunications functions) and their services can now also be considered compromised by intelligence agencies. These include AT&T T -0.03%, T-Mobile, Verizon and Sprint in the US.  In Europe, they include Vodafone , Orange, EE and Royal KPN. For Asia, Gemalto supplies China Unicom, Japan’s NTT and Chungwa Telecom in Taiwan. There’s this huge list of Gemalto partners who will also have cause for concern and other indications of who is affected on the firm’s website, which includes China Mobile, Banco Santander, Red Hat and government organisations in The Netherlands, Algeria and South Africa. By cracking Gemalto, GCHQ has cracked a lot of other companies too. A neat move if you’re paid by the UK government to spy on as many people on the planet as possible. The brazen hacking methods used by GCHQ on telecoms companies detailed by The Intercept is fairly startling too. Glenn Greenwald’s publication claimed that since 2010, a GCHQ unit called the Mobile Handset Exploitation Team (MHET) has been given sole responsibility for subverting all kinds of mobile comms. The Intercept said snoops accessed the email and Facebook accounts of engineers and other key targets at SIM manufacturers and telecoms businesses. These included many firms along the supply chain, including hardware manufacturers Ericsson and Nokia, mobile operators like MTN Irancell and Belgacom (another company that GCHQ allegedly hacked), and SIM card providers Bluefish and Gemalto. They used the NSA’s now-notorious X-KEYSCORE hacking tool to do this. Once they’d gained access to emails, they would mine them for terms related to the SIM keys. During their initial trials of such techniques that showed that by mining just six email addresses, they acquired 85,000 keys. In June 2010, GCHQ boasted about obtaining 300,000 keys for mobile phone users in Somalia. The number of keys it’s now sitting on must be astonishing. One NSA document claimed that in 2009, the US was already able to process up to 22 million keys per second."
GCHQ's Hacking Of Gemalto Shows The Global Telecoms Industry Is Broken
Forbes, 20 February 2015

"Smartphone users might balk at letting a random app like Candy Crush or Shazam track their every move via GPS. But researchers have found that Android phones reveal information about your location to every app on your device through a different, unlikely data leak: the phone’s power consumption. Researchers at Stanford University and Israel’s defense research group Rafael have created a technique they call PowerSpy, which they say can gather information about an Android phone’s geolocation merely by tracking its power use over time. That data, unlike GPS or Wi-Fi location tracking, is freely available to any installed app without a requirement to ask the user’s permission. That means it could represent a new method of stealthily determining a user’s movements with as much as 90 percent accuracy—though for now the method only really works when trying to differentiate between a certain number of pre-measured routes. Spies might trick a surveillance target into downloading a specific app that uses the PowerSpy technique, or less malicious app makers could use its location tracking for advertising purposes, says Yan Michalevski, one of the Stanford researchers. ... PowerSpy takes advantage of the fact that a phone’s cellular transmissions use more power to reach a given cell tower the farther it travels from that tower, or when obstacles like buildings or mountains block its signal. That correlation between battery use and variables like environmental conditions and cell tower distance is strong enough that momentary power drains like a phone conversation or the use of another power-hungry app can be filtered out, Michalevsky says. One of the machine-learning tricks the researchers used to detect that 'noise' is a focus on longer-term trends in the phone’s power use rather than those than last just a few seconds or minutes. 'A sufficiently long power measurement (several minutes) enables the learning algorithm to ‘see’ through the noise,' the researchers write. 'We show that measuring the phone’s aggregate power consumption over time completely reveals the phone’s location and movement.' Even so, PowerSpy has a major limitation: It requires that the snooper pre-measure how a phone’s power use behaves as it travels along defined routes. This means you can’t snoop on a place you or a cohort has never been, as you need to have actually walked or driven along the route your subject’s phone takes in order to draw any location conclusions. The Stanford and Israeli researchers collected power data from phones as they drove around California’s Bay Area and the Israeli city of Haifa. Then they compared their dataset with the power consumption of an LG Nexus 4 handset as it repeatedly traveled through one of those routes, using a different, unknown choice of route with each test. They found that among seven possible routes, they could identify the correct one with 90 percent accuracy."
Spies Can Track You Just by Watching Your Phone’s Power Use
Wired, 19 February 2015

"Picking faces out of a crowd is something humans are hardwired to do, but training computers to act in the same way is much more difficult. There have been various breakthroughs in this field in recent months, but the latest could be the most significant yet. Researchers from Yahoo Labs and Stanford University have developed an algorithm that can identify faces from various different angles, when part of the face is hidden and even upside down. At the moment, the so-called Deep Dense Face Detector doesn't recognise who the individual faces belong to, just that there is a face. But the technology has the potential to be trained in this way."
Facial recognition breakthrough: 'Deep Dense' software spots faces in images even if they're partially hidden or UPSIDE DOWN
Mail, 18 February 2015

"The regime under which UK intelligence agencies, including MI5 and MI6, have been monitoring conversations between lawyers and their clients for the past five years is unlawful, the British government has admitted.The admission that the activities of the security services have failed to comply fully with human rights laws in a second major area – this time highly sensitive legally privileged communications – is a severe embarrassment for the government. It follows hard on the heels of the British court ruling on 6 February declaring that the regime surrounding the sharing of mass personal intelligence data between America’s national security agency and Britain’s GCHQ was unlawful for seven years. The admission that the regime surrounding state snooping on legally privileged communications has also failed to comply with the European convention on human rights comes in advance of a legal challenge, to be heard early next month, in which the security services are alleged to have unlawfully intercepted conversations between lawyers and their clients to provide the government with an advantage in court. The case is due to be heard before the Investigatory Powers Tribunal (IPT). It is being brought by lawyers on behalf of two Libyans, Abdel-Hakim Belhaj and Sami al-Saadi, who, along with their families, were abducted in a joint MI6-CIA operation and sent back to Tripoli to be tortured by Muammar Gaddafi’s regime in 2004.... Exchanges between lawyers and their clients enjoy a special protected status under UK law. Following exposure of widespread monitoring by the US whistleblower Edward Snowden in 2013, Belhaj’s lawyers feared that their exchanges with their clients could have been compromised by GCHQ’s interception of phone conversations and emails."
UK admits unlawfully monitoring legally privileged communications
Guardian, 18 February 2015

"The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world's computers, according to cyber researchers and former operatives. That long-sought and closely guarded ability was part of a cluster of spying programs discovered by Kaspersky Lab, the Moscow-based security software maker that has exposed a series of Western cyberespionage operations. Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said.  The firm declined to publicly name the country behind the spying campaign, but said it was closely linked to Stuxnet, the NSA-led cyberweapon that was used to attack Iran's uranium enrichment facility. The NSA is the agency responsible for gathering electronic intelligence on behalf of the United States. A former NSA employee told Reuters that Kaspersky's analysis was correct, and that people still in the intelligence agency valued these spying programs as highly as Stuxnet. Another former intelligence operative confirmed that the NSA had developed the prized technique of concealing spyware in hard drives, but said he did not know which spy efforts relied on it. NSA spokeswoman Vanee Vines declined to comment. Kaspersky published the technical details of its research on Monday, which should help infected institutions detect the spying programs, some of which trace back as far as 2001. The disclosure could further hurt the NSA's surveillance abilities, already damaged by massive leaks by former contractor Edward Snowden. Snowden's revelations have hurt the United States' relations with some allies and slowed the sales of U.S. technology products abroad. The exposure of these new spying tools could lead to greater backlash against Western technology, particularly in countries such as China, which is already drafting regulations that would require most bank technology suppliers to proffer copies of their software code for inspection. Peter Swire, one of five members of U.S. President Barack Obama's Review Group on Intelligence and Communications Technology, said the Kaspersky report showed that it is essential for the country to consider the possible impact on trade and diplomatic relations before deciding to use its knowledge of software flaws for intelligence gathering. "There can be serious negative effects on other U.S. interests," Swire said."
Russian researchers expose breakthrough U.S. spying program
Reuters, 16 February 2015

"If you own a ‘smart TV’ from South Korean tech giant Samsung, every word you say can be captured by the device and beamed over the internet to Samsung and to any other companies with whom it chooses to share your data. This ability for the TV to earwig your conversations on the sofa is part of the set’s voice command feature, which enables viewers to tell the TV to change channels rather than use a remote. Such a feature is typical of many smart TVs, which are to the humble old cathode ray TV set what a jet aircraft is to a propeller plane. Crucially, smart television sets connect to the internet, from where they can download programmes and films from services such as Netflix or BBC iPlayer. And increasingly, experts are realising that if the internet can be used to bring information into your TV, it can also be used to take it out. Smart TVs also have a whole range of advanced features, of which voice recognition is one. There is no doubt that many viewers find voice recognition a welcome addition, but its darker side was revealed this week when a hawk-eyed U.S. journalist found the following sentence in Samsung’s surely misnamed ‘privacy’ policy. ‘Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of voice recognition.’ The TV itself is programmed to understand certain phrases, such as ‘turn on’, but it can also record everything else that is said in the room. The idea that your most private conversations could be shared with anyone whom the unaccountable Samsung sees fit is highly disturbing to say the least. And it’s not just television sets. It emerged yesterday that millions of Britons are being spied on by Microsoft’s voice-activated Xbox games consoles, which can listen in to everything around them. In its privacy policy, Microsoft states that it is ‘only interested in your voice commands to Xbox, which we capture along with any ambient background noise. If you give Microsoft permission, we record commands whether you are online or offline’. The company says it stores this data and, under its privacy policy, states that it can share it with ‘affiliates and vendors’. However, despite Microsoft’s assurances that the data is safe, one has only to look at how Xbox’s Live Platform servers were brought down by hackers on Christmas Day to realise that our data is far from secure. These spies in our living rooms are chillingly comparable to a passage in the novel Nineteen Eighty-Four, in which every home in George Orwell’s terrifying vision of a constantly monitored future is equipped with an all-seeing ‘telescreen’. ‘There was, of course, no way of knowing whether you were being watched at any given moment,’ wrote Orwell in the book that was published in 1949. And, just like those fictional ‘telescreens’, many smart TV sets today don’t just have ears, but they also have eyes, in the form of cameras used for facial recognition, which are designed to allow only specific people to watch the set.... The truth is there are hundreds of ways in which we consumers have permitted multinationals to invade our homes with devices that can record every word we say and every movement we make even every toss and turn when we are asleep. We are being spied on and stalked in this way because our private lives are seen as nothing more than rich sources of data that can be sucked dry by vampiric corporations desperate to empty our wallets.... if you use Google’s Gmail service, then you’ve long since signed away any privacy in your life. Have you ever noticed how the adverts that appear alongside emails seem oddly applicable to you? Of course, that is no coincidence. Google reads every email you send and receive, and then works out which goods and services you might want to buy. Try it send some emails about moving house and within minutes, the adverts will be all about mortgages and estate agents. And then there is the so-called ‘Internet of Everything’, which refers to the increasing number of household devices that are hooked up to the internet. For example, with the humble heating thermostat, many energy companies are offering customers ‘smart meters’ that enable us to control our boilers over the internet using our smartphones. This cleverly allows us to put on the heating remotely as we head home from work, for example but it also means that the companies will be able to know when we are at home or out . . . and when we go away on holiday."
It's not just smart TVs. Your home is full of gadgets that spy on you: How internet giants are collecting your personal data through their high-tech devices
Mail, 12 February 2015

"Millions of Britons are being spied on in their homes by Microsoft’s voice-activated Xbox game consoles, Apple smartphones and other hi-tech gadgets. The revelation comes after Samsung’s admission that its internet-linked smart TVs could be listening in on householders’ private conversations. Yesterday it emerged that some Microsoft and Apple gadgets, and Samsung’s smartphones, are also snooping on customers."
First your smart TV, now the Xbox could be snooping on you! Console's Kinect device is constantly listening for commands from users
Mail, 11 February 2015

"UK spies had acted illegally when they collected data on British residents' online communications that was gathered by the US National Security Agency, a British court has ruled in a landmark judgment against Britain's security services. But the judges said in the verdict on Friday that now, since details of the practices were known, they were within the law.... The groups brought the case after former US intelligence analyst Edward Snowden's disclosures about the mass harvesting of communications data. Snowden disclosed NSA programmes known as PRISM - which accessed data from Internet firms such as Yahoo and Google - and Upstream, which tapped into undersea communications cables."
UK court says spies' internet surveillance was unlawful
Al Jazeera, 7 February 2015

"It is a rare thing to bring truth to bear on the most powerful and secretive arm of the state. Never before has the Investigatory Powers Tribunal the British court tasked with reviewing complaints against the security services ruled against the government. Not once have the spooks been taken to task for overstepping the lawful boundaries of their conduct. Not a single British spy has been held accountable for mass surveillance, unlawful spying or snooping on private emails and phone calls. Until today. Privacy International has spent the past 25 years fighting back against the ever-expanding British surveillance state. Together with our allies, we’ve resisted the snooper’s charter (multiple times), mandatory ID cards and the provision of passenger name records. Yet in June 2013 we were as shocked as everyone else to learn that GCHQ, in collaboration with the NSA, had acquired the capabilities to completely control, monitor, copy, read and analyse the world’s private communications.....In July 2013, the Intelligence and Security Committee assured us that GCHQ access to NSA surveillance material, in particular through the Prism programme, was entirely lawful. Unsurprisingly, we did not find the reassurances of a body that has consistently and blindly backed the services that it is meant to scrutinise comforting. That’s why we decided to take GCHQ to court. Alongside Liberty, Amnesty International and human rights organisations from around the world, we argued that mass surveillance is not an acceptable activity of a democratic government, and that the cosy dealings between GCHQ and the NSA, conducted under a veil of secrecy that was only lifted by a whistleblower’s bravery, had to be brought within public control and scrutiny. The evidence was overwhelming and the history of human rights law was in our favour, but the tribunal which at that point had never before found that the surveillance activities of GCHQ broke the law disagreed. Mass surveillance, it found in its decision of December 2014, was legitimate under British law. GCHQ’s access to NSA mass surveillance was also acceptable, it said, given that the government had disclosed details of its relationship with the US during the course of our case. The decision was a disappointing one, and we’ll soon appeal to the European court of human rights. But it left us with a small glimmer of hope. The tribunal said that it was lawful for GCHQ and the NSA to swap and share surveillance material only because GCHQ has secret internal policies that it reluctantly disclosed in response to Privacy International’s case. Now that those secret policies are no longer secret, the court reasoned, the British public know what’s going on, and that in itself must make those activities lawful. It must follow, therefore, that before those policies were public prior to Edward Snowden’s disclosures, and our case in the IPT GCHQ was acting outside the law. Complicated reasoning aside, this finding was a genuine and rare success. The tribunal agreed, and we today have a firm statement that the intelligence services were acting completely out of bounds. It is not the judgment we would have liked that we still hope to get from the European court of human rights in Strasbourg later this year but it is a significant victory against an arm of the state that has rarely been forced to account for its wrongdoings."
Carly Nyst - Today is a great victory against GCHQ, the NSA and the surveillance state
Guardian (Comment Is Free), 6 February 2015

"GCHQ unlawfully spied on British citizens, a secretive UK court has ruled. The decision could mean GCHQ will be forced to delete the information it acquired from people that were spied on. The Investigatory Powers Tribunal (IPT), the secretive court that was created to keep Britain’s intelligence agencies in check, said that GCHQ’s access to information intercepted by the NSA breached human rights laws. The court found that the collection contravened Article 8 of the European Convention on Human Rights, which protects the right to a private and family life. It also breaches Article 6, which protects the right to a fair trial. The breaches open up the possibility of anyone who 'reasonably believes' they were spied on to ask for the information that GCHQ holds on them to be deleted. Citizens can send complaints to the IPT to find out whether they were spied on and ask for a deletion. Some of the privacy groups that brought the complaint are beginning proceedings to do so. The IPT has never ruled against any intelligence agency since it was set up in 2000. It found in December that GCHQ’s access to the data was lawful from that point onward, and it re-affirmed that decision today. That ruling is now being appealed. GCHQ pointed to that decision in its response to today's ruling, which it said it welcomed. A GCHQ spokesperson said: 'We are pleased that the Court has once again ruled that the UK’s bulk interception regime is fully lawful. It follows the Court’s clear rejection of accusations of ‘mass surveillance’ in their December judgment.' But the court said today that historical collection was unlawful because the rules governing how the UK could access information received from the NSA were kept secret. It concerned practises disclosed as part of documents disclosed by Edward Snowden, and related to information found through the NSA’s PRISM and UPSTREAM surveillance programmes. PRISM allegedly allowed the NSA access to data from companies including Google, Facebook, Microsoft and Skype. UPSTREAM allowed the NSA to intercept data through the fibre optic cables that power the internet. The ruling comes after a legal challenge brought by civil liberties groups Privacy International, Bytes for All, Amnesty International and Liberty. Some of those groups will now seek to find whether their information was collected through the programmes and ask for that information to be deleted. 'For far too long, intelligence agencies like GCHQ and NSA have acted like they are above the law,' said Eric King, deputy director of Privacy International. 'Today’s decision confirms to the public what many have said all along over the past decade, GCHQ and the NSA have been engaged in an illegal mass surveillance sharing program that has affected millions of people around the world.' But GCHQ argued that the decision was based on a technicality."
GCHQ spying on British citizens was unlawful, secret court rules in shock decision
Independent, 6 February 2015

"British intelligence officials are so alarmed at a parliamentary inquiry into their activities in Germany that they have threatened to stop sharing information if it goes ahead. According to a report in Focus magazine, British spy chiefs are worried that German politicians could reveal classified information about their joint projects, including details about code-breaking and technology. They fear a Europe-wide surveillance project that began last year, and includes British and German intelligence, could be comprised. Germany is taking the threat, said to have been made by senior British officials, seriously. Gerhard Schindler, the head of Germany's federal intelligence agency, the Bundesnachrichtendienst (BND) reportedly brief the parliamentary inquiry on the 'unusually tense relations with British partner agencies' on Wednesday evening."
Britain 'threatens to stop sharing intelligence' with Germany
Telegraph, 5 February 2015

"Back in August 2013, The Wall Street Journal introduced the world to an internal term that NSA analysts have come up with to describe the act of spying on one’s ex-partner: LOVEINT. The word is reminiscent of existing spycraft parlance like HUMINT (human intelligence) or SIGINT (signals intelligence). (LOVEINT also spawned endless Twitter jokes.) In a letter sent Monday to the attorney general, Sen. Chuck Grassley (R-Iowa) described how he initially asked the Department of Justice (DOJ) to explain what it was doing to address the 12 publicly known instances of this inappropriate use of NSA surveillance capability. However, the DOJ has stayed mum. '... One LOVEINT instance, which was described in September 2013 by the NSA’s Office of the Inspector General, involved an employee who on his first day of work in 2005, 'queried six e-mail addresses belonging to a former girlfriend, a US person, without authorization.' An internal NSA audit four days later revealed this violation. His punishment? 'A reduction in grade, 45 days restriction, 45 days of extra duty, and half pay for two months. It was recommended that the subject not be given a security clearance.'"
No one knows what happened to NSA staffers who snooped on their lovers
ArsTechnica, 3 February 2015

"Metadata help America’s intelligence agencies kill. And the BND, Germany’s foreign intelligence agency, is helping the NSA and CIA collect precisely these kinds of metadata. Not in a targeted manner, but on a massive scale. The BND scoops up several million metadata and passes them on to its American counterparts. More precisely: 220 million metadata every day. A paradigm change is taking place at the BND: Rather than investigating individual suspects, the agency is placing its bets on mass surveillance. Research conducted by ZEIT ONLINE now shows for the first time just how extensive and troubling this reorganization is. It used to be that spies would eavesdrop on people, secretly copy their letters and wiretap their phones. They wanted to know what people were saying, what they were arranging with and disclosing to others. To this day, people have continued to picture surveillance as an agent wearing earphones and listening in. But those days are over. Today’s spies are interested in completely different traces: metadata. From them, intelligence agencies can deduce who communicated with whom, when, where and for how long. Every email bears such metadata, every text message, every digital image, every WhatsApp message. Whoever can interpret them knows not only what people are telling each other, as metadata betray much more: exactly where people are, where they came from, what they are doing at that moment, even what they are planning. They uncover every hiding place and every secret contact. 'We kill people based on metadata,' former NSA and CIA head Gen. Michael Hayden said in 2014. Whoever knows the right metadata knows where the deadly drone must be dispatched.... ZEIT ONLINE has learned from secret BND documents that five agency locations are involved in gathering huge amounts of metadata. Metadata vacuumed up across the world – 220 million pieces of it every single day – flows into BND branch offices in the German towns of Schöningen, Reinhausen, Bad Aibling and Gablingen. There, they are stored for between a week and six months and sorted according to still-unknown criteria. But the data aren’t just collected; they are also used to keep tabs on and track of suspects. Exactly where the BND obtains the data remains unclear. The Bundestag committee investigating the NSA spying scandal has uncovered that the German intelligence agency intercepts communications traveling via both satellites and Internet cables. The 220 million metadata are only one part of what is amassed from these eavesdropping activities."
BND stores 220 million telephone data – every day
Zeit, 2 February 2015

"The presidential advisory board on privacy that recommended a slew of domestic surveillance reforms in the wake of the Edward Snowden revelations reported today that many of its suggestions have been agreed to 'in principle' by the Obama administration, but in practice, very little has changed. Most notably, the Privacy and Civil Liberties Oversight Board called attention to the obvious fact that one full year after it concluded that the government’s bulk collection of metadata on domestic telephone calls is illegal and unproductive, the program continues apace. 'The Administration accepted our recommendation in principle. However, it has not ended the bulk telephone records program on its own, opting instead to seek legislation to create an alternative to the existing program,' the report notes."
A Year After Reform Push, NSA Still Collects Bulk Domestic Data, Still Lacks Way to Assess Value
The Intercept, 29 January 2015

"A Senior European politician has caused outrage by calling for computers to be fitted in all European cars as part of an EU wide road pricing system. Transport Commissioner Violeta Bulc said the current system which is decided by national parliaments was'a burden on car drivers and an obstacle to their mobility'she told German newspaper ‘World on Sunday’.... her comments were slammed by UKIP transport spokesman Jill Seymour MEP, who said that the British people had'repeatedly rejected government attempts to introduce pay-by-the-mile road schemes. ''Yet look how the EU overrides the democratic decision of the British people: an unelected Slovenian bureaucrat in Brussels announces in a German newspaper interview that she wants to force all British drivers to fit computers in their cars which will count every mile they drive. 'Britain will be forced into an EU-wide scheme in which Commissioner Bulc will force all drivers to pay for using our own roads, and the money will go straight to Brussels. This would be outrageous on three counts. First, it would be the imposition of a tax on tens of millions of UK citizens without the consent or control of parliament. Second, the money raised would not go to HM Treasury but to the bureaucrats in Brussels who would then undemocratically decide how the money would be spent on their own EU road schemes. Third, the idea that every British car would be fitted with a high-tech computer tracking every trip a driver makes is an invasion of privacy which we cannot tolerate.'"
EU Plan To Install A Tracking Computer In Every Car To Tax Miles
Breibart, 29 January 2015

"The US government’s privacy board is calling out President Barack Obama for continuing to collect Americans’ phone data in bulk, a year after it urged an end to the controversial National Security Agency program. The Obama administration could cease the mass acquisition of US phone records 'at any time', the Privacy and Civil Liberties Oversight Board (PCLOB) said in an assessment it issued on Thursday. The PCLOB’s assessment comes amid uncertainty over the fate of legislation to cease that collection. An effort intended to stop it, known as the USA Freedom Act, failed in the Senate in November. While the administration said after its defeat that Obama would push for a new bill, it has yet to do so in the new Congress, and the president has thus far pledged in his State of the Union address only to update the public on how the bulk-surveillance program now works in practice."
Obama must finally end NSA phone record collection, says privacy board
Guardian, 29 January 2015

"The United States government is tracking the movement of vehicles around the country in a clandestine intelligence-gathering programme that has been condemned as a further official exercise to build a database on people’s lives. The Drug Enforcement Administration was monitoring license plates on a 'massive' scale, giving rise to 'major civil liberties concerns', the American Civil Liberties Union said on Monday night, citing DEA documents obtained under freedom of information. 'This story highlights yet another way government security agencies are seeking to quietly amplify their powers using new technologies,' Jay Stanley, a senior policy analyst with ACLU, told the Guardian."
Millions of cars tracked across US in 'massive' real-time DEA spy program
Guardian, 27 January 2015

"Europe’s top rights body has said mass surveillance practices are a fundamental threat to human rights and violate the right to privacy enshrined in European law. The parliamentary assembly of the Council of Europe says in a report that it is 'deeply concerned' by the 'far-reaching, technologically advanced systems' used by the US and UK to collect, store and analyse the data of private citizens. It describes the scale of spying by the US National Security Agency, revealed by Edward Snowden, as 'stunning'. The report also suggests that British laws that give the monitoring agency GCHQ wide-ranging powers are incompatible with the European convention on human rights. It argues that British surveillance may be at odds with article 8, the right to privacy, as well as article 10, which guarantees freedom of expression, and article 6, the right to a fair trial. 'These rights are cornerstones of democracy. Their infringement without adequate judicial control jeopardises the rule of law,' it says. There is compelling evidence that US intelligence agencies and their allies are hoovering up data 'on a massive scale', the report says. US-UK operations encompass 'numerous persons against whom there is no ground for suspicion of any wrongdoing,' it adds....There is no mention of the recent attacks in Paris by three jihadist terrorists who shot dead 17 people. All three were known to the French authorities, who had them under surveillance but discontinued eavesdropping last summer. David Cameron has argued that the Paris attacks show that British spies need further surveillance powers. The report implicitly rejects this conclusion.... The assembly sent a letter to the German, British and US authorities asking whether they colluded with each other – in other words, got round laws preventing domestic spying by getting a third party to do it for them. The Germans and British denied this; the US failed to reply. The report concludes that the UK response was probably true, given extensive British laws that already allow practically unlimited spying. The new Data Retention and Investigatory Powers Act – Drip, for short – passed in July, allows the wide-ranging collection of personal data, in particular metadata, the report says. 'There seems to be little need for circumvention any more,' it concludes."
Mass surveillance is fundamental threat to human rights, says European report
Guardian, 26 January 2015

"Three WikiLeaks journalists are facing charges of espionage and conspiracy after Google turned over their confidential data to the U.S. government, WikiLeaks announced on its site Monday morning. The whistleblower organization now wants an explanation from both Google and the Justice Department. 'The US government is claiming universal jurisdiction to apply the Espionage Act, general Conspiracy statute and the Computer Fraud and Abuse Act to journalists and publishers – a horrifying precedent for press freedoms around the world,' WikiLeaks posted on its website. WikiLeaks alleges the warrants violated the Privacy Protection ACt of 1980, 'which protects journalists and publishers from being forced to turn over to law enforcement their journalistic work product and documentary materials,' the letter from WikiLeaks attorneys read."
WikiLeaks Journalists Face Serious Charges After Google Hands Over Information
Ticklethewire, 26 January 2015

"Edward Snowden, the infamous former contractor for the National Security Agency who leaked thousands of pages of previously classified NSA intelligence documents, reportedly thinks that Apple's iPhone has 'special software' that authorities can activate remotely to be able to gather information about the user. 'Edward never uses an iPhone; he's got a simple phone,' said the lawyer of Snowden, Anatoly Kucherena, in an interview with the Russian media company RIA Novosti. 'The iPhone has special software that can activate itself without the owner having to press a button and gather information about him; that's why on security grounds he refused to have this phone,' Kucherena added. It is not clear if the 'special software' being referred to in the interview is made up of standard diagnostic tools, or if the NSA whistleblower thinks intelligence agencies from the United States have found a way to compromise the mobile operating system developed by Apple. Apple was among the first companies accused of participating in the PRISM data mining project of the NSA, following the release by Snowden of the agency's classified documents. The project reportedly involved extracting video, audio, pictures, documents, emails and connection logs from devices, allowing analysts to track the movement of the device's user and the communications that they are receiving or sending out."
Edward Snowden: Apple iPhone with Secret iFeature Allows Government to Spy on You
Tech Times, 24 January 2015

"Imagine a world where mosquito-sized robots fly around stealing samples of your DNA. Or where a department store knows from your buying habits that you’re pregnant even before your family does. That is the terrifying dystopian world portrayed by a group of Harvard professors at the World Economic Forum in Davos on Thursday, where the assembled elite heard that the notion of individual privacy is effectively dead. 'Welcome to today. We’re already in that world,' said Margo Seltzer, a professor in computer science at Harvard University. 'Privacy as we knew it in the past is no longer feasible… How we conventionally think of privacy is dead,' she added. Another Harvard researcher into genetics said it was 'inevitable' that one’s personal genetic information would enter more and more into the public sphere. Sophia Roosth said intelligence agents were already asked to collect genetic information on foreign leaders to determine things like susceptibility to disease and life expectancy. 'We are at the dawn of the age of genetic McCarthyism,' she said, referring to witch-hunts against Communists in 1950s America. What’s more, Seltzer imagined a world in which tiny robot drones flew around, the size of mosquitoes, extracting a sample of your DNA for analysis by, say, the government or an insurance firm. Invasions of privacy are 'going to become more pervasive,' she predicted. 'It’s not whether this is going to happen, it’s already happening… We live in a surveillance state today.'"
Privacy is dead and it’s never coming back, Harvard professors say
Agence France Presse, 22 January 2015

"Whistleblower Edward Snowden, who is in exile in Russia, prefers basic phones rather than smartphones such as Apple's iPhone, as he fears that smartphones may have secret spyware that enable governments to watch users without their knowledge. Snowden's lawyer said the former contractor at the US National Security Agency is not using an iPhone due to fears of snooping by the government. "Edward never uses an iPhone, he's got a simple phone," Anatoly Kucherena told Russian news agency RIA Novosti. "The iPhone has special software that can activate itself without the owner having to press a button and gather information about him, that's why on security grounds he refused to have this phone." The lawyer added that Snowden's decision not to use an iPhone stemmed from a concern for professional privacy rather than from a dislike for the device. In October, Snowden urged the internet community to shun services offered by popular firms Dropbox, Facebook and Google, on grounds that they do not have a friendly attitude towards personal privacy."
Edward Snowden prefers simple phone to iPhone due to snooping concerns
International Business Times, 21 January 2015

"British counter-terror spooks must watch everyone if they are to continue to prevent terrorist atrocities in the UK, the ex-head of MI6 has warned. In his first speech since quitting the role Sir John Sawers said it was not possible to monitor terrorists without intruding upon the lives of ordinary people. He agreed with the Prime Minister’s belief that there cannot be 'no-go areas' online where terrorists can 'ply their trades'."
Former head of MI6 claims everyone in Britain needs to be under surveillance to prevent terrorism
Mirror, 20 Janaury 2015

"The CCTV cameras are slowly being switched off in Britain's austerity hit streets and town centres as, one by one, skint local councils and police forces decide they are not worth the overheads. Before the money ran out, CCTV was the darling of crime prevention. In the 1990s, the Home Office spent three quarters of its entire crime prevention budget on CCTV cameras. Fuelled by the grainy images of Jamie Bulger being led from Bootle shopping centre by his young killers, the government spent £500 million between 1996 and 2006 on making the British population the most watched on earth. At around 4 million cameras, Britain has more CCTV than the rest of Europe put together. Banksy built his career on the haunting, iconic image of the Closed Circuit TV camera. He summed up the uneasiness some felt under the glare of street surveillance when he drew a boy in a red jacket daubing 'One Nation Under CCTV' in huge white capitals next to a CCTV camera on a wall off Oxford Street in 2008. It was soon white-washed by Westminster Council. But now local authorities across the UK, in Wales, Yorkshire, Cornwall, Birmingham, Thames Valley, Blackpool and London, are either scaling down the use of their cameras or switching them off altogether. A Freedom of Information request by Labour MP Gloria de Piero in 2013 revealed one in five councils had cut their CCTV capacity in the previous three years. CCTV is far from being the magic bullet everyone thought it would be. Studies show that, while it's excellent at catching drunken fighting and old ladies dumping cats in bins, it's not all that in terms of crime prevention and detection. One study said cameras were less effective in reducing crime than street lamps. Another report found that cameras made people more fearful of crime than when they weren't there. When they switched CCTV cameras off in Monmouth in south Wales, crime levels remained the same.... But surveillance is not going away, it's merely mutating, and being replaced by a more pernicious breed of monitoring. A report by the police and crime commissioner for Dyfed-Powys in Wales from the end of last year concluded that the region's public CCTV network was not fit for purpose. It suggested, amongst other things, the ratcheting up of CCTV in pubs and bars – as opposed to streets – by attaching the installation of cameras as a condition of granting alcohol licenses to newly established or renovated venues. Dyfed-Powys is not the first region to crank up the monitoring of Brits in their downtime. In 2013, responding to concerns about the rising number of cameras in British pubs, MP Brandon Lewis , who at the time was the government's Community Pubs Minister, which is a strange job, announced the end of 'the blanket use of surveillance in pubs'.  'This government has called time on Big Brother's secret, intrusive and costly rules that has forced pub landlords to pay to install CCTV where it was not needed,' he said. 'Well-run community pubs that don't have a public order problem shouldn't be tarred with the same brush. The public deserves to have a pint in peace in a community pub without being snooped on.' That promise appears to have been flushed down the urinal like so much lagery piss. ... When I spoke to Graeme Cushion, a partner at Poppleston Allen, one of the UK's biggest firms of licensing solicitors, he suggested that the government's advice is being roundly ignored. 'Requiring CCTV is the norm in almost all alcohol licensing applications now,' he said. 'It is becoming more common and more prescriptive, in terms of what venues have to provide and their duties to hand footage over to the police. A decade ago it used to be just clubs where CCTV cameras were a condition of an alcohol license, but now it's low-risk pubs and restaurants.' ... In the past, a pub or bar covered with CCTV cameras would be a handy code for helping drinkers suss what kind of place it was, like the signs saying 'No trainers allowed' at clubs – when you entered, you were aware there was a fair chance you could get chinned. But while having CCTV in a pub with a weekly stabbing makes sense, there is something game changing about the fact that in a decade every gulp could be recorded."
The Surveillance State Is Coming to a Pub Near You
Vice, 20 January 2015

"At least 50 U.S. law enforcement agencies have secretly equipped their officers with radar devices that allow them to effectively peer through the walls of houses to see whether anyone is inside, a practice raising new concerns about the extent of government surveillance. Those agencies, including the FBI and the U.S. Marshals Service, began deploying the radar systems more than two years ago with little notice to the courts and no public disclosure of when or how they would be used. The technology raises legal and privacy issues because the U.S. Supreme Court has said officers generally cannot use high-tech sensors to tell them about the inside of a person's house without first obtaining a search warrant. The radars work like finely tuned motion detectors, using radio waves to zero in on movements as slight as human breathing from a distance of more than 50 feet. They can detect whether anyone is inside of a house, where they are and whether they are moving."
New police radars can 'see' inside homes
USA Today, 19 January 2015

"GCHQ’s bulk surveillance of electronic communications has scooped up emails to and from journalists working for some of the US and UK’s largest media organisations, analysis of documents released by whistleblower Edward Snowden reveals. Emails from the BBC, Reuters, the Guardian, the New York Times, Le Monde, the Sun, NBC and the Washington Post were saved by GCHQ and shared on the agency’s intranet as part of a test exercise by the signals intelligence agency. The disclosure comes as the British government faces intense pressure to protect the confidential communications of reporters, MPs and lawyers from snooping. The journalists’ communications were among 70,000 emails harvested in the space of less than 10 minutes on one day in November 2008 by one of GCHQ’s numerous taps on the fibre-optic cables that make up the backbone of the internet. The communications, which were sometimes simple mass-PR emails sent to dozens of journalists but also included correspondence between reporters and editors discussing stories, were retained by GCHQ and were available to all cleared staff on the agency intranet. There is nothing to indicate whether or not the journalists were intentionally targeted. The mails appeared to have been captured and stored as the output of a then-new tool being used to strip irrelevant data out of the agency’s tapping process. New evidence from other UK intelligence documents revealed by Snowden also shows that a GCHQ information security assessment listed 'investigative journalists' as a threat in a hierarchy alongside terrorists or hackers. Senior editors and lawyers in the UK have called for the urgent introduction of a freedom of expression law amid growing concern over safeguards proposed by ministers to meet concerns over the police use of surveillance powers linked to the Regulation of Investigatory Powers Act 2000 (Ripa). More than 100 editors, including those from all the national newspapers, have signed a letter, coordinated by the Society of Editors and Press Gazette, to the UK prime minister, David Cameron, protesting at snooping on journalists’ communications. In the wake of terror attacks on the Charlie Hebdo offices and a Jewish grocer in Paris, Cameron has renewed calls for further bulk-surveillance powers, such as those which netted these journalistic communications. Ripa has been used to access journalists’ communications without a warrrant, with recent cases including police accessing the phone records of Tom Newton-Dunn, the Sun’s political editor, over the Plebgate investigation. The call records of Mail on Sunday reporters involved in the paper’s coverage of Chris Huhne’s speeding row were also accessed in this fashion. Under Ripa, neither the police nor the security services need to seek the permission of a judge to investigate any UK national’s phone records instead, they must obtain permission from an appointed staff member from the same organisation, not involved in their investigation. However, there are some suggestions in the documents that the collection of billing data by GCHQ under Ripa goes wider and that it may not be confined to specific target individuals. A top secret document discussing Ripa initially explains the fact that billing records captured under Ripa are available to any government agency is 'unclassified' provided that there is 'no mention of bulk'. The GCHQ document goes on to warn that the fact that billing records 'kept under Ripa are not limited to warranted targets' must be kept as one of the agency’s most tightly guarded secrets, at a classification known as 'Top secret strap 2'. That is two levels higher than a normal top secret classification as it refers to 'HMG [Her Majesty’s government] relationships with industry that have areas of extreme sensitivity'. Internal security advice shared among the intelligence agencies was often as preoccupied with the activities of journalists as with more conventional threats such as foreign intelligence, hackers or criminals. One restricted document intended for those in army intelligence warned that 'journalists and reporters representing all types of news media represent a potential threat to security'. It continued: 'Of specific concern are ‘investigative journalists’ who specialise in defence-related exposés either for profit or what they deem to be of the public interest. 'All classes of journalists and reporters may try either a formal approach or an informal approach, possibly with off-duty personnel, in their attempts to gain official information to which they are not entitled.' It goes on to caution 'such approaches pose a real threat', and tells staff they must be 'immediately reported' to the chain-of-command. GCHQ information security assessments, meanwhile, routinely list journalists between 'terrorism' and 'hackers' as 'influencing threat sources', with one matrix scoring journalists as having a 'capability' score of two out of five, and a 'priority' of three out of five, scoring an overall 'low' information security risk. Terrorists, listed immediately above investigative journalists on the document, were given a much higher 'capability' score of four out of five, but a lower 'priority' of two. The matrix concluded terrorists were therefore a 'moderate' information security risk."
GCHQ captured emails of journalists from top international media
Guardian, 19 January 2015

"British spooks intercepted emails from US and UK media organisations and rated ‘investigative journalists’ alongside terrorists and hackers as potential security threats, secret documents reveal. Internal advice circulated by intelligence chiefs at the Government spy centre GCHQ claims ‘journalists and reporters representing all types of news media represent a potential threat to security’. Intelligence documents leaked by the fugitive US whistleblower Edward Snowden also show that British security officers scooped up 70,000 emails in just 10 minutes during one interception exercise in 2008. Among the private exchanges were emails between journalists at the BBC, New York Times and US network NBC. The disclosure comes amid growing calls for the security services to be handed more power to monitor the internet following the Paris terror attacks. Internal security advice, shared among British intelligence agencies, scored journalists in a table of potential threats. One restricted document, which according to the Guardian was intended for those in army intelligence, warned that ‘journalists and reporters representing all types of news media represent a potential threat to security’. It continued: ‘Of specific concern are 'investigative journalists' who specialise in defence-related exposés either for profit or what they deem to be of the public interest.' The document adds: ‘All classes of journalists and reporters may try either a formal approach or an informal approach, possibly with off-duty personnel, in their attempts to gain official information to which they are not entitled.’ It warns staff that ‘such approaches pose a real threat’, adding it must be ‘immediately reported’. One table scored journalists a ‘low’ information security risk – compared to terrorists who are seen as a ‘moderate’ threat.... Emails from the BBC, the Sun and the Mail on Sunday were picked up and shared on the agency’s internal computer system - alongside memos from US media organisations. The revelation comes as the British government faces growing pressure to ensure journalists’ texts and emails are protected from snooping. Newspaper editors and lawyers have called for a new freedom of expression law."
British spooks tapped emails from UK and US media
Mail, 19 January 2015

"... the [NSA] isn't just trying to achieve mass surveillance of Internet communication, either. The digital spies of the Five Eyes alliance -- comprised of the United States, Britain, Canada, Australia and New Zealand -- want more. According to top secret documents from the archive of NSA whistleblower Edward Snowden seen exclusively by SPIEGEL, they are planning for wars of the future in which the Internet will play a critical role, with the aim of being able to use the net to paralyze computer networks and, by doing so, potentially all the infrastructure they control, including power and water supplies, factories, airports or the flow of money.  During the 20th century, scientists developed so-called ABC weapons -- atomic, biological and chemical. It took decades before their deployment could be regulated and, at least partly, outlawed. New digital weapons have now been developed for the war on the Internet. But there are almost no international conventions or supervisory authorities for these D weapons, and the only law that applies is the survival of the fittest. Canadian media theorist Marshall McLuhan foresaw these developments decades ago. In 1970, he wrote, 'World War III is a guerrilla information war with no division between military and civilian participation.' That's precisely the reality that spies are preparing for today.... From a military perspective, surveillance of the Internet is merely 'Phase 0' in the US digital war strategy. Internal NSA documents indicate that it is the prerequisite for everything that follows. They show that the aim of the surveillance is to detect vulnerabilities in enemy systems. Once 'stealthy implants' have been placed to infiltrate enemy systems, thus allowing 'permanent accesses,' then Phase Three has been achieved -- a phase headed by the word 'dominate' in the documents. This enables them to 'control/destroy critical systems & networks at will through pre-positioned accesses (laid in Phase 0).' Critical infrastructure is considered by the agency to be anything that is important in keeping a society running: energy, communications and transportation. The internal documents state that the ultimate goal is 'real time controlled escalation'. In recent years, malware has emerged that experts have attributed to the NSA and its Five Eyes alliance based on a number of indicators. They include programs like Stuxnet, used to attack the Iranian nuclear program. Or Regin, a powerful spyware trojan that created a furor in Germany after it infected the USB stick of a high-ranking staffer to Chancellor Angela Merkel. Agents also used Regin in attacks against the European Commission, the EU's executive, and Belgian telecoms company Belgacom in 2011. Given that spies can routinely break through just about any security software, virtually all Internet users are at risk of a data attack.... Intelligence agencies have adopted 'plausible deniability' as their guiding principle for Internet operations. To ensure their ability to do so, they seek to make it impossible to trace the author of the attack. It's a stunning approach with which the digital spies deliberately undermine the very foundations of the rule of law around the globe. This approach threatens to transform the Internet into a lawless zone in which superpowers and their secret services operate according to their own whims with very few ways to hold them accountable for their actions."
The Digital Arms Race: NSA Preps America for Future Battle
Der Speigel, 17 January 2015

"MI6 has been forced to reveal documents detailing how it may access legally privileged communications between solicitors and their clients, even if the lawyers are suing the government. Policy guidance handed over to the civil liberties organisation Reprieve shows how the Secret Intelligence Service (SIS) is attempting to regulate its mass surveillance practices and demonstrate compliance with the law. The revelations have emerged from a case brought by lawyers for two Libyans, Abdel-Hakim Belhaj and Sami al-Saadi, who, along with their families, were abducted in a joint MI6-CIA operation and sent back to Tripoli to be tortured by Colonel Muammar Gaddafi’s regime in 2004. Their complaint about illegal monitoring is being heard before the investigatory powers tribunal and a full trial of the issues is expected this spring. Exchanges between lawyers and their clients enjoy a special protected status under UK law. Following exposure of widespread monitoring by the US whistleblower Edward Snowden in 2013, Belhaj’s lawyers feared that their exchanges with their clients could have been compromised by GCHQ’s interception of phone conversations and emails. To demonstrate that its policies satisfy legal safeguards, MI6 has been required to disclose internal guidance on how intelligence staff should deal with material protected by legal professional privilege. The papers note: 'Undertaking interception in such circumstances would be extremely rare and would require strong justification and robust safeguards. It is essential that such intercepted material is not acquired or used for the purpose of conferring an unfair or improper advantage on SIS or HMG [Her Majesty’s government] in any such litigation, legal proceedings or criminal investigation.'... Commenting on the latest document releases, Cori Crider, a lawyer who represents Belhaj, said: 'MI6’s brand-new eavesdropping policy still has serious problems it still envisages that MI6 will snoop on private legal calls even in cases where it is being sued for torture. 'But these issues only highlight the double-decker-sized loopholes that were in place when Mr Belhaj and his wife were preparing their legal claims. This last-minute effort by MI6 to clean up their act shows Reprieve was right to fear that our private communications with torture victims, and possibly with the police in Operation Lydd [the investigation into the Libyan renditions], were compromised. 'There can be no justification for spying on our privileged calls. If spying took place, and information leaked, the government must come clean about it immediately so we can begin to set this family’s torture trial back on a fair footing.'"
MI6 forced to show how it may snoop on privileged lawyer-client exchanges
Guardian, 13 January 2015

"The home secretary, Theresa May, led demands for a new Europe-wide travel database to track the movement of all air, train and ferry passengers at an emergency meeting of EU interior ministers in Paris on Sunday. While 4 million people marched in the name of liberty across France, the EU ministers, joined by senior US ministers, agreed to step up their drive against radicalisation, particularly on the internet, and to disrupt the movement of terrorist networks. The joint statement said: 'We are further convinced of the crucial and urgent need to move toward a European passenger name record (PNR) framework, including intra-EU PNR. We are prepared to move forward, adopting a constructive approach with the European parliament.'"
Theresa May leads calls for EU-wide travel database to track all passengers
Guardian, 12 January 2015

"David Cameron appears to want to strengthen the laws that allow the security services to intercept communications so that no method or element of online communication is out of reach of the state, as long as they have a warrant personally signed by the home secretary. The security services complain that the growth of encryption of online data means there are already services available that are sold as guaranteeing privacy or are in some other way beyond the reach of the intelligence services. It could mean that a new intercept law might outlaw services such as Snapchat, by which text, photos or video are shared for up to 10 seconds before they are deleted from the company’s servers. More than 700m photos and videos are shared each day using such services. It could also mean that companies that offer encrypted email services could be banned or required to hand over their encryption keys to the security services in specified circumstances such as terrorism or paedophile cases. The prime minister also appears to want to future-proof any new measure. Traditionally the security services and the police have always had the authority to intercept and read any letter or listen in to any phone call as long as they have a warrant personally signed by the home secretary. Cameron’s comments suggest that he wants a blanket law that would cover not only existing forms of communication such as encrypted services or Snapchat-style services but also any that might develop into the future. This would amount to an extremely sweeping new power. But the details are still unclear and Cameron’s aides are reluctant to spell out in any more detail what might be involved beyond saying that it is a matter for after the general election due in May. The demand for more powers for the security services made by Andrew Parker, the head of MI5, in the immediate aftermath of the Paris attacks was not the first time a security chief has tried to put the subject on the table. Parker warned last week that the pace of technological change meant the 'dark places [on the net] from where those who wish us harm can plot or plan are increasing', and that agencies’ capability to tackle them were decreasing. Previously, the first act of Robert Hannigan when he took over as head of GCHQ in November was to launch a public attack on the US technology giants, accusing them of being ''the command-and-control networks of choice for terrorists and criminals'. The security agencies say the use of encryption for emails and chats  increasingly offered as standard by the internet companies is making it harder for them to track terrorist suspects. They are also exercised by software such as Tor, which disguises the location of the person surfing the net, sending messages or using chat. Anyone using Tor immediately becomes suspect, even though they may be doing so only because they want to ensure privacy. Neither Parker nor Hannigan explicitly mentioned the communications data bill the snooper’s charter, as it is known by its critics but everyone from Cameron downwards knows that is also on their minds. The snooper’s charter was blocked by Nick Clegg, the deputy prime minister, after a joint parliamentary committee which included a former cabinet secretary and was chaired by a Tory ex-Home Office minister concluded that its provisions were so sweeping that they amounted to 'overkill', and a better balance was needed between security and privacy. The Liberal Democrats have made clear they will block any attempt to introduce the snooper’s charter before the election. Cameron’s focus on the issue in the immediate aftermath of the Paris attack suggests he wants to turn it into a clear dividing line with the Lib Dems in the election campaign."
What new snooping powers do PM and MI5 want – and what are the concerns?
Guardian, 12 January 2015

"If you’re starting the New Year on the hunt for a new role, beware: your online habits could be giving you away to your boss. HR teams and recruiters are now using technology, such as that offered by Joberate, to track how their employees use social networks. Employees are given a baseline score, and if the technology spots signs that suggests they are looking for a new job, it flags up the changes to their bosses. Joberate describes itself as technology that ‘measures job seeking behaviours of the global workforce.’ The company tells Joberate’s system which employees it wants to track. Selected employees are then awarded a baseline score, based on their role, how long they’ve been at the firm, and which sites they regularly use, for example. This so-called social ID then plots a typical behaviour pattern on various sites such as Twitter and LinkedIn. If the employee follows a new company on Twitter, or connects with a recruiter on LinkedIn, their score increases. But this is weighted, based on their previous behaviour. For example, if a person who regularly follows company accounts likes a new business page, their score only increases by one point. Meanwhile, if a person who rarely follows companies or uses their accounts begins increasing activity, they are given eight points. Joberate uses what it calls a ‘machine learning predictive analytics engine’ to establish whether the employee is exhibiting signs of job hunting, before alerting the employee’s boss. It doesn’t reveal, categorically, that the employee is looking for a new role; instead it sends a numerical score saying how likely it is they might leave. And, as the technology learns more about a firm’s employees, the more accurate these predictions become. Joberate’s chief executive Michael Beygleman told Tom Whipple at The Times that changing a job is ‘like buying a car, or getting married…but we actually know very little about how this event appears in social media.’ He added, though, that all of the data the technology uses is from public databases, profiles or sites. It can’t view the content of personal emails, for example, or log in to social accounts."
Job hunting? Your boss may ALREADY know: Software tracks how employees use the web to spot signs they want to leave
Mail, 5 January 2015

"Android apps are spying on users far more than expected, a new study has found. The research by Vocativ shows the apps that can access user's microphones, call logs and contacts. It found one of the worst offenders was a game aimed at children. Called Happy Fish, developer HappyElements, programmed the game so that it can collect a precise location, has access to your photos and can read your text messages. It can even tell which Wi-Fi network you're using. Android users have taken to messageboards to complain about the problems. The hugely popular game Fruit Ninja asks users for permissions described as 'crazy' by users. One reviewer wrote 'I will never install this until it is clear as to why the developer needs access to all your private content.' The chart ranks the apps (top to bottom) that ask for the most permissions. AntiVirus Security, Viber and Facebook top the charts. However, more than half of the 25 apps have access to contacts, and about a third tap into text messages, call log and microphone. The key to the permissions, experts say, is ads. 'These advertisers are trying to get more targeted information about you, so they can get more targeted ads,' PrivacyGrade.org founder and Carnegie Mellon professor of computer science Jason Hong said. 'These apps access information about a user that can be highly sensitive, such as location, contact lists and call logs, yet it often is difficult for the average user to understand how that information is being used or who it might be shared with,'.."
What your Android apps know about you
Mail, 2 January 2015

   





".... if you look around and see what the world is now facing I don't think  in the last two or three hundred years we've faced such a concatenation of  problems all at the same time..... if we are to solve the issues that are ahead of us, we are going to need to think in completely different ways. "
Paddy Ashdown, High Representative for Bosnia and Herzegovina 2002 -2006

BBC Radio 4, 'Start The Week', 30 April 2007

"Individual peace is the unit of world peace. By offering Consciousness-Based Education to the coming generation, we can promote a strong foundation for a healthy, harmonious, and peaceful world.... Consciousness-Based education is not a luxury. For our children who are growing up in a stressful, often frightening, crisis-ridden world, it is a necessity."
Academy Award Winning Film Producer David Lynch (Elephant Man, Blue Velvet, etc)
David Lynch Foundation





  

NLPWESSEX, natural law publishing
nlpwessex.org