When you enter your POP / IMAP e-mail credentials into a Blackberry 10 phone they will be sent to Blackberry without your consent or knowledge. A server with the IP 188.8.131.52 which is in the Research In Motion (RIM) netblock in Canada will instantly connect to your mailserver and log in with your credentials. If you do not have forced SSL/TLS configured on your mail server, your credentials will be sent in the clear by Blackberrys server for the connection. Blackberry thus has not only your e-mail credentials stored in its database, it makes them available to anyone sniffing inbetween – namely the NSA and GCHQ as documented by the recent Edward Snowden leaks. Canada is a member of the “Five Eyes”, the tigh-knitted cooperation between the interception agencies of USA, UK, Canada, Australia and New Zealand, so you need to assume that they have access to RIMs databases. You should delete your e-mail accounts from any Blackberry 10 device immediately, change the e-mail password and resort to use an alternative mail program like K9Mail.
As an aside during testimony on Capitol Hill today, a National Security Agency representative rather casually indicated that the government looks at data from a universe of far, far more people than previously indicated.
Chris Inglis, the agency’s deputy director, was one of several government representatives—including from the FBI and the office of the Director of National Intelligence—testifying before the House Judiciary Committee this morning. Most of the testimony largely echoed previous testimony by the agencies on the topic of the government’s surveillance, including a retread of the same offered examples for how the Patriot Act and Foreign Intelligence Surveillance Act had stopped terror events.
But Inglis’ statement was new. Analysts look “two or three hops” from terror suspects when evaluating terror activity, Inglis revealed. Previously, the limit of how surveillance was extended had been described as two hops. This meant that if the NSA were following a phone metadata or web trail from a terror suspect, it could also look at the calls from the people that suspect has spoken with—one hop. And then, the calls that second person had also spoken with—two hops. Terror suspect to person two to person three. Two hops. And now: A third hop.
For a sense of scale, researchers at the University of Milan found in 2011 that everyone on the Internet was, on average, 4.74 steps away from anyone else.
Gives the average number of people you’re connected to as 634, or 669 for internet users. At 634 and three hops that leads to 254,840,104 individuals records, and at 669 it’s 299,418,309 people per suspected terrorist. Basically the entire population of the US for each suspected terrorist.
There’s an easy solution to overwork the NSA: Everyone friend Kevin Bacon on facebook.
Contradicting a statement by ex-vice president Dick Cheney on Sunday that warrantless domestic surveillance might have prevented 9/11, 2007 court records indicate that the Bush-Cheney administration began such surveillance at least 7 months prior to 9/11.
Officers use counter-terrorism laws to remove a mobile phone from any passenger they wish coming through UK air, sea and international rail ports and then scour their data.
The blanket power is so broad they do not even have to show reasonable suspicion for seizing the device and can retain the information for “as long as is necessary”.
Data can include call history, contact books, photos and who the person is texting or emailing, although not the contents of messages.
David Anderson QC, the independent reviewer of terrorism laws, is expected to raise concerns over the power in his annual report this week.
Until you visit the yearly Expo, it’s easy enough to forget that the U.S. borderlands are today ground zero for the rise, growth, and spread of a domestic surveillance state. On June 27th, the Senate passed the Border Security, Economic Opportunity, and Immigration Modernization Act. Along with the claim that it offers a path to citizenship to millions of the undocumented living in the United States (with many stringent requirements), in its more than 1,000 pages it promises to build the largest border-policing and surveillance apparatus ever seen in the United States. The result, Senator John McCain proudly said, will be the “most militarized border since the fall of the Berlin Wall.”
Yes, that same wall that his hero, Reagan, wanted torn down.
In a world where basic services are being cut, an emerging policing apparatus in the borderlands is flourishing. As Mattea Kramer and Chris Hellman reported at TomDispatch in February, since September 11, 2001, the United States has spent $791 billion on “homeland security” alone, an inflation-adjusted $300 billion more than the cost of the entire New Deal.
But at least this time around, that money is spent on the ‘right’ people.
Maybe it’s time the Internet adopted a “sarcasm” tag to alert readers to the use of irony in online conversation, and, hopefully, avoid situations like that of Justin Carter, a Texas teenager who has been in jail since February over a Facebook comment that failed to make a woman in Canada LOL.
Earlier this year, Carter and a friend got into an Facebook argument with someone regarding “League of Legends,” an online video game with notoriously die-hard fans. Justin’s father, Jack, explained to ABC local affiliate KVUE that at the end of the conversation “[s]omeone had said something to the effect of ‘Oh you’re insane, you’re crazy, you’re messed up in the head,’ to which [Justin] replied ‘Oh yeah, I’m real messed up in the head, I’m going to go shoot up a school full of kids and eat their still, beating hearts,’ and the next two lines were lol and jk [all sic].”
In case you’ve never been online before today: Internet shorthand LOL stands for “laughing out loud”; JK means “just kidding.”
Britain’s spy agency GCHQ has secretly gained access to the network of cables which carry the world’s phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).
The sheer scale of the agency’s ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.
One key innovation has been GCHQ’s ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.
GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.
There’s been plenty of commentary concerning the latest NSA leak concerning its FISA court-approved “rules” for when it can keep data, and when it needs to delete it. As many of you pointed out in the comments to that piece — and many others are now exploring — the rules seem to clearly say that if your data is encrypted, the NSA can keep it. Specifically, the minimization procedures say that the NSA has to destroy the communication it receives once it’s determined as domestic unless they can demonstrate a few facts about it. As part of this, the rules note:
In the context of a cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.
If you licked your envelope shut, you might be evil, so we’ll keep the letter until we can find the right letter opener.
In other words, if your messages are encrypted, the NSA is keeping them until they can decrypt them. And, furthermore, as we noted earlier, the basic default is that if the NSA isn’t sure about anything, it can keep your data. And, if it discovers anything at all remotely potentially criminal about your data, it can keep it, even if it didn’t collect it for that purpose.
Americans hate terrorists and love our kids, right? So you might be shocked to know that preschoolers with guns have taken more lives so far this year than the single U.S. terrorist attack, which claimed four lives in Boston.
The U.S. House of Representatives voted again Thursday to allow the indefinite military detention of Americans, blocking an amendment that would have barred the possibility.
Congress wrote that authority into law in the National Defense Authorization Act two years ago, prompting outrage from civil libertarians on the left and right. President Barack Obama signed the measure, but insisted his administration would never use it.
Supporters of detention argue that the nation needs to be able to arrest and jail suspected terrorists without trial, including Americans on U.S. soil, for as long as there is a war on terror. Their argument won, and the measure was defeated by a vote of 200 to 226.
Microsoft Corp. (MSFT), the world’s largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes.
Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesn’t ask and can’t be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.
Michael Hayden, who formerly directed the National Security Agency and the CIA, described the attention paid to important company partners: “If I were the director and had a relationship with a company who was doing things that were not just directed by law but were also valuable to the defense of the Republic, I would go out of my way to thank them and give them a sense as to why this is necessary and useful.”
“You would keep it closely held within the company and there would be very few cleared individuals,” Hayden said.
If necessary, a company executive, known as a “committing officer,” is given documents that guarantee immunity from civil actions resulting from the transfer of data. The companies are provided with regular updates, which may include the broad parameters of how that information is used.
Intel Corp. (INTC)’s McAfee unit, which makes Internet security software, regularly cooperates with the NSA, FBI and the CIA, for example, and is a valuable partner because of its broad view of malicious Internet traffic, including espionage operations by foreign powers, according to one of the four people, who is familiar with the arrangement.
Such a relationship would start with an approach to McAfee’s chief executive, who would then clear specific individuals to work with investigators or provide the requested data, the person said. The public would be surprised at how much help the government seeks, the person said.
- They know you rang a phone sex service at 2:24 am and spoke for 18 minutes. But they don’t know what you talked about.
- They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
- They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don’t know what was discussed.
- They know you received a call from the local NRA office while it was having a campaign against gun legislation, and then called your senators and congressional representatives immediately after. But the content of those calls remains safe from government intrusion.
- They know you called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood’s number later that day. But nobody knows what you spoke about.
Today, Yahoo’s General Counsel posted a carefully worded denial regarding the company’s alleged participation in the NSA PRISM program. To the casual observer, it might seem like a categorical denial. I do not believe that Yahoo’s denial is as straightforward as it seems.
If it had, even if I couldn’t talk about it, in all likelihood I would no longer be working at Google: the fact that we do stand up for individual users’ privacy and protection, for their right to have a personal life which is not ever shared with other people without their consent, even when governments come knocking at our door with guns, is one of the two most important reasons that I am at this company: the other being a chance to build systems which fundamentally change and improve the lives of billions of people by turning the abstract power of computing into something which amplifies and expands their individual, mental life.
Strong statement. And here’s Google’s chief legal officer, David Drummond:
We cannot say this more clearly — the government does not have access to Google servers—not directly, or via a back door, or a so-called drop box. Nor have we received blanket orders of the kind being discussed in the media.
The government has cited the privilege in two active lawsuits being heard by a federal court in the northern district of California – Virginia v Barack Obama et al, and Carolyn Jewel v the National Security Agency. In both cases, the Obama administration has called for the cases to be dismissed on the grounds that the government’s secret activities must remain secret.The claim comes amid a billowing furore over US surveillance on the mass communications of Americans following disclosures by the Guardian of a massive NSA monitoring programme of Verizon phone records and internet communications.The director of national intelligence, James Clapper, has written in court filings that “after careful and actual personal consideration of the matter, based upon my own knowledge and information obtained in the course of my official duties, I have determined that the disclosure of certain information would cause exceptionally grave damage to the national security of the United States. Thus, as to this information, I formally assert the state secrets privilege.”The use of the privilege has been personally approved by President Obama and several of the administration’s most senior officials: in addition to Clapper, they include the director of the NSA Keith Alexander and Eric Holder, the attorney general. “The attorney general has personally reviewed and approved the government’s privilege assertion in these cases,” legal documents state.
A British Defense Ministry press advisory committee, reacting to a flurry of revelations in the American press about massive warrantless US government electronic surveillance programs, quietly warned UK organizations Friday not to publish British national security information.
Defiance of the advisory could make British journalists vulnerable to prosecution under the Official Secrets Act.
Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said: “I would just push back on the idea that the court has signed off on it, so why worry? This is a court that meets in secret, allows only the government to appear before it, and publishes almost none of its opinions. It has never been an effective check on government.”
Several companies contacted by The Post said they had no knowledge of the program, did not allow direct government access to their servers and asserted that they responded only to targeted requests for information.
“We do not provide any government organization with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”
“We have never heard of PRISM,” said Steve Dowling, a spokesman for Apple. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”
It is possible that the conflict between the PRISM slides and the company spokesmen is the result of imprecision on the part of the NSA author. In another classified report obtained by The Post, the arrangement is described as allowing “collection managers [to send] content tasking instructions directly to equipment installed at company-controlled locations,” rather than directly to company servers.
Government officials and the document itself made clear that the NSA regarded the identities of its private partners as PRISM’s most sensitive secret, fearing that the companies would withdraw from the program if exposed. “98 percent of PRISM production is based on Yahoo, Google and Microsoft; we need to make sure we don’t harm these sources,” the briefing’s author wrote in his speaker’s notes.
Anyone who uses Skype has consented to the company reading everything they write. The H’s associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.
On Wednesday night, Burnett interviewed Tim Clemente, a former FBI counterterrorism agent, about whether the FBI would be able to discover the contents of past telephone conversations between the two. He quite clearly insisted that they could:
BURNETT: Tim, is there any way, obviously, there is a voice mail they can try to get the phone companies to give that up at this point. It’s not a voice mail. It’s just a conversation. There’s no way they actually can find out what happened, right, unless she tells them?
CLEMENTE: "No, there is a way. We certainly have ways in national security investigations to find out exactly what was said in that conversation. It’s not necessarily something that the FBI is going to want to present in court, but it may help lead the investigation and/or lead to questioning of her. We certainly can find that out.
BURNETT: "So they can actually get that? People are saying, look, that is incredible.
CLEMENTE: "No, welcome to America. All of that stuff is being captured as we speak whether we know it or like it or not."
"All of that stuff" – meaning every telephone conversation Americans have with one another on US soil, with or without a search warrant – "is being captured as we speak".
The federal government needs to do better at tracking and evaluating some of its program spending to ensure taxpayer dollars are being well-spent, Auditor General Michael Ferguson found in his spring report released today, and one of the most striking examples is that it can’t account for $3.1 billion in anti-terrorism funding.
Out of $12 billion, $3.1 billion can’t be accounted for. Not exactly missing, we just can’t say what we did with it.
A man’s attempt to bring the ashes of his grandfather home to Indianapolis ended with an angry scene in a Florida airport, with the ashes spilled on the terminal floor.
John Gross, a resident of Indianapolis’ south side, was leaving Florida with the remains of his grandfather — Mario Mark Marcaletti, a Sicilian immigrant who worked for the Penn Central Railroad in central Indiana — in a tightly sealed jar marked “Human Remains.”
Gross said he didn’t think he’d have a problem, until he ran into a TSA agent at the Orlando airport.
“They opened up my bag, and I told them, ‘Please, be careful. These are my grandpa’s ashes,’” Gross told RTV6′s Norman Cox. “She picked up the jar. She opened it up.
“I was told later on that she had no right to even open it, that they could have used other devices, like an X-ray machine. So she opened it up. She used her finger and was sifting through it. And then she accidentally spilled it.”
Gross says about a quarter to a third of the contents spilled on the floor, leaving him frantically trying to gather up as much as he could while anxious passengers waited behind him.
“She didn’t apologize. She started laughing. I was on my hands and knees picking up bone fragments. I couldn’t pick up all, everything that was lost. I mean, there was a long line behind me.”
TSA rules say a crematory container in carry-on baggage must pass through the X-ray machine at the security checkpoint.
But the agency’s own website says human remains are to be opened under, no circumstances.
“I want an apology, said Gross. I want an apology from TSA. I want an apology from the lady who opened the jar and laughed at me. I want them to help me understand where they get off treating people like this.”
In trying to clear up the ‘misconceptions’ about the conduct of fusion centers, Arkansas State Fusion Center Director Richard Davis simply confirmed Americans’ fears: the center does in fact spy on Americans – but only on those who are suspected to be ‘anti-government’.
“The misconceptions are that we are conducting spying operations on US citizens, which is of course not a fact. That is absolutely not what we do,” he told the NWA Homepage, which supports KNWA-TV and Fox 24.
After claiming that his office ‘absolutely’ does not spy on Americans, he proceeded to explain that this does not apply to those who could be interpreted as a ‘threat’ to national security. Davis said his office places its focus on international plots, “domestic terrorism and certain groups that are anti-government. We want to kind of take a look at that and receive that information.”
A bumbling TSA agent “playing around” with a pepper-spray container at Kennedy Airport fired the caustic liquid at five fellow screeners yesterday, sending all six to the hospital, a source told The Post.
The agent, Chris Yves Dabel, discovered the device at the Terminal 2 security checkpoint and tried to determine if it was real, a source told The Post.
He told Port Authority cops that he “found the canister on the floor and thought it was a laser pointer.”
“They were playing around with it,” said one Kennedy Airport official.
The screener sprayed five other TSA agents around him, sending all six to Jamaica Hospital and halting security checks at Kennedy for at least 15 minutes, police said.
Despite the pervasiveness of law enforcement surveillance of digital communication, the FBI still has a difficult time monitoring Gmail, Google Voice, and Dropbox in real time. But that may change soon, because the bureau says it has made gaining more powers to wiretap all forms of Internet conversation and cloud storage a “top priority” this year.
A businessman sold fake bomb detectors to Iraq, Saudi Arabia, Georgia and Niger, the Old Bailey has been told.
James McCormick’s Advanced Detection Equipment was based on a golf ball finder device and marketed to military, governments and police, the jury heard.
Prosecutors said fake detectors sold for up to $40,000 (£27,000) had no grounding in science and made “fantastic” claims.
Now if he only would have sold dowsing rods, it would have been fine…
A Department of Homeland Security program intended to give “trusted traveler” status to low-risk airline passengers soon will be extended to Saudi travelers, opening the program to criticism for accommodating the country that produced 15 of the 19 hijackers behind the Sept. 11, 2001, terrorist attacks.
A 23-year-old man being sought by police Wednesday made his way through a security checkpoint at John F. Kennedy International Airport while carrying a stun-gun, a law-enforcement official said.
The suspect, who was wanted after allegedly raping his former girlfriend, had been waiting in line inside Terminal Four to board an 8:40 a.m. flight to London on Wednesday when he was taken into custody by U.S. Customs and Border Protection officers, the official said. He was carrying a gym bag which was found to contain clothing, toiletries and a 3,800K-volt stun-gun, which is on the list of banned items for airplane travel.
The suspect was turned over to New York Police Department detectives, who are investigating accusations that he assaulted and raped his 19-year-old ex-girlfriend at her Queens apartment after arriving from Greece three days ago. He was expected to be charged later Wednesday and his name wasn’t released.
A TSA spokesperson couldn’t immediately comment on the incident.
“The internet of things, in a broad sense, is where we are starting to see everything from planes to cargo devices getting connected,” Bulman said. “The latest planes we are getting, the Boeing 787s, are incredibly connected. Literally every piece of that plane has an internet connection, from the engines, to the flaps, to the landing gear.
He continued: “If there is a problem with one of the engines we will know before it lands to make sure that we have the parts there. It is getting to the point where each different part of the plane is telling us what it is doing as the flight is going on.”
This level of operational insight will involve generating large amounts of data from each 787 aircraft, he explained. “We can get upwards of half a terabyte of data from a single flight from all of the different devices which are internet connected,” Bulman said.
%ssh left-engine.flightKL746.boeing.com Last login: Sat Mar 9 13:14:12 2013 from 184.108.40.206 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. left-engine$ left-engine$ shutdown -h now left-engine shutting down. Log off now or risk losing your work! connection lost. %
In a notable relaxation of its existing security protocols, the Transportation Security Administration announced Thursday that it will henceforth allow small terrorists on commercial aircraft. “After reviewing our longstanding policies, we have decided to ease our boarding requirements to allow any terrorist 5 feet tall or shorter to enter the airplane cabin,” TSA administrator John S. Pistole said in a prepared statement, specifying that any violent radical attempting to pass through security will be subject to an additional screening ensuring they weigh less than 135 pounds and are no broader than 18 inches at their widest point. “It’s a simple system that hopefully everyone will be able to understand. We will also display a height chart outside security checkpoints so as to eliminate any confusion.” Pistole added that any terrorists not falling within the acceptable boarding dimensions will have to be checked.