Entries Tagged "surveillance"

Page 53 of 93

NSA E-Mail Eavesdropping

More Snowden documents analyzed by the Guardiantwo articles—discuss how the NSA collected e-mails and data on Internet activity of both Americans and foreigners. The program might have ended in 2011, or it might have continued under a different name. This is the program that resulted in that bizarre tale of Bush officials confronting then-Attorney General John Ashcroft in his hospital room; the New York Times story discusses that. What’s interesting is that the NSA collected this data under one legal pretense. When that justification evaporated, they searched around until they found another pretense.

This story is being picked up a bit more than the previous story, but it’s obvious that the press is fatiguing of this whole thing. Without the Ashcroft human interest bit, it would be just another story of the NSA eavesdropping on Americans—and that’s lasts week’s news.

Posted on July 2, 2013 at 6:49 AMView Comments

How the NSA Eavesdrops on Americans

Two weeks ago, the Guardian published two new Snowden documents. These outline how the NSA’s data-collection procedures allow it to collect lots of data on Americans, and how the FISA court fails to provide oversight over these procedures.

The documents are complicated, but I strongly recommend that people read both the Guardian analysis and the EFF analysis—and possibly the USA Today story.

Frustratingly, this has not become a major news story. It isn’t being widely reported in the media, and most people don’t know about it. At this point, the only aspect of the Snowden story that is in the news is the personal story. The press seems to have had its fill of the far more important policy issues.

I don’t know what there is that can be done about this, but it’s how we all lose.

Posted on July 1, 2013 at 12:16 PMView Comments

Preventing Cell Phone Theft through Benefit Denial

Adding a remote kill switch to cell phones would deter theft.

Here we can see how the rise of the surveillance state permeates everything about computer security. On the face of it, this is a good idea. Assuming it works—that 1) it’s not possible for thieves to resurrect phones in order to resell them, and 2) that it’s not possible to turn this system into a denial-of-service attack tool—it would deter crime. The general category of security is “benefit denial,” like ink tags attached to garments in retail stores and car radios that no longer function if removed. But given what we now know, do we trust that the government wouldn’t abuse this system and kill phones for other reasons? Do we trust that media companies won’t kill phones it decided were sharing copyrighted materials? Do we trust that phone companies won’t kill phones from delinquent customers? What might have been a straightforward security system becomes a dangerous tool of control, when you don’t trust those in power.

Posted on June 28, 2013 at 1:37 PMView Comments

Pre-9/11 NSA Thinking

This quote is from the Spring 1997 issue of CRYPTOLOG, the internal NSA newsletter. The writer is William J. Black, Jr., the Director’s Special Assistant for Information Warfare.

Specifically, the focus is on the potential abuse of the Government’s applications of this new information technology that will result in an invasion of personal privacy. For us, this is difficult to understand. We are “the government,” and we have no interest in invading the personal privacy of U.S. citizens.

This is from a Seymour Hersh New Yorker interview with NSA Director General Michael Hayden in 1999:

When I asked Hayden about the agency’s capability for unwarranted spying on private citizens—in the unlikely event, of course, that the agency could somehow get the funding, the computer scientists, and the knowledge to begin making sense out of the Internet—his response was heated. “I’m a kid from Pittsburgh with two sons and a daughter who are closet libertarians,” he said. “I am not interested in doing anything that threatens the American people, and threatens the future of this agency. I can’t emphasize enough to you how careful we are. We have to be so careful—to make sure that America is never distrustful of the power and security we can provide.”

It’s easy to assume that both Black and Hayden were lying, but I believe them. I believe that, 15 years ago, the NSA was entirely focused on intercepting communications outside the US.

What changed? What caused the NSA to abandon its non-US charter and start spying on Americans? From what I’ve read, and from a bunch of informal conversations with NSA employees, it was the 9/11 terrorist attacks. That’s when everything changed, the gloves came off, and all the rules were thrown out the window. That the NSA’s interests coincided with the business model of the Internet is just a—lucky, in their view—coincidence.

Posted on June 27, 2013 at 11:49 AMView Comments

New Details on Skype Eavesdropping

This article, on the cozy relationship between the commercial personal-data industry and the intelligence industry, has new information on the security of Skype.

Skype, the Internet-based calling service, began its own secret program, Project Chess, to explore the legal and technical issues in making Skype calls readily available to intelligence agencies and law enforcement officials, according to people briefed on the program who asked not to be named to avoid trouble with the intelligence agencies.

Project Chess, which has never been previously disclosed, was small, limited to fewer than a dozen people inside Skype, and was developed as the company had sometimes contentious talks with the government over legal issues, said one of the people briefed on the project. The project began about five years ago, before most of the company was sold by its parent, eBay, to outside investors in 2009. Microsoft acquired Skype in an $8.5 billion deal that was completed in October 2011.

A Skype executive denied last year in a blog post that recent changes in the way Skype operated were made at the behest of Microsoft to make snooping easier for law enforcement. It appears, however, that Skype figured out how to cooperate with the intelligence community before Microsoft took over the company, according to documents leaked by Edward J. Snowden, a former contractor for the N.S.A. One of the documents about the Prism program made public by Mr. Snowden says Skype joined Prism on Feb. 6, 2011.

Reread that Skype denial from last July, knowing that at the time the company knew that they were giving the NSA access to customer communications. Notice how it is precisely worded to be technically accurate, yet leave the reader with the wrong conclusion. This is where we are with all the tech companies right now; we can’t trust their denials, just as we can’t trust the NSA—or the FBI—when it denies programs, capabilities, or practices.

Back in January, we wondered whom Skype lets spy on their users. Now we know.

Posted on June 20, 2013 at 2:42 PMView Comments

Petition the NSA to Subject its Surveillance Program to Public Comment

I have signed a petition calling on the NSA to “suspend its domestic surveillance program pending public comment.” This is what’s going on:

In a request today to National Security Agency director Keith Alexander and Defense Secretary Chuck Hagel, the group argues that the NSA’s recently revealed domestic surveillance program is “unlawful” because the agency neglected to request public comments first. A federal appeals court previously ruled that was necessary in a lawsuit involving airport body scanners.

“In simple terms, a line has been crossed,” Marc Rotenberg, executive director of the Electronic Privacy Information Center, told CNET. “The agency’s function has been transformed, and we think the public should have an opportunity to say something about that.”

It’s an ambitious—and untested—legal argument. No court appears to have ever ruled that the Administrative Procedure Act, which can require agencies to solicit public comment, has applied to the supersecret intelligence community. The APA explicitly excludes from judicial review, for instance, “military authority exercised in the field in time of war.”

EPIC is relying on a July 2011 decision (PDF) it obtained from the U.S. Court of Appeals for the D.C. Circuit dealing with installing controversial full-body scanners at airports. The Transportation Security Agency, the court said, was required to obtain comment on a rule that “substantively affects the public.”

This isn’t an empty exercise. While it’s unlikely that a judge will order the NSA to suspend the program pending public approval, the process will put pressure on Washington to subject the NSA to more oversight, and pressure the NSA into more transparency. We’ve used these tactics before. Two decades ago, EPIC launched a similar petition against the Clipper Chip, a process that eventually led to the Clinton administration and the FBI abandoning the effort. And EPIC’s more recent action against TSA full-body scanners is one of the reasons we have privacy safeguards on the millimeter wave scanners they are still using.

The more people who sign this petition, this, the clearer the message it sends to Washington: a message that people care about the privacy of their telephone records, Internet transactions, and online communications. Secret judges should not be allowed to use secret interpretations of secret laws to authorize the NSA to engage in domestic surveillance. Sooner or later, a court is going to recognize that. Until then, the more noise the better.

Add your voice here. It just might work.

Posted on June 19, 2013 at 2:18 PMView Comments

Details of NSA Data Requests from US Corporations

Facebook (here), Apple (here), and Yahoo (here) have all released details of US government requests for data. They each say that they’ve turned over user data for about 10,000 people, although the time frames are different. The exact number isn’t important; what’s important is that it’s much lower than the millions implied by the PRISM document.

Now the big question: do we believe them? If we don’t, what would it take before we did believe them?

Posted on June 18, 2013 at 4:00 PMView Comments

1 51 52 53 54 55 93

Sidebar photo of Bruce Schneier by Joe MacInnis.