Entries Tagged "privacy"

Page 53 of 145

NSA Has Undercover Operatives in Foreign Companies

The latest Intercept article on the Snowden documents talks about the NSA’s undercover operatives working in foreign companies. There are no specifics, although the countries China, Germany, and South Korea are mentioned. It’s also hard to tell if the NSA has undercover operatives working in companies in those countries, or has undercover contractors visiting those companies. The document is dated 2004, although there’s no reason to believe that the NSA has changed its behavior since then.

The most controversial revelation in Sentry Eagle might be a fleeting reference to the NSA infiltrating clandestine agents into “commercial entities.” The briefing document states that among Sentry Eagle’s most closely guarded components are “facts related to NSA personnel (under cover), operational meetings, specific operations, specific technology, specific locations and covert communications related to SIGINT enabling with specific commercial entities (A/B/C)””

It is not clear whether these “commercial entities” are American or foreign or both. Generally the placeholder “(A/B/C)” is used in the briefing document to refer to American companies, though on one occasion it refers to both American and foreign companies. Foreign companies are referred to with the placeholder “(M/N/O).” The NSA refused to provide any clarification to The Intercept.

That program is SENTRY OSPREY, which is a program under SENTRY EAGLE.

The document makes no other reference to NSA agents working under cover. It is not clear whether they might be working as full-time employees at the “commercial entities,” or whether they are visiting commercial facilities under false pretenses.

Least fun job right now: being the NSA person who fielded the telephone call from the Intercept to clarify that (A/B/C)/(M/N/O) thing. “Hi. We’re going public with SENTRY EAGLE next week. There’s one thing in the document we don’t understand, and we wonder if you could help us….” Actually, that’s wrong. The person who fielded the phone call had no idea what SENTRY EAGLE was. The least fun job belongs to the person up the command chain who did.

Wired article. Slashdot and Hacker News threads.

Posted on October 11, 2014 at 2:54 PMView Comments

William Binney Explains NSA Surveillance Using Snowden's Documents

Former NSA employee—not technical director, as the link says—explains how NSA bulk surveillance works, using some of the Snowden documents. Very interesting.

EDITED TO ADD (10/4): Apologies to Binney for downgrading his role at the NSA. He was not the technical director of the NSA, which is what I was thinking of, but he was a technical director at the NSA:

“In ’97, I became the technical director of the geopolitical—military
geopolitical analysis and reporting shop for the world, which was about
6,000 people,” Binney told Frontline.

Whatever the case, he does know what he’s talking about when he talks about NSA surveillance.

Posted on October 3, 2014 at 6:59 AMView Comments

Firechat

Firechat is a secure wireless peer-to-peer chat app:

Firechat is theoretically resistant to the kind of centralized surveillance that the Chinese government (as well as western states, especially the US and the UK) is infamous for. Phones connect directly to one another, establish encrypted connections, and transact without sending messages to servers where they can be sniffed and possibly decoded.

EDITED TO ADD (10/1): Firechat has security issues.

Posted on October 1, 2014 at 2:25 PMView Comments

StealthGenie CEO Indicted

StealthGenie is a Pakistani company that sells a smartphone app that allows a remote party to monitor the phone. The CEO was just indicted in the US:

“Selling spyware is not just reprehensible, it’s a crime,” Leslie Caldwell, assistant attorney general in the DOJ’s Criminal Division, said in a statement. “Apps like StealthGenie are expressly designed for use by stalkers and domestic abusers who want to know every detail of a victim’s personal life—all without the victim’s knowledge.”

This is likely to be a big deal. The company should have sold the spyware only to governments. That would have been okay.

Posted on October 1, 2014 at 10:48 AMView Comments

Security for Vehicle-to-Vehicle Communications

The National Highway Traffic Safety Administration (NHTSA) has released a report titled “Vehicle-to-Vehicle Communications: Readiness of V2V Technology for Application.” It’s very long, and mostly not interesting to me, but there are security concerns sprinkled throughout: both authentication to ensure that all the communications are accurate and can’t be spoofed, and privacy to ensure that the communications can’t be used to track cars. It’s nice to see this sort of thing thought about in the beginning, when the system is first being designed, and not tacked on at the end.

Posted on September 22, 2014 at 6:03 AMView Comments

The Concerted Effort to Remove Data Collection Restrictions

Since the beginning, data privacy regulation has focused on collection, storage, and use. You can see it in the OECD Privacy Framework from 1980 (see also this proposed update).

Recently, there has been concerted effort to focus all potential regulation on data use, completely ignoring data collection. Microsoft’s Craig Mundie argues this. So does the PCAST report. And the World Economic Forum. This is lobbying effort by US business. My guess is that the companies are much more worried about collection restrictions than use restrictions. They believe that they can slowly change use restrictions once they have the data, but that it’s harder to change collection restrictions and get the data in the first place.

We need to regulate collection as well as use. In a new essay, Chris Hoofnagle explains why.

Posted on September 12, 2014 at 6:41 AMView Comments

1 51 52 53 54 55 145

Sidebar photo of Bruce Schneier by Joe MacInnis.