Tag: NSA

Jun 02

The Patriot Act Ain’t Dead Yet

While the Senate failed to pass the USA Freedom Act during Sunday’s emergency session, it did get past a cloture vote to continue debate and consider amendments that could either weaken or strengthen the already inadequate reform of the controversial Section 215 of the Patriot Act. So for the moment, the most egregious parts of the act which violate the Fourth Amendment have expired. So what next? There is no chance to renew the Patriot Act, as the Senate Republican leadership would prefer. Amending the US Freedom Act would necessitate the bill being returned to the House for another vote or hash out the details in a conference committee. None of this looks good for a resolution anytime soon, which is not entirely a bad thing.

McConnell introduced a handful of amendments Sunday evening on behalf of himself and Senate Intelligence Committee Chairman Richard Burr (R-N.C.). Paul and Sen. Bernie Sanders (I-Vt.) has also attempted to bring up amendments of their own, but they were blocked.

Paul’s opposition will push votes on both those amendments and the final bill back to Tuesday at the earliest, and potentially Wednesday.

The House would then either need to vote on the new bill or hash out the details in a conference committee.

Rep. Justin Amash (R-Mich.) – an NSA critic – warned senators against adding amendments to the legislation that could potentially weaken the bill in the eyes of its supporters.

“On the House side, there’s not support for a more watered down version of the Freedom Act,” he said. “If they want to get something passed through the House, they need to make it better not worse.

Pulitzer Prize-winning journalist with The Intercept, Glenn Greenwald gave his reaction to the expiration of the act and the fear mongering that will ensue to Democracy Now!‘s Amy Goodman’



Transcript can be read here

The internecine GOP politics surrounding this are quite a maze since it involves not just Sen. Paul’s candidacy for president in 2016, but power fights between the House and Senate leaderships. Sen. McConnell and House Speaker John Boehner (R-OH) are not exactly best of friends.

The game is now in the Senate and could mean the permanent end of Section 215. Let’s keep our fingers crossed they screw this up.  

May 28

Changing Minds on Edward Snowden

Former Assistant Secretary of State for Public Affairs in the Jimmy Carter administration Hodding Carter III has changed his mind about Edward Snowden whose leaks of NSA programs to the public has sparked the debate a the renewal of the Patriot Act. In an article in Salon, he explains  his change of heart and offered an apology to The Intercept‘s Glenn Greenwald.

Glenn Greenwald, I’m sorry: Why I changed my mind on Edward Snowden

What follows is based on sixty years of experience in public life and journalism. It arises from deepening concern about the people’s limited appreciation of the First Amendment and disgust with media waffling behind timidity’s breastworks. It also arises from urgent unease about government overreach in the name of “homeland security,” an overreach based on post-9/11 fear, political opportunism and an all but explicit assertion that a free people do not need to know and should not demand to know how they are being protected. There is no pretense here of carefully allocated balance, that briefly treasured convention of American journalism. Instead, this is an attempt to explain the evolution of today’s media-government confrontations and to suggest answers to the hard questions that currently face the press when national security clashes with the Bill of Rights.

Unless informed consent is to be treated as a dangerous relic of more tranquil times, these questions should be answered on behalf of the American people as often as they arise. That means applying general principles to specific cases. Knowing the evolution of press freedom can be useful. Having an accurate picture of the chaotic realities of the murky present is crucial. Hard cases are inevitable; hard-and-fast rules are rarely available and too often inapplicable to current conditions. In the end, as always, it is up to each journalist and news organization to be willing to stand alone, to ask, and to answer individually:

“Whose side are you on?”

Mr. Carter and Glenn Greenwald appeared on MSNBC’s “The Last Word” to discuss the surveillance and the firght over the renewal of the Patriot Act.

Whose side are you on?

May 23

Extension of Patriot Act Provisions Blocked

C-Span is fast becoming my late night entertainment channel. The Senate’s votes on the House USA Freedom Act and Senate Majority Leader Mitch McConnell’s attempts to extend the Patriot Act provisions for mass surveillance, for even one day past June 1, were well worth staying up to the early morning hours well worth the loss of sleep. (Not that I don’t anyway.) It was, at last, an epic #FAIL for the spies and fear mongers on both votes.

By a vote of 57-42, the USA Freedom Act failed on Friday to reach the 60-vote threshold needed to advance in the Senate after hours of procedural manoeuvering lasted into the wee hours Saturday morning.

The result left the Senate due to reconvene on May 31, just hours before a wellspring of broad NSA and FBI domestic spying powers will expire at midnight.

Architects of the USA Freedom Act had hoped that the expiration at the end of May of the Patriot Act authorities, known as Section 215, provided them sufficient leverage to undo the defeat of 2014 and push their bill over the line.

The bill was a compromise to limit the scope of government surveillance. It traded the end of NSA bulk surveillance for the retention through 2019 of Section 215, which permits the collection of “business records” outside normal warrant and subpoena channels – as well as a massive amount of US communications metadata, according to a justice department report. [..]

On Saturday morning, after both cloture votes failed, Senate majority leader Mitch McConnell asked for unanimous consent to extend the Patriot Act for a week. Paul objected. Objections were then heard from Paul, as well as from Oregon Democrat Ron Wyden and New Mexico Democrat Martin Heinrich on four-day, two-day and one-day extensions. Eventually McConnell gave up and announced that the Senate would adjourn until 31 May, the day before the key provisions of the Patriot Act expire. [..]

Those who want a straight extension of the Patriot Act are in a distinct minority and supporters of the USA Freedom Act still cannot muster the necessary super majority to advance the bill. The result means those who are more than happy to simply let Section 215 expire on May 31 are in the driver’s seat.

When reporters asked Paul on Saturday morning whether he was concerned about the provisions of the Patriot Act expiring at the end of the month, the Kentucky Republican seemed unworried “We were liking the constitution for about 200 years and I think we could rely on the constitution.”

Watch Sen. Paul shut down Sen McConnell’s attempts to extend the Patriot Act,

Also caught in that clip was Sen. Huckleberry Butchmeup rolling his eyes and picking his nose as Sen. Paul was speaking.

This was Marcy Wheeler’s (emptywheel) reaction on the proceedings

It’s not certain just how “legal” Pres. Obama’s request to the FISA court would be considering the federal appeals court ruling last week that found the N.S.A.’s bulk collection of phone records illegal.

The Senate will return from the Memorial Day break one day early, on May 31, to reconsider an extension of the three provisions of the Patriot Act that will expire the next day.

Let me say two things. First, I am ashamed that any Democrat supported the farce House bill that does nothing to protect our Fourth Amendment rights. Sorry, Sen. Boxer, this is not protecting our county.

Second, a hearty thanks to Senator Rand Paul, who for the fist time that I can remember, went past Charles Pierce’s five minute rule for anything he says.

May 12

TBC: Morning Musing 5.12.15

Good Morning! I have 3 articles for you on the NSA’s speech recognition program today.

First, an intro on the program:

THE COMPUTERS ARE LISTENING: HOW THE NSA CONVERTS SPOKEN WORDS INTO SEARCHABLE TEXT

Most people realize that emails and other digital communications they once considered private can now become part of their permanent record.

But even as they increasingly use apps that understand what they say, most people don’t realize that the words they speak are not so private anymore, either.

Top-secret documents from the archive of former NSA contractor Edward Snowden show the National Security Agency can now automatically recognize the content within phone calls by creating rough transcripts and phonetic representations that can be easily searched and stored.

Jump!

Apr 11

John Oliver Takes on Surveillance Reform

The battle over citizens’ right to privacy and the government’s mass collection of private data that has nothing to do with protecting the country from terrorist attacks, is coming to a head on June 1. That’s when the Patriot Act’s section 215, the provision of the act that the NSA used to authorize its bulk telephone metadata collection program, must either be renewed by congress or it expires. The problem is the lack of interest by the American public. In an extended segment of his HBO program, “This Week Tonight,” John Oliver found a subject that might pique their interest, “dick pics.” He presented his idea to Edward Snowden in a one on one exclusive interview.

So why all the trouble? In theory, Snowden’s revelations are old, they have proven to be either inaccessible or not titillating enough for the American public, and Oliver already covered the issue himself on the show in an interview with former NSA chief General Keith Alexander less than a year ago.

As it turns out, Oliver wasn’t satisfied. Using the June 1 expiration of controversial sections of the Patriot Act as a peg, Oliver decided to revive the conversation anew by highlighting one specific aspect of the surveillance issue that a majority of Americans could relate to.

And Sunday’s final product is earning Oliver plaudits across the Internet. In the interview, Oliver accomplishes several feats. He’s not only funny (Snowden apparently misses eating Hot Pockets, the sodium vehicle of the American freezer section), but also incisive and tough. [..]

But most notably of all, Oliver might finally have pinpointed a way to make the debate about surveillance accessible to a wide audience. By honing on one aspect of the government surveillance, the capacity for intelligence agencies to access “dick pics,” he captures the attention and summons the outrage of numerous passersby in a filmed segment in Times Square. Many of those interviewed can’t properly identify Edward Snowden or don’t quite recall what he had done, but all recoil at the thought of government access to intimate photography.

Thanks to John’s interview and the above viral video, which at this posting has

4,723,977 views, the movement to end mass surveillance has new life.

Privacy advocates experienced a major setback in November when a surveillance reform bill, the FREEDOM Act, died in a Senate procedural vote. But now they’re back, and with a new, simple question for Americans – Can they see your junk?

Playing off Oliver’s hilarious skit, one privacy activist built cantheyseemydick.com, which breaks down how each NSA program could be used to access private communications. Despite its flippant tone, the website offers simple explanations of complex programs that are difficult to understand.

On a more serious note, a new coalition of privacy groups led by the Electronic Frontier Foundation (EFF) today launched the Fight 215 campaign calling for an end to the NSA’s bulk collection of Americans’ phone records.

EFF activist Nadia Kayyali told TechCrunch the organizations launched the campaign today because of the impending deadline, but they were very excited about the Last Week Tonight with John Oliver skit and the attention it has already brought to surveillance reform.

With this campaign, the privacy advocates have taken a direct stance, end the bulk collection of Americans’ telephone records. [..]

Even with the new public attention on surveillance reform, privacy advocates face an uphill battle in Congress. Although surveillance reform is an issue that does not fall squarely on party lines, reform efforts in the Democratic-controlled Senate last year were thwarted primarily by Republican votes. Now Republicans control both chambers of Congress.

As the June 1 deadline approaches, no one in Congress has laid out a comprehensive plan to address government surveillance this year. Kayyali attributes the lack of action on the Hill to uncertainty.

“I think a lot of people, including people who want to see good legislation passed, weren’t certain where to start from,” Kayyali said. “It’s hard to say what Congress is thinking.”

As members look to form that plan, Kayyali hopes the new campaign will send them a clear message.

EEF and thirty other civil liberties organizations have launched a call in campaign, Fight 215. They will help connect you to your representatives to tell them to end mass surveillance.

Call Congress Now

Urge them to end mass surveillance under the Patriot Act.

What to say

Hi,

I’m one of your constituents, and I’m calling to urge you to end the NSA’s unconstitutional mass surveillance under the Patriot Act.

NSA surveillance illegally invades my privacy, along with millions of other innocent people, without making me safer.

Ending phone record surveillance is the first step to reining in surveillance abuses by the NSA. The time to put pressure on congress is now.

 

Feb 23

Even Encrypted Phones Are Not Safe from Spy Agencies

According to documents given to The Intercept by whistleblower Edward Snowden, even the newest cell phones (3G, 4G and LTE0 are not safe from the spies of the NSA and it British counterpart, GCHQ. According to the article, one of the largest manufacturers of SIM cards, which all cell phones depend on for communications, were hacked by these agencies spies who stole the encryption keys. This has given them access to even to billions of cell phones all over the world. As usual, Intercept contributors, Jeremy Scahill and Josh Begley are very thorough in their extensive article but here is the core or the report:

The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.

In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”

With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt. [..]

GCHQ and the NSA could have taken any number of routes to steal SIM encryption keys and other data. They could have physically broken into a manufacturing plant. They could have broken into a wireless carrier’s office. They could have bribed, blackmailed or coerced an employee of the manufacturer or cellphone provider. But all of that comes with substantial risk of exposure. In the case of Gemalto, hackers working for GCHQ remotely penetrated the company’s computer network in order to steal the keys in bulk as they were en route to the wireless network providers. [..]

TOP-SECRET GCHQ documents reveal that the intelligence agencies accessed the email and Facebook accounts of engineers and other employees of major telecom corporations and SIM card manufacturers in an effort to secretly obtain information that could give them access to millions of encryption keys. They did this by utilizing the NSA’s X-KEYSCORE program, which allowed them access to private emails hosted by the SIM card and mobile companies’ servers, as well as those of major tech corporations, including Yahoo and Google.

In effect, GCHQ clandestinely cyberstalked Gemalto employees, scouring their emails in an effort to find people who may have had access to the company’s core networks and Ki-generating systems. The intelligence agency’s goal was to find information that would aid in breaching Gemalto’s systems, making it possible to steal large quantities of encryption keys. The agency hoped to intercept the files containing the keys as they were transmitted between Gemalto and its wireless network provider customers.

GCHQ operatives identified key individuals and their positions within Gemalto and then dug into their emails. In one instance, GCHQ zeroed in on a Gemalto employee in Thailand who they observed sending PGP-encrypted files, noting that if GCHQ wanted to expand its Gemalto operations, “he would certainly be a good place to start.” They did not claim to have decrypted the employee’s communications, but noted that the use of PGP could mean the contents were potentially valuable.

The cyberstalking was not limited to Gemalto. GCHQ operatives wrote a script that allowed the agency to mine the private communications of employees of major telecommunications and SIM “personalization” companies for technical terms used in the assigning of secret keys to mobile phone customers. Employees for the SIM card manufacturers and wireless network providers were labeled as “known individuals and operators targeted” in a top-secret GCHQ document.

According to experts who were interviewed by The Guardain, this is a huge invasive breach and may still be continuing:

Gemalto, the company targeted by the spy agencies, produces 2bn sim cards per year for clients including AT&T, Sprint, T-Mobile and Verizon. The Netherlands-based company operates in 85 countries around the world and provides cards to some 450 wireless network providers globally.

The stolen encryption keys would allow intelligence agencies to monitor mobile communications without the approval or knowledge of telecom companies and foreign governments.

Chris Soghoian, principal technologist at the American Civil Liberties Union, told the Guardian the hack would allow spies to “put an aerial up on the embassy in Berlin and listen in to anyone’s calls in the area”.

Calls made on 3G and 4G mobile networks are encrypted. But with the keys, which a GCHQ slide described as living “in the phone”, spies could access any communication made on a device unless its owner uses an extra layer of encryption.

Soghoian said the latest Snowden revelations meant that it was difficult for anyone to trust the security of a mobile phone. “It is very unlikely that this is an issue that is going to be fixed anytime soon,” he said. “There is no reason for people to trust AT&T, Verizon or anyone at this point. Their systems are hopelessly insecure.”

“The real value of this is that it allows bulk surveillance of telecoms without anyone getting caught,” Soghoian said of hacks like the one at Gemalto, which he said would allow the spy agencies to target “whoever they wanted”.

“In countries where the government will not cooperate, that’s very useful,” he said. “It’s also very useful in countries where the government would help. Germany would allow spy on a suspected terrorist but not on [Angela] Merkel.”

This was the second revelation in what Mike Masnick at Techdirt called “This Week In ‘The NSA Knows F**king Everything’“:

Thought that the revelations of NSA/GCHQ spying were dying out? Having some “surveillance fatigue” from all the stories that have been coming out? Have no fear — or, rather, be very very very fearful — because two big new revelations this week show just how far the NSA will go to make sure it collects everything. First up: your hard drives. Earlier this week, Kaspersky Lab revealed that the NSA (likely) has figured out ways to hide its own spyware deep in pretty much any hard drive made by the most popular hard drive manufacturers: Western Digital, Seagate and Toshiba. [..]

As the report notes, it appears that this is a kind of “sleeper” software, that is buried inside tons of hard drives, but only “turned on” when necessary. The report notes that it’s unclear as to how the NSA was getting this software in there, but that it couldn’t do it without knowing the source code of the hard drive firmware — information that is not easily accessible. A few of the hard drive manufacturers have denied working with the government on this and/or giving them access to the firmware. It’s possible they’re lying/misleading — but it’s also possible that the NSA figured out other ways to get that information.

Scahill and Begley quoted President Barack Obama who just a little over a year ago said when he addressed the NSA spying scandal: “The bottom line is that people around the world, regardless of their nationality, should know that the United States is not spying on ordinary people who don’t threaten our national security and that we take their privacy concerns into account in our policies and procedures.”

Obama again has lied and Congress has failed to rein in the excesses of the NSA and the CIA.

Feb 23

TBC: Morning Musing 2.23.15

I’m going mostly light this Monday morning cuz, let’s be honest, who wants to think too hard on a Monday morning?

First, now you can find out whether you’ve been spied on:

Find Out if You’ve Been Spied on-and Join the Fight for Privacy

Because of the ruling, there is an opportunity for people to try to find out if their communications were among those shared by NSA with GCHQ. Intelligence agencies use information like ip addresses and email addresses as “selectors” when sifting through the massive quantities of data they collect. GCHQ will comply with the IPT’s ruling by searching “selectors” it received from the NSA prior to December 2014.

But this won’t happen automatically. People need to actually file requests with the IPT. To help people do so, PI is collecting people’s names, numbers, and emails in order to assist them in asserting their rights and finding out whether those selectors were subject to unlawful sharing. If they were, PI will help individuals seek a declaration that that person’s privacy rights have been violated under Article 8 and Article 10 of the UK Human Rights Act, the law that codified the European Convention on Human Rights into UK law. Once the IPT issues a declaration for an individual, that individual can also request that their records be deleted. There’s no need to be a UK citizen-anyone can participate.

Jump!

Jan 14

Privacy Under Attack After Charlie Hebdo

Cross posted from The Stars Hollow Gazette

SOPA Reddit Warrior photo refresh31536000resize_h150resize_w1.jpg
Well, this didn’t take long. President Barack Obama and Britain’s Prime Minister David Cameron didn’t let any dust settle.

Cybersecurity bill: privacy activists warn of unnecessarily ‘broad legal immunity’

By Dan Roberts, The Gusrdian

White House hoping legislation will toughen private sector response by allowing companies to share information with government agencies including NSA

Barack Obama plans to announce new cybersecurity measures on Tuesday amid warnings from privacy campaigners about unnecessarily “broad legal immunity” that could put personal information at risk in the wake of attacks like the Sony Pictures hack.

Just a day after the Pentagon’s own Twitter account was compromised and Obama pushed a 30-day window for consumer security breaches, his administration was hoping the proposed legislation would toughen the response of the private sector by allowing companies to share information with government agencies including the NSA – almost immediately and under broad protection. [..]

The administration believes the legislation is necessary partly to give companies legal immunity for sharing information on attacks so that counter-measures can be coordinated, but the White House has stepped back from suggestions that companies should be allowed to individually retaliate against hackers, fearing such encouragement could lead to an escalation of cyber warfare.

A White House statement released in advance of Obama’s speech on Tuesday said it “encourages the private sector to share appropriate cyber threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center”.

David Cameron pledges anti-terror law for internet after Paris attacks

By Nicholas Watt, Rowena Mason and Ian Traynor, The Guardian

PM calls for new laws to break into terrorists’ communications but Nick Clegg warns of encroachment on civil liberties

Britain’s intelligence agencies should have the legal power to break into the encrypted communications of suspected terrorists to help prevent any Paris-style attacks, David Cameron proposed on Monday.

The prime minister said a future Conservative government would aim to deny terrorists “safe space” to communicate online, days after a warning from the director general of MI5, Andrew Parker, that the intelligence agencies are in danger of losing the ability to monitor “dark places” on the net.

His proposed legislation, which would be introduced within the first year of Cameron’s second term in Downing Street if the Conservatives win the election, would provide a new legal framework for Britain’s GCHQ and other intelligence agencies to crack the communications of terror suspects if there was specific intelligence of an imminent attack. Political approval would also be necessary.

They aren’t the only ones leaping on the security train wreck, the French and Italian governments have hooped on board.

More Surveillance Won’t Protect Free Speech

By Jillian York, Electronic Frontier Foundation

Following a terrorist attack, it is not uncommon to hear calls from politicians and government officials for increased surveillance. Fear and grief can lead to quick “solutions” that have significant consequences; as we pointed out last week, some of the most far-reaching surveillance and law enforcement powers around the world were devised in the wake of tragedies.

That’s why what we’re hearing this week-in the wake of the attack on Charlie Hebdo-alarms us. On Friday, French Prime Minister Manuel Valls suggested that “it will be necessary to take further measures” to address the threat of terrorism, despite the fact that French intelligence had collected “reams of intelligence” on the terror suspects, and despite a draconian anti-terror law established last November. As our German colleagues point out in a joint statement, France already has some of the strictest security measures in Europe. [..]

Italian authorities are planning new legislation that would enable the government to seize the passports of those suspected of traveling to Syria to join the Islamic State. Interior Minister Angelino Alfano stated Friday that Italy also needed “greater access to conversations between extremists online,” demanding help from Internet companies to provide the Italian government with better access to such data in order to create a “black list” of those who pose a security threat. [..]

Mass surveillance doesn’t only infringe on our privacy, but also our ability to speak freely. As a recent PEN American study found, for writers around the world, surveillance has the effect of chilling speech. The knowledge, or even the perception of surveillance, can prompt writers to think twice before touching upon a given issue.

Let us resist attempts to use this tragic moment as an opportunity to advance law enforcement surveillance powers. Freedom of speech can only thrive when we also have the right to privacy.

And last but not least, there is Manhattan District Attorney Cyrus Vance, a Democrat, scared that your i-phone is harboring criminals

New York’s Top Prosecutor Says We Need New Laws To Fight iPhone/Android Encryption

By Tim Cushing, Techdirt

from the because-child-murdering-drug-dealers,-of-course dept

The greatest threat to law enforcement since the motocar continues to receive attention from entities aghast at the notion that peoples’ communications and data might not be instantly accessible by law enforcement. Apple’s decision (followed shortly thereafter by Google) to offer default encryption for phone users has kicked off an avalanche of paranoid hyperbole declaring this effort to be a boon for pedophiles, murders and drug dealers.

New laws have been called for and efforts are being made to modify existing laws to force Apple and Google into providing “law enforcement-only” backdoors, as if such a thing were actually possible. New York County’s top prosecutor, Manhattan DA Cyrus Vance — speaking at an FBI-hosted cybersecurity conference — is the latest to offer up a version of “there ought to be a law.”

Mark Jaycox and Lee Tien of Electronic Frontier Foundaton released this statement regarding the president’s proposal.

Statement on President Obama’s Cybersecurity Legislative Proposal

More needs to be done to protect cyberspace and enhance computer security. But President Obama’s cybersecurity legislative proposal recycles old ideas that should remain where they’ve been since May 2011: on the shelf. Introducing information sharing proposals with broad liability protections, increasing penalties under the already draconian Computer Fraud and Abuse Act, and potentially decreasing the protections granted to consumers under state data breach law are both unnecessary and unwelcome.

Information Sharing

The status quo of overweening national security and law enforcement secrecy means that expanded information sharing poses a serious risk of transferring more personal information to intelligence and law enforcement agencies. Given that the White House rightly criticized CISPA in 2013 for potentially facilitating the unnecessary transfer of personal information to the government or other private sector entities when sending cybersecurity threat data, we’re concerned that the Administration proposal will unintentionally legitimize the approach taken by these dangerous bills.

Instead of proposing unnecessary computer security information sharing bills, we should tackle the low-hanging fruit. This includes strengthening the current information sharing hubs and encouraging companies to use them immediately after discovering a threat. [..]

Increased Criminalization

The administration’s proposals to increase penalties in the Computer Fraud and Abuse Act are equally troubling. We agree with the President: “Law enforcement must have appropriate tools to investigate, disrupt and prosecute cyber crime;” however, the past two years of surveillance disclosures has shown law enforcement certainly doesn’t need more legal authorities to conduct digital surveillance or prosecute criminals. [..]

Federal Data Breach Law

The President’s legislative proposal also follows up on yesterday’s announcement to pursue a federal data breach law. Consumers have a right to know when their data is exposed, whether through corporate misconduct, malicious hackers, or under other circumstances. Over 38 states already have some form of breach notification law-so the vast majority of Americans already get some protection on this score. While the President has not yet released detailed legislative language, the Administration’s May 2011 Cybersecurity legislative proposal would preempt state notification laws, removing the strong California standard and replacing it with a weaker standard. [..]

Many of these proposals are old ideas from the administration’s May 2011 Cybersecurity legislative proposal and should be viewed skeptically. While the Administration information sharing proposal may have better privacy protections than dangerously drafted bills like CISPA, we think the initial case for expanding information sharing requires much less secrecy about how intelligence and law enforcement agencies collect and use data on our networks. And instead of increasing penalties under the Computer Fraud and Abuse Act, we’ve long advocated common sense reform to decrease them.

Here’s hoping there are enough sane heads left in legislatures to stop this in its tracks, on both sides of the pond.  

Oct 14

Your Privacy Matters

The NSA, FBI and DOJ are upset with the new Apple and Google encryption apps that they can’t hack. The poor Director of the FBI, James Comey is “concerned” so he plays the “fear card”

“I am a huge believer in the rule of law, but I also believe that no one in this country is beyond the law,” Comey told reporters at FBI headquarters in Washington. “What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law.”

Apple said last week that it would no longer be technically feasible to unlock encrypted iPhones and iPads for law enforcement because the devices would no longer allow user passcodes to be bypassed. The move comes as tech companies struggle to manage public concerns in the aftermath of last year’s leak of classified National Security Agency documents about government access to private user data. [..]

“Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data,” the company said. “So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.”

Comey said that while he understood the need for privacy, government access to mobile devices may be needed in extreme circumstances, such as in the event of a terror attack.

“I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the content of anyone’s closet or their smart phone,” he said. “The notion that someone would market a closet that could never be opened — even if it involves a case involving a child kidnapper and a court order — to me does not make any sense.”

Comey said FBI officials have had conversations with both Apple and Google about the marketing of their devices.

“Google is marketing their Android the same way: Buy our phone and law-enforcement, even with legal process, can never get access to it,” he said.

Why anyone would think that the guy who approved torture believes in the rule of law is beyond me. Trevor Timm at The Guardian dissects what Comey said:

Comey began:

  I am a huge believer in the rule of law, but I also believe that no one in this country is beyond the law. … What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law.

First of all, despite the FBI director’s implication, what Apple and Google have done is perfectly legal, and they are under no obligation under the “the rule of law” to decrypt users’ data if the company itself cannot access your stuff. From 47 U.S. Code § 1002 (emphasis mine):

   A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.

Comey continued:

   I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the content of anyone’s closet or their smart phone.

That’s funny, because literally four months ago, the United States government was saying the exact opposite (pdf) before the US supreme court, arguing that, in fact, the feds shouldn’t need to get a warrant to get inside anyone’s smartphone after you’re arrested. In its landmark June ruling in the case, Riley v California, the court disagreed. So it’s great to see that Jim Comey, too, has come around to the common sense conclusion that cops need a warrant to search your cellphone data, but it would’ve been nice for him to express those sentiments when they actually mattered.

Comey doubled down in another statement with the absurd fear that criminals, like child kidnappers would be able to evade the law. On its face that’s insanely ridiculous since law enforcement has numerous ways tools to access your data. The Intercept‘s Micah Lee points out that Apple still has access to plenty of your data to feed to the Feds. He went on how bemoan the NSA leaks by Edward Snowden has caused the need to protect a person’s private information may have gone too far. How so, Mr. Comey? As Timm notes in his article

Congress has not changed surveillance law at all in the the nearly 16 months since Edward Snowden’s disclosures began, mostly because of the vociferous opposition from intelligence agencies and cops. The pendulum is still permanently lodged squarely on law enforcement’s side. If it has swung at all, it’s because of the aforementioned ruling by the supreme court of the United States, along with tech companies implementing more privacy protections unilaterally because US tech companies are losing billions of dollars because of the government’s spying scandals.

A week ago, The Intercept‘s Glenn Greenwald gave a Ted Talk in Rio de Janeiro on why your privacy matters

Crypto wars redux: why the FBI’s desire to unlock your private life must be resisted

In 1995, the US government tried – and failed – to categorise encryption as a weapon. Today, the same lines are being drawn and the same tactics repeated as the FBI wants to do the same. Here’s why they are wrong, and why they must fail again

Eric Holder, the outgoing US attorney general, has joined the FBI and other law enforcement agencies in calling for the security of all computer systems to be fatally weakened. This isn’t a new project – the idea has been around since the early 1990s, when the NSA classed all strong cryptography as a “munition” and regulated civilian use of it to ensure that they had the keys to unlock any technological countermeasures you put around your data.

In 1995, the Electronic Frontier Foundation won a landmark case establishing that code was a form of protected expression under the First Amendment to the US constitution, and since then, the whole world has enjoyed relatively unfettered access to strong crypto. [..]

The arguments then are the arguments now. Governments invoke the Four Horsemen of the Infocalypse (software pirates, organised crime, child pornographers, and terrorists) and say that unless they can decrypt bad guys’ hard drives and listen in on their conversations, law and order is a dead letter.

On the other side, virtually every security and cryptography expert tries patiently to explain that there’s no such thing as “a back door that only the good guys can walk through” (hat tip to Bruce Schneier). Designing a computer that bad guys can’t break into is impossible to reconcile with designing a computer that good guys can break into.

If you give the cops a secret key that opens the locks on your computerised storage and on your conversations, then one day, people who aren’t cops will get hold of that key, too. The same forces that led to bent cops selling out the public’s personal information to Glen Mulcaire and the tabloid press will cause those cops’ successors to sell out access to the world’s computer systems, too, only the numbers of people who are interested in these keys to the (United) Kingdom will be much larger, and they’ll have more money, and they’ll be able to do more damage.

Long live The Republic.

Jul 25

How To Get On The Terrorist Watch List Without Ever Trying

Are you on the Department of Homeland Security’s Terrorist Watch List or No-Fly List? If you are, there is no way for you to find out but we now know what the criteria is and it’s pretty fast and loose with the rules. The Intercept investigative journalists Jeremy Scahill and Ryan Devereaux have obtained a copy of the guidelines from a document that was issued by the National Counterterrorism Center, the “March 2013 Watchlisting Guidance.” In an extensive article, they examine how the government is using secret rules  “putting individuals on its main terrorist database, as well as the no fly list and the selectee list, which triggers enhanced screening at airports and border crossings.”

The new guidelines allow individuals to be designated as representatives of terror organizations without any evidence they are actually connected to such organizations, and it gives a single White House official the unilateral authority to place “entire categories” of people the government is tracking onto the no fly and selectee lists. It broadens the authority of government officials to “nominate” people to the watchlists based on what is vaguely described as “fragmentary information.” It also allows for dead people to be watchlisted.

Over the years, the Obama and Bush Administrations have fiercely resisted disclosing the criteria for placing names on the databases-though the guidelines are officially labeled as unclassified. In May, Attorney General Eric Holder even invoked the state secrets privilege to prevent watchlisting guidelines from being disclosed in litigation launched by an American who was on the no fly list. In an affidavit, Holder called them a “clear roadmap” to the government’s terrorist-tracking apparatus, adding: “The Watchlisting Guidance, although unclassified, contains national security information that, if disclosed … could cause significant harm to national security.” [..]

The document’s definition of “terrorist” activity includes actions that fall far short of bombing or hijacking. In addition to expected crimes, such as assassination or hostage-taking, the guidelines also define destruction of government property and damaging computers used by financial institutions as activities meriting placement on a list. They also define as terrorism any act that is “dangerous” to property and intended to influence government policy through intimidation.

This combination-a broad definition of what constitutes terrorism and a low threshold for designating someone a terrorist-opens the way to ensnaring innocent people in secret government dragnets. It can also be counterproductive. When resources are devoted to tracking people who are not genuine risks to national security, the actual threats get fewer resources-and might go unnoticed. [..]

The fallout is personal too. There are severe consequences for people unfairly labeled a terrorist by the U.S. government, which shares its watchlist data with local law enforcement, foreign governments, and “private entities.” Once the U.S. government secretly labels you a terrorist or terrorist suspect, other institutions tend to treat you as one. It can become difficult to get a job (or simply to stay out of jail). It can become burdensome-or impossible-to travel. And routine encounters with law enforcement can turn into ordeals. [..]

The government has been widely criticized for making it impossible for people to know why they have been placed on a watchlist, and for making it nearly impossible to get off. The guidelines bluntly state that “the general policy of the U.S. Government is to neither confirm nor deny an individual’s watchlist status.” But the courts have taken exception to the official silence and footdragging: In June, a federal judge described the government’s secretive removal process as unconstitutional and “wholly ineffective.”

The difficulty of getting off the list is highlighted by a passage in the guidelines stating that an individual can be kept on the watchlist, or even placed onto the watchlist, despite being acquitted of a terrorism-related crime. The rulebook justifies this by noting that conviction in U.S. courts requires evidence beyond a reasonable doubt, whereas watchlisting requires only a reasonable suspicion. Once suspicion is raised, even a jury’s verdict cannot erase it.

Not even death provides a guarantee of getting off the list. The guidelines say the names of dead people will stay on the list if there is reason to believe the deceased’s identity may be used by a suspected terrorist-which the National Counterterrorism Center calls a “demonstrated terrorist tactic.” In fact, for the same reason, the rules permit the deceased spouses of suspected terrorists to be placed onto the list after they have died.

Essentially, once a person is on these lists their Fourth Amendment rights are completely ignored, as Mike Masnick at Techdirt points out individuals are subjected to extra scrutiny, essentially allowing the government to sift through every aspect of a person’s life:

In addition to data like fingerprints, travel itineraries, identification documents and gun licenses, the rules encourage screeners to acquire health insurance information, drug prescriptions, “any cards with an electronic strip on it (hotel cards, grocery cards, gift cards, frequent flyer cards),” cellphones, email addresses, binoculars, peroxide, bank account numbers, pay stubs, academic transcripts, parking and speeding tickets, and want ads. The digital information singled out for collection includes social media accounts, cell phone lists, speed dial numbers, laptop images, thumb drives, iPods, Kindles, and cameras. All of the information is then uploaded to the TIDE (Terrorist Identities Datamart Environment) database.

Screeners are also instructed to collect data on any “pocket litter,” scuba gear, EZ Passes, library cards, and the titles of any books, along with information about their condition-“e.g., new, dog-eared, annotated, unopened.” Business cards and conference materials are also targeted, as well as “anything with an account number” and information about any gold or jewelry worn by the watchlisted individual. Even “animal information” – details about pets from veterinarians or tracking chips-is requested. The rulebook also encourages the collection of biometric or biographical data about the travel partners of watchlisted individuals.

At FDL’s The Dissenter, Kevin Gosztola discusses how this loop-hole ridden criteria violate a person’s rights and are inherently discriminatory towards Muslims:

There are a few general points to make in order to fully understand what this vague criteria for watchlisting means.

First of all, it is important not to ignore the anti-Muslim racism that likely influences a number of aspects of the watchlisting process. The idea that Muslims are “predisposed” to commit acts of violence is pervades the national security establishment. Training materials on fighting terrorism have been used by government agencies in previous years that deal with theories of “radicalization” and such training promotes prejudice, as evidenced by the fact that one NSA official used the slur “Mohammed Raghead” in an NSA memo.

Second, a federal district court in Oregon recently decided violated due process rights of Americans placed on the No-Fly List because it is nearly impossible to challenge inclusion and clear one’s name. The ACLU represented thirteen Americans, who have never engaged in any terrorist activity, in this case. Each person experienced hardship because they ended up on the No-Fly List.

The guidance shows why there needs to be a process established for getting off watchlists, especially the No-Fly List.

Finally, there is absolutely no reasonable justification for why this rulebook and any version of it from 2001 to 2014 should be secret. The watchlisting guidance is marked “unclassified.” There is nothing in it that will endanger any Americans.

Jeremy and Ryna sat down for an an interview with Huffington Post‘s Alyona Minkovski. During the discussion, Ryan called the these guidelines a “global stop and frisk program.”

Recently there were two court rulings that pertain to getting off the No-Fly list and a Supreme Court decision that bars warrantless searches of cell phones. Precisely how how those rulings will impact the guidelines remains to be seen but it is fairly obvious that the Obama administration has little regard for the rule of law.

Jul 17

Edward Snowden Calls on Professionals to Protect Private Communications

On July 10, NSA whistleblower Edward Snowden sat down for an interview with Alan Rusbridger, editor-in-chief of the Guardian, and reporter Ewen MacAskill in Moscow.

Over the course of seven hours, he talked about the need for professionals to protect the confidentiality of their clients in the light of the surveillance by spy agencies. He also spoke about his life in Moskow and the specious accusations that he was spying for Russia or had given the information he took from the NSA to Russian authorities.

(Snowden):

• Said if he ended up in US detention in Guantánamo Bay he could live with it.

• Offered rare glimpses into his daily life in Russia, insisting that, contrary to reports that he is depressed, he is not sad and does not have any regrets. He rejected various conspiracy theories surrounding him, describing as “bullshit” suggestions he is a Russian spy.

• Said that, contrary to a claim he works for a Russian organisation, he was independently secure, living on savings, and money from awards and speeches he has delivered online round the world.

• Made a startling claim that a culture exists within the NSA in which, during surveillance, nude photographs picked up of people in “sexually compromising” situations are routinely passed around.

• Spoke at length about his future, which seems destined to be spent in Russia for the foreseeable future after expressing disappointment over the failure of western European governments to offer him a home.

• Said he was holding out for a jury trial in the US rather a judge-only one, hopeful that it would be hard to find 12 jurors who would convict him if he was charged with an offence to which there was a public interest defence. Negotiations with the US government on a return to his country appear to be stalled.

Jul 10

Americans Spied On By NSA & FBI Without Cause

Cross posted from The Stars Hollow Gazette

The National Security Agency and the Federal Bureau if Investigation was given authorization by a judge with the top-secret Foreign Intelligence Surveillance Court to spy on five Americans because of their political activity and, umm, their Middle Eastern names:

Meet the Muslim-American Leaders the FBI and NSA Have Been Spying On

By Glenn Greenwald and Murtaza Hussain

he National Security Agency and FBI have covertly monitored the emails of prominent Muslim-Americans-including a political candidate and several civil rights activists, academics, and lawyers-under secretive procedures intended to target terrorists and foreign spies.

According to documents provided by NSA whistleblower Edward Snowden, the list of Americans monitored by their own government includes:

• Faisal Gill, a longtime Republican Party operative and one-time candidate for public office who held a top-secret security clearance and served in the Department of Homeland Security under President George W. Bush;

• Asim Ghafoor, a prominent attorney who has represented clients in terrorism-related cases;

• Hooshang Amirahmadi, an Iranian-American professor of international relations at Rutgers University;

• Agha Saeed, a former political science professor at California State University who champions Muslim civil liberties and Palestinian rights;

• Nihad Awad, the executive director of the Council on American-Islamic Relations (CAIR), the largest Muslim civil rights organization in the country.

The individuals appear on an NSA spreadsheet in the Snowden archives called “FISA recap”-short for the Foreign Intelligence Surveillance Act. Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to believe that American targets are not only agents of an international terrorist organization or other foreign power, but also “are or may be” engaged in or abetting espionage, sabotage, or terrorism. The authorizations must be renewed by the court, usually every 90 days for U.S. citizens.he National Security Agency and FBI have covertly monitored the emails of prominent Muslim-Americans-including a political candidate and several civil rights activists, academics, and lawyers-under secretive procedures intended to target terrorists and foreign spies.

According to documents provided by NSA whistleblower Edward Snowden, the list of Americans monitored by their own government includes:

• Faisal Gill, a longtime Republican Party operative and one-time candidate for public office who held a top-secret security clearance and served in the Department of Homeland Security under President George W. Bush;

• Asim Ghafoor, a prominent attorney who has represented clients in terrorism-related cases;

• Hooshang Amirahmadi, an Iranian-American professor of international relations at Rutgers University;

• Agha Saeed, a former political science professor at California State University who champions Muslim civil liberties and Palestinian rights;

• Nihad Awad, the executive director of the Council on American-Islamic Relations (CAIR), the largest Muslim civil rights organization in the country.

The individuals appear on an NSA spreadsheet in the Snowden archives called “FISA recap”-short for the Foreign Intelligence Surveillance Act. Under that law, the Justice Department must convince a judge with the top-secret Foreign Intelligence Surveillance Court that there is probable cause to believe that American targets are not only agents of an international terrorist organization or other foreign power, but also “are or may be” engaged in or abetting espionage, sabotage, or terrorism. The authorizations must be renewed by the court, usually every 90 days for U.S. citizens. [..]

The five Americans whose email accounts were monitored by the NSA and FBI have all led highly public, outwardly exemplary lives. All five vehemently deny any involvement in terrorism or espionage, and none advocates violent jihad or is known to have been implicated in any crime, despite years of intense scrutiny by the government and the press. Some have even climbed the ranks of the U.S. national security and foreign policy establishments.

[..]

Asim Ghafoor says his first-hand experience working on behalf of other Muslim-Americans has led him to believe that “the U.S. government embarked on a very systematic approach” to target his community.

“I saw the government specifically go after Muslim people who were involved in certain activities such as charity work, humanitarian work, political activism,” he says. “Maybe they had some website that had some speeches that nobody ever read or even noticed, maybe they had some bloodcurdling speeches. So the government just treated you like you were blowing up the next tower. They treated you like you were going to be the Manchurian Candidate, you were going to destroy America from within. There were U.S. attorneys, FBI agents, DHS agents, customs agents all over the country that were trying to find the next terror cell in their midst. If you were involved in those activities and maybe you were on a student visa and you didn’t quite fill out the paperwork, you were hosed. There is no question about it, you were worse off than a migrant worker in Dubai. You were just packed up and sent home. Life became very, very unbearable for them.”

Even a U.S. citizen like Faisal Gill, who served his country both in the armed forces and in the White House, found himself spied on by his own government. “I was a very conservative, Reagan-loving Republican,” he says. “If somebody like me could be surveilled, then [there are] other people out there I can only imagine who are under surveillance.

“I went to school here as a fourth grader – learned about the Revolutionary War, learned about individual rights, Thomas Jefferson, all these things,” he continues. “That is ingrained in you – your privacy is important. And to have that basically invaded for no reason whatsoever – for the fact that I didn’t do anything – I think that’s troubling. And I think that certainly goes to show how we need to shape policy differently than it is right now.”

As per Huffington Post‘s Ryan Grim, Glenn Greenwald received the permission of all five named in the article before printing their names.

This is the Democratic administration of Barack Hussein Obama.

Load more