Tag Archives: National Security Agency

Suit by Wikimedia and partners targets American mass surveillance

National Security Agency headquarters, Fort Meade, Maryland. U.S. government photo, public domain

National Security Agency headquarters, Fort Meade, Maryland. U.S. government photo, public domain

A law suit aimed at mass surveillance was filed Tuesday against America’s  National Security Agency and Department of Justice, by the Wikimedia Foundation and eight other complainants.

“The surveillance exceeds the scope of the authority that Congress provided in the FISA Amendments Act of 2008 (“FAA”) and violates the First and Fourth Amendments,” stated the suit, filed in Maryland. “Because it is predicated on programmatic surveillance orders issued by the Foreign Intelligence Surveillance Court (“FISC”) in the absence of any case or controversy, the surveillance also violates Article III of the Constitution.”

 A statement from Wikimedia said the suit challenges the NSA’s large-scale search and seizure of internet communications, and aims “to end this mass surveillance program in order to protect the rights of our users around the world.”

“Surveillance erodes the original promise of the internet: an open space for collaboration and experimentation, and a place free from fear,” said Wikipedia founder Jimmy Wales in the statement.

“Wikipedia is founded on the freedoms of expression, inquiry, and information,” said foundation executive director Lila Tretikov. “By violating our users’ privacy, the NSA is threatening the intellectual freedom that is central to people’s ability to create and understand knowledge.”

The joint suit was filed by the Wikimedia Foundation; the U.S. National Association of Criminal Defense Lawyers;  Human Rights Watch; Amnesty International; PEN American Centre; the Global Fund for Women; the Nation Magazine; the Rutherford Institute; and the Washington Office on Latin America. 

The defendants are the U.S. National Security Agency; NSA director Adm. Michael S. Rogers; the office of the Director of National Intelligence and its director James R. Clapper; U.S. Attorney General Eric H. Holder.

Excerpt of the statement:

Privacy is the bedrock of individual freedom. It is a universal right that sustains the freedoms of expression and association. These principles enable inquiry, dialogue, and creation and are central to Wikimedia’s vision of empowering everyone to share in the sum of all human knowledge. When they are endangered, our mission is threatened. If people look over their shoulders before searching, pause before contributing to controversial articles, or refrain from sharing verifiable but unpopular information, Wikimedia and the world are poorer for it. …

Our case today challenges the NSA’s use of upstream surveillance conducted under the authority of the 2008 Foreign Intelligence Surveillance Act Amendments Act (FAA). Upstream surveillance taps the internet’s “backbone” to capture communications with “non-U.S. persons.” The FAA authorizes the collection of these communications if they fall into the broad category of “foreign intelligence information” that includes nearly any information that could be construed as relating to national security or foreign affairs. The program casts a vast net, and as a result, captures communications that are not connected to any “target,” or may be entirely domestic. This includes communications by our users and staff.

References:

Read the full Wikimedia Foundation statement here: http://wikimediafoundation.org/wiki/Press_releases/Wikimedia_v._NSA:_Wikimedia_Foundation_files_suit_against_NSA_to_challenge_upstream_mass_surveillance

Read the legal suit, Case 1:15-cv-00662-RDB Document 1 filed in U.S. District Court, District of Maryland, here: https://upload.wikimedia.org/wikipedia/foundation/4/44/Wikimedia_v._NSA_Complaint.pdf

Q&A: Why is the Wikimedia Foundation suing the NSA? ACLU blog post: https://www.aclu.org/blog/national-security/qa-why-wikimedia-foundation-suing-nsa

Reports elsewhere, by Reuters; Politico; Guardian;  PC Magazine; Time Magazine

Related stories on F&O:

Spy scandal confirms Germans’ growing mistrust of Washington, July, 2014, Jonathan Manthorpe column (paywall)

Privacy Tools: Encrypt What You Can, May 2014

What Edward Snowden said to European Parliamentarians,  March 2014

Privacy Tools: How to Safely Browse the Web, January, 2014

Evidence lacking in U.S. claim that NSA thwarted attacks, October, 2013

~~~

Facts and Opinions is an online journal of select and first-rate reporting and analysis, in words and images: a boutique for select journalism, without borders. Independent, non-partisan and employee-owned, F&O performs journalism for citizens, funded entirely by readers. We do not carry advertising or solicit donations from foundations or causes. Help sustain us by telling others about us, and purchasing a $1 day pass or subscription, from $2.95/month to $19.95/year. To receive F&O’s free blog emails fill in the form on the FRONTLINES page.

 

Posted in Current Affairs Also tagged , |

Privacy Tools: Encrypt What You Can

 

In the course of writing her book, Dragnet Nation, Julia Angwin tried various strategies to protect her privacy. In this series of book excerpts and adaptations, she distills the lessons from her privacy experiments into tips for readers.

by Julia Angwin, ProPublica

Ever since Edward Snowden revealed the inner secrets of the NSA, he has been urging Americans to use encryption to protect themselves from rampant spying.

Keyboard_typing

Photo credit: NotFromUtrecht, GNU Free Documentation License

“Encryption does work,” Snowden said, via a remote connection at the SXSW tech conference. “It is a defense against the dark arts for the digital realm.”

ProPublica has written about the NSA’s attempts to break encryption, but we don’t know for sure how successful the spy agency has been, and security experts still recommend using these techniques.

And besides, who doesn’t want to defend against the dark arts? But getting started with encryption can be daunting. Here are a few techniques that most people can use.

Encrypt the data you store. This protects your data from being read by people with access to your computer.

  • Encrypt your hard drive so that if you lose your computer or you get hacked, your information will be safe. Most recent Apple Macintosh computers contain a built-in encryption system called FileVault that is simple to use. Some versions of Microsoft’s Windows 7 also contain a built-in encryption system called BitLocker. Another popular solution is the free, open-source program TrueCrypt, which can either encrypt individual files or entire partitions of your computer or an external hard drive.
  • Encrypt your smartphone’s hard drive. Yes 2014 your smartphone has a hard drive much like your computer has. In fact, your phone probably contains as much 2014 or more 2014 sensitive information about you as your computer does. Apple doesn’t let you encrypt your smart phone’s hard drive or the files on it, though it allows encryption of your phone’s backup files on iTunes or iCloud. You can also use Find my iPhone to remotely “wipe,” or delete the data on your iPhone or iPad if it is lost or stolen. Google’s Android operating system lets you encrypt your phone hard drive.
  • Encrypt the data you store in the cloud. I use the SpiderOak encrypted cloud service. If an encrypted cloud service were somehow forced to hand over their servers, your data would still be safe, because it’s encrypted using a key stored only on your computer. However, this also means that if you lose your password, they can’t help you. The encrypted data would be unrecoverable.

Encrypt the data you transmit. The Snowden revelations have revealed that U.S. and British spy agencies are grabbing as much unencrypted data as they can find as it passes over the Internet. Encrypting your data in transit can protect it against spy agencies, as well as commercial data gatherers.

  • Install HTTPS Everywhere on your Web browser. This encrypts your Web browsing sessions, protecting you from hackers and spy agencies that scoop up unencrypted traffic across the Internet. Not every site works properly with HTTPS Everywhere, though an increasing number do.
  • Use encrypted texting apps with friends who install the same apps on their phones. On the iPhone, Silent Circle and Wickr offer apps for encrypted texting. On Android, the TextSecure app encrypts texts in transit and when they are stored on your device.
  • Use the Off-the-Record Messaging protocol to encrypt your instant messaging conversations. You can still use your favorite instant-messaging service, such as Gchat or AIM, though you’ll need to use a software client that supports the Off-the-Record protocol. On Macs, free software called Adium can enable OTR chats, and on Windows, you can use Pidgin. Once you’ve set up OTR and gone through a simple verification step, you can IM as you usually do. Both parties have to use OTR for the encryption to work.
  • Use Gnu Privacy Guard to encrypt your email conversations. Like OTR, if you’re using GPG you’ll need the people you email with to use it as well in order to encrypt your conversations. I use free software called GPG Tools with Enigmail and Postbox. GPG Tools also works directly with Apple’s built-in Mail program.

    GPG has some shortcomings 2014 it’s difficult-to-impossible to use it with the mail program built into most smartphones, and you can’t use it easily with webmail like Gmail. (Although there are some new web-based mail programs that use GPG called Mailvelope and StartMail that I haven’t had a chance to try yet.)

    The most difficult part of GPG is that, unlike the encrypted texting and instant messaging programs, you have to generate a secret key and keep it somewhere secure (usually on your computer or on a USB stick). This often means you can only send GPG mail when you have your key with you. Even so, it is incredibly satisfying once you send your first message and watch it transform into a block of numbers and letters when you click “encrypt.”

Creative Commons

Independent, non-partisan and employee-owned, FactsandOpinions serves, and is funded by, readers. We do not carry advertising or solicit donations from foundations or causes. Our original work in Dispatches, Think and Photo-Essays is available for a $1 site day pass or at a modest subscription price. Use the SUBSCRIBE  form on our free Frontlines blog to receive blog stories and notices of all new work on site.


Posted in Current Affairs Also tagged , , , |

Edward Snowden writes to Europe

Europe has released American whistle-blower Edward Snowden’s written responses to questions by members of the European Parliament. Europe is expected to decide soon on a controversial “Safe Harbour” data transmission and privacy agreement with the United States, considered essential for American technology companies like Google to operate in Europe.

F&O reports in Dispatches, Publica, here. (Public access)

~~~

Independent, non-partisan and employee-owned, F&O performs journalism for citizens, funded entirely by readers. We do not carry advertising or solicit donations from non-journalism foundations or causes. Subscribe by email to our free FRONTLINES, a log of new works, with the odd small story or finding. Evidence-based reporting in DISPATCHES, commentary, analysis and creative non-fiction in THINK, and our PHOTO-ESSAYS, are available for a $1 site day pass or at a modest subscription price.

Posted in All, Current Affairs Also tagged , , |

Privacy Tools: How to Safely Browse the Web

 

In the course of writing her book, Dragnet Nation, ProPublica reporter Julia Angwin tried various strategies to protect her privacy. In this blog post, she distills the lessons from her privacy experiments into useful tips for readers.

by Julia Angwin, ProPublica

One of the easiest and simplest things you can do to protect your privacy is to be a smarter Web browser.

This is surprisingly difficult because most popular Web browsing software is set up to allow users to be tracked by default. The reason is simple economics — you don’t pay for Web browsing software, so the companies that make it have to find other ways to make money.

The most egregious example of this conflict came in 2008 when Microsoft’s advertising executives helped quash a plan by the engineers to build better privacy protections into the Internet Explorer 8 Web browser. Microsoft has since added additional protections — but they are not turned on by default. The situation is no better at Google, whose Chrome Web browser has “buried and discouraged” the “Do Not Track” button, and is pioneering the use of new tracking technology that cannot be blocked. And it’s worth noting that the other big Web browser maker, Mozilla Corp., receives 85 percent of its revenues (PDF) from its agreement to make Google the default search engine on Firefox.

Even worse, many of the tools that Web browsers offer to protect privacy are not effective. Tracking companies have refused to honor the “Do Not Track” button. And Google Chrome’s “Incognito” mode and Internet Explorer’s “InPrivate Browsing” mode won’t protect you from being tracked. Those settings simply prevent other people who use your Web browser after you to see where you’ve been online.

And so, in order to prevent the most common types of tracking, I ended up loading up my Web browser — Mozilla’s Firefox — with a bunch of extra software. It sounds like a lot of work, but most of this software can be installed in a few minutes. Here’s what I used:

  • I installed “HTTPS Everywhere,” created by the Electronic Frontier Foundation and the Tor Project. This tool forces your Web browser to use encrypted Internet connections to any website that will allow it. This prevents hackers — and the United States National Security Agency — from eavesdropping on your Internet connections.
  • I also installed Disconnect, a program created by former Google engineer Brian Kennish, which blocks advertisers and social networks, such as Facebook and Twitter, from tracking which websites you visit.
  • And finally I set my default search engine to be DuckDuckGo, a search engine that doesn’t store any of the information that is automatically transmitted by your computer — the IP address and other digital footprints — so DuckDuckGo has no way to link your search queries to you. That means DuckDuckGo won’t auto-complete your search queries based on your previous searches or based on your physical location, as Google does. So you’ll have to be a little smarter about your searches, and remember to bookmark the pages that you visit often, to save time.

After browsing with my ungainly setup for nearly a year, I found a Web browser that had all the features I wanted built in — called WhiteHat Aviator. It has built-in HTTPS Everywhere, it doesn’t retain or sell your online activity, and it uses Disconnect to block trackers from advertisers and social media companies. Its default search engine is DuckDuckGo.

It’s built by a computer security firm called WhiteHat Security, but it hasn’t been audited by any computer security experts yet, as far as I can tell. So use it at your own risk (and currently you can only use it on the Mac OSX operating system). But I’ve been using it for a few months, and after some bugginess in the beginning, I’ve started to enjoy the unusual feeling of having privacy as a default setting.

Re-published by F&O under Creative Commons licence  


Posted in All, Current Affairs Also tagged , , , , , , |