Posts Tagged ‘mass surveillance’

NSA Whistleblower Thomas Drake speaks at National Press Club

July 7, 2013

Edward Snowden is not the only NSA whistleblower. Another is Thomas Drake.

GCHQ taps fibre-optic cables for secret access to world’s communications

June 21, 2013

Exclusive: British spy agency collects and stores vast quantities of global email messages, Facebook posts, internet histories and calls, and shares them with NSA, latest documents from Edward Snowden reveal

GCHQ Mastering the Internet

GCHQ Mastering the Internet

Britain’s spy agency GCHQ has secretly gained access to the network of cables which carry the world’s phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).

The sheer scale of the agency’s ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.

One key innovation has been GCHQ’s ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.

GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.

This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user’s access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.

The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called “the largest programme of suspicionless surveillance in human history”.

“It’s not just a US problem. The UK has a huge dog in this fight,” Snowden told the Guardian. “They [GCHQ] are worse than the US.”

However, on Friday a source with knowledge of intelligence argued that the data was collected legally under a system of safeguards, and had provided material that had led to significant breakthroughs in detecting and preventing serious crime.

Britain’s technical capacity to tap into the cables that carry the world’s communications – referred to in the documents as special source exploitation – has made GCHQ an intelligence superpower.

By 2010, two years after the project was first trialled, it was able to boast it had the “biggest internet access” of any member of the Five Eyes electronic eavesdropping alliance, comprising the US, UK, Canada, Australia and New Zealand.

UK officials could also claim GCHQ “produces larger amounts of metadata than NSA”. (Metadata describes basic information on who has been contacting whom, without detailing the content.)

By May last year 300 analysts from GCHQ, and 250 from the NSA, had been assigned to sift through the flood of data.

The Americans were given guidelines for its use, but were told in legal briefings by GCHQ lawyers: “We have a light oversight regime compared with the US”.

When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was “your call”.

The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.

The documents reveal that by last year GCHQ was handling 600m “telephone events” each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time.

GCHQ collect it all

GCHQ collect it all

Each of the cables carries data at a rate of 10 gigabits per second, so the tapped cables had the capacity, in theory, to deliver more than 21 petabytes a day – equivalent to sending all the information in all the books in the British Library 192 times every 24 hours.

And the scale of the programme is constantly increasing as more cables are tapped and GCHQ data storage facilities in the UK and abroad are expanded with the aim of processing terabits (thousands of gigabits) of data at a time.

For the 2 billion users of the world wide web, Tempora represents a window on to their everyday lives, sucking up every form of communication from the fibre-optic cables that ring the world.

The NSA has meanwhile opened a second window, in the form of the Prism operation, revealed earlier this month by the Guardian, from which it secured access to the internal systems of global companies that service the internet.

The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.

This was done under secret agreements with commercial companies, described in one document as “intercept partners”.

The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned “sensitive relationship teams” and staff were urged in one internal guidance paper to disguise the origin of “special source” material in their reports for fear that the role of the companies as intercept partners would cause “high-level political fallout”.

The source with knowledge of intelligence said on Friday the companies were obliged to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables.

“There’s an overarching condition of the licensing of the companies that they have to co-operate in this. Should they decline, we can compel them to do so. They have no choice.”

The source said that although GCHQ was collecting a “vast haystack of data” what they were looking for was “needles”.

“Essentially, we have a process that allows us to select a small number of needles in a haystack. We are not looking at every piece of straw. There are certain triggers that allow you to discard or not examine a lot of data so you are just looking at needles. If you had the impression we are reading millions of emails, we are not. There is no intention in this whole programme to use it for looking at UK domestic traffic – British people talking to each other,” the source said.

He explained that when such “needles” were found a log was made and the interception commissioner could see that log.

“The criteria are security, terror, organised crime. And economic well-being. There’s an auditing process to go back through the logs and see if it was justified or not. The vast majority of the data is discarded without being looked at … we simply don’t have the resources.”

However, the legitimacy of the operation is in doubt. According to GCHQ’s legal advice, it was given the go-ahead by applying old law to new technology. The 2000 Regulation of Investigatory Powers Act (Ripa) requires the tapping of defined targets to be authorised by a warrant signed by the home secretary or foreign secretary.

However, an obscure clause allows the foreign secretary to sign a certificate for the interception of broad categories of material, as long as one end of the monitored communications is abroad. But the nature of modern fibre-optic communications means that a proportion of internal UK traffic is relayed abroad and then returns through the cables.

Parliament passed the Ripa law to allow GCHQ to trawl for information, but it did so 13 years ago with no inkling of the scale on which GCHQ would attempt to exploit the certificates, enabling it to gather and process data regardless of whether it belongs to identified targets.

The categories of material have included fraud, drug trafficking and terrorism, but the criteria at any one time are secret and are not subject to any public debate. GCHQ’s compliance with the certificates is audited by the agency itself, but the results of those audits are also secret.

An indication of how broad the dragnet can be was laid bare in advice from GCHQ’s lawyers, who said it would be impossible to list the total number of people targeted because “this would be an infinite list which we couldn’t manage”.

There is an investigatory powers tribunal to look into complaints that the data gathered by GCHQ has been improperly used, but the agency reassured NSA analysts in the early days of the programme, in 2009: “So far they have always found in our favour”.

Historically, the spy agencies have intercepted international communications by focusing on microwave towers and satellites. The NSA’s intercept station at Menwith Hill in North Yorkshire played a leading role in this. One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: “Why can’t we collect all the signals all the time? Sounds like a good summer project for Menwith.”

By then, however, satellite interception accounted for only a small part of the network traffic. Most of it now travels on fibre-optic cables, and the UK’s position on the western edge of Europe gave it natural access to cables emerging from the Atlantic.

The data collected provides a powerful tool in the hands of the security agencies, enabling them to sift for evidence of serious crime. According to the source, it has allowed them to discover new techniques used by terrorists to avoid security checks and to identify terrorists planning atrocities. It has also been used against child exploitation networks and in the field of cyberdefence.

It was claimed on Friday that it directly led to the arrest and imprisonment of a cell in the Midlands who were planning co-ordinated attacks; to the arrest of five Luton-based individuals preparing acts of terror, and to the arrest of three London-based people planning attacks prior to the Olympics.

As the probes began to generate data, GCHQ set up a three-year trial at the GCHQ station in Bude, Cornwall. By the summer of 2011, GCHQ had probes attached to more than 200 internet links, each carrying data at 10 gigabits a second. “This is a massive amount of data!” as one internal slideshow put it. That summer, it brought NSA analysts into the Bude trials. In the autumn of 2011, it launched Tempora as a mainstream programme, shared with the Americans.

The intercept probes on the transatlantic cables gave GCHQ access to its special source exploitation. Tempora allowed the agency to set up internet buffers so it could not simply watch the data live but also store it – for three days in the case of content and 30 days for metadata.

“Internet buffers represent an exciting opportunity to get direct access to enormous amounts of GCHQ’s special source data,” one document explained.

The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to “selectors” – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is “content”, such as recordings of phone calls or the substance of email messages. The rest is metadata.

The GCHQ documents that the Guardian has seen illustrate a constant effort to build up storage capacity at the stations at Cheltenham, Bude and at one overseas location, as well a search for ways to maintain the agency’s comparative advantage as the world’s leading communications companies increasingly route their cables through Asia to cut costs. Meanwhile, technical work is ongoing to expand GCHQ’s capacity to ingest data from new super cables carrying data at 100 gigabits a second. As one training slide told new users: “You are in an enviable position – have fun and make the most of it.”

Published in The Guardian.

Papers for the arrest of Edward Snowden for spying have been filed in the US. They are now trying to extradite him from Hong Kong.

In the NSA we trust: The trouble with faith in an omniscient state

June 17, 2013

Too many Americans think of their nation as inherently Christian and worthy of absolute trust, but the state is not benign

NSA surveillance

NSA surveillance

It’s nothing new, this fear that there is someone out there watching my every move, knowing my inmost thoughts. It used to be a fear of God. Now it’s a fear of Google, the NSA and GCHQ. In other words, we have invented a secular form of omniscience. For the sake of argument let us bracket out the question of whether this God actually exists. For present purposes, I am interested in how human beings have historically reacted to the prospect of there being some powerful agent/agency who knows everything about us. Thousands of years ago, the psalmist had it thus:

“O Lord, you have searched me and known me. You know when I sit down and when I rise up; you discern my thoughts from far away. You search out my path and my lying down, and are acquainted with all my ways. Even before a word is on my tongue, O Lord, you know it completely. You hem me in, behind and before, and lay your hand upon me. Such knowledge is too wonderful for me; it is so high that I cannot attain it. Where can I go from your spirit? Or where can I flee from your presence? If I ascend to heaven, you are there; if I make my bed in Sheol, you are there.” (Psalm 139 vv. 1-8)

But, the psalmist concludes, if we having nothing to hide, why worry? “Search me, O God, and know my heart; test me and know my thoughts. See if there is any wicked way in me, and lead me in the way everlasting.” This is not dissimilar to Barack Obama’s line that in the trade-off between security and privacy, we ought to trust the listening spooks not to misuse information they gather about us, that they are working in our best interests. But, whatever one thinks of (let’s call it) the God idea, the big difference between God almighty and the secular almighty, is that the former is supposed to be benign, indeed the very epitome of love itself, whereas I don’t think it entirely uncontroversial to say that the NSA is not.

The problem is, however, that too many Americans think of their nation as inherently Christian, as set apart by God. For all their supposed separation of church and state, and for all their supposed suspicion of big government, in the end a significant proportion of Americans believe in America in the same way that they believe in God. They over-identify the Christian “we” with the American “we” – as Stanley Hauerwas puts it. In 1956, the USA replaced its unofficial motto, E pluribus unum (Out of the many, one), with an official motto, “In God we Trust”.

Thus the state not so subtly claims for itself the same level of trust that Christians have in the almighty – thereby answering the initial fear that the psalmist has about absolute surveillance with the reassurance that the powers that be are benign and have our ultimate interests at heart. Nothing could be more dangerous than this, that the state deserves absolute trust. Which is why it is worth stating and restating the theologically obvious: the NSA is not God – however much it might aspire to the absolute power of omniscience.

— Giles Fraser

Published in The Guardian.

We may trust God to watch over us. We should never trust the state.

GCHQ intercepted foreign politicians’ communications at G20 summits

June 17, 2013

Exclusive: phones were monitored and fake internet cafes set up to gather information from allies in London in 2009

Documents uncovered by the NSA whistleblower, Edward Snowden, reveal surveillance of G20 delegates' emails and BlackBerrys

Documents uncovered by the NSA whistleblower, Edward Snowden, reveal surveillance of G20 delegates’ emails and BlackBerrys

Foreign politicians and officials who took part in two G20 summit meetings in London in 2009 had their computers monitored and their phone calls intercepted on the instructions of their British government hosts, according to documents seen by the Guardian. Some delegates were tricked into using internet cafes which had been set up by British intelligence agencies to read their email traffic.

The revelation comes as Britain prepares to host another summit on Monday – for the G8 nations, all of whom attended the 2009 meetings which were the object of the systematic spying. It is likely to lead to some tension among visiting delegates who will want the prime minister to explain whether they were targets in 2009 and whether the exercise is to be repeated this week.

The disclosure raises new questions about the boundaries of surveillance by GCHQ and its American sister organisation, the National Security Agency, whose access to phone records and internet data has been defended as necessary in the fight against terrorism and serious crime. The G20 spying appears to have been organised for the more mundane purpose of securing an advantage in meetings. Named targets include long-standing allies such as South Africa and Turkey.

There have often been rumours of this kind of espionage at international conferences, but it is highly unusual for hard evidence to confirm it and spell out the detail. The evidence is contained in documents – classified as top secret – which were uncovered by the NSA whistleblower Edward Snowden and seen by the Guardian. They reveal that during G20 meetings in April and September 2009 GCHQ used what one document calls “ground-breaking intelligence capabilities” to intercept the communications of visiting delegations.

This included:

• Setting up internet cafes where they used an email interception programme and key-logging software to spy on delegates’ use of computers;

• Penetrating the security on delegates’ BlackBerrys to monitor their email messages and phone calls;

• Supplying 45 analysts with a live round-the-clock summary of who was phoning who at the summit;

• Targeting the Turkish finance minister and possibly 15 others in his party;

• Receiving reports from an NSA attempt to eavesdrop on the Russian leader, Dmitry Medvedev, as his phone calls passed through satellite links to Moscow.

The documents suggest that the operation was sanctioned in principle at a senior level in the government of the then prime minister, Gordon Brown, and that intelligence, including briefings for visiting delegates, was passed to British ministers.

A briefing paper dated 20 January 2009 records advice given by GCHQ officials to their director, Sir Iain Lobban, who was planning to meet the then foreign secretary, David Miliband. The officials summarised Brown’s aims for the meeting of G20 heads of state due to begin on 2 April, which was attempting to deal with the economic aftermath of the 2008 banking crisis. The briefing paper added: “The GCHQ intent is to ensure that intelligence relevant to HMG’s desired outcomes for its presidency of the G20 reaches customers at the right time and in a form which allows them to make full use of it.” Two documents explicitly refer to the intelligence product being passed to “ministers”.

One of the GCHQ documents

One of the GCHQ documents

According to the material seen by the Guardian, GCHQ generated this product by attacking both the computers and the telephones of delegates.

One document refers to a tactic which was “used a lot in recent UK conference, eg G20”. The tactic, which is identified by an internal codeword which the Guardian is not revealing, is defined in an internal glossary as “active collection against an email account that acquires mail messages without removing them from the remote server”. A PowerPoint slide explains that this means “reading people’s email before/as they do”.

The same document also refers to GCHQ, MI6 and others setting up internet cafes which “were able to extract key logging info, providing creds for delegates, meaning we have sustained intelligence options against them even after conference has finished”. This appears to be a reference to acquiring delegates’ online login details.

Another document summarises a sustained campaign to penetrate South African computers, recording that they gained access to the network of their foreign ministry, “investigated phone lines used by High Commission in London” and “retrieved documents including briefings for South African delegates to G20 and G8 meetings”. (South Africa is a member of the G20 group and has observer status at G8 meetings.)

Another excerpt from the GCHQ documents

Another excerpt from the GCHQ documents

A detailed report records the efforts of the NSA’s intercept specialists at Menwith Hill in North Yorkshire to target and decode encrypted phone calls from London to Moscow which were made by the Russian president, Dmitry Medvedev, and other Russian delegates.

Other documents record apparently successful efforts to penetrate the security of BlackBerry smartphones: “New converged events capabilities against BlackBerry provided advance copies of G20 briefings to ministers … Diplomatic targets from all nations have an MO of using smartphones. Exploited this use at the G20 meetings last year.”

The operation appears to have run for at least six months. One document records that in March 2009 – the month before the heads of state meeting – GCHQ was working on an official requirement to “deliver a live dynamically updating graph of telephony call records for target G20 delegates … and continuing until G20 (2 April).”

Another document records that when G20 finance ministers met in London in September, GCHQ again took advantage of the occasion to spy on delegates, identifying the Turkish finance minister, Mehmet Simsek, as a target and listing 15 other junior ministers and officials in his delegation as “possible targets”. As with the other G20 spying, there is no suggestion that Simsek and his party were involved in any kind of criminal offence. The document explicitly records a political objective – “to establish Turkey’s position on agreements from the April London summit” and their “willingness (or not) to co-operate with the rest of the G20 nations”.

The September meeting of finance ministers was also the subject of a new technique to provide a live report on any telephone call made by delegates and to display all of the activity on a graphic which was projected on to the 15-sq-metre video wall of GCHQ’s operations centre as well as on to the screens of 45 specialist analysts who were monitoring the delegates.

“For the first time, analysts had a live picture of who was talking to who that updated constantly and automatically,” according to an internal review.

A second review implies that the analysts’ findings were being relayed rapidly to British representatives in the G20 meetings, a negotiating advantage of which their allies and opposite numbers may not have been aware: “In a live situation such as this, intelligence received may be used to influence events on the ground taking place just minutes or hours later. This means that it is not sufficient to mine call records afterwards – real-time tip-off is essential.”

In the week after the September meeting, a group of analysts sent an internal message to the GCHQ section which had organised this live monitoring: “Thank you very much for getting the application ready for the G20 finance meeting last weekend … The call records activity pilot was very successful and was well received as a current indicator of delegate activity …

“It proved useful to note which nation delegation was active during the moments before, during and after the summit. All in all, a very successful weekend with the delegation telephony plot.”

Published by The Guardian.

PRISM part of a much larger government surveillance program

June 16, 2013

Companies have been handling requests from the FBI for years, under a program called US-98XN

 National Security Agency building at Fort Meade

National Security Agency building at Fort Meade

WASHINGTON (AP) — In the months and early years after 9/11, FBI agents began showing up at Microsoft Corp. more frequently than before, armed with court orders demanding information on customers.

Around the world, government spies and eavesdroppers were tracking the email and Internet addresses used by suspected terrorists. Often, those trails led to the world’s largest software company and, at the time, largest email provider.

The agents wanted email archives, account information, practically everything, and quickly. Engineers compiled the data, sometimes by hand, and delivered it to the government.

Often there was no easy way to tell if the information belonged to foreigners or Americans. So much data was changing hands that one former Microsoft employee recalls that the engineers were anxious about whether the company should cooperate.

Inside Microsoft, some called it “Hoovering” — not after the vacuum cleaner, but after J. Edgar Hoover, the first FBI director, who gathered dirt on countless Americans.

This frenetic, manual process was the forerunner to Prism, the recently revealed highly classified National Security Agency program that seizes records from Internet companies. As laws changed and technology improved, the government and industry moved toward a streamlined, electronic process, which required less time from the companies and provided the government data in a more standard format.

The revelation of Prism this month by the Washington Post and Guardian newspapers has touched off the latest round in a decade-long debate over what limits to impose on government eavesdropping, which the Obama administration says is essential to keep the nation safe.

But interviews with more than a dozen current and former government and technology officials and outside experts show that, while Prism has attracted the recent attention, the program actually is a relatively small part of a much more expansive and intrusive eavesdropping effort.

Americans who disapprove of the government reading their emails have more to worry about from a different and larger NSA effort that snatches data as it passes through the fiber optic cables that make up the Internet’s backbone. That program, which has been known for years, copies Internet traffic as it enters and leaves the United States, then routes it to the NSA for analysis.

Whether by clever choice or coincidence, Prism appears to do what its name suggests. Like a triangular piece of glass, Prism takes large beams of data and helps the government find discrete, manageable strands of information.

The fact that it is productive is not surprising; documents show it is one of the major sources for what ends up in the president’s daily briefing. Prism makes sense of the cacophony of the Internet’s raw feed. It provides the government with names, addresses, conversation histories and entire archives of email inboxes.

Many of the people interviewed for this report insisted on anonymity because they were not authorized to publicly discuss a classified, continuing effort. But those interviews, along with public statements and the few public documents available, show there are two vital components to Prism’s success.

The first is how the government works closely with the companies that keep people perpetually connected to each other and the world. That story line has attracted the most attention so far.

The second and far murkier one is how Prism fits into a larger U.S. wiretapping program in place for years.

___

Deep in the oceans, hundreds of cables carry much of the world’s phone and Internet traffic. Since at least the early 1970s, the NSA has been tapping foreign cables. It doesn’t need permission. That’s its job.

But Internet data doesn’t care about borders. Send an email from Pakistan to Afghanistan and it might pass through a mail server in the United States, the same computer that handles messages to and from Americans. The NSA is prohibited from spying on Americans or anyone inside the United States. That’s the FBI’s job and it requires a warrant.

Despite that prohibition, shortly after the Sept. 11 attacks, President George W. Bush secretly authorized the NSA to plug into the fiber optic cables that enter and leave the United States, knowing it would give the government unprecedented, warrantless access to Americans’ private conversations.

Tapping into those cables allows the NSA access to monitor emails, telephone calls, video chats, websites, bank transactions and more. It takes powerful computers to decrypt, store and analyze all this information, but the information is all there, zipping by at the speed of light.

“You have to assume everything is being collected,” said Bruce Schneier, who has been studying and writing about cryptography and computer security for two decades.

The New York Times disclosed the existence of this effort in 2005. In 2006, former AT&T technician Mark Klein revealed that the company had allowed the NSA to install a computer at its San Francisco switching center, a spot where fiber optic cables enter the U.S.

What followed was the most significant debate over domestic surveillance since the 1975 Church Committee, a special Senate committee led by Sen. Frank Church, D-Idaho, reined in the CIA and FBI for spying on Americans.

Unlike the recent debate over Prism, however, there were no visual aids, no easy-to-follow charts explaining that the government was sweeping up millions of emails and listening to phone calls of people accused of no wrongdoing.

The Bush administration called it the “Terrorist Surveillance Program” and said it was keeping the United States safe.

“This program has produced intelligence for us that has been very valuable in the global war on terror, both in terms of saving lives and breaking up plots directed at the United States,” Vice President Dick Cheney said at the time.

The government has said it minimizes all conversations and emails involving Americans. Exactly what that means remains classified. But former U.S. officials familiar with the process say it allows the government to keep the information as long as it is labeled as belonging to an American and stored in a special, restricted part of a computer.

That means Americans’ personal emails can live in government computers, but analysts can’t access, read or listen to them unless the emails become relevant to a national security investigation.

The government doesn’t automatically delete the data, officials said, because an email or phone conversation that seems innocuous today might be significant a year from now.

What’s unclear to the public is how long the government keeps the data. That is significant because the U.S. someday will have a new enemy. Two decades from now, the government could have a trove of American emails and phone records it can tap to investigative whatever Congress declares a threat to national security.

The Bush administration shut down its warrantless wiretapping program in 2007 but endorsed a new law, the Protect America Act, which allowed the wiretapping to continue with changes: The NSA generally would have to explain its techniques and targets to a secret court in Washington, but individual warrants would not be required.

Congress approved it, with Sen. Barack Obama, D-Ill., in the midst of a campaign for president, voting against it.

“This administration also puts forward a false choice between the liberties we cherish and the security we provide,” Obama said in a speech two days before that vote. “I will provide our intelligence and law enforcement agencies with the tools they need to track and take out the terrorists without undermining our Constitution and our freedom.”

___

When the Protect America Act made warrantless wiretapping legal, lawyers and executives at major technology companies knew what was about to happen.

One expert in national security law, who is directly familiar with how Internet companies dealt with the government during that period, recalls conversations in which technology officials worried aloud that the government would trample on Americans’ constitutional right against unlawful searches, and that the companies would be called on to help.

The logistics were about to get daunting, too.

For years, the companies had been handling requests from the FBI. Now Congress had given the NSA the authority to take information without warrants. Though the companies didn’t know it, the passage of the Protect America Act gave birth to a top-secret NSA program, officially called US-98XN.

It was known as Prism. Though many details are still unknown, it worked like this:

Every year, the attorney general and the director of national intelligence spell out in a classified document how the government plans to gather intelligence on foreigners overseas.

By law, the certification can be broad. The government isn’t required to identify specific targets or places.

A federal judge, in a secret order, approves the plan.

With that, the government can issue “directives” to Internet companies to turn over information.

While the court provides the government with broad authority to seize records, the directives themselves typically are specific, said one former associate general counsel at a major Internet company. They identify a specific target or groups of targets. Other company officials recall similar experiences.

All adamantly denied turning over the kind of broad swaths of data that many people believed when the Prism documents were first released.

“We only ever comply with orders for requests about specific accounts or identifiers,” Microsoft said in a statement.

Facebook said it received between 9,000 and 10,000 demands requests for data from all government agencies in the second half of last year. The social media company said fewer than 19,000 users were targeted.

How many of those were related to national security is unclear, and likely classified. The numbers suggest each request typically related to one or two people, not a vast range of users.

Tech company officials were unaware there was a program named Prism. Even former law enforcement and counterterrorism officials who were on the job when the program went live and were aware of its capabilities said this past week that they didn’t know what it was called.

What the NSA called Prism, the companies knew as a streamlined system that automated and simplified the “Hoovering” from years earlier, the former assistant general counsel said. The companies, he said, wanted to reduce their workload. The government wanted the data in a structured, consistent format that was easy to search.

Any company in the communications business can expect a visit, said Mike Janke, CEO of Silent Circle, a company that advertises software for secure, encrypted conversations. The government is eager to find easy ways around security.

“They do this every two to three years,” said Janke, who said government agents have approached his company but left empty-handed because his computer servers store little information. “They ask for the moon.”

That often creates tension between the government and a technology industry with a reputation for having a civil libertarian bent. Companies occasionally argue to limit what the government takes. Yahoo even went to court and lost in a classified ruling in 2008, The New York Times reported Friday.

“The notion that Yahoo gives any federal agency vast or unfettered access to our users’ records is categorically false,” Ron Bell, the company’s general counsel, said recently.

Under Prism, the delivery process varied by company.

Google, for instance, says it makes secure file transfers. Others use contractors or have set up stand-alone systems. Some have set up user interfaces making it easier for the government, according to a security expert familiar with the process.

Every company involved denied the most sensational assertion in the Prism documents: that the NSA pulled data “directly from the servers” of Microsoft, Yahoo, Google, Facebook, AOL and more.

Technology experts and a former government official say that phrasing, taken from a PowerPoint slide describing the program, was likely meant to differentiate Prism’s neatly organized, company-provided data from the unstructured information snatched out of the Internet’s major pipelines.

In slide made public by the newspapers, NSA analysts were encouraged to use data coming from both Prism and from the fiber-optic cables.

Prism, as its name suggests, helps narrow and focus the stream. If eavesdroppers spot a suspicious email among the torrent of data pouring into the United States, analysts can use information from Internet companies to pinpoint the user.

With Prism, the government gets a user’s entire email inbox. Every email, including contacts with American citizens, becomes government property.

Once the NSA has an inbox, it can search its huge archives for information about everyone with whom the target communicated. All those people can be investigated, too.

That’s one example of how emails belonging to Americans can become swept up in the hunt.

In that way, Prism helps justify specific, potentially personal searches. But it’s the broader operation on the Internet fiber optics cables that actually captures the data, experts agree.

“I’m much more frightened and concerned about real-time monitoring on the Internet backbone,” said Wolf Ruzicka, CEO of EastBanc Technologies, a Washington software company. “I cannot think of anything, outside of a face-to-face conversation, that they could not have access to.”

One unanswered question, according to a former technology executive at one of the companies involved, is whether the government can use the data from Prism to work backward.

For example, not every company archives instant message conversations, chat room exchanges or videoconferences. But if Prism provided general details, known as metadata, about when a user began chatting, could the government “rewind” its copy of the global Internet stream, find the conversation and replay it in full?

That would take enormous computing, storage and code-breaking power. It’s possible the NSA could use supercomputers to decrypt some transmissions, but it’s unlikely it would have the ability to do that in volume. In other words, it would help to know what messages to zero in on.

Whether the government has that power and whether it uses Prism this way remains a closely guarded secret.

___

A few months after Obama took office in 2009, the surveillance debate reignited in Congress because the NSA had crossed the line. Eavesdroppers, it turned out, had been using their warrantless wiretap authority to intercept far more emails and phone calls of Americans than they were supposed to.

Obama, no longer opposed to the wiretapping, made unspecified changes to the process. The government said the problems were fixed.

“I came in with a healthy skepticism about these programs,” Obama explained recently. “My team evaluated them. We scrubbed them thoroughly. We actually expanded some of the oversight, increased some of the safeguards.”

Years after decrying Bush for it, Obama said Americans did have to make tough choices in the name of safety.

“You can’t have 100 percent security and also then have 100 percent privacy and zero inconvenience,” the president said.

Obama’s administration, echoing his predecessor’s, credited the surveillance with disrupting several terrorist attacks. Leading figures from the Bush administration who endured criticism during Obama’s candidacy have applauded the president for keeping the surveillance intact.

Jason Weinstein, who recently left the Justice Department as head of its cybercrime and intellectual property section, said it’s no surprise Obama continued the eavesdropping.

“You can’t expect a president to not use a legal tool that Congress has given him to protect the country,” he said. “So, Congress has given him the tool. The president’s using it. And the courts are saying ‘The way you’re using it is OK.’ That’s checks and balances at work.”

Schneier, the author and security expert, said it doesn’t really matter how Prism works, technically. Just assume the government collects everything, he said.

He said it doesn’t matter what the government and the companies say, either. It’s spycraft, after all.

“Everyone is playing word games,” he said. “No one is telling the truth.”

___

Associated Press writers Eileen Sullivan, Peter Svensonn, Adam Goldman, Michael Liedtke and Monika Mathur contributed to this report.

Associated Press report published by Salon.

Leaks Are Vital For Democracy and the NSA Revelations Are the Quintessential Example Why

June 14, 2013

When looking back at the past decade, it’s hard to think of a constitutional scandal that wasn’t first brought to the public’s attention by a leak to the press. Bush’s NSA warrantless wiretapping program, black site prisons, torture, CIA drone strikes, and offensive cyberattacks are just some of the examples.

Leaks, while controversial, remain vital to democracy when the government shuts off traditional avenues of transparency and accountability. And there has never been a better example of this than the recent revelations by NSA whistleblower Edward Snowden.

Unfortunately, many lawmakers have spent the last week criticizing Snowden’s actions rather than scrutinizing the programs he’s exposed and the system that led him to do what he did. In the past five years, the government has systematically cut off congressional oversight, Freedom of Information Act requests, and the federal courts as avenues to hold the NSA accountable. Similarly, whistleblower protection laws have provided no protection those like Snowden who might wish to bring abuses to light.

In Congress, the intelligence committees have teamed up with the Obama administration and rejected even modest transparency and oversight amendments to both the Patriot Act and FISA Amendments Act in the last two years, despite ample evidence of abuse.

In federal courts, the Justice Department has used a variety of procedural moves to prevent judges from ruling on whether the NSA warrantless wiretapping program is constitutional – including ‘standing,’ ‘sovereign immunity,’ and the pernicious ‘state secrets’ privilege.

Freedom of Information Act lawsuits about the secret Patriot Act interpretations (exposed by the Verizon court order) and secret FISA court decisions have been met with absurd and Kafkaesque arguments to prevent even the administration’s interpretation of a public law from being made public.

And importantly, Congress recently passed the Whistleblower Protection Act and purposely excluded government contractors like Snowden (of which there are more than a million). So if he went through official channels he would have been provided no protection, unlike what some misguided commentators have suggested. Snowden would’ve been stifled, fired, or worse.

These efforts, taken altogether, have meant these programs have stayed largely secret and out of the public eye for the last five years. But look at what has happened in just one last week since journalists Glenn Greenwald, Laura Poitras, and others, started publishing stories based on information given to them by Snowden:

–Senators confirmed the leaked Verizon FISA order is real, orders like it are “routine,” and that the NSA has been collected all American phone records for seven years —information the administration has fought to keep secret for since 2010.

–President Obama suddenly called for debate over the surveillance program, despite trying to cut off debate on the subject for years.

–Dozens of Congressmen said they did not know the full scope of the NSA’s domestic surveillance, despite the administration’s public claims that every member of Congress has been read in.

–In response to PRISM leak, DNI Clapper declassified portions of the program and explains how it relates to broad collection of data under section 702 of the FISA Amendments Act—which they’ve avoided for years.

–Both Google and Facebook publicly demanded that the government allow them to tell the public how many users are affected by secret FISA orders—something they should have done years ago.

–ACLU filed a lawsuit alleging the government collection of all American phone records under PATRIOT Act is unconstitutional, after having their prior suit over the FISA Amendments Act dismissed just moths ago for lack of evidence.

–Possible Congressional hearings about whether Director of National Intelligence James Clapper lied to Congress when he definitively told Congress the NSA was not gathering data on millions of Americans.

— A group of eight Senators introduced a law requiring the FISA court declassifying some of its secret interpretations of law.

–Key lawmakers signaled their wish review the scope of the PATRIOT Act, including its author, despite renewing key sections with no oversight only two years ago.

–Many lawmakers plan to introduce a variety of legislation, and many groups plan to file lawsuits, regarding NSA spying in the coming days and weeks.

Now, those who wish to use the new revelations to instill permanent structural changes have a long way to go before the government gets there. And it’s possible the American people will simply choose to continue these programs, despite their Orwellian undertones. But the fact that this debate is finally happening, and that the Americans will—for the first time—be informed about what the government is doing in their name, cannot be understated.

Without Edward Snowden, none of this would be possible.

— Trevor Timm

Published by Freedom of the Press Foundation.

Sales of Nineteen Eighty-Four soar

June 13, 2013

One of the consequences of the expose by Edward Snowden of the NSA PRISM mass surveillance programme is that sales of Nineteen Eighty-Four by George Orwell have soared.

What we have seen is Big Brother writ large.

Published in 1949, Nineteen Eighty-Four is a chilling account of the future, where everything we do is monitored by Big Brother. Nothing we do escapes the attention of Big Brother, and if we err and incur the displeasure, we will be exposed and destroyed.

Revelation of PRISM has caused a huge backlash in the US, but this is nothing compared with the outrage across Europe.

There has also been some brutal attacks, calling Edward Snowden a traitor and worse. One rabid politician practically foaming at the mouth has called for all journalists associated with Edward Snowden to be prosecuted.

But these are the exceptions.

There are calls for hearings, investigations, for James Clapper National Director Intelligence to be prosecuted, questions are being asked how did PRISM come about.

DNI James Clapper appears to have lied to Congress in previous testimony, hence the calls for him to be prosecuted, and if he lied about PRISM, what else did he lie about?

Back at an open Congressional hearing on 12 March, Sen Ron Wyden (D-Ore.) asked Clapper, “Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?” Clapper replied, “No sir … not wittingly.” As we all now know, he was lying.

Nor was this a spontaneous lie or a lie he regretted making. Sen Ron Wyden revealed in a recent statement that he’d given Clapper advance notice that he would ask the question and that, after the hearing, he offered Clapper a chance to revise his answer. Clapper didn’t take the offer.

Speaking once PRISM was exposed, James Clapper comes across as a bumbling buffoon, a complete moron. How did this idiot ever get appointed as Director of National Intelligence?

One of the biggest lies peddled by Clapper is that mass surveillance deals with terrorism.

One of the least threats facing us is terrorism, but it is used a bogey man to clamp down on civil liberties, to infiltrate and disrupt democratic challenges to the status quo. We deal with terrorism, by addressing the causes. We track down terrorists, use good old fashioned police work. Maybe US should look to its drone attacks.

Edward Snowden: US government has been hacking Hong Kong and China for years

June 12, 2013

Former CIA operative makes more explosive claims and says Washington is ‘bullying’ Hong Kong to extradite him

Edward Snowden in Hong Kong

Edward Snowden in Hong Kong

US whistle-blower Edward Snowden yesterday emerged from hiding in Hong Kong and revealed to the South China Morning Post that he will stay in the city to fight likely attempts by his government to have him extradited for leaking state secrets.

In an exclusive interview carried out from a secret location in the city, the former Central Intelligence Agency analyst also made explosive claims that the US government had been hacking into computers in Hong Kong and on the mainland for years.

At Snowden’s request we cannot divulge details about how the interview was conducted.

A week since revelations that the US has been secretly collecting phone and online data of its citizens, he said he will stay in the city “until I am asked to leave”, adding: “I have had many opportunities to flee HK, but I would rather stay and fight the US government in the courts, because I have faith in HK’s rule of law.”

In a frank hour-long interview, the 29-year-old, who US authorities have confirmed is now the subject of a criminal case, said he was neither a hero nor a traitor and that:

He is in constant fear for his own safety and that of his family.

Snowden has been in Hong Kong since May 20 when he fled his home in Hawaii to take refuge here, a move which has been questioned by many who believe the city cannot protect him.

“People who think I made a mistake in picking HK as a location misunderstand my intentions. I am not here to hide from justice, I am here to reveal criminality,” he said.

Snowden said that according to unverified documents seen by the Post, the NSA had been hacking computers in Hong Kong and on the mainland since 2009. None of the documents revealed any information about Chinese military systems, he said.

One of the targets in the SAR, according to Snowden, was Chinese University and public officials, businesses and students in the city. The documents also point to hacking activity by the NSA against mainland targets.

Snowden believed there had been more than 61,000 NSA hacking operations globally, with hundreds of targets in Hong Kong and on the mainland.

“We hack network backbones – like huge internet routers, basically – that give us access to the communications of hundreds of thousands of computers without having to hack every single one,” he said.

Target: The Chinese University of Hong Kong

Target: The Chinese University of Hong Kong

“Last week the American government happily operated in the shadows with no respect for the consent of the governed, but no longer. Every level of society is demanding accountability and oversight.”

Snowden said he was releasing the information to demonstrate “the hypocrisy of the US government when it claims that it does not target civilian infrastructure, unlike its adversaries”.

“Not only does it do so, but it is so afraid of this being known that it is willing to use any means, such as diplomatic intimidation, to prevent this information from becoming public.”

Since the shocking revelations a week ago, Snowden has been vilified as a defector but also hailed by supporters such as WikiLeaks’ Julian Assange.

“I’m neither traitor nor hero. I’m an American,” he said, adding that he was proud to be an American. “I believe in freedom of expression. I acted in good faith but it is only right that the public form its own opinion.”

Snowden said he had not contacted his family and feared for their safety as well as his own.

“I will never feel safe.

“Things are very difficult for me in all terms, but speaking truth to power is never without risk,” he said. “It has been difficult, but I have been glad to see the global public speak out against these sorts of systemic violations of privacy.

“All I can do is rely on my training and hope that world governments will refuse to be bullied by the United States into persecuting people seeking political refuge.”

Asked if he had been offered asylum by the Russian government, he said: “My only comment is that I am glad there are governments that refuse to be intimidated by great power”.

The interview comes on the same day NSA chief General Keith Alexander appeared before Congress to defend his agency over the leaks. It was his first appearance since the explosive revelations were made last week. Alexander’s prepared remarks did not specifically address revelations about the Prism program.

Snowden’s revelations threaten to test new attempts to build US-Sino bridges after a weekend summit in California between the nations’ presidents, Barack Obama and Xi Jinping.

If true, Snowden’s allegations lend credence to China’s longstanding position that it is as much a victim of hacking as a perpetrator, after Obama pressed Xi to rein in cyber-espionage by the Chinese military.

Tens of thousands of Snowden’s supporters have signed a petition calling for his pardon in the United States while many have donated money to a fund to help him.

“I’m very grateful for the support of the public,” he said. “But I ask that they act in their interest – save their money for letters to the government that breaks the law and claims it noble.

“The reality is that I have acted at great personal risk to help the public of the world, regardless of whether that public is American, European, or Asian.”

The US consulate in Hong Kong could not be contacted yesterday on a public holiday.

Published in the South China Morning Post.

A crackpot US politician has called for the prosecution of Glenn Greenwald, the journalist who broke the story. Clearly the US Constitution guaranteeing Freedom of the Press counts for nothing with a lying rabid Republican foaming at the mouth.

Edward Snowden has taken huge risks to expose the NSA PRISM mass surveillance programme. The world owes this courageous whistleblower a huge debt of gratitude. Please show your solidarity with Edward Snowden by signing the Avaaz petition of support.

Ai Weiwei says U.S. surveillance reminds him of China

June 12, 2013
Chinese activist Ai Weiwei

Chinese activist Ai Weiwei

Chinese activist Ai Weiwei has had his share of experience with heavy-handed treatment by the government, having been detained for 81 days by China’s secret police in 2011. Now the Beijing-based artist says another country reminds him of China: the United States.

In a column in The Guardian this morning, Ai harshly criticizes the U.S. government for the NSA’s PRISM Internet surveillance program — a program The Guardian has been at the forefront of reporting on over the past week.

“Privacy is a basic human right, one of the very core values,” Ai writes. “There is no guarantee that China, the US or any other government will not use the information falsely or wrongly. I think especially that a nation like the US, which is technically advanced, should not take advantage of its power. It encourages other nations.”

In another comparison that Americans are unlikely to appreciate, Ai adds, “In the Soviet Union before, in China today, and even in the US, officials always think what they do is necessary, and firmly believe they do what is best for the state and the people. But the lesson that people should learn from history is the need to limit state power.”

Praise for Edward Snowden, the leaker behind the PRISM story who was last seen in Hong Kong, has been widespread in China.

“This is the definition of heroism,” wrote one Chinese blogger. “Doing this proves he genuinely cares about this country and about his country’s citizens. All countries need someone like him!”

“This young fellow truly is a human rights warrior!” declared the well-known nationalist writer Wang Xiaodong. “He has now fled to Chinese territory, and must be protected. We must withstand U.S. pressure, and make a contribution to world human rights!”

Ai doesn’t mention Snowden explicitly in his column, but the Chinese dissident may very well feel the same way.

Published by WP Social Reader.

Obama v Obama

June 11, 2013

Obama debates with Obama, the merits or ills of mass surveillance.

Which Obama was right?

As the old adage says, power corrupts, absolute power corrupts absolutely.