FISA
Latest
Obama expands the NSA's ability to share data with other agencies
The National Security Agency is now able to share raw surveillance data with all 16 of the United States government's intelligence groups, including the Central Intelligence Agency, Federal Bureau of Investigation, Department of Homeland Security and Drug Enforcement Administration. These agencies are able to submit requests for raw data pertaining to specific cases, and the NSA will approve or deny each request based on its legitimacy and whether granting access would put large amounts of private citizens' information at risk. Previously, the NSA would filter information for specific requests, eliminating the identities of innocent people and erasing irrelevant personal data. That's not the case any longer.
Reuters: Yahoo email scanning done with a Linux kernel module
In the ever evolving saga of Yahoo's email servers and who could peek into them, the latest nugget comes from a Reuters report that the scanning program operated at a deeper level than mail filters for porn or spam. Citing three former employees, it now says the scanning was done via a module attached to the Linux kernel itself. While the more technically-minded wondered why this method would've been employed at all, others like Senator Ron Wyden called for the government to release the FISA order apparently ordering the surveillance.
CIA and NSA doubled their searches for Americans' data in 2 years
So much for US intelligence scaling back its curiosity in the wake of Edward Snowden's leaks. An Office of the Director of National Intelligence transparency report has revealed that the CIA and NSA doubled the number of searches for the content of Americans' communications in an NSA database between 2013 and 2015. Where the two agencies made about 2,100 such requests three years ago, they searched 4,672 times last year. Just what triggered the spike isn't clear. There's a chance that some of the increase comes from repetitive searches (that is, running similar queries more than once), but they were also factors in 2013 -- the odds are that activity went up.
Congress asks the NSA how often it spies on Americans
Thanks in part to leaks, it's no secret that the National Security Agency's foreign intelligence gathering also covers some Americans. But just how many Americans are under watch, and how many are simply innocents caught in the crossfire? Congress wants to find out. The House Judiciary Committee has sent a letter giving Director of National Intelligence James Clapper until May 6th to provide a "rough estimate" of how many Americans are swept up in spying under the Foreign Intelligence Surveillance Act. While the NSA is supposed to keep the collection of US data to a minimum, it's not clear that the current approach is effective. There's a concern that many people are unnecessarily included, opening the door to abuse.
Lawsuit asks Justice Department to reveal decryption orders
Do you want to know whether or not US officials have ever forced a company to decrypt data to aid in an investigation? So does the Electronic Frontier Foundation. The civil liberties group has sued the Department of Justice to make it reveal whether or not it has ever used secret Foreign Intelligence Surveillance Court orders to make companies decrypt communications. The EFF had used a standard Freedom of Information Act request beforehand, but didn't get anything. FISC says that what "potentially responsive" documents it found are exempt from disclosure, since they were created before the USA Freedom Act took effect.
NSA spied on your email even after program was shut down
The New York Times is reporting that the NSA developed a way to spy on our emails even after the program allowing it to do so was shut down. Until December 2011, the agency was entitled to bulk-collect emails at will because it was subject to oversight from the intelligence court. That meant that the data had to be used according to the regulations laid down by the Foreign Intelligence Surveillance Act. The NSA, however, had a second, more secretive program, based overseas, that did a similar job, but was under no such legal restriction. As such, when its powers were curtailed, it simply went back to doing what it always did, but in a foreign country.
Twitter sues US government over Transparency Report restrictions
Twitter has been publishing what bits of info it's allowed to concerning national security requests for some time now, but the social media feed wants the ability to publish the whole thing. Today, the outfit filed a lawsuit aiming to get approval to post its entire transparency report. In a blog post, VP of Legal Ben Lee says that the company is asking a California District Court "to declare these restrictions on our ability to speak about government surveillance as unconstitutional under the First Amendment." As is stands, Twitter and others can't communicate the exact number of national security letters (NSLs) or FISA court orders, even if there aren't any. If you'll recall, it tried to beef up transparency outside of court earlier this year, but Twitter couldn't come to terms with the US Department of Justice and FBI on as much as a redacted version of the full report.
US fines over data requests would have destroyed Yahoo in a year
The US government's threat that it would fine Yahoo $250,000 per day back in 2008 was bad enough by itself, but declassified documents show that the penalties could easily have been much, much worse. Marc Zwillinger and Jacob Sommer (who were on Yahoo's side in the case) note that $250,000 was merely the baseline, and that the requested fines would double for every week that Yahoo refused to hand over user data. There wasn't a ceiling, either. At that rate, holding out for any significant amount of time would have been impossible -- Yahoo would have lost all of its assets, or $13.8 billion, in just over a year. As such, the fine wasn't so much a punishment as a weapon that forced the internet firm to comply with a surveillance order it was planning to contest in court.
The NSA collected more of your personal data than it was legally allowed to
Former NSA chief Gen. Keith Alexander defended the NSA's bulk collection to John Oliver by saying that all his former employers did was collect metadata. He defined that as "two phone numbers, date, time and duration of [the] call." The agency's rules for collecting our electronic communications were similarly stringent, with the government only permitted to store the "to" and "from" fields, as well as the time any private message was sent. Unfortunately, newly-declassified documents have shown that the agency had difficulty just collecting those pieces of information, and instead stored the full texts of e-mails and other messages sent online. According to the report, the NSA had "exceeded the scope of authorized acquisition continuously during the more than [REDACTED] years of acquisition."
If you've researched online privacy then the NSA may already be tracking you
When the Edward Snowden revelations began flowing (and flowing, and flowing), the first thing many people screamed was "get on Tor!" Unsurprisingly, an analysis of the NSA's XKeyscore system has revealed that simply visiting the website of the privacy service is enough to get you registered as an "extremist." A report by German television found that the NSA's packet-sniffing targets anyone interested in online privacy -- with those outside of the US, Canada, UK, Australia and New Zealand marked down for extra surveillance. If, however, you've ever searched for (privacy-focused operating system) Tails or even Linux Journal, wherever you are, you're still likely to wind up on the NSA's naughty list.
The NSA's 2013 transparency report is more opaque
In an attempt to offer transparency to United States surveillance tactics, the Office of the Director of National Intelligence released a report today offering numbers for National Security Agency actions in 2013. The report notes thousands of orders placed for use of surveillance tactics (FISA requests: 1,899 in total), but fails to mention who or what was being targeted, not to mention exactly how. It recounts thousands of requests to the Foreign Intelligence Surveillance Court -- the court that decides which surveillance tactics are considered legal by the US government -- and thousands of "targets" (90,601). However, issues arise immediately. The word "target" is defined as such: "[It] has multiple meanings. For example, 'target' could be an individual person, a group, or an organization composed of multiple individuals or a foreign power that possesses or is likely to communicate foreign intelligence information that the U.S. government is authorized to acquire."
Microsoft: law enforcement faces 'bleak future' if US doesn't scale back its spying
It's patently clear by now that Microsoft is no fan of the US government's surveillance strategy, but the company's general counsel, Brad Smith, just took the war of words to a new level. He tells those at the Brookings Institution that the US' aggressive data collection is only going to make things worse over time. According to the legal leader, concerns about spying will be "more important, not less" as seemingly every device goes online. He contends that the government needs to scale back its efforts and follow the spirit of the law -- if it can't, law enforcement (and by extension, the public) faces a "bleak future."
White House wants immunity for telecoms that surrender customer data
American telecoms already have legal immunity when they cooperate with the government's warrantless wiretapping, and they may soon be in the clear when they supply customer data, too. As The Guardian has learned, the White House is asking for legislation that would grant immunity to anyone obeying requests for phone records once companies are in charge of that information. The request isn't surprising, according to an unnamed senior official -- it's in line with existing measures that shelter companies when they respond to Foreign Intelligence Surveillance Act court orders.
Comcast's first transparency report reveals over 25,000 government data requests
Comcast must not want to feel left out as telcos begin publishing regular government data request statistics -- the cable giant has just posted its first transparency report. The document reveals that Comcast obeyed more than 25,000 government demands for info during 2013, including 24,698 criminal requests (such as warrants) and 961 emergency requests. There isn't as much detail for national security requests due to federal rules, but the report shows that Comcast isn't under quite as much scrutiny as its peers. The provider received less than 1,000 national security letters last year, while Verizon reported between 1,000 and 1,999; AT&T says it got between 2,000 and 2,999. The differences aren't surprising when Comcast has no cellular customers these days. However, those numbers are bound to grow if Comcast succeeds in buying Time Warner Cable.
NSA claims that technology firms are aware of its data collection
If you ask technology leaders like Apple or Google, the NSA has been snooping on their customers without permission. However, the NSA has a very different story. Agency general counsel Rajesh De tells an oversight board that these companies are fully aware of and assisting data collection under the PRISM surveillance program, whether it targets servers or internet traffic. There's a "compulsory legal process" for the firms involved, the attorney says. If accurate, the statement at least partly contradicts repeated claims from these companies that the NSA leaves them in the dark. With that said, it's still possible for both sides to be right. Leaks from last June suggest that company staff handling these government requests are required to keep the details secret, even when speaking to coworkers -- higher-ups won't necessarily hear about cooperation with the intelligence community.
Twitter wants government permission to share specifics about national security requests
Twitter released a new transparency report this morning, and it's just as much about what the company can't disclose as what it can. You can check out the full data dump here, but in short Twitter received a total of 1,410 information requests between July 1 and December 31, 2013. That's a 66 percent bump in requests over the last two years, and it shouldn't come as a shock to hear that 833 of them came from the US government. Second and third place? Japan and Saudi Arabia, with 213 and 110 submitted requests, respectively. What you won't see Twitter talking about are the national security-related requests it's received from the US government, unlike what a handful of tech giants did after they reached an agreement with the Department of Justice. To hear Twitter Global Legal Policy Manager Jeremy Kessel tell it, the nebulous numbers those companies are able to share aren't specific enough to be meaningful. He may have a point. Yahoo, Google and Facebook all confirmed that they received somewhere between zero and 999 FISA requests during the first half of 2013. A little openness is better than none at all, but Twitter's position is that gag orders like this fly in the face of its "First Amendment right to free expression and [an] open discussion of government affairs." The company is weighing legal options in case the Justice Department doesn't quite see things its way. We'll have to wait and see how those plans pan out.
Facebook, Google and Yahoo now say when the US government requests user content (update: Microsoft too)
Last week, the US government finally relented on letting technology companies publish more detail about national security requests; today, some bigger firms are taking advantage of the looser rules. Facebook, Google, LinkedIn and Yahoo have updated their transparency reports to reveal the range of FISA requests that covered user content like posts and photos, not just user names and other basic information. As is often the case with national security affairs, there are strict limits involved. The reports still have to cover broad ranges that aren't very helpful, and reports must be delayed by six months -- we won't get request numbers for the last half of 2013 until the middle of this year. None of the companies are completely happy with the government's move, and they've promised to keep pushing for greater accountability. It's not a perfect solution, then, but it will shed at least a little more light on the US' online surveillance activities. Update: Microsoft has also joined in.
Apple says it received less than 250 National Security Orders in the first half of 2013
Following the terms of an agreement announced today between government agencies and a number of tech companies, Apple has released an updated report on National Security and Law Enforcement requests. Current through June 30th, 2013, it updates the data released last November and in June by breaking out the number of National Security Orders, which falls somewhere in the range between 0 and 250, "regardless of geography." Apple stated it had not received any requests for bulk data collection -- mentioning once again that personal conversations over iMessage and Facetime are encrypted -- echoing statements by CEO Tim Cook this weekend that it does not provide the government a backdoor to its servers. The other data it can now reveal includes exact numbers for account information requests by law enforcement. That includes 2,330 accounts specified in requests, which resulted in information being disclosed for 747 accounts. All in all, the numbers and ranges support claims by the industry that the amount of data requested is very small, but as we've learned, the NSA isn't always concerned with asking about how to get what it wants from accounts, networks and/or mobile devices.
FISA court reauthorizes NSA to collect call metadata (again)
Need another sign that the NSA's phone surveillance program is considered legal? The Foreign Intelligence Surveillance Court is happy to oblige. This week FISA renewed the agencies' authority to collect call metadata, echoing an October approval from the same court. That's actually standard -- the program needs to be reassessed every 90 days, but typically the authorizations fly under the radar. This time around, the Director of National Intelligence declassified the action "in order to provide the public with a more thorough and balanced understanding of the program."Even so, its not giving detractors any ground: the announcement also reasserts the program's legality, citing the "holdings of the United States District Courts of the Southern District of New York and Southern District of California, as well as the findings of 15 judges of the Foreign Intelligence Surveillance Court on 36 separate occasions over the last seven years." The statement at least closes on an amicable note, promising to be open to tweaking the program in ways that "achieve our counterterrorism mission in a manner that gives the American people greater confidence." Check out the full statement at the source link below.
NSA reportedly leveraging Google cookies and leaked mobile location data to identify hacking targets
You know those cookies web services use to track your history and serve up personalized ads? It appears that the government is using them too. The National Security Agency is apparently leveraging a Google-specific cookie to tap into the computers of suspicious users, according to presentation slides Edward Snowden leaked to The Washington Post. With an assist from Mountain View's "PREF" file, the NSA can track a target's web visits, then identify the computer and send a remote exploit in. What's more, the documents also show that the outfit has used a program called "HAPPYFOOT" to map internet addresses to precise physical locations leaked by mobile apps when generating locally-germane ads. Perhaps the key takeaway here is this newest revelation's scope: The government could gain alarmingly precise information about individuals using data already spread throughout the internet, seeded under the not-quite-as-threatening guise of marketing and/or social media. Consider this a friendly reminder to clear your browser history, courtesy of Uncle Sam. [Image source: Everyspoon/Flickr]
