Advertisements

Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election

Matthew Cole, , ,  report: Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based.  Read the rest of this entry »

Advertisements

Yahoo Prevails in Secretive Surveillance Court Battle

Shutterstock

The public is getting a broader glimpse at the still-secretive world of government data collection

Yahoo said Thursday it won release of 1,500 pages of documents filed in a secretive surveillance court. It said the documents stem from an unsuccessful lawsuit it brought in 2008 challenging the government’s right to demand user information.Yahoo Headquarters

“At one point, the U.S. Government threatened the imposition of $250,000 in fines per day if we refused to comply.”

— Ron Bell, Yahoo’s lawyer

The company won a victory last year when portions of previously-closed documents were ordered public. As it noted Thursday, disclosures from the Foreign Intelligence Surveillance Court are “extremely rare.”

The documents are a public relations victory for Yahoo: They show it resisting orders to comply with the surveillance programs.

“Yahoo has not complied with the directives because of concerns that the directives require Yahoo to assist in conducting warrantless surveillance that is likely to capture private communications of United States citizens located in the U.S. and abroad,” Yahoo wrote in a legal document, arguing the orders violated “the privacy of U.S. citizens.”

The government put great pressure on Yahoo to comply with its order, the company said. Read the rest of this entry »


Obama Extends Bulk Phone Data Collection Program To September

viv-light-nsa

For National Review OnlineJoel Gehrke reports: President Obama extended the National Security Agency program until September by convincing a judge to reauthorize the existing program as his administration promises to work with Congress to pass legislation that would circumscribe the bulk collection of American phone records.

Shutterstock

Shutterstock

“We’re doing something unnecessary and unpredictable here, which might make the public feel better, but would not be good for national security, which is what our job is.”

— Senator Jay Rockefeller (D., W.Va.), a former Intelligence Committee chairman

The request that the program be reauthorized was approved Thursday. “[G]iven the importance of maintaining the capabilities of the Section 215 telephony metadata program, the government has sought a 90-day reauthorization of the existing program, as modified by the changes the president announced earlier this year,” a statement released by the Justice Department and the Office of the Director of National Intelligence revealed late Friday.   Read the rest of this entry »


The Menace of Secret Government

aa-government-secrecy-top-secret-stamp

Obama’s proposed intelligence reforms fail to safeguard civil liberties

For Reason writes:  In January, President Barack Obama made a much-anticipated speech at the Department of Justice outlining proposed reforms of the domestic surveillance programs run by the National Security Agency (NSA). The secretive spy agency has taken a public battering ever since former NSA contractor Edward Snowden began blowing the whistle on its clandestine collection of basically every American’s telephone records.

“We will reform programs and procedures in place to provide greater transparency to our surveillance activities, and fortify the safeguards that protect the privacy of U.S. persons,” the president proclaimed. Unfortunately, Obama’s don't-spy-on-me-logoproposed changes to domestic surveillance programs are not nearly transparent enough, and fail to adequately protect the privacy of Americans.

In January, the federal government’s Privacy and Civil Liberties Oversight Board, an independent agency charged by Congress with advising the president on the privacy and civil liberties repercussions relating to fighting terrorism, concluded that the NSA’s domestic surveillance “implicates constitutional concerns under the First and Fourth Amendments, raises serious threats to privacy and civil liberties as a policy matter, and has shown only limited value.” How limited? “We have not identified a single instance involving a threat to the United States in which the telephone records program made a concrete difference in the outcome of a counterterrorism investigation.”

The oversight board recommended that the surveillance program be terminated. In his speech, the president said that he had consulted with the board. Yet he did not heed its advice.

eye_of_the_one_dollar_pyramidInstead of ending the unconstitutional domestic telecommunications spying program, Obama offered what he insisted were “a series of concrete and substantial reforms.” These include a new executive order on signals intelligence-that is, data connected with private communications-instructing surveillance agencies that “privacy and civil liberties shall be integral considerations.”

The order further admonishes intelligence bureaucrats to make sure their spying actually provides some benefit greater than the embarrassment officials will surely suffer should they be disclosed. This is the “front page test,” or how officials would feel if what they are doing were reported on the front page of a newspaper. If discovery equals discomfort, then maybe they shouldn’t be doing it in the first place. Read the rest of this entry »


Obama: Leading from Behind on NSA

Obama_RunningGary Schmitt  writes:  Thankfully, President Obama is not a doctor.  If he was and you happened to visit him in his office and mentioned that you were worried about the potential for lung cancer, he’d immediately put you under, open you up, and pull out a lung—or, at least, that’s the logic that seems to be guiding his decisions on NSA’s collection programs.  Yes, no one has found any evidence that NSA has broken the law, invaded constitutionally-protected privacy rights, or is about to.  But never mind, it’s the very possibility that someday, somehow, NSA will jump the tracks that requires the president now to unduly complicate the use of what he admits has been an important counterterrorism tool.

Read the rest of this entry »


6 Whopping Government Misstatements About NSA Spying

Sen. Dianne Feinstein (D-California) and chair of the Senate Intelligence Committee, is among many government officials uttering misstatements in the wake of the Edward Snowden NSA leaks. Photo: Jacquelyn Martin/AP

Sen. Dianne Feinstein (D-California) and chair of the Senate Intelligence Committee, is among many government officials uttering misstatements in the wake of the Edward Snowden NSA leaks. Photo: Jacquelyn Martin/AP

Whistleblower Edward Snowden’s leaks about NSA spying have set off a fierce global debate about security and privacy in the internet age.

The revelations of the United States performing mass surveillance on an international scale have also unleashed an avalanche of government misstatements aimed at defending, or even denying, the NSA’s dragnet surveillance. We’ve gone through them and picked out some of the biggest whoppers. Read the rest of this entry »


The NSA machine: Too big for anyone to understand

NSApix
WASHINGTON (AP) — The surveillance machine grew too big for anyone to understand.

The National Security Agency set it in motion in 2006 and the vast network of supercomputers, switches and wiretaps began gathering Americans’ phone and Internet records by the millions, looking for signs of terrorism. Read the rest of this entry »


NSA Illegally Gorged on U.S. Phone Records for Three Years

What happens when a secret U.S. court allows the National Security Agency access to a massive pipeline of U.S. phone call metadata, along with strict rules on how the spy agency can use the information?

The NSA promptly violated those rules — “since the earliest days” of the program’s 2006 inception — carrying out thousands of inquiries on phone numbers without any of the court-ordered screening designed to protect Americans from illegal government surveillance. Read the rest of this entry »


Court: NSA collected domestic emails, violating the Constitution

By Brendan Sasso and Carlo Muñoz

The Obama administration on Wednesday revealed that the National Security Agency (NSA) improperly collected emails from people in the United States with no connection to terrorism beginning in 2008.

The NSA collected as many as many as 56,000 emails from Americans before the mistake was identified.

The Foreign Intelligence Surveillance Court concluded that the surveillance was unconstitutional after it was notified of it in 2011. In an 86-page opinion that was declassified on Wednesday, the court ordered the NSA to take steps to limit the information it collects and how long it keeps it.

In the opinion, Judge John D. Bates admonished the NSA for a ” substantial misrepresentation” of the scope of its surveillance.

Officials said the surveillance was inadvertent, and insisted that the agency ended it in 2011.

Read the rest of this entry »


NSA broke privacy rules thousands of times per year, audit finds

By Barton Gellman

The National Security Agency has broken privacy rules or overstepped its legal authority thousands of times each year since Congress granted the agency broad new powers in 2008, according to an internal audit and other top-secret documents.

Most of the infractions involve unauthorized surveillance of Americans or foreign intelligence targets in the United States, both of which are restricted by statute and executive order. They range from significant violations of law to typographical errors that resulted in unintended interception of U.S. e-mails and telephone calls.

The documents, provided earlier this summer to The Washington Post by former NSA contractor Edward Snowden, include a level of detail and analysis that is not routinely shared with Congress or the special court that oversees surveillance. In one of the documents, agency personnel are instructed to remove details and substitute more generic language in reports to the Justice Department and the Office of the Director of National Intelligence.

In one instance, the NSA decided that it need not report the unintended surveillance of Americans. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a programming error confused the U.S. area code 202 for 20, the international dialing code for Egypt, according to a “quality assurance” review that was not distributed to the NSA’s oversight staff.

In another case, the Foreign Intelligence Surveillance Court, which has authority over some NSA operations, did not learn about a new collection method until it had beenin operation for many months. The court ruled it unconstitutional.

[FISA judge: Ability to police U.S. spying program is limited]

The Obama administration has provided almost no public information about the NSA’s compliance record. In June, after promising to explain the NSA’s record in “as transparent a way as we possibly can,” Deputy Attorney General James Cole described extensive safeguards and oversight that keep the agency in check. “Every now and then, there may be a mistake,” Cole said in congressional testimony.

Read the rest of this entry »


Whistleblowers NSA warning: Just the tip of the iceberg

The National Security Agency’s collection of phone data from all of Verizon’s U.S. customers is just the “tip of the iceberg,” says a former NSA official who estimates the agency has data on as many as 20 trillion phone calls and emails by U.S. citizens.

William Binney, an award-winning mathematician and noted NSA whistleblower, says the collection dates back to when the super-secret agency began domestic surveillance after the Sept. 11 attacks.

“I believe they’ve been collecting data about all domestic calls since October 2001,” said Mr. Binney, who worked at NSA for more than 30 years. “That’s more than a billion calls a day.”

He called his figures “back of the envelope” estimates, adding that they include emails as well as telephone calls.

Mr. Binney, who left the agency in October 2001, said the data were collected under a highly classified NSA program code-named “Stellar Wind,” which was part of the warrantless domestic wiretapping effort — the Terrorist Surveillance Program — launched on orders from President George W. Bush.

The Terrorist Surveillance Program was revealed by The New York Times in 2005, but officials said it only monitored calls between Americans and suspected terrorists abroad. The Bush administration said it based the program’s legal authority on the president’s powers as commander-in-chief.

Congress subsequently amended the law governing wiretapping by spy agencies — the 1978 Foreign Intelligence Surveillance Act (FISA) — to provide legislative authority for the program and require supervision by the special secret court the 1978 act established.

Britain’s Guardian newspaper posted online late Wednesday a copy of the “Top Secret” FISA court order directing telecommunications giant Verizon to hand over “metadata” about every call made or received by all of its customers in the United States. Such metadata include the calling and receiving phone numbers, the time of day and length of the call, and the whereabouts of the two parties.

Mr. Binney noted the order’s serial number, which indicates it is the 80th issued by the FISA court so far this year. The court likely has approved similar orders for the other major U.S. telecom providers, he said, “and they have to be renewed every 90 days.”

The order excludes the actual content of communications, such as the sound of voices on the call or the text of an email.

“On its face, the order reprinted in the [Guardian] article does not allow the Government to listen in on anyone’s telephone calls,” a senior U.S. government official said in an email.

Democrats and Republicans on the congressional intelligence committees defended the order Thursday, asserting that the wide-scale collection of such data had enabled authorities to disrupt at least one terrorist attack and noting that a warrant would still be required to access the actual content of calls.

But Stephen B. Wicker, a professor of electrical and computer engineering at Cornell University, said the practical distinction between the metadata of calls and their content is rapidly disappearing because of technological advances, such as GPS features in mobile phones.

“There is a blurring of the line between content and context,” said Mr. Wicker, whose research focuses on privacy issues in wireless information networks.

Read the rest of this entry »


Why the NSA Prism Program Could Kill U.S. Tech Companies

Within 24 hours, the leak of two documentshas revealed a vast network of National Security Agency (NSA) surveillance operations that were authorized by FISA (Foreign Intelligence Surveillance Act) courts with the oversight of the U.S. Congress.
The first document, which Popular Mechanics detailed yesterday, was a FISA court order demanding all telephony metadata from Verizon Business Network Services over a three-month period, though it hinted at a much broader program of call log data mining. The second document referred to a different—and apparently much larger—program aimed at real-time analysis of web traffic from nine large technology firms, including Microsoft, Yahoo, Google, Apple, and (“coming soon”) Dropbox. Details are still murky, but it’s clear that this was not some clandestine sniffing effort—it was done with the full cooperation of the companies involved (though many of the companieshave denied that this represents an automatic backdoor into their servers).According to the document, a bizarrely low-budget internal PowerPoint from the NSA, this Prism surveillance program could give the NSA access to email, video chat, VoIP conversations, photos, and stored data from the participating companies. Unlike the call data collection program, this program focuses on mining the content of online communication, not just the metadata about them, and is potentially a much greater privacy intrusion. James Clapper, the director of national intelligence, said in a statement that the Prism program “could not be used to intentionally target any U.S. citizen”—a statement that, given the nature of how data mining is done, should do little to allay the fears of civil libertarians.

Let’s say we take Clapper at his word: How much should we worry about a program that is aimed at monitoring the digital communications of foreigners? We should worry quite a bit, because this issue goes far beyond just respecting the civil liberties of non-Americans.

Think for a second about just how the U.S. economy has changed in the last 40 years. While a large percentage of our economy is still based in manufacturing, some of the most ascendant U.S. companies since the 1970s have been in the information technology sector. Companies such as Microsoft, Apple, and Google are major exporters of information services (if you can think of such a thing as “exportable”) through products such as Gmail, iCloud, Exchange, and Azure. Hundreds of millions of people use these services worldwide, and it has just been revealed to everybody outside the U.S. that our government reserves the right to look into their communications whenever it wants.

If you lived in Japan, India, Australia, Mexico, or Brazil, and you used Gmail, or synced your photos through iCloud, or chatted via Skype, how would you feel about that? Let’s say you ran a business in those countries that relied upon information services from a U.S. company. Don’t these revelations make using such a service a business liability? In fact, doesn’t this news make it a national security risk for pretty much any other country to use information services from companies based in the U.S.? How should we expect the rest of the world to react?

Here’s a pretty good guess: Other countries will start routing around the U.S. information economy by developing, or even mandating, their own competing services. In 2000, the European Union worked out a series of “Safe Harbor” regulations mandating privacy protection standards for companies storing E.U. citizens’ data on servers outside of the E.U. For U.S. companies, that means applying stronger privacy protection for European data than for our own citizens’ data. And now there is considerable reason to believe that Prism violated our Safe Harbor agreements with the E.U.

Has it come to this? Are we really willing to let the fear of terrorism threaten one of the most important sectors of the U.S. economy? Frankly, I expect the Prism program to fall apart on its own, not because of public outcry but because the companies that participated will now see it as a toxic association that could threaten their status in fast-growing foreign markets. If U.S. intelligence agencies try to compel participation through the courts, I expect companies such as Apple and Google to start putting up a legal fight—not just because Prism is bad public relations, because it’s bad for business.

via Popular Mechanics