P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 19-06-13, 08:21 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - June 22nd, '13

Since 2002


































"National security is about keeping illegal conduct concealed from the American public until you’re forced to justify it because someone ratted you out." – Joshua Dratel


"Tell your boss I owe him another friggin' beer." – NSA Director Keith Alexander






































June 22nd, 2013




New DRM Changes Text of eBooks to Catch Pirates
Ernesto

A new form of DRM developed in Germany alters words, punctuation and other text elements so that every consumer receives a unique version of an eBook. By examining these “text watermarks”, copies that end up on the Internet can be traced back to the people who bought and allegedly pirated them. The project is a collaboration between researchers, the book industry and the Government and aims to be a consumer-friendly form of DRM.

With e-readers becoming more popular year after year, book piracy is seen as a growing problem for the publishing industry.

To counter this threat, publishers are constantly looking for new forms of DRM. With financial support from the Government and backing from the publishing industry, researchers at the Darmstadt Technical University in Germany launched SiDiM, a project to find DRM innovations.

One of the solutions being worked on at the moment aims to make individual ebooks unique through so-called “text watermarks.” The researchers have developed a technology that will make small changes to book texts so each buyer gets a unique copy. If the book is later uploaded to the Internet it can be easily traced back to the source.

“The goal of the SiDiM project is to develop new protection measures for eBooks and electronic documents. Texts in digital format are particularly threatened by unauthorized copying, for example via the Internet,” SiDiM’s Dr. Martin Steinebach explains.

“A solution to this problem is to alter documents with visible and invisible marks that make a single copy distinguishable. Users are encouraged to take responsibility their their copy and it will deter illegal file-sharing, as copies can be traced using these marks,” the researcher adds.

While the general story-line will remain intact, the DRM shuffles some words around, inserts synonyms, changes the paragraph format or the punctuation. For example, the word “unsympathetic” could be changed to “not sympathetic,” and so forth.

The researchers see this as a ‘consumer-friendly’ form of DRM as it doesn’t lock the book to an account or prevent copying between devices.

Whether readers will be equally enthusiastic remains to be seen. Since the process is completely automated there is a risk that errors will occur. For example, sentences may no longer carry the nuances intended by the author.

To see what kind of reception the text alterations might receive, publishers and authors have been sent a list of 15 “text watermark” examples along with a request to assess the changes.

The researchers don’t explain how they intend to deal with creative pirates, who might add in their own alterations, so it’s unsure whether the system is foolproof.

While the “text watermarks” are not particularly intrusive for readers, the assumption that all consumers are potential criminals may not sit well with everyone. Additionally, most book fanatics will probably want to read the book the way the author intended.
http://torrentfreak.com/new-drm-chan...irates-130616/





Data Wiped from 630 Megaupload Servers

Megaupload did not ask for the data, hosting provider LeaseWeb said
Loek Essers

LeaseWeb, one of Europe's biggest hosting providers, has wiped 630 servers that contained Megaupload data and countered claims from the company that the file-sharing site wasn't warned.

"This is the largest data massacre in the history of the Internet," Megaupload founder Kim Dotcom said Wednesday on Twitter, where he criticized LeaseWeb for deleting the data.

LeaseWeb did not warn Megaupload that it was about to delete the servers, Dotcom claimed, adding that they were informed Wednesday that the servers were deleted on Feb. 1. He maintained that Megaupload's lawyers repeatedly asked LeaseWeb not to delete Megaupload servers while court proceedings are pending in the U.S, Dotcom said.

LeaseWeb disputes Dotcom's claims.

After Megaupload was shut down in 2012 because of allegations that it facilitated copyright infringement, 60 servers owned by the company that were stationed at LeaseWeb were seized by the police and sent to the U.S. in June, said Alex de Joode, LeaseWeb's security officer.

Another 630 servers that Megaupload leased from LeaseWeb were kept running until Megaupload stopped paying the bills, he said. LeaseWeb proceeded to shut the servers down and stored them in the cellar, De Joode said. This January, about a year after the police raid, nobody had asked for or shown interest in the data, De Joode said.

Since there were no payments made and nobody seemed interested in the data, including the police, LeaseWeb decided to reactivate the servers, De Joode said.

"We informed Megaupload about our plans to start using the servers again," said De Joode. When LeaseWeb received no reply from Megaupload it subsequently started wiping the servers, which took the company almost the whole month of February, he said.

"And three weeks ago we received a question from Megaupload's lawyer who wanted to know what happened to the data," De Joode said. But by then, the data was already gone, and it cannot be retrieved, he said.

"Probably something went wrong on Megaupload's side. But that is their problem," De Joode said.

This means that "millions of personal Megaupload files, petabytes of pictures, backups, personal & business property" are destroyed forever, Dotcom said. Adding: "Let me be crystal clear. Leaseweb has NEVER informed our legal team or anybody at Megaupload about the deletion of servers until TODAY."

By deleting the data Leaseweb has "simply ignored the rights of millions of Megaupload users", because the data belonged to them, Dotcom said.

Aldo Verbruggen, one of Megaupload's Dutch lawyers said he started contacting LeaseWeb three weeks ago. "And today we were informed that the servers were wiped," he said.

It is too early to tell if there will be any legal procedures concerning the wiped data, he said.
http://www.techworld.com.au/article/.../?fp=16&fpid=1





Pirate Bay Founder Sentenced to 2 Years in Sweden Hacking Case
Veronica Ek

A co-founder of file-sharing website Pirate Bay was sentenced to two years in jail on Thursday for hacking into computers at a company that manages data for Swedish authorities and making illegal online money transfers, a court said.

Gottfrid Svartholm Warg was extradited to Sweden last year from Cambodia to begin a one-year jail sentence after being convicted in 2009 of internet piracy. He was then charged by authorities as part of the separate hacking investigation.

"The hacking has been very extensive and technically advanced," the Nacka district court said in a statement. "The attacker has affected very sensitive systems."

He had denied the charges.

Prosecution documents say Warg, a 28-year-old Swede, managed to transfer 24,200 Danish crowns ($4,300) online, but also attempted, in several different transactions, to transfer a total of around 683,000 euros ($915,500).

The investigation was into data infringement involving outsourcing firm Logica.

Swedish authorities have said the hackers gained access to information on several people with protected identities.

In the 2009 trial, a court in Sweden - where The Pirate Bay was founded in 2003 - fined and sentenced to jail Warg and two co-founders then behind the site for breaching copyright in a case brought by firms including Sony Universal Music and EMI.

Swedish prosecutors in May launched a new attempt to close down Pirate Bay, which provides links to music and movie files stored on other users' computers.

The site is now run by an unknown group and uses a domain name registered in Sint Maarten, a Dutch territory in the Caribbean.

($1 = 5.5648 Danish crowns) ($1 = 0.7461 euros)

(Editing by Alistair Scrutton and Patrick Lannin)
http://www.reuters.com/article/2013/...95J09120130620





'My Mind's Not Confined': Julian Assange

One year after taking refuge in Ecuador’s London embassy, the WikiLeaks founder tells AFP’s Katy Lee that he still works every day and that NSA whistleblower Edward Snowden should be celebrated as a “hero”.

When AFP met WikiLeaks founder Julian Assange he was wearing a jacket and tie, but no shoes. If you have not stepped outside Ecuador's London embassy for a year, shoes are largely pointless.

In an interview to mark this strange anniversary, the man behind the whistleblowing website that unleashed the wrath of Washington insisted diplomats have the potential to end the deadlock that has left him trapped.

Like something out of a spy novel, Assange, a 41-year-old former computer hacker from Australia, walked into the embassy on June 19th 2012 and claimed asylum in a sensational bid to avoid extradition to Sweden for questioning over alleged sex crimes.

Ecuador granted his request, accepting his fears that if sent to Sweden he might be passed on to the United States and prosecuted for publishing thousands of classified war logs from Iraq and Afghanistan and a cache of diplomatic cables.

But Britain has refused to grant him safe passage to Ecuador. For a year, police have maintained a 24-hour guard at the doors of the embassy - a modest apartment around the corner from the Harrods department store - and are poised to arrest him if he tries to leave.

The last year, Assange says, has been like living on a space station. He has used a sun lamp to make up for the lack of natural light, and exercises on a treadmill.

He has also been getting on with the business of being a thorn in Washington's side.

"You ask how I deal with the difficulties of being confined. Well actually, my mind is not confined," he said, leaning back in a chair in the embassy's tastefully decorated front room.

"The physical circumstances are difficult. However, I'm working every day."

He spoke as shockwaves reverberated around the world over the biggest US leak since WikiLeaks published the war logs and diplomatic cables in 2010: the exposure of spy agencies' massive electronic surveillance programmes.

Edward Snowden, an ex-CIA employee who says from exile in Hong Kong that his conscience drove him to reveal the scale of the government's spying on the public, faces a criminal probe - and Assange fears he will be treated as harshly as WikiLeaks' leaker Bradley Manning.

"Mr Snowden is as good an example of a hero as any. He has performed an extremely courageous act," said Assange, hailing him for exposing America's "creeping mass surveillance state".

"What we don't want to see is him ending up the same way as Bradley Manning - detained without trial, abused in prison and now facing life imprisonment."

Manning, a 25-year-old US soldier, is being court-martialed for passing the war logs and cables to WikiLeaks, with prosecutors arguing that leaking classified information is equivalent to helping Al-Qaeda.

Aiding the enemy can carry the death sentence, though prosecutors are not seeking it in Manning's case.

"They're trying to erect a precedent that speaking to the media is the communicating with the enemy - a death penalty offence," said Assange.

"What's at stake in this trial is the future of press in the United States and in the rest of the world."

The name of the silver-haired WikiLeaks founder has come up frequently during the court-martial, which began on June 3rd. He claims there is a sealed US indictment against him, and that his conviction is a "99-percent chance" certainty if he ever ends up on US territory.

Assange's critics accuse him of hiding from justice over the sex allegations - which he denies - saying his fears of being passed from Sweden to the US are unfounded.

Entering the embassy was the final twist in a long legal battle over the allegations. But Assange claims Britain and Ecuador can reach a deal that will see him leave "within a year".

"I think the position in the UK is softening. Of course, it will never publicly humiliate the United States by offering me safe passage in a manner that doesn't seem to be forced," he said.

"But there's lots of ways of saving the pride of Sweden, Australia, the UK and the United States," he added, without specifying them.

He insists Britain is breaking international law by refusing to let him travel to Ecuador as a refugee, but admitted it was difficult to imagine a scenario in which he could leave without being handcuffed.

Will there eventually come a day when he just gives up and walks outside?

"When I've had enough? I don't know. It's hard to say. At the moment we're doing such good work," he said.

Although its recent scoops have been much lower-profile than the cables and war logs, it continues to publish leaks from around the world, including millions of Syrian politicians' emails and US files on Guantanamo Bay.

Where will he be this time next year? "Hopefully Australia, Ecuador, travelling the world," Assange said.
http://www.thelocal.se/48518/20130616/





Microsoft Xbox: The Damage Has Been Done

However, the company's about-face on policies users found unbearable will help.
John Gaudiosi

Anyone who questions the power of the crowd need only talk to Microsoft.

In a stunning reversal, the technology giant made an abrupt about-face on some of the controversial features of its upcoming Xbox One console. The company scrapped requirements that would have prevented users from playing offline games and made it difficult to sell used games in response to fierce online criticism. Don Mattrick, president of Microsoft's (MSFT) entertainment unit, made the announcement in a June 19 post on Xbox.com addressed to gamers: "You told us how much you loved the flexibility you have today with games delivered on disc. The ability to lend, share, and resell these games at your discretion is of incredible importance to you. Also important to you is the freedom to play offline, for any length of time, anywhere in the world."

Michael Pachter, video game analyst at Wedbush Securities, said he not only thinks it's the right thing to do, but Microsoft is timing it well. "Microsoft was wounded by the reaction to its E3 press conference, and I think they genuinely want to do the right thing," said Pachter. "The 'always connected' requirement arose from their desire to provide instant access to games, rapid switching between games, TV, Skype, and Internet browsing, etc. However, to accomplish that, they required games to be written to the hard drive, which prompted a need to ensure that the same game wasn't copied multiple times to different Xbox Ones, hence the onerous DRM."

Pachter believes Microsoft will sell 3 million Xbox Ones by the end of this year worldwide and another 11 million consoles next year. He gives Sony (SNE) an edge in the next-gen battle with 3 million PlayStation 4s sold this year globally and 13 million next year. Short supply and the global markets will limit sales this November when the next-gen devices launch. While gamers spoke with their voices, they also voted with their wallets. Some sources point to PS4 outselling Xbox One by a rate of two to one on Amazon (AMZN) coming out of E3 last week.

P.J. McNealy, video game analyst for Digital World Research, believes Microsoft deserves credit for responding so quickly, but this also raises the question about what has happened with pre-orders. "Pre-order numbers couldn't have been pretty," said McNealy. "And this is the most important launch in the past 10 years for Microsoft."

Jeremy Miller, video game analyst for DFC Intelligence, said that while on the surface this reversal should help Microsoft regain at least some positive sentiment from consumers, it won't completely shift the perceived balance of power from PS4 to Xbox One. One reason is because Microsoft is still selling its console for $500, while Sony's device costs $400. "Microsoft, and Sony for that matter, have more complicated stories to tell this time around about features and value propositions as compared to the Xbox 360/PlayStation 3 launches," said Miller. "Buying a new console can be a big financial and emotional commitment. Building confidence and trust in what your product will deliver is more important than ever. Microsoft's job now is to lock in the product plan and get the message out there in a consistent, clear way."

This move is good news for game rental companies like Gamefly and RedBox, which will be able to offer next-gen games alongside current PS3, Xbox 360, Wii, and Wii U titles. It's also a win for the used games market, which accounted for over $1 billion last year for top game specialty retailer GameStop (GME). In a statement, GameStop said, "This is great news for gamers, and we applaud Microsoft for understanding consumers and the importance of the pre-owned market."

Veteran game developer Lorne Lanning, founder of Oddworld Inhabitants and creator of the PS4 game, Oddworld: Abe's Oddysee New N Tasty, said today's gamers view their game purchases as a commodity that they can use to offset the $60 price point of today's software. "It's a marketplace for individuals to trade their stockpile of games for newer titles," said Lanning. "Not listening to that audience today and trying to halt that ownership gamers feel for their games is damaging to one's own brand."

The damage has been done for Microsoft. Now it's trying to rebuild its relationship with the core gamers who are vital to the industry, even as the gaming demographic broadens with mobile and free-to-play games. Independent video game analyst Billy Pidgeon believes strong negative feedback from the gamer community directed toward Microsoft's statements regarding software authentication on Xbox One would not have significantly affected launch sales of either console, but ignoring gamer criticism could have slowed sales over 2014.

"Microsoft's failure to respond to gamer sentiment at E3 opened up a competitive advantage for PS4 that Sony was able to creatively exploit," said Pidgeon. "Microsoft's response may be a little late, but making an apparent turnaround on Xbox One's DRM and used games policy will likely gain back much ground lost to gamer dissent. Still, Sony was able to gain an edge that should boost PS4 sales well into 2014."
http://tech.fortune.cnn.com/2013/06/...has-been-done/





F.T.C. Is Said to Plan Inquiry of Frivolous Patent Lawsuits
Edward Wyatt

The chairwoman of the Federal Trade Commission is expected on Thursday to recommend a sweeping investigation of “patent trolls,” companies that buy large portfolios of technology patents and use them to sue software designers and makers of products like smartphones and tablet computers, people briefed on the inquiry said.

The chairwoman, Edith Ramirez, is planning to ask the full commission to approve an inquiry that will include the issuance of subpoenas to companies that are known as patent-assertion entities, or, unflatteringly, as patent trolls. The move comes after the issuance of several executive orders by President Obama directing executive agencies to take steps to “protect innovators from frivolous litigation.”

If approved, which is likely, the F.T.C. investigation will require patent-assertion companies to answer questions about how they conduct their operations, including whether they coordinate their lawsuits with other patent holders and if they funnel proceeds from lawsuits and patent licenses back to the original patent owner.

Patent-assertion entities, also known as P.A.E.’s, typically have no operations other than collecting royalties on patents. They accounted for more than 60 percent of the roughly 4,000 patent lawsuits filed last year, up from 29 percent two years earlier.
“There are companies that are engaged in spurious lawsuits, seeking settlements that are less than the cost of litigation. But not us,” said Scott Burt, chief intellectual property officer at Mosaid Technologies, a Canadian company that is nonetheless considered one of the largest patent trolls. “We are a patent-licensing company.”

The types of lawsuits that have been filed or threatened sometimes exceed comprehension. One such suit recently threatened thousands of companies with liability for damages on charges they violated a patent by hooking up a document scanner to a computer network and sending a scanned file by e-mail to an employee.

Ms. Ramirez is expected to discuss her recommendation on Thursday at a patent law workshop sponsored by the American Antitrust Institute and the Computer & Communications Industry Association, a trade group. A spokesman for the F.T.C. declined to comment on the topic of her speech.

She previously has hinted at the idea of a broader study of patent trolls, telling an antitrust group in January: “A central empirical question, which we will continue to examine, is whether P.A.E.’s encourage invention or instead hamper innovation and competition.”

The F.T.C. is not expected to single out any individual company in the investigation.

People briefed on the plans said that the inquiry will focus on companies at both ends of the patent-troll spectrum. At one end are the small companies, essentially legal shells, which gather patents and cite them when sending demand letters to thousands of businesses claiming infringement on a patent for some activity. In 2011, a company targeted coffee shops for setting up Wi-Fi networks for customers.

At the other end are large companies like Mosaid, which has its American headquarters in Plano, Tex., and Intellectual Ventures, a Bellevue, Wash., firm that was co-founded by Nathan Myhrvold, a former chief technology officer at Microsoft. Those entities buy portfolios of intellectual property rights from technology innovators like Microsoft and Nokia and use them to generate millions of dollars in licensing payments.

The patent-troll business has grown rapidly in recent years as the Patent and Trademark Office has issued a growing number of technology patents and as ever-more-complex devices like smartphones have become big consumer items. Ms. Ramirez said recently that the components and software in a single smartphone could be subject to tens of thousands of patents.

Ms. Ramirez is expected to recommend what is known as a 6(b) study, after the authorizing section of the Federal Trade Commission Act. This type of inquiry does not always have a specific law enforcement purpose but can gather information for use by Congress, the courts or executive agencies in dealing with an issue.

But those studies can also produce information that results in an antitrust lawsuit. The breadth of the inquiries that companies have to answer usually produce more information than would otherwise be available if investigators had only subpoenaed certain documents.

Patent trolls have captured the attention of the Obama administration, which last week under executive orders of the president directed the Patent and Trademark Office and other executive branch agencies to heighten disclosure of who owns a patent and take steps to eliminate frivolous patent lawsuits.

As an independent agency, the F.T.C. is not subject to the executive orders, but it has been studying the issue for months, along with the Justice Department. The agencies conducted a joint workshop in December on the effect of patent-assertion entities on innovation and competition.

At that session, some people defended the rights of patent-assertion entities, saying they played an important role by compensating inventors who might not have the resources to enforce their patents. Likewise, start-up companies that know there is a secondary market for their patents might be willing to take more risks on new innovations.

People who have been briefed on Ms. Ramirez’s plans said it was highly likely that the full commission will vote to begin the investigation. Currently there are four instead of the usual five members, divided 2-2 between Democrats and Republicans.

The boom in patent lawsuits in the last two years has drawn calls for action by members of both parties, and the heads of independent agencies like the F.T.C. rarely bring an issue to a vote without already having secured assurances of majority support.

Congress, too, has taken an interest in the issue, with lawmakers from both parties supporting legislation to rein in patent trolls. Representative Judy Chu, a California Democrat, and Representative Blake Farenthold, a Texas Republican, wrote a letter this month urging Ms. Ramirez to use the F.T.C.’s power to police deceptive and unfair practices against patent trolls.

“Patent trolls are using a business model that seeks to extract money from end users,” they wrote, “who must make the difficult choice to settle in order to continue investing in their businesses, rather than pursue potentially frivolous litigation.”
https://www.nytimes.com/2013/06/20/b...-lawsuits.html





The White House’s Latest Copyright and Patent Plan Could Be Better than You Think

A new enforcement report could help make navigating the law easier, not just more dangerous
Adi Robertson

Earlier today, the White House laid out how it hopes to enforce rules against copyright infringement, patent trolling, and more. The Joint Strategic Plan, as it’s called, isn’t exactly a new initiative. It’s a periodic report that codifies existing ideas, urges government agencies and companies to work together, and picks up where previous measures left off. But despite years of complaints about overzealous intellectual property protection — and high-profile cases over whether things as simple as human DNA can be patented — it may be a step in the right direction.

"The White House’s Strategic Plan identifies a number of sensible measures to improve copyright enforcement that even copyright skeptics should be able to embrace," says Berin Szoka of the libertarian-leaning think tank TechFreedom. Sherwin Siy, of digital rights group Public Knowledge, also called the report "very encouraging." Both groups have frequently opposed what they see as an overreaching enforcement system, but Siy believes that the report challenges some of the draconian "received dogma" about intellectual property.

"Challenging the 'received dogma' on intellectual property"

One of the biggest questions about copyright and patent enforcement is whether the laws have remained relevant as technology changes. This year’s plan continues an ongoing review of things like patent and trade secret rules, with an emphasis on closing "loopholes" that could make it hard to identify or solve problems. It also discusses creating copyright or patent small-claims courts, which would offer quicker and cheaper resolution of cases that normally wouldn’t involve enough money to be worth filing. Various agencies have spent the last few years aggressively pursuing huge counterfeiting or piracy busts, but these courts would be meant for civil suits by artists, authors, or inventors.

Unlike the upcoming sweeping reform of the DMCA, potential legal changes aren’t meant to change how we think about intellectual property — the office producing this report is in charge of making sure the existing system works as advertised. But Siy says he’s heartened by a retreat from "monomaniacal" enforcement efforts. He points to a section of the plan dedicated to educating authors or artists about fair use, which lets people draw from an existing work without fear of copyright suits. The US Copyright Office has been tasked with creating an index of major fair use decisions, along with explanations that will make it easier for people to decide if they’re on safe legal ground.

"Private agreements are a big part of the plan, but they can be more Kafkaesque than the law itself"

"Typically government outreach on copyright issues has focused more on ‘educating’ the public about how very important copyrights are and that we should all respect others' copyrights — without necessarily showing what the limits of copyright are," says Siy. "Sending a message that is not so monomaniacally focused on prohibition is certainly a step forward." But he’s not yet convinced that the plan will actually bear fruit: "Hopefully that message about the scope and bounds of copyrights goes beyond a website hosted by the copyright office and is more present throughout outreach and education efforts here and abroad."

"Even 3D printing is being drawn into the debate"

Most of the plan is aimed at various parts of the US government — including an admonition to make sure no agency is using pirated software — but the enforcement office also hopes for companies to coordinate on best practices and agreements, in the vein of "six strikes" internet policies or YouTube’s automatic video-filtering ContentID software. This can help create a more responsive copyright system, but it also adds another set of rules to keep track of. "While companies are certainly free to enter into pretty much whatever voluntary agreements they like, these agreements can raise flags for consumers if they're not transparent, and if they create a process without quick and effective redress when they go wrong," says Siy. "A lot of the frustration with Content ID and other voluntary systems is that trying to get something put back when it's taken down improperly can sometimes be even more Kafkaesque than the DMCA process."

As the Obama administration tries to build on the present intellectual property structure, it’s also looking towards the future. In the first few pages of the report, the enforcement office lays out where it thinks the intellectual property debate will shift in the coming years. Some items, like an ongoing fight against patent trolls and theft of trade secrets from China and other countries, are already high on the administration’s priority list.

Last on the list, though, is something that has barely emerged as more than a theoretical issue: 3D-printing piracy. With the consumer printing market in its infancy, we’re not yet at a point where companies are as worried about people knocking off an Ikea table as burning a DVD, even if there have been takedown notices for 3D-printable files. But it’s a sign of how far the intellectual property debate now reaches, as well as the sheer number of tangled issues that policymakers need to sort through.
http://www.theverge.com/2013/6/20/44...-property-laws





Intel Wants to Be Your New Cable Provider

But the chipmaker could face fierce adversaries in cable and ISP providers who control bandwidth and content
Lucas Mearian

Intel this year plans to sell a set-top box and Internet-based streaming media service that will bundle TV channels for subscribers, but its plans will likely face hurdles from the 800-pound gorillas of the streaming media market.

In February, Erik Huggers, general manager of Intel Media, said at the All Things Digital media conference that the company is working on an "Internet television platform." The service will include on-demand programming, live television broadcasts and "catch-up TV," or program rebroadcasts.

Huggers compared Intel's as-yet-unnamed service to the BBC's iPlayer, which makes programs available up to seven days after the original broadcast on any mobile device.

"If you miss something, it's already there," he said. "I think in this market we've yet to see a proper catch-up television service."

Intel mimics Apple

Mike McGuire, a research vice president at Gartner, said that what Intel is planning is more akin to what Apple did with iTunes in that it doesn't expect to make a profit off the service itself -- at least not in the beginning.

Apple initially launched the online music service as a way to entice consumers to buy the company's hardware, and while it eventually became profitable, it didn't start out that way, McGuire said. Intel's service could likewise be an enticement for consumers to purchase tablets, laptops or other set-top boxes that use its processors.

"You can see the overall strategic value: Let's create a service that [system manufacturers] can create apps and links to for their products, and that will compete against these other content ecosystems that are forming with Apple, Google, etc.," McGuire said.

Jon Carvill, director of Intel corporate communications, said that while system manufacturers using Intel processors are a target market for the service, the primary product will be Intel hardware combined with its own service.

"You'll purchase the device retail or directly from us and have live linear television content ... all delivered via your current Internet connection -- we don't supply that," he said. "So you bring it home, plug it into your wall, plug in an HDMI cable, put in your Wi-Fi password and then you'll have television."

"It's hardware, software and services coming from us," Carvill added. "Our device is fully integrated. It's not an app."

Intel is not currently revealing any details on deals it may have made with television content providers. "We're very broadly engaged, [and] have made good progress," Carvill said.

Intel's set-top box will also have a camera with recognition technology similar to that used in Microsoft's Kinect box. However, unlike Kinect, Intel's box won't track motion. It's more about identifying users and bringing up preset configurations on the box, Carvill said.

"It's our belief that the TV experience can be more personal. They'll have their programs and their profiles set up, especially in homes with multiple people," he said. "And, there are ways you can watch without it as well."

Guardians at the gate

While Apple TV, Google Play and Microsoft's Streaming Media Services can be seen as competitors, cable, Satellite and ISP providers such as Comcast, Time Warner and Verizon are also likely to push back against Intel, experts said. Those cable and ISP providers have well-established, long-term contracts with content providers such as ESPN and HBO. "They could say, '[If] you do sign this deal [with Intel], you're in violation with the contract you signed with us,'" McGuire said.

One other scenario might be that cable and ISP providers simply favor their own streaming services with pricing models, or limit bandwidth based on what customers stream.

"You have the issue of access to content, but then you also have the issue of access to pipes," said John Bergmayer, senior staff attorney with Public Knowledge, a nonprofit group that works for democratic principles among communication systems.

For example, Comcast could charge more for a third-party streaming service than for its own, or it could throttle bandwidth or even place caps on it to limit how much content customer receives from streaming media services.

"If you just set the cap at a level where it would be unrealistic to use your broadband connection as a full cable replacement ..., I think that is likely how the threat could work," Bergmayer said.

The feds get involved

"A couple years ago, when the net neutrality fight was first happening, a lot of the discussion was around what Comcast was doing to BitTorrent traffic. They were just actively throttling content from particular sources," Bergmayer added.

Comcast could also offer its own IP streaming video service, and exempt its service from caps.

The Federal Communications Commission (FCC) adopted Open Internet rules to ensure that the Internet remains a level playing field, but Verizon is challenging the rules in a Washington circuit court of appeals on the basis that the U.S. government doesn't have the right to regulate broadband.

"They're also making the First Amendment argument that they have the right to block what they want to," Bergmayer said.

Carvill would not comment on any pressure coming from established streaming media services, saying only that Intel "feels good about its progress, and nothing's changed" about its launch plans.
https://www.computerworld.com/s/arti...cable_provider





Having Problems With Your Netflix? You Can Blame Verizon
Om Malik and Stacey Higginbotham

Verizon is locked in a head-butting battle with Cogent Communications, a large bandwidth provider. The cause for these issues: Netflix, one of Internet’s killer applications that has been growing its share of the network. Bad news for Verizon customers: Netflix may not work as well.

If you are trying to get Netflix and use Verizon’s broadband, then there is a good chance that your video performance is less than optimal. Some Verizon customers might even go as far as calling it a crappy Netflix experience. The reason: a behind-the-scenes power play between Verizon and Cogent Communications , one of the largest bandwidth providers. The head-butting between these two companies is over an arcane concept known as peering.

Peering is essentially an arrangement between two bandwidth providers where they send and receive traffic from each other for free. The logic is that the data sent from one network to another is reciprocated. Verizon runs one of the largest last mile networks and owns the descendants of MCI. Cogent is one of the largest bandwidth providers, and its network is spread across the globe in hundreds of cities.

Cogent and Verizon peer to each other at about ten locations and they exchange traffic through several ports. These ports typically send and receive data at speeds of around 10 gigabit per second. When the ports start to fill up (usually at 50 percent of their capacity), the internet companies add more ports. In this case, through, Verizon is allowing the ports that connect to Cogent to get crammed. ”They are allowing the peer connections to degrade,” said Dave Schaffer, chief executive officer of Cogent said in an interview. “Today some of the ports are at 100 percent capacity.”

“Think of it as the on-ramp to the freeway being log-jammed,” Shaffer said. And that means your Netflix content, especially content sent by Netflix’s content delivery network, slows down, and you get pixelated pictures and buffering.

While not naming Netflix directly, Verizon has indicated to Cogent that the reason behind its actions is that Cogent is moving traffic for a large video provider. Schaffer confirmed the Netflix is one of their largest customers. “Over the past year Netflix has become a big partner for us. This is a business model problem, not an engineering problem,” Schaffer said.

Our sources tell us that Netflix recently bought 2 Terabits of bandwidth capacity in part to get around such cramming that was happening in places where it sends traffic directly to certain internet service providers.

When we called Verizon about this story asking if Verizon was having a problem with Cogent over peering issues associated with Netflix, Verizon spokesman Bill Kula said he’d get back to us. A few minutes later he sent the following reply that didn’t answer our question:

Verizon operates one of America’s lowest-latency, highest capacity networks. The various classes of Internet speeds we offer are among the fastest in the nation. Time and again, customers rate us best in class in various reports and surveys. Our customers enjoy a consistently superior Internet experience because our networks can adapt and grow with their use.

Netflix has been growing like crazy and it now accounts for a whole lot of Internet traffic — almost one out of every 3 bits (32.3 percent) sent downstream to users in North America is Netflix traffic according to Sandvine, a company that makes traffic monitoring gear for ISPs. That’s a lot of congested ports.

Netflix’s growing popularity has made it a target of ISP (internet service providers) vitriol and anger, especially those who offer competitive services. Verizon, for instance owns 50 percent of Redbox, a video-over-the-Internet service that is competitive with Netflix. Time Warner Cable and Comcast are other large providers that has allowed degradation of the online video experience on its networks — after all the logic is that as people start to have a bad Netflix experience, they start to look for alternatives — perhaps the ISP’s own pay TV offering.

This isn’t the first application last mile network operators have tried to degrade — last year the wrath of the Baby Bells and cable companies fell on Megaupload, a file sharing company started by Kim Dotcom, Schaffer said. That too was one of the big bandwidth-hungry services popular with the end customers of the ISPs — actual consumers.
http://gigaom.com/2013/06/17/having-...blame-verizon/





DreamWorks and Netflix in Deal for New TV Programs
Brooks Barnes

DreamWorks Animation, trying to lessen its dependence on the volatile movie business by aggressively expanding into TV programming, has decided to forgo cable television in favor of Netflix.

In a multiyear deal announced early on Monday, DreamWorks Animation will supply a torrent of new episodic TV programs to the Internet streaming service. The partnership calls for 300 hours of original programming, perhaps the biggest commitment yet to bring Hollywood-caliber content to the Web first.

The new programs will be “inspired” by characters from past DreamWorks Animation franchises, which include “Shrek” and “The Croods,” and its upcoming feature films. Series will also come from Classic Media, which the studio bought last year. Classic Media’s holdings include characters like Casper the Friendly Ghost, Lassie, She-Ra and Mr. Magoo.

The agreement is the latest in the hotly competitive market for streaming content, with major services like Netflix, Hulu and Amazon vying to capture viewers who are gravitating to the Web, especially younger ones.

The first of the new DreamWorks Animation programs will appear on Netflix sometime next year. Netflix has exclusive rights to the series in all of the countries in which it operates; it has about 27 million streaming subscribers in the United States.

A DreamWorks Animation spokeswoman declined to provide more details, including financial terms. Jeffrey Katzenberg, the studio’s chief executive, plans to outline his TV strategy in a conference call on Tuesday with analysts and reporters.

DreamWorks Animation had three primary TV options: starting a cable channel of its own, perhaps in partnership with 21st Century Fox, which distributes its movies; teaming with an upstart children’s network like the Hub (or taking it over); or bypassing cable completely and going with Netflix.

Mr. Katzenberg parted ways with HBO in 2011, opting instead to distribute his films and television specials through Netflix. Mr. Katzenberg and Netflix announced this year that a new episodic series called “Turbo: F.A.S.T.” would come to the streaming service in December. (It is based on “Turbo,” a film that arrives in theaters on July 17 and features a speedy snail.)

For Netflix, the DreamWorks Animation programming will help fill a hole left by Nickelodeon. Amid a dispute over terms, Netflix declined earlier this year to renew its contract with Viacom, Nickelodeon’s corporate parent. (Viacom in turn made a deal with Amazon this month for Nickelodeon shows like “Dora the Explorer.”) New films from Disney and Pixar will move to Netflix from Starz in late 2016.

Children are avid streaming consumers, particularly overseas, and cartoons allow the company to pitch itself to parents as a commercial-free alternative to television. Animated shows are also less likely to appear on the pirated-content sites that compete with Netflix for viewers.
https://www.nytimes.com/2013/06/18/b...-programs.html





A Popular Ad Blocker Also Helps the Ad Industry

Millions of people use the tool Ghostery to block online tracking technology—few realize that it feeds data to the ad industry.
Tom Simonite

Whenever discussion starts about how to hide from the tracking code that follows users around the Web to serve them targeted ads, recommendations soon pile up for a browser add-on called Ghostery. It blocks tracking code, noticeably speeds up how quickly pages load as a result, and has roughly 19 million users. Yet few of those who advocate Ghostery as a way to escape the clutches of the online ad industry realize that the company behind it, Evidon, is in fact part of that selfsame industry.

Evidon helps companies that want to improve their use of tracking code by selling them data collected from the eight million Ghostery users that have enabled a data-sharing feature in the tool.

That makes Evidon, which bought Ghostery in 2010, something of an anomaly in the complex world of online advertising. Whether in Congress or at the Web standards body W3C, debates over online privacy typically end up with the ad industry and privacy advocates facing off along clearly demarcated lines (see “High Stakes in Internet Tracking”).

Evidon straddles both sides of that debate. “This is not a scheme,” says Scott Meyer, Evidon’s cofounder and CEO and formerly a senior figure in the New York Times Company’s online operations, when asked about that dual role. He says there is no conflict in offering a tool that helps users hide from the ad industry while also helping that same industry.

“Anything that gives people more transparency and control is good for the industry,” says Meyer, who says it’s fine with him that most Ghostery users opt not to share data with Evidon. Meyer points out that those who want to block online advertising are unlikely to respond to it, making Ghostery use good for both sides.

Evidon sells two main services based on the data it collects. One allows website operators to see which tracking code, from which companies, is active on their site and how it affects the speed with which its pages load. The other provides ad companies with figures on how common the tracking code from different companies is around the Web.

The first of those services is particularly important, says Meyer, because website operators often don’t know what tracking code is being used on their visitors. “The ecosystem of how an ad gets delivered to a webpage is incredibly complex,” he says, “and you need real user data to see if companies are doing what they said they did.”

Although website owners control which ad networks can put content on their pages, those networks often draw on code from third parties, which itself may pull in further code.

“It’s usual for the operator of a website to say, ‘These 10 companies on my site I know about and these 10 I didn’t,’ ” says Meyer. Companies also use Evidon’s data to check whether the code they want to deploy is present on every page. The majority of Evidon’s analytics customers are large retailers and brands, he says.

Not everyone sees Evidon’s business model as conflict-free, though. A major source of business for Evidon is selling data that helps ad companies ensure their compliance with AdChoices, a self-regulatory program supposed to help people opt out of targeted ads. Some experts say AdChoices is confusing to consumers, and it has been criticized by U.S. and E.U. policymakers. “Evidon has a financial incentive to encourage the program’s adoption and discourage alternatives like Do Not Track and cookie blocking as well as to maintain positive relationships with intrusive advertising companies,” says Jonathan Mayer, a Stanford grad student and privacy advocate active in efforts to thrash out a standard “Do Not Track” feature for Web browsers (see “Ad Men and Browser Geeks Collide Over Web Protocols”). Mayer hasn’t tested Ghostery recently, but says that it has previously offered “quite effective privacy protections if configured correctly.”

Meyer says that Evidon’s dual role will continue, and says the company is now working on a similar service to unmask the ad tracking built into many mobile apps. This month it acquired Mobilescope, a project started by privacy researchers that lets a smartphone user see the data that apps transfer and flags when sensitive data such as an e-mail address is transmitted (see “How to Detect Apps Leaking Your Data”). Techniques that profile a person’s use of apps on his phone to figure out how to target him with ads are booming, says Meyer, and so far it is mostly impossible to detect. “Nobody has any visibility into what happens in these apps,” he says.

Evidon plans to release an improved version of Mobilescope later this year, and will eventually add an opt-in data-sharing capability similar to the one offered by Ghostery.
http://www.technologyreview.com/news...e-ad-industry/





Firefox Advances Do Not Track Technology

Mozilla says Firefox, over objections from the advertising industry, soon will begin blocking many types of cookies used to track users.
Mathew J. Schwartz

Despite strong advertising industry opposition, Mozilla is advancing plans to have the Firefox browser block, by default, many types of tracking used by numerous websites, and especially advertisers.

"We're trying to change the dynamic so that trackers behave better," Brendan Eich, CTO of Firefox developer Mozilla, told The Washington Post.

According to NetMarketShare, 21% of the world's computers run Firefox.

Eich said the blocking technology, which is still being refined, will go live in the next few months. The blocking technology is based on that used by Apple's Safari browser, which blocks all third-party cookies. Advertisers use these types of cookies to track users across multiple websites.

Advertisers have criticized Mozilla's move. "They're putting this under the cloak of privacy, but it's disrupting a business model," Lou Mastria, the managing director for the Digital Advertising Alliance (DAA), told Adweek. The DAA runs a self-regulated industry program called Ad Choices, which allows consumers to opt out of some types of targeted advertising.

The precise types of cookies to be blocked by Firefox will be determined by the Cookie Clearinghouse, which is chaired by Aleecia M. McDonald, the director of privacy at Stanford University's Center for Internet and Society (CIS), which has spearheaded Do Not Track (DNT).

"Internet users are starting to understand that their online activities are closely monitored, often by companies they have never heard of before," McDonald said in a blog post. "But Internet users currently don't have the tools they need to make online privacy choices. The Cookie Clearinghouse will create, maintain and publish objective information. Web browser companies will be able to choose to adopt the lists we publish to provide new privacy options to their users."

The Cookie Clearinghouse has a six-person advisory panel, which includes representatives from Mozilla, Opera and the Future of Privacy Forum, who will help develop an "allow list" and a "block list" of cookies. As that suggests, not all cookies will be blocked by the Firefox patch, which was developed by Mozilla's Jonathan Meyer, who's on the Cookie Clearinghouse advisory board.

Instead, Meyer's patch will add a cookie-analysis logic engine to Firefox. "The idea is that if you have not visited a site (including the one to which you are navigating currently) and it wants to put a cookie on your computer, the site is likely not one you have heard of or have any relationship with," said Mozilla CTO Eich in a blog post. "But this is only likely, not always true," he said, noting that the engine would continue to be refined to help eliminate false positives, backed by information from the Cookie Clearinghouse.

Mozilla first announced that it would begin blocking third-party advertisers' cookies in February. Advertisers, predictably, weren't pleased -- Mike Zaneis, general counsel for the Interactive Advertising Bureau (IAB), described it as a "nuclear first strike" against advertisers.

In response, Mozilla backed off, at least temporarily, announcing in May that it was delaying its planned July implementation of the blocks in Firefox, pending further testing of the related patch. In response, a group of 979 small businesses from around the world signed a petition on the IAB's website protesting the plans.

Mozilla's cookie-blocking efforts follow a Do Not Track capability being adopted by all major browsers. But the DNT effort stalled in November 2012, after advertisers stopped participating in the program, following Microsoft making DNT active by default in Internet Explorer 10. Advertisers wanted the feature to be not active by default.
https://www.informationweek.com/secu...logy/240157010





ISPs to Include Porn Filters as Default In the UK by 2014

New and existing customers will have to opt out of filtering program.
Kadhim Shubber

Parental filters for pornographic content will come as a default setting for all homes in the UK by the end of 2013, says David Cameron's special advisor on preventing the sexualization and commercialization of childhood, Claire Perry MP.

Internet service providers (ISP) will be expected to provide filtering technology to new and existing customers with an emphasis on opting out, rather than opting in.

"[In the UK] we will have filters where if you do nothing, the parental filters will come pre-ticked," said Perry, speaking at a Westminster eForum on 14 June.

The move is part of a government effort to force ISPs to make filtering a standard option across industry and to make the technology easier for consumers to use. As ISPs are voluntarily rolling out filtering technology, it will require no new legislation or regulations.

It had previously been feared that the government would force ISPs to block access to pornographic content unless a consumer specifically requested it.

Companies like TalkTalk have forced new consumers to make a choice about parental filters since March 2012. It recently began doing the same with existing customers and 20,000 enabled filtering in the first week. Speaking at the event, TalkTalk's Head of Public Affairs Alexandra Birtles said that a third of their customers have filtering enabled.

Perry said parents were "complacent" about the risks of online pornography, pointing out that only four in 10 parents use some kind of Internet filtering at home.

Features such as time-limited deactivation of filtering and email updates when filter settings are changed are expected to become widespread. "We will have automatic put on, so if you turn the filter off at 9pm, it turns on again at 7am," said Perry.

Although parental filters may not completely restrict young people from accessing pornography—who's willing to bet against a tech-savvy teenager?—making it easier for parents to control what type of Internet content is available at home will no doubt help.

That said, restrictions on the content available to young people via mobile networks have been in place for a number of years. Access to pornographic images via peer-to-peer networks, sites like reddit and Imgur, and also to pornographic content created by young people themselves is unlikely to be affected by this initiative.

"There's something different about the online world, it is anonymous, it is easy, and it is efficient to share imagery," said Perry, emphasizing that education was a crucial part of the challenge.

As expected, the government is pushing ahead with ensuring that all public Wi-Fi spots are free from adult content, Perry confirmed.

Perry also urged Internet companies to take up an active role in restricting young children from accessing hardcore pornography, saying, "the analogy I've used with these companies is, 'you've got yourself into a situation, by default, where you are peddling [pornography] to kids in a way that you never intended.'"

Culture Secretary Maria Miller recently summoned major tech firms and ISPs like Google and BT to a meeting on June 17 to discuss the policing of illegal content online, a separate issue to underage access to pornographic images. Ahead of the meeting, Google donated £1 million ($1,570,400) to child sexual abuse charity Internet Watch Foundation.
http://arstechnica.com/tech-policy/2...in-uk-by-2014/





Google is Working On New Tech to Eliminate All Child Porn On the Web
Sean Ludwig

Search and mobile superpower Google is working on new technology that would effectively purge all images of child pornography and abuse from most of the web.

Google disclosed new efforts to fight online child exploitation in a blog post yesterday. The company committed $5 million to “eradicate child abuse imagery online” and started a $2 million Child Protection Technology Fund to encourage the development of better tools to destroy child porn.

While money being allocated to the cause is important, the technology Google is building to combat child porn is even more so. Google is working on a new database of flagged images of child porn and abuse that can be shared with other search engines and child protection organizations. The database will help create systems that automatically eliminate that sort of content.

“Recently, we’ve started working to incorporate encrypted ‘fingerprints’ of child sexual abuse images into a cross-industry database,” Jacquelline Fuller, Director of Google Giving, wrote in the blog post. “This will enable companies, law enforcement, and charities to better collaborate on detecting and removing these images, and to take action against the criminals.”

If the database is used effectively, any flagged image in the database would not be searchable through participating search engines or web hosting providers. And maybe best of all, computers will automatically flag and remove these images without any human needing to see them.

Google hopes the new database is operational in less than a year, according to The Telegraph.

“This announcement is inspiring for those who are at the forefront of tackling child sexual abuse content,” Susie Hargreaves, chief executive officer of the Internet Watch Foundation, told The Telegraph. “We know that the best way to tackle what is some of the most horrific content online is by working with others from all over the world to combat this on a global platform.”
http://venturebeat.com/2013/06/16/go...rn-on-the-web/





A Startup Looks to Stop Fraud with a New Method for 'Fingerprinting' Phone Calls

Pindrop Security is using acoustic analysis tech to stop social engineering
Joshua Kopstein

One of the most cherished and time-honored traditions of computer security conferences like Def Con has been the Social Engineering contest. It's a simple but satisfying hacker bloodsport — contestants sit inside a glass isolation booth in front of a live audience and call up companies to see how many passwords, addresses, and other secret information they can coax from clueless customer service representatives.

Of course, the reason it's so effective — and thus, entertaining — is because social engineering bypasses firewalls and encryption to attack the most vulnerable component of any security system: humans.

Georgia-based startup Pindrop Security isn't releasing a patch for human gullibility, but it is getting $11 million of venture funding for a novel fraud detection technology which could give human operators a much-needed edge against clever con artists with far more nefarious motives than those at Def Con.

"Social engineering attacks the most vulnerable part of a security system: humans"

It's a bit like a re-tooled version of Caller ID, but instead of phone directories, it uses audio signal processing to authenticate calls by analyzing their acoustic properties in real time. Over time, the system builds a database of audio "fingerprints" based around those properties. The creators say it can determine a caller's location down to an area roughly the size of France, even when they're using VoIP services like Skype, with 90 percent accuracy.

The project came from the PhD thesis of Pindrop's CEO and founder, Vijay Balasubramaniyan, who realized something useful about the subtle differences in audio quality and other attributes of various countries' phone lines. For example, you can measure things that differ from country to country, like the audio cutoff frequency, to compare the declared origin of the call against audio profiles stored in the database. Vijay says those profiles are built using 147 different audio signatures across the categories of loss, noise, and spectrum, allowing the system to create a unique fingerprint for specific handsets, applications, and regions.

That means you'd be able to tell the difference between, say, a Blackberry calling from Nevada and a Skype call coming from Nigeria.

"The system can create a unique fingerprint for specific handsets, applications, and regions"

Pioneered by legendary phone phreaks like Kevin Mitnick, social engineering is one of the oldest strategies in the hacker playbook, yet it remains one of the most effective. Last year, Wired writer Mat Honan had his iPad remotely wiped after an attacker with just a few points of personal data was able to trick an Apple customer support representative into giving them access to his iCloud account. Even when it doesn't get results immediately, a good social engineering call can produce other useful information that hackers can utilize to get access elsewhere.

Knowing roughly where those calls originate can be useful, since fraudsters usually lie about where they're calling from, says Scott Weiss, a former Cisco security manager currently with tech incubator Andreessen Horowitz, who just took a board seat at Pindrop after its latest funding round. "Most of this phone call fraud is coming from spook numbers out of places like Pakistan or Russia, and to know that the call is coming from one of those countries can cut down fraud almost by 75 percent," he claims. "Anytime you're calling in about a password or an ID, this technology should be applied."
http://www.theverge.com/2013/6/19/44...al-engineering





Roll Your Own Anonymizing Tor Proxy With a Raspberry Pi
Alan Henry

There are many interesting things you can do with a Raspberry Pi, but this one isn't just fun, it's easy, and it can offer some privacy protection from prying eyes who may want in on your data. All you need is a Raspberry Pi, a Wi-Fi adapter, and some time.

The folks over at Adafruit Industries sent this project over to us from their Adafruit Learning System project site. You'll need a Raspberry Pi (the Model B with 512MB of RAM works best for this), a case for it, an ethernet cable, a Wi-Fi adapter, an SD card, and a few other components—hit the link below to see them all at the project page (and to buy them from Adafruit, if you want). Raspbian is the linux distribution of choice in this case, and once you have it installed and set up, all you have to do is install Tor and launch it.

When you're done, simply connect to the new "Onion Pi" wireless network you'll have created, and you'll be browsing anonymously via Tor. Remember though, Tor isn't perfect, and it's designed for anonymity, not security. This project is similar to setting up a Tor relay using a Raspberry Pi, but in this case you're building the server yourself for your own use, so it's an entry point to the network for all of your devices, rather than a relay for everyone else to use. Hit the link below to read more and check out the step-by-step.
http://lifehacker.com/roll-your-own-...y-pi-513525281





NSA-Proof Encryption Exists. Why Doesn’t Anyone Use It?
Timothy B. Lee

Computer programmers believe they know how to build cryptographic systems that are impossible for anyone, even the U.S. government, to crack. So why can the NSA read your e-mail?

Last week, leaks revealed that the Web sites most people use every day are sharing users’ private information with the government. Companies participating in the National Security Agency’s program, code-named PRISM, include Google, Facebook, Apple and Microsoft.

It wasn’t supposed to be this way. During the 1990s, a “cypherpunk” movement predicted that ubiquitous, user-friendly cryptographic software would make it impossible for governments to spy on ordinary users’ private communications.

The government seemed to believe this story, too. “The ability of just about everybody to encrypt their messages is rapidly outrunning our ability to decode them,” a U.S. intelligence official told U.S. News & World Report in 1995. The government classified cryptographic software as a munition, banning its export outside the United States. And it proposed requiring that cryptographic systems have “back doors” for government interception.

The cypherpunks won that battle. By the end of the Clinton administration, the government conceded that the Internet had made it impossible to control the spread of strong cryptographic software. But more than a decade later, the cypherpunks seem to have lost the war. Software capable of withstanding NSA snooping is widely available, but hardly anyone uses it. Instead, we use Gmail, Skype, Facebook, AOL Instant Messenger and other applications whose data is reportedly accessible through PRISM.

And that’s not a coincidence: Adding strong encryption to the most popular Internet products would make them less useful, less profitable and less fun.

“Security is very rarely free,” says J. Alex Halderman, a computer science professor at the University of Michigan. “There are trade-offs between convenience and usability and security.”

Most people’s priority: Convenience

Consumers have overwhelmingly chosen convenience and usability. Mainstream communications tools are more user-friendly than their cryptographically secure competitors and have features that would be difficult to implement in an NSA-proof fashion.

And while most types of software get more user-friendly over time, user-friendly cryptography seems to be intrinsically difficult. Experts are not much closer to solving the problem today than they were two decades ago.

Ordinarily, the way companies make sophisticated software accessible to regular users is by performing complex, technical tasks on their behalf. The complexity of Google, Microsoft and Apple’s vast infrastructure is hidden behind the simple, polished interfaces of their Web and mobile apps. But delegating basic security decisions to a third party means giving it the ability to access your private content and share it with others, including the government.

Most modern online services do make use of encryption. Popular Web services such as Gmail and Hotmail support an encryption standard called SSL. If you visit a Web site and see a “lock” icon in the corner of your browser window, that means SSL encryption is enabled. But while this kind of encryption will protect users against ordinary bad guys, it’s useless against governments.

That’s because SSL only protects data moving between your device and the servers operated by Google, Apple or Microsoft. Those service providers have access to unencrypted copies of your data. So if the government suspects criminal behavior, it can compel tech companies to turn over private e-mails or Facebook posts.

That problem can be avoided with “end-to-end” encryption. In this scheme, messages are encrypted on the sender’s computer and decrypted on the recipient’s device. Intermediaries such as Google or Microsoft only see the encrypted version of the message, making it impossible for them to turn over copies to the government.

Software like that exists. One of the oldest is PGP, e-mail encryption software released in 1991. Others include OTR (for “off the record”), which enables secure instant messaging, and the Internet telephony apps Silent Circle and Redphone.

But it’s difficult to add new features to applications with end-to-end encryption. Take Gmail, for example. “If you wanted to prevent government snooping, you’d have to prevent Google’s servers from having a copy of the text of your messages,” Halderman says. “But that would make it much harder for Google to provide features like search over your messages.” Filtering spam also becomes difficult. And end-to-end encryption would also make it difficult for Google to make money on the service, since it couldn’t use the content of messages to target ads.

A similar point applies to Facebook. The company doesn’t just transmit information from one user to another. It automatically resizes users’ photos and allows them to “tag” themselves and their friends. Facebook filters the avalanche of posts generated by your friends to display the ones you are most likely to find the most interesting. And it indexes the information users post to make it searchable.

These features depend on Facebook’s servers having access to a person’s private data, and it would be difficult to implement them in a system based on end-to-end encryption. While computer scientists are working on techniques for creating more secure social-media sites, these techniques aren’t yet mature enough to support all of Facebook’s features or efficient enough to serve hundreds of millions of users.

Other user headaches

End-to-end encryption creates other headaches for users. Conventional online services offer mechanisms for people to recover lost passwords. These mechanisms work because Apple, Microsoft and other online service providers have access to unencrypted data.
In contrast, when a system has end-to-end encryption, losing a password is catastrophic; it means losing all data in the user’s account.

Also, encryption is effective only if you’re communicating with the party you think you’re communicating with. This security relies on keys — large numbers associated with particular people that make it possible to scramble a message on one end and decode it on the other. In a maneuver cryptographers call a “man in the middle” attack, a malicious party impersonates a message’s intended recipient and tricks the sender into using the wrong encryption key. To thwart this kind of attack, sender and recipient need a way to securely exchange and verify each other’s encryption keys.

“A key is supposed to be associated closely with a person, which means you want a person to be involved in creating their own key, and in verifying the keys of people they communicate with,” says Ed Felten, a computer scientist at Princeton University. “Those steps tend to be awkward and confusing.”

And even those who are willing to make the effort are likely to make mistakes that compromise security. The computer scientists Alma Whitten and J.D. Tygar explored these problem in a famous 1999 paper called “Why Johnny Can’t Encrypt.” They focused on PGP, which was (and still is) one of the most popular tools for users to send encrypted e-mail.

PGP “is not usable enough to provide effective security for most computer users,” the authors wrote.

Users expect software to “just work” without worrying too much about the technical details. But the researchers discovered that users tended to make mistakes that compromise their security. Users are supposed to send other people their “public key,” used to encode messages addressed to them, and to keep their private key a secret. Yet some users foolishly did the opposite, sending others the private key that allowed eavesdroppers to unscramble e-mail addressed to them. Others failed to make backup copies of their private encryption keys, so when their hard drives crashed, they lost access to their encrypted e-mail.

Using PGP is such a hassle that even those with a strong need for secure communication resist its use. When Edward Snowden, the man who leaked the details of the PRISM program, first contacted Glenn Greenwald at the Guardian in February, he asked the journalist to set up PGP on his computer so the two could communicate securely. He even sent Greenwald a video with step-by-step directions for setting up the software. But Greenwald, who didn’t yet know the significance of Snowden’s leaks, dragged his feet. He did not set up the software until late March, after filmmaker Laura Poitras, who was also in contact with Snowden, met with Greenwald and alerted him to the significance of his disclosures.

Going with the flow

Felten argues that another barrier to adopting strong cryptography is a chicken-and-egg problem: It is only useful if you know other people are also using it. Even people who have gone to the trouble of setting up PGP still send most of their e-mail in plain text because most recipients don’t have the capability to receive encrypted e-mail. People tend to use what’s installed on their computer. So even those who have Redphone will make most of their calls with Skype because that’s what other people use.

Halderman isn’t optimistic that strong cryptography will catch on with ordinary users anytime soon. In recent years, the companies behind the most popular Web browsers have beefed up their cryptographic capabilities, which could make more secure online services possible. But the broader trend is that users are moving more and more data from their hard drives to cloud computing platforms, which makes data even more vulnerable to government snooping.

Strong cryptographic software is available to those who want to use it. Whistleblowers, dissidents, criminals and governments use it every day. But cryptographic software is too complex and confusing to reach a mass audience anytime soon. Most people simply aren’t willing to invest the time and effort required to ensure the NSA can’t read their e-mail or listen to their phone calls. And so for the masses, online privacy depends more on legal safeguards than technological wizardry.

The cypherpunks dreamed of a future where technology protected people from government spying. But end-to-end encryption doesn’t work well if people don’t understand it. And the glory of Google or Facebook, after all, is that anyone can use them without really knowing how they work.
http://www.washingtonpost.com/blogs/...rss_ezra-klein





How Web Mail Providers Leave Door Open for NSA Surveillance

Protecting users' e-mail privacy from the National Security Agency and other intelligence services means using encryption. But with the exception of Google, few companies do everything they can.
Declan McCullagh

Billions of supposedly private e-mail messages a day flow through unsecured links, where they can be snared in digital dragnets operated by the National Security Agency and other intelligence services.

Recent revelations about NSA surveillance -- including a top-secret document discussing "collection of communications on fiber cables and infrastructure as data flows past" -- have highlighted the ease with which government eavesdroppers can exploit the Internet's infrastructure. Another classified document, which the Guardian published Thursday, mentions network-based surveillance of Hotmail servers.

Over the last decade or so, Web mail providers began to turn on encryption to armor the connections between users' computers and Gmail, Yahoo Mail, Hotmail and other services. That form of protection against surveillance, which typically appears in a Web browser as an "https" connection accompanied by a padlock image, is viewed as generally secure and is used by banks as well. Google has offered it since 2004, and Yahoo finally followed suit this year.

But during the next step, when those e-mail messages are transferred from one company's servers to another's, they're rarely encrypted. An e-mail message that a Facebook user addresses to a Yahoo Mail user, for instance, will be delivered in an unencrypted form through a server-to-server connection that provides no protection against surveillance.

"The incentives aren't really there for companies to try to implement it," says Ashkan Soltani, an independent security consultant who has highlighted some of these security shortcomings on Twitter. That's the case even though, he says, enabling encryption is "a really easy thing to do."

A survey of top mail providers shows that Google is alone in using strong encryption, known as SMTP-TLS, to fully armor e-mail connections for its users, as long as the other company's server is willing to encrypt as well. SMTP-TLS also protects employee e-mail at security-conscious companies, large law firms, and sensitive government agencies including the NSA, the White House, and the Department of Homeland Security. (You can check on your own provider by typing in your e-mail address at CheckTLS.com.)

Unfortunately, those are the exceptions. Facebook, Hotmail, Yahoo Mail, and AOL Mail do not accept incoming e-mail in SMTP-TLS encrypted form, meaning hundreds of millions of users' private communications are vulnerable to monitoring. Both the sending and receiving servers must have encryption turned on for a secure connection to happen.

"My sense is that Google is the one large company that has demonstrated it cares about crypto," says Dan Auerbach, a staff technologist at the Electronic Frontier Foundation in San Francisco. "We think [encryption] should obviously be supported by all these mail servers."

One reason why so many mail providers don't encrypt server-to-server mail links using SMTP-TLS is that, unlike browser encryption, this security precaution would be invisible to users. And the fat pipes that backbone providers provide have historically been viewed as safe. (SMTP-TLS stands for Simple Mail Transfer Protocol Transport Layer Security. TLS was published as an Internet protocol in 1999.)

Adam Langley, a software engineer at Google, told CNET that "we do support TLS" for both inbound and outbound exchanges between mail servers. But, diplomatically, he declined to speculate on why many other companies do not. The company even offers its Google Apps users the high security choice of rejecting non-encrypted connections.

A Facebook spokesman said: "Facebook currently supports user-to-server encryption, but does not currently support server-to-server encryption as we have not seen wide adoption of the protocol. We are open to adoption to this or other protocols in the future as they are used by more services." A Yahoo representative said: "At Yahoo, we invest heavily in the security of our users and we're continually looking to enhance the security capabilities of our products." AOL did not respond to queries.

The potential privacy risks of server-to-server e-mail deliveries have been thrown into sharp relief by surveillance-related disclosures over the last two weeks from Edward Snowden, the former NSA contractor, and U.S. government officials. Snowden said in a Guardian online chat this week that e-mail and other Internet communications inside the United States are "ingested" by the intelligence agency's immense collection apparatus and that "Americans' communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant."

Web companies have offered blanket denials of allegations that they provided NSA eavesdroppers with "direct access" to their servers, and Google even challenged the U.S. government this week before the Foreign Intelligence Surveillance Court in a bid to clear its name.

A leaked NSA slide talking about "upstream" data collection from "fiber cables and infrastructure as data flows past" suggests that those companies are telling the truth: the NSA instead is tapping into Internet backbone links operated by companies such as AT&T, CenturyLink, XO Communications, Verizon, and Level 3 Communications -- and using that passive access to vacuum up unencrypted communications. Additional evidence comes from the classified directives released Thursday that discuss surveillance procedures and were signed by Attorney General Eric Holder.

Documents that came to light in 2006 in a lawsuit brought by the Electronic Frontier Foundation offer insight into the spy agency's relationship with Tier 1 Internet providers. Mark Klein, who worked as an AT&T technician for over 22 years, disclosed (PDF) that he witnessed domestic voice and Internet traffic being surreptitiously "diverted" through a "splitter cabinet" to secure room 641A in one of the company's San Francisco facilities. The room was accessible only to NSA-cleared technicians.

The New York Times revealed in 2009 that a secret NSA database, code-named PINWALE, archived foreign and domestic e-mail messages that analysts could search through "without warrants" as long as Americans' correspondence did not amount to more than 30 percent of any database search. PINWALE is the the NSA's main database for intercepted communications, while metadata is stored in a separate database called MAUI, and initial sorting is performed by a program called XKEYSCORE, according to the recent book "Deep State: Inside the Government Secrecy Industry."

Other mail providers that do not appear to permit SMTP-TLS links for e-mail delivery include AT&T, Earthlink, and Comcast. Apple, which did not respond to a request for comment, does not appear to support SMTP-TLS for server-to-server iCloud e-mail, though it does for user-to-server links. Fastmail.fm and Hushmail do support SMTP-TLS for automatic encryption of incoming mail. Oddly, the FBI does not for its own employees' incoming e-mail.

Yahoo, Microsoft, and Apple protect their own internal correspondence more carefully than they do their users' communications: their separate employee mail servers support incoming encrypted messages.

A Microsoft representative said the company does not support server-to-server SMTP-TLS for consumer products including Outlook.com and Hotmail.com. (Microsoft finished switching users from Hotmail to Outlook last month.)

Microsoft does enable encryption in some other situations. Those include Exchange ActiveSync, or when users choose the "SMTP send" option from Outlook.com, which was announced last month. SMTP send allows you to log in to Outlook.com, but actually send the message using your Yahoo Mail or Gmail account.

In addition, Microsoft enables server-to-server encryption for paying customers, including those using Office 365. The Department of Homeland Security, which has a 10-year relationship with Microsoft for technology services, has outsourced its mail to the mail.us.messaging.microsoft.com server, which does enable SMTP-TLS.

Even if a company don't support SMTP-TLS encryption between servers, other technologies exist to make data unreadable to government snoops. One is called S/MIME, but it's hardly popular. End-to-end encryption in the form of PGP or GnuPG is another choice. Those are viewed as some of the most secure options, but are also the most difficult to use.

"We don't know the extent to which the NSA or other intelligence agencies are reading people's mail," says Auerbach, EFF's staff technologist. "Companies not supporting encryption for the sending of e-mail leaves the door wide open for these agencies to do it, were they inclined to do so."

Disclaimer: McCullagh is married to a Google employee not involved with this issue.
http://news.cnet.com/8301-13578_3-57...-surveillance/





Does Encryption Really Shield You From Government's Prying Eyes?

Encrypting data may not guard against surveillance, some experts say, while others argue in favor of taking steps to protect privacy
Zach Miners

If you're thinking about encrypting email in light of revelations about U.S. government spying, you may be wasting your time.

Recent leaks about surveillance efforts by the secretive National Security Agency have sparked a wide range of questions during the last week over online privacy, or lack thereof, as well as possible violations of the Constitution. But at this stage, the exact methods employed by the nation's top intelligence agencies to gather information in the interest of national security are still fuzzy.
Spying

The NSA has been watching.

At the very least, the NSA has confirmed that it is collecting Verizon phone records to examine their metadata and analyze call patterns between people. The NSA's Prism system apparently goes even further, reportedly accessing servers at Google, Apple, Microsoft, Facebook and other major companies, to collect data that the agency is storing for possible surveillance and investigations.

With such large amounts of personal data at stake, one question is the extent to which encryption -- a process for scrambling digital information so only certain groups of people can decipher it -- can succeed in shielding consumers from government surveillance.

The answer is complicated, and depends on the definition of "government surveillance," which is still not entirely clear. But for some security experts, encryption is a non-issue, period.

For instance, if the government is doing only what it claims to be doing with cellphone calls, which is performing traffic analysis to look at patterns and see where calls are coming from and going to, there are no good avenues for encrypting that, some say.

"The fact that I called you, or you called me, that has nothing to do with encryption," said security expert Bruce Schneier. "This is not communications eavesdropping. This is eavesdropping at the endpoints," he said.

Encrypting those endpoints is a lot harder than encrypting, say, emails or phone calls themselves, if not impossible outright, said Seth Schoen, senior staff technologist at the Electronic Frontier Foundation. "You still have to tell the ISP that we want to talk to each other," he said. "You can't really scramble a phone number, because the company needs to know how to complete the call," he said.

There are services for encrypting phone calls end to end, like Silent Circle, which announced discounts citing "overwhelming demand" for their services following the NSA spying reports. In addition to calls, the company also offers encrypted video, texting and email over its network. End-to-end encryption aims to encrypt information through all phases -- at rest, in transit and in use.

There is also RedPhone and TextSecure, two mobile apps made by open source developer WhisperSystems, for end-to-end encryption of phone calls and text messages, respectively. Cryptocat is another player.

But the thinking goes that if you take the government at its word, then the NSA is not listening in on phone calls anyway, at least not in a blanketed way. Instead, it's more like the government is saying to telecommunications companies, "Hey, so-and-so sent out 100 billion text messages. Send those to me," Schneier said.

There are legal avenues to gain access to encrypted data and some of these would oblige companies to either provide the keys or provide the unencrypted data.

In its privacy statement, Silent Circle acknowledges that its servers "generate log files that contain IP addresses," and notes that every six months the company will post how many data requests from worldwide law enforcement agencies it has received, how many customers were involved and what agency or organization made the request.

But gag orders may not accomplish much if the data is truly encrypted end to end, which is what companies like Silent Circle try do. However, end-to-end encryption is hard to achieve and increases costs.

Government metadata analysis alone should raise concerns among U.S. residents, said EFF's Schoen. The practice of looking at who is contacting whom might sound boring to some, or prompt the question, "What's the privacy harm there?" said Schoen. But if the government can track a person's IP address, that information can be used to, say, reveal a love affair, if one person were to log on to his or her email account from a new IP address, he said.

"It can show where someone spent the night," EFF's Schoen said. "The privacy concerns here can be much graver than you would think."

For those reasons and others, some privacy groups, like the Electronic Privacy Information Center, have questioned the legality of the NSA's Verizon data-collection scheme.

Meanwhile, when it comes to encrypting actual content like email messages, chats, videos and photos, there are generally two ways to go: There are services for encrypting information sent between people, like Silent Circle and RedPhone, and there are applications for creating secure connections between people and across networks. For instance, there are open source services like OpenVPN, which is designed to establish an encrypted virtual private network (VPN) between computers.

There is HTTPS Everywhere, a plug-in extension for Firefox and Chrome browsers that is designed to automatically employ the Hypertext Transfer Protocol Secure (HTTPS) program for websites that offer it. HTTPS is designed to build on top of standard SSL/TLS cryptographic protocols to protect against eavesdropping of data by third parties, and to help ensure that the website being accessed is legitimate and not operated by a bogus group.

There are also cloud storage encryption services like Mega, or SpiderOak, which claims to have zero-knowledge of users' data.

But on a practical level, people need to consider that if the company cannot read their files, that can limit the features and convenience afforded by the service. It's a little hard to filter out spam, for instance, if the email client can't see your emails, said EFF's Schoen. Researchers at the Massachusetts Institute of Technology are trying to solve this problem with "homomorphic encryption," which would let Web servers process data without decrypting it.

This smorgasbord of encryption services is what makes things tricky. "There are very specific things we mean when we talk about privacy," said Eben Moglen, a professor of law at Columbia University and chairman of the Software Freedom Law Center. Surveillance of communication endpoints is the "anonymity" type of privacy, but when people start talking about the actual contents of messages or files, that falls under a different category called "secrecy."

"A message is secret if its contents are known only to the sender and the recipient," he said. But as far as whether the government is listening in on those messages -- encrypted or not -- and how much it is listening, and which governments are listening, the answer could be yes, no or maybe, Moglen said.

One of the biggest questions right now is how powerful the government's code-breaking tools are, and the extent to which they are capable of cracking the algorithms, and at what speed, that power modern encryption programs.

"The U.S. government doesn't tell us how many codes it can break," Moglen quipped.

"I can't tell you what encryption methods the government can defeat," he said. "I can tell you it's as good, if not better, than the best stuff in the world."

But even if the government can't crack the codes just yet, there is still the anonymity problem of the government seeing who sent what to whom.

And there's still a whole other layer of privacy concerns related to what Moglen calls "autonomy," which deals with how people change their behavior or self-censor what they say online because they're fearful of who is listening.

Experts agree that the aforementioned services and software generally work well as a guard against more incidental eavesdropping or keeping less tenacious hackers out of Internet communications in open Wi-Fi environments like coffee shops.

In the computer security world, "who exactly we are trying to protect ourselves against is one of the key questions," said EFF's Schoen. "Some are easier to protect against than others."

But are Internet users really fearful of snooping? Or have events like 9/11, and high-profile laws like the Patriot Act and the Foreign Intelligence Surveillance Act, which is at the heart of the alleged Prism program, made people too cynical to care?

Some do seem to live and die by encryption. Here's what Michael Goldstein, a computer science student at the University of Texas at Austin, does: He chats on Facebook with the open source Jitsi communicator. He chats with Cryptocat. He uses the PGP (Pretty Good Privacy) software for encrypting certain emails. His hard drive is encrypted with TrueCrypt. He's a fan of Tor, which is designed to keep people's anonymity intact, for accessing the Internet. He also likes Mega for cloud storage. There's RetroShare for encrypted chat, email, forums and other social networking with "certain friends." TextSecure too.

"Whenever possible, I encrypt my communication," he said. Clearly.

And let's not forget Bitcoins, a digital currency designed to allow decentralized and anonymous payments, which Goldstein also uses.

"To me, and many people of a more libertarian persuasion, recent news has been more of a validation of prior beliefs than a shocking revelation," he said.

"This is not a big shock. It's an open secret in my business," said John Kindervag, an analyst with Forrester.

Some tech entrepreneurs agreed.

Prism "is an important reminder that what we share online and communicate to others via technology can, and sometimes will, be seen by people that we didn't intend to see it," said Justin Johnson, co-founder at Late Labs, a crowdcoding startup based in San Francisco.

Others are less Orwellian. "It's more likely that a hacker is trying to guess your password than the NSA is coming after you," said Robert Banagale, CEO at secure messaging app maker Gliph.

But, while using encryption might be good for keeping accounts secure, using it to try to dodge the NSA is probably futile, he added.

How receptive Internet users are to government surveillance in the interest of fighting terrorists is harder to gauge, but what's clear is that online privacy is at risk.

If privacy isn't dead, it's certainly on life support, said John Simpson, director of the Privacy Project at Consumer Watchdog. "These tech companies, and the government, know more and more about people's private lives," he said.

Others say the fundamental philosophy behind the Internet, that of an open network for the free-flow exchange of information and ideas, renders encryption moot, especially given the nature of the U.S. economy.

Why don't most people just encrypt everything end to end? "Because that's not in capitalism's interests," said Columbia's Moglen. "When the economy is primarily about consumption, the behavior of consumers is the most important information it has. That's what information technology is about as far as capitalism is concerned."

People like the man behind the NSA leaks, Edward Snowden, "who think the technology revolution is about freedom," Moglen said, "they're characterized as traitors."
https://www.computerworld.com/s/arti...pryin g_eyes_





Use of Tor and E-Mail Crypto Could Increase Chances that NSA Keeps Your Data

When it comes to surveillance rules, some US people are more equal than others.
Dan Goodin

Using online anonymity services such as Tor or sending encrypted e-mail and instant messages are grounds for US-based communications to be retained by the National Security Agency even when they're collected inadvertently, according to a secret government document published Thursday.

The document, titled Minimization Procedures Used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence, is the latest bombshell leak to be dropped by UK-based newspaper The Guardian. It and a second, top-secret document detail the circumstances in which data collected on US persons under foreign intelligence authority must be destroyed or can be retained. The memos outline procedures NSA analysts must follow to ensure they stay within the mandate of minimizing data collected on US citizens and residents.

While the documents make clear that data collection and interception must cease immediately once it's determined a target is within the US, they still provide analysts with a fair amount of leeway. And that leeway seems to work to the disadvantage of people who take steps to protect their Internet communications from prying eyes. For instance, a person whose physical location is unknown—which more often than not is the case when someone uses anonymity software from the Tor Project—"will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person's communications give rise to a reasonable belief that such person is a United States person," the secret document stated.

And in the event that an intercepted communication is later deemed to be from a US person, the requirement to promptly destroy the material may be suspended in a variety of circumstances. Among the exceptions are "communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis."

Other conditions under which intercepted US communications may be retained include when it is "reasonably believed to contain evidence of a crime that has been, is being, or is about to be committed."

The document, dated July 28, 2009, bears the signature of US Attorney General Eric Holder.

Supporters of the recently exposed NSA surveillance program have frequently argued that it is narrowly tailored so that it doesn't track the communications of ordinary US citizens and residents. Rules requiring inadvertently collected US communications to be destroyed once the error is discovered would appear to be key in supporting that view. The exceptions to that requirement may give critics new ammunition. Tor is a staple of many human rights advocates who want to prevent repressive governments from tracking their location or intercepting and reading their e-mail and instant messages. Encrypted e-mail, while by no means easy to use, remains a core practice among lawyers, corporate executives, and privacy advocates.

It's hard to read the documents and not be struck by the irony that use of these services may subject people on US soil to a much higher likelihood that their communications will be retained by an agency that's supposed to focus on foreign targets.
http://arstechnica.com/tech-policy/2...eps-your-data/





GCHQ Taps Fibre-Optic Cables for Secret Access to World's Communications

Exclusive: British spy agency collects and stores vast quantities of global email messages, Facebook posts, internet histories and calls, and shares them with NSA, latest documents from Edward Snowden reveal
Ewen MacAskill, Julian Borger, Nick Hopkins, Nick Davies and James Ball

Britain's spy agency GCHQ has secretly gained access to the network of cables which carry the world's phone calls and internet traffic and has started to process vast streams of sensitive personal information which it is sharing with its American partner, the National Security Agency (NSA).

The sheer scale of the agency's ambition is reflected in the titles of its two principal components: Mastering the Internet and Global Telecoms Exploitation, aimed at scooping up as much online and telephone traffic as possible. This is all being carried out without any form of public acknowledgement or debate.

One key innovation has been GCHQ's ability to tap into and store huge volumes of data drawn from fibre-optic cables for up to 30 days so that it can be sifted and analysed. That operation, codenamed Tempora, has been running for some 18 months.

GCHQ and the NSA are consequently able to access and process vast quantities of communications between entirely innocent people, as well as targeted suspects.

This includes recordings of phone calls, the content of email messages, entries on Facebook and the history of any internet user's access to websites – all of which is deemed legal, even though the warrant system was supposed to limit interception to a specified range of targets.

The existence of the programme has been disclosed in documents shown to the Guardian by the NSA whistleblower Edward Snowden as part of his attempt to expose what he has called "the largest programme of suspicionless surveillance in human history".

"It's not just a US problem. The UK has a huge dog in this fight," Snowden told the Guardian. "They [GCHQ] are worse than the US."

However, on Friday a source with knowledge of intelligence argued that the data was collected legally under a system of safeguards, and had provided material that had led to significant breakthroughs in detecting and preventing serious crime.

Britain's technical capacity to tap into the cables that carry the world's communications – referred to in the documents as special source exploitation – has made GCHQ an intelligence superpower.

By 2010, two years after the project was first trialled, it was able to boast it had the "biggest internet access" of any member of the Five Eyes electronic eavesdropping alliance, comprising the US, UK, Canada, Australia and New Zealand.

UK officials could also claim GCHQ "produces larger amounts of metadata than NSA". (Metadata describes basic information on who has been contacting whom, without detailing the content.)

By May last year 300 analysts from GCHQ, and 250 from the NSA, had been assigned to sift through the flood of data.

The Americans were given guidelines for its use, but were told in legal briefings by GCHQ lawyers: "We have a light oversight regime compared with the US".

When it came to judging the necessity and proportionality of what they were allowed to look for, would-be American users were told it was "your call".

The Guardian understands that a total of 850,000 NSA employees and US private contractors with top secret clearance had access to GCHQ databases.

The documents reveal that by last year GCHQ was handling 600m "telephone events" each day, had tapped more than 200 fibre-optic cables and was able to process data from at least 46 of them at a time.

Each of the cables carries data at a rate of 10 gigabits per second, so the tapped cables had the capacity, in theory, to deliver more than 21 petabytes a day – equivalent to sending all the information in all the books in the British Library 192 times every 24 hours.

And the scale of the programme is constantly increasing as more cables are tapped and GCHQ data storage facilities in the UK and abroad are expanded with the aim of processing terabits (thousands of gigabits) of data at a time.

For the 2 billion users of the world wide web, Tempora represents a window on to their everyday lives, sucking up every form of communication from the fibre-optic cables that ring the world.

The NSA has meanwhile opened a second window, in the form of the Prism operation, revealed earlier this month by the Guardian, from which it secured access to the internal systems of global companies that service the internet.

The GCHQ mass tapping operation has been built up over five years by attaching intercept probes to transatlantic fibre-optic cables where they land on British shores carrying data to western Europe from telephone exchanges and internet servers in north America.

This was done under secret agreements with commercial companies, described in one document as "intercept partners".

The papers seen by the Guardian suggest some companies have been paid for the cost of their co-operation and GCHQ went to great lengths to keep their names secret. They were assigned "sensitive relationship teams" and staff were urged in one internal guidance paper to disguise the origin of "special source" material in their reports for fear that the role of the companies as intercept partners would cause "high-level political fallout".

The source with knowledge of intelligence said on Friday the companies were obliged to co-operate in this operation. They are forbidden from revealing the existence of warrants compelling them to allow GCHQ access to the cables.

"There's an overarching condition of the licensing of the companies that they have to co-operate in this. Should they decline, we can compel them to do so. They have no choice."

The source said that although GCHQ was collecting a "vast haystack of data" what they were looking for was "needles".

"Essentially, we have a process that allows us to select a small number of needles in a haystack. We are not looking at every piece of straw. There are certain triggers that allow you to discard or not examine a lot of data so you are just looking at needles. If you had the impression we are reading millions of emails, we are not. There is no intention in this whole programme to use it for looking at UK domestic traffic – British people talking to each other," the source said.

He explained that when such "needles" were found a log was made and the interception commissioner could see that log.

"The criteria are security, terror, organised crime. And economic well-being. There's an auditing process to go back through the logs and see if it was justified or not. The vast majority of the data is discarded without being looked at … we simply don't have the resources."

However, the legitimacy of the operation is in doubt. According to GCHQ's legal advice, it was given the go-ahead by applying old law to new technology. The 2000 Regulation of Investigatory Powers Act (Ripa) requires the tapping of defined targets to be authorised by a warrant signed by the home secretary or foreign secretary.

However, an obscure clause allows the foreign secretary to sign a certificate for the interception of broad categories of material, as long as one end of the monitored communications is abroad. But the nature of modern fibre-optic communications means that a proportion of internal UK traffic is relayed abroad and then returns through the cables.

Parliament passed the Ripa law to allow GCHQ to trawl for information, but it did so 13 years ago with no inkling of the scale on which GCHQ would attempt to exploit the certificates, enabling it to gather and process data regardless of whether it belongs to identified targets.

The categories of material have included fraud, drug trafficking and terrorism, but the criteria at any one time are secret and are not subject to any public debate. GCHQ's compliance with the certificates is audited by the agency itself, but the results of those audits are also secret.

An indication of how broad the dragnet can be was laid bare in advice from GCHQ's lawyers, who said it would be impossible to list the total number of people targeted because "this would be an infinite list which we couldn't manage".

There is an investigatory powers tribunal to look into complaints that the data gathered by GCHQ has been improperly used, but the agency reassured NSA analysts in the early days of the programme, in 2009: "So far they have always found in our favour".

Historically, the spy agencies have intercepted international communications by focusing on microwave towers and satellites. The NSA's intercept station at Menwith Hill in North Yorkshire played a leading role in this. One internal document quotes the head of the NSA, Lieutenant General Keith Alexander, on a visit to Menwith Hill in June 2008, asking: "Why can't we collect all the signals all the time? Sounds like a good summer project for Menwith."

By then, however, satellite interception accounted for only a small part of the network traffic. Most of it now travels on fibre-optic cables, and the UK's position on the western edge of Europe gave it natural access to cables emerging from the Atlantic.
The data collected provides a powerful tool in the hands of the security agencies, enabling them to sift for evidence of serious crime. According to the source, it has allowed them to discover new techniques used by terrorists to avoid security checks and to identify terrorists planning atrocities. It has also been used against child exploitation networks and in the field of cyberdefence.

It was claimed on Friday that it directly led to the arrest and imprisonment of a cell in the Midlands who were planning co-ordinated attacks; to the arrest of five Luton-based individuals preparing acts of terror, and to the arrest of three London-based people planning attacks prior to the Olympics.

As the probes began to generate data, GCHQ set up a three-year trial at the GCHQ station in Bude, Cornwall. By the summer of 2011, GCHQ had probes attached to more than 200 internet links, each carrying data at 10 gigabits a second. "This is a massive amount of data!" as one internal slideshow put it. That summer, it brought NSA analysts into the Bude trials. In the autumn of 2011, it launched Tempora as a mainstream programme, shared with the Americans.

The intercept probes on the transatlantic cables gave GCHQ access to its special source exploitation. Tempora allowed the agency to set up internet buffers so it could not simply watch the data live but also store it – for three days in the case of content and 30 days for metadata.

"Internet buffers represent an exciting opportunity to get direct access to enormous amounts of GCHQ's special source data," one document explained.

The processing centres apply a series of sophisticated computer programmes in order to filter the material through what is known as MVR – massive volume reduction. The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to "selectors" – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is "content", such as recordings of phone calls or the substance of email messages. The rest is metadata.

The GCHQ documents that the Guardian has seen illustrate a constant effort to build up storage capacity at the stations at Cheltenham, Bude and at one overseas location, as well a search for ways to maintain the agency's comparative advantage as the world's leading communications companies increasingly route their cables through Asia to cut costs. Meanwhile, technical work is ongoing to expand GCHQ's capacity to ingest data from new super cables carrying data at 100 gigabits a second. As one training slide told new users: "You are in an enviable position – have fun and make the most of it."
http://www.guardian.co.uk/uk/2013/ju...unications-nsa





Amazon Web Services: We’ll Go to Court to Fight Gov’t Requests for Data
Nancy Gohring

Speaking at a cloud computing panel on Wednesday, an Amazon executive said the company contacts customers when it gets government requests for data stored in Amazon Web Services and will help customers fight such requests.

“Customer and data privacy is one of the single most important things at Amazon,” said Terry Wise, head of global partner ecosystem for Amazon Web Services. “If a U.S. entity is serving us with a legally binding subpoena, we contact our customer and work with that customer to fight the subpoena. We will do that proactively and help the customer in any way to comply with the subpoena or fight it.”

Data security has been in the spotlight as news unfolds about a U.S. National Security Administration system, known as Prism, for collecting data about phone calls. Both AWS and Rackspace, also part of the panel discussion hosted by Reuters, said they are not part of Prism.

One way that AWS advises customers to protect their data is to use its encryption offering. In the AWS model, the customer controls the encryption keys. “They are in total control of the encryption. AWS doesn’t have access to that,” Wise said. “That’s the best practice of any customer that’s worried about security and privacy of data.”

If Amazon faced a subpoena that required it to keep the order secret, such encryption would be useful to customers. “If the data is encrypted, all we’d be handing over would be the cypher text,” he said.

UPDATE: Rackspace didn't go quite as far as AWS in saying it will help defend customers. It just sent along this statement, attributed to Perry Robinson, vice president and associate general counsel at Rackspace, about its policies:

“Rackspace reviews any orders to determine that they are lawful and have been issued in accordance with the 4th amendment. We are prohibited from accessing and disclosing customer data stored on their servers or storage devices in our data centers without a properly issued, lawful request from a court with jurisdiction over both Rackspace and the data sought. In the event Rackspace receives a court order for customer data that does not adhere to the 4th amendment, Rackspace will oppose the order.”

Rackspace CTO John Engates, who participated in the panel, noted he’s not a lawyer and didn’t know exactly how Rackspace handles such requests, but offered up another solution: build a private cloud. Companies with private clouds could still face government requests for data but releasing that data is under their control. There isn’t a scenario in which their data might be released without their knowledge.

He suggested private clouds could help companies outside of the U.S. that are increasingly concerned about the U.S. government snooping on their data. “Are people concerned about doing business in the U.S. and what the U.S. could do with their data? I think the answer is yes, people do have concerns. It’s something we have to figure out – how to allay the fears about having data transit through the U.S. That’s one reason why people are gravitating to the idea of private clouds,” he said.

At the same time that AWS says it will help resist government pressure, it is also keen to attract government business. Wise declined to offer more details about AWS’s bid to build a cloud for the CIA but he did comment on the fact that the deal would represent a totally new model for AWS because it would involve building an on-premise cloud. “In certain cases we’re open to different models if it meets the needs of customers. There are certain customers where that type of deployment might make sense. We’re open to that but it’s not something we’re doing at scale at this point,” he said.

IBM has challenged the CIA contract with AWS.
http://www.itworld.com/cloud-computi...-requests-data





Google Challenges Surveillance Court on First Amendment Grounds

Google Inc asked the U.S. Foreign Intelligence Surveillance Court on Tuesday to allow it to publish aggregate numbers of national security requests it receives separately from criminal requests, on First Amendment grounds.

In its filing, Google requested the court to allow it to publish the aggregate number of national security requests it receives, including disclosures under the Foreign Intelligence Surveillance Act (FISA), claiming it as part of its First Amendment right to free speech.

"In light of the intense public interest generated by the Guardian's and Post's erroneous articles, and others that have followed them, Google seeks to increase its transparency with users and the public regarding its receipt of national security requests, if any," the Google filing said.

Google's move comes after other tech companies, including Microsoft Corp, Facebook Inc and Apple Inc released limited information about the number of surveillance requests they receive under an agreement they struck with the U.S. government last week.

Under that agreement, the companies were only allowed to disclose aggregate requests for data made by government agencies without showing the split between surveillance and criminal requests, and only for a six-month period.

The companies are scrambling to assert their independence after documents leaked to the Washington Post and the Guardian newspapers suggested they had given the U.S. government "direct access" to their computers as part of a National Security Agency program called Prism.

The disclosures about Prism, and related revelations about broad-based collection of telephone records, have triggered widespread concern and congressional hearings about the scope and extent of the information-gathering.

Google said it asked the U.S. Department of Justice and Federal Bureau of Investigation on June 11 to publish the aggregate number of national security requests, but said it was told such an act would be unlawful.

(Reporting by Bill Rigby; Editing by Richard Chang and Leslie Gevirtz)
http://www.reuters.com/article/2013/...95H19B20130618





Silicon Valley and Spy Agency Bound by Strengthening Web
James Risen and Nick Wingfield

When Max Kelly, the chief security officer for Facebook, left the social media company in 2010, he did not go to Google, Twitter or a similar Silicon Valley concern. Instead the man who was responsible for protecting the personal information of Facebook’s more than one billion users from outside attacks went to work for another giant institution that manages and analyzes large pools of data: the National Security Agency.

Mr. Kelly’s move to the spy agency, which has not previously been reported, underscores the increasingly deep connections between Silicon Valley and the agency and the degree to which they are now in the same business. Both hunt for ways to collect, analyze and exploit large pools of data about millions of Americans.

The only difference is that the N.S.A. does it for intelligence, and Silicon Valley does it to make money.

The disclosure of the spy agency’s program called Prism, which is said to collect the e-mails and other Web activity of foreigners using major Internet companies like Google, Yahoo and Facebook, has prompted the companies to deny that the agency has direct access to their computers, even as they acknowledge complying with secret N.S.A. court orders for specific data.

Yet technology experts and former intelligence officials say the convergence between Silicon Valley and the N.S.A. and the rise of data mining — both as an industry and as a crucial intelligence tool — have created a more complex reality.

Silicon Valley has what the spy agency wants: vast amounts of private data and the most sophisticated software available to analyze it. The agency in turn is one of Silicon Valley’s largest customers for what is known as data analytics, one of the valley’s fastest-growing markets. To get their hands on the latest software technology to manipulate and take advantage of large volumes of data, United States intelligence agencies invest in Silicon Valley start-ups, award classified contracts and recruit technology experts like Mr. Kelly.

“We are all in these Big Data business models,” said Ray Wang, a technology analyst and chief executive of Constellation Research, based in San Francisco. “There are a lot of connections now because the data scientists and the folks who are building these systems have a lot of common interests.”

Although Silicon Valley has sold equipment to the N.S.A. and other intelligence agencies for a generation, the interests of the two began to converge in new ways in the last few years as advances in computer storage technology drastically reduced the costs of storing enormous amounts of data — at the same time that the value of the data for use in consumer marketing began to rise. “These worlds overlap,” said Philipp S. Krüger, chief executive of Explorist, an Internet start-up in New York.

The sums the N.S.A. spends in Silicon Valley are classified, as is the agency’s total budget, which independent analysts say is $8 billion to $10 billion a year.

Despite the companies’ assertions that they cooperate with the agency only when legally compelled, current and former industry officials say the companies sometimes secretly put together teams of in-house experts to find ways to cooperate more completely with the N.S.A. and to make their customers’ information more accessible to the agency. The companies do so, the officials say, because they want to control the process themselves. They are also under subtle but powerful pressure from the N.S.A. to make access easier.

Skype, the Internet-based calling service, began its own secret program, Project Chess, to explore the legal and technical issues in making Skype calls readily available to intelligence agencies and law enforcement officials, according to people briefed on the program who asked not to be named to avoid trouble with the intelligence agencies.

Project Chess, which has never been previously disclosed, was small, limited to fewer than a dozen people inside Skype, and was developed as the company had sometimes contentious talks with the government over legal issues, said one of the people briefed on the project. The project began about five years ago, before most of the company was sold by its parent, eBay, to outside investors in 2009. Microsoft acquired Skype in an $8.5 billion deal that was completed in October 2011.

A Skype executive denied last year in a blog post that recent changes in the way Skype operated were made at the behest of Microsoft to make snooping easier for law enforcement. It appears, however, that Skype figured out how to cooperate with the intelligence community before Microsoft took over the company, according to documents leaked by Edward J. Snowden, a former contractor for the N.S.A. One of the documents about the Prism program made public by Mr. Snowden says Skype joined Prism on Feb. 6, 2011.

Microsoft executives are no longer willing to affirm statements, made by Skype several years ago, that Skype calls could not be wiretapped. Frank X. Shaw, a Microsoft spokesman, declined to comment.

In its recruiting in Silicon Valley, the N.S.A. sends some of its most senior officials to lure the best of the best. No less than Gen. Keith B. Alexander, the agency’s director and the chief of the Pentagon’s Cyber Command, showed up at one of the world’s largest hacker conferences in Las Vegas last summer, looking stiff in an uncharacteristic T-shirt and jeans, to give the keynote speech. His main purpose at Defcon, the conference, was to recruit hackers for his spy agency.

N.S.A. badges are often seen on the lapels of officials at other technology and information security conferences. “They’re very open about their interest in recruiting from the hacker community,” said Jennifer Granick, the director of civil liberties at Stanford Law School’s Center for Internet and Society.

But perhaps no one embodies the tightening relationship between the N.S.A. and the valley more than Kenneth A. Minihan.

A career Air Force intelligence officer, Mr. Minihan was the director of the N.S.A. during the Clinton administration until his retirement in the late 1990s, and then he ran the agency’s outside professional networking organization. Today he is managing director of Paladin Capital Group, a venture capital firm based in Washington that in part specializes in financing start-ups that offer high-tech solutions for the N.S.A. and other intelligence agencies. In effect, Mr. Minihan is an advanced scout for the N.S.A. as it tries to capitalize on the latest technology to analyze and exploit the vast amounts of data flowing around the world and inside the United States.

The members of Paladin’s strategic advisory board include Richard C. Schaeffer Jr., a former N.S.A. executive. While Paladin is a private firm, the American intelligence community has its own in-house venture capital company, In-Q-Tel, financed by the Central Intelligence Agency to invest in high-tech start-ups.

Many software technology firms involved in data analytics are open about their connections to intelligence agencies. Gary King, a co-founder and chief scientist at Crimson Hexagon, a start-up in Boston, said in an interview that he had given talks at C.I.A. headquarters in Langley, Va., about his company’s social media analytics tools.

The future holds the prospect of ever greater cooperation between Silicon Valley and the N.S.A. because data storage is expected to increase at an annual compound rate of 53 percent through 2016, according to the International Data Corporation.

“We reached a tipping point, where the value of having user data rose beyond the cost of storing it,” said Dan Auerbach, a technology analyst with the Electronic Frontier Foundation, an electronic privacy group in San Francisco. “Now we have an incentive to keep it forever.”

Social media sites in the meantime are growing as voluntary data mining operations on a scale that rivals or exceeds anything the government could attempt on its own. “You willingly hand over data to Facebook that you would never give voluntarily to the government,” said Bruce Schneier, a technologist and an author.

James Risen reported from Washington, and Nick Wingfield from Seattle. Kitty Bennett contributed reporting.
https://www.nytimes.com/2013/06/20/t...ening-web.html





First Congress Member Allowed to Read Secret Treaty Says “There Is No National Security Purpose In Keeping This Text Secret … This Agreement Hands The Sovereignty of Our Country Over to Corporate Interests”

Corporations Push to Overrule National Laws

We reported last year:

Democratic Senator Wyden – the head of the committee which is supposed to oversee it – is so furious about the lack of access that he has introduced legislation to force disclosure.

Republican House Oversight Committee Chairman Darrell Issa is so upset by it that he has leaked a document on his website to show what’s going on.

What is everyone so furious about?

An international treaty being negotiated in secret which would not only crack down on Internet privacy much more than SOPA or ACTA, but would actually destroy the sovereignty of the U.S. and all other signatories.

It is called the Trans-Pacific Partnership (TPP).

Wyden is the chairman of the trade committee in the Senate … the committee which is supposed to have jurisdiction over the TPP. Wyden is also on the Senate Intelligence Committee, and so he and his staff have high security clearances and are normally able to look at classified documents.

And yet Wyden and his staff have been denied access to the TPP’s text.


Indeed, the decision to keep the text of TPP secret was itself classified as secret:

(I have also received a tip from a credible inside source that TPP contains provisions which would severely harm America’s national security. Specifically, like some previous, ill-conceived treaties, TPP would allow foreign companies to buy sensitive American assets which could subject us to terror attacks or economic blackmail.)

Yesterday, Congressman Alan Grayson (who knows how to read legislation … he was a successful lawyer before he was elected to Congress, and has written and co-sponsored numerous bills himself including the bill to audit the Federal Reserve and – most recently – the “Mind Your Own Business Act” to stop NSA spying) announced that he had been allowed to read the text of TPP – and that it is an anti-American power grab by big corporations:

Last month, 10,000 of us submitted comments to the United States Trade Representative (USTR), in which we objected to new so-called free trade agreements. We asked that the government not sell out our democracy to corporate interests.

Because of this pressure, the USTR finally let a member of Congress – little ole me, Alan Grayson [anyone who's seen Grayson in action knows that he is formidable] – actually see the text of the Trans-Pacific Partnership (TPP). The TPP is a large, secret trade agreement that is being negotiated with many countries in East Asia and South America.

The TPP is nicknamed “NAFTA on steroids.” Now that I’ve read it, I can see why. I can’t tell you what’s in the agreement, because the U.S. Trade Representative calls it classified. But I can tell you two things about it.

1) There is no national security purpose in keeping this text secret.

2) This agreement hands the sovereignty of our country over to corporate interests.

3) What they can’t afford to tell the American public is that [the rest of this sentence is classified].

***

I will be fighting this agreement with everything I’ve got. And I know you’ll be there every step of the way.

***

Courage,

Congressman Alan Grayson


Grayson also noted:

It is ironic in a way that the government thinks it’s alright to have a record of every single call that an American makes, but not alright for an American citizen to know what sovereign powers the government is negotiating away.

***

Having seen what I’ve seen, I would characterize this as a gross abrogation of American sovereignty. And I would further characterize it as a punch in the face to the middle class of America. I think that’s fair to say from what I’ve seen so far. But I’m not allowed to tell you why!


Remember that one of the best definitions of fascism – the one used by Mussolini – is the “merger of state and corporate power”. Our nation has been moving in that direction for a number of years, where government and giant corporations are becoming more and more intertwined in a malignant, symbiotic relationship. TPP would be the nail in the coffin for free market economics and democracy.
http://www.washingtonsblog.com/2013/...ry-over-t.html





Revealed: the Top Secret Rules that Allow NSA to Use US Data Without a Warrant

Fisa court submissions show broad scope of procedures governing NSA's surveillance of Americans' communication

Document one: procedures used by NSA to target non-US persons
Document two: procedures used by NSA to minimise data collected from US persons

Glenn Greenwald and James Ball

The documents show that discretion as to who is actually targeted lies directly with the NSA's analysts. Photograph: Martin Rogers/Workbook Stock/Getty

Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information "inadvertently" collected from domestic US communications without a warrant.

The Guardian is publishing in full two documents submitted to the secret Foreign Intelligence Surveillance Court (known as the Fisa court), signed by Attorney General Eric Holder and stamped 29 July 2009. They detail the procedures the NSA is required to follow to target "non-US persons" under its foreign intelligence powers and what the agency does to minimize data collected on US citizens and residents in the course of that surveillance.

The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used.

The procedures cover only part of the NSA's surveillance of domestic US communications. The bulk collection of domestic call records, as first revealed by the Guardian earlier this month, takes place under rolling court orders issued on the basis of a legal interpretation of a different authority, section 215 of the Patriot Act.

The Fisa court's oversight role has been referenced many times by Barack Obama and senior intelligence officials as they have sought to reassure the public about surveillance, but the procedures approved by the court have never before been publicly disclosed.

The top secret documents published today detail the circumstances in which data collected on US persons under the foreign intelligence authority must be destroyed, extensive steps analysts must take to try to check targets are outside the US, and reveals how US call records are used to help remove US citizens and residents from data collection.

However, alongside those provisions, the Fisa court-approved policies allow the NSA to:

• Keep data that could potentially contain details of US persons for up to five years;

• Retain and make use of "inadvertently acquired" domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity;

• Preserve "foreign intelligence information" contained within attorney-client communications;

• Access the content of communications gathered from "U.S. based machine[s]" or phone numbers in order to establish if targets are located in the US, for the purposes of ceasing further surveillance.

The broad scope of the court orders, and the nature of the procedures set out in the documents, appear to clash with assurances from President Obama and senior intelligence officials that the NSA could not access Americans' call or email information without warrants.

The documents also show that discretion as to who is actually targeted under the NSA's foreign surveillance powers lies directly with its own analysts, without recourse to courts or superiors – though a percentage of targeting decisions are reviewed by internal audit teams on a regular basis.

Since the Guardian first revealed the extent of the NSA's collection of US communications, there have been repeated calls for the legal basis of the programs to be released. On Thursday, two US congressmen introduced a bill compelling the Obama administration to declassify the secret legal justifications for NSA surveillance.

The disclosure bill, sponsored by Adam Schiff, a California Democrat, and Todd Rokita, an Indiana Republican, is a complement to one proposed in the Senate last week. It would "increase the transparency of the Fisa Court and the state of the law in this area," Schiff told the Guardian. "It would give the public a better understanding of the safeguards, as well as the scope of these programs."

Section 702 of the Fisa Amendments Act (FAA), which was renewed for five years last December, is the authority under which the NSA is allowed to collect large-scale data, including foreign communications and also communications between the US and other countries, provided the target is overseas.

FAA warrants are issued by the Fisa court for up to 12 months at a time, and authorise the collection of bulk information – some of which can include communications of US citizens, or people inside the US. To intentionally target either of those groups requires an individual warrant.

One-paragraph order

One such warrant seen by the Guardian shows that they do not contain detailed legal rulings or explanation. Instead, the one-paragraph order, signed by a Fisa court judge in 2010, declares that the procedures submitted by the attorney general on behalf of the NSA are consistent with US law and the fourth amendment.

Those procedures state that the "NSA determines whether a person is a non-United States person reasonably believed to be outside the United States in light of the totality of the circumstances based on the information available with respect to that person, including information concerning the communications facility or facilities used by that person".

It includes information that the NSA analyst uses to make this determination - including IP addresses, statements made by the potential target, and other information in the NSA databases, which can include public information and data collected by other agencies.

Where the NSA has no specific information on a person's location, analysts are free to presume they are overseas, the document continues.

"In the absence of specific information regarding whether a target is a United States person," it states "a person reasonably believed to be located outside the United States or whose location is not known will be presumed to be a non-United States person unless such person can be positively identified as a United States person."

If it later appears that a target is in fact located in the US, analysts are permitted to look at the content of messages, or listen to phone calls, to establish if this is indeed the case.

Referring to steps taken to prevent intentional collection of telephone content of those inside the US, the document states: "NSA analysts may analyze content for indications that a foreign target has entered or intends to enter the United States. Such content analysis will be conducted according to analytic and intelligence requirements and priorities."

Details set out in the "minimization procedures", regularly referred to in House and Senate hearings, as well as public statements in recent weeks, also raise questions as to the extent of monitoring of US citizens and residents.

NSA minimization procedures signed by Holder in 2009 set out that once a target is confirmed to be within the US, interception must stop immediately. However, these circumstances do not apply to large-scale data where the NSA claims it is unable to filter US communications from non-US ones.

The NSA is empowered to retain data for up to five years and the policy states "communications which may be retained include electronic communications acquired because of limitations on the NSA's ability to filter communications".

Even if upon examination a communication is found to be domestic – entirely within the US – the NSA can appeal to its director to keep what it has found if it contains "significant foreign intelligence information", "evidence of a crime", "technical data base information" (such as encrypted communications), or "information pertaining to a threat of serious harm to life or property".

Domestic communications containing none of the above must be destroyed. Communications in which one party was outside the US, but the other is a US-person, are permitted for retention under FAA rules.

The minimization procedure adds that these can be disseminated to other agencies or friendly governments if the US person is anonymised, or including the US person's identity under certain criteria.

A separate section of the same document notes that as soon as any intercepted communications are determined to have been between someone under US criminal indictment and their attorney, surveillance must stop. However, the material collected can be retained, if it is useful, though in a segregated database:

"The relevant portion of the communication containing that conversation will be segregated and the National Security Division of the Department of Justice will be notified so that appropriate procedures may be established to protect such communications from review or use in any criminal prosecution, while preserving foreign intelligence information contained therein," the document states.

In practice, much of the decision-making appears to lie with NSA analysts, rather than the Fisa court or senior officials.

A transcript of a 2008 briefing on FAA from the NSA's general counsel sets out how much discretion NSA analysts possess when it comes to the specifics of targeting, and making decisions on who they believe is a non-US person. Referring to a situation where there has been a suggestion a target is within the US.

"Once again, the standard here is a reasonable belief that your target is outside the United States. What does that mean when you get information that might lead you to believe the contrary? It means you can't ignore it. You can't turn a blind eye to somebody saying: 'Hey, I think so and so is in the United States.' You can't ignore that. Does it mean you have to completely turn off collection the minute you hear that? No, it means you have to do some sort of investigation: 'Is that guy right? Is my target here?" he says.

"But, if everything else you have says 'no' (he talked yesterday, I saw him on TV yesterday, even, depending on the target, he was in Baghdad) you can still continue targeting but you have to keep that in mind. You can't put it aside. You have to investigate it and, once again, with that new information in mind, what is your reasonable belief about your target's location?"

The broad nature of the court's oversight role, and the discretion given to NSA analysts, sheds light on responses from the administration and internet companies to the Guardian's disclosure of the PRISM program. They have stated that the content of online communications is turned over to the NSA only pursuant to a court order. But except when a US citizen is specifically targeted, the court orders used by the NSA to obtain that information as part of Prism are these general FAA orders, not individualized warrants specific to any individual.

Once armed with these general orders, the NSA is empowered to compel telephone and internet companies to turn over to it the communications of any individual identified by the NSA. The Fisa court plays no role in the selection of those individuals, nor does it monitor who is selected by the NSA.

The NSA's ability to collect and retain the communications of people in the US, even without a warrant, has fuelled congressional demands for an estimate of how many Americans have been caught up in surveillance.

Two US senators, Ron Wyden and Mark Udall – both members of the Senate intelligence committee – have been seeking this information since 2011, but senior White House and intelligence officials have repeatedly insisted that the agency is unable to gather such statistics.
http://www.guardian.co.uk/world/2013...ithout-warrant





NSA Admits Listening to U.S. Phone Calls Without Warrants

National Security Agency discloses in secret Capitol Hill briefing that thousands of analysts can listen to domestic phone calls. That authorization appears to extend to e-mail and text messages too.
Declan McCullagh

The National Security Agency has acknowledged in a new classified briefing that it does not need court authorization to listen to domestic phone calls.

Rep. Jerrold Nadler, a New York Democrat, disclosed this week that during a secret briefing to members of Congress, he was told that the contents of a phone call could be accessed "simply based on an analyst deciding that."

If the NSA wants "to listen to the phone," an analyst's decision is sufficient, without any other legal authorization required, Nadler said he learned. "I was rather startled," said Nadler, an attorney and congressman who serves on the House Judiciary committee.

Not only does this disclosure shed more light on how the NSA's formidable eavesdropping apparatus works domestically, it also suggests the Justice Department has secretly interpreted federal surveillance law to permit thousands of low-ranking analysts to eavesdrop on phone calls.

Because the same legal standards that apply to phone calls also apply to e-mail messages, text messages, and instant messages, Nadler's disclosure indicates the NSA analysts could also access the contents of Internet communications without going before a court and seeking approval.

The disclosure appears to confirm some of the allegations made by Edward Snowden, a former NSA infrastructure analyst who leaked classified documents to the Guardian. Snowden said in a video interview that, while not all NSA analysts had this ability, he could from Hawaii "wiretap anyone from you or your accountant to a federal judge to even the president."

There are serious "constitutional problems" with this approach, said Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation who has litigated warrantless wiretapping cases. "It epitomizes the problem of secret laws."

The NSA yesterday declined to comment to CNET. A representative said Nadler was not immediately available. (This is unrelated to last week's disclosure that the NSA is currently collecting records of the metadata of all domestic Verizon calls, but not the actual contents of the conversations.)

Earlier reports have indicated that the NSA has the ability to record nearly all domestic and international phone calls -- in case an analyst needed to access the recordings in the future. A Wired magazine article last year disclosed that the NSA has established "listening posts" that allow the agency to collect and sift through billions of phone calls through a massive new data center in Utah, "whether they originate within the country or overseas." That includes not just metadata, but also the contents of the communications.

William Binney, a former NSA technical director who helped to modernize the agency's worldwide eavesdropping network, told the Daily Caller this week that the NSA records the phone calls of 500,000 to 1 million people who are on its so-called target list, and perhaps even more. "They look through these phone numbers and they target those and that's what they record," Binney said.

Brewster Kahle, a computer engineer who founded the Internet Archive, has vast experience storing large amounts of data. He created a spreadsheet this week estimating that the cost to store all domestic phone calls a year in cloud storage for data-mining purposes would be about $27 million per year, not counting the cost of extra security for a top-secret program and security clearances for the people involved.

NSA's annual budget is classified but is estimated to be around $10 billion.

Documents that came to light in an EFF lawsuit provide some insight into how the spy agency vacuums up data from telecommunications companies. Mark Klein, who worked as an AT&T technician for over 22 years, disclosed in 2006 that he witnessed domestic voice and Internet traffic being surreptitiously "diverted" through a "splitter cabinet" to secure room 641A in one of the company's San Francisco facilities. The room was accessible only to NSA-cleared technicians.

AT&T and other telecommunications companies that allow the NSA to tap into their fiber links receive absolute immunity from civil liability or criminal prosecution, thanks to a law that Congress enacted in 2008 and renewed in 2012. It's a series of amendments to the Foreign Intelligence Surveillance Act, also known as the FISA Amendments Act.

That law says surveillance may be authorized by the attorney general and director of national intelligence without prior approval by the secret Foreign Intelligence Surveillance Court, as long as minimization requirements and general procedures blessed by the court are followed.

A requirement of the 2008 law is that the NSA "may not intentionally target any person known at the time of acquisition to be located in the United States." A possible interpretation of that language, some legal experts said, is that the agency may vacuum up everything it can domestically -- on the theory that indiscriminate data acquisition was not intended to "target" a specific American citizen.

Rep. Nadler's disclosure that NSA analysts can listen to calls without court orders came during a House Judiciary hearing on Thursday that included FBI director Robert Mueller as a witness.

Mueller initially sought to downplay concerns about NSA surveillance by claiming that, to listen to a phone call, the government would need to seek "a special, a particularized order from the FISA court directed at that particular phone of that particular individual."

Is information about that procedure "classified in any way?" Nadler asked.

"I don't think so," Mueller replied.

"Then I can say the following," Nadler said. "We heard precisely the opposite at the briefing the other day. We heard precisely that you could get the specific information from that telephone simply based on an analyst deciding that...In other words, what you just said is incorrect. So there's a conflict."

Sen. Dianne Feinstein (D-Calif.), the head of the Senate Intelligence committee, separately acknowledged this week that the agency's analysts have the ability to access the "content of a call."

Director of National Intelligence Michael McConnell indicated during a House Intelligence hearing in 2007 that the NSA's surveillance process involves "billions" of bulk communications being intercepted, analyzed, and incorporated into a database.

They can be accessed by an analyst who's part of the NSA's "workforce of thousands of people" who are "trained" annually in minimization procedures, he said. (McConnell, who had previously worked as the director of the NSA, is now vice chairman at Booz Allen Hamilton, Snowden's former employer.)

If it were "a U.S. person inside the United States, now that would stimulate the system to get a warrant," McConnell told the committee. "And that is how the process would work. Now, if you have foreign intelligence data, you publish it [inside the federal government]. Because it has foreign intelligence value."

McConnell said during a separate congressional appearance around the same time that he believed the president had the constitutional authority, no matter what the law actually says, to order domestic spying without warrants.

Former FBI counterterrorism agent Tim Clemente told CNN last month that, in national security investigations, the bureau can access records of a previously made telephone call. "All of that stuff is being captured as we speak whether we know it or like it or not," he said. Clemente added in an appearance the next day that, thanks to the "intelligence community" -- an apparent reference to the NSA -- "there's a way to look at digital communications in the past."

NSA Director Keith Alexander said this week that his agency's analysts abide by the law: "They do this lawfully. They take compliance oversight, protecting civil liberties and privacy and the security of this nation to their heart every day."

But that's not always the case. A New York Times article in 2009 revealed the NSA engaged in significant and systemic "overcollection" of Americans' domestic communications that alarmed intelligence officials. The Justice Department said in a statement at the time that it "took comprehensive steps to correct the situation and bring the program into compliance" with the law.

Jameel Jaffer, director of the ACLU's Center for Democracy, says he was surprised to see the 2008 FISA Amendments Act be used to vacuum up information on American citizens. "Everyone who voted for the statute thought it was about international communications," he said.
http://news.cnet.com/8301-13578_3-57...hout-warrants/





3 NSA Veterans Speak Out On Whistle-Blower: We Told You So

In a roundtable discussion, a trio of former National Security Agency whistle-blowers tell USA TODAY that Edward Snowden succeeded where they failed.
Peter Eisler and Susan Page

When a National Security Agency contractor revealed top-secret details this month on the government's collection of Americans' phone and Internet records, one select group of intelligence veterans breathed a sigh of relief.

Thomas Drake, William Binney and J. Kirk Wiebe belong to a select fraternity: the NSA officials who paved the way.

For years, the three whistle-blowers had told anyone who would listen that the NSA collects huge swaths of communications data from U.S. citizens. They had spent decades in the top ranks of the agency, designing and managing the very data-collection systems they say have been turned against Americans. When they became convinced that fundamental constitutional rights were being violated, they complained first to their superiors, then to federal investigators, congressional oversight committees and, finally, to the news media.

To the intelligence community, the trio are villains who compromised what the government classifies as some of its most secret, crucial and successful initiatives. They have been investigated as criminals and forced to give up careers, reputations and friendships built over a lifetime.

Today, they feel vindicated.

They say the documents leaked by Edward Snowden, the 29-year-old former NSA contractor who worked as a systems administrator, proves their claims of sweeping government surveillance of millions of Americans not suspected of any wrongdoing. They say those revelations only hint at the programs' reach.

On Friday, USA TODAY brought Drake, Binney and Wiebe together for the first time since the story broke to discuss the NSA revelations. With their lawyer, Jesselyn Radack of the Government Accountability Project, they weighed their implications and their repercussions. They disputed the administration's claim of the impact of the disclosures on national security — and President Obama's argument that Congress and the courts are providing effective oversight.

And they have warnings for Snowden on what he should expect next.

Q: Did Edward Snowden do the right thing in going public?

William Binney: We tried to stay for the better part of seven years inside the government trying to get the government to recognize the unconstitutional, illegal activity that they were doing and openly admit that and devise certain ways that would be constitutionally and legally acceptable to achieve the ends they were really after. And that just failed totally because no one in Congress or — we couldn't get anybody in the courts, and certainly the Department of Justice and inspector general's office didn't pay any attention to it. And all of the efforts we made just produced no change whatsoever. All it did was continue to get worse and expand.

Q: So Snowden did the right thing?

Binney: Yes, I think he did.

Q: You three wouldn't criticize him for going public from the start?

J. Kirk Wiebe: Correct.

Binney: In fact, I think he saw and read about what our experience was, and that was part of his decision-making.

Wiebe: We failed, yes.

Jesselyn Radack: Not only did they go through multiple and all the proper internal channels and they failed, but more than that, it was turned against them. ... The inspector general was the one who gave their names to the Justice Department for criminal prosecution under the Espionage Act. And they were all targets of a federal criminal investigation, and Tom ended up being prosecuted — and it was for blowing the whistle.
nsa binney

Q: There's a question being debated whether Snowden is a hero or a traitor.

Binney: Certainly he performed a really great public service to begin with by exposing these programs and making the government in a sense publicly accountable for what they're doing. At least now they are going to have some kind of open discussion like that.

But now he is starting to talk about things like the government hacking into China and all this kind of thing. He is going a little bit too far. I don't think he had access to that program. But somebody talked to him about it, and so he said, from what I have read, anyway, he said that somebody, a reliable source, told him that the U.S. government is hacking into all these countries. But that's not a public service, and now he is going a little beyond public service.

So he is transitioning from whistle-blower to a traitor.

Thomas Drake: He's an American who has been exposed to some incredible information regarding the deepest secrets of the United States government. And we are seeing the initial outlines and contours of a very systemic, very broad, a Leviathan surveillance state and much of it is in violation of the fundamental basis for our own country — in fact, the very reason we even had our own American Revolution. And the Fourth Amendment for all intents and purposes was revoked after 9/11. ...

He is by all definitions a classic whistle-blower and by all definitions he exposed information in the public interest. We're now finally having the debate that we've never had since 9/11.

Radack: "Hero or traitor?" was the original question. I don't like these labels, and they are putting people into categories of two extremes, villain or saint. ... By law, he fits the legal definition of a whistle-blower. He is someone who exposed broad waste, abuse and in his case illegality. ... And he also said he was making the disclosures for the public good and because he wanted to have a debate.

Q: James Clapper, the director of national intelligence, said Snowden's disclosures caused "huge, grave damage" to the United States. Do you agree?

Wiebe: No, I do not. I do not. You know, I've asked people: Do you generally believe there's government authorities collecting information about you on the Net or your phone? "Oh, of course." No one is surprised.

There's very little specificity in the slides that he made available (describing the PRISM surveillance program). There is far more specificity in the FISA court order that is bothersome.

Q: Did foreign governments, terrorist organizations, get information they didn't have already?

Binney: Ever since ... 1997-1998 ... those terrorists have known that we've been monitoring all of these communications all along. So they have already adjusted to the fact that we are doing that. So the fact that it is published in the U.S. news that we're doing that, has no effect on them whatsoever. They have already adjusted to that.

Radack: This comes up every time there's a leak. ... In Tom's case, Tom was accused of literally the blood of soldiers would be on his hands because he created damage. I think the exact words were, "When the NSA goes dark, soldiers die." And that had nothing to do with Tom's disclosure at all, but it was part of the fear mongering that generally goes with why we should keep these things secret.

Q: What did you learn from the document — the Verizon warrant issued by the Foreign Intelligence Surveillance Court — that Snowden leaked?

Drake: It's an extraordinary order. I mean, it's the first time we've publicly seen an actual, secret, surveillance-court order. I don't really want to call it "foreign intelligence" (court) anymore, because I think it's just become a surveillance court, OK? And we are all foreigners now. By virtue of that order, every single phone record that Verizon has is turned over each and every day to NSA.

There is no probable cause. There is no indication of any kind of counterterrorism investigation or operation. It's simply: "Give us the data." ...

There's really two other factors here in the order that you could get at. One is that the FBI requesting the data. And two, the order directs Verizon to pass all that data to NSA, not the FBI.

Binney: What it is really saying is the NSA becomes a processing service for the FBI to use to interrogate information directly. ... The implications are that everybody's privacy is violated, and it can retroactively analyze the activity of anybody in the country back almost 12 years.

Now, the other point that is important about that is the serial number of the order: 13-dash-80. That means it's the 80th order of the court in 2013. ... Those orders are issued every quarter, and this is the second quarter, so you have to divide 80 by two and you get 40.

If you make the assumption that all those orders have to deal with companies and the turnover of material by those companies to the government, then there are at least 40 companies involved in that transfer of information. However, if Verizon, which is Order No. 80, and the first quarter got order No. 1 — then there can be as many as 79 companies involved.

So somewhere between 40 and 79 is the number of companies, Internet and telecom companies, that are participating in this data transfer in the NSA.

Radack: I consider this to be an unlawful order. While I am glad that we finally have something tangible to look at, this order came from the Foreign Intelligence Surveillance Court. They have no jurisdiction to authorize domestic-to-domestic surveillance.

Binney: Not surprised, but it's documentation that can't be refuted.

Wiebe: It's formal proof of our suspicions.

Q: Even given the senior positions that you all were in, you had never actually seen one of these?

Drake: They're incredibly secret. It's a very close hold. ... It's a secret court with a secret appeals court. They are just not widely distributed, even in the government.

Q: What was your first reaction when you saw it?

Binney: Mine was that it's documentary evidence of what we have been saying all along, so they couldn't deny it.

Drake: For me, it was material evidence of an institutional crime that we now claim is criminal.

Binney: Which is still criminal.

Wiebe: It's criminal.

Q: Thomas Drake, you worked as a contractor for the NSA for about a decade before you went on staff there. Were you surprised that a 29-year-old contractor based in Hawaii was able to get access to the sort of information that he released?

Drake: It has nothing to do with being 29. It's just that we are in the Internet age and this is the digital age. So, so much of what we do both in private and in public goes across the Internet. Whether it's the public Internet or whether it's the dark side of the Internet today, it's all affected the same in terms of technology. ...

One of the critical roles in the systems is the system administrator. Someone has to maintain it. Someone has to keep it running. Someone has to maintain the contracts.

Binney: Part of his job as the system administrator, he was to maintain the system. Keep the databases running. Keep the communications working. Keep the programs that were interrogating them operating. So that meant he was like a super-user. He could go on the network or go into any file or any system and change it or add to it or whatever, just to make sure — because he would be responsible to get it back up and running if, in fact, it failed.

So that meant he had access to go in and put anything. That's why he said, I think, "I can even target the president or a judge." If he knew their phone numbers or attributes, he could insert them into the target list which would be distributed worldwide. And then it would be collected, yeah, that's right. As a super-user, he could do that.

Three former whistle-blowers discuss whether Edward Snowden could tap the president's phone and about what it means to be a "super-user" with USA TODAY reporters Susan Page and Peter Eisler.

Q: As he said, he could tap the president's phone?

Binney: As a super-user and manager of data in the data system, yes, they could go in and change anything.

Q: At a Senate hearing in March, Oregon Democratic Sen. Ron Wyden asked the director of national intelligence, James Clapper, if there was mass data collection of Americans. He said "no." Was that a lie?

Drake: This is incredible dissembling. We're talking about the oversight committee, unable to get a straight answer because if the straight answer was given it would reveal the perfidy that's actually going on inside the secret side of the government.

Q: What should Clapper have said?

Binney: He should have said, "I can't comment in an open forum."

Wiebe:Yeah, that's right.

Q: Does Congress provide effective oversight for these programs?

Radack: Congress has been a rubber stamp, basically, and the judicial branch has been basically shut down from hearing these lawsuits because every time they do they are told that the people who are challenging these programs either have no standing or (are covered by) the state secrets privilege, and the government says that they can't go forward. So the idea that we have robust checks and balances on this is a myth.

Binney: But the way it's set up now, it's a joke. I mean, it can't work the way it is because they have no real way of seeing into what these agencies are doing. They are totally dependent on the agencies briefing them on programs, telling them what they are doing. And as long as the agencies tell them, they will know. If they don't tell them, they don't know. And that's what's been going on here.

And the only way they really could correct that is to create billets on these committees and integrate people in these agencies so they can go around every day and watch what is happening and then feed back the truth as to what's going on, instead of the story that they get from the NSA or other agencies. ...

Even take the FISA court, for example. The judges signed that order. I mean, I am sure they (the FBI) swore on an affidavit to the judge, "These are the reasons why," but the judge has no foundation to challenge anything that they present to him. What information does the judge have to make a decision against them? I mean, he has absolutely nothing. So that's really not an oversight.

Radack: The proof is in the pudding. Last year alone, in 2012, they approved 1,856 applications and they denied none. And that is typical from everything that has happened in previous years. ... I know the government has been asserting that all of this is kosher and legitimate because the FISA court signed off on it. The FISA court is a secret court — operates in secret. There is only one side and has rarely disapproved anything.

Three former NSA whistle-blowers discuss whether there is effective oversight on intelligence-gathering with USA TODAY reporters Susan Page and Peter Eisler.

Q: Do you think President Obama fully knows and understands what the NSA is doing?

Binney: No. I mean, it's obvious. I mean, the Congress doesn't either. I mean, they are all being told what I call techno-babble ... and they (lawmakers) don't really don't understand what the NSA does and how it operates. Even when they get briefings, they still don't understand.

Radack: Even for people in the know, I feel like Congress is being misled.

Binney: Bamboozled.

Radack: I call it perjury.

Q: What should Edward Snowden expect now?

Binney: Well, first of all, I think he should expect to be treated just like Bradley Manning (an Army private now being court-martialed for leaking documents to WikiLeaks). The U.S. government gets ahold of him, that's exactly the way he will be treated.

Q: He'll be prosecuted?

Binney: First tortured, then maybe even rendered and tortured and then incarcerated and then tried and incarcerated or even executed.

Wiebe: Now there is another possibility, that a few of the good people on Capitol Hill — the ones who say the threat is much greater than what we thought it was — will step forward and say give this man an honest day's hearing. You know what I mean. Let's get him up here. Ask him to verify, because if he is right — and all pointers are that he was — all he did was point to law-breaking. What is the crime of that?

Drake: But see, I am Exhibit No. 1. ...You know, I was charged with 10 felony counts. I was facing 35 years in prison. This is how far the state will go to punish you out of retaliation and reprisal and retribution. ... My life has been changed. It's been turned inside, upside down. I lived on the blunt end of the surveillance bubble. ... When you are faced essentially with the rest of your life in prison, you really begin to understand and appreciate more so than I ever have — in terms of four times I took the oath to support the Constitution — what those rights and freedoms really mean. ...

Believe me, they are going to put everything they have got to get him. I think there really is a risk. There is a risk he will eventually be pulled off the street.

Q: What do you mean?

Drake: Well, fear of rendition. There is going to be a team sent in.

Radack: We have already unleashed the full force of the entire executive branch against him and are now doing a worldwide manhunt to bring him in — something more akin to what we would do for Osama bin Laden. And I know for a fact, if we do get him, he would definitely face Espionage Act charges, as other people have who have exposed information of government wrongdoing. And I heard a number of people in Congress (say) he would also be charged with treason.

These are obviously the most serious offenses that can be leveled against an American. And the people who so far have faced them and have never intended to harm the U.S. or benefit the foreign nations have always wanted to go public. And they face severe consequences as a defector. That's why I understand why he is seeking asylum. I think he has a valid fear.

Wiebe: We are going to find out what kind of country we are, what have we become, what do we want to be.

Q: What would you say to him?

Binney: I would tell him to steer away from anything that isn't a public service — like talking about the ability of the U.S. government to hack into other countries or other people is not a public service. So that's kind of compromising capabilities and sources and methods, basically. That's getting away from the public service that he did initially. And those would be the acts that people would charge him with as clearly treason.

Drake: Well, I feel extraordinary kinship with him, given what I experienced at the hands of the government. And I would just tell him to ensure that he's got a support network that I hope is there for him and that he's got the lawyers necessary across the world who will defend him to the maximum extent possible and that he has a support-structure network in place. I will tell you, when you exit the surveillance-state system, it's a pretty lonely place — because it had its own form of security and your job and family and your social network. And all of a sudden, you are on the outside now in a significant way, and you have that laser beam of the surveillance state turning itself inside out to find and learn everything they can about you.

Wiebe: I think your savior in all of this is being able to honestly relate to the principles embedded in the Constitution that are guiding your behavior. That's where really — rubber meets the road, at that point.

Radack: I would thank him for taking such a huge personal risk and giving up so much of his life and possibly facing the loss of his life or spending it in jail. Thank him for doing that to try to help our country save it from itself in terms of exposing dark, illegal, unethical, unconstitutional conduct that is being done against millions and millions of people.

Drake: I actually salute him. I will say it right here. I actually salute him, given my experience over many, many years both inside and outside the system. Remember, I saw what he saw. I want to re-emphasize that. What he did was a magnificent act of civil disobedience. He's exposing the inner workings of the surveillance state. And it's in the public interest. It truly is.

Wiebe: Well, I don't want anyone to think that he had an alternative. No one should (think that). There is no path for intelligence-community whistle-blowers who know wrong is being done. There is none. It's a toss of the coin, and the odds are you are going to be hammered.

Q: Is there a way to collect this data that is consistent with the Fourth Amendment, the constitutional protection against unreasonable search and seizure?

Binney: Two basic principles you have to use. ... One is what I call the two-degree principle. If you have a terrorist talking to somebody in the United States — that's the first degree away from the terrorist. And that could apply to any country in the world. And then the second degree would be who that person in the United States talked to. So that becomes your zone of suspicion.

And the other one (principle) is you watch all the jihadi sites on the Web and who's visiting those jihadi sites, who has an interest in the philosophy being expressed there. And then you add those to your zone of suspicion.

Everybody else is innocent — I mean, you know, of terrorism, anyway.

Wiebe: Until they're somehow connected to this activity.

Binney: You pull in all the contents involving (that) zone of suspicion and you throw all the rest of it away. You can keep the attributes of all the communicants in the other parts of the world, the rest of the 7 billion people, right? And you can then encrypt it so that nobody can interrogate that base randomly.

That's the way of preventing this kind of random access by a contractor or by the FBI or any other DHS (Department of Homeland Security) or any other department of government. They couldn't go in and find anybody. You couldn't target your next-door neighbor. If you went in with his attributes, they're encrypted. ... So unless they are in the zone of suspicion, you won't see any content on anybody and you won't see any attributes in the clear. ...

It's all within our capabilities.

Drake: It's been within our capabilities for well over 12 years.

Wiebe: Bill and I worked on a government contract for a contractor not too far from here. And when we showed him the concept of how this privacy mechanism that Bill just described to you — the two degrees, the encryption and hiding of identities of innocent people — he said, "Nobody cares about that." I said, "What do you mean?"

This man was in a position to know a lot of government people in the contracting and buying of capabilities. He said. "Nobody cares about that."

Drake: This (kind of surveillance) is all unnecessary. It is important to note that the very best of American ingenuity and inventiveness, creativity, had solved the major challenge problem the NSA faced: How do you make sense of vast amounts of data, provide the information you need to protect the nation, while also protecting the fundamental rights that are enshrined in the Constitution?

The government in secret decided — willfully and deliberately — that that was no longer necessary after 9/11. So they said, you know what, hey, for the sake of security we are going to draw that line way, way over. And if it means eroding the liberties and freedoms of Americans and others, hey, so be it because that's what's most important. But this was done without the knowledge of the American people.

Q: Would it make a difference if contractors weren't used?

Wiebe: I don't think so. They are human beings. You know, look at what's going on with the IRS and the Tea Party. You know, there (are) human beings involved. We are all human beings — contractors, NSA government employees. We are all human beings. We undergo clearance checks, background investigations that are extensive and we are all colors, ages and religions. I mean this is part of the American fabric.

Binney: But when it comes to these data, the massive data information collecting on U.S. citizens and everything in the world they can, I guess the real problem comes with trust. That's really the issue. The government is asking for us to trust them.

It's not just the trust that you have to have in the government. It's the trust you have to have in the government employees, (that) they won't go in the database — they can see if their wife is cheating with the neighbor or something like that. You have to have all the trust of all the contractors who are parts of a contracting company who are looking at maybe other competitive bids or other competitors outside their — in their same area of business. And they might want to use that data for industrial intelligence gathering and use that against other companies in other countries even. So they can even go into a base and do some industrial espionage. So there is a lot of trust all around and the government, most importantly, the government has no way to check anything that those people are doing.

Q: So Snowden's ability to access information wasn't an exception?

Binney: And they didn't know he was doing (it). ... That's the point, right? ...They should be doing that automatically with code, so the instant when anyone goes into that base with a query that they are not supposed to be doing, they should be flagged immediately and denied access. And that could be done with code.

But the government is not doing that. So that's the greatest threat in this whole affair.

Wiebe: And the polygraph that is typically given to all people, government employees and contractors, never asks about integrity. Did you give an honest day's work for your pay? Do you feel like you are doing important and proper work? Those things never come up. It's always, "Do you have any association with a terrorist?" Well, everybody can pass those kinds of questions. But, unfortunately, we have a society that is quite willing to cheat.

Editor's note: Excerpts have been edited for length and clarity.
http://www.usatoday.com/story/news/p...table/2428809/





Investigate Booz Allen Hamilton, Not Edward Snowden

The firm that formerly employed both the director of national intelligence and the NSA whistleblower merits closer scrutiny
Pratap Chatterjee

Military contractor Booz Allen Hamilton of McLean, Virginia, has shot into the news recently over two of its former employees: Edward Snowden, the whistleblower who has just revealed the extent of US global spying on electronic data of ordinary citizens around the world, and James Clapper, US director of national intelligence.

Clapper has come out vocally to condemn Snowden as a traitor to the public interest and the country, yet a review of Booz Allen's own history suggests that the government should be investigating his former employer, rather than the whistleblower.

Clapper worked as vice-president at Booz Allen from 1997 to 1998, while Snowden did a three-month stint at their offices in Hawaii in spring 2013 as a low-level contract employee. Both worked on intelligence contracts, which are estimated to make up almost a quarter of the company's $5.86bn in annual income. This past weekend, Clapper condemned Snowden's leak about US government surveillance, telling NBC News's Andrea Mitchell:

"For me, it is literally – not figuratively – literally gut-wrenching to see this happen because of the huge, grave damage it does to our intelligence capabilities. This is someone who, for whatever reason, has chosen to violate a sacred trust for this country. I think we all feel profoundly offended by that."

The following day Snowden replied from a hotel in Hong Kong, in an interview with Glenn Greenwald of the Guardian:

"The government has granted itself power it is not entitled to. There is no public oversight. I realised that I was part of something that was doing far more harm than good."

Booz Allen reacted with anger in a press statement released hours later:

"News reports that this individual has claimed to have leaked classified information are shocking, and if accurate, this action represents a grave violation of the code of conduct and core values of our firm."

Core values? Let's examine Booz Allen Hamilton's track record.

In February 2012, the US air force suspended Booz Allen from seeking government contracts after it discovered that Joselito Meneses, a former deputy chief of information technology for the air force, had given Booz Allen a hard drive with confidential information about a competitor's contracting on the first day that he went to work for the company in San Antonio, Texas. US air force legal counsel concluded:

"Booz Allen did not uncover indications and signals of broader systemic ethical issues within the firm. These events caused the air force to have serious concerns regarding the responsibility of Booz Allen, specifically, its San Antonio office, including its business integrity and honesty, compliance with government contracting requirements, and the adequacy of its ethics program."

It should be noted that Booz Allen reacted swiftly to the government investigation of the conflict of interest. In April that year, the air force lifted the suspension – but only after Booz Allen had accepted responsibility for the incident and fired Meneses, as well as agreeing to pay the air force $65,000 and reinforce the firm's ethics policy.

Not everybody was convinced about the new regime. "Unethical behavior brought on by the revolving door created problems for Booz Allen, but now the revolving door may have come to the rescue," wrote Scott Amey of the Project on Government Oversight, noting that Meneses was not the only former air force officer who had subsequently become an executive in Booz Allen's San Antonio office.

"It couldn't hurt having [former AF people]. Booz is likely exhaling a sigh of relief as it has received billions of dollars in air force contracts over the years."

Booz Allen has also admitted to overbilling the National Aeronautics and Space Administration (Nasa) "employees at higher job categories than would have been justified by their experience, inflating their monthly hours and submitting excessive billing at their off-site rate." The company repaid the government $325,000 in May 2009 to settle the charges. Incidentally, both the Nasa and the air force incidents were brought to light by a company whistleblower who informed the government.

Nor was this the first time Booz Allen had been caught overbilling. In 2006, the company was one of four consulting firms that settled with the Justice Department for fiddling expenses on an industrial scale. Booz Allen's share of the $15m settlement of a lawsuit under the False Claims Act was more than $3.3m.

The incidents described above could be dismissed as aberrations. What is worthy of note, however, is that Ralph Shrader, the chairman, CEO and president of Booz Allen, came to the company in 1974 after working at two telecommunications companies – Western Union, where he was national director of advanced systems planning, and RCA, where he served in the company's government communications system division.

Today, those names may not ring a bell, but these two companies took part in a secret surveillance program known as Minaret in the 1970s when they agreed to hand over to the National Security Agency (NSA) all incoming and outgoing US telephone calls and telegrams. In an interview with the Financial Times in 1998, Shrader noted that the most relevant background for his new position of chief executive at Booz Allen was his experience working for telecommunications clients and doing classified military work for the US government.

Minaret and other such snooping programs led to an explosive series of congressional hearings in 1970s named the Senate select committee to study governmental operations with respect to intelligence activities, chaired by Frank Church of Idaho in 1975.

Should the latest revelations of massive government surveillance come before Congress again, it might be worth probing Shrader and his company – rather than shooting the messenger, Edward Snowden.

Finally, Congress would also do well to investigate Clapper, Booz Allen's other famous former employee, for possible perjury when he replied: "No, sir" to Senator Ron Wyden of Oregon in March, when asked:

"Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?"
http://www.guardian.co.uk/commentisf...ate-booz-allen





IRS Tracks Your Digital Footprint

The IRS has quietly upgraded its technology so tax collectors can track virtually everything people do online.
Richard Satran

The Internal Revenue Service is collecting a lot more than taxes this year -- it's also acquiring a huge volume of personal information on taxpayers' digital activities, from eBay auctions to Facebook posts and, for the first time ever, credit card and e-payment transaction records, as it expands its search for tax cheats to places it's never gone before.

The IRS, under heavy pressure to help Washington out of its budget quagmire by chasing down an estimated $300 billion in revenue lost to evasions and errors each year, will start using "robo-audits" of tax forms and third-party data the IRS hopes will help close this so-called "tax gap." But the agency reveals little about how it will employ its vast, new network scanning powers.

Tax lawyers and watchdogs are concerned about the sweeping changes being implemented with little public discussion or clear guidelines, and Congressional staff sources say the IRS use of "big data" will be a key issue when the next IRS chief comes to the Senate for approval. Acting commissioner Steven T. Miller replaced Douglas Shulman last November.

"It's well-known in the tax community, but not many people outside of it are aware of this big expansion of data and computer use," says Edward Zelinsky, a tax law expert and professor at Benjamin N. Cardozo School of Law and Yale Law School. "I am sure people will be concerned about the use of personal information on databases in government, and those concerns are well-taken. It's appropriate to watch it carefully. There should be safeguards." He adds that taxpayers should know that whatever people do and say electronically can and will be used against them in IRS enforcement.

IRS's big data tracking

Consumers are already familiar with Internet "cookies" that track their movements and send them targeted ads that follow them to different websites. The IRS has brought in private industry experts to employ similar digital tracking -- but with the added advantage of access to Social Security numbers, health records, credit card transactions and many other privileged forms of information that marketers don't see.

"Private industry would be envious if they knew what our models are," boasted Dean Silverman, the agency's high-tech top gun who heads a group recruited from the private sector to update the IRS, in a comment reported in trade publications. The IRS did not respond to a request for an interview.

In trade presentations and public documents, the agency has said it will use a massively parallel computer system that can analyze data from different networks to find irregularities and suspicious activities.

Much of the work already has been automated to process and analyze electronic tax returns in current "robo-audits" that flag unusual behavior patterns. With IRS audit staff reduced by budget cuts this year, the agency will be forced to rely on computer-generated audits more than ever.

The agency declined to comment on how it will use its new technology. But agency officials have been outlining plans at industry conferences, working with IBM, EMC and other private-sector specialists. In presentations, officials have said they may use the big data for:

• Charting and analyzing social media such as Facebook.
• Targeting audits by matching tax filings to social media or electronic payments.
• Tracking individual Internet addresses and emailing patterns.
• Sorting data in 32,000 categories of metadata and 1 million unique "attributes."
• Machine learning across "neural" networks.
• Statistical and agent-based modeling.
• Relationship analysis based on Social Security numbers and other personal identifiers.

Officials have said much of the data will be used only for research. The agency's economic forecasts and data are a key part of Washington's budget infrastructure. Former commissioner Douglas Shulman said in an IRS statement that the technology will employ "billions of pieces of data" to target enforcement and to "detect and combat noncompliance."

U.S. Tax Court records show that information gathered from Facebook and eBay postings have been used by the IRS in defending tax challenges. Under a Freedom of Information Act disclosure obtained by privacy advocates at the Electronic Frontier Foundation, the group published the IRS's 38-page manual used to train auditors to search Internet addresses, Facebook postings and other social media to back audit enforcements.

In practice, the third-party data has been used only if the irregular returns merit more attention. In one much-cited example, IRS officials talk about prisoners who were filing false claims for energy tax credits for window replacements.

The agency, wary of public opinion about invasive audit practices, has pulled back from using so-called "social audits," which, for example, might single out horse-racing enthusiasts or sailboaters for special attention. But by screening existing data for one million unique attributes, the agency can quietly create a DNA-like code to understand the economic behavior of any individual.

The IRS last year used a profiling test model to study 1,500 tax preparers with histories of reporting deficiencies and managed to recover $200 million. It cited the experience as proof that its data analysis works. Early this year, however, a new set of rules it developed for tax preparers was thrown out by a federal court who said the agency had overstepped its mandate. The IRS would not comment on whether the rules were based on its new screening tools.
http://money.msn.com/credit-rating/i...print#scpshrtu





Facebook Starts Swedish Servers Amid NSA Fears

Facebook officially opened its new mammoth server hall in far northern Sweden on Wednesday, with representatives downplaying concerns stemming from the NSA spying scandal, proclaiming the facility would operate under Swedish law.

A tour of the Luleå server hall, Facebook's first outside of the US, was put on for a handful of journalists from several countries. Facebook representatives on hand refused to comment on allegations that the US government is spying on internet users through channels that include Facebook.

"I refer you to the statement that was made by Facebook last week about this, that's all we have to say about it," Jay Parikh, vice president of Facebook's infrastructure, told the TT news agency.

In the statement he referred to, Facebook founder Mark Zuckerberg denied his company had any connection to the US spying scandal that emerged last week.

The data mining programme, referred to as "Prism" was leaked to the media by a former US government contract worker, and was to give the NSA and the FBI access to systems belonging to nine of the world's major internet players, including Facebook, Google, and Skype, according to reports by The Guardian and The Washington Post.

Each company has denied the allegations.

"Facebook is not and has never been part of any programme to give the US or any other government direct access to our servers. We have never received a blanket request or court order from any government agency asking for information or metadata in bulk (...) and if we did, we would fight it aggressively," Zuckerberg said in a statement soon after.

While the Facebook spokesperson in Luleå refused to comment on the matter from a Swedish perspective, representatives from the Swedish government underlined that Swedish law still applied at the server hall.

Marita Ljung from Sweden's ministry of enterprise added that Sweden puts a great value on people's personal privacy.

The server hall in Luleå will handle information from Facebook's 350 million users in Europe. In a statement, the data centre claimed that it would likely be one of the most efficient and sustainable on earth. The equipment inside is powered by locally generated hydro-electric energy that is 100 percent renewable.

"In addition to harnessing the power of water, we are using the chilly Nordic air to cool the thousands of servers that store your photos, videos, comments, and Likes," the centre wrote on its Facebook page.

"Any excess heat that is produced is used to keep our office warm."
http://www.thelocal.se/48460/20130612/





It’s Your Stuff – Guaranteed!

Most of the big cloud storage players in the world are U.S.-based. You may think that your files are safe and private when stored with the big guys. Well, you may be wrong.

Yes, some of these companies have a local subsidiary that store data in European datacenters, but the problem is this:

U.S. law enforcement could use the USA PATRIOT Act on a U.S.-based organisation, like Microsoft, Google, Dropbox or Amazon, for example, to force its local subsidiary companies across the world into handing over user data to U.S. authorities.

With the recent revelations made by Edward Snowden, of the PRISM program run by the U.S government, this threat seems bigger and more frightening than ever.

Jottacloud is a Norwegian company with Norwegian owners, and we operate under Norwegian privacy laws. We store all your files in Norway.

As a result, our users are protected against U.S. legislation, which arguably infringe the freedom and liberties of both U.S and non-U.S. citizens.

That makes Jottacloud great for people who want an alternative to U.S. based cloud services like SkyDrive, Dropbox and iCloud.

With our unique position, located in Norway, we are now issuing a guarantee for your privacy. Starting today, this is our Privacy Guarantee:

The Jottacloud Privacy Guarantee

• We will store your data in Norway, or a country with similar or stricter privacy laws
• We will operate under Norwegian jurisdiction
• We will not monitor what you store on Jottacloud
• We will not hand over user data to authorities unless a warrant issued by the Norwegian court of law is presented
• We will not exchange, store or process user data at a third party service like Amazon
• Our employees will not open, access or read your files without your written consent
• Our employees must sign non-disclosure agreements
• We will delete all your user data when you terminate your account

We care about privacy. In Norway, privacy stands firm like the mighty mountains of Jotunheimen. In the U.S, on the other hand, privacy rights seem to float like the Mississippi river.

It’s your stuff and it’s safe! Jottacloud guarantees it! And our servers are powered by green energy – Jottacloud guarantees that as well. Be safe!
http://www.jottacloud.com/its-your-stuff-guaranteed/





GCHQ Intercepted Foreign Politicians' Communications at G20 Summits

Exclusive: phones were monitored and fake internet cafes set up to gather information from allies in London in 2009
Ewen MacAskill, Nick Davies, Nick Hopkins, Julian Borger and James Ball

Foreign politicians and officials who took part in two G20 summit meetings in London in 2009 had their computers monitored and their phone calls intercepted on the instructions of their British government hosts, according to documents seen by the Guardian. Some delegates were tricked into using internet cafes which had been set up by British intelligence agencies to read their email traffic.

The revelation comes as Britain prepares to host another summit on Monday – for the G8 nations, all of whom attended the 2009 meetings which were the object of the systematic spying. It is likely to lead to some tension among visiting delegates who will want the prime minister to explain whether they were targets in 2009 and whether the exercise is to be repeated this week.

The disclosure raises new questions about the boundaries of surveillance by GCHQ and its American sister organisation, the National Security Agency, whose access to phone records and internet data has been defended as necessary in the fight against terrorism and serious crime. The G20 spying appears to have been organised for the more mundane purpose of securing an advantage in meetings. Named targets include long-standing allies such as South Africa and Turkey.

There have often been rumours of this kind of espionage at international conferences, but it is highly unusual for hard evidence to confirm it and spell out the detail. The evidence is contained in documents – classified as top secret – which were uncovered by the NSA whistleblower Edward Snowden and seen by the Guardian. They reveal that during G20 meetings in April and September 2009 GCHQ used what one document calls "ground-breaking intelligence capabilities" to intercept the communications of visiting delegations.

This included:

• Setting up internet cafes where they used an email interception programme and key-logging software to spy on delegates' use of computers;

• Penetrating the security on delegates' BlackBerrys to monitor their email messages and phone calls;

• Supplying 45 analysts with a live round-the-clock summary of who was phoning who at the summit;

• Targeting the Turkish finance minister and possibly 15 others in his party;

• Receiving reports from an NSA attempt to eavesdrop on the Russian leader, Dmitry Medvedev, as his phone calls passed through satellite links to Moscow.

The documents suggest that the operation was sanctioned in principle at a senior level in the government of the then prime minister, Gordon Brown, and that intelligence, including briefings for visiting delegates, was passed to British ministers.

A briefing paper dated 20 January 2009 records advice given by GCHQ officials to their director, Sir Iain Lobban, who was planning to meet the then foreign secretary, David Miliband. The officials summarised Brown's aims for the meeting of G20 heads of state due to begin on 2 April, which was attempting to deal with the economic aftermath of the 2008 banking crisis. The briefing paper added: "The GCHQ intent is to ensure that intelligence relevant to HMG's desired outcomes for its presidency of the G20 reaches customers at the right time and in a form which allows them to make full use of it." Two documents explicitly refer to the intelligence product being passed to "ministers".

According to the material seen by the Guardian, GCHQ generated this product by attacking both the computers and the telephones of delegates.

One document refers to a tactic which was "used a lot in recent UK conference, eg G20". The tactic, which is identified by an internal codeword which the Guardian is not revealing, is defined in an internal glossary as "active collection against an email account that acquires mail messages without removing them from the remote server". A PowerPoint slide explains that this means "reading people's email before/as they do".

The same document also refers to GCHQ, MI6 and others setting up internet cafes which "were able to extract key logging info, providing creds for delegates, meaning we have sustained intelligence options against them even after conference has finished". This appears to be a reference to acquiring delegates' online login details.

Another document summarises a sustained campaign to penetrate South African computers, recording that they gained access to the network of their foreign ministry, "investigated phone lines used by High Commission in London" and "retrieved documents including briefings for South African delegates to G20 and G8 meetings". (South Africa is a member of the G20 group and has observer status at G8 meetings.)

A detailed report records the efforts of the NSA's intercept specialists at Menwith Hill in North Yorkshire to target and decode encrypted phone calls from London to Moscow which were made by the Russian president, Dmitry Medvedev, and other Russian delegates.

Other documents record apparently successful efforts to penetrate the security of BlackBerry smartphones: "New converged events capabilities against BlackBerry provided advance copies of G20 briefings to ministers … Diplomatic targets from all nations have an MO of using smartphones. Exploited this use at the G20 meetings last year."

The operation appears to have run for at least six months. One document records that in March 2009 – the month before the heads of state meeting – GCHQ was working on an official requirement to "deliver a live dynamically updating graph of telephony call records for target G20 delegates … and continuing until G20 (2 April)."

Another document records that when G20 finance ministers met in London in September, GCHQ again took advantage of the occasion to spy on delegates, identifying the Turkish finance minister, Mehmet Simsek, as a target and listing 15 other junior ministers and officials in his delegation as "possible targets". As with the other G20 spying, there is no suggestion that Simsek and his party were involved in any kind of criminal offence. The document explicitly records a political objective – "to establish Turkey's position on agreements from the April London summit" and their "willingness (or not) to co-operate with the rest of the G20 nations".

The September meeting of finance ministers was also the subject of a new technique to provide a live report on any telephone call made by delegates and to display all of the activity on a graphic which was projected on to the 15-sq-metre video wall of GCHQ's operations centre as well as on to the screens of 45 specialist analysts who were monitoring the delegates.

"For the first time, analysts had a live picture of who was talking to who that updated constantly and automatically," according to an internal review.

A second review implies that the analysts' findings were being relayed rapidly to British representatives in the G20 meetings, a negotiating advantage of which their allies and opposite numbers may not have been aware: "In a live situation such as this, intelligence received may be used to influence events on the ground taking place just minutes or hours later. This means that it is not sufficient to mine call records afterwards – real-time tip-off is essential."

In the week after the September meeting, a group of analysts sent an internal message to the GCHQ section which had organised this live monitoring: "Thank you very much for getting the application ready for the G20 finance meeting last weekend … The call records activity pilot was very successful and was well received as a current indicator of delegate activity …

"It proved useful to note which nation delegation was active during the moments before, during and after the summit. All in all, a very successful weekend with the delegation telephony plot."
http://www.guardian.co.uk/uk/2013/ju...ns-g20-summits





China Asks U.S. to Explain Internet Surveillance

China made its first substantive comments on Monday to reports of U.S. surveillance of the Internet, demanding that Washington explain its monitoring programs to the international community.

Several nations, including U.S. allies, have reacted angrily to revelations by an ex-CIA employee over a week ago that U.S. authorities had tapped the servers of internet companies for personal data.

"We believe the United States should pay attention to the international community's concerns and demands and give the international community the necessary explanation," Chinese Foreign Ministry spokeswoman Hua Chunying said at a daily briefing.

The Chinese government has previously not commented directly on the case, simply repeating the government's standard line that China is one of the world's biggest victims of hacking attacks.

A senior source with ties to the Communist Party leadership said Beijing was reluctant to jeopardize recently improved ties with Washington.

The explosive revelations of the U.S. National Security Agency's (NSA) spying programs were provided by Edward Snowden, a former CIA employee and NSA contractor currently holed up in Hong Kong, a China-controlled city.

Snowden told the South China Morning Post, Hong Kong's main English language newspaper, last week that Americans had spied extensively on targets in China and Hong Kong.

He said these included the Chinese University of Hong Kong, the site of an exchange which handles nearly all the city's domestic web traffic. Other alleged targets included government officials, businesses and students.

At the briefing, Hua rejected a suggestion that Snowden was a spy for China.

"This is sheer nonsense," she said, without elaborating.

It will likely be up to the central government to decide what happens if Washington requests Snowden's extradition, as Beijing controls Hong Kong's diplomatic affairs. The U.S. Justice Department is investigating the case but Snowden has not been charged with any crime.

In a poll on the website of the Global Times, a popular tabloid published by the Communist Party's official People's Daily, 98 percent of respondents said China should refuse to send him back to the United States.

"Unlike a common criminal, Snowden did not hurt anybody. His 'crime' is that he blew the whistle on the U.S. government's violation of civil rights," the newspaper said in an editorial.

"His whistle-blowing is in the global public interest. Therefore, extraditing Snowden back to the U.S. would not only be a betrayal of Snowden's trust, but a disappointment for expectations around the world. The image of Hong Kong would be forever tarnished."

The former British colony of Hong Kong is supposed to enjoy wide-ranging autonomy and broad freedoms denied to people in mainland China, including an independent judiciary and free press.

Since its return to Chinese rule in 1997, however, the city's pro-democracy politicians and activists have complained that Beijing has been steadily eroding Hong Kong's freedoms despite constitutional safeguards granting a high degree of autonomy.

(Reporting by Michael Martina; Writing by Terril Yue Jones; Editing by Ben Blanchard and Raju Gopalakrishnan)
http://www.reuters.com/article/2013/...95G06R20130617





Archivists in France Fight a Privacy Initiative
Eric Pfanner

As a European proposal to bolster digital privacy safeguards faces intense lobbying from Silicon Valley and other powerful groups in Brussels, an obscure but committed group has joined in the campaign to keep personal data flourishing online.

One of the European Union’s measures would grant Internet users a “right to be forgotten,” letting them delete damaging references to themselves in search engines, or drunken party photos from social networks. But a group of French archivists, the people whose job it is to keep society’s records, is asking: What about our collective right to keep a record even of some things that others might prefer to forget?

The archivists and their counteroffensive might seem out of step, as concern grows about American surveillance of Internet traffic around the world. But the archivists say the right to be forgotten, as it has become known, could complicate the collection and digitization of mundane public documents — birth reports, death notices, real estate transactions and the like — that form a first draft of history.

“Today, e-mail, Facebook, Twitter — this is the correspondence of the 21st century,” said Jean-Philippe Legois, president of the Association of French Archivists, which has around 1,700 members. “If we want to understand the society of today in the future, we have to keep certain traces.”

The group represents a wide swath of professionals who specialize in preserving and cataloging documents from institutions as diverse as town halls or museums. Still, supporters of the French campaign acknowledged the growing concern about digital privacy, after the disclosure of the extensive United States intelligence project known as Prism to mine data from Internet companies for security purposes.

To try to persuade European Union lawmakers to drop or soften the proposed rules on digital privacy, the French archivists introduced a petition, circulated to their counterparts in other countries. The group says the petition has received almost 50,000 signatures, which it will present to the European Parliament.

The group also commissioned advertising posters underlining the threat it sees. One shows a metaphorical image of demonstrators marching through Paris, their faces hidden by digitally appended clown masks. It asks: “Without a name, does individual commitment still have the same meaning?”

The archivists know that their influence is limited as the Parliament is lobbied by myriad Internet companies, governments and other organizations, which have submitted about 4,000 amendments to the proposed law for the European Union’s 27 member states. This month, several proposals were softened, including the plan to require companies to obtain “explicit” consent from users to collect and process their data, though the United States surveillance revelations could renew the push for tougher rules.

The right to be forgotten is one of the most contentious items.

The European Commission has drawn support from consumer organizations and privacy advocates, but the archivists have received backing from other European professionals who rely on record-keeping, including genealogists and history professors.

Advocates of the right to be forgotten say it is unrealistic to expect Internet companies like Google and Facebook, which collect huge amounts of data on their users in order to direct relevant advertising to them, to put safeguards in place without stricter regulations.

European Union lawmakers want to establish two separate, but related, digital privacy rules. One would guarantee Internet users the right to delete pictures, writings and other data on social networks and other online forums. In theory, this is already permitted, but regulators say removal can be cumbersome and deleted material often lingers in search engines and elsewhere.

Under the proposal, search engines would have to remove the material immediately. Internet companies balk at that. They say that they generally favor giving people control over material they have posted themselves, but oppose letting Internet users demand that search engines and other sites remove information about them that has been posted by others, perhaps including official documents.

The principle of a right to be forgotten is being tested under existing laws in Spain, where the government has ordered Google to remove unflattering references to dozens of individuals who filed complaints with the Spanish Data Protection Agency. Google has refused, insisting that only publishers or courts, not individuals or search engines, should have the power to remove information, assuming that it was legally published.

A test case, involving a Spaniard named Mario Costeja who is seeking the removal of links to a newspaper notice from 1998 that his home was being auctioned after he failed to pay social security taxes, has gone to the European Court of Justice in Luxembourg. An advocate general, or legal expert to the court, is expected to issue an opinion late this month.

“Search engines should not be subject to censorship of legitimate content for the sake of privacy — or for any other reason,” William Echikson, Google’s head of free expression for Europe, wrote in a blog post on the case, noting that the newspaper announcement of the auction had been required under Spanish law.

Advocates of a right to be forgotten say different standards are needed in cyberspace because information like this is so much more readily available online than on paper, with the auto-complete functions of search engines sometimes providing negative associations even as users type in a name.

Jan-Philipp Albrecht, a German member of the European Parliament, said he was working on a compromise that would protect archivists’ use of data in the public interest, while giving individuals more control.

“I completely understand that these people are concerned about how to use archive data for historical purposes,” he added. “But this campaign is a little bit exaggerated and misleading,” he said of the petition.

The legislation remains subject to horse-trading among the Parliament and the European Commission, the European Union’s executive arm, as well as national governments. Lawmakers say they hope to finish the process next year; the rules would go into effect two years later.

Mr. Legois, who is a municipal archivist in Sevran, a suburb of Paris, said he sympathized with concerns over the use of personal information by the likes of Google and Facebook. But he said there were solutions other than the deletion of data. For certain kinds of records, public access could be restricted, with archivists acting as guardians, he said.

Mr. Legois said the archivists are standing up for the little guy. He quoted from Walter Benjamin, a German philosopher who killed himself in Spain in 1940 as he was fleeing the Gestapo.

“It is more arduous to honor the history of the nameless than that of the renowned,” the philosopher wrote. “Historical reconstruction is devoted to the memory of the nameless.”
https://www.nytimes.com/2013/06/17/t...-movement.html





Saudi Arabia Plans to Block WhatsApp Within Weeks: Report

Saudi Arabia plans to block Internet-based communication tool WhatsApp within weeks if the U.S.-based firm fails to comply with requirements set by the kingdom's telecom regulator, local newspapers reported this week.

This month the Communications and Information Technology Commission (CITC) banned Viber, another such tool, which like WhatsApp is hard for the state to monitor and deprives telecom companies of revenue from international calls and texts.

The kingdom appears to be making a greater push for more control over cyberspace as Internet and smart phone usage soars, in part due to strict laws that limit opportunities for people to mix in person.

"We have been communicating with WhatsApp and other similar communication platforms to get them to cooperate and comply with the Saudi telecom providers, however nothing has come of this communication yet," Abdullah Al-Darrab, governor of the CITC, told Arab News.

Al-Darrab said Viber was blocked last week for non-compliance, and that WhatsApp and Skype may be next on the list.

Asked when WhatsApp services would be blocked, the CITC chief said it was highly likely to be before the holy month of Ramadan which is expected to start on July 9.

The regulator issued a directive in March saying tools such as Viber, WhatsApp and Skype broke local laws, without specifying how.

Local media reported at the time that Saudi Arabia's three main operators Saudi Telecom Co, Etihad Etisalat (Mobily) and Zain Saudi had been asked to tell CITC if they were able to monitor or block such applications.

Mobile penetration was 188 percent by the end of 2012, CITC data shows. Saudi Arabia now has 15.8 million Internet subscribers and the average user watches three times as many online videos per day as counterparts in the United States, according to YouTube.

Conventional international calls and texts are a lucrative earner for telecom operators in Saudi Arabia, which hosts around nine million expatriates. These foreign workers are increasingly using Internet-based applications such as Viber to communicate with relatives in other countries, analysts say.

(Reporting by Amena Bakr; Editing by Angus McDowall and Janet Lawrence)
http://www.reuters.com/article/2013/...95F04R20130616





Exclusive: ‘Location Tracking’ of Every Indian Mobile User by 2014
Danish Raza

New Delhi: The government has directed all telecom service providers to make location details, a mandatory part of call data records (CDR) of all mobile users in the country, starting mid- 2014, according to a Department of Telecommunications (DoT) directive obtained by Firstpost.

Effectively what this means, is that in addition to the contact number of the person you spoke to, duration of the call and details of the mobile tower you used, CDRs will now also reflect details of where you were when you made a call. The DoT directive is titled ‘Amendments to the unified access service license agreement for security related concerns for expansion of telecom services in various zones of the country’ and has been issued to all unified access service licensees.

Telecom companies are known to have assisted investigative agencies in probing criminal and terror cases by providing such details in the past. It is also common for agencies to tap mobile phones. But this exercise which aims to track the location of every mobile user in the country, is unprecedented in sheer scale and intention.

What is noteworthy here however, is the accuracy with which the government wants to know where you are- more than 90 percent accuracy in urban (sic), defined as more than one million mobiles in a municipal unit. While the location tracking exercise has its genesis in a DoT order issued in May 2011, its effect on the ground should be visible from mid- 2014.

To start with, these details will be provided for specified mobile numbers. “However, within a period of three years location details shall be part of CDR for all mobile calls,” said the directive.

The DoT directive says that while detecting the location of the mobile users in urban centers, the telecom operator should achieve 80 percent accuracy in first year followed by 95 percent accuracy in the second year. But it is not clear from the note that to achieve these accuracies, the starting year is 2011 (when the order was issued) or 2014 (when location details shall be part of CDR for all mobile calls).

A cyber security analyst has called this an ‘alarming’ development and did not rule out the possibility of the government feeding citizens’ CDR information into the central monitoring system (CMS) – the centralised project through which the union government plans to monitor phone and internet activity in the country. Civil rights groups have also criticised CMS, describing the move as ‘chilling’.

“Through this DoT directive, the government is merely asking mobile operators to maintain location details. But for CMS, mobile companies have to transfer all such details to the government. Therefore, eventually, I believe, these details will be fed into the central server,” said Commander (rtd) Mukesh Saini, former national information security coordinator, government of India.

Alarming as it appears, but India is not the only country to conduct location tracking of its citizens. “This is a standard practice in European countries which use GSM technology, said V K Mittal, former scientist with National Technical Research Organisation. He added that obtaining location details of targets is an integral part of agency modules while cracking criminal and terror cases. However, to do this for every mobile user, Mittal said, is illegal, unethical and unconstitutional as the state will be able to continuously target its citizens. “This is a clear indication that we are now moving towards a totalitarian regime in the name of security.”

Jiten Jain, Delhi based cyber security analyst, said that going by the kind of information which the government already possess, it is not surprising if location details become part of CDR. “But monitoring the location of every citizen is like creating a monster,” he said.
http://www.firstpost.com/tech/exclus...14-876109.html





Lawmakers Move to Block Black Box Recorders in Cars, DVR Snooping

Legislators also have privacy concerns about DVR viewer tracking
Lucas Mearian

Computerworld - Is your car watching your every move? Can the cable company track your DVR habits?

Those two privacy issues are bubbling up in Congress, where lawmakers this week filed bipartisan legislation that would give car owners control over data collected in black box-style recorders that may be required in all cars as soon as next year. The move follows a separate proposal made earlier this month that would block telecommunications companies from tracking viewer activity with new digital video recorder (DVR) technology.

Most new cars already have black boxes, known as event data recorders (EDRs), but manufacturers aren't required to inform vehicle owners about their existence or the data they collect, according to the lawmakers.

"For me, this is a basic issue of privacy," Rep. Mike Capuano (D-MA) said in a statement. "Consumers should have control over the information collected by event data recorders in their own vehicles and they should be able to exercise control over the recording function. Many consumers aren't even aware that this technology is already in most vehicles."

Last year, the National Highway Traffic Safety Administration (NHTSA) proposed a new standard that would require all light passenger vehicles (weighing 8,500 lbs or less) and motorcycles built on or after Sept. 1, 2014, to have EDRs. The recorders, while similar in function to black boxes in airplanes, record far less information.

In response to the proposed new rules, Capuano and Rep. Jim Sensenbrenner (R-WI) filed the "Black Box Privacy Protection Act" to give vehicle owners more control over the information collected through a car or motorcycle EDR. The legislation requires manufacturers to notify consumers if an EDR is installed in their vehicle, to disclose its data collection capabilities, and provide information on how data collected may be used.

The bill also gives vehicle owners control over the data. All data collected by an EDR becomes the property of the vehicle owner under this legislation. The bill would make it illegal for anyone other than the vehicle owner to download or retrieve information without owner consent or a court order.

The legislation also requires manufacturers to give consumers the option of controlling the recording function in future vehicles equipped with event data recorders.

"As a strong supporter of the Fourth Amendment and privacy rights, I believe vehicle owners should have ultimate control over information collected by their vehicle's black box, including what data is recorded and who has access to it," Sensenbrenner said.

According to the NHTSA, however, EDRs do not collect any personal identifying information or record conversations and do not run continuously. What they would record is:

• Vehicle speed;
• Whether the brakes were activated just before a crash;
• Crash forces at the moment of impact;
• Information about the state of the engine throttle;
• Air bag deployment timing and air bag readiness prior to the crash;
• Whether the vehicle occupant's seat belt was buckled.

"EDRs provide critical safety information that might not otherwise be available to NHTSA to evaluate what happened during a crash -- and what future steps could be taken to save lives and prevent injuries," said NHTSA Administrator David Strickland. "A broader EDR requirement would ensure the agency has the safety-related information it needs to determine what factors may contribute to crashes across all vehicle manufacturers."

But lawmakers said many consumers are not aware that this data could be used against them in civil or criminal proceedings, or by their insurer to increase rates.

No federal law exists to clarify the rights of a vehicle owner with respect to this recorded data, according to Capuano.

On a separate matter, Capuano and Rep. Walter Jones (R-NC), filed the "We Are Watching You Act" in response to reports that national telecommunications companies are exploring technology for DVRs that would record the personal activities of people as they watch television at home.

"This may sound preposterous, but it is neither a joke nor an exaggeration," Capuano said. "These DVRs would essentially observe consumers as they watch television as a way to super-target ads. It is an incredible invasion of privacy."

For example, late last year Verizon patented DVR technology that monitors viewer actions in order to better target advertisements.

Intel has announced plans for a media streaming service and DVR with a camera this year that will track with recognition technology similar to that used in Microsoft's Kinect box. Unlike Kinect, Intel's box won't track motion, it would identify users and bringing up preset configurations on the box, according to Jon Carvill, director of Intel corporate communications.

The "We Are Watching You Act" requires prior consent from the consumer before a behavior-tracking DVR can be installed in a home. The operator of the technology must provide specific details on how collected information will be used, and who will have access to the data.

When the recording device is in use, the words "WE ARE WATCHING YOU" would appear, large enough to be readable from a distance, for as long as the device is recording the viewing area. If consumers opt out of the new technology, companies are required to offer a video service that does not collect this information but is otherwise identical in all respects.

Paul O'Donovan, an analyst with Gartner's Consumer Electronics Research Group, agreed with Capuano that DVRs are indeed becoming a very invasive technology.

It "goes way beyond the service provider monitoring what you're watching in order to offer recommendations or targeted advertising," he said. "That is already common place especially on sites like Amazon. But this is quite different, very invasive.... I'm not at all surprised that it [the legislation] is being proposed."

O'Donovan referenced Microsoft's Kinect motion-sensing game controller systems and how they could be used to track user's activity. But he said it remains unclear how images or audio, especially in the volumes that would be collected by millions of game owners, would be analyzed.

"Are there going to be rooms full of people watching the TV viewers in their homes, deciding what they are doing then deciding which adverts to show them?" he said. "This seems very subjective, expensive and not particularly efficient given the number of subscribers. So I suspect this is a technology that is unlikely to penetrate the market in any kind of volume in the near future."

Capuano, however, said that while DVR technology is in its early stages, it is important that Congress establish clear boundaries now before it becomes reality.

"Right now, there is nothing preventing companies from utilizing the technology, no obligation to notify the consumer before it is used and no obligation to give consumers the chance to opt out," Capuano's office said in a statement.
https://www.computerworld.com/s/arti...4&pageNumber=1





How to Block the NSA From Your Friends List
April Glaser and Libby Reinish

After recent revelations of NSA spying, it’s difficult to trust large Internet corporations like Facebook to host our online social networks. Facebook is one of nine companies tied to PRISM––perhaps the largest government surveillance effort in world history. Even before this story broke, many social media addicts had lost trust in the company. Maybe now they’ll finally start thinking seriously about leaving the social network giant.

Luckily, there are other options, ones that are less vulnerable to government spying and offer users more control over their personal data. But will mass migration from Facebook actually happen?

According to a Pew study released weeks before news of PRISM broke, teenagers are disenchanted with Facebook. They're moving to other platforms, like Snapchat and (Facebook owned) Instagram, the study reports. This is the way a social network dies—people sign up for multiple platforms before gradually realizing that one has become vacant or uninteresting. Myspace, for instance, took years to drop off the map. By 2006 Myspace reached 100 million users, making it the most popular social network in the United States. But by 2008, Facebook had reached twice that number, less than two years after allowing anyone older than 13 to join the network.

Benjamin Mako Hill, a fellow at the Berkman Center for Internet and Society, thinks Facebook's ability to connect people and bind them to the social network is overrated to begin with. "Facebook didn't exist, what, 10 years ago,” he says, and in 10 years, he thinks, “a company called Facebook will exist, but will it occupy the same space in our culture? That's certainly not something I'm willing to take for granted."

Teens may be turning to Instagram and Snapchat, but those services don’t offer the deeper levels of social networking that Facebook users are accustomed to, with photo albums, event invites, fan pages, and connections to old friends. Ultimately, teens may be smart not to consolidate all of their social networking on one platform—but Instagram, Snapchat, and some other new flavors of the month all use centralized servers that are incredibly easy to spy on.

But there are other places to go. For years, the free software movement has been developing and using social networks designed with user privacy in mind. Unlike Facebook, these social networks are not hosted by a single entity's privately owned servers but rather by volunteers across the world that share server space in order to maintain a decentralized, robust network. When a company like Facebook hosts the data of more than 1 billion users, it's not hard for the government to simply ask for permission to access that data, conveniently stored all in one place.

Gabriella Coleman, a professor of scientific and technological literacy at McGill University, points out that companies like Facebook would be collecting data on individuals regardless of government requests. That's how the vast majority of free online social networks make money; they use data mining to sell targeted, contextual ads. "In some ways,” she says, “that's the source of the problem, the fact that we've just given up all of our data in return for free services."

Community-hosted, decentralized social media, on the other hand, allow people to maintain ownership of their data. These platforms use a principle called “federation” to connect a vast network of servers to one another. If the NSA wants to collect the data of all the users on a decentralized network, it has to contend with a large number of disparate server owners who could be anywhere in the world, a much more complicated task than issuing a single subpoena or hacking into a centralized server.

"There's a resiliency to having data spread across multiple sites; that's the way the web was intended to work, and we need to bring that back,” says Christopher Webber, the founder of MediaGoblin, a federated, free software replacement for YouTube, Flickr, SoundCloud, and other media hosting services. Other projects, like Identi.ca (which is similar to Twitter), Diaspora, and Friendica are replacements for conventional social media networks, and they work. The number of users on federated networks is hard to calculate—again, their data are spread out instead of stored centrally—but Identi.ca alone counts 1.5 million users.

PRISM could be the impetus that gets more communities to begin using these networks. As of Monday morning, nearly 200,000 people have signed a petition that calls for an investigation of the NSA's spying program, and last week activists launched prism-break.org, a site that offers a menu of options for those looking to "opt out" of government surveillance.

The NSA’s spy apparatus worked because of the centrally owned and operated networks we have relied on to socialize. How the PRISM story will play out politically remains uncertain, but there are more immediate ways for users to regain privacy. Try another social network, and bring your friends to experiment with you. If you oppose turnkey government spying, go where the NSA doesn’t have a backdoor.
http://www.slate.com/blogs/future_te..._facebook.html





Insight: FBI Relies On Secret U.S. Surveillance Law, Records Show
John Shiffman, Kristina Cooke and Mark Hosenball

The FBI has used secret evidence obtained under the Foreign Intelligence Surveillance Act to prosecute at least 27 accused terrorists since 2007, according to a Reuters review of public records.

While the recent spotlight has been on the use of the FISA law by the U.S. National Security Agency for surveillance programs following disclosures by former NSA contractor Edward Snowden, the FBI also makes extensive use of the law for domestic counterterrorism.

The Reuters review highlights the extent to which the FBI has come to rely on FISA to investigate or thwart domestic attacks. It involved searching the national court docket using the database of Westlaw, which is owned by Thomson Reuters Corp, and includes only cases where prosecutors are required to file a notice under FISA. Other cases where FISA was used may be sealed.

The 27 cases in which the Federal Bureau of Investigation has used FISA evidence include both well-publicized and less-known investigations. They range from mass murder charges against Army psychiatrist Nidal Hasan for the shootings of 13 people at Fort Hood, Texas, in 2009, to the arrest in April of an 18-year-old in Chicago accused of planning to join an al Qaeda-linked group fighting in Syria. Both men await trial.

In an effort to shore up support for the NSA program, U.S. spy agencies may disclose publicly, as early as Tuesday, for the first time a list of at least 25 terrorist attacks they say were thwarted by the agency's once-secret surveillance operations. Many, if not all, of those NSA operations also used FISA for intelligence gathering.

When the FBI uses FISA, it seeks approval from judges at the secret U.S. Foreign Intelligence Surveillance Court (FISC) for phone, email and electronic surveillance and for searches of property, including "sneak-and-peak" search warrants in which agents covertly enter a business or home when the occupants are away, and try to leave no trail of their visit.

The public court records, often little more than a one-page notification by a Justice Department attorney, provide no specific details of these covert operations. Some case files include defense challenges to the FISA law; none have been successful.

The court files show that the FBI used FISA warrants in recent cases against an Oregon man charged with aiding a Pakistani suicide bomber; a Philadelphia man accused of joining an Uzbekistan terrorist organization; and two Somali-born Minnesota women convicted of raising funds for al Qaeda-affiliated al-Shabaab rebels.

They also include FBI investigations of the New York founder of a radical Islamic website and a Moroccan man convicted of plotting a suicide attack at the U.S. Capitol.

An FBI spokeswoman referred questions about the bureau's use of FISA to the Justice Department, and a spokesman there declined to comment.

SECRET COURT

FISA warrants are issued by the FISC in Washington. It was created in 1978 following congressional hearings that exposed illegal surveillance of U.S. citizens - without court-authorized warrants. The court includes 11 judges, all of whom are veteran federal judges at the trial court level. They are appointed by the chief justice of the U.S. Supreme Court to seven-year terms.

Applications to the judges for FISA warrants are presented by U.S. prosecutors. While FISA warrants are issued in secret, once an arrest is made by the FBI, U.S. law requires prosecutors to file a short notice to the court if they intend to use classified evidence at trial.

In addition to terrorism cases, the FBI has used FISA warrants in at least nine espionage and arms and military technology smuggling investigations since 2007.

The 27 alleged terrorism cases identified by Reuters in which the FBI used FISA evidence, and later disclosed that fact, represent only a small sampling of warrants issued by the secret court. Last year alone, the government applied for 1,856 FISA warrants and - except for one that was withdrawn - all were granted.

The public records only identify cases in which the FBI used FISA evidence to make terrorism arrests inside the United States.

NSA CASES

In some cases where prosecutors filed a public court notice that the FBI used FISA, the NSA is also involved but the authorities are not required to disclose that in court.

For instance, U.S. officials have since the Snowden disclosures identified two such cases - a U.S. man implicated in the 2009 attack by armed Pakistani militants in Mumbai, India, that killed 166 people, and an attempted plot against the New York City subway the same year.

In the New York case, the alleged plot leader, Najibullah Zazi, pleaded guilty to terrorism charges and is awaiting sentencing. An alleged co-conspirator, Adis Medunjanin, was sentenced to life in prison.

In a paper circulated to Congress on Saturday, U.S. intelligence agencies said that broad NSA email monitoring under a program made public by Snowden, called Prism, played a critical role in leading U.S. investigators to Zazi, while sweeping NSA telephone data collection produced leads that led investigators to Medunjanin.

According to court records, the FBI also used FISA warrants to make cases against:

- Abdella Ahmad Tounisi, 18, of Aurora, Illinois, who was arrested in April for allegedly trying to join al Qaeda-linked fighters in Syria. He is awaiting trial. U.S. officials say he was a friend of Adel Daoud, an American accused of trying to set off a bomb outside a downtown Chicago bar last year.

- Jesse Curtis Morton, a Muslim convert from Brooklyn who founded the Revolution Muslim website, which is linked to a half dozen other terrorism cases inside the United States, according to court documents. Morton is serving a 12-year sentence for posting online threats against the founders of the South Park television program.

- Amine El Khalifi, a Moroccan sentenced last year to 30 years in prison for plotting a suicide attack on the U.S. Capitol.

- Reaz Qadir Khan, a Portland, Oregon, municipal worker charged in April with conspiring to provide material support to a fatal 2009 suicide bombing at a regional Pakistani intelligence headquarters in Lahore. He awaits trial.

- Betim Kaziu, a Brooklyn man convicted of conspiracy to kill U.S. soldiers overseas and sentenced to 27 years in prison.

- Bakhityor Jumaev, a Philadelphia man arrested last year in Denver and charged with being a member of an Islamic terrorist group allegedly seeking to overthrow the government of Uzbekistan. He awaits trial.

- Amina Farah Ali and Hawo Mohamed Hassan, Somali-born Minnesota women convicted of raising funds for al Qaeda-affiliated al-Shabaab rebels. Ali was sentenced to 20 years and Hassan was sentenced to 10 years.

(Additional reporting by Matthew Haldane; Editing by Warren Strobel and Martin Howell)
http://www.reuters.com/article/2013/...95H03220130618





NSA Disruption of Stock Exchange Bomb Plot Disputed
David Kravets

Did the government really disrupt a bomb plot targeting the New York Stock Exchange?

The FBI deputy director said that today in a Spygate hearing where the government for the first time said the secret spy techniques publicly disclosed two weeks ago had halted some 50 terror attacks in 20 countries.

Sean Joyce, the bureau’s deputy director, identified Khalid Ouazzani as the culprit. “Ouazzani had been providing information and support to this plot,” Joyce testified to the House Select Committee on Intelligence.

According to interviews and court records, the 2008 plot failed, not because the authorities broke it up, but because the alleged attackers decided against it.

The Kansas City man’s attorney today said that Joyce’s comments were news to him. Among other things, his client pleaded guilty in 2010 to providing money — $23,000 in “material support” to Al-Qaida. He also pleaded to a count of money laundering and bank fraud, and is set for sentencing next month.

“Khalid Ouazzani was not involved in any plot to bomb the New York Stock Exchange,” Robin Fowler, the defendant’s defense attorney, said in a telephone interview.

His client’s plea agreement mentions no plot. According to his plea agreement:

Defendant and others also discussed how they could perform other tasks at the request of and for the benefit of Al-Qaida. Some of defendant’s conversations with others also involved plans for them to participate in various types of actions to support Al-Qaida, including fighting in Afghanistan, Iraq, or Somalia. Defendant and the others he was communicating with about Al-Qaida took various steps and used various techniques to disguise their communications about their plans and assistance to support Al-Qaida.

Fowler declined to comment any further, including whether he would seek to reopen the case, given the government admitting that secret, and constitutionally suspect, methods were used to gain access to his phone records.

New York defense attorney Joshua Dratel said Ouazzani worked as a government informant — a cooperating witness — in the New York federal prosecution of Sabirhan Hasanoff, who has pleaded guilty to providing material support to terrorists. Even the government’s own sentencing memorandum shows that the defendants called off a proposed plot on their own, without involvement from federal authorities.

“There was no plot. There was one guy was asked to check out a tourist site downtown. It was a year and a half before they arrested Hasanoff. So if they thought it was really a plot, what were they doing letting him run around?” Dratel asked in a telephone interview.

The government’s own sentencing memo dated May 31 confirms Dratel’s statements.

“Hasanoff relayed that the New York Stock Exchange was surrounded by approximately four streets that were blocked off from vehicular traffic and that someone would have to walk to the building. The Doctor [an undisclosed high-ranking al-Qaida operative] revealed that, although the information provided by Hasanoff could be used by someone who wanted to do an operation, he was not satisfied with the report, and he accordingly disposed of it. (The report apparently lacked sufficient detail about New York Stock Exchange security matters to be as helpful as the Doctor had hoped.)

The Guardian newspaper, meanwhile, two weeks ago published a leaked a secret court order requiring Verizon Business Solutions to provide the NSA with the phone numbers of both parties involved in all calls, the International Mobile Subscriber Identity (IMSI) number for mobile callers, calling card numbers used in the call, and the time and duration of the calls.

The Guardian and Washington Post were also leaked material detailing a program called PRISM, which described a system whereby nine internet companies, including Google, Yahoo and Facebook had special equipment installed in their facilities that allowed NSA analysts sitting at their desks to query the data directly. The internet companies said they did not provide the government direct access to their servers.

(This story was updated Tuesday afternoon.)

– Additional reporting by Kevin Poulsen
http://www.wired.com/threatlevel/201...tock-exchange/





Justice Department Fought to Conceal NSA’s Role in Terror Case From Defense Lawyers
Kevin Poulsen

When a senior FBI official told Congress the role the NSA’s secret surveillance apparatus played in a San Diego terror financing case today, nobody was more surprised to hear it than the defense attorney who fought a long and futile court battle to get exactly the same information while defending the case in court.

“His lawyers — who all have security clearances — we can’t learn about it until it’s to the government’s tactical advantage politically to disclose it,” says New York attorney Joshua Dratel. “National security is about keeping illegal conduct concealed from the American public until you’re forced to justify it because someone ratted you out.”

Dratel represents Basaaly Saeed Moalin, a San Diego cab driver who was convicted in February of providing material support for a terrorist organization. Moalin raised money for the Somali militia group al Shabaab, which the State Department declared a foreign terrorist organization in 2008.

Before today the case was barely a footnote in the war on terror. But in testimony before the House Select Committee on Intelligence, FBI deputy director Sean Joyce brandished it — without saying Moalin’s name — as one example of how the government’s secret surveillance programs have thwarted terrorists. The FBI had investigated the San Diego man after the September 11 attacks, and found no connection to terrorist activity, Joyce said. Then in October 2007, the NSA, using the phone records it compiled with Patriot Act 215 orders, “tipped us off that this individual had indirect contacts with a known terrorist overseas,” he said. “We were able to reopen this investigation, identify additional individuals through legal process and were able to disrupt this terrorist activity.”

That’s the end of the story, as Joyce told it. Under questioning he revealed enough to make it clear he was talking about the Moalin case, where court records show the rest of the story.

When the FBI got the case, it began spying on Moalin with a secret order from the Foreign Intelligence Surveillance Court, intercepting 1,800 phone calls amounting to “hundreds of hours” of conversations from December 2007 to December 2008, and 680 pages of emails from Moalin’s account with Microsoft’s Live.com service.

After Moalin’s arrest, Dratel challenged the legality of the spying in 2011, and asked a federal judge to order the government to produce the wiretap application the FBI gave the secretive FISC to justify the surveillance. In a conventional wiretap, defense lawyers are permitted to see the affidavit used to justify the surveillance to a judge, and ask a judge to suppress evidence obtained from a wiretap issued on false information.

“Disclosure of the FISA applications to defense counsel – who possess the requisite security clearance – is also necessary to an accurate determination of the legality of the FISA surveillance, as otherwise the defense will be completely in the dark with respect to the basis for the FISA surveillance,” wrote Dratel

The government fought the request in a 60-page reply brief, much of it redacted as classified in the public docket. The Justice Department argued that the defendants had no right to see any of the filings from the secret court, and instead the judge could review the filings alone in chambers. “Confidentiality is critical to national security,” the government wrote.

“Indeed, to the Government’s knowledge, no court has ever suppressed FISA- obtained or -derived information, or held an adversarial hearing on motions to disclose or to suppress,” the government added.

The government filing also indicated that the wiretapping of Moalin began without a court order, under a provision of FISA that allowed the feds to conduct warrantless surveillance of content for up to 72 hours in an emergency, before getting authorization from the Foreign Intelligence Surveillance Court. The FISA Amendments Act has since expanded that window to seven days

“At the time of the emergency authorizations here, FISA provided that in emergency situations the Attorney General may authorize electronic surveillance and physical search without an order from the FISC,” wrote the Justice Department.

U.S. District Judge Jeffrey T. Miller rejected the defense FISA challenge in a secret opinion in June of last year; even Dratel, who has a government security clearance, was not permitted to see the order, he says. The first he learned of the NSA’s role in his client’s case was when Joyce disclosed it on CSPAN to argue for the effectiveness of the NSA’s spying.

The cab driver and three codefendants went on to lose their jury trials, and Moalin faces up to 20 years at sentencing in September.

“We’re going to evaluate our options as to what to do now to get to the bottom of this,” says Dratel.

By coincidence, Dratel also represents Sabirhan Hasanoff, who was also cited by Joyce in a surveillance success story. Hasanoff supposedly plotted to blow up the New York Stock Exchange. Hasanoff has pleaded guilty to providing material support to terrorists. But the government’s own sentencing memorandum shows that the defendants called off a proposed plot on their own, without any involvement from federal authorities, and over a year before being arrested.

“There was no plot,” says Dratel. “There was one guy was asked to check out a tourist site downtown. It was a year and a half before they arrested Hasanoff. So if they thought it was really a plot, what were they doing letting him run around?”

The sentencing memorandum in that case, dated May 31, confirms Dratel’s statements. “Hasanoff relayed that the New York Stock Exchange was surrounded by approximately four streets that were blocked off from vehicular traffic and that someone would have to walk to the building. The Doctor [an undisclosed high-ranking al-Qaida operative] revealed that, although the information provided by Hasanoff could be used by someone who wanted to do an operation, he was not satisfied with the report, and he accordingly disposed of it.”

“This casts suspicion on everything they say about these programs, and the efficacy of these programs,” says Dratel. “Their notion of transparency is so tired. They have to stop lying to everybody.”

Additional reporting by David Kravets
http://www.wired.com/threatlevel/201...fense-lawyers/





Lawyers Eye NSA Data as Treasure Trove for Evidence in Murder, Divorce Cases
Bob Sullivan

The National Security Agency has spent years demanding that companies turn over their data. Now, the spy agency finds the shoe is on the other foot. A defendant in a Florida murder trial says telephone records collected by the NSA as part of its surveillance programs hold evidence that would help prove his innocence, and his lawyer has demanded that prosecutors produce those records. On Wednesday, the federal government filed a motion saying it would refuse, citing national security. But experts say the novel legal argument could encourage other lawyers to fight for access to the newly disclosed NSA surveillance database.

"What's good for the goose is good for the gander, I guess," said George Washington University privacy law expert Dan Solove. "In a way, it's kind of ironic."

Defendant Terrance Brown is accused of participating in the 2010 murder of a Brinks security truck driver. Brown maintains his innocence, and claims cellphone location records would show he wasn't at the scene of the crime. Brown's cellphone provider — MetroPCS — couldn't produce those records during discovery because it had deleted the data already.

On seeing the story in the Guardian indicating that Verizon had been ordered to turn over millions of calling records to the NSA last month, Brown's lawyer had a novel idea: Make the NSA produce the records.

Brown's lawyer, Marshall Dore Louis, said he couldn't comment while the trial was ongoing.

"Relying on a June 5, 2013, Guardian newspaper article ... Defendant Brown now suggests that the Government likely actually does possess the metadata relating to telephone calls made in July 2010 from the two numbers attributed to Defendant Brown," wrote U.S. District Judge Robin Rosenbaum in an order demanding that the federal government respond to the request on June 10.

The laws of evidence require that prosecutors turn over to the defense any records they have that might help prove a suspect's innocence.

"This opens up a Pandora's box," said Mark Rasch, former head of the Department of Justice Computer Crimes Unit, and now an independent consultant. “You will have situations where the phone companies no longer have the data, but the government does, and lawyers will try to get that data.”

On Wednesday, federal prosecutors filed a motion saying they cannot respond to Brown's request because the federal government does not have the data the suspect seeks — cell site location information, or CSLI. The leaked court order which inspired the request included was unclear on which metadata phone companies turn over.

The government’s motion also invokes the Classified Information Procedures Act (CIPA), which allows the prosecutors to respond to such requests "in camera," or privately with the judge, to explain what data it does or does not have.

"The (CIPA) allows the government to protect classified information by claiming that, first, the phone records are classified, and second, whether or not the government has phone records is also classified," Rasch said.

The assertion in the motion that "at the outset, the government does not possess the CSLI data," is intriguing, as it clearly refutes the notion that the NSA obtains location data as part of its routine records acquisition from telephone companies. But it's unlikely this case will yield more clues about what data the NSA does have, as additional legal discussion will be private.

Even without location data, it's easy to imagine other cases where call records might help prove a suspect's innocence. Rasch says the NSA should expect to deal with a lot of new requests for evidence now.

"The thing was, in the past, no one knew these records were there. Now lawyers know, and they will ask for it,” he said.

It's all part of the hazard of becoming, effectively, a backup server for all the nation's technology companies, said Solove.

"This is a little bit of an awakening to the government, that you can't hold massive amounts of personal data with impunity," he said. "Once you do, a lot of obligations and responsibilities kick in. One of the consequences of keeping data is that now you open yourself up to discovery."

Different standards apply to discovery in civil cases, such as contested divorce, but Solove said it's possible lawyers in those cases could also appeal to the NSA for evidence, now that they know the records exist.

While it might seem unusual to demand data from an agency that not long ago was invisible to most Americans, Solove said it's important not to put the NSA on some kind of legal pedestal.

"The NSA is not above the law. It's a government agency, just like every other government agency. Just because it has this Harry Potter-like disappearing cloak, it's still an agency that is subject to the law," Solove said.
http://redtape.nbcnews.com/_news/201...rce-cases?lite





NSA Boss Asks Congress For Blanket Immunity For Companies That Help NSA Spy On Everyone
Mike Masnick

This will come as no surprise to anyone, but NSA boss General Keith Alexander is pestering Congress for a new law which would provide blanket immunity for companies helping the NSA collect data on everyone.

Gen. Keith Alexander has petitioned Capitol Hill for months to give Internet service providers and other firms new cover from lawsuits when they rely on government data to thwart emerging cyberthreats.

Basically, he's arguing that if the NSA orders companies to do something illegal, the companies shouldn't be liable for that. There's some logic behind that, because when you get an order from the government, you often feel compelled to obey. But, of course, the reality is that this will give blanket cover for companies voluntarily violating all sorts of privacy laws in giving the NSA data. And, theoretically you could then sue the government over those violations, but we've seen in the past how well that goes over. First, the courts won't give you "standing" if you can't prove absolutely that your data was included. Then, if you get past that hurdle, the government will claim "national security" or sovereign immunity to try to get out of the case. And, even if it gets past all of that, and you win against the government, the feds shrug their shoulders and say "now what are you going to do?"

And, of course, rather than narrowly target this immunity, it appears that Alexander would like it as broad as possible.

One former White House aide told POLITICO that Alexander has been asking members of Congress for some time to adopt bill language on countermeasures that’s “as ill-defined as possible” — with the goal of giving the Pentagon great flexibility in taking action alongside Internet providers. Telecom companies, the former aide said, also have been asking Alexander for those very legal protections.

Given the revelations of the past few weeks, this seems like the exact wrong direction for Congress to be heading. We should want companies to push back against overaggressive demands from the government for information. Giving them blanket immunity would be a huge mistake and only enable greater privacy violations.
https://www.techdirt.com/articles/20...everyone.shtml





Poll: Public Wants Congressional Hearings on NSA Surveillance
Scott Clement and Sean Sullivan

Americans are divided when it comes to charging Edward Snowden with a crime for leaking portions of the National Security Agency’s sweeping surveillance of phone records and Internet activity, but they clearly want to know more, according to a new Washington Post-ABC News poll. Nearly two-thirds said they want open, public congressional hearings on the previously secret programs.

Overall, 43 percent support and 48 percent oppose criminally charging Snowden, a former government contractor. A large majority of those who oppose the surveillance programs also oppose legal action against Snowden (65 percent), while backers of surveillance efforts are somewhat less resolute: 55 percent support charging him with a crime.

Some reluctance to criminalize the matter is driven by liberal Democrats. While 76 percent of liberal Democrats support the NSA’s surveillance efforts, only 50 percent want Snowden to face criminal charges.

Among all Americans, most — 58 percent — support the NSA’s program collecting extensive phone call records and Internet data. The result mirrors a Washington Post-Pew Research Center poll released last week that found 56 percent saying the NSA’s tracking of phone call records of millions of Americans is “acceptable.”

Public opinion polls — asking questions in different ways — have found varying levels of support for the NSA’s surveillance programs, perhaps reflecting growing awareness since they were first revealed early in June in The Washington Post and Britain’s Guardian newspaper. For instance, a CNN/ORC poll released Monday found 66 percent said the Obama administration was “right” in tracking (mostly) foreign Internet activity, while only 48 percent “approved” of broader phone and Internet data collection in a similarly timed Pew Research Center/USA Today poll. The ranging results reflect both the differing question wording, but also the complexity and novelty of the programs to which Americans are just now paying attention.
http://www.washingtonpost.com/blogs/...e/?tid=rssfeed





How Cash Secretly Rules Surveillance Policy

Today's congressional hearing was a joke. The reason: Firms like Booz Allen bankroll and own Congress. Here's how
David Sirota

Have you noticed anything missing in the political discourse about the National Security Administration’s unprecedented mass surveillance? There’s certainly been a robust — and welcome — discussion about the balance between security and liberty, and there’s at least been some conversation about the intelligence community’s potential criminality and constitutional violations.

Thanks to what I’ve previously called the No Money Rule, however, there have only been indirect references to how cash undoubtedly tilts the debate against those who challenge the national security state.

Those indirect references have come in the form of stories about the business model of Booz Allen Hamilton, the security contractor that employed Edward Snowden.

CNN/Money notes that 99 percent of the firm’s multibillion-dollar annual revenues now come from the federal government. Those revenues are part of a larger and growing economic sector within the military-industrial complex — a sector that, according to author Tim Shorrock, is “a $56 billion-a-year industry.”

For the most part, this is where the political discourse about money stops. We are told that there are high-minded debates about security and liberty, with politicians of differing parties contributing to those debates from positions of principle and ideology. We are also told in passing that there’s this massively profitable private industry that makes billions a year from the policy decisions that ultimately emerge from such a debate.

Thanks to the No Money Rule among the Washington press corps, though, there is mostly silence about the connection between the private industry and the public policy. Indeed, few in D.C. are willing to say that the policy debate may be, in part, driven by the private industry and almost nobody dares mention that politicians’ attacks on surveillance critics may actually have nothing to do with principle, and everything to do with going to bat for their campaign donors.

For a taste of what that kind of institutionalized corruption looks like, take a look at the amount of money Booz Allen Hamilton and its parent company The Carlyle Group spend on campaign contributions and lobbying. As you’ll see, from Barack Obama to John McCain, many of the politicians now publicly defending the surveillance state and slamming whistleblowers like Snowden have taken huge sums of money from these two firms. Same thing for the political parties themselves – they are bankrolled by these firms.

This is just an example from two companies among scores, but it exemplifies a larger dynamic. Simply put, there are huge corporate forces with a vested financial interest in making sure the debate over security is tilted toward the surveillance state and against critics of that surveillance state. In practice, that means when those corporations spend big money on campaign contributions, they aren’t just buying votes for specific private contracts. They are also implicitly pressuring politicians to rhetorically push the discourse in a pro-surveillance, anti-civil liberties direction — that is, in a direction that preserves the larger political assumptions on which the profits of the entire surveillance-industrial complex are based.

The success of that pressure is exemplified by the title of today’s congressional hearing with the head of the NSA, Gen. Keith Alexander. The hearing doesn’t ask why Alexander lied to Congress or whether the NSA has engaged in illegal acts. No, a Congress bankrolled by firms like Booz Allen predictably calls the hearing “How Disclosed NSA Programs Protect Americans and Why Disclosure Aids Our Adversaries,” the two preconceived assumptions being that 1) the NSA’s surveillance programs, which generate huge profits for companies like Booz, are beneficial to Americans’ security and 2) critics of those programs hurt the country.

None of this, by the way, is exclusive to debates over domestic national security policy. As Booz Allen’s business model suggests, there are also foreign policy implications to the pay-to-play culture.

As the New York Times notes, the firm is expanding its profit potential by “marketing” its surveillance and security services to Middle East dictatorships that want to strengthen their grip on power. According to the Washington Business Journal, that includes Kuwait, Qatar, Omar, the United Arab Emirates, Saudi Arabia, Bahrain and “other countries” working to crush democratic dissent “associated with the Arab Spring.” That means American politicians who are financed by Booz and other firms with a similar multinational business model not only have a vested campaign-contribution interest in shilling for the domestic surveillance state that their donors profit from. They also have a similar interest in denigrating the democratic protest movements that challenge Mideast surveillance states that make those donors big money, too.

Obviously, this kind of moneyed influence should be a critical focus of the political reporting on politicians’ declarations about Snowden, the NSA, foreign policy and surveillance in general. When, for instance, a journalist reports on a politician slamming critics of the surveillance state, the public should be told whether that politician has taken money from firms that make their money off the continued expansion of that surveillance state. But that isn’t happening thanks to the aforementioned No Money Rule in the Washington press — and that rule isn’t just about etiquette. On national security issues, it is often about the elite agenda-setting Washington media outlets that also financially rely on an ever-expanding national security state.

For a microcosmic (but not the only) example of that little-mentioned reliance — and how it may skew the way the elite media frame the national security debate — look at these side-by-side pages from the ultimate agenda-setting D.C. newspaper, Politico:

As you can see, the ad on the left side is for a defense contractor. Like surveillance/security firms, it is part of a larger industry that relies on the ever-expanding national security state for its profits, and that therefore is hostile to national security state critics like Snowden. That industry invests heavily not only in politicians, but in advertising in Washington publications like Politico. Is it any coincidence that (as you can see on the right page) such publications loyally frame the debate over Snowden not as a question that ponders possible positive qualities (heroism, courage, etc.) but as a question exclusively of negatives: specifically, did he commit treason or is he a traitor?

Noting all of this isn’t to allege conspiratorial micromanagement of politicians and media by the military-intelligence community. It isn’t, for instance, to claim that everything that comes out of surveillance defenders’ mouths comes from talking points provided by Booz Allen’s lobbyists, nor is it to claim that Politico writers are directly ordered by their advertisers to depict national security critics on exclusively negative terms. It is actually to suggest something much more pernicious and ubiquitous than that.

As anyone who has worked in Washington politics and media well knows, the capital is not a place of competing high-minded ideologies; in terms of the mechanics of legislation and policy, it is a place where monied interests duke it, where those with the most money typically win, and where a power-worshiping media is usually biased toward the winners. In the context of money and national security, there is a clear imbalance — there are far fewer moneyed interests whose business is transparency and protecting civil liberties than there are moneyed interests whose business is secrecy and curtailing civil liberties. That imbalance has consequently resulted in a larger environment in Washington that is so dominated by national-security-state money that the capital’s assumptions reflexively, unconsciously and automatically skew toward the national security state without overt corporate orders ever having to be given to politicians or media outlets.

If the simplest, most straightforward explanation is often the most accurate, then this skewing is almost certainly part of why the pro-surveillance terms of the political debate in Washington are so at odds with public opinion polling on the matter. Big Money has helped create that disconnect, even though Big Money is somehow written out of the story.
http://www.salon.com/2013/06/18/how_...llance_policy/





Has U.S. Started An Internet War?
Bruce Schneier

Today, the United States is conducting offensive cyberwar actions around the world.

More than passively eavesdropping, we're penetrating and damaging foreign networks for both espionage and to ready them for attack. We're creating custom-designed Internet weapons, pre-targeted and ready to be "fired" against some piece of another country's electronic infrastructure on a moment's notice.

This is much worse than what we're accusing China of doing to us. We're pursuing policies that are both expensive and destabilizing and aren't making the Internet any safer. We're reacting from fear, and causing other countries to counter-react from fear. We're ignoring resilience in favor of offense.

Welcome to the cyberwar arms race, an arms race that will define the Internet in the 21st century.

Presidential Policy Directive 20, issued last October and released by Edward Snowden, outlines U.S. cyberwar policy. Most of it isn't very interesting, but there are two paragraphs about "Offensive Cyber Effect Operations," or OCEO, that are intriguing:

"OECO can offer unique and unconventional capabilities to advance U.S. national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging. The development and sustainment of OCEO capabilities, however, may require considerable time and effort if access and tools for a specific target do not already exist.

"The United States Government shall identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power, establish and maintain OCEO capabilities integrated as appropriate with other U.S. offensive capabilities, and execute those capabilities in a manner consistent with the provisions of this directive."

These two paragraphs, and another paragraph about OCEO, are the only parts of the document classified "top secret." And that's because what they're saying is very dangerous.

Cyberattacks have the potential to be both immediate and devastating. They can disrupt communications systems, disable national infrastructure, or, as in the case of Stuxnet, destroy nuclear reactors; but only if they've been created and targeted beforehand. Before launching cyberattacks against another country, we have to go through several steps.

We have to study the details of the computer systems they're running and determine the vulnerabilities of those systems. If we can't find exploitable vulnerabilities, we need to create them: leaving "back doors" in hacker speak. Then we have to build new cyberweapons designed specifically to attack those systems.

Sometimes we have to embed the hostile code in those networks, these are called "logic bombs," to be unleashed in the future. And we have to keep penetrating those foreign networks, because computer systems always change and we need to ensure that the cyberweapons are still effective.

Like our nuclear arsenal during the Cold War, our cyberweapons arsenal must be pretargeted and ready to launch.

That's what Obama directed the U.S. Cyber Command to do. We can see glimpses in how effective we are in Snowden's allegations that the NSA is currently penetrating foreign networks around the world: "We hack network backbones -- like huge Internet routers, basically -- that give us access to the communications of hundreds of thousands of computers without having to hack every single one."

The NSA and the U.S. Cyber Command are basically the same thing. They're both at Fort Meade in Maryland, and they're both led by Gen. Keith Alexander. The same people who hack network backbones are also building weapons to destroy those backbones. At a March Senate briefing, Alexander boasted of creating more than a dozen offensive cyber units.

Longtime NSA watcher James Bamford reached the same conclusion in his recent profile of Alexander and the U.S. Cyber Command (written before the Snowden revelations). He discussed some of the many cyberweapons the U.S. purchases:

"According to Defense News' C4ISR Journal and Bloomberg Businessweek, Endgame also offers its intelligence clients -- agencies like Cyber Command, the NSA, the CIA, and British intelligence -- a unique map showing them exactly where their targets are located. Dubbed Bonesaw, the map displays the geolocation and digital address of basically every device connected to the Internet around the world, providing what's called network situational awareness. The client locates a region on the password-protected web-based map, then picks a country and city -- say, Beijing, China. Next the client types in the name of the target organization, such as the Ministry of Public Security's No. 3 Research Institute, which is responsible for computer security -- or simply enters its address, 6 Zhengyi Road. The map will then display what software is running on the computers inside the facility, what types of malware some may contain, and a menu of custom-designed exploits that can be used to secretly gain entry. It can also pinpoint those devices infected with malware, such as the Conficker worm, as well as networks turned into botnets and zombies -- the equivalent of a back door left open...

"The buying and using of such a subscription by nation-states could be seen as an act of war. 'If you are engaged in reconnaissance on an adversary's systems, you are laying the electronic battlefield and preparing to use it' wrote Mike Jacobs, a former NSA director for information assurance, in a McAfee report on cyberwarfare. 'In my opinion, these activities constitute acts of war, or at least a prelude to future acts of war.' The question is, who else is on the secretive company's client list? Because there is as of yet no oversight or regulation of the cyberweapons trade, companies in the cyber-industrial complex are free to sell to whomever they wish. "It should be illegal,' said the former senior intelligence official involved in cyberwarfare. 'I knew about Endgame when I was in intelligence. The intelligence community didn't like it, but they're the largest consumer of that business.'"

That's the key question: How much of what the United States is currently doing is an act of war by international definitions? Already we're accusing China of penetrating our systems in order to map "military capabilities that could be exploited during a crisis." What PPD-20 and Snowden describe is much worse, and certainly China, and other countries, are doing the same.

All of this mapping of vulnerabilities and keeping them secret for offensive use makes the Internet less secure, and these pre-targeted, ready-to-unleash cyberweapons are destabalizing forces on international relationships. Rooting around other countries' networks, analyzing vulnerabilities, creating back doors, and leaving logic bombs could easily be construed as an act of war. And all it takes is one over-achieving national leader for this all to tumble into actual war.

It's time to stop the madness. Yes, our military needs to invest in cyberwar capabilities, but we also need international rules of cyberwar, more transparency from our own government on what we are and are not doing, international cooperation between governments and viable cyberweapons treaties. Yes, these are difficult. Yes, it's a long slow process. Yes, there won't be international consensus, certainly not in the beginning. But even with all of those problems, it's a better path to go down than the one we're on now.

We can start by taking most of the money we're investing in offensive cyberwar capabilities and spend them on national cyberspace resilience. MAD, mutually assured destruction, made sense because there were two superpowers opposing each other. On the Internet there are all sorts of different powers, from nation-states to much less organized groups. An arsenal of cyberweapons begs to be used, and, as we learned from Stuxnet, there's always collateral damage to innocents when they are. We're much safer with a strong defense than with a counterbalancing offense.
http://edition.cnn.com/2013/06/18/op...icy/index.html





Microsoft Says it Freed Millions of Computers from Criminal Botnet
Jim Finkle

Microsoft Corp said that an assault it led earlier this month on one of the world's biggest cyber crime rings has freed at least 2 million PCs infected with a virus believed to have been used to steal more than $500 million from bank accounts worldwide.

"We definitely have liberated at least 2 million PCs globally. That is a conservative estimate," Richard Domingues Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit, said in an interview on Tuesday.

He said the vast majority of infected machines were in the United States, Europe and Hong Kong.

Microsoft and the FBI, aided by authorities in more than 80 countries, on June 5 sought to take down 1,400 malicious computer networks known as the Citadel Botnets by severing their access to infected machines. Microsoft's Digital Crimes Unit is working with its partners overseas to determine exactly how many of the Citadel botnets are still operational.

"We feel confident that we really got most of the ones that we were after," he said. "It was a very, very successful disruptive action."

The ringleader, who goes by the alias Aquabox, and dozens of botnet operators remain at large and the authorities are working to uncover their identities. Boscovich said he suspects Aquabox is in Eastern Europe.

The botnets, which were run from "command and control" servers at data hosting centers around the world, were used to steal from hundreds of financial institutions, according to court documents that Microsoft filed to get permission to shut down servers in the United States that were being used to run the operation.

Data center operators typically are not aware that their servers are being used to run botnets.

The ring targeted firms of all sizes, from tiny credit unions to global banks such as Bank of America, Credit Suisse, HSBC and Royal Bank of Canada.

Citadel is one of the biggest botnets in operation today. Microsoft said its creator bundled the software with pirated versions of the Windows operating system.

The FBI, which on Tuesday declined to comment on its progress in its investigation of Citadel, has said it is working closely with Europol and other overseas authorities to capture the unknown criminals.

Cyber criminals typically infect machines by sending spam emails containing malicious links and attachments, and by infecting legitimate websites with computer viruses that attack unsuspecting visitors. Some bot herders rent or sell infected machines on underground markets to other cyber criminals looking to engage in a wide variety of activities including credit card theft and attacks on government websites.

The Citadel software disables anti-virus programs on infected PCs so they cannot detect malicious software. It surfaced in early 2012 and is sold over the Internet in kits that cost $2,400 or more. (See graphic link.reuters.com/vem68t)

(Reporting by Jim Finkle; Editing by Richard Valdmanis and Steve Orlofsky)
http://www.reuters.com/article/2013/...95H1EG20130618





Aaron's Law Would Revamp Computer Fraud Penalties

The new legislation would prevent prosecutors from targeting computer users for terms of service violations
Grant Gross

Two U.S. lawmakers have introduced a bill that would prevent the Department of Justice from prosecuting people for violating terms of service for Web-based products, website notices or employment agreements under the Computer Fraud and Abuse Act (CFAA).

On Thursday, Representative Zoe Lofgren, a California Democrat, and Senator Ron Wyden, an Oregon Democrat, introduced Aaron's Law, a bill aimed at removing some types of prosecutions under the CFAA.

The bill is named after Internet activist Aaron Swartz, who committed suicide in January while facing federal prosecution for allegedly hacking into a Massachusetts Institute of Technology network and downloading millions of scholarly articles from the JSTOR subscription service.

The bill would remove the charge of "exceeds authorized access" from the CFAA, instead creating a definition for "access without authorization." Access without authorization would include bypassing technology and physical measures through deception or through gaining access to an authorized person's credentials.

"Aaron's Law is not just about Aaron Swartz, but rather about refocusing the law away from common computer and Internet activity and toward damaging hacks," Lofgren and Wyden wrote in a joint statement. "It establishes a clear line that's needed for the law to distinguish the difference between common online activities and harmful attacks."

The bill would also narrow the penalty enhancement provisions in the CFAA, making it tougher for prosectors to seek enhanced penalties for crimes involving little financial gain.

Lofgren released a draft bill to amend the CFAA back in January, days after Swartz killed himself. The sponsors of the bill posted drafts on Reddit.

Digital rights groups have called on lawmakers to soften the CFAA after prosecutors in Massachusetts threatened Swartz with a lengthy jail sentence.

"In drafting Aaron's Law ... we did not opt for a quick fix of the CFAA that could bring with it unintended consequences," Wyden and Lofgren wrote. "Instead, we undertook a deliberative process for crafting this legislation. We reviewed extensive input from a broad swath of technical experts, businesses, advocacy groups, current and former government officials, and the public."

Demand Progress, the digital rights group Swartz cofounded, praised the legislation.

"Since we lost Aaron in January there have been good days and there have been bad days," David Segal, the group's executive director, said in an email. "This is a good day. When Aaron's Law is signed into law it will mean that Aaron will continue to do in death what he always did in life, protect the freedoms and rights of all people."

The Center for Democracy and Technology also applauded the bill.

"Breaking a promise is not the same as breaking into a computer, and fibbing about your age on FacebookA shouldn't be a federal crime," Kevin Bankston, director of CDT's Free Expression Project, said in an email. "The courts, sensibly, have already started to reject prosecutors' attempts to charge computer crimes based on violation of a web site's terms of service or an employer's computer use policy. Aaron's Law' would eliminate any ambiguity and make those courts' decisions the law of the land."
https://www.networkworld.com/news/20...er-271093.html





U.S. Files Espionage Charges Against Snowden Over Leaks
Tabassum Zakaria and Mark Hosenball

The United States has filed espionage charges against Edward Snowden, a former U.S. National Security Agency contractor who admitted revealing secret surveillance programs to media outlets, according to a court document made public on Friday.

The charges are the government's first step in what could be a long legal battle to return Snowden from Hong Kong, where he is believed to be in hiding, and try him in a U.S. court. A Hong Kong newspaper said he was under police protection, but the territory's authorities declined to comment.

Snowden was charged with theft of government property, unauthorized communication of national defense information and willful communication of classified communications intelligence to an unauthorized person, said the criminal complaint, which was dated June 14.

The latter two offenses fall under the U.S. Espionage Act and carry penalties of fines and up to 10 years in prison.

A single page of the complaint was unsealed on Friday. An accompanying affidavit remained under seal.

Two U.S. sources, speaking on condition of anonymity, said the United States was preparing to seek Snowden's extradition from Hong Kong, which is part of China but has wide-ranging autonomy, including an independent judiciary.

The Washington Post, which first reported the criminal complaint earlier on Friday, said the United States had asked Hong Kong to detain Snowden on a provisional arrest warrant.

Hong Kong's Chinese-language Apple Daily quoted police sources as saying that anti-terrorism officers had contacted Snowden, arranged a safe house for him and provided protection.

The report said the police had checked his documents but had not discussed other matters or taken any statements.

Hong Kong Police Commissioner Andy Tsang declined to comment other than to say Hong Kong would deal with the case in accordance with the law.

Snowden earlier this month admitted leaking secrets about classified U.S. surveillance programs, creating a public uproar. Supporters say he is a whistleblower, while critics call him a criminal and perhaps even a traitor.

He disclosed documents detailing U.S. telephone and Internet surveillance efforts to the Washington Post and Britain's Guardian newspaper.

The criminal complaint was filed in the Eastern District of Virginia, where Snowden's former employer, Booz Allen Hamilton, is located.

That judicial district has seen a number of high-profile prosecutions, including the spy case against former FBI agent Robert Hanssen and the case of al Qaeda operative Zacarias Moussaoui. Both were convicted.

'ACTIVE EXTRADITION RELATIONSHIP'

Documents leaked by Snowden revealed that the NSA has access to vast amounts of Internet data such as emails, chat rooms and video from large companies such as Facebook and Google, under a government program known as Prism.

They also showed that the government had worked through the secret Foreign Intelligence Surveillance Court to gather so-called metadata - such as the time, duration and telephone numbers called - on all calls carried by service providers such as Verizon.

President Barack Obama and his intelligence chiefs have vigorously defended the programs, saying they are regulated by law and that Congress was notified. They say the programs have been used to thwart militant plots and do not target Americans' personal lives.

U.S. federal prosecutors, by filing a criminal complaint, lay claim to a legal basis to make an extradition request of the authorities in Hong Kong, the Post reported. The prosecutors now have 60 days to file an indictment and can then take steps to secure Snowden's extradition from Hong Kong for a criminal trial in the United States, the newspaper reported.

The United States and Hong Kong have "excellent cooperation" and as a result of agreements, "there is an active extradition relationship between Hong Kong and the United States," a U.S. law enforcement official told Reuters.

Since the United States and Hong Kong signed an extradition treaty in 1998, scores of Americans have been sent back home to face trial. However, the process can take years, lawyers say.

Under Hong Kong's extradition process, a request would first go to Hong Kong's chief executive. A magistrate would issue a formal warrant for Snowden's arrest if the chief executive agrees the case should proceed.

Simon Young, a law professor at the University of Hong Kong, said the first charge of theft against Snowden might find an equivalent charge in Hong Kong, needed to allow extradition proceedings to move forward, but the unauthorized communication and willful communication charges may be sticking points that lead to litigation and dispute in the courts.

Whatever the Hong Kong courts decide could be vetoed by the territory's leader or Beijing on foreign affairs or defense grounds.

An Icelandic businessman linked to the anti-secrecy group WikiLeaks said on Thursday he had readied a private plane in China to fly Snowden to Iceland if Iceland's government would grant asylum.

Iceland refused on Friday to say whether it would grant asylum to Snowden.

(Additional reporting by James Pomfret, Venus Wu and Grace Li in HONG KONG; Editing by Warren Strobel, Peter Cooney and Neil Fullick)
http://www.reuters.com/article/2013/...95K18220130622





Pelosi Booed at Netroots While Defending Espionage Charges Against Snowden
Arturo Garcia

House Minority Leader Nancy Pelosi (D-CA) drew boos and heckling from members of the crowd at a progressive conference on Saturday while defending President Barack Obama’s administration and the recently-discovered surveillance policies by the National Security Agency (NSA).

About 47 minutes into Pelosi’s speech at Netroots in San Jose, California, a growing commotion can be heard coming from the audience. While moderator and MSNBC contributor Zerlina Maxwell urged the audience to submit questions online instead of shouting, Pelosi continued, saying, “I think it’s really important to subject all of this to the transparent and harshest scrutiny, to say, ‘We want a balance between privacy and security.’”

At that point, a man identified by Politico as 57-year-old Marc Perkel can be heard shouting, “It’s not a balance. It’s not constitutional! No more secret laws!”

Perkel was ejected from the room by security, while other audience members shouted for him to be left alone. Shortly thereafter, loud boos can be heard coming from the audience after she said former NSA contractor Edward Snowden ” did violate the law” in releasing details about NSA programs like PRISM. The government charged Snowden with crimes related to the Espionage Act on Friday.

“I know that some of you attribute heroic status to that action,” she said of Snowden’s leaks to the Guardian and the Washington Post. “But, again, you don’t have the responsibility for the security of the United States. Those of us who do have to strike a different balance.”

Pelosi also defended President Barack Obama against charges that the surveillance of private residents’ phone and internet use constituted a “fourth term” for his predecessor, George W. Bush.

Under the George W. Bush administration, Pelosi explained, there was no court oversight for the Foreign Intelligence Surveillance Act (FISA), arguing that Democrats were able to institute changes to the Protect America Act of 2007.

“The Bush administration: warrantless,” she said. “Then, when they got caught, they said, ‘The Attorney General and the Director of National Intelligence, they should decide if we can go forth with some of this stuff.’ Well, what’s that? They’re practically employess of the President of the United States.”
http://www.rawstory.com/rs/2013/06/2...ainst-snowden/





After Espionage Charges, Edward Snowden Petition Reaches Critical Mass
Kevin Collier

President Obama will now be forced to weigh in on the public's desire to pardon PRISM whistleblower Edward Snowden, despite a carefully crafted effort to neither praise nor condemn him.

A We the People petition titled "Pardon Edward Snowden" reached the requisite 100,000 signatures Saturday morning. By the Obama administration's own rules, any petition that reaches that threshold will receive a formal response from the White House, though there’s no formal timetable for the official comment.

Obama has defended National Security Agency (NSA) spy programs like PRISM as legal, but he has refused to comment on Snowden himself. In his most extensive interview on the subject, he explained to CBS's Charlie Rose that all the NSA's controversial spying actions were allowed by the Foreign Intelligence Surveillance Act (FISA). But he refused to comment on Snowden himself, simply saying, "He—the case has been referred to the Department of Justice for criminal investigation."

Congress has been in a frenzy since Snowden's revelations. While its members' responses have ranged from surprise and outrage at PRISM's existence to a staunch defense of it, Snowden as an individual has received very little support. A few members, like Senator Dianne Feinstein (D-Calif.) and Reps. Aaron Schock (R-Ill.) and Peter King (R-N.Y.), have accused him of treason, though that's not among the DoJ's charges.

The petition was created soon after Snowden revealed himself to be the source of an NSA slideshow detailing PRISM, a still-not-fully-explained program that allows the government to track communications on Gmail, Facebook, and other U.S. Internet companies. Signatories had begun to lag in recent days, but they skyrocketed after the U.S. Department of Justice formally charged Snowden with espionage, theft, and conversion of government property on Friday.

The petition, which closes July 9, currently has 100,710 signatures.
http://www.dailydot.com/politics/edw...rged-petition/





Snowden Leaves Hong Kong, May be Heading for Venezuela
James Pomfret

A former U.S. security contractor charged by Washington with espionage was allowed to leave Hong Kong on Sunday, his final destination not confirmed, because a U.S. request to have him arrested did not comply with the law, the Hong Kong government said.

Edward Snowden, who worked for the National Security Agency, had been hiding in Hong Kong since leaking details about U.S. surveillance activities to news media.

The United States wanted him to be extradited to face trial and is likely to be furious about reports that he was travelling to Moscow on Sunday before flying on to Cuba and Venezuela.

"It's a shocker," said Simon Young, a law professor with Hong Kong University. "I thought he was going to stay and fight it out. The U.S. government will be irate."

A source at Russia's Aeroflot airline said Snowden would fly from Moscow to Cuba on Monday and then planned to go on to Venezuela. The South China Morning Post earlier said his final destination might be Ecuador or Iceland.

The WikiLeaks anti-secrecy website said it helped Snowden find "political asylum in a democratic country".

It added in an update on Twitter that he was accompanied by diplomats and legal advisers and was travelling via a safe route for the purposes of seeking asylum.

"The WikiLeaks legal team and I are interested in preserving Mr Snowden's rights and protecting him as a person," former Spanish judge Baltasar Garzon, legal director of WikiLeaks and lawyer for the group's founder Julian Assange, said in a statement.

"What is being done to Mr Snowden and to Mr Julian Assange - for making or facilitating disclosures in the public interest - is an assault against the people."

Assange has taken sanctuary in the Ecuadorean embassy in London and said last week he would not leave even if Sweden stopped pursuing sexual assault claims against him because he feared arrest on the orders of the United States.

U.S. authorities have charged Snowden with theft of U.S. government property, unauthorized communication of national defense information and wilful communication of classified communications intelligence to an unauthorized person, with the latter two charges falling under the U.S. Espionage Act.

The United States had asked Hong Kong, a special administrative region (SAR) of China, to send Snowden home.

"The U.S. government earlier on made a request to the HKSAR government for the issue of a provisional warrant of arrest against Mr Snowden," the Hong Kong government said in a statement.

"Since the documents provided by the U.S. government did not fully comply with the legal requirements under Hong Kong law, the HKSAR government has requested the U.S. government to provide additional information ... As the HKSAR government has yet to have sufficient information to process the request for provisional warrant of arrest, there is no legal basis to restrict Mr Snowden from leaving Hong Kong."

It did not say what further information it needed.

The White House had no comment.

CHINA SAYS U.S. "BIGGEST VILLAIN"

Hong Kong, a former British colony, reverted to Chinese rule in 1997 and although it retains an independent legal system, and its own extradition laws, Beijing has control over Hong Kong's foreign affairs. Some observers see Beijing's hand in Snowden's sudden departure.

Iceland refused on Friday to say whether it would grant asylum to Snowden, a former employee of contractor Booz Allen Hamilton who worked at an NSA facility in Hawaii.

Putin's spokesman, Dmitry Peskov, said earlier this month that Russia would consider granting Snowden asylum if he were to ask for it and pro-Kremlin lawmakers supported the idea, but there has been no indication he has done so.

The South China Morning Post earlier quoted Snowden offering new details about the United States' spy activities, including accusations of U.S. hacking of Chinese mobile telephone companies and targeting China's Tsinghua University.

Documents previously leaked by Snowden revealed that the NSA has access to vast amounts of internet data such as emails, chat rooms and video from large companies, including Facebook and Google, under a government program known as Prism.

China's Xinhua news agency, referring to Snowden's accusations about the hacking of Chinese targets, said they were "clearly troubling signs".

It added: "They demonstrate that the United States, which has long been trying to play innocent as a victim of cyber attacks, has turned out to be the biggest villain in our age."

Venezuela, Cuba and Ecuador are all members of the ALBA bloc, an alliance of leftist governments in Latin America who pride themselves on their "anti-imperialist" credentials.

(Additional reporting by Fayen Wong in Shanghai, Nishant Kumar in Hong Kong and Andrew Cawthorne in Caracas; Alexei Anishchuk and Steve Gutterman in Moscow, and Tabassum Zakaria in Washington; Writing by Nick Macfie; Editing by Anna Willard and Sonya Hepinstall)
http://www.courant.com/news/nation-w...,5649600.story





'Tell Your Boss I Owe Him Another Friggin' Beer:' Hot Mic Catches NSA Boss Praising FBI Chiefs for Supportive Testimony on Surveillance Programs
Hayley Peterson

The director of the National Security Agency was overheard offering a round of beer to the FBI's second-in-command following Tuesday's congressional hearing on the NSA's controversial surveillance programs.

The three-hour hearing had just wrapped up around 1 p.m. when NSA Director Keith Alexander turned to FBI Deputy Director Sean Joyce and praised him for his testimony.

'Thank you, Sean,' Alexander said, according to a clip of the exchange that was first reported by Ben Doernberg.

'Tell your boss I owe him another friggin' beer,' he added.

'Yeah?' Joyce responded.

'Yeah,' said Alexander.

'Tell him to give it to me,' Joyce said.

Alexander and Joyce sat side-by-side during the hearing and took turns answering questions from lawmakers about the recently disclosed government surveillance programs.

Joyce repeatedly praised the programs as 'essential' tools for fighting terrorism in his remarks to the House Permanent Select Committee on Intelligence.

He also described four specific cases where the FBI used data obtained by the NSA programs to thwart terror attacks, including a bomb plot against the New York Stock Exchange and another against the city's subway system.

'We are revealing in front of you today methods and techniques,' he said. 'I have told you, the examples I gave you how important they have been. The first core al Qaeda plot to attack the United States post 9-11 we used one of these programs. Another plot to bomb the New York Stock Exchange we used these programs.'

The hearing was called after former security contractor Edward Snowden leaked details of the secret programs to the Washington Post and The Guardian.

Joyce testified that the FBI is pursuing criminal charges against Snowden for his leaks.
http://www.dailymail.co.uk/news/arti...-programs.html
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

June 15th, June 8th, June 1st, May 25th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 12:26 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)