Surveillance Society News Archive 2016

2016

"Councils were given permission to carry out more than 55,000 days of covert surveillance over five years, including spying on people walking dogs, feeding pigeons and fly-tipping, the Guardian can reveal. A mass freedom of information request has found 186 local authorities – two-thirds of the 283 that responded – used the government’s Regulation of Investigatory Powers Act (Ripa) to gather evidence via secret listening devices, cameras and private detectives. Among the detailed examples provided were Midlothian council using the powers to monitor dog barking and Allerdale borough council gathering evidence about who was guilty of feeding pigeons. Wolverhampton used covert surveillance to check on the sale of dangerous toys and car clocking; Slough to aid an investigation into an illegal puppy farm; and Westminster to crack down on the selling of fireworks to children. Meanwhile, Lancaster city council used the act, in 2012, for “targeted dog fouling enforcement” in two hotspots over 11 days. A spokeswoman pointed out that the law had since changed and Ripa could only now be used if criminal activity was suspected. The permissions for tens of thousands of days were revealed in a huge freedom of information exercise, carried out by the Liberal Democrats. It found that councils then launched 2,800 separate surveillance operations lasting up to 90 days each. Critics of the spying legislation say the government said it would only be used when absolutely necessary to protect British people from extreme threats. Brian Paddick, the Lib Dem peer who represents the party on home affairs, said: “It is absurd that local authorities are using measures primarily intended for combating terrorism for issues as trivial as a dog barking or the sale of theatre tickets. Spying on the public should be a last resort not an everyday tool.” He argued that the new Investigatory Powers Act, which will take in Ripa powers alongside a raft of new measures, would restrict the ability of local authorities to monitor people’s communications. But he also said it would give “mass surveillance powers to a huge number of government bodies”. “As with any legislation, there is a significant risk that authorities will use powers in a way that parliament never intended,” added Lord Paddick, calling for proper oversight to ensure any surveillance is targeted and proportionate."
Revealed: British councils used Ripa to secretly spy on public
Guardian, 25 December 2016

"Starting this week, for some foreigners travelling to the United States, the government has added a new question about social media user information, as part of an effort to help identify potential terrorist threats. In June, the U.S. Customs and Border Protection (CBP) proposed adding an optional question to travel authorization applications. It asked applicants to volunteer their social media account identifiers, as part of the agency’s efforts to enhance its vetting of people who travel to the U.S. The Office of Management and Budget (OMB) approved the addition of the question this month, the Department of Homeland Security told CBS News. Should applicants provide the requested information about their social media accounts, CBP officers would only be able to see what’s publicly available on the accounts submitted -- applicants wouldn’t be asked to violate privacy settings or policies. After CBP proposed the new question, several civil liberties and internet groups raised objections. The Electronic Frontier Foundation (EFF) argued that there were “no standards to ensure that innocent travelers would not be misjudged and denied entry into the U.S.”... Starting this week, for some foreigners travelling to the United States, the government has added a new question about social media user information, as part of an effort to help identify potential terrorist threats. In June, the U.S. Customs and Border Protection (CBP) proposed adding an optional question to travel authorization applications. It asked applicants to volunteer their social media account identifiers, as part of the agency’s efforts to enhance its vetting of people who travel to the U.S. The Office of Management and Budget (OMB) approved the addition of the question this month, the Department of Homeland Security told CBS News. Should applicants provide the requested information about their social media accounts, CBP officers would only be able to see what’s publicly available on the accounts submitted -- applicants wouldn’t be asked to violate privacy settings or policies. After CBP proposed the new question, several civil liberties and internet groups raised objections. The Electronic Frontier Foundation (EFF) argued that there were “no standards to ensure that innocent travelers would not be misjudged and denied entry into the U.S.”"
DHS is now asking some foreign visitors about their social media
CBS, 22 December 2016

"Yahoo Inc's secret scanning of customer emails at the behest of a U.S. spy agency is part of a growing push by officials to loosen constitutional protections Americans have against arbitrary governmental searches, according to legal documents and people briefed on closed court hearings. The order on Yahoo from the secret Foreign Intelligence Surveillance Court (FISC) last year resulted from the government's drive to change decades of interpretation of the U.S. Constitution's Fourth Amendment right of people to be secure against "unreasonable searches and seizures," intelligence officials and others familiar with the strategy told Reuters. The unifying idea, they said, is to move the focus of U.S. courts away from what makes something a distinct search and toward what is "reasonable" overall. The basis of the argument for change is that people are making much more digital data available about themselves to businesses, and that data can contain clues that would lead to authorities disrupting attacks in the United States or on U.S. interests abroad. While it might technically count as a search if an automated program trawls through all the data, the thinking goes, there is no unreasonable harm unless a human being looks at the result of that search and orders more intrusive measures or an arrest, which even then could be reasonable. Civil liberties groups and some other legal experts said the attempt to expand the ability of law enforcement agencies and intelligence services to sift through vast amounts of online data, in some cases without a court order, was in conflict with the Fourth Amendment because many innocent messages are included in the initial sweep."
Yahoo email scan shows U.S. spy push to recast constitutional privacy
Reuters, 21 December 2016

"If you like your privacy, don’t fly the friendly skies with your phone connected to in-flight networks. American and British intelligence have been surveilling phone use aboard civil aircraft since at least 2005, according to a new investigation by Le Monde based on secret documents from former National Security Agency contractor Edward Snowden. Simply turning on your phone when the plane is flying above 10,000 feet will reveal your location to the NSA, according to an article from a classified internal newsletter. The spy agencies were able to extract a range of information in near real-time under a program aptly named “Thieving Magpie.” They include: * BlackBerry PINs and email addresses * Email addresses * Skype identifying data Facebook identifying data. The agencies then correlate this data with other facts, like the plane’s passenger list, the flight number, and other details in order to pinpoint a particular user. The spies can also see what you’re doing on your phone. For instance, the British intelligence agency GCHQ said it found users were using their phones to check email, use Facebook and Twitter, fire up travel apps like Google Maps and currency convertors, make calls, and weirdly, download stuff on BitTorrent. “Data usage is largely as expected, with a couple of exceptions,” the agency noted in a presentation. Spying on people on planes is handy if you want to arrest them or further surveil them when they land. The GCHQ presentation says the program can confirm that subjects are aboard particular flights in “near real-time,” allowing surveillance or arrest teams to be prepared when the plane lands. Air France appeared to be of particular interest to the spooks. Named as a possible terrorist target, the airline was the subject of a 2005 NSA memo that detailed how its flights could be tracked. The airline told Le Monde that it “knew absolutely nothing” about the surveillance.""
Government spies can see everything you’re doing with your phone on a plane
Quartz, 7 December 2016

"One can never be too wary of one’s friends, especially those who are closest. Officially, Israel and the two most powerful English-speaking intelligence services, the American NSA (National Security Agency) and its British counterpart, the GCHQ (Government Communications Headquarters) are united in a sacrosanct alliance. This unique cooperation, which is intense, given the issue of survival for Israel and its excellence in matters of espionage, and has grown considerably stronger over the past ten years. But is has a darker side to it. New documents from the archives of Edward Snowden given by the former NSA consultant to Glenn Greenwald and Laura Poitras, seen by Le Monde in collaboration with The Intercept, reveal the extent of the surveillance by the GCHQ in respect of the Israeli interests. The British have spied on Israeli diplomacy both in Jerusalem and abroad. They have also targeted private firms in the defence sector, State agencies responsible for international cooperation and university research centres known for their excellence in scientific matters. These targets appear in the form of email addresses or telephone numbers in the interception reports of the GCHQ technicians, pleased to demonstrate that they had succeeded in identifying them in the flow of satellite telephone communications between the African continent and the rest of the world. At the end of each report, ithey state that the collection of this data can now become automatic. In 2014, the Wall Street Journal showed that the NSA could both support its Israeli partner, the ISNU (Israeli Sigint National Unit or Unit 8200) and monitor the telephone calls of Prime Minister Benyamin Netanyahou. In 2013, the German daily Der Spiegel observed that in January 2009 the email addresses of the then Prime Minister, Ehud Olmert, and the Minister for Defence, Ehud Barak, had both been spied on by the GCHQ.... The surveillance of Israeli interests by the GCHQ has also extended to the MASHAV – the Israeli state agency responsible for international cooperation and development. Suspected by the British of playing a double game by supporting weak countries to consolidate the influence of Israel, this agency is established and operates all over the world. Finally, the British secret services have concentrated their attention on the work of certain advanced research centres in the top-level Hebrew University of Jerusalem They have also targeted the Racah Institute for Physics where theoretical and practical research is carried out in highly sensitive areas, in particular in nuclear physics....In its top-secret internal newsletters, the GCHQ congratulates itself on its good relations with the ISNU, the Israeli technical secret service. One can actually read that the British have spied on email addresses and telephone numbers at the request of the Israelis: ‘They thanked us on many occasions.’This does not exclude humiliations. In March 2009, the GCHQ noted: ‘Problems with Ruffle (the code name for the ISNU). Ruffle cancels work sessions at the last minute. Requests for apologies made at the highest level are not answered.’ In July 2009, on the other hand, the British observe: ‘Excellent cooperation throughout the Iranian election crisis (…). We are trying to arrange a meeting in August but there is no answer to our messages.’ Nevertheless summer 2009 witnessed for the first time the organisation of a meeting of four people, at the head office of the GCHQ ‘with the NSA, the CSEC (Communications Security Establishment Canada) and Ruffle’ for a sharing of information, in particular on Iran and the Palestinians. This sharing was not without its difficulties, because Israel is not a member of the very closed circle, the ‘Five Eyes’, which includes only the English-speaking services (United States, United Kingdom, Canada, Australia and New Zealand). At the end of August 2009, the GCHQ even observed that these meetings were ‘ a real nightmare in terms of confidentiality and logistics’. When confronted with the two contradictory faces of the GCHQ, it is not easy to define the true position of London vis-à-vis the Israeli partner. To get closer we should perhaps resort to this analysis which appears in another top secret GCHQ document in 2008: ‘The Israelis remain a real threat to the stability of the region, in particular because of the position of this country with respect to the Iranian dossier’. Contacted by Le Monde, the Israeli government did not wish to comment."
Britain has spent years spying on Israel’s leaders
Le Monde, 7 December 2016

"TalkTalk's handling of a wi-fi password breach is being criticised by several cyber-security experts. The BBC has presented the company with evidence that many of its customers' router credentials have been hacked, putting them at risk of data theft. The UK broadband provider confirmed that the sample of stolen router IDs it had been shown was real.....Hackers could not use the credentials to carry out a mass attack from afar - but they could use the IDs to identify high value targets to travel to, or they could simply drive through the streets hunting for a match. Prof Alan Woodward said once a hacker was outside a vulnerable property, they could: * snoop in the resident's data, which might be clearly visible or encrypted in ways that still allowed the original information to be easily recovered * use the internet connection to mount an onward attack. The hacker could do this to hide their own identity or to co-opt the router to join an army of other compromised equipment in later DDoS (distributed denial of service) attacks * log in to the router as the administrator and mount a "man in the middle attack", where apparently secure communications could be listened in on * substitute the router's firmware with a modified version that provided a backdoor for later access even if the device was reset."
TalkTalk's wi-fi hack advice is 'astonishing'
BBC News, 7 December 2016

"Researchers at Israel's Ben Gurion University have created a proof-of-concept exploit that allows them to turn normal headphones connected to a PC into microphones that can then be used by potential hackers to eavesdrop on conversations. According to a new paper titled, "Speake(a)r: Turn speakers to microphones for fun and profit," the security researchers explained that many current PCs and laptops are vulnerable to this particular kind of attack. The researchers designed a code dubbed "Speake(a)r" that is able to secretly reconfigure a computer's output or headphone jack to an input or microphone jack, allowing a hacker to listen in and even record someone's private conversations. "The fact that headphones, earphones and speakers are physically built like microphones and that an audio port's role in the PC can be reprogrammed from output to input creates a vulnerability that can be abused by hackers," professor Yuval Elovici, director of the BGU Cybersecurity Research Center (CSRC), said in a statement. Researchers found that the audio chipsets used in modern motherboards and sound cards include an option to alter the function of an audio port on a software level using a type of programming called "jack retasking" or "jack remapping." Researchers said that the experimental malware targets RealTek audio codec chips, which has this option, to remotely reconfigure and swap the headphone jack for a microphone jack, essentially allowing a potential hacker to turn a computer into an eavesdropping device "even when the computer doesn't have a connected microphone." RealTek's audio chipsets are currently used in a wide range of PC motherboards, researchers said.... Researchers noted that since the vulnerability currently lies in the RealTek chips, there is not much users can do to fix the issue except completely disabling the audio hardware to prevent the malware from accessing a computer's audio codec or "enforcing a strict rejacking policy" across the industry. They added that anti-malware and intrusion detection systems could also develop API monitoring to detect and block any unauthorised speaker-to-mic retasking attempts. "This is the reason people like Facebook chairman and chief executive officer Mark Zuckerberg tape up their mic and webcam," Mordechai Guri, lead researcher and head of Research and Development at the CSRC, said. "You might tape the mic, but would be unlikely to tape the headphones or speakers.""
New malware allows hackers to turn headphones into microphones to eavesdrop on your conversations
International Business Times, 24 November 2016

"The Liberal Democrat peer Lord Strasburger, one of the leading voices against the investigatory powers bill, said: “We do have to worry about a UK Donald Trump. If we do end up with one, and that is not impossible, we have created the tools for repression. If Labour had backed us up, we could have made the bill better. We have ended up with a bad bill because they were all over the place. “The real Donald Trump has access to all the data that the British spooks are gathering and we should be worried about that.” The Investigatory Powers Act legalises powers that the security agencies and police had been using for years without making this clear to either the public or parliament. In October, the investigatory powers tribunal, the only court that hears complaints against MI6, MI5 and GCHQ, ruled that they had been unlawfully collecting massive volumes of confidential personal data without proper oversight for 17 years. One of the negative aspects of the legislation is that it fails to provide adequate protection for journalists’ sources, which could discourage whistleblowing. One of the few positives in the legislation is that it sets out clearly for the first time the surveillance powers available to the intelligence services and the police. It legalises hacking by the security agencies into computers and mobile phones and allows them access to masses of stored personal data, even if the person under scrutiny is not suspected of any wrongdoing. Privacy groups are challenging the surveillance powers in the European court of human rights and elsewhere. Jim Killock, the executive director of Open Rights Group, said: “The UK now has a surveillance law that is more suited to a dictatorship than a democracy. The state has unprecedented powers to monitor and analyse UK citizens’ communications regardless of whether we are suspected of any criminal activity.” Renate Samson, the chief executive of Big Brother Watch, said: “The passing of the investigatory powers bill has fundamentally changed the face of surveillance in this country. None of us online are now guaranteed the right to communicate privately and, most importantly, securely.”"
'Extreme surveillance' becomes UK law with barely a whimper
Guardian, 19 November 2016

"France’s government last week announced the creation of a highly controversial new database that will collect and store personal information on nearly everyone living in the country who holds a French identity card or passport. The massive database, known as Secure Electronic Documents (Titres électroniques sécurisés or TES), was decreed by the government on October 30 in an effort to crack down on identity theft. The move sparked immediate outrage in the French media, with weekly magazine L’Observateur describing it as “terrifying”, and daily newspaper Libération calling it a “mega database that will do no good”. The TES will affect 60 million people and marks the first time the country has collected population data on such a scale since the start of the Nazi Occupation in 1940. The database will include all the same information included on a French identity card or passport, depending on which a person holds: The first and last names, address, eye colour, weight, marital status, a photograph and the fingerprints of nearly everyone in France (with the exception of children under the age of 12) will be compiled into a single centralised system. The information taken from passports will be stored for 15 years while identity card information will be kept for 20.... The database has sparked just as many ethical objections as it has political. Critics fear that the increased security it promises will come at the expense of individual civil liberties and privacy. “Despite the government’s denials, the database’s contents could eventually be paired, for example, with information collected from surveillance cameras,” Cheron explained. Authorities might then someday be able to cross-reference ID photos with video footage to geolocate any individual in France at any given time, in a scenario worthy of an Orwell novel. Back in 2012 Urvoas wrote a blog post entitled, “Against the honest people’s file”, in which he warned against another possible risk of creating a database like TES: hacking."
France to collect personal data of 60 million with controversial database
France 24, 4 November 2016

"One of the reforms designed to rein in the surveillance authorities of the National Security Agency has perhaps inadvertently solved a technical problem for the spy outfit and granted it potential access to much more data than before, a former top official told ABC News. Before the signing of the USA Freedom Act in June 2015, one of the NSA's most controversial programs was the mass collection of telephonic metadata from millions of Americans — the information about calls, including the telephone numbers involved, the time and the duration but not the calls' content — under a broad interpretation of the Patriot Act's Section 215. From this large "haystack," as officials have called it, NSA analysts could get approval to run queries on specific numbers purportedly linked to international terrorism investigations....The USA Freedom Act ended the NSA's bulk collection of metadata but charged the telecommunications companies with keeping the data on hand. The NSA and other U.S. government agencies now must request information about specific phone numbers or other identifying elements from the telecommunications companies after going through the Foreign Intelligence Surveillance Act (FISA) court and arguing that there is a "reasonable, articulable suspicion" that the number is associated with international terrorism. As a result, the NSA no longer has to worry about keeping up its own database and, according to Inglis, the percentage of available records has shot up from 30 percent to virtually 100. Rather than one internal, incomplete database, the NSA can now query any of several complete ones. The new system "guarantees that the NSA can have access to all of it," Inglis said. NSA general counsel Glenn Gerstell made a brief reference to the increased capacity in a post for the Lawfare blog in January after terrorist attacks at home and abroad. "Largely overlooked in the debate that has ensued in the wake of recent attacks is the fact that under the new arrangement, our national security professionals will have access to a greater volume of call records subject to query in a way that is consistent with our regard for civil liberties," he wrote. Mark Rumold, a senior staff attorney at the Electronic Frontier Foundation, told ABC News he doesn't have much of a problem with the NSA's wider access to telephone data, since now the agency has to go through a "legitimate" system with "procedural protections" before jumping into the databases. "Their ability to obtain records has broadened, but by all accounts, they're collecting a far narrower pool of data than they were initially," he said, referring to returns on specific searches. "They can use a type of legal process with a broader spectrum of providers than earlier. To me, that isn't like a strike against it. That's almost something in favor of it, because we've gone through this public process, we've had this debate, and this is where we settled on the scope of the authority we were going to give them." Rumold said he's still concerned about the NSA's ability to get information on phone numbers linked to a number in question — up to two "hops" away — but he said the USA Freedom Act "remains a step in the right direction." The trade-off of the new system, according to Inglis, is in the efficiency of the searches. Whereas in the past the NSA could instantaneously run approved searches of its database, now the agency must approach each telecommunications company to ask about a number and then wait for a response."
NSA Can Access More Phone Data Than Ever
ABC News, 20 October 2016

"While connecting to the Wi-Fi might seem like a good way to save precious data, you might want to think twice before logging on. A new system has been designed that uses Wi-Fi signals to track where you are and who you're with. The system reveals that many external applications have access to this sensitive information, which could be seen as an 'erosion of privacy'. Researchers from the Technical University of Denmark devised the new system, which they say could be used to spy on people. In their paper, the researchers, led by Piotr Sapiezynski, write: 'The idea of exploiting Wi-Fi signals for this purpose is not new. 'However, to our best knowledge, researchers have not yet tested this approach in practice, over a long period, and in a large population that interacts in various environments.' 'WiFi can be efficiently used for high-resolution mobility tracking of entire populations… and infer who people interact with, not only where they are,' they added. In their study, the system tracked 800 participants by studying which Wi-Fi networks they connected to, and when, to slowly piece together their movements. But the system goes one step further than this, to work out 'physical proximity between pairs of individuals' by looking at the Wi-Fi signals they both pick up. For example, the system can track when two users are picking up the same Wi-Fi signal which suggests that they are in the same place. The researchers suggest that the main privacy issue with the system will affect Android users. They wrote: 'A vast majority of the applications available in Google Play Store has access to Wi-Fi information, including all the scan results requested by the system as often as every 15 seconds.' But they add that this problem has been addressed in the latest version of Android."
Is YOUR phone spying on you? Technique records Wi-Fi signals used by mobiles to track ‘entire populations’
Mail, 18 October 2016

"The UK's security services, including GCHQ, MI5 and MI6, have been unlawfully collecting and using mass datasets of personal information for more than 10 years. The Investigatory Powers Tribunal has ruled in a judgement published online that the bodies had been collecting data without safeguards or supervision. The setups of 'Bulk Communications Data' (BCD) and 'Bulk Personal Datasets' by the agencies did not comply with the right to privacy (Article 8) in the European Convention on Human Rights. The two schemes "failed to comply" with the ECHR protections until they were admitted and codes of practices were put in place in 2015, the tribunal added. BCD consists of the 'where, when and what' of messages sent between individuals. BPD allow officials to collect mass datasets that could cover health, tax, and electoral information. Both types of datasets have been used as part of criminal investigations, but have been criticised by privacy advocates for being overly intrusive. The tribunal added that the massive datasets (BPD) "include considerable volumes of data about biographical details, commercial and financial activities, communications and travel". "While each of these datasets in themselves may be innocuous, intelligence value is added in the interaction between multiple datasets," the court documents state. BPD are used by GCHQ, MI5 and MI6; BCD is only obtained and used by GCHQ and MI5. The court's ruling comes as the government's Investigatory Powers Bill (IP Bill) is in the final stages of becoming law – it is currently passed through the House of Commons and is being debated by the House of Lords. The Bill has been heavily criticised by numerous committees and officials. Powers included in the IP Bill include bulk collection of data, the ability to remotely hack mobile phones and computers, and the storing of website history. The law is the first time these powers have been specifically written into law."
MI6, MI5 and GCHQ 'unlawfully collected private data for 10 years'
Wired, 17 October 2016

"Yahoo’s reported willingness to search user email to assist U.S. government investigators has revived concerns about court-approved surveillance programs that companies aren’t allowed to disclose to the people using their services. Last year, Yahoo modified an existing version of its email security program to flag the appearance of a digital “signature” the U.S. had linked to a foreign terrorist group backed by another government, according to a report published Wednesday by The New York Times. Copies of any incoming email containing the signature were stored in Yahoo’s system and made available to the FBI. The Times quoted an unnamed government official, following up an earlier Reuters story that had revealed Yahoo’s email scanning activity without specifying what kind of information the government sought. The revelations have conjured memories of a data-collection program set up by the National Security Agency and major internet companies a few years ago under other court orders issued in secret."
Reports of Yahoo-FBI cooperation raise many questions
Associated Press, 6 October 2016

"The head of MI6 has said the information revolution represents both an "existential threat and a golden opportunity". In rare public comments Alex Younger, who took over as Chief of the Secret Intelligence Service in 2014, said it had fundamentally changed the operating environment for the intelligence community. He also said the actions of Edward Snowden had undermined trust between intelligence agencies and technology companies, and been "highly problematic". Mr Younger said the focus was on recruiting officers of the "highest moral literacy". He said the intelligence agencies could be the most important "communication vector" between countries. Mr Younger appeared at a conference in the US alongside CIA Director John Brennan and their Australian and Afghan counterparts.... Every president called on the CIA to carry out covert action and that had a "paramilitary dimension," he said. But he said more information about methods used by the intelligence community should be publicly available. He said the American people had the right to know what was being done on their behalf and "blind trust is a false currency". Referring to the international nature of intelligence, he added: "We rely heavily on liaison relationships and don't see how we could do business without them." Nick Warner, Director-General of the Australian Secret Intelligence Service, said some intelligence agencies could talk more candidly to each other than to diplomats to convey sensitive messages.... Intelligence officials also warned the "internet of things" would bring new threats. Chris Inglis, former deputy director of the US National Security Agency, said people should "just say no" to having household appliances hooked up to the internet."
MI6 chief says information revolution is 'existential threat and golden opportunity'
Telegraph, 20 September 2016

More than 760,000 “items of communication” were obtained by British snoops – and others – in 2015, according to the Interception of Communications Commissioner’s Office’s (IOCCO) annual report. The report, which was published today and covers the annual year 2015, revealed for the first time an accurate scale of communications slurped by public authorities in the UK. Previous figures reported by IOCCO weren’t able to show how much surveillance was taking place in the nation as only the number of notices given to ISPs were recorded, not the amount of communications data which the notices covered. As shown in today’s 92-page publication [PDF], 761,702 items of communications data were acquired by public authorities during 2015. An item of data is a request for data on a single identifier or other descriptor. IOCCO offers the example of 30 days of incoming and outgoing call data for a mobile phone as a single item of data. 145 public authorities acquired data in 2015, and most of these requests came from the UK’s police forces and law enforcement agencies. Law enforcement officers acquired 93.7 per cent of all data requested by public authorities in 2015. Only 5.7 per cent of data was acquired by the intelligence agencies, and a mere 0.6 by public authorities such as the Financial Conduct Authority, which have the statutory ability to investigate criminal offences. 0.1 per cent of requests came from local authorities such as councils."
Brit spies and chums slurped 750k+ bits of info on you last year
The Register, 9 September 2016

"A Boston company has taken technology developed at MIT and turned it into special badges that hang around your neck on a lanyard. Each has two microphones doing real-time voice analysis, and each comes with sensors that follow where you are in the office, with motion detectors to record how much you move. The beacons tracking your movements are omitted from bathroom locations, to give you some privacy. “Within three or four years, every single ID badge is going to have these sensors,” predicted Ben Waber, chief executive of Humanyze, a Boston-based employee analytics company. “We are only scratching the surface right now.” Those concerned about their privacy might be alarmed by the arrival of such badges. But Humanyze says it doesn’t record the content of what people say, just how they say it. And the boss doesn’t get to look at individuals’ personal data. It is also up to the employee to decide whether they want to participate."
This employee ID badge monitors and listens to you at work — except in the bathroom
Washington Post, 7 September 2016

"The radical shift in the NSA's surveillance strategy to "collect it all" began in the UK, according to new revelations in the latest cache of documents leaked by Edward Snowden. During a June 2008 visit to the Menwith Hill monitoring station in North Yorkshire, then-director of the NSA Keith Alexander asked: "Why can’t we collect all the signals, all the time?" He went on: "Sounds like a good summer homework project for Menwith!" Menwith Hill Station—which formerly monitored Soviet signals and is now the NSA's largest overseas spying base—expanded greatly in the wake of Alexander's challenge, as The Intercept reports in its coverage of the new Snowden documents... The leaked documents reveal that, for years, the UK and US governments put out a "cover story" that Menwith Hill Station was used to provide "rapid radio relay and conduct communications research." In fact, its striking white domes—around 30 of them—are used to eavesdrop on communications as they are sent through the air from satellites. That method contrasts with the other NSA and GCHQ bases that monitor signals passing through the fibre-optic cables linking countries. Menwith Hill Station also draws on US spy satellites orbiting above target countries around the world. The satellites can locate and capture signals on the ground below generated by mobile phones and even Wi-Fi networks. One of the most important tools used at Menwith Hill Station was Ghosthunter, the new leaks reveal, whose primary role was "to learn and establish pattern of life for known terrorists who use Internet cafes to communicate." The focus on Internet cafes is explained by the fact that in the areas of interest—mostly in the Middle East—Internet connections are often routed via VSAT satellite systems, which makes them easier to intercept."
New Snowden leaks reveal “collect it all” surveillance was born in the UK
ArsTechnica, 7 September 2016

"Over the past decade, the documents show, the NSA has pioneered groundbreaking new spying programs at Menwith Hill to pinpoint the locations of suspected terrorists accessing the internet in remote parts of the world. The programs — with names such as GHOSTHUNTER and GHOSTWOLF — have provided support for conventional British and American military operations in Iraq and Afghanistan. But they have also aided covert missions in countries where the U.S. has not declared war. NSA employees at Menwith Hill have collaborated on a project to help “eliminate” terrorism targets in Yemen, for example, where the U.S. has waged a controversial drone bombing campaign that has resulted in dozens of civilian deaths.... Most of the world’s international phone calls, internet traffic, emails, and other communications are sent over a network of undersea cables that connect countries like giant arteries. At spy outposts across the world, the NSA and its partners tap into these cables to monitor the data flowing through them. But Menwith Hill is focused on a different kind of surveillance: eavesdropping on communications as they are being transmitted through the air. According to top-secret documents obtained by The Intercept from NSA whistleblower Edward Snowden, Menwith Hill has two main spying capabilities. The first is called FORNSAT, which uses powerful antennae contained within the golf ball-like domes to eavesdrop on communications as they are being beamed between foreign satellites. The second is called OVERHEAD, which uses U.S. government satellites orbiting above targeted countries to locate and monitor wireless communications on the ground below — such as cellphone calls and even WiFi traffic.... As of 2009, Menwith Hill’s foreign satellite surveillance mission, code-named MOONPENNY, was monitoring 163 different satellite data links. The intercepted communications were funneled into a variety of different repositories storing phone calls, text messages, emails, internet browsing histories, and other data. It is not clear precisely how many communications Menwith Hill is capable of tapping into at any one time, but the NSA’s documents indicate the number is extremely large. In a single 12-hour period in May 2011, for instance, its surveillance systems logged more than 335 million metadata records, which reveal information such as the sender and recipient of an email, or the phone numbers someone called and at what time. To keep information about Menwith Hill’s surveillance role secret, the U.S. and U.K. governments have actively misled the public for years through a “cover story” portraying the base as a facility used to provide “rapid radio relay and conduct communications research.” A classified U.S. document, dated from 2005, cautioned spy agency employees against revealing the truth. “It is important to know the established cover story for MHS [Menwith Hill Station] and to protect the fact that MHS is an intelligence collection facility,” the document stated. “Any reference to satellites being operated or any connection to intelligence gathering is strictly prohibited.”... There are some 2,200 personnel at Menwith Hill, the majority of whom are Americans. Alongside NSA employees within the complex, the U.S. National Reconnaissance Office also has a major presence at the site, running its own “ground station” from which it controls a number of spy satellites. But the British government has publicly asserted as recently as 2014 that operations at the base “have always been, and continue to be” carried out with its “knowledge and consent.” Moreover, roughly 600 of the personnel at the facility are from U.K. agencies, including employees of the NSA’s British counterpart Government Communications Headquarters, or GCHQ.... Jemima Stratford QC, a leading British human rights lawyer, told The Intercept that there were “serious questions to be asked and serious arguments to be made” about the legality of the lethal operations aided from Menwith Hill. The operations, Stratford said, could have violated the European Convention on Human Rights, an international treaty that the U.K. still remains bound to despite its recent vote to leave the European Union. Article 2 of the Convention protects the “right to life” and states that “no one shall be deprived of his life intentionally” except when it is ordered by a court as a punishment for a crime. Stratford has previously warned that if British officials have facilitated covert U.S. drone strikes outside of declared war zones, they could even be implicated in murder. In 2014, she advised members of the U.K. Parliament that because the U.S. is not at war with countries such as Yemen or Pakistan, in the context of English and international law, the individuals who are targeted by drones in these countries are not “combatants” and their killers are not entitled to “combatant immunity.”... The documents provided by Snowden shine light on some of the specific technological changes. Most notably, they show that there has been significant investment in introducing new and more sophisticated mass surveillance systems at Menwith Hill in recent years. A crucial moment came in 2008, when then-NSA Director Keith Alexander introduced a radical shift in policy. Visiting Menwith Hill in June that year, Alexander set a challenge for employees at the base. “Why can’t we collect all the signals, all the time?” he said, according to NSA documents. “Sounds like a good summer homework project for Menwith.” As a result, a new “collection posture” was introduced at the base, the aim being to “collect it all, process it all, exploit it all.” In other words, it would vacuum up as many communications within its reach as technologically possible.... Fabian Hamilton, a member of Parliament based in the nearby city of Leeds, has become a supporter of the campaign’s work, occasionally attending events organized by the group and advocating for more transparency at Menwith Hill. Hamilton, who represents the Labour Party, has doggedly attempted to find out basic information about the base, asking the government at least 40 parliamentary questions since 2010 about its activities. He has sought clarification on a variety of issues, such as how many U.S. personnel are stationed at the site, whether it is involved in conducting drone strikes, and whether members of a British parliamentary oversight committee have been given full access to review its operations. But his efforts have been repeatedly stonewalled, with British government officials refusing to provide any details on the grounds of national security.... Hamilton told The Intercept that he found the secrecy shrouding Menwith Hill to be “offensive.” The revelations about the role it has played in U.S. killing and capture operations, he said, showed there needed to be a full review of its operations. “Any nation-state that uses military means to attack any target, whether it is a terrorist, whether it is legitimate or not, has to be accountable to its electorate for what it does,” Hamilton said. “That’s the basis of our Parliament, it’s the basis of our whole democratic system. How can we say that Menwith can carry out operations of which there is absolutely no accountability to the public? I don’t buy this idea that you say the word ‘security’ and nobody can know anything. We need to know what is being done in our name.”"
Inside Menwith Hill
The Intercept, 6 September 2016

"Beyond human identification and general gesture recognition, Wi-Fi signals can be used to discern even the slightest of movements with extreme precision. A system called “WiKey” presented at a conference last year could tell what keys a user was pressing on a keyboard by monitoring minute finger movements. Once trained, WiKey could recognize a sentence as it was typed with 93.5 percent accuracy—all using nothing but a commercially available router and some custom code created by the researchers. And a group of researchers led by a Berkeley Ph.D. student presented technology at a 2014 conference that could “hear” what people were saying by analyzing the distortions and reflections in Wi-Fi signals created by their moving mouths. The system could determine which words from a list of lip-readable vocabulary were being said with 91 percent accuracy when one person was speaking, and 74 percent accuracy when three people were speaking at the same time. Many researchers presented their Wi-Fi sensing technology as a way to preserve privacy while still capturing important data. Instead of using cameras to monitor a space—recording and preserving everything that happens in detail—a router-based system could detect movements or actions without intruding too much, they said. I asked the lead researcher behind WiKey, Kamran Ali, whether his technology could be used to secretly steal sensitive data. Ali said the system only works in controlled environments, and with rigorous training. “So, it is not a big privacy concern for now, no worries there,” wrote Ali, a Ph.D. student at Michigan State University, in an email. But as Wi-Fi “vision” evolves, it may become more adaptable and need less training. And if a hacker is able to gain access to a router and install a WiKey-like software package—or trick a user into connecting to a malicious router—he or she can try to eavesdrop on what’s being typed nearby without the user ever knowing."
All the Ways Your Wi-Fi Router Can Spy on You
The Atlantic, 24 August 2016

"Interception of Canadians’ private communications by the federal electronic spy agency increased 26-fold last year, for reasons authorities won’t fully explain. And despite commitments between Canada and its intelligence-sharing allies to respect the privacy of each nation’s citizens, the volume of information on Canadians collected by allied intelligence agencies and informally shared with Canada’s spies has grown to the point that it now requires a formal mechanism to cope with all the data. At least one intelligence expert is concerned the change sidesteps the spirit of Canadian privacy laws. Details are contained in the latest annual report by the independent, external oversight organization that reviews activities of the Canadian Security Establishment (CSE), Ottawa’s super-secret foreign signals intelligence agency. Quietly tabled in Parliament July 20, the report concludes CSE’s 2015-16 activities were lawful. But the watchdog Office of the Commissioner of the Communications Security Establishment notes CSE intercepted 342 private communications in 2014-15, compared to just 13 for the previous year. By law, CSE can only target communications of foreign entities outside Canada. If one end of that communication is in Canada, making it a “private communication,” it requires a written authorization from the minister of national defence, responsible for the CSE, and only if it is essential for “international affairs, defence or security.”"
Federal spies suddenly intercepting 26 times more Canadian phone calls and communications
National Post, 24 August 2016

"In a revelation that shows how the National Security Agency was able to systematically spy on many Cisco Systems customers for the better part of a decade, researchers have uncovered an attack that remotely extracts decryption keys from the company's now-decommissioned line of PIX firewalls. The discovery is significant because the attack code, dubbed BenignCertain, worked on PIX versions Cisco released in 2002 and supported through 2009. Even after Cisco stopped providing PIX bug fixes in July 2009, the company continued offering limited service and support for the product for an additional four years. Unless PIX customers took special precautions, virtually all of them were vulnerable to attacks that surreptitiously eavesdropped on their VPN traffic. Beyond allowing attackers to snoop on encrypted VPN traffic, the key extraction also makes it possible to gain full access to a vulnerable network by posing as a remote user."
How the NSA snooped on encrypted Internet traffic for a decade
ArsTechnica, 18 August 2016

"More than 16 million images of people who may have committed no crime have been added to a national police gallery which uses sophisticated facial recognition software, it has emerged. And the number added to the gallery has continued to grow despite privacy warnings from the courts, a House of Commons Select Committee and a police watchdog. But the Home Office is sitting on the conclusions of an inquiry into police use of personal images, even though it received the findings at least seven months ago - when Theresa May, now Prime Minister, was Home Secretary. Midlands MP Tom Watson, who is also Labour’s deputy leader, said: “The fact police have assembled a photographic database of many millions of people, the overwhelming majority of whom have never and will never commit a crime, should alarm us all.”"
Pictures of millions of people who haven't committed a crime added to police facial recognition database
Coventry Telegraph, 17 August 2017

"In his e-mails, Ceglia, 43, said he was forced to flee due to a “very credible” threat that he would be arrested on new charges, jailed and killed before trial. The reason he was marked for death, he said, was fear that the trial would expose the involvement of the Central Intelligence Agency’s venture-capital arm, In-Q-Tel, in Facebook."
Facebook Fugitive ‘Alive and Well and Living on the Air’
Bloomberg, 16 August 2016

"The BBC is to spy on internet users in their homes by deploying a new generation of Wi-Fi detection vans to identify those illicitly watching its programmes online. The Telegraph can disclose that from next month, the BBC vans will fan out across the country capturing information from private Wi-Fi networks in homes to “sniff out” those who have not paid the licence fee. The corporation has been given legal dispensation to use the new technology, which is typically only available to crime-fighting agencies, to enforce the new requirement that people watching BBC programmes via the iPlayer must have a TV licence.... electrical engineering experts said that the most likely explanation for how the BBC would carry out its surveillance was a technique known as “packet sniffing”, which involves watching traffic passing over a wireless internet network without hacking into the connection or breaking its encryption. Researchers at University College London disclosed that they had used a laptop running freely available software to identify Skype internet phone calls passing over encrypted Wi-Fi, without needing to crack the network password. Dr Miguel Rio, a computer network expert who helped to oversee the doctoral thesis, said that licence-fee inspectors could sit outside a property and view encrypted “packets” of data – such as their size and the frequency with which they are emitted over the network – travelling over a home Wi-Fi network. This would allow them to establish if devices at homes without television licences were indeed accessing BBC programmes online. Dr Rio said: “They actually don’t need to decrypt traffic, because they can already see the packets. They have control over the iPlayer, so they could ensure that it sends packets at a specific size, and match them up. They could also use directional antennae to ensure they are viewing the Wi-Fi operating within your property.” Privacy campaigners described the developments as “creepy and worrying”. A spokesman for Privacy International, the human rights watchdog, said: “While TV Licensing have long been able to examine the electromagnetic spectrum to watch for and investigate incorrect usage of their services, the revelation that they are potentially developing technology to monitor home Wi-Fi networks is startlingly invasive.”"
BBC to deploy detection vans to snoop on internet users
Telegraph, 6 August 2016

"Your computer, phone and even printer could be spying on you. Experts have warned everyday machines such as these may be used to bug any kind of building remotely. A new king of malware uses circuits found on most devices and radio frequency waves to turn them into listening devices, without the hackers even accessing the machines. The malware, named 'Funtenna' by lead researcher Ang Cui from Red Balloon Security, would be hard to detect because no traffic logs would catch data leaving the premises.... Funtenna exploits radio frequencies, or RF signals, to turn office equipment into bugging devices. It uses 'all the common pieces of hardware that you find in basically every embedded device,' Mr Cui told Motherboard in a YouTube video. It forces the hardware to transmit a signal that sends data to the hacker. By uploading the malware to a device, the hackers can vibrate the prongs on general-purpose input/output circuits, that are found on most embedded devices, at a frequency of their choice. These vibrations can be picked up by a radio antenna. Because the devices themselves are acting as transmitters, the technique bypasses all conventional network security.... Or it can be used to make a phone transmit the incoming data - by switching the input pin in an office phone to go to output to make the phone think it was off the hook when it is not. One of the most dangerous parts of this is that it was done through software, Mr Cui says, 'so nobody had to sneak into this room to tamper with the phone, it was all just software through the network.' In the example Mr Cui demonstrated in the video, the software was delivered to the phone through a printer. The researchers sent a document, in the form of a CV, to the printer, which was connected to the same network as the phone. 'The resume rewrites the firmware on the printer to do whatever we want,' Mr Cui said. 'What we want to do is find all the phones.' The printer was used to turn all the vulnerable phones into listening devices. The same could be used on printers to cause them to vibrate, transmitting the data as Morse code, that can be picked up by radio antennae. Mr Cui first showed the system in action at the annual security conference Black Hat last year in Las Vegas. An expert at the conferene called the malware 'hardware agnostic' and able to operate with almost all modern computer systems and embedded devices. The tool's development over the past three years is another illustration that a broadening array of devices can be manipulated in unpredictable ways and that attackers increase their advantage over defenders as gadgets grow more complex."
Hackers can remotely bug almost ANY machine: Malware hijacks office equipment to create spying devices
Mail, 1 August 2016

"From unlocking your smartphone, to scanning your fingerprint at the airport, your physical attributes - or 'biometrics' - are regularly used to verify your identity. But experts warn that using your unique features to confirm your identity could leave you susceptible to being hacked. And unlike a password, which you can easily change, your biometrics cannot be altered. A huge range of companies use biometrics, from HSBC, who allow you to access your bank account just using a fingerprint, to RightPatient, which allows medical facilities to retrieve a patient’s electronic health record with one biometric scan. According to Marc Goodman, an advisor to Interpol and the FBI, by 2019, biometrics could be a $25 billion (£19 billion) industry with 500 million scanners. With password logins, you must remember long sequences of numbers and letters, whereas biometrics are much more convenient. A recent survey showed that 80 per cent of consumers prefer using biometric authentication to traditional passwords. Additionally, 52 per cent of consumers said they would choose any other option over traditional passwords. However, the main problem with using biometrics is the fact that if you are hacked, you cannot replace them. Speaking to NBC News, Mr Goodman said: 'You can always get a new credit card. You can always create a new password. [It's] really hard to get new fingers. You only have ten of them and once that information leaks, it's out and there's nothing you can do.' While most companies that use biometrics say they will encrypt their data in the aim of safeguarding biometrics, there have already been cases of large-scale hacks. For example, in December 2014, 22 million people had their personal data stolen from the Office of Personnel Management, including personal information, and fingerprints. Ms Rebecca Balebako, who had her data stolen during the hack, told NBC News: 'That information is going to remain stolen, and I'm not going to change my fingerprints. 'I also don't know what they're going to do with information about my children or about my husband or about his family. Ms Balebako herself works in the security industry, but added: 'I'm a privacy researcher and I don't know what to do. I can't see there's much I can do to protect myself.'"
Could YOUR identity be stolen?
Mail, 25 July 2016

"Police forces across the UK have been responsible for “at least 2,315 data breaches” over the last five years, according to research by Big Brother Watch, prompting concerns about the increasing amount of data they're holding. Titled Safe in Police Hands? the 138-page report is released today after months of requests made by the campaign group under the Freedom of Information Act, covering police forces' breaches of the Data Protection Act from June 2011 to December 2015. According to Big Brother Watch, the results “show officers misusing their access to information for financial gain and passing sensitive information to members of organised crime groups”. Over the last five years, more than 800 members of staff at police forces “accessed personal information without a policing purpose” and information was “inappropriately shared with third parties more than 800 times”.... “With the potential introduction of Internet Connection Records (ICRs) as outlined in the Investigatory Powers Bill, the police will be able to access data which will offer the deepest insight possible into the personal lives of all UK citizens,” the group reported, adding that any breach of this information would be “over and above” what was included in the report. Of the 2,315 breaches that Big Brother Watch was informed of, more than 55 per cent (1,283) resulted in no formal disciplinary action being taken, while in 11 per cent (258) of cases those responsible received either a written or verbal warning. In 13 per cent of cases (297) the individuals involved either resigned or were dismissed, while only 3 per cent (70) of breaches resulted in either a criminal conviction or caution."
5 years, 2,300 data breaches. What'll police do with our Internet Connection Records?
The Register, 5 July 2016

"New Jersey public transit was forced to remove the bugs it had installed on its light rail system after a public outcry, but Baltimore's buses and subways remain resolutely under audio surveillance, while in Oakland, the cops hid mics around bus-shelters near the courthouses to capture audio of defendants and their lawyers discussing their cases. The argument for these things goes, "No one is listening to them unless a crime is committed, and then they're of forensic value -- besides, you're in a public place, where you have no expectation of privacy." We've seen that warehoused surveillance data is intrinsically leaky (anything you collect will probably leak, anything you retain will definitely leak); we've also seen that making the haystacks bigger doesn't make it easier to find the needles hidden in them. Then there's the chilling effect of knowing that you're under surveillance: it's the cornerstone of the Chinese internet control model, which holds that the easiest way to manage dissent and prevent the transmission of politically unpopular views is to simply let everyone know that everything they say is on the record."
Hidden "anti-crime" mics are proliferating on US public transit, recording riders' conversations
Boing Boing, 4 July 2016

"Secret FBI rules allow agents to obtain journalists’ phone records with approval from two internal officials — far less oversight than under normal judicial procedures. The classified rules, obtained by The Intercept and dating from 2013, govern the FBI’s use of national security letters, which allow the bureau to obtain information about journalists’ calls without going to a judge or informing the news organization being targeted. They have previously been released only in heavily redacted form. Media advocates said the documents show that the FBI imposes few constraints on itself when it bypasses the requirement to go to court and obtain subpoenas or search warrants before accessing journalists’ information. The rules stipulate that obtaining a journalist’s records with a national security letter (or NSL) requires the signoff of the FBI’s general counsel and the executive assistant director of the bureau’s National Security Branch, in addition to the regular chain of approval. Generally speaking, there are a variety of FBI officials, including the agents in charge of field offices, who can sign off that an NSL is “relevant” to a national security investigation."
Secret Rules Make It Pretty Easy for the FBI to Spy on Journalists
The Intercept, 30 June 2016

"The security services are to receive a licence for hacking into the phones and laptops of a “major town” under the snooper’s charter legislation, which reaches the House of Lords next week.The broad nature of the hacking powers to be handed to GCHQ are disclosed in an obscure case study in a background Home Office document setting out the operational case for their use. This shows that all the phones and laptops in a “major town” could be hacked into, as long as the town were overseas and the action were necessary for national security purposes. The example used in the case study is identifying the phones and laptops being used by a terrorist group planning an attack on Western tourists in a major town. The home secretary, Theresa May, has asked the official terror law watchdog, David Anderson QC, to conduct a speedy review this summer of whether such “bulk powers” are needed by the security services, and whether the information cannot be gained by less intrusive means. The disclosure comes as the Liberal Democrats, who have 108 peers, say they intend to mount a strong challenge to the powers contained in the investigatory powers bill – as the snooper’s charter is officially known – when it reaches the House of Lords on Monday."
Snooper's charter: GCHQ will be licensed 'to hack a major town'
Guardian, 21 June 2016

"The Liberal Democrats are planning to meet the Investigatory Powers Bill with strong resistance in the House of Lords, a list of key issues shared with The Register reveals. The bill, which will bolster state surveillance in the United Kingdom, remains especially unpopular amongst IT-literate members of the public, who are particularly aware of its potential to undermine security standards and civil liberties. Encouraged by the Labour party's comments, many expected this would provoke stronger opposition from their elected representatives when it was debated in the House of Commons. Eventually it passed through that chamber by 444 votes to 69 on 7 June. All eight Liberal Democrat MPs voted against the Snooper's Charter. There are, however, 108 Lib Dem peers in the House of Lords, who, along with 173 crossbenchers and 210 Labour peers, the party is ready to campaign to demand heavy concessions from the 244 government peers. Speaking to The Register, Brian Paddick, a Liberal Democrat peer and former Deputy Assistant Commissioner of the Metropolitan Police said: “The experience with legislation is that is goes through the House of Commons very quickly and is only considered in detail in the House of Lords,” noting the Lords' 150 amendments to the Modern Slavery Act 2015 as an example of the upper chamber's capability to improve legislation. There will be no immediate fireworks when the bill receives its second reading in the Lords on 27 June. As the first Monday after the EU referendum, which is likely to hold the public and media's focus, the second reading will be an especially “vague and general canter over the bill as a whole,” Paddick told us. “People don't normally speak for over ten minutes, and a bill of this size and magnitude is hard to cover in 10 minutes,” he added, “so it will be a means of giving an indication to other peers of what our concerns will be.” “We're keeping our powder dry for the committee stage,” Paddick added. This will take place two weeks after the second reading, and will consist of six days during which the Lords will consider the bill line by line. “People are being hoodwinked by the government over issues like Internet Connection Records (ICRs),” he told us, explaining that “the argument is, and Dominic Grieve – who chairs the Intelligence and Security Committee – said at a public meeting this week that ICRs were 'necessary for national security', but MI5 and MI6 have said they don't need them, only law enforcement does, so one has to question whether they are needed on national security grounds.” The party believes that ICRs “are disproportionate and misguided,” its Lords briefing document states. “Despite amounting to “the collection of everyone in the United Kingdom’s web histories for 12 months by individual Communication Service Providers (CSPs)” the “significance of this data has been underplayed by government who have repeatedly tried to paint it as the equivalent of telephony records.” “[Y]our web history reveals far more” than telephony records “and would be more akin to having a CCTV camera installed in your bedroom or a police officer following your every move,” opined the briefing document.... “I was Deputy Assistant Commissioner for the Metropolitan Police Service, I was the police spokesperson when the 7th July 2005 bombings happened, and I know at first hand what impact terrorism and serious crime can have on individuals,” said Paddick. He concluded: “I am not approaching this from a one-sided idealistic libertarian standpoint, but this bill goes too far in trying to improve our security by disproportionately undermining our right to privacy.”"
Snoopers' Charter 'goes too far' says retired Met assistant commish
The Register, 20 June 2016

"Hardware security export Damien Zammit revealed some startling revelations in a recent SoftPedia about the secret backdoor built in to new Intel CPUs that no one can touch or disable. The backdoor, called the Intel Management Engine (ME) is works as a secret subsystem inside your computer’s CPU and runs constantly even when your computer is not turned on. It works but setting up a TCP/IP server and since the subsystem has complete uncontrolled access to your computer’s hardware, including the network card and memory, it works without the knowledge of your computers operating system and can not be disabled by the OS or by your computer’s firewall. No one outside of Intel has seen the ME source code and security experts are warning the built-in backdoor has the potential to explode into the worst root kit ever with every modern Intel based CPU becoming compromised. Intel asserts it is secure from hackers and such attacks because it is protected by 2048 bit RSA encryption which theoretically thought to be uncrackable during the lifespan of everyone living on earth today."
New Intel CPUs Have NSA Exploitable Secret Hidden Backdoor
HNN, 18 June 2016

"A new UK startup will “take a deep dive” into the intimate details of people’s private lives by essentially strip-mining data from their social media profiles — and then sell what’s unearthed to just about anybody willing to pay. Score Assured, as the umbrella company, will offer a suite of services to those desiring a more personal insight into applicants’ lives across a number of different sectors. Tenant Assured, for instance — marketed to landlords — is already up and running. The next program to go live, Recruit Assured, will target employers.... many immediately spurned the idea when the story was first reported on by the Washington Post, and it’s not difficult to grasp why. Even setting aside the blatant violations of an individual’s basic right to privacy, some are finding fault with the indiscriminate methods these programs use to collate data. For proprietors enrolled in Tenant Assured, for instance, would-be renters are required — assuming they first consent — to hand unfettered social media access over to potential landlords in the name of transparency with regard to economic status. The program then dissects applicants’ online social media activity — including conversation threads and even private messaging — using language processing software and other analytics. The frequency of keywords like “poor” and “staying in” and “no money” in online posts is noted, after which the Tenant Assured program sends landlords a “financial stress level” report — a purported measure of how likely would-be tenants will be able to pay their rent."
Startup lets landlords scan tenants' Facebook to check if they can pay rent
The Verge, 10 June 2016

"New documents from the Snowden trove reveal MI5 admitting that it was collecting "significantly more than it is able to exploit fully." The 2010 report, published by The Intercept, describes MI5 as the "principal collector and exploiter of target's digital footprint in the domestic space," and noted that its efforts had "grown significantly over the last few years." A second secret report released today by The Intercept confirms the fact that the UK's intelligence agencies were drowning in data: "There is an imbalance between collection and exploitation capabilities, resulting in a failure to make effective use of some of the intelligence collected today," the report noted. "With the exception of the highest priority investigations, a lack of staff and tools means that investigators are presented with raw and unfiltered DIGINT [digital intelligence] data. Frequently, this material is not fully assessed because of the significant time required to review it." Although those reports referred to the situation in 2010, the problems seem to have continued afterwards. As Ars wrote last year, too much data and stretched resources are common problems for European security services. A UK government investigation into the murder of Lee Rigby revealed that his attackers were known to MI5, but that it had not been possible to follow the leads because "MI5 has limited resources, and must continuously prioritise its investigations in order to allocate those resources."... Other new Snowden documents reveal the "MILKWHITE" programme, which GCHQ used to gather information about people’s use of smartphone apps like WhatsApp and Viber, instant messenger services such as Jabber, and social networking websites, including Facebook, MySpace, and LinkedIn.... According to the Intercept: "GCHQ made some of its huge troves of metadata about people’s online activities accessible to MI5, London’s Metropolitan Police, the tax agency Her Majesty’s Revenue and Customs, the Serious Organised Crime Agency (now merged into the National Crime Agency), the Police Service of Northern Ireland, and an obscure Scotland-based surveillance unit called the Scottish Recording Centre." A similarly-wide use of highly-revealing metadata is also an important aspect of the Snooper's Charter. This new information that MI5 has been struggling to master the flow of data is particularly relevant in the light of the current passage of the Investigatory Powers Bill through UK parliament. One of the key features of the proposed legislation is that ISPs can be required to store information about everyone's Internet activities for a year (so-called Internet connection records, ICRs). This will inevitably lead to even more data that needs to be processed, making it more likely that important leads will be missed amidst the data cacophony."
MI5 collecting “significantly more” data than it can use, new Snowden docs reveal
Arstechnica, 7 June 2016

"Edward Snowden, a fugitive and former U.S. National Security Agency contractor who leaked information from the agency in 2013, warned Saturday that all people in Japan are subjected to mass surveillance initiated by the U.S. government. Snowden lived in Japan from 2009 to 2011. At the time, he was an employee with computer giant Dell Inc. contracted out to the NSA, where he worked on a surveillance program at the U.S.’s Yokota airbase in Fussa, Tokyo. “They know your … religious faith. They know whom you love. They know whom you care about … This was our job to establish the pattern of life of any individuals,” he said. Snowden made the comments via video conferencing from Russia, where he resides to avoid U.S. criminal prosecution, during a symposium Saturday in Tokyo on surveillance in contemporary society. More than 200 people, including lawyers, journalists, and others, attended the discussion held in an auditorium on the University of Tokyo campus. Snowden, 32, said all the information that people input via cellphones or computers can be legally collected by the U.S. intelligence agency for analysis. Serious issues facing Japan are its lack of citizen engagement on privacy controls and weak civil controls over the government, he said. A prime example of a threat to Japanese society, according to Snowden, is the controversial state secrecy law enacted in 2013, which he said is “fundamentally dangerous to democracy.” Officially known as the Act on the Protection of Specially Designated Secrets, which went into effect in 2014, the law gives ministries and agencies discretion to classify information in areas such as defense, counterterrorism and diplomacy as state secrets. Leakers, including civil servants, could face up to 10 years in prison and those who instigate such leaks, including journalists, could be subjected to five-year prison terms. The law was steamrolled through the Diet in 2013 by the administration of Prime Minister Shinzo Abe despite a mass public outcry over the obscure nature by which information will be designated as a state secret. In an interview with the weekly magazine Sunday Mainichi in its Tuesday edition, Snowden said the enactment of the controversial law was requested and designed by the U.S. government to facilitate the NSA’s espionage activities in Japan."
NSA whistleblower Snowden says U.S. government carrying out mass surveillance in Japan
Japan Times, 4 June 2016

"Google could have a record of everything you have said around it for years, and you can listen to it yourself. The company quietly records many of the conversations that people have around its products. The feature works as a way of letting people search with their voice, and storing those recordings presumably lets Google improve its language recognition tools as well as the results that it gives to people....The recordings can function as a kind of diary, reminding you of the various places and situations that you and your phone have been in. But it’s also a reminder of just how much information is collected about you, and how intimate that information can be."
Google voice search records and keeps conversations people have around their phones – but the files can be deleted
Independent, 3 June 2016

"Councils across the country are switching off their closed-circuit television cameras, saying that they are too costly and ineffective at preventing crime. Westminster council will discuss next week a plan to turn off the 75 cameras it runs to save £1 million a year. The council argued that it needed to spend £1.7 million to update the system on top of the running costs, which was unaffordable given spending cutbacks. Other big metropolitan councils including Birmingham, Edinburgh and Leicester have already reduced their cameras significantly because of austerity measures. Others have switched off completely."
Street cameras turned off by hard-up council chiefs
London Times, 3 June 2016

"The FBI wants to exempt its burgeoning national database of fingerprints and facial photos from a federal law that gives Americans the right to sue for government violations of the Privacy Act, such as refusing to tell a person if he or she is in the system. The bureau also wants to shield its data storehouse from other Privacy Act rules, including one that lets people ensure that the information the government holds about them is accurate. The proposed exemptions, published in May in the Federal Register, have stirred objections from an array of privacy and civil rights advocates. They say that such carve-outs remove a critical check on the use of the huge database in criminal investigations."
FBI wants to exempt its huge fingerprint and photo database from privacy protections
Washington Post, 1 June 2016

"GCHQ and the US National Security Agency (NSA) have access to intercepted emails sent and received by all members of the UK Parliament and peers, including with their constituents, a Computer Weekly investigation has established. The intelligence agency in Cheltenham has been able to harvest traffic details of all parliamentary emails, including details of the sender, recipient and subject matter, for at least three years. As a result, details of private email correspondence between MPs and constituents are being collected by GCHQ as a matter of routine. GCHQ documents classified above top secret, released by NSA whistleblower Edward Snowden, also reveal that the spy agency has the capability to scan the content of parliamentary emails for “keywords” through an established cyber defence network that is connected to commercial software used to filter spam emails from MPs’ inboxes. The disclosures, which come as the House of Commons prepares for the Third Reading of the government’s controversial Investigatory Powers Bill on Monday 6 June, raise new questions over the sweeping powers to be granted in the bill to police and the security services. The controversial decision by Parliament to replace its internal email and desktop office software with Microsoft’s Office 365 service in 2014, means that parliamentary data and documents constantly pass in and out of the UK to Microsoft’s datacentres in Dublin and the Netherlands, across the backbone of the internet. Because files and emails leave the UK’s borders in this way, they are automatically accessible to GCHQ’s bulk interception system, Tempora. According to previously published Snowden documents, Tempora uses “probes” on commercial optical fibre cables crossing the Irish Sea and English Channel to harvest data. Under existing law, GCHQ is permitted automatically to store datasets containing details of the senders, recipients and headings of all emails in and out of the UK, including internal UK-to-UK messages.... MPs’ communications have been partially protected from interception for over 40 years under the “Wilson Doctrine”, introduced by the former prime minister Harold Wilson in 1968. But this offered no protection to communications that leave the UK’s borders, which are subject to automatic bulk collection by GCHQ. “The House of Commons administration has serious questions to answer,” according to former Home Office minister and Conservative MP David Davis. “On whose authority was ‘consent’ granted to view members’ emails? How did they manage to obtain that consent from every one of the 650 members whose constituents’ confidentiality is affected? “The government too has questions to answer as to why it did not explain this when asked on many occasions about the effect of the Wilson Doctrine,” he added. “The government should also make it clear to parliament the extent to which scanning of all mail by a US-controlled company has made Parliamentary communications vulnerable to agencies of a foreign power, namely the American NSA."
MPs’ private emails are routinely accessed by GCHQ
Computer Weekly, 1 June 2016

"British people are not demanding more transparency from the intelligence services as loudly as Americans, the former director of the US National Security Agency (NSA) and CIA has said. Michael Hayden played a pivotal, leading role in American intelligence until he was replaced as director of the CIA shortly into the presidency of Barack Obama. In a wide-ranging talk on the fourth day of the Hay festival, Hayden addressed CIA torture, targeted killings, what he thinks about Edward Snowden and how Facebook is perhaps a greater threat to privacy than government.Hayden said the security services were changing faster in the US than the UK. “You as a population are far more tolerant of aggressive action on the part of your intelligence services than we are in the United States,” he said...The US intelligence services would not have validation from the American people unless there was a certain amount of knowledge, an increased transparency, he said. Hayden talked about the tensions between the need to know and the need to protect. In his newlypublished book Hayden calls Snowden naive and narcissistic and says he wanted to put him on a “kill list”. On the next page he said Snowden “highlighted the need for a broad cultural shift” in terms of transparency and what constitutes consent. On Sunday he said there was no contradiction between the two assertions....The privacy revelations quickened a conversation which had “hit the beach” in the US but it “has not hit the beach here in Great Britain”. Hayden was asked about how much information we give to social media companies and whether the public is naive in trusting Mark Zuckerberg and Facebook more than the NSA. “I have my views on that,” he joked. “Your habits are all geared to protecting privacy against the government because that was always the traditional threat. That is no longer the pattern, it is the private sector … we are going through a cultural adjustment. “With regard to the 21st-century definition of reasonable privacy, Mark Zuckerberg is probably going to have a greater influence on that than your or my government because of the rules we will embed inside his Facebook applications.”"
CIA ex-boss: secretive spooks tolerated in UK more than in US
Guardian, 29 May 2016

"A provision snuck into the still-secret text of the Senate’s annual intelligence authorization would give the FBI the ability to demand individuals’ email data and possibly web-surfing history from their service providers without a warrant and in complete secrecy. If passed, the change would expand the reach of the FBI’s already highly controversial national security letters. The FBI is currently allowed to get certain types of information with NSLs — most commonly, information about the name, address, and call data associated with a phone number or details about a bank account. Since a 2008 Justice Department legal opinion, the FBI has not been allowed to use NSLs to demand “electronic communication transactional records,” such as email subject lines and other metadata, or URLs visited. The spy bill passed the Senate Intelligence Committee on Tuesday, with the provision in it. The lone no vote came from Sen. Ron Wyden, D-Ore., who wrote in a statement that one of the bill’s provisions “would allow any FBI field office to demand email records without a court order, a major expansion of federal surveillance powers.”"
Secret Text in Senate Bill Would Give FBI Warrantless Access to Email Records
The Intercept, 26 May 2016

"FBI officials are warning private industry partners to be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards. The FBI's Private Industry Notification is dated April 29, more than 15 months after whitehat hacker Samy Kamkar released a KeySweeper, a proof-of-concept attack platform that covertly logged and decrypted keystrokes from many Microsoft-branded wireless keyboards and transmitted the data over cellular networks. To lower the chances that the sniffing device might be discovered by a target, Kamkar designed it to look almost identical to USB phone chargers that are nearly ubiquitous in homes and offices. "If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information," FBI officials wrote in last month's advisory. "Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen.""
Beware of keystroke loggers disguised as USB phone chargers, FBI warns
ArsTechnica, 23 May 2016

"The 30 million or so surveillance cameras peering into nearly every corner of American life might freak you out a bit, but you could always tell yourself that no one can access them all. Until now. Computer scientists have created a way of letting law enforcement tap any camera that isn’t password protected so they can determine where to send help or how to respond to a crime. “It’s a way to help people take advantage of information that’s out there,” says David Ebert, an electrical and computer engineer at Purdue University. The system, which is just a proof of concept, alarms privacy advocates who worry that prudent surveillance could easily lead to government overreach, or worse, unauthorized use. It relies upon two tools developed independently at Purdue. The Visual Analytics Law Enforcement Toolkit superimposes the rate and location of crimes and the location of police surveillance cameras. CAM2 reveals the location and orientation of public network cameras, like the one outside your apartment. You could do the same thing with a search engine like Shodan, but CAM2 makes the job far easier, which is the scary part. Aggregating all these individual feeds makes it potentially much more invasive. Purdue limits access to registered users, and the terms of service for CAM2 state “you agree not to use the platform to determine the identity of any specific individuals contained in any video or video stream.” A reasonable step to ensure privacy, but difficult to enforce (though the team promises the system will have strict security if it ever goes online)."
New Surveillance System May Let Cops Use All of the Cameras
Wired, 19 May 2016

"By preying on the modern necessity to stay connected, governments can reduce our dignity to something like that of tagged animals, the primary difference being that we paid for the tags and they’re in our pockets. It sounds like fantasist paranoia, but on the technical level it’s so trivial to implement that I cannot imagine a future in which it won’t be attempted. It will be limited to the war zones at first, in accordance with our customs, but surveillance technology has a tendency to follow us home. Here we see the double edge of our uniquely American brand of nationalism. We are raised to be exceptionalists, to think we are the better nation with the manifest destiny to rule. The danger is that some people will actually believe this claim, and some of those will expect the manifestation of our national identity, that is, our government, to comport itself accordingly. Unrestrained power may be many things, but it’s not American. It is in this sense that the act of whistleblowing increasingly has become an act of political resistance. The whistleblower raises the alarm and lifts the lamp, inheriting the legacy of a line of Americans that begins with Paul Revere. The individuals who make these disclosures feel so strongly about what they have seen that they’re willing to risk their lives and their freedom. They know that we, the people, are ultimately the strongest and most reliable check on the power of government. The insiders at the highest levels of government have extraordinary capability, extraordinary resources, tremendous access to influence, and a monopoly on violence, but in the final calculus there is but one figure that matters: the individual citizen. And there are more of us than there are of them."
Edward Snowdon - Inside The Assassination Comlex
Intercept, 3 May 2015

"A secretive police unit tasked with spying on alleged extremists intent on committing serious crimes has been monitoring leading members of the Green party, the Guardian has learned. Newly released documents show that the intelligence unit has been tracking the political activities of the MP Caroline Lucas and Sian Berry, the party’s candidate for London mayor. Some of the monitoring took place as recently as last year and seemed to contradict a pledge from Sir Bernard Hogan-Howe, the Metropolitan police commissioner, that the unit would only target serious criminals rather than peaceful protesters. Extracts from the files show that the police have chronicled how the Green politicians had been speaking out about issues such as government cuts, the far right, police violence, and the visit of the pope. The police’s actions have been described as “chilling” and come weeks after it was accused of abusing its powers by pursuing prominent people over sex abuse claims. The disclosures bring to four the number of elected Green party politicians whose political movements are known to have been recorded in the files of the unit. The files give no indication that they were involved in serious criminal activity. The file on Lucas, which stretches over eight years, records how she gave a speech at an anti-austerity demonstration last June in London. Lucas accused the government of conducting an “ideological war on welfare” at the rally, attended by thousands. Another entry records how she attended a demonstration in February 2014 against disability cuts in Brighton where she has been an MP since 2010. Police noted she “spoke with some of the assembled” journalists. She is also logged as attending a demonstration in Brighton in April 2014 opposing a far-right march in the city. Lucas said: “Spending precious resources on monitoring elected politicians is a clear waste of the public’s money – and sends a chilling message to those who want to engage in peaceful political demonstrations. Nobody should be subject to arbitrary surveillance. “It’s this kind of thinking that has led police in this country to waste vast amounts of taxpayers’ money in infiltrating environmental groups. The police should focus resources on fighting real crime, not attempting to stifle legitimate protest.”...The police’s domestic extremism unit – which operates across the country and is based within the Met – has kept files on thousands of protesters, saying that it needed to identify those who use, or may use, criminal methods to further their political aims. However, police have faced criticism for tracking campaigners who have not committed crimes and for storing mundane information, such as the sale of political literature by an activist at the Glastonbury music festival. Hogan-Howe has said that in October 2013, the unit tightened up its procedures so that it would focus on individuals who commit or plan “serious criminal activity motivated by a political or ideological viewpoint”. He said it would usually exclude “low levels of civil disobedience such as civil trespass or minor obstruction”. Three of the four Green politicians – including Ian Driver, who was monitored between 2011 and 2014 while he was a Kent councillor and Baroness Jenny Jones, the Green’s candidate for London mayor in 2012 – do not have a criminal record. Lucas was fined for breaching the peace after she and other demonstrators blocked traffic outside a nuclear weapons base in 2001. She was acquitted of public order offences at an anti-fracking protest in Sussex in 2013. The police file also records how she took part in environmental demonstrations in 2008 and 2009, while she was an MEP.... Peter Francis, a whistleblower who worked undercover for the Met, has alleged that the police kept secret files in the 1990s on 10 Labour MPs, including the Labour leader, Jeremy Corbyn, after they had been elected to parliament."
Police anti-extremism unit monitoring senior Green party figures
Guardian, 28 April 2016

"In real life, Jim Angleton was a formidable intellectual and canny bureaucrat who helped shape the ethos of the Central Intelligence Agency we have today. His doctrine of counterintelligence was widely influential, not only in the CIA but in the intelligence services of all the English-speaking countries. He pioneered pre-digital techniques of mass surveillance via an illicit mail-opening program called LINGUAL....Angleton acted zealously on a theory of history whose validity is hard to accept and hard to dispute. He believed that secret intelligence agencies controlled the destiny of mankind.... Yet it wasn’t until I went to Georgetown in search of one of Angleton’s darkest secrets that I came away with a personal lesson in how the CIA makes history — by erasing it..... By removing the Cram and Applewhite papers from public view, the agency has, in essence, redacted some of the details of an embarrassing chapter in the agency’s history. But while the records technically remain in the hands of Georgetown and off-limits to FOIA [Freedom of Information Act], the CIA kept this harmless material beyond the reach of law and the eyes of reporters and historians."
How the CIA writes history
The Intercept, 25 April 2016

"Since 2005 successive Home Secretaries have authorised the collection of vast amounts of telecommunications data, documents reveal. The documents also show that MI5 secretly collected large amounts of "anonymised" financial data. Campaign group Privacy International said the documents show "the staggering extent of UK government surveillance". The Home Office said the data acquisition had "been essential to the security and intelligence agencies". It added that the data had provided "vital and unique intelligence". The disclosure of the documents was made to Privacy International as it prepares for an Investigatory Powers Tribunal hearing in July. The tribunal handles complaints against UK intelligence agencies MI5, MI6 and GCHQ. The campaign group is challenging the agencies use and acquisition of "bulk personal datasets" - very large amounts of personal data collected from public and private organisations. The Home Office has repeatedly refused to list the datasets the agencies hold, but the documents show the agencies could request a range of sensitive information, including medical information, financial information, and information about telephone and internet communications. The documents reveal that among other things this data is vital in identifying "foreign fighters", possibly a reference to jihadists involved in the conflict in Syria and Iraq. Privacy International said: "The intelligence agencies have secretly given themselves access to potentially any and all recorded information about us". But the Home Office told the BBC: "The acquisition and use of bulk [data] provides vital and unique intelligence", adding: "The security and intelligence agencies use the same techniques that modern businesses increasingly rely on to analyse data in order to overcome the most significant national security challenges". In several documents the risk that the public might become aware of the powers is discussed. An MI5 policy issued in 2010 says the agency's access to "anonymised" financial data would be against "public expectations". It says that if the data is revealed the media response could be "unfavourable and probably inaccurate". David Davis MP, a former Conservative Shadow Home Secretary, told the BBC: "It's clear the agencies and the government have been keeping information secret about what they've been doing not just for security reasons, as is normally claimed, but to avoid both embarrassment and public opposition." Every six months since 21 July 2005, Home Secretaries have authorised MI5 to collect in a database, information from communication network providers, the documents reveal. This could include telephone data and internet data. It does not include the content of communications. The documents say the data is anonymous as it does not contain "subscriber information", but privacy campaigners argue it would be possible work out the identity of an individual from the data. MI5 says the data is deleted every 12 months. In the documents the data is said to be of "significant security value." The data is obtained under Section 94 of the Telecommunications Act 1984. The government's independent reviewer of terrorism legislation, David Anderson QC, has previously told the BBC the legislation was "so vague that anything could be done under it". The documents set out detailed procedures required to authorise the collection and use of the data. But they reveal that misuse has occurred. One document produced by MI6 gives examples of "individual users crossing the line" for example, "looking up addresses in order to send birthday cards" and "checking details of family members for personal reasons". The revelations will add to the controversy surrounding the Investigatory Powers Bill currently working its way through parliament."
Spies' 'staggering' data requests revealed
BBC Online, 21 April 2016

"Hackers have again demonstrated that no matter how many security precautions someone takes, all a hacker needs to track their location and snoop on their phone calls and texts is their phone number. The hack, first demonstrated by German security researcher Karsten Nohl in 2014 at a hacker convention in Hamburg, has been shown to still be active by Nohl over a year later for CBS’s 60 Minutes. The hack uses the network interchange service called Signalling System No. 7 (SS7), also known as C7 in the UK or CCSS7 in the US, which acts as a broker between mobile phone networks. When calls or text messages are made across networks SS7 handles details such as number translation, SMS transfer, billing and other back-end duties that connect one network or caller to another. By hacking into or otherwise gaining access to the SS7 system, an attacker can track a person’s location based on mobile phone mast triangulation, read their sent and received text messages, and log, record and listen into their phone calls, simply by using their phone number as an identifier..... The biggest issue for consumers is that there is little they can do to safeguard against this kind of snooping, short of turning off their mobile phone, as the attack happens on the network side, regardless of the phone used. Nohl said: “The mobile network is independent from the little GPS chip in your phone, it knows where you are. So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network. That, of course, is not controlled by any one customer.” Hackers have proven that they can break into SS7, but security services, including the US National Security Agency, are also thought to use the system to track and snoop on target users."
Your phone number is all a hacker needs to read texts, listen to calls and track you
Guardian, 18 April 2016

"Uber Technologies Inc on Tuesday released its first ever transparency report detailing the information requested by not only U.S. law enforcement agencies, but also by regulators. The ride-sharing company said that between July and December 2015, it had provided information on more than 12 million riders and drivers to various U.S. regulators and on 469 users to state and federal law agencies. The privately held company, valued at more than $60 billion, said the agencies requested information on trips, trip requests, pickup and dropoff areas, fares, vehicles, and drivers. Uber said it got 415 requests from law enforcement agencies, a majority of which came from state governments, and that it was able to provide data in nearly 85 percent of the cases. A large number of the law enforcement requests were related to fraud investigations or the use of stolen credit cards, according to the report. Uber said it had not received any national security letters or orders under the Foreign Intelligence Surveillance act. The company has not disclosed such requests for information from other countries."
Uber says gave U.S. agencies data on more than 12 million users
Reuters, 12 April 2016

"According to leaked documents published by German data protection authorities, Europe's most influential privacy regulators are to say that the so-called 'Privacy Shield' accord agreed by the EU and the US falls short of standards set by the European Court of Justice. ... Last year, the European Court Of Justice nullified the long-standing EU-US 'Safe Harbour' data transfer treaty because it found that indiscriminate surveillance by US authorities of EU citizens' data contravened fundamental European rights. The ruling was the result of a case brought by Austrian student Max Schrems against Facebook's Irish office. Mr Schrems argued that revelations by the whistleblower Edward Snowden about US security agencies routinely spying on Europeans' emails and messages meant that the transfer of EU citizens' personal data to the US jurisdiction must not be allowed under European law. The ruling caused a political and legal stand-off that threatened transatlantic trade and resulted in a new agreement called Privacy Shield."
Fears for Irish jobs in new threat to data treaty with US
Independent, 12 April 2016

"FBI Director James Comey has revealed he uses tape to cover up his laptop webcam to ensure privacy. Speaking at an encryption and privacy Q&A session at Kenyon College last week, Comey said: 'I saw something in the news, so I copied it. 'I put a piece of tape — I have obviously a laptop, personal laptop — I put a piece of tape over the camera. Because I saw somebody smarter than I am had a piece of tape over their camera.' His comment was made last Wednesday in response to a question about growing public awareness of the ways in which technology can spy on people . But many have commented on the director's hypocrisy in doing this when he has said tech companies should not make devices that are 'unhackable' to law enforcement. Activists argue that by putting duck tape over his webcam, he is doing just that. Just two weeks ago, the FBI dropped its court case attempting to force Apple to hack into an iPhone belonging to the San Bernardino terrorists.... The FBI has long been able to activate a computer's camera without triggering the 'recording light' to let the owner know the webcam is on, a former assistant director of its tech division has said. Their usage of remote administration tools (RATs) comes to light as the world's most powerful technology firms call on Barack Obama to curb government spying on internet users. The FBI have been able to use the spyware technology for years and have put it in place in terrorism cases or the most serious criminal investigations, Marcus Thomas, former assistant director of the FBI's Operational Technology Division in Quantico, told The Washington Post. The team use the same technique as ratters, by infecting the computer with a malicious software – 'malware – through phishing. By sending an email with a link, which could be to a website, an image or a video, the user is tricked into downloading a small piece of software onto their machine. Once installed, the malware allows the FBI to take control of the computer and the webcam at any time, working similarly to the system large corporations use to update software and fix IT problems."
FBI director reveals he uses TAPE to cover up his laptop webcam out of fears a hacker could activate it and spy on him
Mail, 11 April 2016

"Government plans to track every website visited by every British citizen could cost more than £1bn, privacy campaigners have estimated. The £1bn estimate for the cost of requiring phone and internet companies to retain everyone’s internet connection records and store them for 12 months is based on a similar scheme in Denmark, which was recently dropped on grounds of cost. The Don’t Spy on Us coalition, which includes the Open Rights Group and Privacy International, says that the £1bn price tag for the new powers for the police and security services to access everyone’s web browsing history compares with the initial official Home Office estimate of only £174m over 10 years. The British internet industry has already made clear that it regards the £174m figure as an underestimate. The president of BT Security has told MPs that the allocated amount would only cover BT’s costs, and Virgin Media has said its costs will be “in the tens of millions”. The Home Office is reconsidering its initial cost estimate. The Danish government recently shelved similar proposals to monitor the web browsing habits of Danish citizens after accountancy giant Ernst & Young, confirmed it would cost 1bn Danish kroner (£105m) to implement. This estimate only covered the equipment investment and did not include annual operating costs. Don’t Spy on Us says that as Britain’s population, at 64 million, is more than 11 times that of Denmark’s 5.6 million, the cost of a similar internet record system in Britain would be more than £1bn. It estimates that this bill, which is to be paid in full by the Home Office, is equivalent to the cost of employing 3,000 more full-time police officers."
UK plans to track all internet connections could cost £1bn, campaigners warn
Guardian, 30 March 2016

"Marc Newlin and Balint Seeber are checking how far apart they can be while still being able to hack into each other's computers. It turns out its pretty far - 180 meters - the length of a city block in San Francisco. The pair work for Bastille, a startup cyber security company that has uncovered a flaw they say leaves millions of networks and billions of computers vulnerable to attack. Wireless mice from companies like HP, Lenovo, Amazon and Dell use unencrypted signals to communicate with computers. "They haven't encrypted the mouse traffic, that makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer. This would be the same as if the attacker was sitting at your computer typing on the computer," said Newlin, a security researcher at Bastille. A hacker uses an antenna, a wireless chip called a dongle, both available for the less $20 (USD), and a simple line of code to trick the wireless chip connected to the target computer into accepting it as a mouse. "So the attacker can send data to the dongle, pretend it's a mouse but say 'actually I am a keyboard and please type these letters'," added Newlin. "If we sent unencrypted keyboard strokes as if we were a mouse it started typing on the computer, typing at a 1000 words per minute," said Chris Rouland, the CTO and Founder of Bastille. At a thousand words a minute, the hacker can take over the computer or gain access to a network within seconds."
Wireless mice leave billions at risk of computer hack: cyber security firm
Reuters, 23 March 2016

"Today, two representatives from the House Oversight & Government Reform Committee sent a letter (PDF) to Michael Rogers, director of the National Security Agency (NSA), asking him to discontinue any plans to expand the list of who the NSA shares certain information with. In late February, The New York Times reported that the Obama administration was working with the NSA to craft new rules and procedures to allow domestic law enforcement organizations like the Federal Bureau of Investigation (FBI) and the Drug Enforcement Administration (DEA) access to the digital communications information that the NSA collects through programs like PRISM. Under the new rules, domestic law enforcement agencies would be able to access raw information that the NSA collects, without the so-called 'minimization' process that the NSA has formerly employed to scrub surveillance information of identifying data pertaining to American citizens before handing it over to the requesting agency. 'We are alarmed by press reports that state National Security Agency (NSA) data may soon routinely be used for domestic policing,' Representative Ted Lieu (D-Calif.) and Representative Blake Farenthold (R-Tex.) wrote. 'If media accounts are true, this radical policy shift by the NSA would be unconstitutional, and dangerous.'"
Representatives say NSA must end plans to expand domestic spying
Arstechnica, 24 March 2016

"At the Federal Bureau of Investigation’s request, a magistrate judge canceled a court hearing scheduled for Tuesday to determine whether Apple should be compelled to help the U.S. gain access to a locked iPhone used by an attacker who killed 14 people last year in San Bernardino, California. The bureau said it was approached on Sunday by an unidentified third party with a possible way to get into the phone without Apple’s help. The FBI’s new tactic may be subject to a relatively new and little-known rule that would require the government to tell Apple about any vulnerability potentially affecting millions of iPhones unless it can show a group of administration officials that there’s a substantial national security need to keep the flaw secret. This process, known as an equities review, was created by the Obama administration to determine if new security flaws should be kept secret or disclosed, and gives the government a specific time frame for alerting companies to the flaws. 'I do think it should be subjected to an equities review,' said Chris Inglis, former National Security Agency deputy director. 'The government cannot choose sides in the tension between individual and collective security so the equities process should be run to put both on a level playing field.'"
Thank You for Hacking iPhone, Now Tell Apple How You Did It
Bloomberg, 23 March 2016

"NSA whistleblower Edward Snowden opened the Free Software Foundation's LibrePlanet 2016 conference on Saturday with a discussion of free software, privacy and security, speaking via video conference from Russia. Snowden credited free software for his ability to help disclose the U.S. government's far-reaching surveillance projects – drawing one of several enthusiastic rounds of applause from the crowd in an MIT lecture hall. "What happened in 2013 couldn't have happened without free software," he said, particularly citing projects like Tor, Tails (a highly secure Linux distribution) and Debian. Snowden argued that free software's transparency and openness are cornerstones to preserving user privacy in the connected age. It isn't that all commercial products are bad, nor that all corporations are evil – he singled out Apple's ongoing spat with the FBI as an example of a corporation trying to stand up for its users – merely that citizens should not have to rely on them to uphold the right to privacy. "I didn't use Microsoft machines when I was in my operational phase, because I couldn't trust them," Snowden stated. "Not because I knew that there was a particular back door or anything like that, but because I couldn't be sure." Private data, these days, only stays private at the sufferance of the major tech companies that administer devices and services, he argued. Given the increasing centrality of smartphones and social networks and the myriad of other digital communication methods to modern life, simply trusting that those tech companies will protect their users' privacy is insufficient. Relying on corporations to protect private data is bad enough in a vacuum – but Snowden pointed out that many tech giants have already proven more than willing to hand over user data to a government they rely on for licensing and a favorable regulatory climate.He particularly singled out service providers as being complicit in overreaching government surveillance. "We can't control telecom partners," Snowden stated. "We're very vulnerable to them.""
Edward Snowden: Privacy can't depend on corporations standing up to the government
Network World, 19 March 2016

"The US government is heavily invested in an internal surveillance program that is unsustainable, ineffective, morally reprehensible, inherently dangerous and ultimately counterproductive. In the months following the US government’s initial charges against me over the release of government records in 2010, the current administration formed the National Insider Threat Task Force under the authority of the Office of the Director of National Intelligence (ODNI), the Department of Justice, the Federal Bureau of Investigation and several other US government agencies. The mission of this taskforce is breathtakingly broad. It aims at deterring threats to national security by anyone 'who misuses or betrays, wittingly or unwittingly, his or her authorized access to any US Government resource'. Unfortunately, the methods it outlines amount to thousands of government personnel being effectively under total surveillance. These kinds of operations usually result in doing more harm than good. As articulated by James Detert and Ethan Burris in a recent Harvard Business Review article, such training and surveillance programs greatly diminish productive and innovative capabilities within organizations. They have a tendency to 'promote fear of embarrassment, isolation, low performance ratings, lost promotions, and even firing'. When your employer is the US government, that fear – of surveillance, public humiliation, warrants, arrest, trial, exorbitant legal fees and imprisonment – is orders of magnitude higher. Flaws in the program exacerbate these problems. There is a reliance on 'anonymous feedback' which can create endless witch-hunts, 'general invitations' to report or file complaints through so-called open door policies, and vagueness about what feedback is expected. According to Deter and Burris, the program creates a perfect storm of conditions against innovation, creativity and whistleblowing. The implementation of the Insider Threat program has shown predictably troubling results. For example, an ODNI webinar, entitled Simple Steps and Guidance to Secure Classified Networks, describes excessive surveillance protocols and invasive secret investigations by the US government and military into their own officials. In its early stages, it has become clear that this program conflates any attempt to seek redress, transparency or the promotion of legitimate public interests with grave threats to national security."
Chelsea Manning - When will the US government stop persecuting whistleblowers?
Guardian, 18 March 2016

"Thanks largely to whistleblower Edward Snowden’s revelations in 2013, most Americans now realize that the intelligence community monitors and archives all sorts of online behaviors of both foreign nationals and US citizens. But did you know that the very fact that you know this could have subliminally stopped you from speaking out online on issues you care about? Now research suggests that widespread awareness of such mass surveillance could undermine democracy by making citizens fearful of voicing dissenting opinions in public. A paper published last week in Journalism and Mass Communication Quarterly, the flagship peer-reviewed journal of the Association for Education in Journalism and Mass Communication (AEJMC), found that "the government’s online surveillance programs may threaten the disclosure of minority views and contribute to the reinforcement of majority opinion.' The NSA’s 'ability to surreptitiously monitor the online activities of US citizens may make online opinion climates especially chilly' and 'can contribute to the silencing of minority views that provide the bedrock of democratic discourse," the researcher found."
‘Chilling Effect’ of Mass Surveillance Is Silencing Dissent Online, Study Says
Motherboard, 17 March 2016

"It’s been eight months since a pair of security researchers proved beyond any doubt that car hacking is more than an action movie plot device when they remotely killed the transmission of a 2014 Jeep Cherokee as I drove it down a St. Louis highway. Now the FBI has caught up with that news, and it’s warning Americans to take the risk of vehicular cybersabotage seriously. In a public service announcement issued together with the Department of Transportation and the National Highway Traffic and Safety Administration, the FBI on Thursday released a warning to drivers about the threat of over-the-internet attacks on cars and trucks. The announcement doesn’t reveal any sign that the agencies have learned about incidents of car hacking that weren’t already public. But it cites all of last year’s car hacking research to offer a list of tips about how to keep vehicles secure from hackers and recommendations about what to do if you believe your car has been hacked—including a request to notify the FBI. In a public service announcement issued together with the Department of Transportation and the National Highway Traffic and Safety Administration, the FBI on Thursday released a warning to drivers about the threat of over-the-internet attacks on cars and trucks. The announcement doesn’t reveal any sign that the agencies have learned about incidents of car hacking that weren’t already public. But it cites all of last year’s car hacking research to offer a list of tips about how to keep vehicles secure from hackers and recommendations about what to do if you believe your car has been hacked—including a request to notify the FBI....After hackers Charlie Miller and Chris Valasek hacked the Jeep in July, Chrysler issued a 1.4 million vehicle recall and mailed USB drives with software updates to affected drivers. And the next month, researchers from the University of California at San Diego showed that a common insurance dongle plugged into a Corvette’s dashboard could be hacked to turn on the car’s windshield wipers or disable its brakes."
The FBI Warns That Car Hacking Is a Real Risk
Wired, 17 March 2016

"Bulk data gathering programs used by US intelligence have no effect in combating terrorism and have failed to prevent any attacks in their 10 years of operation, whistleblower and former NSA contactor Edward Snowden, claims in a recent interview. 'In the wake of the revelations of mass surveillance the [US] president [Barack Obama] appointed two independent commissions to review the efficiency of these [surveillance] programs, what they really did and what effect they had in combating terrorism. [The commissions comprised] the highest priests of these programs, they found these programs had never stopped a single terrorist attack and never made a concrete difference in a terrorist investigation,' Snowden told Spanish TV channel Sexta.The whistleblower went on saying, that 'they [the NSA, CIA] violated the constitution and the rights of 330 million Americans for 10 years. We have to ask ourselves: was it ever worth it?'He also stated that despite being justified by preventing terrorist attacks, surveillance programs are more often used for completely different purposes. "It was diplomatic manipulation, economic spying and social control. It was about power, and there is no doubt that mass surveillance increases the power of the government." Snowden stressed that bulk data collection is 'more aggressive and invasive today than it was before. Law enforcement and intelligence structures do not any longer bother to pick up a suspect and hack his cell phone, they cut in into all lines and communications […] at the heart of the society.' According to the whistleblower, the US is by far not the only country using methods of this form of surveillance, with Spanish, French, German and British governments also spying on their people extensively because progress in communication technologies 'had made it cheap, had made it easy, had made it simple […] The paradigm we had inherited from the past had changed, so instead of watching a particular individual we began watching everyone all of the time because of the advances in technology had made it cheap easy simple – just in case they became interesting later.'"
Mass surveillance programs futile in fighting terror – Snowden
RT, 14 March 2016

"The first thing to understand about Apple’s latest fight with the FBI—over a court order to help unlock the deceased San Bernardino shooter’s phone—is that it has very little to do with the San Bernardino shooter’s phone.It’s not even, really, the latest round of the Crypto Wars—the long running debate about how law enforcement and intelligence agencies can adapt to the growing ubiquity of uncrackable encryption tools. Rather, it’s a fight over the future of high-tech surveillance, the trust infrastructure undergirding the global software ecosystem, and how far technology companies and software developers can be conscripted as unwilling suppliers of hacking tools for governments. It’s also the public face of a conflict that will undoubtedly be continued in secret—and is likely already well underway....Most ominously, the effects of a win for the FBI in this case almost certainly won’t be limited to smartphones. Over the past year I worked with a group of experts at Harvard Law School on a report that predicted governments will to respond to the challenges encryption poses by turning to the burgeoning “Internet of Things” to create a global network of surveillance devices. Armed with code blessed by the developer’s secret key, governments will be able to deliver spyware in the form of trusted updates to a host of sensor-enabled appliances. Don’t just think of the webcam and microphone on your laptop, but voice-control devices like Amazon’s Echo, smart televisions, network routers, wearable computing devices and even Hello Barbie. The global market for both traditional computing devices and the new breed of networked appliances depends critically on an underlying ecosystem of trust—trust that critical security updates pushed out by developers and signed by their cryptographic keys will do what it says on the tin, functioning and interacting with other code in a predictable and uniform way. The developer keys that mark code as trusted are critical to that ecosystem, which will become ever more difficult to sustain if developers can be systematically forced to deploy those keys at the behest of governments. Users and consumers will reasonably be even more distrustful if the scope of governments’ ability to demand spyware disguised as authentic updates is determined, not by a clear framework, but a hodgepodge of public and secret court decisions. These, then, are the high stakes of Apple’s resistance to the FBI’s order: not whether the federal government can read one dead terrorism suspect’s phone, but whether technology companies can be conscripted to undermine global trust in our computing devices. That’s a staggeringly high price to pay for any investigation."
This Is the Real Reason Apple Is Fighting the FBI
TIME, 18 February 2016

"A "Data Mining Research Problem Book" marked "top secret strap 1" has been leaked that details some of the key techniques used by GCHQ to sift through the huge volumes of data it pulls continuously from the Internet. Originally obtained by Edward Snowden, the 96-page e-book has been published by Boing Boing, along with a second short document entitled "What's the worst that can happen?". Boing Boing describes this as "a kind of checklist for spies who are seeking permission to infect their adversaries' computers or networks with malicious software." The data mining handbook was written by researchers from the Heilbronn Institute for Mathematical Research in Bristol, a partnership between GCHQ and the University of Bristol. According to Boing Boing, "Staff spend half their time working on public research, the other half is given over to secret projects for the government." The handbook provides valuable insights into some of the details of GCHQ's data mining work, at least as it was in September 2011, when the document was written....When Ars asked GCHQ whether the leaked document was genuine, a spokesperson said: "We have no comment to make on the story," and simply offered its boilerplate reply to all such requests: "It is longstanding policy that we do not comment on intelligence matters. Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework, which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the Secretary of State, the Interception and Intelligence Services Commissioners and the Parliamentary Intelligence and Security Committee. All our operational processes rigorously support this position. In addition, the UK's interception regime is entirely compatible with the European Convention on Human Rights." That last claim is about to be tested in court. As Ars reported recently, the European Court of Human Rights (ECtHR) has said that blanket surveillance without sufficient safeguards is a violation of basic rights. A ruling by the EctHR on whether GCHQ's activities are "entirely compatible with the European Convention on Human Rights" is expected soon."
GCHQ’s data-mining techniques revealed in new Snowden leak
Artechnica, 3 February 2016

"Shodan, a search engine for the Internet of Things (IoT), recently launched a new section that lets users easily browse vulnerable webcams. The feed includes images of marijuana plantations, back rooms of banks, children, kitchens, living rooms, garages, front gardens, back gardens, ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores, according to Dan Tentler, a security researcher who has spent several years investigating webcam security. "It's all over the place," he told Ars Technica UK. "Practically everything you can think of." We did a quick search and turned up some alarming results: The cameras are vulnerable because they use the Real Time Streaming Protocol (RTSP, port 554) to share video but have no password authentication in place. The image feed is available to paid Shodan members at images.shodan.io. Free Shodan accounts can also search using the filter port:554 has_screenshot:true. Shodan crawls the Internet at random looking for IP addresses with open ports. If an open port lacks authentication and streams a video feed, the new script takes a snap and moves on. While the privacy implications here are obvious, Shodan’s new image feed also highlights the pathetic state of IoT security, and raises questions about what we are going to do to fix the problem. Of course insecure webcams are not exactly a new thing. The last several years have seen report after report after report hammer home the point. In 2013, the FTC sanctioned webcam manufacturer TRENDnet for exposing “the private lives of hundreds of consumers to public viewing on the Internet.” Tentler told Ars he estimates there are now millions of such insecure webcams connected and easily discoverable with Shodan. That number will only continue to grow. Tentler told Ars that webcam manufacturers are in a race to bottom. Consumers do not perceive value in security and privacy. As a rule, many have not shown a willingness to pay for such things. As a result, webcam manufacturers slash costs to maximize their profit, often on narrow margins. Many webcams now sell for as little as £15 or $20.... "The bigger picture here is not just personal privacy, but the security of IoT devices," security researcher Scott Erven told Ars Technica UK. "As we expand that connectivity, when we get into systems that affect public safety and human life—medical devices, the automotive space, critical infrastructure—the consequences of failure are higher than something as shocking as a Shodan webcam peering into the baby's crib."
“Internet of Things” security is hilariously broken and getting worse
ArsTechnica, 23 January 2016

"WikiLeaks published a new set of documents Tuesday claiming that the United States National Security Agency (NSA) spied on meetings between world leaders, including the United Nations Secretary General Ban Ki-Moon, German Chancellor Angela Merkel and Israel Prime Minister Benjamin Netanyahu. WikiLeaks said in a statement released Tuesday that the documents were classified as “Top Secret” and were the most highly classified documents ever to be published by a media organization. The document said that the meeting between Merkel and Ban was about climate change, over which an accord was signed by nearly 200 countries in December agreeing to reduce greenhouse emissions to keep the effects of global warming at bay. The document claims that the NSA spied on the meeting with a motive of protecting the largest oil companies.... The document also revealed that U.S. officials tapped a meeting in 2010 between Netanyahu and former Italian Prime Minister Silvio Berlusconi, where the former asked for the Italian leader’s help to deal with U.S. President Barack Obama. The documents also mentioned another meeting between Berlusconi and former French President Nicolas Sarkozy during which the former admitted that the Italian banking system was due to “pop like a cork.” The documents further said that a private meeting between Berlusconi, Merkel and Sarkozy was tapped by the NSA, which has been embroiled in controversy since it was revealed by former U.S. spy agency contractor Edward Snowden that the organization spied on many world leaders and collected phone records of several Americans. In June last year, the Congress passed a law that ended keeping such records on phone calls of American citizens and it was put in place in November. Assange also said in the statement: “The U.S. government has signed agreements with the U.N. that it will not engage in such conduct against the U.N. — let alone its Secretary General. It will be interesting to see the U.N.'s reaction, because if the Secretary General can be targeted without consequence then everyone from world leader to street sweeper is at risk.”"
WikiLeaks Says US Spied On Meetings Of UN Chief, Angela Merkel, Benjamin Netanyahu
International Business Times, 23 February 2016

"A spokesman for the German interior ministry announced on Monday that the government had approved the usage of Trojans to monitor suspected citizens. The interior ministry spokesman defended the government's decision, saying 'basically we now have the skills in an area where we did not have this kind of skill.' The program was already endorsed by members of the government in autumn 2015, the ministry said. Trojans are software programs, also known as malware, specially designed to get into users' computers. They are often used by hackers and thieves to gain access to somebody else's data. In order to use the malware, government officials will have to get a court order, allowing authorities to hack into a citizen's system. The approval will help officials get access to the suspect's personal computer, laptop and smartphone. Once the spyware installs itself on the suspect's device, it can skim data on the computer's hard drive and monitor ongoing chats and conversations."
German government to use Trojan spyware to monitor citizens
Deutsche Welle, 22 February 2016

"A secret memo has revealed the government's strategy for breaking into cell phones - from bypassing encryption codes to changing the law. According to a 'decision memo' from the National Security Council, seen by Bloomberg, security agents were ordered to start finding ways to hack into encrypted devices last November. In the memo, security officials are tasked with finding encryption code 'workarounds', told to identify laws that may need to be changed to allow access, and estimating additional money required to do it. The memo, produced by some of the country's top-ranking officials, was finalized days after the government said it would not force companies to install 'backdoors' in their products. Robert Knake, a senior fellow at the Council of Foreign Relations who formerly served as White House Director of Cybersecurity Policy, said: 'My sense is that people have over-read what the White House has said on encryption. 'They said they wouldn’t seek to legislate "backdoors" in these technologies. They didn’t say they wouldn’t try to access the data in other ways.' The memo was approved by the NSC’s Deputies Committee, according to Bloomberg. While the deputies’ committee changes depending on the subject matter, it typically includes at least a dozen sub-cabinet level officials, among them the deputy attorney general, the vice chairman of the joint chiefs of staff, and the deputy national security adviser. The memo was revealed on Friday, days after Apple said it will fight a court order to create a 'backdoor' into its own products by FBI agents trying to get into the iPhone used by San Bernardino killers Tashfeen Malik and Syed Farook."
Bypassing encryption codes and changing the law: Leaked memo reveals how spies have been trying to access your cell phone
Mail, 19 February 2016

"Tech giants Google and WhatsApp and whistleblower Edward Snowden are backing Apple’s stance over the encryption technology used in its iPhone smartphones. Apple has been ordered by a US federal magistrate to help the FBI unlock the iPhone belonging to one of the San Bernardino shooters, but in a letter published on the company’s website, chief executive Tim Cook said his company would fight the move. Now Google chief executive Sundar Pichai has given the stance his backing. “Important post by @tim_cook. Forcing companies to enable hacking could compromise users’ privacy,” wrote Google’s boss, as part of a short series of tweets addressing the issue."
Google, WhatsApp and Snowden back Apple against FBI
Guardian, 18 February 2016

"Hacking of computers, networks and smartphones in the UK or abroad by GCHQ staff does not breach human rights, a security tribunal has ruled. A panel of five members of the investigatory powers tribunal (IPT) decided on Friday that computer network exploitation (CNE), which may involve remotely activating microphones and cameras on electronic devices without the owners’ knowledge, is legal. In a lengthy judgment, the IPT, which deals with complaints about surveillance and the intelligence services, found in favour of the Cheltenham-based monitoring agency and the Foreign Office. It dismissed complaints brought by the campaign group Privacy International and seven internet service providers from around the world. The case, which was heard last year, was the first in which GCHQ admitted to carrying out “persistent” hacking in the UK and overseas. Some sessions of the IPT are closed and held in secret."
GCHQ hacking does not breach human rights, security tribunal rules
Guardian, 12 February 2016

"James Clapper, the US director of national intelligence, told lawmakers Tuesday that governments across the globe are likely to employ the Internet of Things as a spy tool, which will add to global instability already being caused by infectious disease, hunger, climate change, and artificial intelligence. Clapper addressed two different committees on Tuesday—the Senate Armed Services Committee and the Senate Select Committee on Intelligence Committee—and for the first time suggested that the Internet of Things could be weaponized by governments. He did not name any countries or agencies in regard to the IoT, but a recent Harvard study suggested US authorities could harvest the IoT for spying purposes. "Smart devices incorporated into the electric grid, vehicles—including autonomous vehicles—and household appliances are improving efficiency, energy conservation, and convenience. However, security industry analysts have demonstrated that many of these new systems can threaten data privacy, data integrity, or continuity of services. In the future, intelligence services might use the loT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials," Clapper said (PDF), according to his prepared testimony before the Senate Select Committee on Intelligence. During his live appearance before the Senate Armed Services Committee, Clapper testified that "unpredictable instabilities have become the new normal and this trend will continue for the unforeseeable future." He said that infectious diseases like Zika, government instability, and the 60 million displaced people across the globe are adding to the world's instability. But there's more. "Extreme weather, climate change, environmental degradation, rising demand for food and water, poor policy decisions and inadequate infrastructure will magnify this instability," he said. But "technological innovation," he added, "will have an even more significant impact on our way of life. "This innovation is central to our economic prosperity but it will bring new security vulnerabilities. The Internet of Things will connect tens of billions of new physical devices that could be exploited. Artificial intelligence will enable computers to make autonomous decisions about data and physical systems, and potentially disrupt labor markets," Clapper told the Armed Services Committee. Clapper's remarks on the Internet of Things are remarkable because they come from the nation's top spy chief, and they likely mean that US spy agencies are trying to exploit it. Two weeks ago, a Berkman Center for Internet & Society report from Harvard University concluded that "If the Internet of Things has as much impact as is predicted, the future will be even more laden with sensors that can be commandeered for law enforcement surveillance; and this is a world far apart from one in which opportunities for surveillance have gone dark. It is vital to appreciate these trends and to make thoughtful decisions about how pervasively open to surveillance we think our built environments should be—by home and foreign governments, and by the companies who offer the products that are transforming our personal spaces." (PDF) As noted by Trevor Timm, the executive director of the Freedom of the Press Foundation, the importance of Clapper's IoT statements must be considered against the backdrop of the increasing proliferation of Internet-connected devices, from refrigerators to cars."
Internet of Things to be used as spy tool by governments: US intel chief
ArsTechnica, 10 February 2016

"BRITAIN’S spies should not be allowed to bug dozens of phones and computers from any organisation at once, a powerful committee of MPs has warned. Ministers plan to give the sweeping power to MI5, MI6 and GCHQ as part of a major update to keep pace with technology. ‘Bulk equipment interference’ warrants would allow spooks to tap into phones and iPads and even use them as covert listening devices across an entire hostile group, such as an enemy foreign embassy or a radical organisation. But the Intelligence and Security Committee yesterday called for the controversial move to be abandoned, as there is no “sufficiently compelling evidence” for it. The damning verdict is one of a series of serious criticisms made by the Westminster grandees on the landmark draft Investigatory Powers Bill."
Spy another day: MPs urge against the introduction of ‘bulk bugging’ by spooks
Sun, 10 February 2016

"A planned British law to give spies and the police wide-ranging new surveillance powers is rushed, does not do enough to protect people's privacy and requires major change, a powerful committee of lawmakers said on Tuesday. The bill was unveiled in November after police and intelligence agencies warned they had fallen behind those they were trying to track, as advances in technology and the growth of services like Skype and Facebook increasingly put criminals beyond their reach. Critics say the Draft Investigatory Powers Bill would be the West's furthest-reaching surveillance law, while tech companies have warned it would damage their own security systems. It would force communications firms to collect and store vast reams of data about almost every click of British online activity. The bill would also oblige service providers to help intercept data and hack suspects' devices. "Overall, the privacy protections are inconsistent and in our view need strengthening," parliament's Intelligence and Security Committee (ISC) said in a report. "The draft bill appears to have suffered from a lack of sufficient time and preparation," it added, saying the bill adopted a "rather piecemeal approach" to privacy protection which it said should have formed the backbone to the measure. Debate about how to protect privacy while helping agencies operate in the digital age has raged since former U.S. intelligence contractor Edward Snowden leaked details of mass surveillance by British and U.S. spies in 2013.The British bill, which comes before parliament later this year, is being watched closely by governments and tech companies around the world."
Parliamentary committee criticises surveillance bill over privacy concerns
Reuters, 9 February 2016

"If U.S. and British negotiators have their way, MI5, the British domestic security service, could one day go directly to American companies such as Facebook or Google with a wiretap order for the online chats of British suspects in a counterterrorism investigation. The transatlantic allies have quietly begun negotiations this month on an agreement that would enable the British government to serve wiretap orders directly on U.S. communication firms for live intercepts in criminal and national security investigations involving its own citizens. Britain would also be able to serve orders to obtain stored data, such as emails. The previously undisclosed talks are driven by what the two sides and tech firms say is an untenable situation in which foreign governments such as Britain cannot quickly obtain data for domestic probes because it happens to be held by companies in the United States. The issue highlights how digital data increasingly ignores national borders, creating vexing challenges for national security and public safety, and new concerns about privacy. The two countries recently concluded a draft negotiating document, which will serve as the basis for the talks. The text has not been made public, but a copy was reviewed by The Washington Post. The British government would not be able to directly obtain the records of Americans if a U.S. citizen or resident surfaced in an investigation. And it would still have to follow the country’s legal rules to obtain warrants.Any final agreement will need congressional action, through amendments to surveillance laws such as the Wiretap Act and the Stored Communications Act."
The British want to come to America — with wiretap orders and search warrants
Washington Post, 4 Feburary 2016

"Scottish officials are questioning a U.K. government decision to allow an American flight over Scottish airspace that attempted to capture NSA leaker Edward Snowden, The National reports. The plane was sent from the U.S. East Coast on June 24, 2013, one day after Snowden flew from Hong Kong to Moscow, on a "rendition" mission, according to the website. The plane flew well above the standard 45,000 feet and did not file a flight, plan Scottish journalist Duncan Campbell reported. Some officials sympathetic to Snowden were unhappy with the news, feeling that British official may have been complicit in violating his rights. "As a matter of course and courtesy, any country, particularly an ally, should be open about the purposes of a flight and the use of foreign airspace or indeed airports," said Alex Salmond, Scottish National Party foreign affairs spokesman. "What we need to know now is, was this information given to the U.K. government at the time. If so, then why did they give permission? If not, then why not?" Salmond said. "As a minimum requirement, the U.K. authorities should not allow any activity in breach of international law in either its airspace or its airports.""
Report: Secret US Flight Over Scotland to Arrest Snowden Questioned
Newsmax, 2 February 2016

"The home secretary's plan to force internet service providers to store everyone's internet activity is vague and confusing, says a committee of MPs. Police and security services will be able to see names of sites visited in the past year without a warrant, under the draft Investigatory Powers Bill. The science and technology Committee says its requirements are confusing, and firms fear a rise in hacking....Committee chairman Nicola Blackwood said: "There remain questions about the feasibility of collecting and storing internet connection records (ICRs), including concerns about ensuring security for the records from hackers. ... Mrs May insisted in January that the Home Office had been clear about what it meant by ICRs and was working closely with the industry on the legislation. The science and technology committee also raised concerns about powers to allow spies to hack into suspects' smartphones or computers, known as "equipment interference"....Ms Blackwood said the technique may "occasionally be necessary", but added: "The tech industry has legitimate concerns about the reaction of their customers to the possibility that electronic devices could be hacked by the security services.'"
Theresa May's internet spy powers bill 'confusing', say MPs
BBC Online, 1 February 2016

"A joint UK-US intelligence programme has been spying on electronic feeds – including video – from Israel’s military drones and jet fighters going back to 1998. In a potentially embarrassing disclosure for Israel, which prides itself on its technical capabilities, a new release from material held by the former NSA contractor Edward Snowden has revealed that UK and US intelligence officials have been regularly accessing Israeli cockpit cameras even in the midst of operations in Gaza and Lebanon. Codenamed Anarchist, the programme was revealed by the Intercept, a US website. The revelation – while played down by Israeli defence sources – has demonstrated again the level of surveillance aimed at Israel by countries usually regarded as friendly. The drone feeds were reportedly hacked using freely available software similar to that used to access subscriber-only TV channels, the report said. According to the Intercept, the surveillance operation is run from GCHQ in Cheltenham, Gloucestershire, and the actual surveillance undertaken from a UK base in Cyprus. Last month, the Wall Street Journal disclosed that the US had continued spying on the Israeli prime minister, Binyamin Netanyahu, and other top Israeli officials despite a promise after the Snowden revelations to stop intercepting the communications of friendly heads of state. Yuval Steinitz, Israel’s energy minister and a member of Netanyahu’s security cabinet, sought to play down the issue but said lessons would be learned."
Snowden files reveal US and UK spied on feeds from Israeli drones and jets
Guardian, 29 January 2016

"On 27th January 2015 the Mayor of London, Boris Johnson, signed an order that increased the data collected by the police's network of Automatic Number Plate Recognition (ANPR) cameras in the capital by 300%. At the time no-one seems to have noticed. One year on the sound of silence is still deafening. Johnson achieved this massive increase of blanket surveillance in London without erecting a single new camera. Instead he allowed the police to share Transport for London's (TfL) network of around 1400 ANPR cameras used for the London Congestion Charge, the Low Emission Zone and other traffic monitoring. This was a policy tucked away in Johnson's 2012 mayoral crime manifesto [2]. Since 2007 the Metropolitan Police Service has controversially been allowed limited access to TfL's congestion charge cameras for "national security" purposes only. The new camera sharing arrangement allows the police "general access" to an expanded raft of number plate cameras. The mayor used powers given to him by the Greater London Authority Act [3] whereby he can do anything that he considers will further one or more of the Authority's principle purposes. In the case of expanding police use of automatic checkpoint cameras he decided that it will "further the promotion of social development in Greater London". Quite how Johnson came to this conclusion is a mystery, as is the way in which he was so easily able to trade the freedoms of so many car drivers in London by simply issuing a mayoral decison.... No CCTV has repeatedly warned that the UK police's ANPR camera network is the biggest mass surveillance network that no-one's ever heard of. We have laid out many of our concerns in our report 'What's wrong with ANPR?' [7]. Police store the details of all cars that pass ANPR cameras in a central database for a minimum of two years. There are currently discussions within the police to extend this to seven years. Whilst the mainstream media have all but ignored this massive expansion of the surveillance state it is worth pointing out that writer and artist James Bridle made a series of Freedom of Information requests in 2013/14 that reveal much of the disturbing progression of this policy."
The silent increase in London's mass surveillance network, one year on
No CCTV, 27 January 2016

"In a huge win for press freedom, a UK court of appeal ruled that the detention of journalist Glenn Greenwald’s partner, David Miranda, under the Terrorism Act violated his human rights as a journalist. Perhaps more importantly, though, the court rebuked the government’s unprecedented and dangerous definition of “terrorism” that would have encompassed all sorts of actions regularly made by law-abiding citizens. Miranda was detained and interrogated for almost nine hours without a lawyer at Heathrow airport in 2013 while returning to his home in Brazil after visiting Academy award-winning filmmaker Laura Poitras in Germany. He was assisting her and Greenwald’s reporting on the Snowden documents; Greenwald was working for the Guardian at the time. The court overruled a part of a prior ruling, making clear that “the stop power [under the Terrorism Act], if used in respect of journalistic information or material is incompatible” with the European convention on human rights. Miranda was detained and interrogated for almost nine hours without a lawyer at Heathrow airport in 2013 while returning to his home in Brazil after visiting Academy award-winning filmmaker Laura Poitras in Germany. He was assisting her and Greenwald’s reporting on the Snowden documents; Greenwald was working for the Guardian at the time. The court overruled a part of a prior ruling, making clear that “the stop power [under the Terrorism Act], if used in respect of journalistic information or material is incompatible” with the European convention on human rights. As Greenwald has already said, the court ruling is “an enormous victory, first and foremost for press freedoms, because what the court ruled is that the UK parliament can’t purport to allow its police to seize whatever they want to take from journalists by pretending it’s a terrorism investigation”. He’s exactly right: journalists, or anyone working on behalf of newspapers for that matter, should not be worried about being detained, interrogated and having their source material confiscated for doing their job in a democracy. But even more disturbing than the UK government’s willingness to detain a journalist in violation of his human rights is what they attempted to claim after Miranda’s detention to justify their actions. In arguing that they had every right to detain Miranda under the Terrorism Act in 2013, the government put forth a the radical and expansive definition of terrorism. Here is the government’s exact words from a court filing they made in November 2013: 'Additionally the disclosure [of NSA/GCHQ documents], or threat of disclosure, is designed to influence a government and is made for the purpose of promoting a political or ideological cause. This therefore falls within the definition of terrorism...' Think about the implications of that for a minute: terrorism was defined as publishing information designed to influence the government. That definition includes no mention of violence or even a threat of violence, which David Miranda never came anywhere near doing. In other words, any opinion or action the government does not like could potentially have been decreed as “terrorism” under their warped definition."
Journalism is not terrorism. Criticism of the government is not violence
Guardian, 19 January 2016

"The UK government's official voice encryption protocol, around which it is hoping to build an ecosystem of products, has a massive backdoor that would enable the security services to intercept and listen to all past and present calls, a researcher has discovered. Dr Steven Murdoch of University College London has posted an extensive blog post digging into the MIKEY-SAKKE spec in which he concludes that it has been specifically designed to "allow undetectable and unauditable mass surveillance." He notes that in the "vast majority of cases" the protocol would be "actively harmful for security." Murdoch uses the EFF's scorecard as a way of measuring the security of MIKEY-SAKKE, and concludes that it only manages to meet one of the four key elements for protocol design, namely that it provides end-to-end encryption. However, due to the way that the system creates and shares encryption keys, the design would enable a telecom provider to insert themselves as a man-in-the-middle without users at either end being aware. The system would also allow a third party to unencrypt past and future conversations. And it does not allow for people to be anonymous or to verify the identity of the person they are talking to. In other words, it would be the perfect model for the security services, who can apply pressure to a telecom company and then carry out complete surveillance on an unidentified individual. While it is surprising that the official UK government system would have such a significant backdoor, it is perhaps less surprising when you consider who developed the spec: the information security arm of the UK listening post GCHQ, the Communications-Electronics Security Group (CESG). The CESG – and the UK's civil service – started pushing the approach late last year and has incorporated it into a product spec called Secure Chorus. It has also set itself up as an evaluator of other products and is trying to market its approach commercially by pushing it as "government-grade security." One example of a product already going through this evaluation is Cryptify Call, available for iOS and Android."
For fsck's SAKKE: GCHQ-built phone voice encryption has massive backdoor – researcher
The Register, 19 January 2016

"In some cases, hackers can send a text message -- and disable a car's brakes, according to research presented by computer security experts on Monday. It's a relatively simple hack. And while researchers only tested one type of device, it raises serious questions about how dangerous it is to use them at all. Almost every car on the road right now has a computer port inside, usually underneath the steering wheel. It accesses the computer networks in your car, so mechanics can identify problems. That information is valuable. It can tell how and when you accelerate, brake or steer. That's why insurance companies now give their customers tiny tracking devices to plug into that port -- and offer discounts if you use them. These device connects to the same cellular network as our mobile phones, so it can receive text messages. Student engineers from the University of California, San Diego examined one from Mobile Devices used by auto insurer Metromile. They discovered they could send it specially-coded text messages and remotely engage a car's brakes or disable them completely. The good news? It only works if the car is at a slow crawl -- 5 miles per hour or less. Perhaps worst of all, the device gets unfettered access to a car's internal controls. And they're not even hidden from the rest of the world. It's possible to find a specific car by its device's IP address or phone number. The team of researchers presented their findings at the Usenix computer conference in Washington, D.C. "
Cars can be hacked by their tiny, plug-in insurance discount trackers
CNN, 13 August 2015

"One of the “teenage hackers” who broke into the CIA director’s AOL email account last year hasn’t given up targeting government intelligence officials. His latest victim is the Director of National Intelligence James Clapper, Motherboard has learned. A group of hackers calling themselves “Crackas With Attitude” or CWA made headlines in October, hacking into CIA Director John Brennan’s email account and apparently getting access to several online tools and portals used by US law enforcement agencies.The hackers' exploits prompted the FBI to issue an alert warning government officials of their attacks. One of the group’s hackers, who’s known as “Cracka,” contacted me on Monday, claiming to have broken into a series of accounts connected to Clapper, including his home telephone and internet, his personal email, and his wife’s Yahoo email. While in control of Clapper’s Verizon FiOS account, Cracka claimed to have changed the settings so that every call to his house number would get forwarded to the Free Palestine Movement. When they gained notoriety last year, Cracka and CWA claimed their actions were all in support of the Palestine cause. “I’m pretty sure they don’t even know they've been hacked,” Cracka told me in an online chat. But Brian Hale, a spokesperson for the Office of the Director of National Intelligence, confirmed the hack to Motherboard on Tuesday."
Teen Who Hacked CIA Email Is Back to Prank US Spy Chief
Motherboard, 12 January 2016

SURVEILLANCE SOCIETY NEWS ARCHIVE 2016
Resources	News - News - News To Go Direct To Current Surveillance Society News Reports - Click Here To Go Direct To 2016 Surveillance Society News Reports - Click Here	Home
Surveillance Society News Reports Current 2016 2015 2014 2013 2012 2011 2010 2009 2008 & Earlier	Some Highlights From 2016 "Councils were given permission to carry out more than 55,000 days of covert surveillance over five years, including spying on people walking dogs, feeding pigeons and fly-tipping, the Guardian can reveal. A mass freedom of information request has found 186 local authorities – two-thirds of the 283 that responded – used the government’s Regulation of Investigatory Powers Act (Ripa) to gather evidence via secret listening devices, cameras and private detectives. ...... “As with any legislation, there is a significant risk that authorities will use powers in a way that parliament never intended,” added Lord Paddick, calling for proper oversight to ensure any surveillance is targeted and proportionate." Revealed: British councils used Ripa to secretly spy on public Guardian, 25 December 2016 "If you like your privacy, don’t fly the friendly skies with your phone connected to in-flight networks. American and British intelligence have been surveilling phone use aboard civil aircraft since at least 2005, according to a new investigation by Le Monde based on secret documents from former National Security Agency contractor Edward Snowden. Simply turning on your phone when the plane is flying above 10,000 feet will reveal your location to the NSA, according to an article from a classified internal newsletter. The spy agencies were able to extract a range of information in near real-time under a program aptly named “Thieving Magpie.” They include: * BlackBerry PINs and email addresses * Email addresses * Skype identifying data Facebook identifying data. The agencies then correlate this data with other facts, like the plane’s passenger list, the flight number, and other details in order to pinpoint a particular user. The spies can also see what you’re doing on your phone. For instance, the British intelligence agency GCHQ said it found users were using their phones to check email, use Facebook and Twitter, fire up travel apps like Google Maps and currency convertors, make calls, and weirdly, download stuff on BitTorrent." Government spies can see everything you’re doing with your phone on a plane Quartz, 7 December 2016 "The UK's security services, including GCHQ, MI5 and MI6, have been unlawfully collecting and using mass datasets of personal information for more than 10 years. The Investigatory Powers Tribunal has ruled in a judgement published online that the bodies had been collecting data without safeguards or supervision. The setups of 'Bulk Communications Data' (BCD) and 'Bulk Personal Datasets' by the agencies did not comply with the right to privacy (Article 8) in the European Convention on Human Rights..... Both types of datasets have been used as part of criminal investigations, but have been criticised by privacy advocates for being overly intrusive. The tribunal added that the massive datasets (BPD) "include considerable volumes of data about biographical details, commercial and financial activities, communications and travel"........ The court's ruling comes as the government's Investigatory Powers Bill (IP Bill) is in the final stages of becoming law – it is currently passed through the House of Commons and is being debated by the House of Lords. The Bill has been heavily criticised by numerous committees and officials. Powers included in the IP Bill include bulk collection of data, the ability to remotely hack mobile phones and computers, and the storing of website history. The law is the first time these powers have been specifically written into law." MI6, MI5 and GCHQ 'unlawfully collected private data for 10 years' Wired, 17 October 2016 "Most of the world’s international phone calls, internet traffic, emails, and other communications are sent over a network of undersea cables that connect countries like giant arteries. At spy outposts across the world, the NSA and its partners tap into these cables to monitor the data flowing through them. But Menwith Hill is focused on a different kind of surveillance: eavesdropping on communications as they are being transmitted through the air. According to top-secret documents obtained by The Intercept from NSA whistleblower Edward Snowden, Menwith Hill has two main spying capabilities. The first is called FORNSAT, which uses powerful antennae contained within the golf ball-like domes to eavesdrop on communications as they are being beamed between foreign satellites. The second is called OVERHEAD, which uses U.S. government satellites orbiting above targeted countries to locate and monitor wireless communications on the ground below — such as cellphone calls and even WiFi traffic.... As of 2009, Menwith Hill’s foreign satellite surveillance mission, code-named MOONPENNY, was monitoring 163 different satellite data links. The intercepted communications were funneled into a variety of different repositories storing phone calls, text messages, emails, internet browsing histories, and other data. It is not clear precisely how many communications Menwith Hill is capable of tapping into at any one time, but the NSA’s documents indicate the number is extremely large. In a single 12-hour period in May 2011, for instance, its surveillance systems logged more than 335 million metadata records, which reveal information such as the sender and recipient of an email, or the phone numbers someone called and at what time. To keep information about Menwith Hill’s surveillance role secret, the U.S. and U.K. governments have actively misled the public for years through a “cover story” portraying the base as a facility used to provide “rapid radio relay and conduct communications research.” A classified U.S. document, dated from 2005, cautioned spy agency employees against revealing the truth. “It is important to know the established cover story for MHS [Menwith Hill Station] and to protect the fact that MHS is an intelligence collection facility,” the document stated. “Any reference to satellites being operated or any connection to intelligence gathering is strictly prohibited.”... roughly 600 of the personnel at the facility are from U.K. agencies, including employees of the NSA’s British counterpart Government Communications Headquarters, or GCHQ.... a new “collection posture” was introduced at the base, the aim being to “collect it all, process it all, exploit it all.” In other words, it would vacuum up as many communications within its reach as technologically possible.... Fabian Hamilton, a member of Parliament based in the nearby city of Leeds.......told The Intercept that he found the secrecy shrouding Menwith Hill to be “offensive.” The revelations about the role it has played in U.S. killing and capture operations, he said, showed there needed to be a full review of its operations. “Any nation-state that uses military means to attack any target, whether it is a terrorist, whether it is legitimate or not, has to be accountable to its electorate for what it does,” Hamilton said. “That’s the basis of our Parliament, it’s the basis of our whole democratic system. How can we say that Menwith can carry out operations of which there is absolutely no accountability to the public? I don’t buy this idea that you say the word ‘security’ and nobody can know anything. We need to know what is being done in our name.”" Inside Menwith Hill The Intercept, 6 September 2016 "Police forces across the UK have been responsible for “at least 2,315 data breaches” over the last five years, according to research by Big Brother Watch, prompting concerns about the increasing amount of data they're holding. Titled Safe in Police Hands? the 138-page report is released today after months of requests made by the campaign group under the Freedom of Information Act, covering police forces' breaches of the Data Protection Act from June 2011 to December 2015. According to Big Brother Watch, the results “show officers misusing their access to information for financial gain and passing sensitive information to members of organised crime groups”. Over the last five years, more than 800 members of staff at police forces “accessed personal information without a policing purpose” and information was “inappropriately shared with third parties more than 800 times”.... “With the potential introduction of Internet Connection Records (ICRs) as outlined in the Investigatory Powers Bill, the police will be able to access data which will offer the deepest insight possible into the personal lives of all UK citizens,” the group reported, adding that any breach of this information would be “over and above” what was included in the report. Of the 2,315 breaches that Big Brother Watch was informed of, more than 55 per cent (1,283) resulted in no formal disciplinary action being taken, while in 11 per cent (258) of cases those responsible received either a written or verbal warning. In 13 per cent of cases (297) the individuals involved either resigned or were dismissed, while only 3 per cent (70) of breaches resulted in either a criminal conviction or caution." 5 years, 2,300 data breaches. What'll police do with our Internet Connection Records? The Register, 5 July 2016 "GCHQ and the US National Security Agency (NSA) have access to intercepted emails sent and received by all members of the UK Parliament and peers, including with their constituents, a Computer Weekly investigation has established. The intelligence agency in Cheltenham has been able to harvest traffic details of all parliamentary emails, including details of the sender, recipient and subject matter, for at least three years. As a result, details of private email correspondence between MPs and constituents are being collected by GCHQ as a matter of routine. GCHQ documents classified above top secret, released by NSA whistleblower Edward Snowden, also reveal that the spy agency has the capability to scan the content of parliamentary emails for “keywords” through an established cyber defence network that is connected to commercial software used to filter spam emails from MPs’ inboxes. The disclosures, which come as the House of Commons prepares for the Third Reading of the government’s controversial Investigatory Powers Bill on Monday 6 June, raise new questions over the sweeping powers to be granted in the bill to police and the security services. MPs’ private emails are routinely accessed by GCHQ Computer Weekly, 1 June 2016 "A secretive police unit tasked with spying on alleged extremists intent on committing serious crimes has been monitoring leading members of the Green party, the Guardian has learned. Newly released documents show that the intelligence unit has been tracking the political activities of the MP Caroline Lucas and Sian Berry, the party’s candidate for London mayor. Some of the monitoring took place as recently as last year and seemed to contradict a pledge from Sir Bernard Hogan-Howe, the Metropolitan police commissioner, that the unit would only target serious criminals rather than peaceful protesters. Extracts from the files show that the police have chronicled how the Green politicians had been speaking out about issues such as government cuts, the far right, police violence, and the visit of the pope. The police’s actions have been described as “chilling” and come weeks after it was accused of abusing its powers by pursuing prominent people over sex abuse claims. The disclosures bring to four the number of elected Green party politicians whose political movements are known to have been recorded in the files of the unit. The files give no indication that they were involved in serious criminal activity. The file on Lucas, which stretches over eight years, records how she gave a speech at an anti-austerity demonstration last June in London. Lucas accused the government of conducting an “ideological war on welfare” at the rally, attended by thousands. Another entry records how she attended a demonstration in February 2014 against disability cuts in Brighton where she has been an MP since 2010. Police noted she “spoke with some of the assembled” journalists. ..... Peter Francis, a whistleblower who worked undercover for the Met, has alleged that the police kept secret files in the 1990s on 10 Labour MPs, including the Labour leader, Jeremy Corbyn, after they had been elected to parliament." Police anti-extremism unit monitoring senior Green party figures Guardian, 28 April 2016 "Since 2005 successive Home Secretaries have authorised the collection of vast amounts of telecommunications data, documents reveal. The documents also show that MI5 secretly collected large amounts of "anonymised" financial data. Campaign group Privacy International said the documents show "the staggering extent of UK government surveillance". The Home Office said the data acquisition had "been essential to the security and intelligence agencies". It added that the data had provided "vital and unique intelligence". The disclosure of the documents was made to Privacy International as it prepares for an Investigatory Powers Tribunal hearing in July. The tribunal handles complaints against UK intelligence agencies MI5, MI6 and GCHQ. The campaign group is challenging the agencies use and acquisition of "bulk personal datasets" - very large amounts of personal data collected from public and private organisations. The Home Office has repeatedly refused to list the datasets the agencies hold, but the documents show the agencies could request a range of sensitive information, including medical information, financial information, and information about telephone and internet communications. The documents reveal that among other things this data is vital in identifying "foreign fighters", possibly a reference to jihadists involved in the conflict in Syria and Iraq. Privacy International said: "The intelligence agencies have secretly given themselves access to potentially any and all recorded information about us". But the Home Office told the BBC: "The acquisition and use of bulk [data] provides vital and unique intelligence", adding: "The security and intelligence agencies use the same techniques that modern businesses increasingly rely on to analyse data in order to overcome the most significant national security challenges". In several documents the risk that the public might become aware of the powers is discussed. An MI5 policy issued in 2010 says the agency's access to "anonymised" financial data would be against "public expectations". It says that if the data is revealed the media response could be "unfavourable and probably inaccurate". David Davis MP, a former Conservative Shadow Home Secretary, told the BBC: "It's clear the agencies and the government have been keeping information secret about what they've been doing not just for security reasons, as is normally claimed, but to avoid both embarrassment and public opposition." Every six months since 21 July 2005, Home Secretaries have authorised MI5 to collect in a database, information from communication network providers, the documents reveal. This could include telephone data and internet data. It does not include the content of communications. The documents say the data is anonymous as it does not contain "subscriber information", but privacy campaigners argue it would be possible work out the identity of an individual from the data. MI5 says the data is deleted every 12 months. In the documents the data is said to be of "significant security value." The data is obtained under Section 94 of the Telecommunications Act 1984. The government's independent reviewer of terrorism legislation, David Anderson QC, has previously told the BBC the legislation was "so vague that anything could be done under it". The documents set out detailed procedures required to authorise the collection and use of the data. But they reveal that misuse has occurred. One document produced by MI6 gives examples of "individual users crossing the line" for example, "looking up addresses in order to send birthday cards" and "checking details of family members for personal reasons". The revelations will add to the controversy surrounding the Investigatory Powers Bill currently working its way through parliament." Spies' 'staggering' data requests revealed BBC Online, 21 April 2016 "Hackers have again demonstrated that no matter how many security precautions someone takes, all a hacker needs to track their location and snoop on their phone calls and texts is their phone number. The hack, first demonstrated by German security researcher Karsten Nohl in 2014 at a hacker convention in Hamburg, has been shown to still be active by Nohl over a year later for CBS’s 60 Minutes. " Your phone number is all a hacker needs to read texts, listen to calls and track you Guardian, 18 April 2016 "WikiLeaks published a new set of documents Tuesday claiming that the United States National Security Agency (NSA) spied on meetings between world leaders, including the United Nations Secretary General Ban Ki-Moon, German Chancellor Angela Merkel and Israel Prime Minister Benjamin Netanyahu. WikiLeaks said in a statement released Tuesday that the documents were classified as “Top Secret” and were the most highly classified documents ever to be published by a media organization. The document said that the meeting between Merkel and Ban was about climate change, over which an accord was signed by nearly 200 countries in December agreeing to reduce greenhouse emissions to keep the effects of global warming at bay. The document claims that the NSA spied on the meeting with a motive of protecting the largest oil companies.... The document also revealed that U.S. officials tapped a meeting in 2010 between Netanyahu and former Italian Prime Minister Silvio Berlusconi, where the former asked for the Italian leader’s help to deal with U.S. President Barack Obama. The documents also mentioned another meeting between Berlusconi and former French President Nicolas Sarkozy during which the former admitted that the Italian banking system was due to “pop like a cork.” The documents further said that a private meeting between Berlusconi, Merkel and Sarkozy was tapped by the NSA, which has been embroiled in controversy since it was revealed by former U.S. spy agency contractor Edward Snowden that the organization spied on many world leaders and collected phone records of several Americans. In June last year, the Congress passed a law that ended keeping such records on phone calls of American citizens and it was put in place in November. Assange also said in the statement: “The U.S. government has signed agreements with the U.N. that it will not engage in such conduct against the U.N. — let alone its Secretary General. It will be interesting to see the U.N.'s reaction, because if the Secretary General can be targeted without consequence then everyone from world leader to street sweeper is at risk.”" WikiLeaks Says US Spied On Meetings Of UN Chief, Angela Merkel, Benjamin Netanyahu International Business Times, 23 February 2016
	'We Need A New Way Of Thinking' - Consciousness-Based Education

Latest Developments In 'Turnkey Totalitarianism' KEEP UP TO DATE WITH SURVEILLANCE SOCIETY NEWS MEDIA REPORTS
2016 - 2015 - 2014 - 2013 - 2012 - 2011 - 2010 - 2009 - 2008 & Earlier


NLPWESSEX, natural law publishing	nlpwessex.org
"I don't think in the last two or three hundred years we've faced such a concatenation of problems all at the same time.... If we are to solve the issues that are ahead of us, we are going to need to think in completely different ways." Paddy Ashdown, High Representative for Bosnia and Herzegovina 2002 -2006 BBC Radio 4, 'Start The Week', 30 April 2007