wiretapping
Latest
Yahoo releases content of three FBI data requests to public
Today, Yahoo made minor history by becoming the first company to publicly confirm that it has been issued National Security Letters (NSLs) from the FBI. It sounds like a simple story, but it's actually a huge win for transparency: until recently, gag orders kept companies like Yahoo from acknowledging NSLs in all but the vaguest of terms. Now, thanks to the USA Freedom Act, the company is able to divulge the contents of three FBI data requests made since 2013.
The NSA releases its first transparency report under the US Freedom Act
Back in June, President Obama signed the USA Freedom Act into law. The bill finally put limitations on the NSA's ability to bulk collect telephone data under the controversial section 215 of the Patriot Act. As part of the new bill, the NSA was compelled to release a transparency report detailing if it was meeting the privacy standards enacted by the Freedom Act. Today, the agency has published its first report, conducted by the NSA's Civil Liberties and Privacy Office (CLPO).
Apple wins lawsuit claiming messages to Android were blocked
You certainly have reason to be upset at how Apple handled iMessages for users switching away from iOS, but it's clear that not everyone has raised those gripes the right way. Judge Lucy Koh (from the Apple-versus-Samsung case) has dismissed a lawsuit arguing that Apple effectively wiretapped iMessage chats to prevent them from reaching Android users. There's no mention of the reasons for dismissal in the court order. However, Apple had asked the judge to toss the case when it learned that two of the plaintiffs dumped their iPhones after the case began -- they'd eliminated important evidence.
USA Today: California wrongly wiretapped 52,000 people
USA Today is claiming to have uncovered evidence that prosecutors in the state of California violated federal law by improperly authorizing the use of wiretaps. The paper believes that drug investigators used 738 questionable taps to intercept calls and text messages made by "more than 52,000 people." If all of this is true, then the news will raise plenty of questions brought between mid-2013 and early 2015.
The DEA's eavesdropping has tripled over the past decade
A federal agency eavesdropping is nothing new -- even if sometimes they do it with controversy. But, aside from the NSA, there's one in particular that has been quite active in the past few years: the Drug Enforcement Administration. According to records obtained by USA Today, thanks to the Freedom of Information Act, the DEA more than tripled its use of wiretaps (and other electronic tools used for snooping) over the last decade. As of last September, it had recorded 11,681 intercepts, compared to 3,394 made 10 years earlier. That's not the most interesting part about the report, however.
Google Transparency Report now breaks out US court orders
Google has frequently expanded the coverage of its Transparency Report with each update, and it's not about to stop today. The search giant's latest report now illustrates US court orders by type, including wiretaps, pen registers (phone routing info) and potentially life-saving emergency disclosures. As you'll see both above and in charts after the break, these specialized court orders make up just nine percent of government requests -- the bulk are either subpoenas or warrants, not all of which require a judge. Meanwhile, things aren't looking good for those who've been hoping for less state surveillance. Google says that the volume of government data requests worldwide has more than doubled in the past three years, with about 42 percent of the latest batch coming from the US. The company also notes that this is only what it can report; without the legal authority to disclose FISA requests, it can only provide an incomplete picture at best.
Google denied dismissal of wiretapping claims in Street View data snooping suit
Google's already vowed to pony up $7 million and destroy passwords, emails and other data collected from unsecured WiFi networks through its Street View cars, but the damage won't stop there. The US Court of Appeals for the Ninth Circuit has denied the company's attempt to dismiss wiretapping claims in a class action suit over the debacle. Page and Co. argued their actions could pass under a wiretap exemption since data transmitted over WiFi is an electronic communication that's easily accessible to the public. However, the panel of judges didn't buy the search giant's argument. "Wi-Fi transmissions are not 'readily accessible' to the 'general public' because most of the general public lacks the expertise to intercept and decode payload data transmitted over a Wi-Fi network," Judge Jay Bybee explained. Secondly, the court ruled that the data transmitted over WiFi can't be classified as mostly audio, so it falls "outside of the definition of a 'radio communication.'" "We are disappointed in the Ninth Circuit's decision and are considering our next steps," a Google spokesperson told Bloomberg. Now that Mountain View isn't getting off this hook, expect it to dish out more compensation soon.
Leaked NSA audit shows privacy violations in cellular and fiber optic surveillance
The NSA insists that it respects American privacy, but documents leaked by Edward Snowden to the Washington Post suggest that the agency has trouble maintaining that respect. A May 2012 audit, buried in the documents, 2,776 incidents where the NSA's Washington-area facilities inadvertently obtained protected American data through a mix of human errors and technical limits. Among its larger gaffes, the NSA regularly had problems determining when foreign cellphones were roaming in the US, leading to unintentional snooping on domestic calls. The agency also spent months tapping and temporarily storing a mix of international and domestic data from US fiber lines until the Foreign Intelligence Surveilliance Court ruled that the technique was unconstitutional. NSA officials responding to the leak say that their agency corrects and mitigates incidents where possible, and argue that it's difficult for the organization to avoid errors altogether. However, the audit also reveals that the NSA doesn't always report violations to overseers -- the division may be interested in fixing mistakes, but it's not eager to mention them.
France reportedly has its own PRISM-like data surveillance system
The US isn't the only western country with an all-seeing digital eye... at least, according to Le Monde. The news outlet claims that France's General Directorate for External Security has a PRISM-like system that captures and processes the metadata for "billions and billions" of communications, including internet messaging, phone calls, SMS and even faxes. The goal is ostensibly to track the behavior of terrorist cells, but the Directorate allegedly shares the anonymized information with other intelligence services, including the police. Whether or not residents can do much about the snooping, if real, is another matter. One source believes that it exists in a gray area, as French law reportedly doesn't account for the possibility of storing personal data this way. We're skeptical of claims that the Directorate can spy on "anyone, anytime," especially without official commentary, but we'd suggest that locals be careful with their secrets all the same. Dan Cooper contributed to this report.
US officials say less than 300 phone numbers were investigated in 2012, data thwarted terrorist plots
With all the coverage of PRSIM and the NSA's data collection have been getting recently, it's no surprise that the US government is eager to rationalize its actions. The crux of the latest defense seems to be that the government isn't using its treasure trove of data very often: according to recently declassified documents, the NSA used the database to investigate less than 300 phone numbers last year. These efforts reportedly prevented terrorist actions in more than 20 countries. It's a small assurance, but a vague one, and the NSA knows it -- according to the Associated Press, the organization is trying to get the records of these thwarted plots declassified to demonstrate the program's value to concerned citizens. The reveal of such data might be a convincing argument, but disquieting revelations continue to roll out: members of congress are now reporting that the NSA has acknowledged that it does not need court authorization to listen to domestic phone calls. Either way, we're certainly open to more government transparency.
DoJ reportedly asks service providers to dodge Wiretap Act
It's funny how a few tweaks can make a Government program go from completely legal, to questionably so. A new secret authorization puts the US Justice Department on the fuzzy side of the legal line, approving the expansion of a program originally intended to monitor the internet traffic of military defense contractors to include energy, healthcare and finance sectors. The original program, known as the DIB Cyber Pilot, was voluntary, requiring users to approve monitoring via a login interface. Specific details on how the new program differs aren't known, but CNET reports that the Justice Department has begun issuing letters granting legal immunity to providers who violate the Wiretap Act for the sake of the program. These letters were sent to AT&T and other internet service providers, though it isn't clear how many have gone out. Electronic Privacy Information Center executive director Marc Rotenberg summarized the situation for CNET, "The Justice Department is helping private companies evade federal wiretap laws. Alarm bells should be going off." The operation was approved by Executive order earlier this year, but remains on shaky ground. Still, these legal complications could soon vanish: if signed into law, the CISPA (Cyber Intelligence Sharing and Protection Act) would formally authorize the program. The expanded program doesn't go into effect until June 12th and will only apply to areas of critical infrastructure. Hungry for more information? Don your tinfoil hat, and check out CNET for the entire report.
France investigates Skype after it doesn't register as a telecom provider (update: Skype response)
You can't completely pigeonhole Skype when it serves both as a partial substitute for traditional phone service and an instant messaging service with voice and video on top. Unfortunately, French telecom regulator ARCEP doesn't trade in ambiguities. It's launching an investigation into Skype after the Microsoft-owned division reportedly ignored requests to register itself as a telecom provider in the country. The authority is concerned that Skype is offering phone service without following local laws, including requirements to offer emergency calls and avenues for legal wiretaps. We've reached out to Skype for its side of the story, although there's no certainty that ARCEP will have to take action, regardless -- Skype has long disclaimed that it's not a full phone replacement and won't work for true emergencies. If France asks for compliance, however, Skype may have to either solve a seemingly unsolvable problem or face withdrawing at least some of its services. We wouldn't count on always having VoIP in Versailles. Update: A Skype spokesperson answered back, and the company's view is clear: it doesn't believe that its service fits the definition of a communication provider under French law and thus doesn't have to be registered. Skype adds that it's been talking with ARCEP and plans to keep that up in a "constructive" fashion, although there clearly hasn't been much progress on that front. Read the full response after the break. [Image credit: Alexandre Vialle, Flickr]
Silent Circle to offer secure, private iPhone operation
Two former Navy SEALs have teamed up with cryptographers including PGP developer Phil Zimmermann to develop an iPhone app to provide military-level encryption for unlimited VoIP phone calls, texts, email and video for US$20 per month. Silent Circle debuts on the App Store next week, filled with a bag of tricks that make it virtually impossible for identity thieves -- or governments -- to tap into your conversations. In a post about the app on Buzzfeed, blogger Russell Brandom notes that warrantless domestic wiretapping is a "matter of record by now," and that last year "1.3 million cell records were pulled by law enforcement, covering anything from stored text messages to location-tracking data." Silent Circle uses a "portable code room" model that performs all encryption on the iPhone. The keys to unscramble the data are deleted at the completion of each call, so the call can't be decoded after the fact. Silent Circle also stores use logs with minimal user data in Canada and Switzerland, where privacy laws make it difficult for even that info -- which does not include any of the encrypted conversations -- to be released to law enforcement officials. A feature called Burn Notice allows users to send self-destructing texts and photos to friends. Send a potentially embarrassing image or text to a pal during a drunken party, and it's erased in five minutes. Politicians and celebrities are sure to find this feature to be very helpful. While such powerful encryption technology could be used by drug cartels or terrorists, Silent Circle is primarily targeted to individuals or companies concerned about identity or intellectual property theft. At present, the US law that allows wiretapping -- the 1994 Communications Assistance for Law Enforcement Act -- does not cover VoIP communications. Law enforcement agencies have been pushing for an update to the law, and any change could eventually outlaw Silent Circle. For the time being, the app will provide highly secure communications to anyone with the need.
Indian official claims BlackBerry eavesdropping standoff is 'heading towards a resolution'
Oh, bureaucracies, the fun in dealing with them is that you're told exactly what they want you to know -- or at least, believe. That's the name of the game in India, where -- as you're surely aware -- the government has been at odds with RIM for years over its insistence that the Waterloo firm provide the means to monitor encrypted emails and BBM messages. In a revelation that may relate to those BlackBerry servers in Mumbai, R. Chandrasekhar of India's Department of Information Technology has asserted, "The issue is heading towards a resolution." While it's difficult to know whether monitoring is already in place, Chandrasekhar added that, "Law enforcement agencies will get what they need." Another unknown is whether RIM played a role in these developments. For its part, the company claims, "RIM maintains a consistent global standard for lawful access requirements that does not include special deals for specific countries." So, if everything is now clear as mud for you, just remember: that's how those in charge like it.
Federal appeals court says warrantless wiretapping is legal
A federal appeals court has ruled today that the US government can tap into Americans' communications without worrying over frivolous things like "being sued" by its people. In what most sane civilians will probably see as a depressing loss of protection, a three-judge panel of the 9th US Circuit Court of Appeals ruled that citizens can sue the United States for damages stemming from the use of information collected via wiretap, but not for the collection of information itself. In typical pass-the-buck fashion, Wired reports that Judge Michael Daly Hawkins and Judge Harry Pregerson added the following: "Although such a structure may seem anomalous and even unfair, the policy judgment is one for Congress, not the courts." Alrighty. For those unaware, the back and forth surrounding this issue extends back to Congress' authorization of the Bush spy program in 2008, and more specifically, a pair of US lawyers and the now-defunct al-Haramain Islamic Foundation -- a group that was granted over $2.5 million combined in legal fees after proving that they were spied on sans warrants. The full report can be found in the PDF below.
Former NSA official says agency collects Americans' web data, director denies charges
The NSA director, General Keith Alexander, is coming under scrutiny after he told a crowd gathered at the Def Con hacker conference that the spy agency "absolutely" does not collect data from and maintain files on American citizens. A former official stopped just shy of calling Alexander a liar, accusing him of playing a "word game." William Binney left the department in late 2001, when it became apparent to him that it planned to use the terrorist attacks on September 11th as an "excuse" to launch a data collection program that was already in the planning stages. Alexander for his part maintains that any data, be it web searches, Twitter posts or emails, collected from American citizens is merely incidental, and associated with intelligence gathering on foreign entities. Of course, Binney rejects this claim and testimony from Qwest CEO James Nacchio regarding the NSA's wiretapping program would seem to contradict it. ACLU attorney Alex Abdo, who was on the panel with Alexander, cast further doubt on the director's denial. He noted that loopholes in the law allow the NSA collect vast amounts of information on Americans, without them being the "target" of the surveillance. Since the agency can hold on to any data collected, it can retroactively build dossiers on citizens, should they eventually become the focus of an investigation. For a few more details, hit up the source link.
Carriers face big surge in cellphone surveillance requests, raise a few alarm bells
Color us unsurprised that US law enforcers would push hard for surveillance access. Congressman Ed Markey has published a new report on requests to cellular carriers that shows a recent rush of demand for information, including last year. The rates vary sharply, but T-Mobile has seen a yearly hike of 12 to 16 percent, while Verizon has seen its own grown 15 percent -- and Sprint took nearly twice as many surveillance requests as AT&T or Verizon in 2011, despite its smaller size. Markey's concern is that police and other investigators are casting too wide a net and sweeping up innocent customers through widescale requests, potentially violating their privacy in the process. Whether or not cell tower dumps and other broad fishing attempts are problems, carriers have been quick to point out that they have huge teams in place to deal with police requests and cling steadfastly to requiring a warrant when the law demands it. Needless to say, there are a few groups that strongly disagree with that last claim.
FBI reportedly pressing for backdoor access to Facebook, Google
Investigators at the FBI supposedly aren't happy that social networks like Facebook or Google+ don't have the same kind of facility for wiretaps that phones have had for decades. If claimed industry contacts for CNET are right, senior staff at the bureau have floated a proposed amendment to the 1994-era Communications Assistance for Law Enforcement Act (CALEA) that would require that communication-based websites with large user bases include a backdoor for federal agents to snoop on suspects. It would still include the same requirement for a court order as for phone calls, even if US carriers currently enjoy immunity for cooperating with any warrantless wiretapping. As might be expected, technology firms and civil liberties advocates like the Electronic Frontier Foundation object to deepening CALEA's reach any further, and Apple is thought to be preemptively lobbying against another definition of the law that might require a government back channel for audiovisual chat services like FaceTime or Skype. The FBI didn't explicitly confirm the proposal when asked, but it did say it was worried it might be "going dark" and couldn't enforce wiretaps. [Image credit: David Drexler, Flickr]
Telecoms win immunity in wiretapping case, US court approves separate suit against the government
Looks like a case of good news-bad news for the Electronic Frontier Foundation in its fight against warrantless wiretapping. A US appeals court upheld a 2008 ruling, granting telecoms such as AT&T, Verizon and Sprint immunity for cooperating with the government in its surveillance activities. Still, Judge Margaret McKeown of the 9th US Circuit Court of Appeals insists that immunity only applies to telecoms, not the government, and that "the federal courts remain a forum to consider the constitutionality of the wiretapping scheme and other claims." Indeed, while the 9th Circuit upheld immunity for telecoms, it also gave the go-ahead for a separate suit against the NSA, former president George W. Bush, senior members of the Bush administration and President Obama for using AT&T's network to conduct "an unprecedented suspicionless general search," according to the filing. The court's decision to allow this suit to proceed marks a reversal of an earlier ruling, in which a lower court said the plaintiffs did not have legal standing to pursue the case. [Image courtesy PBS]
Carrier IQ issues lengthy report on data collection practices, sticks to its guns
After having already tried to explain itself with metaphor, Carrier IQ is now taking its floundering PR campaign back to basics, with an ostensibly thorough primer on its practices and a slightly less convoluted defense of its privacy standards. This morning, the controversial analytics firm released a lengthy, 19-page document that attempts to explain "what Carrier IQ does and does not do." In the report, titled "Understanding Carrier IQ Technology," the company explains the benefit it offers to its clientele of network operators, many of whom rely upon Carrier IQ's diagnostic data to make sure their infrastructure is up to snuff. It also provides a breakdown of how it collects data, as well as a defense against Trevor Eckhart's findings, though, as you'll see, these arguments likely won't put this saga to bed anytime soon. Read more, after the break.
