U.S. communications increasingly travel across U.S. borders — or are stored beyond them. For example, the Google and Yahoo e-mail systems rely on networks of “mirror” servers located throughout the world. An e-mail from New York to New Jersey is likely to wind up on servers in Brazil, Japan and Britain. The same is true for most purely domestic communications.
Executive Order 12333 contains nothing to prevent the NSA from collecting and storing all such communications — content as well as metadata — provided that such collection occurs outside the United States in the course of a lawful foreign intelligence investigation. No warrant or court approval is required, and such collection never need be reported to Congress. None of the reforms that Obama announced earlier this year will affect such collection.
Governments on every continent are hiding an increasing reliance on private companies to snoop on citizens’ digital lives, the U.N. human rights office said Wednesday.
Stepping into a fierce debate over digital privacy rights, the U.N. office says it has strong evidence of a growing complicity among private companies in government spying. It says governments around the world are using both the law and covert methods to access private content and metadata.
U.N. High Commissioner for Human Rights Navi Pillay said the lack of transparency and tactics extend to governments’ ”de facto coercion of companies to gain broad access to information and data on citizens without them knowing.”
Her office’s report to the U.N. General Assembly says concerns about the erosion in privacy have increased since last year’s revelations of U.S. and British mass surveillance. The report said stricter laws are needed to prevent violations and ensure accountability when digital technology and surveillance is misused. It warned that mass surveillance is becoming “a dangerous habit rather than an exceptional measure.”
William Binney is one of the highest-level whistleblowers to ever emerge from the NSA. He was a leading code-breaker against the Soviet Union during the Cold War but resigned soon after September 11, disgusted by Washington’s move towards mass surveillance.
On 5 July he spoke at a conference in London organised by the Centre for Investigative Journalism and revealed the extent of the surveillance programs unleashed by the Bush and Obama administrations.
“At least 80% of fibre-optic cables globally go via the US”, Binney said. “This is no accident and allows the US to view all communication coming in. At least 80% of all audio calls, not just metadata, are recorded and stored in the US. The NSA lies about what it stores.”
Back in the day there was talk about “jamming echelon” by adding keywords to email that the echelon system was supposedly looking for. We can do the same thing for XKeyScore: jam the system with more information than it can handle.
Ironischerweise sind es nach den speziellen Regeln, die NDR und WDR vorliegen, also ausgerechnet Personen mit dem Wunsch nach Anonymisierung, die zum Ziel der NSA werden. In den Augen des Geheimdienstes: Extremisten. Das ist keine Rhetorik, keine journalistische Zuspitzung. Der Begriff befindet sich sogar in der Kommentarspalte des Quelltexts, notiert von Programmierern der NSA.
Extremisten? Das Gegenteil ist der Fall, wie die Recherchen zeigen. Die deutschen Opfer sind politisch keinesfalls am äußeren Rand zu finden. Extrem sind sie allein in einem Punkt: Sie sind besorgt um die Sicherheit ihrer Daten. Und genau das macht sie in den Augen des US-Geheimdienstes verdächtig.
Darko Medic, 18, kurze braune Haare, sitzt vor seinem Laptop. Er gibt “Tails” und “USB” in die Maske seiner Suchmaschine ein. Was Darko nicht weiß: Er ist damit gerade ebenfalls in einer Datenbank der NSA gelandet. Markiert als einer der Extremisten, nach denen die Geheimdienstler so fleißig suchen.
Denn was die Regeln des Quellcodes ebenfalls verraten: Die NSA beobachtet im großen Stil die Suchanfragen weltweit – auch in Deutschland. Allein schon die einfache Suche nach Verschlüsselungssoftware wie “Tails” reicht aus, um ins Raster der NSA zu geraten. Die Verbindung der Anfrage mit Suchmaschinen macht verdächtig. Seine Suche nach “Tails” öffnet eine Tür, einen Zugang zu Darko und seiner Welt. Einmal in der Datenbank, kann jede Anfrage von Darko gezielt abgerufen werden. Darko ist unter Beobachtung.
A federal privacy watchdog is largely putting its support behind a major pillar of the National Security Agency’s foreign snooping.
A draft version of a new Privacy and Civil Liberties Oversight Board (PCLOB) report released late Tuesday said that NSA programs targeting foreigners are effective, legal and show “no trace” of “illegitimate activity,” though some changes should be made to better protect Americans’ privacy.
The conclusion stands in stark contrast to a previous blistering report from the PCLOB, which ruled the NSA’s bulk collection of Americans’ phone records illegal earlier this year.
Makes you wonder what kind of dirt does the NSA has on the board members…
In Sachen Ausspähen scheint die NSA wieder einen Schritt voraus zu sein: Medienberichten zufolge belauscht der amerikanische Geheimdienst auch das neue Krypto-Handy der Kanzlerin.
Nach Bekanntwerden des NSA-Lauschangriffs auf die Bundesregierung sollten neue Verschlüsselungs-Smartphones des Typs BlackBerry 10 die Gespräche der Kanzlerin und ihres Kabinetts vor unbefugtem Mithören schützen. Doch der amerikanische Geheimdienst hat auch die neuen Krypto-Telefone bereits entschlüsselt, berichtet die “Bild am Sonntag”. Ein ranghoher Mitarbeiter des US-Geheimdienstes in Deutschland habe das bestätigt. “Die technischen Veränderungen beeinträchtigen unsere Arbeit nicht” sagte der Abhör-Spezialist der Bild.
The million dollar question is now how the nsa got access to the new blackberry+secusmart…
And to go above the million dollar prize… I find it hard to believe the german government is stupid enough to buy an enhanced version of an insecure and subverted platform. If I were Merkel I would wonder who gave me this advice. Why not follow the same path as the French did – have a local defense contractor do a limited edition modification of the german cryptophone.
And for us peons, it’s safe to assume our smartphone usage is unsecurable and act accordingly.
In the latest gaffe to demonstrate the privacy perils of anonymized data, New York City officials have inadvertently revealed the detailed comings and goings of individual taxi drivers over more than 173 million trips.
City officials released the data in response to a public records request and specifically obscured the drivers’ hack license numbers and medallion numbers. Rather than including those numbers in plaintext, the 20 gigabyte file contained one-way cryptographic hashes using the MD5 algorithm. Instead of a record showing medallion number 9Y99 or hack number 5296319, for example, those numbers were converted to 71b9c3f3ee5efb81ca05e9b90c91c88f and 98c2b1aeb8d40ff826c6f1580a600853, respectively. Because they’re one-way hashes, they can’t be mathematically converted back into their original values. Presumably, officials used the hashes to preserve the privacy of individual drivers since the records provide a detailed view of their locations and work performance over an extended period of time.
It turns out there’s a significant flaw in the approach. Because both the medallion and hack numbers are structured in predictable patterns, it was trivial to run all possible iterations through the same MD5 algorithm and then compare the output to the data contained in the 20GB file. Software developer Vijay Pandurangan did just that, and in less than two hours he had completely de-anonymized all 173 million entries.
The Obama administration has caved in to pressure from the European Union in the wake of Edward Snowden’s revelations on surveillance by promising to pass legislation granting European citizens many of the privacy protection rights enjoyed by US citizens.
The proposed law would apply to data on European citizens being transferred to the US for what Washington says is law enforcement purposes.
So they are going to lie to us in the exact same way they lie to their own citizens. Not much of an improvement.
Holder said: “The Obama administration is committed to seeking legislation that would ensure that … EU citizens would have the same right to seek judicial redress for intentional or wilful disclosures of protected information and for refusal to grant access or to rectify any errors in that information, as would a US citizen under the Privacy Act.
So, in practice, none at all.
In a major statement on privacy rights in the digital age, the Supreme Court on Wednesday unanimously ruled that the police need warrants to search the cellphones of people they arrest.
This week German news magazine Der Spiegel published the largest single set of files leaked by whistleblower and former US National Security Agency contractor Edward Snowden. The roughly 50 documents show the depth of the German intelligence agencies’ collusion with the NSA.
They suggest that the German Intelligence Agency (BND), the country’s foreign spy agency, and the Office for the Protection of the Constitution (BfV), the German domestic spy agency, worked more closely with the NSA than they have admitted – and more than many observers thought.
Among its “success stories,” the documents praise how the German government was able to weaken the public’s protection from surveillance. “The German government has changed its interpretation of the G10 law, which protects German citizens’ communications, to allow the BND to be more flexible with the sharing of protected information with foreign partners.” Germany’s G10 law regulates in what circumstances its intelligence agencies are allowed to break Article 10 of the German constitution, which guarantees the privacy of letters and telecommunications.
Police in Florida have, at the request of the U.S. Marshals Service, been deliberately deceiving judges and defendants about their use of a controversial surveillance tool to track suspects, according to newly obtained emails.
At the request of the Marshals Service, the officers using so-called stingrays have been routinely telling judges, in applications for warrants, that they obtained knowledge of a suspect’s location from a “confidential source” rather than disclosing that the information was gleaned using a stingray.
A series of five emails (.pdf) written in April, 2009, were obtained today by the American Civil Liberties Union showing police officials discussing the deception. The organization has filed Freedom of Information Act requests with police departments throughout Florida seeking information about their use of stingrays.
“Concealing the use of stingrays deprives defendants of their right to challenge unconstitutional surveillance and keeps the public in the dark about invasive monitoring by local police,” the ACLU writes in a blog post about the emails. “And local and federal law enforcement should certainly not be colluding to hide basic and accurate information about their practices from the public and the courts.”
The U.S. Marshals Service did not respond to a call for comment.
Britain’s top counter-terrorism official has been forced to reveal a secret government policy justifying the mass surveillance of every Facebook, Twitter, Youtube and Google user in the UK, a group of rights organizations announced today.
The organizations published the policy, described in a written statement by Charles Farr, Director General of the Office for Security and Counter Terrorism, after they brought a legal challenge against the UK government.
The document reveals that UK intelligence agency GCHQ (Government Communications Headquarters) believes it is entitled to indiscriminately intercept web searches by British residents or communications between British residents.
“British citizens will be alarmed to see their government justifying industrial-scale intrusion into their communications,” said Michael Bochenek, Amnesty International’s Senior Director for Law and Policy.
“The public should demand an end to this wholesale violation of their right to privacy.”
The government’s approach, which had to date not been made explicitly clear, defines almost all communications via Facebook and other social networking sites, as well as all web searches via Google, to be “external communications” because they use web-based “platforms” based in the USA.
The distinction between “internal” and “external” communications is crucial. Under the Regulation of Investigatory Powers Act (RIPA), which regulates the surveillance powers of public bodies, “internal” communications may only be intercepted under a specific warrant.
This past Wednesday, the CIA held its first ever Conference on National Security at Georgetown University. It included plenty of the usual talking heads spouting nonsense, but I wanted to focus in on one particular talking head spouting particularly ridiculous nonsense. It’s our old friend, Rep. Mike Rogers, who is retiring from Congress to try to become an even bigger blowhard on talk radio (as if that’s possible). Apparently, Rogers is using this conference to practice the classical blowhard strategy of making a variety of absolutely ridiculous claims that directly contradict each other.
It wasn’t touted onstage, but a new iOS 8 feature is set to cause havoc for location trackers, and score a major win for privacy. As spotted by Frederic Jacobs, the changes have to do with the MAC address used to identify devices within networks. When iOS 8 devices look for a connection, they randomize that address, effectively disguising any trace of the real device until it decides to connect to a network.
“Any phone using iOS 8 will be invisible to the process”
Why are iPhones checking out Wi-Fi networks in disguise? Because there’s an entire industry devoted to tracking customers through that signal. As The New York Times reported last summer, shops from Nordstrom’s to JC Penney have tried out the system. (London even tried out a system using public trash cans.) The system automatically logs any phone within Wi-Fi range, giving stores a complete record of who walked into the shop and when. But any phone using iOS 8 will be invisible to the process, potentially calling the whole system into question.
A federal judge has ordered the government to stop destroying National Security Agency surveillance records that could be used to challenge the legality of its spying programs in court.
U.S. District Court Judge Jeffrey White’s ruling came at the request of the Electronic Frontier Foundation, which is in the midst of a case challenging NSA’s ability to surveil foreign citizen’s U.S.-based email and social media accounts.
According to the EFF, the signals intelligence agency and the Department of Justice were knowingly destroying key evidence in the case by purposefully misinterpreting earlier preservation orders by multiple courts, multiple times.
A routine request in Florida for public records regarding the use of a surveillance tool known as stingray took an extraordinary turn recently when federal authorities seized the documents before police could release them.
The surprise move by the U.S. Marshals Service stunned the American Civil Liberties Union, which earlier this year filed the public records request with the Sarasota, Florida, police department for information detailing its use of the controversial surveillance tool.
The ACLU had an appointment last Tuesday to review documents pertaining to a case investigated by a Sarasota police detective. But marshals swooped in at the last minute to grab the records, claiming they belong to the U.S. Marshals Service and barring the police from releasing them.
ACLU staff attorney Nathan Freed Wessler called the move “truly extraordinary and beyond the worst transparency violations” the group has seen regarding documents detailing police use of the technology.
“This is consistent with what we’ve seen around the country with federal agencies trying to meddle with public requests for stingray information,” Wessler said, noting that federal authorities have in other cases invoked the Homeland Security Act to prevent the release of such records. “The feds are working very hard to block any release of this information to the public.”
Stingrays, also known as IMSI catchers, simulate a cellphone tower and trick nearby mobile devices into connecting with them, thereby revealing their location. A stingray can see and record a device’s unique ID number and traffic data, as well as information that points to its location. By moving a stingray around, authorities can triangulate a device’s location with greater precision than is possible using data obtained from a carrier’s fixed tower location.
My legal saga started last summer with a knock at the door, behind which stood two federal agents ready to to serve me with a court order requiring the installation of surveillance equipment on my company’s network.
My company, Lavabit, provided email services to 410,000 people – including Edward Snowden, according to news reports – and thrived by offering features specifically designed to protect the privacy and security of its customers. I had no choice but to consent to the installation of their device, which would hand the US government access to all of the messages – to and from all of my customers – as they travelled between their email accounts other providers on the Internet.
But that wasn’t enough. The federal agents then claimed that their court order required me to surrender my company’s private encryption keys, and I balked. What they said they needed were customer passwords – which were sent securely – so that they could access the plain-text versions of messages from customers using my company’s encrypted storage feature. (The government would later claim they only made this demand because of my “noncompliance”.)
Bothered by what the agents were saying, I informed them that I would first need to read the order they had just delivered – and then consult with an attorney. The feds seemed surprised by my hesitation.
What ensued was a flurry of legal proceedings that would last 38 days, ending not only my startup but also destroying, bit by bit, the very principle upon which I founded it – that we all have a right to personal privacy.
Then, a federal judge entered an order of contempt against me – without even so much as a hearing.
But the judge created a loophole: without a hearing, I was never given the opportunity to object, let alone make any any substantive defense, to the contempt change. Without any objection (because I wasn’t allowed a hearing), the appellate court waived consideration of the substantive questions my case raised – and upheld the contempt charge, on the grounds that I hadn’t disputed it in court. Since the US supreme court traditionally declines to review decided on wholly procedural grounds, I will be permanently denied justice.
a case held in a secret court where the defendant isn’t allowed adequate time to find counsel, defendant found in contempt without any chance to object, contempt charge upheld on appeal because there was no objection, Supreme Court says “no thanks” to hearing the case because it was all decided on procedural grounds….
Guys, reminder – Kafka is a novel, not a manual.
In the government’s view, there is no need to ask whether the 2008 law violates Americans’ privacy rights, because in this context Americans have no rights to be violated.
Despite the fact that I spend hundreds of dollars a year and hours of work to host my own email server, Google has about half of my personal email!
The personal financial data of millions of taxpayers could be sold to private firms under laws being drawn up by HM Revenue & Customs in a move branded “dangerous” by tax professionals and “borderline insane” by a senior Conservative MP.
Despite fears that it could jeopardise the principle of taxpayer confidentiality, the legislation would allow HMRC to release anonymised tax data to third parties including companies, researchers and public bodies where there is a public benefit. According to HMRC documents, officials are examining “charging options”.
The government insists that there will be suitable safeguards on personal data. But the plans, being overseen by the Treasury minister David Gauke, are likely to provoke serious worries among privacy campaigners and MPs in the wake of public concern about the government’s Care.data scheme – a plan to share “anonymised” medical records with third parties.
The Care.data initiative has now been suspended for six months over fears that people could be identified from the supposedly anonymous data, which turned out to contain postcodes, dates of birth, NHS numbers, ethnicity and gender.
HMRC’s chequered record on data is likely to come under scrutiny given historical scandals involving the loss of personal information about 25 million child benefit claimants and 15,000 bank customers.
There is a quote from you in this context that concerns me. In 2009 you said: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” The essence of freedom is precisely the fact that I am not obliged to disclose everything that I am doing, that I have a right to confidentiality and, yes, even to secrets; that I am able to determine for myself what I wish to disclose about myself. The individual right to this is what makes a democracy. Only dictatorships want transparent citizens instead of a free press.
Against this background, it greatly concerns me that Google – which has just announced the acquisition of drone manufacturer Titan Aerospace – has been seen for some time as being behind a number of planned enormous ships and floating working environments that can cruise and operate in the open ocean. What is the reason for this development? You don’t have to be a conspiracy theorist to find this alarming.
Historically, monopolies have never survived in the long term. Either they have failed as a result of their complacency, which breeds its own success, or they have been weakened by competition – both unlikely scenarios in Google’s case. Or they have been restricted by political initiatives.
Another way would be voluntary self-restraint on the part of the winner. Is it really smart to wait until the first serious politician demands the breakup of Google? Or even worse – until the people refuse to follow?
Microsoft is not unique in claiming the right to read users’ emails – Apple, Yahoo and Google all reserve that right as well, the Guardian has determined.
The broad rights email providers claim for themselves has come to light following Microsoft’s admission that it read a journalist’s Hotmail account in an attempt to track down the source of an internal leak. But most webmail services claim the right to read users’ email if they believe that such access is necessary to protect their property.
The senior lawyer for the National Security Agency stated unequivocally on Wednesday that US technology companies were fully aware of the surveillance agency’s widespread collection of data, contradicting months of angry denials from the firms.
Rajesh De, the NSA general counsel, said all communications content and associated metadata harvested by the NSA under a 2008 surveillance law occurred with the knowledge of the companies – both for the internet collection program known as Prism and for the so-called “upstream” collection of communications moving across the internet.
Asked during a Wednesday hearing of the US government’s institutional privacy watchdog if collection under the law, known as Section 702 or the Fisa Amendments Act, occurred with the “full knowledge and assistance of any company from which information is obtained,” De replied: “Yes.”
When the Guardian and the Washington Post broke the Prism story in June, thanks to documents leaked by whistleblower Edward Snowden, nearly all the companies listed as participating in the program – Yahoo, Apple, Google, Microsoft, Facebook and AOL – claimed they did not know about a surveillance practice described as giving NSA vast access to their customers’ data. Some, like Apple, said they had “never heard” the term Prism.
De explained: “Prism was an internal government term that as the result of leaks became the public term,” De said. “Collection under this program was a compulsory legal process, that any recipient company would receive.”
“We did not anticipate finding much evidence one way or the other, however, since the MetaPhone participant population is small, and participants only provide a few months of phone activity on average. We were wrong. We found that phone metadata is unambiguously sensitive, even in a small population and over a short time window. We were able to infer medical conditions, firearm ownership, and more, using solely phone metadata.”
The National Security Agency has told Sen. Bernie Sanders (I-Vt.) that it can not answer his question about whether it collects information on members of Congress because doing so would violate the law.
In a letter to Sanders, which was obtained by The Huffington Post, Gen. Keith Alexander, who heads the agency, insisted that nothing the NSA “does can fairly be characterized as ‘spying on Members of Congress or American elected officials.’” But Alexander wouldn’t go more in depth than that, arguing that he would be violating the civilian protections of the program if he did.
“Among those protections is the condition that NSA can query the metadata only based on phone numbers reasonably suspected to be associated with specific foreign terrorist groups,” Alexander wrote. “For that reason, NSA cannot lawfully search to determine if any records NSA has received under the program have included metadata of the phone calls of any member of Congress, other American elected officials, or any other American without the predicate.”
The National Security Agency likes to claim that intelligence officers are only collecting the phone records of millions of Americans, safely omitting their actual names from analysis. But a Stanford researcher, Jonathan Mayer, found that he and his co-author could easily match so-called “meta-data” to individual names with little more than a Google search.
“If a few academic researchers can get this far this quickly, it’s difficult to believe the NSA would have any trouble identifying the overwhelming majority of American phone numbers,” they wrote.
As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.
Documents leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a “back door” in encryption products, the New York Times reported in September. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products.
Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.