metadata
Latest
NSA considered scrapping its mass phone surveillance program
The National Security Agency may present a united front when it defends against criticism of its bulk phone data collection, but it's now clear that there has been at least some doubt within the ranks. Associated Press sources have revealed that there was an internal proposal to kill the phone surveillance program in early 2013, not long before Edward Snowden's leaks made it public. Reportedly, some NSA officials were concerned that the initiative was not only expensive to run, but ineffective. It wasn't "central" to catching terrorist plots, and it wasn't capturing most cellphone calls. Not surprisingly, the critics were also worried about outrage if the truth came out -- which, of course, is exactly what happened.
DEA kept records of US phone calls for nearly 15 years
The NSA isn't the only American government agency keeping track of phone call metadata... or rather, it wasn't. A Department of Justice court filing has revealed that the Drug Enforcement Administration maintained records of every call made from the US to Iran and other nations for nearly 15 years, stopping only when the initiative was discontinued (prompted at least partly by leaks) in September 2013. The DEA didn't get the content of those calls, but it also didn't get court oversight -- it used administrative subpoenas that only required the approval of federal agents. And unlike the NSA, this program was meant solely for domestic offenses like drug trafficking.
The NSA's search tool is a Google for the world's communications data
If sharing really is caring, then the NSA must care a lot. That's the thrust of a new report from The Intercept that pulled back the curtain on a search system called ICREACH -- launched in 2007, the system allows members of more 20 different US agencies to quickly sift through the communications metadata of both foreigners and citizens on US soil. And the reason for all this? Well, the stated goal was to allow members of these government agencies to identify persons of interest and help agents monitor the activities of "intelligence targets" at home and abroad. Putting aside its ability to crawl through some 850 billion metadata records (and growing), one of ICREACH's greatest assets might be its straightforward interface. It's referred to in internal documentation as being "Google-like" and allows researchers to dig into metadata records by punching in simple "selectors" like email addresses and phone numbers.
The NSA collected more of your personal data than it was legally allowed to
Former NSA chief Gen. Keith Alexander defended the NSA's bulk collection to John Oliver by saying that all his former employers did was collect metadata. He defined that as "two phone numbers, date, time and duration of [the] call." The agency's rules for collecting our electronic communications were similarly stringent, with the government only permitted to store the "to" and "from" fields, as well as the time any private message was sent. Unfortunately, newly-declassified documents have shown that the agency had difficulty just collecting those pieces of information, and instead stored the full texts of e-mails and other messages sent online. According to the report, the NSA had "exceeded the scope of authorized acquisition continuously during the more than [REDACTED] years of acquisition."
The NSA's mass surveillance program for phone call metadata is still going
Despite last night's vote by the House of Representatives and various plans for reform, the NSA is still peeking into places many think it shouldn't. The Office of the Director of National Intelligence just revealed that yesterday, the program that scoops up bulk metadata on phone calls has been renewed again. In February, the Foreign Intelligence Surveillance Court approved some new limits on the program forcing the NSA to request court approval to pull records, and limiting it to info for people within two degrees of a target. Those restrictions are still in place, and this latest 90-day renewal extends the program until September 12th. For now, the changes proposed by President Obama are currently tied to the "gutted" USA Freedom Act that's being considered by the Senate.
Sprint had legal details of the NSA's bulk phone data collection in 2010
The public only started learning about the legal justifications for the NSA's collection of bulk phone records last June, but we now know that at least one telecom received notice much earlier. Both declassified info and Washington Post interviews have revealed that the White House gave Sprint the secret reasoning behind the NSA's surveillance in 2010 to fend off a threatened court challenge over the program's legality. Sprint dropped its formal opposition after that, but it pushed for the declassification last year as a retort to Foreign Intelligence Surveillance Court claims that there had been no court challenges. There might not have been a legal battle, a government official tells the Post, but there were still doubts.
White House wants immunity for telecoms that surrender customer data
American telecoms already have legal immunity when they cooperate with the government's warrantless wiretapping, and they may soon be in the clear when they supply customer data, too. As The Guardian has learned, the White House is asking for legislation that would grant immunity to anyone obeying requests for phone records once companies are in charge of that information. The request isn't surprising, according to an unnamed senior official -- it's in line with existing measures that shelter companies when they respond to Foreign Intelligence Surveillance Act court orders.
Verizon fought the NSA's metadata collection program but lost anyway
It looks like Verizon's concerns about government snooping go beyond publishing transparency reports -- but also haven't had much of a tangible effect. The Washington Post understands through both a declassified ruling and sources that Big Red quietly challenged the constitutionality of the NSA's call metadata collection in January, only to be shot down by the Foreign Intelligence Surveillance Court in March.
Brazil passes an internet bill of rights enshrining net neutrality and privacy
While the world has been deciding who governs the internet, Brazil has been busy establishing internet rules of its own -- and they may just set an example for everyone else. The country has passed a bill of rights that goes some length towards protecting net neutrality and privacy. To start, the law promises equal access to the internet; carriers can't charge more for bandwidth-heavy services like streaming video.
Court rules that the EU's data retention law violates privacy rights
The European Union has argued that telecom companies must hold on to internet and phone records for long periods to help track down evildoers, but the European Court of Justice disagrees -- vehemently. It just ruled that the EU's Data Retention Directive, which preserves metadata for up to two years, is a "wide-ranging and particularly serious" violation of the EU's privacy rights. It collects more information than necessary, doesn't establish firm limits and lets companies send data outside of the EU, according to the ruling. While the Directive doesn't scoop up actual content, the court believes that the unrestricted collection allows too much insight into people's daily activities and social connections. Sound familiar? It should. The ruling acknowledges the privacy concerns that prompted the US' proposed metadata reforms, but goes one step further -- the court is contending that bulk data retention by itself is dangerous without serious restrictions.
Bipartisan bill will stop NSA's bulk phone call data collection, but it might not go far enough
Following Edward Snowden's leaks about the NSA collecting massive amounts of data about phone calls flowing through several companies, President Obama announced limitations on the use of that data in January and said more reforms would follow. Now, the New York Times, Wall Street Journal and Washington Post report a bipartisan bill is about to be unveiled that makes several large changes to the NSA's controversial bulk collection of phone call metadata. A bill that will be unveiled tomorrow in the House of Representatives by Mike Rogers (R-MI) and "Dutch" Ruppersberger (D-MD) will instead see phone companies store the data only as long as they normally would (18 months or so, under other federal regulations). If the NSA suspects a terrorism link, it can make requests for information from specific phone numbers, and related records up to two hops away. What's likely to disappoint privacy advocates however, is that the NSA is only required to send a copy of the directive to a court for review after record collection has already started. On the other hand, according to the Post, it would have the make a determination if a number is linked to terrorism "promptly" and if it does not decide that it's linked "agent of a foreign power," it will be expunged. We should find out exactly what's in the bill when it's introduced tomorrow but there's one other note to remember -- 90-day approval for the NSA's current bulk collection program ends Friday, and is likely to be renewed at least one more time while this and other bills are sorted out.
Privacy group blocks NSA from destroying phone records, calls them evidence
A US judge has temporarily stopped the National Security Agency (NSA) from destroying phone metadata it collected, thanks to an intervention by the Electronic Frontier Foundation (EFF). The privacy watchdog argued that the documents were key to upcoming lawsuits against the spy agency stemming from Edward Snowden's revelations. Ironically, the NSA itself wants to preserve the records for intelligence purposes, but a foreign surveillance court ordered them destroyed. The reason? It judged the records would actually violate the rights of those in the phone lists. However, the EFF claimed that court wasn't aware of an existing order issued in July to keep the documents and another filed back in 2008. A hearing is now scheduled for March 19th to determine if the metadata will be permanently destroyed or not -- with your privacy as the main argument either way.
Canadian spy agency used airport WiFi to track travelers
Questionable data collection isn't just for the US and Britain -- according to CBC News, Canada's own spy agency may have been tracking its citizens illegally too. Documents allegedly provided by Edward Snowden show that Communications Security Establishment Canada (CSEC) collected metadata from thousands of Canadian travelers by tapping into a major airport's free WiFi service. In addition to revealing that the data was collected over a two-week period, the report shows that CSEC was able to use the metadata to digitally follow travelers as their devices passed through other WiFi hotspots in both Canada and the US. CSEC claims that "no Canadian or foreign travelers' movements were 'tracked,'" which technically, might be correct. While the documents explained how the data was collected and what it can be used for, the report doesn't mention any subjects by name. In fact, the documents say the operation was just a test -- a trial run for an advanced tracking program CSEC is developing with the help of the NSA. Although its not clear how much access the NSA will have to the software once it's completed, its motives for supporting the project seem clear. After all, according to the US judicial system, collecting cell phone metadata is completely legal down here. [Image credit: Charleston's TheDigital, Flickr]
Independent federal review board calls for NSA to end 'illegal' phone call data collection
Following up on what we've learned about the NSA's various spying activities over the last year, the aptly-named Privacy and Civil Liberties Oversight Board is apparently ready to issue a report on the mess. Established in 2004 (but only fully operational since November) within the executive branch to serve as an independent source of advice to the president on... privacy and civil liberties, it has arrived somewhat late to the party (President Obama announced reform plans last week, but has said its recommendations will be considered going forward), and delivering a split opinion which leans in favor of ending the NSA's bulk collection of information about phone calls (phone numbers, call times and duration). The 238-page report will be released later today but reporters for the New York Times and Washington Post got an early peek and have highlighted the key points.The board has concluded that the NSA's phone metadata program does not meet the legal standard of the Patriot Act, raises serious privacy threats and is only of limited value at best. It's also opposed to a tweak proposed by the president's appointed panel that would see data held by a third party instead. Pointing out specific cases where other methods could have been used, it's recommending ending the program and making sure any government requests for data are tied to specific investigations. So far the program has continued on even after its existence was revealed and declassified, we'll see if these and other opinions have any affect the next time it's up for consideration.
FISA court reauthorizes NSA to collect call metadata (again)
Need another sign that the NSA's phone surveillance program is considered legal? The Foreign Intelligence Surveillance Court is happy to oblige. This week FISA renewed the agencies' authority to collect call metadata, echoing an October approval from the same court. That's actually standard -- the program needs to be reassessed every 90 days, but typically the authorizations fly under the radar. This time around, the Director of National Intelligence declassified the action "in order to provide the public with a more thorough and balanced understanding of the program."Even so, its not giving detractors any ground: the announcement also reasserts the program's legality, citing the "holdings of the United States District Courts of the Southern District of New York and Southern District of California, as well as the findings of 15 judges of the Foreign Intelligence Surveillance Court on 36 separate occasions over the last seven years." The statement at least closes on an amicable note, promising to be open to tweaking the program in ways that "achieve our counterterrorism mission in a manner that gives the American people greater confidence." Check out the full statement at the source link below.
Federal court ruling against NSA phone surveillance isn't quite what it seems
A federal district court judge in Washington DC issued a preliminary injunction today in a case regarding the NSA's practice of collecting phone call metadata. In doing so, Judge Richard Leon essentially prohibited the NSA from recording the metadata of the folks who filed the lawsuit, holding that the NSA's actions likely violate the fourth amendment of the US Constitution -- the right to be free from unreasonable searches and seizures. The case was originally filed in June by five people who are customers of either Verizon, AT&T or Sprint in the wake of Edward Snowden's NSA spying revelations. And today's ruling has been hailed by some as a huge blow against the NSA in its fight to continue the surveillance practices it claims are authorized under the Patriot Act and the Foreign Intelligence Surveillance Act (FISA).There's a problem with that narrative, however. It's misleading, and the ruling's importance has been overstated. In reality, the ruling just tells us Judge Leon's view of the case given the information he currently has. (A view that is, admittedly, overwhelmingly skeptical of the legality of the NSA's practices and current case law regarding fourth amendment violations.) It does not change the law, the ruling is not final in nature. In fact, in issuing the ruling, Judge Leon removed any immediate legal force of his decision when he stayed the injunction (meaning that the NSA can go about its business as usual if it so chooses) pending appeal. So, not only does the injunction not yet take effect, it might not ever take effect if the appellate court disagrees with Judge Leon's reasoning. Furthermore, the effect of a preliminary injunction only lasts as long as the case does -- so should the trial result in a verdict that the NSA did not violate the constitution, any reasoning given to the contrary in a preliminary injunction ruling is essentially rendered moot.So, while it seems clear that Judge Leon will be looking upon the NSA's data collection policies with great interest and some scorn, his decision is not a major blow against the government. That blow may be coming, and Judge Leon may be the among those to deal it. He just didn't do so today.
LG Smart TVs could be collecting personal data, even if you tell them not to
Think you're safe from prying eyes when you turn off your computer or smartphone and flip on the TV? That might not be the case if you have a recent LG Smart TV, according to a UK blogger called DoctorBeet. He noticed that his new HD set was sending private data, regardless of whether a (rather hidden) toggle called "Collection of watching info" was turned on or off. In scanning through his router logs, DoctorBeet noticed that TV station metadata was transmitted (albeit to a server that appears inactive) each time he changed the channel. More insidiously, even the names of files on USB keys he inserted were being sent -- including one he changed to "Midget_Porn_2013.avi" to prove a point. That appears to go beyond what we saw with its Cognitive Networks hookup, which was supposed to supply more features to users, not advertisers. We contacted LG, who made the following statement: We're looking into this now. We take these claims very seriously and are currently investigating the situation at numerous local levels since our Smart TVs differ in features and functions from one market to another. We work hard to get privacy right and have made this our top priority. They said it could take another 48 hours to actually confirm or deny what's going on -- so, naturally, as soon as we know, you'll know. [Image Credit: DoctorBeet's Blog]
Pinterest pairs up with Getty Images, tells you who shot your pinned photos (among other things)
Pinterest may be all about pictures (and some ads), but a deal sealed today with Getty Images will provide users with some very important words as well: photo metadata. Why should you care? It means that you'll now get a whole host of info along with any Getty pictures you pin. So, you'll be able to see things like the title, caption and the photographer's name from any of Getty's vast catalog of pictures. And, that info will make it easier for you to find similar and related photos to stick on Pinterest's digital boards. As for the deal itself, Pinterest is paying Getty an undisclosed sum for the data and will make sure all photos will be properly attributed. In return, Pinterest gets the aforementioned benefits for its users, and eliminates any copyright complications it might have faced from Getty. Two birds, one stone. Well played, Pinterest.
FISA court renews NSA permission to collect call metadata
News that the NSA collects bulk phone call metadata (phone numbers, call times and duration) from Verizon and other backbone providers initially leaked out in June. Since then PRISM, Edward Snowden and any number of other national security related topics have been in the spotlight, and the new focus has spurred at least one change in the process. On Friday, the Office of the Director of National Intelligence publicly announced the request -- following other declassified documents about the program -- and that it has been renewed (again) by the Foreign Intelligence Surveillance Court. As The Hill mentions, the NSA claims its analysts are only able to search through the collected data if there is "reasonable, articulable suspicion" a phone number is connected to terrorist activity. With analysts still able to paw through tons of our data this doesn't quite feel like the transparency promised, but even this small admission that it's happening highlights how things have changed.
NYT: NSA monitors, graphs some US Citizens' social activity with collected metadata
Just how does the NSA piece together all that metadata it collects? Thanks to "newly disclosed documents and interviews with officials," The New York Times today shed light on how the agency plots out the social activity and connections of those it's spying on. Up until 2010, the NSA only traced and analyzed the metadata of emails and phone calls from foreigners, so anything from US citizens in the chains created stopgaps. Snowden-provided documents note the policy shifted later in that year to allow for the inclusion of Americans' metadata in such analysis. An NSA representative explained to the NYT that, "all data queries must include a foreign intelligence justification, period." During "large-scale graph analysis," collected metadata is cross-referenced with commercial, public and "enrichment data" (some examples included GPS locations, social media accounts and banking info) to create a contact chain tied to any foreigner under review and scope out its activity. The highlighted ingestion tool in this instance goes by the name Mainway. The NYT article also highlights a secret report, dubbed "Better Person Centric Analysis," which details how data is sorted into 164 searchable "relationship types" and 94 "entity types" (email and IP addresses, along with phone numbers). Other documents highlight that during 2011 the NSA took in over 700 million phone records daily on its own, along with an "unnamed American service provider" that began funneling in an additional 1.1 billion cellphone records that August. In addition to that, Snowden's leak of the NSA's classified 2013 budget cites it as hoping to capture "20 billion 'record events' daily" that would be available for review by the agency's analysts in an hour's time. As you might expect, the number of US citizens that've had their info bunched up into all of this currently remains a secret -- national security, of course. Extended details are available at the source links.
