New NSA Information from (and about) Snowden

Interesting article about the Snowden documents, including comments from former Guardian editor Ewen MacAskill.

MacAskill, who shared the Pulitzer Prize for Public Service with Glenn Greenwald and Laura Poitras for their journalistic work on the Snowden files, retired from The Guardian in 2018. He told Computer Weekly that:

  • As far as he knows, a copy of the documents is still locked in the New York Times office. Although the files are in the New York Times office, The Guardian retains responsibility for them.
  • As to why the New York Times has not published them in a decade, MacAskill maintains “this is a complicated issue.” “There is, at the very least, a case to be made for keeping them for future generations of historians,” he said.
  • Why was only 1% of the Snowden archive published by the journalists who had full access to it? Ewen MacAskill replied: “The main reason for only a small percentage—though, given the mass of documents, 1% is still a lot—was diminishing interest.”

[…]

The Guardian’s journalist did not recall seeing the three revelations published by Computer Weekly, summarized below:

  • The NSA listed Cavium, an American semiconductor company marketing Central Processing Units (CPUs)—the main processor in a computer which runs the operating system and applications—as a successful example of a “SIGINT-enabled” CPU supplier. Cavium, now owned by Marvell, said it does not implement back doors for any government.
  • The NSA compromised lawful Russian interception infrastructure, SORM. The NSA archive contains slides showing two Russian officers wearing jackets with a slogan written in Cyrillic: “You talk, we listen.” The NSA and/or GCHQ has also compromised key lawful interception systems.
  • Among example targets of its mass-surveillance programme, PRISM, the NSA listed the Tibetan government in exile.

Those three pieces of info come from Jake Appelbaum’s PhD thesis.

Tags: , , , , ,

Posted on October 26, 2023 at 7:00 AM26 Comments

Comments

TimH October 26, 2023 8:49 AM

On back doors, such as purported for Cavium: remember when AT&T were caught with that explicitly illegal tap in San Francisco on behalf of USG, the only legal repercussions were to the whistleblower.

So there is no downside for a company to deny rolling in some spy facility into their products. If shove follows push, USG ‘forgives’ them.

slc October 26, 2023 9:45 AM

I worked at Cavium for a long time. I certainly would have known of any compromise in design, layout, masking… software, drivers, firmware, etc. it would be impossible to hide. customers had full access to source. they had to. there were no binary blobs. certainly Marvell and Broadcom and Qualcomm are rotten in that way.

Geoffrey Louis Nicoletti October 26, 2023 5:21 PM

Is there a “statute of limitations” on Snowden and he could come back to the USA without any prosecution? Or “No, if he was seen, he would be arrested.”

CORONA SATELLITES MATTER October 26, 2023 5:58 PM

Why are we still talking about just one guy?

These conversations are getting sour.

I mean, even after the initial “Let’s all talk about Ukraine forever” began, we could finally stop hearing about Julian Assange.

Then, of course we know, a bunch of groups went blind and deaf and mute and braindead about Ukraine as soon as PalestinEretzyIsrael rekindled their centuries old internal squabble.

Can we really take seriously (for security purposes) any gossip whatsoever about any 3 letter organizations routinely cloaked in arbitrary mystique?

Sincerely,

Corona Satellites Matter

Clive Robinson October 26, 2023 9:06 PM

@ Geoffrey Louis Nicoletti,

Re : Snowden going home.

“Is there a “statute of limitations” on Snowden and he could come back to the USA without any prosecution?”

The answer is No and No as the continued persecution of Julian Assange shows (who’s crime was to embarrass politicians over what appeared to be the targeted killing of journalists).

Even if there were a statute of limitations, they would find something else where there was not or they could invent something more recent to have Snowden thrown in jail for, then he would be lost in the system.

It might one day after all those in positions of power in 2013 are dead, that he might be able to leave Russia, but “institutions have memory” so coming home does not appear likely.

Right now Snowden has to assume that somebody somewhere is plotting against him, as this is unfortunately highly likely.

Look up the history of “Ronney Biggs” to see what went on in the past to those with public recognition and who embarrassed authority even though they were just not particularly successful criminals. Ronney was kidnapped in Brazil where he could not be extradited from by supposadly “Private Interest” british soldiers in what was later claimed as “a deniable action”. It went wrong near Barbados which was lucky for Ronny as the Barbadian authorities became involved and sent him back to Brazil.

But also consider what other Heads of State and Government agencies get upto.

For instance think about what Putin gets upto, with making most recently aircraft fall out of the sky, nerve agents being left on door handles, beta emitting radio isotopes being sprayed on food in restaurants and much else including Russians living abroad who conveniently had accidents or apparently committed suicide in some cases with the rest of their family etc… That the police look the other way over even abroad (there has been more than twenty in the UK for instance).

Likewise people including relatives of the North Korean leader being live targets on gun ranges or hit with nerve agents in an airport.

Then a Saudi Crown Prince Mohammed bin Salman, who had a journalist butchered alive and others disapeared. And went on to try and destroy Jeff Bezos who had employed the journalist…

These are just a few of the things that happen when people of power or with connections to it get embarrassed or in some other way upset. Because there will always be people around them who consider such behaviour “to be of service”.

Vrag odnio salu October 26, 2023 9:27 PM

@Clive – Paul guess, the timely question begging to be asked is Who really runs things and how much of the Democratic Society utopia are we willing to accept before societies start falling apart

Carl Fink October 26, 2023 10:09 PM

Statute of limitations generally only applies before one is charged with a crime. Once charges are filed, being a fugitive from justice never causes the charges to expire.

Clive Robinson October 26, 2023 10:37 PM

@ Vrag odnio salu

Google thinks you might be Croation, but I suspect otherwise.

But I do think you have posted to the wrong thread.

But please note,

“Democratic society” != “Utopia”

In any way because the first is a journy on a progressive but often apparently random looking path, the second like death is a termination.

JonKnowsNothing October 27, 2023 1:35 AM

@ Geoffrey Louis Nicoletti, @Clive, All

re: they would find something else where there was not

Another current example is Daniel Duggan an Australian Citizen facing extradition to the USA. Mr Duggan was a USA Citizen and was in the military. Later he moved to Australia, and took Australian Citizenship.

The USA want to extradite him because he taught some aviation courses in China some years ago. The USA says he violated arms agreements by teaching Chinese pilots to land on aircraft carriers. Duggan said he taught basic piloting techniques that he had vetted and approved as OK.

The current hiccup is this:

  • In Australia it is illegal to entrap someone or entice them to put themselves at risk of arrest. Once given assurances that the person is no longer a person of interest and given safe passage they cannot be arrested.
  • In the USA it is perfectly legal to lie to someone to get them to enter a jurisdiction where they can be arrested. It’s done all the time. The CIA calls it Rendition.

So Duggan was given assurances by the Aussi LEAs that he was not under any risk of arrest but … he got arrested anyway.

===

HAIL and Waffle warnings

ht tps://www.theguardian. c om/australia-news/2023/oct/21/anthony-albanese-urged-to-halt-daniel-duggans-us-extradition-during-meeting-with-president

Duggan, a former US military pilot who became an Australian
citizen in 2012, is accused of breaching US arms trafficking laws by
training Chinese military pilots while working at a flight school more
than a decade ago.

Duggan has consistently denied the allegation. But if convicted, he
faces up to 60 years in prison.

The 55-year-old has been held in maximum-security prisons since
his arrest: in March he was moved to Lithgow prison, detained in a
two-by-four-metre cell

… he was effectively lured back to Australia from China.
Prior to his return, Duggan was granted a security clearance by
Asio, a requirement for him to obtain an aviation licence. But a few
days after his arrival in Australia the clearance was removed, and
he was subsequently arrested. Lures or other subterfuges are legal
in the US, but not in Australia.

ht tps://en.wikiped ia.o rg/wiki/Prosecution_of_Daniel_Duggan

  • Daniel Edmund Duggan is an Australian father of six who was arrested in regional NSW in October 2022 at the request of the United States government following a 2017 indictment filed during the Trump administration. The allegations in the indictment stem from work that Mr Duggan undertook from 2010-2012 whilst he was an American citizen. He is accused of training Chinese military pilots without the approval of the United States under the International Traffic in Arms Regulations (IRAR) and is consequently facing charges of alleged Violations of the Arms Export Control Act, Conspiracy to Violate the Arms Export Control Act, and “money laundering” relating to the payments he received for the training. Duggan has denied the charges.

ResearcherZero October 27, 2023 2:12 AM

“Based on the information so far provided to me by Police Scotland, I am not satisfied that biometric data within the Scottish Government DESC project is being properly protected from unauthorised access.”

‘https://www.sundaypost.com/fp/data-protection-police-scotland/

American manufacturers Axon say it is the first time police, lawyers and the courts will have access to a single unified database.

‘https://www.bbc.com/news/uk-scotland-64878070

“The central question for the organisations running this project is whether the use of hyperscale cloud infrastructure provided by US companies – which may involve biometric or genetic data – is compliant with UK data protection law.”

‘https://www.biometricscommissioner.scot/media/sa1g0j3d/sbc-annual-report-2022-23.pdf

A “wild west” for CCTV cameras, biometrics and AI…

“The report, commissioned by the BSCC’s office, identifies multiple areas where the government has not made provisions to replace the role of BSCC. These include reviewing police handling of DNA samples, DNA profiles and fingerprints, as well as setting out technical and governance matters for many public surveillance systems, including AI-driven products such as facial recognition technology.”

‘https://www.biometricupdate.com/202110/uk-pitches-less-oversight-for-surveillance-who-knows-what-for-biometrics-commissioner-role

‘https://therecord.media/uk-disbands-ai-advisory-board-cdei-rishi-sunak

“The loss of regulation and oversight in this key area comes just as the evolution of AI-driven biometric surveillance makes it more important than ever.”

As proposed, the bill would remove the role of the independent commissioner providing oversight over biometrics databases, replacing them with a “Forensic Information Database Strategy Board.”

The legislation does not state that this board will be independent from government. It also allows the Secretary of State to change the databases which the board is required to oversee using statutory instruments, a form of secondary legislation that bypasses parliamentary votes.

‘https://therecord.media/uk-government-criticized-over-abolishing-ai-biometric-safeguards

‘https://bills.parliament.uk/bills/3430/publications

anon October 27, 2023 7:19 AM

@researcherzero

Schrems III just hasn’t been decided yet. Unti both NSA and CIA have all of their facilities razed and employees and contractors executed, no other country should trust their data with Any American company.

Who? October 31, 2023 6:58 PM

With relation to this item:

  • Why was only 1% of the Snowden archive published by the journalists who had full access to it? Ewen MacAskill replied: “The main reason for only a small percentage—though, given the mass of documents, 1% is still a lot—was diminishing interest.”

Indeed, a diminishing interest on the side of journalists as the remaining ninety-nine percent of documents are not embarrasing to the United States (embarrasment is what sells newspapers these days.)

Sadly, no one has interest in fixing vulnerabilities, make the world safer, improve the quality and security of software, make the world—in one word—a better place for all us. In short, Snowden has sacrificed his life for nothing more than a few headlines. As I said a lot of times, those documents should have ended in the hand of true security experts, peopple who cares about making the world a better place to live in.

Savita November 2, 2023 12:39 AM

Hi Clive
Very disappointed to read your reference to nerve agent on door handle. By this you must mean the Skripals affair.
I imagined you would be entirely across this.
Which is, the entire event was a fabricated theatre. The list of implausible occurences, impossible events, ridiculous assertions by officials, is kilometres long.
Craig Murray debunked it thoroughly on his blog.
Plenty of people have written to UK Gov questioning the official narrative with all its inconsistencies,only to be ignored.

Clive Robinson November 2, 2023 3:33 AM

@ Savita,

Re : The Boshirov and Petrov show.

“Which is, the entire event was a fabricated theatre.”

I don’t know about the “entire event” but I did know and commented on this blog at the that I did not believe the official story about Boshirov and Petrov (as anyone looking at a map can also now work out).

If you search back you will find I made mention about visiting the clock in the cathedral, as an indicator they were probably patsies etc. However I was repeatedly told by others here I did not know what I was talking about…

Also the agent concerned was not something that required PhD chemists to knock-up in an expensive lab on an island in the middle of nowhere. If you know the right people to talk to they will give you a shopping list you can get on the high street and basic instructions for making it fairly safely. Because contrary to what was said in the media, it was designed as an “improvised agent” much like “improvised explosives” made with chemicals from the Beauty Parlor, Plumbing store, camping shop and garage.

However whilst I don’t believe what was in the media, especially the Bellingcat contributions, I do think that Mr S was on Putin’s “541t list” for good reason. Thus I think that there was very probably an atempt made at or about that time, but not by Boshirov and Petrov.

For those who actually look at the alleged time line the S’s who have radically different body types, age, etc, supposadly got poisoned at the same time, then carried on quite normally for a period of time, to both suddenly and inexplicably become compleatly incapacitated at exactly the same time… Poisons just don’t work by the stopwatch.

But also the S’s then get miraculously found by some one who gives first aid and gets them to hospital. Yet the first aider does not get poisoned!!! Take a moment to think about how you take an unconcious and slumped persons pulse. You pick their hand up with one hand and press the fingers of your other hand on their wrist just below the thumb. If there was poison on the unconcious persons hand from a door handle, it would have got on the first aiders skin unless they were some miraclous person who carries nitril gloves in their pocket and took the time to put them on first… It realy does not happen even in hospital A&E depts and on wards Drs and Nurses routinely take pulses without gloves on, it’s only when infection or corrosive chemicals are suspected or there are bodily fluids sloshing around do the gloves go on…

There is just too much that felt “hinky” about it then and still does today. So much so I sometimes still wonder if it was staged and went wrong.

But the problem is what every one remembers, is not the names of those involved but, “the poisond door handle”… because that was the MSM push line was, even though it was very likely complete nonsense, for a whole list of reasons.

So to mention it without using names just saying “left on door handles” is sufficient likewise “aircraft falling” for Mr W and beta emitter for Mr L, and for the grey beards bean extract or umbrella for Mr M.

As for the other twenty or so prior to the S’s as I indicated the UK Guard labour did not bother to look into them, as it was different police forces, you get the feeling they could not have all been incompetent…

Savita November 2, 2023 3:51 AM

Hi Clive

Thank you for the comprehensive reply.

Naked Capitalism provided 3 articles addressing the official narrative, when searching ‘Skripals’

Here is the search- link. One on Porton Downs lab, one discussing a list of concerns, another about legal process concerning the Skripals.

https://www.nakedcapitalism.com/?s=skripals

Oh and that first aider you mentioned. She just happened to be no mere civvie. Not only military, but chief of army medicine.
Such a fantastic effort your nations armed services provide. Locating experts in essential locations with impeccable timing 🙂

Winter November 2, 2023 4:18 AM

@Clive

For those who actually look at the alleged time line the S’s who have radically different body types, age, etc, supposadly got poisoned at the same time, then carried on quite normally for a period of time, to both suddenly and inexplicably become compleatly incapacitated at exactly the same time… Poisons just don’t work by the stopwatch.

But also the S’s then get miraculously found by some one who gives first aid and gets them to hospital. Yet the first aider does not get poisoned!!!

I think you are a little to paranoid here. The same happened to Navalny and his wife. His wife escaped without hospitalization, Navalny was saved in an emergency ward by a doctor who suddenly died not much later of unknown causes.[1] No one in their vicinity was poisoned from helping them.

Novichok is a rather potent poison that traverses the skin does not leave traces on the skin. Navalny was poisoned by novichok sprayed in his slip. It takes some time to act, and it does not kill you on the spot when it does act. Both Navalny and his wife reported feeling ill for some time. In Navalny’s case, there was enough time to land the plane and transport Navalny to a hospital.

[1] ‘https://edition.cnn.com/2021/02/04/europe/russia-navalny-doctor-maximishin-dies-intl/index.html

Clive Robinson November 2, 2023 9:41 AM

@ Winter, ALL,

Something else of interest,

Craig Murry one of the few sources of information on what is happening to Julian Assange got pulled under UK Anti-Terror legislation on his return from Iceland,

https://thegrayzone.com/2023/10/17/assange-craig-murray-detained-uk-terror/

The questions he was asked had absolutly nothing to do with terrorism or criminal or other illegal activity.

But importantly shows the need to not carry a phone or computer or other electronic device when entering the UK.

JonKnowsNothing November 2, 2023 2:12 PM

@Clive, @ Winter, ALL

re: not carry a phone or computer or other electronic device when [crossing borders]

It is not just the UK that can snag people, pretty much any country on the planet can and does snag people on a daily bases, that have officially nothing to do with any of the standard excuses, blocking entry or exit or transit across a border. (1)

For people in the USA, we are particularly vulnerable to naive belief that our laws will carry with us as we visit Global Tourist Spots. They of course do not last once we exit US Territory. Our protection ends with The Boarding Pass. Once you have that, you are in No Mans Land and there are zero protections no matter which airport or terminal or crossing you are at.

I do not believe there is any really effective way to prevent or avoid a stop but it does not help you at all if you have any devices on your person.

Even if you do not have a device you can be required to give your login credentials to your email, social media, internet accounts before any type of release is offered. Not complying with demands for User Id and Password can, by itself, create a legal reason to charge you with a crime and send you to jail. Some of these detentions are indefinite with no judge, lawyer or counsel allowed.

Folks are pretty much like the old adage about sheep. The danger does not cross their threshold of concern until it happens to them and then it is too late.

However, if you are a US Citizen and travel outside the borders of the USA, you need to find and file a specific document with the US State Department prior to travel. This document gives the names of people a right to find out where the traveler is located and their state of health. Without this document the US State Department will not divulge the location, condition, situation of the traveler: not to their family, friends, legal counsel or congressional representative. This document is well buried and often indicated to be Not Needed. You need to file it if you want to be found.

===

1) Why would you get stopped if you didn’t do anything?

Because the NSA and LEAs run on the 3-hop rule. Similar to the 6degrees of separation and the Kevin Bacon game, but officially it was with 3 hops. It is possible this value is now bigger. Hop3 can generate the entire population of some US States.

You might be stopped just on a Hop2 or Hop3 inquiry.

  • Hop1 Everyone You Know
  • Hop2 Everyone They Know
  • Hop3 Everyone Those Folks Know

eg

  • Hop1 a Doctor You Know
  • Hop2 all the patients, doctors, colleagues, family, friends, acquaintances, conference buddies etc that doctor knows
  • Hop3 all the families, friends, relatives, coworkers, hangout friends that each of them know

ht tps://en.wikipedi a. org/wiki/Kevin_Bacon_Game

  • the assumption that anyone involved in the Hollywood film industry can be linked through their film roles to Bacon within six steps. The game’s name is a reference to “six degrees of separation”, a concept that posits that any two people on Earth are six or fewer acquaintance links apart.

h ttps://en.wikipe dia. or g/wiki/Six_degrees_of_separation

  • Six degrees of separation is the idea that all people are six or fewer social connections away from each other . As a result, a chain of “friend of a friend” statements can be made to connect any two people in a maximum of six steps. It is also known as the six handshakes rule.

Clive Robinson November 2, 2023 3:12 PM

@ JonKnowsNothing, ALL,

Re : login security when away.

“Even if you do not have a device you can be required to give your login credentials to your email, social media, internet accounts before any type of release is offered.”

I saw this comming last century, it’s why I don’t have “Social Media” or “Email” or similar of my own.

Business accounts I might or might not have access to[1] get locked whilst “I’m out” of office circulation and as such use “One Time” TAM / Tokens that don’t travel.

I assume from previous run-ins I’ve mentioned before at some point somebody is going to rattle my chain if I travel, so why give them a hand hold?

[1] You might have noticed that some business leaders have EMail addresses and similar, you might call “public” yet they don’t personally use them. That is they pay someone else to forward stuff to a private address that is not accessable from “outside the perimiter”.

It’s an increasingly sensible precaution since John Balton when part of the US Executive quite deliberately and with malice had a Chinese national falsely arrested by too compliant Canadian authorities on what were and still are effectively “phoney charges”, that in the fullness of time will get dropped.

https://www.cnbc.com/2021/09/24/huawei-cfo-meng-wanzhou-to-be-released-after-agreement-with-us-in-fraud-case.html

Winter November 2, 2023 4:22 PM

@Clive

You might have noticed that some business leaders have EMail addresses and similar, you might call “public” yet they don’t personally use them.

I believe that was the origine of the function of “secretary”, “secret writer”, he who writes confidential letters for someone else.

Clive Robinson November 2, 2023 6:05 PM

@ Winter,

“I believe that was the origine of the function of “secretary”…”

Close enough, though I don’t know which came first the function of being a scribe for a member of the aristocracy and teacher to their children or the administrative/legal handeling of private or confidential records and eventually codes and later ciphers to keep confidentiality in communications.

We also know the word journalist arises from effectively the same “record keeping” job from the latin for daily.

Oh and not to forget the accountant whose job was to keep another type of journal, the ledger where records of quantity were kept (from count and also accountable[1]).

Thus the secretary was “officially” an administrator of meetings and negotiations and similar confidentialities, with a duty of ensuring the confidentiality. Whilst a journalist was “officially” a keeper of records and decisions for the purposes of business and the like, where the function was to keep a record of actions taken and results etc, where confidentiality was not considered necessary. With the accountant keeping the record of the goods and money passing through the accounts and warehouses.

All these basic record keeping functions go back to atleast Roman times in the written forms but some we know go back way before that from excavated clay tablets where confidentiality was also achived by baking a tablet, then baking it inside to layers of clay that formed a secure envelop. But double entry book keeping is only credited to go back to the very end of the 13th Century in Florence, yet Plini the elder described it in a few brief words centuries before…

So in some senses it’s all a “Chicken or egg” situation.

[1] In later times there were two entirely independent accountants and the ledger entries were made by both in what we now call “double entry book keeping”. Basically two different methods were used and tallied up in different ways… but arived at the same figure unless there was error or fraud / theft by the employees. In modern times it is rare for there to be two independent entities making entries. Thus the question of what advantage there is to double entry book keeping in the modern age…

lurker November 2, 2023 11:55 PM

@Clive Robinson

It could have been a Traditional Chinese Medicine first-aider that found the S’s. They always carry a square of yellow silk as a barrier when takng a pulse. It is carefully folded to maintain a doctor side and a patient side.

Winter November 3, 2023 4:17 AM

@Clive

Close enough, though I don’t know which came first the function of being a scribe for a member of the aristocracy and teacher to their children or the administrative/legal handeling of private or confidential records and eventually codes and later ciphers to keep confidentiality in communications.

“Secretary” has the same root as “secret”. In German, the names of these functions start with “Geheim…” meaning “Secret …”.

Clive Robinson November 3, 2023 6:58 AM

@ Winter,

““Secretary” has the same root as “secret””

And goes back to Latin and the Romans.

The point I was making was which came first historically,

1, A person being employed as just a scribe and academic factotum, picking up the skill as the need for it arose in their employers activities.

2, A person employed because of the skill in a more formal capacity to maintain official records, some of which even in Roman times were kept confidential by codes and ciphers, thus it was a prerequisite skill.

Winter November 3, 2023 7:30 AM

@Clive

The point I was making was which came first historically,

I have no idea, but I seem to remember that Roman patricians and politicians had scribe slaves that were most certainly not allowed to divulge anything about their master’s correspondence.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.