Tag Archives: National Security Agency

New Snowden Documents Reveal Secret Memos Expanding Spying

by Julia Angwin & Jeff Larson, ProPublica, Charlie Savage, the New York Times, and Henrik Moltke, special to ProPublica
June, 2015

Without public notice or debate, the Obama administration expanded the National Security Agency’s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified NSA documents.

In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad — including traffic that flows to suspicious Internet addresses or contains malware, the documents show.

The Justice Department allowed the agency to monitor only addresses and “cybersignatures” — patterns associated with computer intrusions — that it could tie to foreign governments. But the documents also note that the NSA sought permission to target hackers even when it could not establish any links to foreign powers.

The disclosures, based on documents provided by Edward J. Snowden, the former NSA contractor, and shared with the New York Times and ProPublica, come at a time of unprecedented cyberattacks on American financial institutions, businesses and government agencies, but also of greater scrutiny of secret legal justifications for broader government surveillance.

While the Senate passed legislation this week limiting some of the NSA’s authority, it involved provisions in the U.S.A. Patriot Act and did not apply to the warrantless wiretapping program.

Government officials defended the NSA’s monitoring of suspected hackers as necessary to shield Americans from the increasingly aggressive activities of foreign governments. But critics say it raises difficult trade-offs that should be subject to public debate.

The NSA’s activities run “smack into law enforcement land,” said Jonathan Mayer, a cybersecurity scholar at Stanford Law School who has researched privacy issues and who reviewed several of the documents. “That’s a major policy decision about how to structure cybersecurity in the U.S. and not a conversation that has been had in public.”

It is not clear what standards the agency is using to select targets. It can be hard to know for sure who is behind a particular intrusion — a foreign government or a criminal gang — and the NSA is supposed to focus on foreign intelligence, not law enforcement.

The government can also gather significant volumes of Americans’ information — anything from private emails to trade secrets and business dealings — through Internet surveillance because monitoring the data flowing to a hacker involves copying that information as the hacker steals it.

One internal NSA document notes that agency surveillance activities through “hacker signatures pull in a lot.” Brian Hale, the spokesman for the Office of the Director of National Intelligence, said, “It should come as no surprise that the U.S. government gathers intelligence on foreign powers that attempt to penetrate U.S. networks and steal the private information of U.S. citizens and companies.” He added that “targeting overseas individuals engaging in hostile cyberactivities on behalf of a foreign power is a lawful foreign intelligence purpose.”

The effort is the latest known expansion of the NSA’s warrantless surveillance program, which allows the government to intercept Americans’ cross-border communications if the target is a foreigner abroad. While the NSA has long searched for specific email addresses and phone numbers of foreign intelligence targets, the Obama administration three years ago started allowing the agency to search its communications streams for less-identifying Internet protocol addresses or strings of harmful computer code.

The surveillance activity traces to changes that began after the Sept. 11 terrorist attacks. The government tore down a so-called wall that prevented intelligence and criminal investigators from sharing information about suspected spies and terrorists. The barrier had been erected to protect Americans’ rights because intelligence investigations use lower legal standards than criminal inquiries, but policy makers decided it was too much of an obstacle to terrorism investigations.

The NSA also started the warrantless wiretapping program, which caused an outcry when it was disclosed in 2005. In 2008, under the FISA Amendments Act, Congress legalized the surveillance program so long as the agency targeted only noncitizens abroad. A year later, the new Obama administration began crafting a new cybersecurity policy — including weighing whether the Internet had made the distinction between a spy and a criminal obsolete.

“Reliance on legal authorities that make theoretical distinctions between armed attacks, terrorism and criminal activity may prove impractical,” the White House National Security Council wrote in a classified annex to a policy report in May 2009, which was included in the NSA’s internal files.

About that time, the documents show, the NSA — whose mission includes protecting military and intelligence networks against intruders — proposed using the warrantless surveillance program for cybersecurity purposes. The agency received “guidance on targeting using the signatures” from the Foreign Intelligence Surveillance Court, according to an internal newsletter.

In May and July 2012, according to an internal timeline, the Justice Department granted its secret approval for the searches of cybersignatures and Internet addresses. The Justice Department tied that authority to a pre-existing approval by the secret surveillance court permitting the government to use the program to monitor foreign governments.

That limit meant the NSA had to have some evidence for believing that the hackers were working for a specific foreign power. That rule, the NSA soon complained, left a “huge collection gap against cyberthreats to the nation” because it is often hard to know exactly who is behind an intrusion, according to an agency newsletter. Different computer intruders can use the same piece of malware, take steps to hide their location or pretend to be someone else.

So the NSA, in 2012, began pressing to go back to the surveillance court and seek permission to use the program explicitly for cybersecurity purposes. That way, it could monitor international communications for any “malicious cyberactivity,” even if it did not yet know who was behind the attack.

The newsletter described the further expansion as one of “highest priorities” of the NSA director, Gen. Keith B. Alexander. However, a former senior intelligence official said that the government never asked the court to grant that authority.

Meanwhile, the FBI in 2011 had obtained a new kind of wiretap order from the secret surveillance court for cybersecurity investigations, permitting it to target Internet data flowing to or from specific Internet addresses linked to certain governments.

To carry out the orders, the FBI negotiated in 2012 to use the NSA’s system for monitoring Internet traffic crossing “chokepoints operated by U.S. providers through which international communications enter and leave the United States,” according to a 2012 NSA document. The NSA would send the intercepted traffic to the bureau’s “cyberdata repository” in Quantico, Virginia.

The disclosure that the NSA and the FBI have expanded their cybersurveillance adds a dimension to a recurring debate over the post-Sept. 11 expansion of government spying powers: Information about Americans sometimes gets swept up incidentally when foreigners are targeted, and prosecutors can use that information in criminal cases.

Citing the potential for a copy of data “exfiltrated” by a hacker to contain “so much” information about Americans, one NSA lawyer suggested keeping the stolen data out of the agency’s regular repository for information collected by surveillance so that analysts working on unrelated issues could not query it, a 2010 training document showed. But it is not clear whether the agency or the FBI has imposed any additional limits on the data of hacking victims.

In a response to questions for this article, the FBI pointed to its existing procedures for protecting victims’ data acquired during investigations, but also said it continually reviewed its policies “to adapt to these changing threats while protecting civil liberties and the interests of victims of cybercrimes.”

None of these actions or proposals had been disclosed to the public. As recently as February, when President Obama spoke about cybersecurity at an event at Stanford University, he lauded the importance of transparency but did not mention this change.

“The technology so often outstrips whatever rules and structures and standards have been put in place, which means that government has to be constantly self-critical and we have to be able to have an open debate about it,” Obama said.

 Creative Commons

Laura Poitras contributed reporting. This story was co-published with the New York Times. For more coverage, read ProPublica’s previous reporting on the NSA’s efforts to break encryption, our NSA Programs Chart and the agency’s spying operations on cell phone apps.ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.

 

Related reading on F&O:

Digital Domesday: surveillance and serfdom, by Graham Murdock

45 years later, Ottawa fumbles national security, by Jonathan Manthorpe (paywall)

Supporting BDS not “anti-Semitic”, by Tom Regan

Freedom of the press ain’t so free anymore, by Tom Regan

Suit by Wikimedia and partners targets American mass surveillance, by Deborah Jones

Mumbai Attacks: Piles of Spy Data, a Puzzle Unsolved, by Sebastian Rotella, ProPublica, and James Glanz and David E. Sanger, New York Times

How to Stop Being Tracked Online, by Hanging Chen, ProPublica

Privacy Tools: Encrypt What You Can, by Julia Angwin, ProPublica

~~~

Facts and Opinions is an online journal of select and first-rate reporting and analysis, in words and images: a boutique for slow journalism, without borders. Independent, non-partisan and employee-owned, F&O performs journalism for citizens, funded entirely by readers. We do not carry advertising or solicit donations from foundations or causes. Subscribe by email to our free FRONTLINES, a blog announcing new works, and the odd small tale. Look for evidence-based reporting in Reports; commentary, analysis and creative non-fiction in OPINION-FEATURES; and image galleries in PHOTO-ESSAYS. Some of our original works are behind a paywall, available with a $1 site day pass, or with a subscription from $2.95/month – $19.95/year. If you value journalism, please help sustain us.

 

Posted in Also tagged , , |

Suit by Wikimedia and partners targets American mass surveillance

National Security Agency headquarters, Fort Meade, Maryland. U.S. government photo, public domain

National Security Agency headquarters, Fort Meade, Maryland. U.S. government photo, public domain

A law suit aimed at mass surveillance was filed Tuesday against America’s  National Security Agency and Department of Justice, by the Wikimedia Foundation and eight other complainants.

“The surveillance exceeds the scope of the authority that Congress provided in the FISA Amendments Act of 2008 (“FAA”) and violates the First and Fourth Amendments,” stated the suit, filed in Maryland. “Because it is predicated on programmatic surveillance orders issued by the Foreign Intelligence Surveillance Court (“FISC”) in the absence of any case or controversy, the surveillance also violates Article III of the Constitution.”

 A statement from Wikimedia said the suit challenges the NSA’s large-scale search and seizure of internet communications, and aims “to end this mass surveillance program in order to protect the rights of our users around the world.”

“Surveillance erodes the original promise of the internet: an open space for collaboration and experimentation, and a place free from fear,” said Wikipedia founder Jimmy Wales in the statement.

“Wikipedia is founded on the freedoms of expression, inquiry, and information,” said foundation executive director Lila Tretikov. “By violating our users’ privacy, the NSA is threatening the intellectual freedom that is central to people’s ability to create and understand knowledge.”

The joint suit was filed by the Wikimedia Foundation; the U.S. National Association of Criminal Defense Lawyers;  Human Rights Watch; Amnesty International; PEN American Centre; the Global Fund for Women; the Nation Magazine; the Rutherford Institute; and the Washington Office on Latin America. 

The defendants are the U.S. National Security Agency; NSA director Adm. Michael S. Rogers; the office of the Director of National Intelligence and its director James R. Clapper; U.S. Attorney General Eric H. Holder.

Excerpt of the statement:

Privacy is the bedrock of individual freedom. It is a universal right that sustains the freedoms of expression and association. These principles enable inquiry, dialogue, and creation and are central to Wikimedia’s vision of empowering everyone to share in the sum of all human knowledge. When they are endangered, our mission is threatened. If people look over their shoulders before searching, pause before contributing to controversial articles, or refrain from sharing verifiable but unpopular information, Wikimedia and the world are poorer for it. …

Our case today challenges the NSA’s use of upstream surveillance conducted under the authority of the 2008 Foreign Intelligence Surveillance Act Amendments Act (FAA). Upstream surveillance taps the internet’s “backbone” to capture communications with “non-U.S. persons.” The FAA authorizes the collection of these communications if they fall into the broad category of “foreign intelligence information” that includes nearly any information that could be construed as relating to national security or foreign affairs. The program casts a vast net, and as a result, captures communications that are not connected to any “target,” or may be entirely domestic. This includes communications by our users and staff.

References:

Read the full Wikimedia Foundation statement here: http://wikimediafoundation.org/wiki/Press_releases/Wikimedia_v._NSA:_Wikimedia_Foundation_files_suit_against_NSA_to_challenge_upstream_mass_surveillance

Read the legal suit, Case 1:15-cv-00662-RDB Document 1 filed in U.S. District Court, District of Maryland, here: https://upload.wikimedia.org/wikipedia/foundation/4/44/Wikimedia_v._NSA_Complaint.pdf

Q&A: Why is the Wikimedia Foundation suing the NSA? ACLU blog post: https://www.aclu.org/blog/national-security/qa-why-wikimedia-foundation-suing-nsa

Reports elsewhere, by Reuters; Politico; Guardian;  PC Magazine; Time Magazine

Related stories on F&O:

Spy scandal confirms Germans’ growing mistrust of Washington, July, 2014, Jonathan Manthorpe column (paywall)

Privacy Tools: Encrypt What You Can, May 2014

What Edward Snowden said to European Parliamentarians,  March 2014

Privacy Tools: How to Safely Browse the Web, January, 2014

Evidence lacking in U.S. claim that NSA thwarted attacks, October, 2013

~~~

Facts and Opinions is an online journal of select and first-rate reporting and analysis, in words and images: a boutique for select journalism, without borders. Independent, non-partisan and employee-owned, F&O performs journalism for citizens, funded entirely by readers. We do not carry advertising or solicit donations from foundations or causes. Help sustain us by telling others about us, and purchasing a $1 day pass or subscription, from $2.95/month to $19.95/year. To receive F&O’s free blog emails fill in the form on the FRONTLINES page.

 

Posted in Current Affairs Also tagged , |

Privacy Tools: Encrypt What You Can

 

In the course of writing her book, Dragnet Nation, Julia Angwin tried various strategies to protect her privacy. In this series of book excerpts and adaptations, she distills the lessons from her privacy experiments into tips for readers.

by Julia Angwin, ProPublica

Ever since Edward Snowden revealed the inner secrets of the NSA, he has been urging Americans to use encryption to protect themselves from rampant spying.

Keyboard_typing

Photo credit: NotFromUtrecht, GNU Free Documentation License

“Encryption does work,” Snowden said, via a remote connection at the SXSW tech conference. “It is a defense against the dark arts for the digital realm.”

ProPublica has written about the NSA’s attempts to break encryption, but we don’t know for sure how successful the spy agency has been, and security experts still recommend using these techniques.

And besides, who doesn’t want to defend against the dark arts? But getting started with encryption can be daunting. Here are a few techniques that most people can use.

Encrypt the data you store. This protects your data from being read by people with access to your computer.

  • Encrypt your hard drive so that if you lose your computer or you get hacked, your information will be safe. Most recent Apple Macintosh computers contain a built-in encryption system called FileVault that is simple to use. Some versions of Microsoft’s Windows 7 also contain a built-in encryption system called BitLocker. Another popular solution is the free, open-source program TrueCrypt, which can either encrypt individual files or entire partitions of your computer or an external hard drive.
  • Encrypt your smartphone’s hard drive. Yes 2014 your smartphone has a hard drive much like your computer has. In fact, your phone probably contains as much 2014 or more 2014 sensitive information about you as your computer does. Apple doesn’t let you encrypt your smart phone’s hard drive or the files on it, though it allows encryption of your phone’s backup files on iTunes or iCloud. You can also use Find my iPhone to remotely “wipe,” or delete the data on your iPhone or iPad if it is lost or stolen. Google’s Android operating system lets you encrypt your phone hard drive.
  • Encrypt the data you store in the cloud. I use the SpiderOak encrypted cloud service. If an encrypted cloud service were somehow forced to hand over their servers, your data would still be safe, because it’s encrypted using a key stored only on your computer. However, this also means that if you lose your password, they can’t help you. The encrypted data would be unrecoverable.

Encrypt the data you transmit. The Snowden revelations have revealed that U.S. and British spy agencies are grabbing as much unencrypted data as they can find as it passes over the Internet. Encrypting your data in transit can protect it against spy agencies, as well as commercial data gatherers.

  • Install HTTPS Everywhere on your Web browser. This encrypts your Web browsing sessions, protecting you from hackers and spy agencies that scoop up unencrypted traffic across the Internet. Not every site works properly with HTTPS Everywhere, though an increasing number do.
  • Use encrypted texting apps with friends who install the same apps on their phones. On the iPhone, Silent Circle and Wickr offer apps for encrypted texting. On Android, the TextSecure app encrypts texts in transit and when they are stored on your device.
  • Use the Off-the-Record Messaging protocol to encrypt your instant messaging conversations. You can still use your favorite instant-messaging service, such as Gchat or AIM, though you’ll need to use a software client that supports the Off-the-Record protocol. On Macs, free software called Adium can enable OTR chats, and on Windows, you can use Pidgin. Once you’ve set up OTR and gone through a simple verification step, you can IM as you usually do. Both parties have to use OTR for the encryption to work.
  • Use Gnu Privacy Guard to encrypt your email conversations. Like OTR, if you’re using GPG you’ll need the people you email with to use it as well in order to encrypt your conversations. I use free software called GPG Tools with Enigmail and Postbox. GPG Tools also works directly with Apple’s built-in Mail program.

    GPG has some shortcomings 2014 it’s difficult-to-impossible to use it with the mail program built into most smartphones, and you can’t use it easily with webmail like Gmail. (Although there are some new web-based mail programs that use GPG called Mailvelope and StartMail that I haven’t had a chance to try yet.)

    The most difficult part of GPG is that, unlike the encrypted texting and instant messaging programs, you have to generate a secret key and keep it somewhere secure (usually on your computer or on a USB stick). This often means you can only send GPG mail when you have your key with you. Even so, it is incredibly satisfying once you send your first message and watch it transform into a block of numbers and letters when you click “encrypt.”

Creative Commons

Independent, non-partisan and employee-owned, FactsandOpinions serves, and is funded by, readers. We do not carry advertising or solicit donations from foundations or causes. Our original work in Dispatches, Think and Photo-Essays is available for a $1 site day pass or at a modest subscription price. Use the SUBSCRIBE  form on our free Frontlines blog to receive blog stories and notices of all new work on site.


Posted in Current Affairs Also tagged , , , |

Edward Snowden writes to Europe

Europe has released American whistle-blower Edward Snowden’s written responses to questions by members of the European Parliament. Europe is expected to decide soon on a controversial “Safe Harbour” data transmission and privacy agreement with the United States, considered essential for American technology companies like Google to operate in Europe.

F&O reports in Dispatches, Publica, here. (Public access)

~~~

Independent, non-partisan and employee-owned, F&O performs journalism for citizens, funded entirely by readers. We do not carry advertising or solicit donations from non-journalism foundations or causes. Subscribe by email to our free FRONTLINES, a log of new works, with the odd small story or finding. Evidence-based reporting in DISPATCHES, commentary, analysis and creative non-fiction in THINK, and our PHOTO-ESSAYS, are available for a $1 site day pass or at a modest subscription price.

Posted in All, Current Affairs Also tagged , , |

What Edward Snowden said to European Parliamentarians

By Deborah Jones
Published March 8, 2014

Europe on Friday released American whistle-blower Edward Snowden’s written responses to questions by members of the European Parliament. The 12-page document, in English as a pdf, is here.

Snowden, a former contractor to the United States National Security Agency (NSA), limited his testimony to information he already released to journalists, which is already in the public domain (see Glen Greenwald’s work at The Guardian, and the New York Times topic page). He repeated his offer “to provide testimony to the United States Congress, should they decide to consider the issue of unconstitutional mass surveillance.”

And in response to questions that could be interpreted as critical, he said before that becoming a whistle-blower and fleeing the U.S. — he currently lives in Russia — he exhausted official American channels by reporting his concerns “to more than ten distinct officials, none of whom took any action to address them.” 

Snowden was asked why, as he calls for intelligence agency accountability, “do you feel this accountability does not apply to you? Do you therefore plan to return to the United States or Europe to face criminal charges and answer questions in an official capacity, and pursue the route as an official whistle blower?” He answered, “accountability cannot exist without the due process of law.”

Snowden told European politicians he would accept asylum in a European state — but claimed no state would be “allowed” by the Untied States to take him.

The transcript was released as Europe is deciding on possible changes to  a “Safe Harbour” agreement on privacy and data transmission with the United States, considered essential for American technology companies like Google to operate in Europe.

Meanwhile a major American music and media gathering, best known for launch announcements of new technologies, is focused this year partly on surveillance. The  South by Southwest conference (SXSW) underway this weekend in Austin, Texas, features video appearances by Snowden, Wikileaks founder Julian Assange and journalist Greenwald.

~~~

Snowden prefaced his written answers to questions by European parliamentarians with a statement that suspicionless surveillance programs endanger the basic rights that are “the foundation of liberal societies,” and said “despite extraordinary political pressure to do so, no western government has been able to present evidence showing that such programs are necessary.”

Excerpts:

“I believe that suspicionless surveillance not only fails to make us safe, but it actually makes us less safe. By squandering precious, limited resources on ‘collecting it all,’ we end up with more analysts trying to make sense of harmless political dissent and fewer investigators running down real leads … (and) cost lives, and history has shown my concerns are justified.”

“I could have read the private communications of any member of this committee, as well as any ordinary citizen. I swear under penalty of perjury that this is true. These are not the capabilities in which free societies invest. Mass surveillance violates our rights, risks our safety, and threatens our way of life. “

“… if even the US is willing to knowingly violate the rights of billions of innocents — and I say billions without exaggeration — for nothing more substantial than a “potential” intelligence advantage that has never materialized, what are other governments going to do? Whether we like it or not, the international norms of tomorrow are being constructed today, right now, by the work of bodies like this committee. If liberal states decide that the convenience of spies is more valuable than the rights of their citizens, the inevitable result will be states that are both less liberal and less safe.”

Questioned on the extent of cooperation, over collection of bulk citizen data, between America’s National  NSA and EU Member States:

 “The result (of cooperation with the NSA by individual Europen states ) is a European bazaar, where an EU member state like Denmark may give the NSA access to a tapping center on the (unenforceable) condition that NSA doesn’t search it for Danes, and Germany may give the NSA access to another on the condition that it doesn’t search for Germans. Yet the two tapping sites may be two points on the same cable, so the NSA simply captures the communications of the German citizens as they transit Denmark, and the Danish citizens as they transit Germany, all the while considering it entirely in accordance with their agreements. Ultimately, each EU national government’s spy services are independently hawking domestic accesses to the NSA, GCHQ, FRA, and the like without having any awareness of how their individual contribution is enabling the greater patchwork of mass surveillance against ordinary citizens as a whole.”

 “The surest way for any nation to become subject to unnecessary surveillance is to allow its spies to dictate its policy. The right to be free unwarranted intrusion into our private effects — our lives and possessions, our thoughts and communications – – is a human right. It is not granted by national governments and it cannot be revoked by them out of convenience. Just as we do not allow police officers to enter every home to fish around for evidence of undiscovered crimes, we must not allow spies to rummage through our every communication for indications of disfavored activities.”

“Technology is agnostic of nationality, and the flag on the pole outside of the building makes systems of mass surveillance no more or less effective.”

Questioned on whether the NSA has adequate procedures for staff to signal wrongdoing:

“The culture within the US Intelligence Community is such that reporting serious concerns about the legality or propriety of programs is much more likely to result in your being flagged as a troublemaker than to result in substantive reform.”

“In my personal experience, repeatedly raising concerns about legal and policy matters with my co-workers and superiors resulted in two kinds of responses. The first were well-meaning but hushed warnings not to “rock the boat,” for fear of the sort of retaliation that befell former NSA whistleblowers like Wiebe, Binney, and Drake. All three men reported their concerns through the official, approved process, and all three men were subject to armed raids by the FBI and threats of criminal sanction. Everyone in the Intelligence Community is aware of what happens to people who report concerns about unlawful but authorized operations. The second were similarly well-meaning but more pointed suggestions, typically from senior officials, that we should let the issue be someone else’s problem.”

“Do you feel you had exhausted all avenues before taking the decision to go public?”

“Yes. I had reported these clearly problematic programs to more than ten distinct officials, none of whom took any action to address them. As an employee of a private company rather than a direct employee of the U.S. government, I was not protected by U.S. whistleblower laws, and I would not have been protected from retaliation and legal sanction for revealing classified information about lawbreaking in accordance with the recommended process.”

On whether procedures for whistleblowing have been improved:

“There has not yet been any substantive whistleblower reform in the US, and unfortunately my government has taken a number of disproportionate and persecutory actions against me. US government officials have declared me guilty of crimes in advance of any trial, they’ve called for me to be executed or assassinated in private and openly in the press, they revoked my passport and left me stranded in a foreign transit zone for six weeks, and even used NATO to ground the presidential plane of Evo Morales – the leader of Bolivia – on hearing that I might attempt to seek and enjoy asylum in Latin America”

How can Europe “help you in any way, and do you seek asylum in the EU?”

“If you want to help me, help me by helping everyone: declare that the indiscriminate, bulk collection of private data by governments is a violation of our rights and must end. What happens to me as a person is less important than what happens to our common rights. As for asylum, I do seek EU asylum, but I have yet to receive a positive response to the requests I sent to various EU member states. Parliamentarians in the national governments have told me that the US, and I quote, “will not allow” EU partners to offer political asylum to me …”

Questioned over justification for surveillance and whether current surveillance is used for  economic espionage:

“Surveillance against specific targets, for unquestionable reasons of national security while respecting human rights , is above reproach. Unfortunately, we’ve seen a growth in untargeted, extremely questionable surveillance for reasons entirely unrelated to national security. Most recently, the Prime Minister of Australia, caught red-handed engaging in the most blatant kind of economic espionage, sought to argue that the price of Indonesian shrimp and clove cigarettes was a “security matter.” These are indications of a growing disinterest among governments for ensuring intelligence activities are justified, proportionate, and above all accountable.”

” In the United States, we use a secret, rubber-stamp Foreign Intelligence Surveillance Court that only hears arguments from the government. Out of approximately 34,000 government requests over 33 years, the secret court rejected only 11.”

“… global surveillance capabilities are being used on a daily basis for the purpose of economic espionage …Mass surveillance capabilities have even been used against a climate change summit. Recently, governments have shifted their talking points from claiming they only use mass surveillance for “national security” purposes to the more nebulous “valid foreign intelligence purposes.” 

“If we are prepared to condemn the economic spying of our competitors, we must be prepared to do the same of our allies. Lasting peace is founded upon fundamental fairness. The international community must agree to common standards of behavior, and jointly invest in the development of new technical standards to defend against mass surveillance. We rely on common systems, and the French will not be safe from mass surveillance until Americans, Argentines, and Chinese are as well.”

Could mass suspicionless surveillance have been prevented with better independent and public oversight over the intelligence agencies? What conditions would need to be fulfilled, both nationally and internationally?

“Yes, better oversight could have prevented the mistakes that brought us to this point … The oversight of intelligence agencies should always be performed by opposition parties, as under the democratic model, they always have the most to lose under a surveillance state. Additionally, we need better whistleblower protections, and a new commitment to the importance of international asylum.”

Why did you choose to go public with your information?

“Secret laws and secret courts cannot authorize unconstitutional activities by fiat, nor can classification be used to shield an unjustified and embarrassing violation of human rights from democratic accountability. If the mass surveillance of an innocent public is to occur, it should be authorized as the result of an informed debate with the consent of the public, under a framework of laws that the government invites civil society to challenge in open courts. That our governments are even today unwilling to allow independent review of the secret policies enabling mass surveillance of innocents underlines governments’ lack of faith that these programs are lawful, and this provides stronger testimony in favor of the rightfulness of my actions than any words I might write.”

Are you aware that your revelations have the potential to put at risk lives of innocents and hamper efforts in the global fight against terrorism?

“Actually, no specific evidence has ever been offered, by any government, that even a single life has been put at risk by the award-winning journalism this question attempts to implicat. … if you can show one of the governments consulted on these stories chose not to impede demonstrably fatal information from being published, I invite you to do so. The front page of every newspaper in the world stands open to you.”

Copyright © 2014 Deborah Jones

Support professional journalism at Facts and Opinions: Use the subscribe form sign up for email notices from Frontlines, where we post small stories and announce new work.  Click here to purchase a $1 site day pass or subscription. Independent, non-partisan and employee-owned, F&O performs journalism for citizens, funded entirely by readers. We do not carry advertising or solicit donations from foundations or causes.

 

References and further reading:
Full text of Edward Snowden’s statement to European parliamentarians (pdf)
US Presidential Panel Tells-NSA to stop Undermining Encryption, on F&O, by ProPublica
Evidence lacking in U.S. claim that NSA thwarted attacks, on F&O, by ProPublica
Wikipedia page for Edward Snowden
United States National Security Agency site
Guardian newspaper page for Glen Greenwald
New York Times newspaper topic page on surveillance

EU to review Safe Harbour data privacy rule for US companies: Financial Times
South by Southwest conference site

 

Posted in Also tagged , , |

Privacy Tools: How to Safely Browse the Web

 

In the course of writing her book, Dragnet Nation, ProPublica reporter Julia Angwin tried various strategies to protect her privacy. In this blog post, she distills the lessons from her privacy experiments into useful tips for readers.

by Julia Angwin, ProPublica

One of the easiest and simplest things you can do to protect your privacy is to be a smarter Web browser.

This is surprisingly difficult because most popular Web browsing software is set up to allow users to be tracked by default. The reason is simple economics — you don’t pay for Web browsing software, so the companies that make it have to find other ways to make money.

The most egregious example of this conflict came in 2008 when Microsoft’s advertising executives helped quash a plan by the engineers to build better privacy protections into the Internet Explorer 8 Web browser. Microsoft has since added additional protections — but they are not turned on by default. The situation is no better at Google, whose Chrome Web browser has “buried and discouraged” the “Do Not Track” button, and is pioneering the use of new tracking technology that cannot be blocked. And it’s worth noting that the other big Web browser maker, Mozilla Corp., receives 85 percent of its revenues (PDF) from its agreement to make Google the default search engine on Firefox.

Even worse, many of the tools that Web browsers offer to protect privacy are not effective. Tracking companies have refused to honor the “Do Not Track” button. And Google Chrome’s “Incognito” mode and Internet Explorer’s “InPrivate Browsing” mode won’t protect you from being tracked. Those settings simply prevent other people who use your Web browser after you to see where you’ve been online.

And so, in order to prevent the most common types of tracking, I ended up loading up my Web browser — Mozilla’s Firefox — with a bunch of extra software. It sounds like a lot of work, but most of this software can be installed in a few minutes. Here’s what I used:

  • I installed “HTTPS Everywhere,” created by the Electronic Frontier Foundation and the Tor Project. This tool forces your Web browser to use encrypted Internet connections to any website that will allow it. This prevents hackers — and the United States National Security Agency — from eavesdropping on your Internet connections.
  • I also installed Disconnect, a program created by former Google engineer Brian Kennish, which blocks advertisers and social networks, such as Facebook and Twitter, from tracking which websites you visit.
  • And finally I set my default search engine to be DuckDuckGo, a search engine that doesn’t store any of the information that is automatically transmitted by your computer — the IP address and other digital footprints — so DuckDuckGo has no way to link your search queries to you. That means DuckDuckGo won’t auto-complete your search queries based on your previous searches or based on your physical location, as Google does. So you’ll have to be a little smarter about your searches, and remember to bookmark the pages that you visit often, to save time.

After browsing with my ungainly setup for nearly a year, I found a Web browser that had all the features I wanted built in — called WhiteHat Aviator. It has built-in HTTPS Everywhere, it doesn’t retain or sell your online activity, and it uses Disconnect to block trackers from advertisers and social media companies. Its default search engine is DuckDuckGo.

It’s built by a computer security firm called WhiteHat Security, but it hasn’t been audited by any computer security experts yet, as far as I can tell. So use it at your own risk (and currently you can only use it on the Mac OSX operating system). But I’ve been using it for a few months, and after some bugginess in the beginning, I’ve started to enjoy the unusual feeling of having privacy as a default setting.

Re-published by F&O under Creative Commons licence  


Posted in All, Current Affairs Also tagged , , , , , , |

Evidence lacking in U.S. claim that NSA thwarted attacks

 

by Justin Elliott and Theodoric Meyer
Published October 23, 2013

Two weeks after Edward Snowden’s first revelations about sweeping government surveillance, United States President Obama shot back. “We know of at least 50 threats that have been averted because of this information not just in the United States, but, in some cases, threats here in Germany,” Obama said during a visit to Berlin in June. “So lives have been saved.”

In the months since, intelligence officials, media outlets, and members of Congress from both parties all repeated versions of the claim that U.S. National Security Agency (NSA) surveillance has stopped more than 50 terrorist attacks. The figure has become a key talking point in the debate around the spying programs.

“Fifty-four times this and the other program stopped and thwarted terrorist attacks both here and in Europe — saving real lives,” Rep. Mike Rogers, a Michigan Republican who chairs the House Intelligence Committee, said on the House floor in July, referring to programs authorized by a pair of post-9/11 laws. “This isn’t a game. This is real.”

But there’s no evidence that the oft-cited figure is accurate.

The NSA itself has been inconsistent on how many plots it has helped prevent and what role the surveillance programs played. The agency has often made hedged statements that avoid any sweeping assertions about attacks thwarted.

A chart declassified by the agency in July, for example, says that intelligence from the programs on 54 occasions “has contributed to the [U.S. government’s] understanding of terrorism activities and, in many cases, has enabled the disruption of potential terrorist events at home and abroad” — a much different claim than asserting that the programs have been responsible for thwarting 54 attacks.

NSA officials have mostly repeated versions of this wording.

When NSA chief Gen. Keith Alexander spoke at a Las Vegas security conference in July, for instance, he referred to “54 different terrorist-related activities,” 42 of which were plots and 12 of which were cases in which individuals provided “material support” to terrorism.

But the NSA has not always been so careful.

During Alexander’s speech in Las Vegas, a slide in an accompanying slideshow read simply “54 ATTACKS THWARTED.”

And in a recent letter to NSA employees, Alexander and John Inglis, the NSA’s deputy director, wrote that the agency has “contributed to keeping the U.S. and its allies safe from 54 terrorist plots.” (The letter was obtained by reporter Kevin Gosztola from a source with ties to the intelligence community. The NSA did not respond when asked to authenticate it.)

Asked for clarification of the surveillance programs’ record, the NSA declined to comment.

Earlier this month, Sen. Patrick Leahy, D-Vt., pressed Alexander on the issue at a Senate Judiciary Committee hearing.

“Would you agree that the 54 cases that keep getting cited by the administration were not all plots, and of the 54, only 13 had some nexus to the U.S.?” Leahy said at the hearing. “Would you agree with that, yes or no?”

“Yes,” Alexander replied, without elaborating.

It’s impossible to assess the role NSA surveillance played in the 54 cases because, while the agency has provided a full list to Congress, it remains classified.

Officials have openly discussed only a few of the cases (see below), and the agency has identified only one — involving a San Diego man convicted of sending $8,500 to Somalia to support the militant group Al Shabab — in which NSA surveillance played a dominant role.

The surveillance programs at issue fall into two categories: The collection of metadata on all American phone calls under the Patriot Act, and the snooping of electronic communications targeted at foreigners under a 2007 surveillance law. Alexander has said that surveillance authorized by the latter law provided “the initial tip” in roughly half of the 54 cases. The NSA has not released examples of such cases.

After reading the full classified list, Leahy concluded the NSA’s surveillance has some value but still questioned the agency’s figures.

“The American people are getting left with the inaccurate impression of the effectiveness of NSA programs.”

“We’ve heard over and over again the assertion that 54 terrorist plots were thwarted” by the two programs, Leahy told Alexander at the Judiciary Committee hearing this month. “That’s plainly wrong, but we still get it in letters to members of Congress, we get it in statements. These weren’t all plots and they weren’t all thwarted. The American people are getting left with the inaccurate impression of the effectiveness of NSA programs.”

The origins of the “54” figure go back to a House Intelligence Committee hearing on June 18, less than two weeks after the Guardian’s publication of the first story based on documents leaked by Snowden.

At that hearing, Alexander said, “The information gathered from these programs provided the U.S. government with critical leads to help prevent over 50 potential terrorist events in more than 20 countries around the world.” He didn’t specify what “events” meant. Pressed by Rep. Jim Himes, D-Conn., Alexander said the NSA would send a more detailed breakdown to the committee.

Speaking in Baltimore the next week, Alexander gave an exact figure: 54 cases “in which these programs contributed to our understanding, and in many cases, helped enable the disruption of terrorist plots in the U.S. and in over 20 countries throughout the world.”

But members of Congress have repeatedly ignored the distinctions and hedges.

The websites of the Republicans and Democrats on the House Intelligence Committee include pages titled, “54 Attacks in 20 Countries Thwarted By NSA Collection.”

And individual congressmen have frequently cited the figure in debates around NSA surveillance.

  • Rep. Lynn Westmoreland, R-Ga., who is also on the House Intelligence Committee, released a statement in July referring to “54 terrorist plots that have been foiled by the NSA programs.” Asked about the figure, Westmoreland spokeswoman Leslie Shedd told ProPublica that “he was citing declassified information directly from the National Security Agency.”
  • Rep. Brad Wenstrup, R-Ohio, issued a statement in July saying “the programs in question have thwarted 54 specific plots, many targeting Americans on American soil.”
  • Rep. Joe Heck, R-Nev., issued his own statement the next day: “The Amash amendment would have eliminated Section 215 of the Patriot Act which we know has thwarted 54 terrorist plots against the US (and counting).” (The amendment, which aimed to bar collection of Americans’ phone records, was narrowly defeated in the House.)
  • Mike Rogers, the Intelligence Committee chairman who credited the surveillance programs with thwarting 54 attacks on the House floor, repeated the claim to Bob Schieffer on CBS’ “Face the Nation” in July.”You just heard what he said, senator,” Schieffer said, turning to Sen. Mark Udall, D-Colo., an NSA critic. “Fifty-six terror plots here and abroad have been thwarted by the NSA program. So what’s wrong with it, then, if it’s managed to stop 56 terrorist attacks? That sounds like a pretty good record.” Asked about Rogers’ remarks, House Intelligence Committee spokeswoman Susan Phalen said in a statement: “In 54 specific cases provided by the NSA, the programs stopped actual plots or put terrorists in jail before they could effectuate further terrorist plotting.  These programs save lives by disrupting attacks. Sometimes the information is found early in the planning, and sometimes very late in the planning. But in all those cases these people intended to kill innocent men and women through the use of terror.”
  • Rep. James Lankford, R-Okla., went even further in a town hall meeting in August. Responding to a question about the NSA vacuuming up Americans’ phone records, he said the program had “been used 54 times to be able to interrupt 54 different terrorist plots here in the United States that had originated from overseas in the past eight years. That’s documented.”
  • The same day, Rep. Jim Langevin, D-R.I., who sits on the Intelligence Committee, defended the NSA at a town hall meeting with constituents in Cranston, R.I. “I know that these programs have been directly effective in thwarting and derailing 54 terrorist attacks,” he said. Asked about Langevin’s comments, spokeswoman Meg Fraser said in an email, “The committee was given information from NSA on August 1 that clearly indicated they considered the programs in question to have been used to help disrupt 54 terrorist events. That is the information the Congressman relied on when characterizing the programs at his town hall.”

Wenstrup, Heck and Lankford did not respond to requests for comment.

The claims have also appeared in the media. ABC News, CNN and the New York Times have all repeated versions of the claim that more than 50 plots have been thwarted by the programs.

The NSA has publicly identified four of the 54 cases. They are:

  • The case of Basaaly Moalin, the San Diego man convicted of sending $8,500 to Somalia to support Al Shabab, the terrorist group that has taken responsibility for the attack on a Kenyan mall last month. The NSA has said its collection of American phone records allowed it to determine that a U.S. phone was in contact with a Shabab figure, which in turn led them to Moalin. NSA critic Sen. Ron Wyden, D-Ore., has argued that the NSA could have gotten a court order to get the phone records in question and that the case does not justify the bulk collection of Americans’ phone records.
  • The case of Najibullah Zazi, who in 2009 plotted to bomb the New York subway system. The NSA has said that an email it intercepted to an account of a known Al Qaeda figure in Pakistan allowed authorities to identify and ultimately capture Zazi. But an Associated Press examination of the case concluded that, again, the NSA’s account of the case did not show the need for the new warrantless powers at issue in the current debate. “Even before the surveillance laws of 2007 and 2008, the FBI had the authority to — and did, regularly — monitor email accounts linked to terrorists,” the AP reported.
  • A case involving David Coleman Headley, the Chicago man who helped plan the 2008 Mumbai terrorist attack. Intelligence officials have said that NSA surveillance helped thwart a subsequent plot involving Headley to attack a Danish newspaper. A ProPublica examination of that episode concluded that it was a tip from British intelligence, rather than NSA surveillance, that led authorities to Headley.
  • A case involving a purported plot to attack the New York Stock Exchange. This convoluted episode involves three Americans, including Khalid Ouazzani of Kansas City, Mo., who pleaded guilty in 2010 to bank fraud, money laundering, and conspiracy to provide material support to Al Qaeda. An FBI official said in June that NSA surveillance helped in the case “to detect a nascent plotting to bomb the New York Stock Exchange.” But no one has been charged with crimes related to that or any other planned attack. (Ouazzani was sentenced to 14 years last month.) The Kansas City Star reported that one of the men in the case had “pulled together a short report with the kind of public information easily available from Google Earth, tourist maps and brochures” and that his contact in Yemen “tore up the report, ‘threw it in the street’ and never showed it to anyone.” Court records also suggest that the men in Yemen that Ouazzani sent over $20,000 to may have been scamming him and spent some of the money on personal expenses.

Published under Creative Commons licence

Further reading:
ProPublica series on surveillance

Posted in Also tagged , , |