Entries Tagged "ACLU"

Page 3 of 4

NSA's Domestic Spying

This article from The Wall Street Journal outlines how the NSA is increasingly engaging in domestic surveillance, data collection, and data mining. The result is essentially the same as Total Information Awareness.

According to current and former intelligence officials, the spy agency now monitors huge volumes of records of domestic emails and Internet searches as well as bank transfers, credit-card transactions, travel and telephone records. The NSA receives this so-called “transactional” data from other agencies or private companies, and its sophisticated software programs analyze the various transactions for suspicious patterns. Then they spit out leads to be explored by counterterrorism programs across the U.S. government, such as the NSA’s own Terrorist Surveillance Program, formed to intercept phone calls and emails between the U.S. and overseas without a judge’s approval when a link to al Qaeda is suspected.

[…]

Two former officials familiar with the data-sifting efforts said they work by starting with some sort of lead, like a phone number or Internet address. In partnership with the FBI, the systems then can track all domestic and foreign transactions of people associated with that item — and then the people who associated with them, and so on, casting a gradually wider net. An intelligence official described more of a rapid-response effect: If a person suspected of terrorist connections is believed to be in a U.S. city — for instance, Detroit, a community with a high concentration of Muslim Americans — the government’s spy systems may be directed to collect and analyze all electronic communications into and out of the city.

The haul can include records of phone calls, email headers and destinations, data on financial transactions and records of Internet browsing. The system also would collect information about other people, including those in the U.S., who communicated with people in Detroit.

The information doesn’t generally include the contents of conversations or emails. But it can give such transactional information as a cellphone’s location, whom a person is calling, and what Web sites he or she is visiting. For an email, the data haul can include the identities of the sender and recipient and the subject line, but not the content of the message.

Intelligence agencies have used administrative subpoenas issued by the FBI — which don’t need a judge’s signature — to collect and analyze such data, current and former intelligence officials said. If that data provided “reasonable suspicion” that a person, whether foreign or from the U.S., was linked to al Qaeda, intelligence officers could eavesdrop under the NSA’s Terrorist Surveillance Program.

[…]

The NSA uses its own high-powered version of social-network analysis to search for possible new patterns and links to terrorism. The Pentagon’s experimental Total Information Awareness program, later renamed Terrorism Information Awareness, was an early research effort on the same concept, designed to bring together and analyze as much and as many varied kinds of data as possible. Congress eliminated funding for the program in 2003 before it began operating. But it permitted some of the research to continue and TIA technology to be used for foreign surveillance.

Some of it was shifted to the NSA — which also is funded by the Pentagon — and put in the so-called black budget, where it would receive less scrutiny and bolster other data-sifting efforts, current and former intelligence officials said. “When it got taken apart, it didn’t get thrown away,” says a former top government official familiar with the TIA program.

Two current officials also said the NSA’s current combination of programs now largely mirrors the former TIA project. But the NSA offers less privacy protection. TIA developers researched ways to limit the use of the system for broad searches of individuals’ data, such as requiring intelligence officers to get leads from other sources first. The NSA effort lacks those controls, as well as controls that it developed in the 1990s for an earlier data-sweeping attempt.

Barry Steinhardt of the ACLU comments:

I mean, when we warn about a “surveillance society,” this is what we’re talking about. This is it, this is the ballgame. Mass data from a wide variety of sources — including the private sector — is being collected and scanned by a secretive military spy agency. This represents nothing less than a major change in American life — and unless stopped the consequences of this system for everybody will grow in magnitude along with the rivers of data that are collected about each of us — and that’s more and more every day.

More commentary.

Posted on March 26, 2008 at 6:02 AMView Comments

Gitmo Manual Leaked

A 2003 “Camp Delta Standard Operating Procedures” manual has been leaked to the Internet. This is the same manual that the ACLU has unsuccessfully sued the government to get a copy of. Others can debate the legality of some of the procedures; I’m interested in comments about the security.

See, for example, this quote on page 27.3:

(b) Upon arrival will enter the gate by entering the number (1998) in the combination lock

(c) Proceed to the junction box with the number (7012-83) Breaker Box and open the boc. The number for the lock on the breaker box is (224).

Posted on November 20, 2007 at 6:49 AMView Comments

Federal Judge Strikes Down National-Security-Letter Provision of Patriot Act

Article, ACLU press release, some legal commentary, and actual decision.

From the article:

The ACLU had challenged the law on behalf of an Internet service provider, complaining that the law allowed the FBI to demand records without the kind of court supervision required for other government searches. Under the law, investigators can issue so-called national security letters to entities like Internet service providers and phone companies and demand customers’ phone and Internet records.

In his ruling, Marrero said much more was at stake than questions about the national security letters.

He said Congress, in the original USA Patriot Act and less so in a 2005 revision, had essentially tried to legislate how the judiciary must review challenges to the law. If done to other bills, they ultimately could all “be styled to make the validation of the law foolproof.”

Noting that the courthouse where he resides is several blocks from the fallen World Trade Center, the judge said the Constitution was designed so that the dangers of any given moment could never justify discarding fundamental individual liberties.

He said when “the judiciary lowers its guard on the Constitution, it opens the door to far-reaching invasions of liberty.”

Regarding the national security letters, he said, Congress crossed its boundaries so dramatically that to let the law stand might turn an innocent legislative step into “the legislative equivalent of breaking and entering, with an ominous free pass to the hijacking of constitutional values.”

He said the ruling does not mean the FBI must obtain the approval of a court prior to ordering records be turned over, but rather must justify to a court the need for secrecy if the orders will last longer than a reasonable and brief period of time.

Note that judge immediately stayed his decision, pending appeal.

EDITED TO ADD (9/9): More legal commentary.

Posted on September 7, 2007 at 10:05 AMView Comments

Cloning RFID Chips Made by HID

Remember the Cisco fiasco from BlackHat 2005? Next in the stupid box is RFID-card manufacturer HID, who has prevented Chris Paget from presenting research on how to clone those cards.

Won’t these companies ever learn? HID won’t prevent the public from learning about the vulnerability, and they will end up looking like heavy handed goons. And it’s not even secret; Paget demonstrated the attack to me and others at the RSA Conference last month.

There’s a difference between a security flaw and information about a security flaw; HID needs to fix the first and not worry about the second. Full disclosure benefits us all.

EDITED TO ADD (2/28): The ACLU is presenting instead.

Posted on February 28, 2007 at 12:00 PMView Comments

Schneier on Video: Security Theater Against Movie Plot Threats

On June 10, 2006, I gave a talk at the ACLU New Jersey Membership Conference: “Counterterrorism in America: Security Theater Against Movie-Plot Threats.” Here’s the video.

EDITED TO ADD (2/10): The video is a little over an hour long. You can download the .WMV version directly here. It will play in the cross-platform, GPL VLC media player, but you may need to upgrade to the most recent version (0.8.6).

EDITED TO ADD (2/11): Someone put the video up on Google Video.

Posted on February 9, 2007 at 1:07 PMView Comments

Hackers Clone RFID Passports

It was demonstrated today at the BlackHat conference.

Grunwald says it took him only two weeks to figure out how to clone the passport chip. Most of that time he spent reading the standards for e-passports that are posted on a website for the International Civil Aviation Organization, a United Nations body that developed the standard. He tested the attack on a new European Union German passport, but the method would work on any country’s e-passport, since all of them will be adhering to the same ICAO standard.

In a demonstration for Wired News, Grunwald placed his passport on top of an official passport-inspection RFID reader used for border control. He obtained the reader by ordering it from the maker — Walluf, Germany-based ACG Identification Technologies — but says someone could easily make their own for about $200 just by adding an antenna to a standard RFID reader.

He then launched a program that border patrol stations use to read the passports — called Golden Reader Tool and made by secunet Security Networks — and within four seconds, the data from the passport chip appeared on screen in the Golden Reader template.

Grunwald then prepared a sample blank passport page embedded with an RFID tag by placing it on the reader — which can also act as a writer — and burning in the ICAO layout, so that the basic structure of the chip matched that of an official passport.

As the final step, he used a program that he and a partner designed two years ago, called RFDump, to program the new chip with the copied information.

The result was a blank document that looks, to electronic passport readers, like the original passport.

I’ve long been opposed (that last link is an op-ed from The International Herald-Tribune) to RFID chips in passports, although last year I — mistakenly — withdrew my objections based on the security measures the State Department was taking.

That’s silly. I’m not opposed to chips on ID cards, I am opposed to RFID chips. My fear is surreptitious access: someone could read the chip and learn your identity without your knowledge or consent.

Sure, the State Department is implementing security measures to prevent that. But as we all know, these measures won’t be perfect. And a passport has a ten-year lifetime. It’s sheer folly to believe the passport security won’t be hacked in that time. This hack took only two weeks!

The best way to solve a security problem is not to have it at all. If there’s an RFID chip on your passport, or any of your identity cards, you have to worry about securing it. If there’s no RFID chip, then the security problem is solved.

Until I hear a compelling case for why there must be an RFID chip on a passport, and why a normal smart-card chip can’t do, I am opposed to the idea.

Crossposted to the ACLU blog.

Posted on August 3, 2006 at 3:45 PMView Comments

Britain Adopts Threat Levels

Taking a cue from a useless American idea, the UK has announced a system of threat levels:

“Threat levels are designed to give a broad indication of the likelihood of a terrorist attack,” the intelligence.gov.uk website said in a posting. “They are based on the assessment of a range of factors including current intelligence, recent events and what is known about terrorist intentions and capabilities. This information may well be incomplete and decisions about the appropriate security response are made with this in mind.”

Unlike the previous secret grading system offering seven levels of threat, the new system has been simplified to five, starting with “low,” meaning an attack is unlikely, to “critical,” meaning an attack is expected imminently. Unlike American threat assessments, the British system is not color-coded.

The current level is “severe”:

“Severe” is the second-highest threat level, but the Web site did not say what kind of attack was likely. The assessment is roughly the same as it has been for a year.

I wrote about the stupidity of this sort of system back in 2004:

In theory, the warnings are supposed to cultivate an atmosphere of preparedness. If Americans are vigilant against the terrorist threat, then maybe the terrorists will be caught and their plots foiled. And repeated warnings brace Americans for the aftermath of another attack.

The problem is that the warnings don’t do any of this. Because they are so vague and so frequent, and because they don’t recommend any useful actions that people can take, terror threat warnings don’t prevent terrorist attacks. They might force a terrorist to delay his plan temporarily, or change his target. But in general, professional security experts like me are not particularly impressed by systems that merely force the bad guys to make minor modifications in their tactics.

And the alerts don’t result in a more vigilant America. It’s one thing to issue a hurricane warning, and advise people to board up their windows and remain in the basement. Hurricanes are short-term events, and it’s obvious when the danger is imminent and when it’s over. People can do useful things in response to a hurricane warning; then there is a discrete period when their lives are markedly different, and they feel there was utility in the higher alert mode, even if nothing came of it.

It’s quite another thing to tell people to be on alert, but not to alter their plans?as Americans were instructed last Christmas. A terrorist alert that instills a vague feeling of dread or panic, without giving people anything to do in response, is ineffective. Indeed, it inspires terror itself. Compare people’s reactions to hurricane threats with their reactions to earthquake threats. According to scientists, California is expecting a huge earthquake sometime in the next two hundred years. Even though the magnitude of the disaster will be enormous, people just can’t stay alert for two centuries. The news seems to have generated the same levels of short-term fear and long-term apathy in Californians that the terrorist warnings do. It’s human nature; people simply can’t be vigilant indefinitely.

[…]

This all implies that if the government is going to issue a threat warning at all, it should provide as many details as possible. But this is a catch-22: Unfortunately, there’s an absolute limit to how much information the government can reveal. The classified nature of the intelligence that goes into these threat alerts precludes the government from giving the public all the information it would need to be meaningfully prepared.

[…]

A terror alert that instills a vague feeling of dread or panic echoes the very tactics of the terrorists. There are essentially two ways to terrorize people. The first is to do something spectacularly horrible, like flying airplanes into skyscrapers and killing thousands of people. The second is to keep people living in fear with the threat of doing something horrible. Decades ago, that was one of the IRA’s major aims. Inadvertently, the DHS is achieving the same thing.

There’s another downside to incessant threat warnings, one that happens when everyone realizes that they have been abused for political purposes. Call it the “Boy Who Cried Wolf” problem. After too many false alarms, the public will become inured to them. Already this has happened. Many Americans ignore terrorist threat warnings; many even ridicule them. The Bush administration lost considerable respect when it was revealed that August’s New York/Washington warning was based on three-year-old information. And the more recent warning that terrorists might target cheap prescription drugs from Canada was assumed universally to be politics-as-usual.

Repeated warnings do more harm than good, by needlessly creating fear and confusion among those who still trust the government, and anesthetizing everyone else to any future alerts that might be important. And every false alarm makes the next terror alert less effective.

The Bush administration used this system largely as a political tool. Perhaps Tony Blair has the same idea.

Crossposted to the ACLU blog.

Posted on August 2, 2006 at 4:01 PMView Comments

The DHS Secretly Shares European Passenger Data in Violation of Agreement

From the ACLU:

In 2003, the United States and the European Union reached an agreement under which the EU would share Passenger Name Record (PNR) data with the U.S., despite the lack of privacy laws in the United States adequate to ensure Europeans’ privacy. In return, DHS agreed that the passenger data would not be used for any purpose other than preventing acts of terrorism or other serious crimes. It is now clear that DHS did not abide by that agreement.

Posted on May 8, 2006 at 6:34 AMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.